feat(jans-link): add ingress resource for jans-link (#10494)

* fix(jans-link): add missing ingress resource in jans Signed-off-by: Amro Misbah <[email protected]> * fix(jans-link): add jans-link ingress properties in schema Signed-off-by: Amro Misbah <[email protected]> * fix(jans-link): add missing ingress resource in jans-aio Signed-off-by: Amro Misbah <[email protected]> * fix(jans-link): remove extra end Signed-off-by: Amro Misbah <[email protected]> * fix(jans-link): point to aio service Signed-off-by: Amro Misbah <[email protected]> * docs: generate helm-docs Signed-off-by: Amro Misbah <[email protected]> * fix(jans-link): fix spacing and indentation Signed-off-by: Amro Misbah <[email protected]> --------- Signed-off-by: Amro Misbah <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>
JanssenProject · Dec 24, 2024 · 2779a7e · 2779a7e
1 parent 5566a33
commit 2779a7e
Show file tree

Hide file tree

Showing 7 changed files with 142 additions and 17 deletions.
diff --git a/charts/janssen-all-in-one/README.md b/charts/janssen-all-in-one/README.md
@@ -307,7 +307,9 @@ Kubernetes: `>=v1.22.0-0`
 | link.appLoggers.scriptLogLevel | string | `"INFO"` | cacherefresh_script.log level |
 | link.appLoggers.scriptLogTarget | string | `"FILE"` | cacherefresh_script.log target |
 | link.enabled | bool | `false` | Boolean flag to enable/disable the link chart. |
-| link.ingress | object | `{"linkEnabled":true}` | Enable endpoints in either istio or nginx ingress depending on users choice |
+| link.ingress | object | `{"linkAdditionalAnnotations":{},"linkEnabled":true,"linkLabels":{}}` | Enable endpoints in either istio or nginx ingress depending on users choice |
+| link.ingress.linkAdditionalAnnotations | object | `{}` | link ingress resource additional annotations. |
+| link.ingress.linkLabels | object | `{}` | link ingress resource labels. key app is taken |
 | link.linkServiceName | string | `"link"` | Name of the link service. Please keep it as default. |
 | livenessProbe | object | `{"exec":{"command":["python3","/app/jans_aio/jans_auth/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | livenessProbe.exec | object | `{"command":["python3","/app/jans_aio/jans_auth/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py |
@@ -352,7 +354,7 @@ Kubernetes: `>=v1.22.0-0`
 | scim.ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration |
 | scim.ingress.scimConfigLabels | object | `{}` | SCIM config ingress resource labels. key app is taken |
 | scim.ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim |
-| scim.ingress.scimLabels | object | `{}` | SCIM config ingress resource labels. key app is taken |
+| scim.ingress.scimLabels | object | `{}` | SCIM ingress resource labels. key app is taken |
 | scim.scimServiceName | string | `"scim"` | Name of the scim service. Please keep it as default. |
 | service.name | string | `"http-aio"` | The name of the aio port within the aio service. Please keep it as default. |
 | service.port | int | `8080` | Port of the fido2 service. Please keep it as default. |

diff --git a/charts/janssen-all-in-one/templates/nginx-ingress.yaml b/charts/janssen-all-in-one/templates/nginx-ingress.yaml
@@ -614,6 +614,53 @@ spec:
 
 ---
 
+{{ if .Values.link.ingress.linkEnabled -}}
+{{ $fullName := include "janssen-all-in-one.fullname" . -}}
+{{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-link
+  labels:
+    app: {{ $fullName }}-link
+{{- if index .Values "nginx-ingress" "ingress" "additionalLabels" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalLabels") | indent 4 }}
+{{- end }}
+{{- if .Values.link.ingress.linkLabels }}
+{{ toYaml .Values.link.ingress.linkLabels | indent 4 }}
+{{- end }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+{{- if .Values.link.ingress.linkAdditionalAnnotations }}
+{{ toYaml .Values.link.ingress.linkAdditionalAnnotations | indent 4 }}
+{{- end }}
+{{- if index .Values "nginx-ingress" "ingress" "additionalAnnotations" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalAnnotations") | indent 4 }}
+{{- end }}
+spec:
+  ingressClassName: {{ index .Values "nginx-ingress" "ingress" "ingressClassName" }}
+{{- if index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
+  tls:
+    - hosts:
+        - {{ .Values.fqdn | quote }}
+      secretName: {{ index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
+{{- end }}
+  rules:
+    - host: {{ .Values.fqdn | quote }}
+      http:
+        paths:
+          - path: /jans-link
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Values.service.name }}
+                port:
+                  number: 8080
+{{- end }}
+
+---
+
 {{ if index .Values "auth-server" "ingress" "authServerEnabled" -}}
 {{ $fullName := include "janssen-all-in-one.fullname" . -}}
 {{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}}

diff --git a/charts/janssen-all-in-one/values.yaml b/charts/janssen-all-in-one/values.yaml
@@ -489,7 +489,7 @@ scim:
     scimConfigLabels: { }
     # -- SCIM config ingress resource additional annotations.
     scimConfigAdditionalAnnotations: { }
-    # -- SCIM config ingress resource labels. key app is taken
+    # -- SCIM ingress resource labels. key app is taken
     scimLabels: { }
     # -- SCIM ingress resource additional annotations.
     scimAdditionalAnnotations: { }
@@ -522,6 +522,10 @@ link:
   ingress:
     # Enable link endpoints /jans-link
     linkEnabled: true
+    # -- link ingress resource labels. key app is taken
+    linkLabels: { }
+    # -- link ingress resource additional annotations.
+    linkAdditionalAnnotations: { }
 saml:
   # -- Name of the saml service. Please keep it as default.
   samlServiceName: saml