From 2779a7e70e23be1c0afc810abd27910c60fcd9b1 Mon Sep 17 00:00:00 2001 From: Amro Misbah Date: Tue, 24 Dec 2024 09:19:14 +0200 Subject: [PATCH] feat(jans-link): add ingress resource for jans-link (#10494) * fix(jans-link): add missing ingress resource in jans Signed-off-by: Amro Misbah * fix(jans-link): add jans-link ingress properties in schema Signed-off-by: Amro Misbah * fix(jans-link): add missing ingress resource in jans-aio Signed-off-by: Amro Misbah * fix(jans-link): remove extra end Signed-off-by: Amro Misbah * fix(jans-link): point to aio service Signed-off-by: Amro Misbah * docs: generate helm-docs Signed-off-by: Amro Misbah * fix(jans-link): fix spacing and indentation Signed-off-by: Amro Misbah --------- Signed-off-by: Amro Misbah Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> --- charts/janssen-all-in-one/README.md | 6 +- .../templates/nginx-ingress.yaml | 47 ++++++++++++++++ charts/janssen-all-in-one/values.yaml | 6 +- charts/janssen/README.md | 8 ++- .../nginx-ingress/templates/ingress.yaml | 56 +++++++++++++++++++ charts/janssen/values.schema.json | 30 ++++++---- charts/janssen/values.yaml | 6 +- 7 files changed, 142 insertions(+), 17 deletions(-) diff --git a/charts/janssen-all-in-one/README.md b/charts/janssen-all-in-one/README.md index 819a215970b..b02f1bcf0ef 100644 --- a/charts/janssen-all-in-one/README.md +++ b/charts/janssen-all-in-one/README.md @@ -307,7 +307,9 @@ Kubernetes: `>=v1.22.0-0` | link.appLoggers.scriptLogLevel | string | `"INFO"` | cacherefresh_script.log level | | link.appLoggers.scriptLogTarget | string | `"FILE"` | cacherefresh_script.log target | | link.enabled | bool | `false` | Boolean flag to enable/disable the link chart. | -| link.ingress | object | `{"linkEnabled":true}` | Enable endpoints in either istio or nginx ingress depending on users choice | +| link.ingress | object | `{"linkAdditionalAnnotations":{},"linkEnabled":true,"linkLabels":{}}` | Enable endpoints in either istio or nginx ingress depending on users choice | +| link.ingress.linkAdditionalAnnotations | object | `{}` | link ingress resource additional annotations. | +| link.ingress.linkLabels | object | `{}` | link ingress resource labels. key app is taken | | link.linkServiceName | string | `"link"` | Name of the link service. Please keep it as default. | | livenessProbe | object | `{"exec":{"command":["python3","/app/jans_aio/jans_auth/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/jans_aio/jans_auth/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | @@ -352,7 +354,7 @@ Kubernetes: `>=v1.22.0-0` | scim.ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration | | scim.ingress.scimConfigLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | | scim.ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim | -| scim.ingress.scimLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| scim.ingress.scimLabels | object | `{}` | SCIM ingress resource labels. key app is taken | | scim.scimServiceName | string | `"scim"` | Name of the scim service. Please keep it as default. | | service.name | string | `"http-aio"` | The name of the aio port within the aio service. Please keep it as default. | | service.port | int | `8080` | Port of the fido2 service. Please keep it as default. | diff --git a/charts/janssen-all-in-one/templates/nginx-ingress.yaml b/charts/janssen-all-in-one/templates/nginx-ingress.yaml index 722be3adf99..21d9cfb374c 100644 --- a/charts/janssen-all-in-one/templates/nginx-ingress.yaml +++ b/charts/janssen-all-in-one/templates/nginx-ingress.yaml @@ -614,6 +614,53 @@ spec: --- +{{ if .Values.link.ingress.linkEnabled -}} +{{ $fullName := include "janssen-all-in-one.fullname" . -}} +{{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-link + labels: + app: {{ $fullName }}-link +{{- if index .Values "nginx-ingress" "ingress" "additionalLabels" }} +{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalLabels") | indent 4 }} +{{- end }} +{{- if .Values.link.ingress.linkLabels }} +{{ toYaml .Values.link.ingress.linkLabels | indent 4 }} +{{- end }} + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" +{{- if .Values.link.ingress.linkAdditionalAnnotations }} +{{ toYaml .Values.link.ingress.linkAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if index .Values "nginx-ingress" "ingress" "additionalAnnotations" }} +{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalAnnotations") | indent 4 }} +{{- end }} +spec: + ingressClassName: {{ index .Values "nginx-ingress" "ingress" "ingressClassName" }} +{{- if index .Values "nginx-ingress" "ingress" "tlsSecretName" }} + tls: + - hosts: + - {{ .Values.fqdn | quote }} + secretName: {{ index .Values "nginx-ingress" "ingress" "tlsSecretName" }} +{{- end }} + rules: + - host: {{ .Values.fqdn | quote }} + http: + paths: + - path: /jans-link + pathType: Prefix + backend: + service: + name: {{ .Values.service.name }} + port: + number: 8080 +{{- end }} + +--- + {{ if index .Values "auth-server" "ingress" "authServerEnabled" -}} {{ $fullName := include "janssen-all-in-one.fullname" . -}} {{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}} diff --git a/charts/janssen-all-in-one/values.yaml b/charts/janssen-all-in-one/values.yaml index 5e694be37ab..f446a4c50f4 100644 --- a/charts/janssen-all-in-one/values.yaml +++ b/charts/janssen-all-in-one/values.yaml @@ -489,7 +489,7 @@ scim: scimConfigLabels: { } # -- SCIM config ingress resource additional annotations. scimConfigAdditionalAnnotations: { } - # -- SCIM config ingress resource labels. key app is taken + # -- SCIM ingress resource labels. key app is taken scimLabels: { } # -- SCIM ingress resource additional annotations. scimAdditionalAnnotations: { } @@ -522,6 +522,10 @@ link: ingress: # Enable link endpoints /jans-link linkEnabled: true + # -- link ingress resource labels. key app is taken + linkLabels: { } + # -- link ingress resource additional annotations. + linkAdditionalAnnotations: { } saml: # -- Name of the saml service. Please keep it as default. samlServiceName: saml diff --git a/charts/janssen/README.md b/charts/janssen/README.md index cec5697dcce..56dace93960 100644 --- a/charts/janssen/README.md +++ b/charts/janssen/README.md @@ -265,7 +265,7 @@ Kubernetes: `>=v1.22.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authzenAdditionalAnnotations":{},"authzenConfigEnabled":true,"authzenConfigLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false},"auth-server-key-rotation":{"customAnnotations":{"cronjob":{},"secret":{},"service":{}},"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{}}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnConfiguratorConfigurationFile":"/etc/jans/conf/configuration.json","cnConfiguratorCustomSchema":{"secretName":""},"cnConfiguratorDumpFile":"/etc/jans/conf/configuration.out.json","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"customAnnotations":{"clusterRoleBinding":{},"configMap":{},"job":{},"role":{},"roleBinding":{},"secret":{},"service":{},"serviceAccount":{}},"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{}},"plugins":"fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{},"fido2WebauthnAdditionalAnnotations":{},"fido2WebauthnEnabled":false,"fido2WebauthnLabels":{}}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kc-scheduler":{"enabled":false},"lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"persistence":{"customAnnotations":{"job":{},"secret":{},"service":{}},"enabled":true},"saml":{"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"samlAdditionalAnnotations":{},"samlEnabled":false,"samlLabels":{}},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{}},"scimServiceName":"scim"},"serviceAccountName":"default","storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authzenAdditionalAnnotations":{},"authzenConfigEnabled":true,"authzenConfigLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false},"auth-server-key-rotation":{"customAnnotations":{"cronjob":{},"secret":{},"service":{}},"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{}}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnConfiguratorConfigurationFile":"/etc/jans/conf/configuration.json","cnConfiguratorCustomSchema":{"secretName":""},"cnConfiguratorDumpFile":"/etc/jans/conf/configuration.out.json","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"customAnnotations":{"clusterRoleBinding":{},"configMap":{},"job":{},"role":{},"roleBinding":{},"secret":{},"service":{},"serviceAccount":{}},"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{}},"plugins":"fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{},"fido2WebauthnAdditionalAnnotations":{},"fido2WebauthnEnabled":false,"fido2WebauthnLabels":{}}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kc-scheduler":{"enabled":false},"lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"linkAdditionalAnnotations":{},"linkEnabled":true,"linkLabels":{}},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"persistence":{"customAnnotations":{"job":{},"secret":{},"service":{}},"enabled":true},"saml":{"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"samlAdditionalAnnotations":{},"samlEnabled":false,"samlLabels":{}},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{}},"scimServiceName":"scim"},"serviceAccountName":"default","storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.alb.ingress | bool | `false` | Activates ALB ingress | | global.auth-server-key-rotation.enabled | bool | `true` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | | global.auth-server-key-rotation.initKeysLife | int | `48` | The initial auth server key rotation keys life in hours | @@ -416,7 +416,9 @@ Kubernetes: `>=v1.22.0-0` | global.link.appLoggers.scriptLogTarget | string | `"FILE"` | cacherefresh_script.log target | | global.link.cnCustomJavaOptions | string | `""` | passing custom java options to link. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs. | | global.link.enabled | bool | `false` | Boolean flag to enable/disable the link chart. | -| global.link.ingress | object | `{"linkEnabled":true}` | Enable endpoints in either istio or nginx ingress depending on users choice | +| global.link.ingress | object | `{"linkAdditionalAnnotations":{},"linkEnabled":true,"linkLabels":{}}` | Enable endpoints in either istio or nginx ingress depending on users choice | +| global.link.ingress.linkAdditionalAnnotations | object | `{}` | link ingress resource additional annotations. | +| global.link.ingress.linkLabels | object | `{}` | link ingress resource labels. key app is taken | | global.link.linkServiceName | string | `"link"` | Name of the link service. Please keep it as default. | | global.nginx-ingress.enabled | bool | `true` | Boolean flag to enable/disable the nginx-ingress definitions chart. | | global.persistence.enabled | bool | `true` | Boolean flag to enable/disable the persistence chart. | @@ -444,7 +446,7 @@ Kubernetes: `>=v1.22.0-0` | global.scim.ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration | | global.scim.ingress.scimConfigLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | | global.scim.ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim | -| global.scim.ingress.scimLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| global.scim.ingress.scimLabels | object | `{}` | SCIM ingress resource labels. key app is taken | | global.scim.scimServiceName | string | `"scim"` | Name of the scim service. Please keep it as default. | | global.serviceAccountName | string | `"default"` | service account used by Kubernetes resources | | global.storageClass | object | `{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"}` | StorageClass section. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. | diff --git a/charts/janssen/charts/nginx-ingress/templates/ingress.yaml b/charts/janssen/charts/nginx-ingress/templates/ingress.yaml index 78ac1f1e820..eb065df3910 100644 --- a/charts/janssen/charts/nginx-ingress/templates/ingress.yaml +++ b/charts/janssen/charts/nginx-ingress/templates/ingress.yaml @@ -729,6 +729,62 @@ spec: --- +{{ if .Values.global.link.ingress.linkEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-link + labels: + app: {{ $fullName }}-link +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.global.link.ingress.linkLabels }} +{{ toYaml .Values.global.link.ingress.linkLabels | indent 4 }} +{{- end }} + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" +{{- if .Values.global.link.ingress.linkAdditionalAnnotations }} +{{ toYaml .Values.global.link.ingress.linkAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ingressClassName: {{ .Values.ingress.ingressClassName }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /jans-link + pathType: Prefix + backend: + service: + name: {{ .Values.global.link.linkServiceName }} + port: + number: 9091 + {{- end }} + {{- end }} +{{- end }} + +--- + {{ if index .Values "global" "auth-server" "ingress" "authServerEnabled" -}} {{ $fullName := include "nginx-ingress.fullname" . -}} {{- $ingressPath := .Values.ingress.path -}} diff --git a/charts/janssen/values.schema.json b/charts/janssen/values.schema.json index fe52fd8912a..ea4fc5db7a8 100644 --- a/charts/janssen/values.schema.json +++ b/charts/janssen/values.schema.json @@ -496,14 +496,6 @@ "authzenConfigEnabled": { "description": "Enable endpoint /.well-known/authzen-configuration", "type": "boolean" - }, - "authServerProtectedToken": { - "description": "Enable mTLS on Auth server endpoint /jans-auth/restv1/token", - "type": "boolean" - }, - "authServerProtectedRegister": { - "description": "Enable mTLS onn Auth server endpoint /jans-auth/restv1/register", - "type": "boolean" } } }, @@ -886,7 +878,7 @@ "type": "boolean" }, "ingress": { - "description": "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.", + "description": "Boolean flag that enables using istio gateway for Janssen. This assumes istio ingress is installed and hence the LB is available.", "type": "boolean" }, "namespace": { @@ -1038,7 +1030,7 @@ "type": "object" }, "scimLabels": { - "description": "SCIM config ingress resource labels. key app is taken", + "description": "SCIM ingress resource labels. key app is taken", "type": "object" }, "scimAdditionalAnnotations": { @@ -1176,6 +1168,24 @@ "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" } } + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "linkEnabled": { + "description": "Enable link endpoints /jans-link", + "type": "boolean" + }, + "linkLabels": { + "description": "link ingress resource labels. key app is taken", + "type": "object" + }, + "linkAdditionalAnnotations": { + "description": "link ingress resource additional annotations.", + "type": "object" + } + } } } }, diff --git a/charts/janssen/values.yaml b/charts/janssen/values.yaml index f32656b69bc..6f6ee66f33c 100644 --- a/charts/janssen/values.yaml +++ b/charts/janssen/values.yaml @@ -1101,7 +1101,7 @@ global: scimConfigLabels: { } # -- SCIM config ingress resource additional annotations. scimConfigAdditionalAnnotations: { } - # -- SCIM config ingress resource labels. key app is taken + # -- SCIM ingress resource labels. key app is taken scimLabels: { } # -- SCIM ingress resource additional annotations. scimAdditionalAnnotations: { } @@ -1161,6 +1161,10 @@ global: ingress: # Enable link endpoints /jans-link linkEnabled: true + # -- link ingress resource labels. key app is taken + linkLabels: { } + # -- link ingress resource additional annotations. + linkAdditionalAnnotations: { } saml: # — Add custom annotations for kubernetes resources for the service customAnnotations: