diff --git a/assets/gluu/gluu-5.0.101.tgz b/assets/gluu/gluu-5.0.101.tgz new file mode 100644 index 000000000..578520eec Binary files /dev/null and b/assets/gluu/gluu-5.0.101.tgz differ diff --git a/charts/gluu/gluu/5.0.101/Chart.yaml b/charts/gluu/gluu/5.0.101/Chart.yaml new file mode 100644 index 000000000..916312cc3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/Chart.yaml @@ -0,0 +1,113 @@ +annotations: + artifacthub.io/changes: | + - Gluu 5.0 Openbanking Distribution. Auth-server and config-api. + - Updated new images + - https://gluu.org/docs/openbanking + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/images: | + - name: auth-server + image: janssenproject/auth-server:1.0.0-beta.13 + - name: auth-server-key-rotation + image: janssenproject/certmanager:1.0.0-beta.13 + - name: client-api + image: janssenproject/client-api:1.0.0-beta.13 + - name: configuration-manager + image: janssenproject/configurator:1.0.0-beta.13 + - name: config-api + image: janssenproject/config-api:1.0.0-beta.13 + - name: fido2 + image: janssenproject/fido2:1.0.0-beta.13 + - name: opendj + image: gluufederation/opendj:5.0.0_dev + - name: persistence + image: janssenproject/persistence-loader:1.0.0-beta.13 + - name: scim + image: janssenproject/scim:1.0.0-beta.13 + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "true" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management + catalog.cattle.io/release-name: gluu +apiVersion: v2 +appVersion: 5.0.0 +dependencies: +- condition: global.config.enabled + name: config + repository: "" + version: 5.0.1 +- condition: global.config-api.enabled + name: config-api + repository: "" + version: 5.0.1 +- condition: global.opendj.enabled + name: opendj + repository: "" + version: 5.0.1 +- condition: global.jackrabbit.enabled + name: jackrabbit + repository: "" + version: 5.0.1 +- condition: global.auth-server.enabled + name: auth-server + repository: "" + version: 5.0.1 +- condition: global.admin-ui.enabled + name: admin-ui + repository: "" + version: 5.0.1 +- condition: global.fido2.enabled + name: fido2 + repository: "" + version: 5.0.1 +- condition: global.scim.enabled + name: scim + repository: "" + version: 5.0.1 +- condition: global.nginx-ingress.enabled + name: nginx-ingress + repository: "" + version: 5.0.1 +- condition: global.oxshibboleth.enabled + name: oxshibboleth + repository: "" + version: 5.0.1 +- condition: config.configmap.cnPassportEnabled + name: oxpassport + repository: "" + version: 5.0.1 +- condition: config.configmap.cnCasaEnabled + name: casa + repository: "" + version: 5.0.1 +- condition: global.auth-server-key-rotation.enabled + name: auth-server-key-rotation + repository: "" + version: 5.0.1 +- condition: global.cr-rotate.enabled + name: cr-rotate + repository: "" + version: 5.0.1 +- condition: global.client-api.enabled + name: client-api + repository: "" + version: 5.0.1 +- condition: global.persistence.enabled + name: persistence + repository: "" + version: 5.0.1 +- condition: global.istio.ingress + name: cn-istio-ingress + repository: "" + version: 5.0.1 +description: Gluu Access and Identity Management OpenBanking distribution +home: https://www.gluu.org +icon: https://gluu.org/docs/gluu-server/favicon.ico +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: moabu +name: gluu +sources: +- https://gluu.org/docs/gluu-server +- https://github.com/GluuFederation/cloud-native-edition +version: 5.0.101 diff --git a/charts/gluu/gluu/5.0.101/README.md b/charts/gluu/gluu/5.0.101/README.md new file mode 100644 index 000000000..930cde625 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/README.md @@ -0,0 +1,649 @@ +# gluu + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Gluu Access and Identity Management OpenBanking distribution + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| moabu | support@gluu.org | | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| | admin-ui | 5.0.1 | +| | auth-server | 5.0.1 | +| | auth-server-key-rotation | 5.0.1 | +| | casa | 5.0.1 | +| | client-api | 5.0.1 | +| | cn-istio-ingress | 5.0.1 | +| | config | 5.0.1 | +| | config-api | 5.0.1 | +| | cr-rotate | 5.0.1 | +| | fido2 | 5.0.1 | +| | jackrabbit | 5.0.1 | +| | nginx-ingress | 5.0.1 | +| | opendj | 5.0.1 | +| | oxpassport | 5.0.1 | +| | oxshibboleth | 5.0.1 | +| | persistence | 5.0.1 | +| | scim | 5.0.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.0-beta.13"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | +| admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| admin-ui.dnsConfig | object | `{}` | Add custom dns config | +| admin-ui.dnsPolicy | string | `""` | Add custom dns policy | +| admin-ui.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| admin-ui.hpa.behavior | object | `{}` | Scaling Policies | +| admin-ui.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets | +| admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | +| admin-ui.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | +| admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | +| admin-ui.replicas | int | `1` | Service replica number. | +| admin-ui.resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| admin-ui.resources.limits.cpu | string | `"2500m"` | CPU limit. | +| admin-ui.resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| admin-ui.resources.requests.cpu | string | `"2500m"` | CPU request. | +| admin-ui.resources.requests.memory | string | `"2500Mi"` | Memory request. | +| admin-ui.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| admin-ui.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.0-beta.13"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.0-beta.13"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | +| auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | +| auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | +| auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | +| auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | +| auth-server-key-rotation.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| auth-server-key-rotation.resources.requests.cpu | string | `"300m"` | CPU request. | +| auth-server-key-rotation.resources.requests.memory | string | `"300Mi"` | Memory request. | +| auth-server-key-rotation.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| auth-server-key-rotation.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| auth-server-key-rotation.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| auth-server-key-rotation.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| auth-server-key-rotation.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| auth-server.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| auth-server.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server.dnsConfig | object | `{}` | Add custom dns config | +| auth-server.dnsPolicy | string | `""` | Add custom dns policy | +| auth-server.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| auth-server.hpa.behavior | object | `{}` | Scaling Policies | +| auth-server.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | +| auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | +| auth-server.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | +| auth-server.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | +| auth-server.replicas | int | `1` | Service replica number. | +| auth-server.resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| auth-server.resources.limits.cpu | string | `"2500m"` | CPU limit. | +| auth-server.resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| auth-server.resources.requests.cpu | string | `"2500m"` | CPU request. | +| auth-server.resources.requests.memory | string | `"2500Mi"` | Memory request. | +| auth-server.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| auth-server.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0_dev"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | +| casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| casa.dnsConfig | object | `{}` | Add custom dns config | +| casa.dnsPolicy | string | `""` | Add custom dns policy | +| casa.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| casa.hpa.behavior | object | `{}` | Scaling Policies | +| casa.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| casa.image.pullSecrets | list | `[]` | Image Pull Secrets | +| casa.image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | +| casa.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | +| casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | +| casa.readinessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| casa.readinessProbe.httpGet.path | string | `"/casa/health-check"` | http readiness probe endpoint | +| casa.replicas | int | `1` | Service replica number. | +| casa.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | +| casa.resources.limits.cpu | string | `"500m"` | CPU limit. | +| casa.resources.limits.memory | string | `"500Mi"` | Memory limit. | +| casa.resources.requests.cpu | string | `"500m"` | CPU request. | +| casa.resources.requests.memory | string | `"500Mi"` | Memory request. | +| casa.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| casa.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| client-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/client-api","tag":"1.0.0-beta.13"},"livenessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. | +| client-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| client-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| client-api.dnsConfig | object | `{}` | Add custom dns config | +| client-api.dnsPolicy | string | `""` | Add custom dns policy | +| client-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| client-api.hpa.behavior | object | `{}` | Scaling Policies | +| client-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| client-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| client-api.image.pullSecrets | list | `[]` | Image Pull Secrets | +| client-api.image.repository | string | `"janssenproject/client-api"` | Image to use for deploying. | +| client-api.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| client-api.livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| client-api.livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. | +| client-api.readinessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. | +| client-api.replicas | int | `1` | Service replica number. | +| client-api.resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | +| client-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| client-api.resources.limits.memory | string | `"400Mi"` | Memory limit. | +| client-api.resources.requests.cpu | string | `"1000m"` | CPU request. | +| client-api.resources.requests.memory | string | `"400Mi"` | Memory request. | +| client-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| client-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| client-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| client-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| client-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnCasaEnabled":false,"cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCertFile":"/etc/certs/couchbase.crt","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbasePasswordFile":"/etc/gluu/conf/couchbase_password","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseSuperUserPasswordFile":"/etc/gluu/conf/couchbase_superuser_password","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnDocumentStoreType":"JCA","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJackrabbitAdminId":"admin","cnJackrabbitAdminIdFile":"/etc/gluu/conf/jackrabbit_admin_id","cnJackrabbitAdminPasswordFile":"/etc/gluu/conf/jackrabbit_admin_password","cnJackrabbitPostgresDatabaseName":"jackrabbit","cnJackrabbitPostgresHost":"postgresql.postgres.svc.cluster.local","cnJackrabbitPostgresPasswordFile":"/etc/gluu/conf/postgres_password","cnJackrabbitPostgresPort":5432,"cnJackrabbitPostgresUser":"jackrabbit","cnJackrabbitSyncInterval":300,"cnJackrabbitUrl":"http://jackrabbit:8080","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPassportEnabled":false,"cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnSamlEnabled":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqlPasswordFile":"/etc/jans/conf/sql_password","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.0-beta.13"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.0-beta.13"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| config-api.dnsConfig | object | `{}` | Add custom dns config | +| config-api.dnsPolicy | string | `""` | Add custom dns policy | +| config-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| config-api.hpa.behavior | object | `{}` | Scaling Policies | +| config-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | +| config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | +| config-api.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | +| config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint | +| config-api.replicas | int | `1` | Service replica number. | +| config-api.resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | +| config-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| config-api.resources.limits.memory | string | `"400Mi"` | Memory limit. | +| config-api.resources.requests.cpu | string | `"1000m"` | CPU request. | +| config-api.resources.requests.memory | string | `"400Mi"` | Memory request. | +| config-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| config-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| config-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| config-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| config-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| config.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| config.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| config.adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | +| config.city | string | `"Austin"` | City. Used for certificate creation. | +| config.configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | +| config.configmap.cnCasaEnabled | bool | `false` | Enable Casa flag . | +| config.configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api . | +| config.configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api. | +| config.configmap.cnClientApiBindIpAddresses | string | `"*"` | Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy | +| config.configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | +| config.configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | +| config.configmap.cnCouchbaseCertFile | string | `"/etc/certs/couchbase.crt"` | Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. | +| config.configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | +| config.configmap.cnCouchbaseIndexNumReplica | int | `0` | The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. | +| config.configmap.cnCouchbasePassword | string | `"P@ssw0rd"` | Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . | +| config.configmap.cnCouchbasePasswordFile | string | `"/etc/gluu/conf/couchbase_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password | +| config.configmap.cnCouchbaseSuperUser | string | `"admin"` | The Couchbase super user (admin) user name. This user is used during initialization only. | +| config.configmap.cnCouchbaseSuperUserPassword | string | `"Test1234#"` | Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol | +| config.configmap.cnCouchbaseSuperUserPasswordFile | string | `"/etc/gluu/conf/couchbase_superuser_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. | +| config.configmap.cnCouchbaseUrl | string | `"cbgluu.default.svc.cluster.local"` | Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster | +| config.configmap.cnCouchbaseUser | string | `"gluu"` | Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. | +| config.configmap.cnDocumentStoreType | string | `"JCA"` | Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. | +| config.configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | +| config.configmap.cnJackrabbitAdminId | string | `"admin"` | Jackrabbit admin uid. | +| config.configmap.cnJackrabbitAdminIdFile | string | `"/etc/gluu/conf/jackrabbit_admin_id"` | The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. | +| config.configmap.cnJackrabbitAdminPasswordFile | string | `"/etc/gluu/conf/jackrabbit_admin_password"` | The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. | +| config.configmap.cnJackrabbitPostgresDatabaseName | string | `"jackrabbit"` | Jackrabbit postgres database name. | +| config.configmap.cnJackrabbitPostgresHost | string | `"postgresql.postgres.svc.cluster.local"` | Postgres url | +| config.configmap.cnJackrabbitPostgresPasswordFile | string | `"/etc/gluu/conf/postgres_password"` | The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. | +| config.configmap.cnJackrabbitPostgresPort | int | `5432` | Jackrabbit Postgres port | +| config.configmap.cnJackrabbitPostgresUser | string | `"jackrabbit"` | Jackrabbit Postgres uid | +| config.configmap.cnJackrabbitSyncInterval | int | `300` | Interval between files sync (default to 300 seconds). | +| config.configmap.cnJackrabbitUrl | string | `"http://jackrabbit:8080"` | Jackrabbit internal url. Normally left as default. | +| config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | +| config.configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | +| config.configmap.cnPassportEnabled | bool | `false` | Boolean flag to enable/disable passport chart | +| config.configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | +| config.configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnSamlEnabled | bool | `false` | Enable SAML-related features; UI menu, etc. | +| config.configmap.cnScimProtectionMode | string | `"OAUTH"` | SCIM protection mode OAUTH|TEST|UMA | +| config.configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | +| config.configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | +| config.configmap.cnSqlDbHost | string | `"my-release-mysql.default.svc.cluster.local"` | SQL database host uri. | +| config.configmap.cnSqlDbName | string | `"jans"` | SQL database name. | +| config.configmap.cnSqlDbPort | int | `3306` | SQL database port. | +| config.configmap.cnSqlDbTimezone | string | `"UTC"` | SQL database timezone. | +| config.configmap.cnSqlDbUser | string | `"jans"` | SQL database username. | +| config.configmap.cnSqlPasswordFile | string | `"/etc/jans/conf/sql_password"` | SQL password file holding password from config.configmap.cnSqldbUserPassword . | +| config.configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected as config.configmap.cnSqlPasswordFile . | +| config.configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. | +| config.countryCode | string | `"US"` | Country code. Used for certificate creation. | +| config.dnsConfig | object | `{}` | Add custom dns config | +| config.dnsPolicy | string | `""` | Add custom dns policy | +| config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | +| config.image.pullSecrets | list | `[]` | Image Pull Secrets | +| config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | +| config.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | +| config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | +| config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | +| config.migration.migrationDataFormat | string | `"ldif"` | migration data-format depending on persistence backend. Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. | +| config.migration.migrationDir | string | `"/ce-migration"` | Directory holding all migration files | +| config.orgName | string | `"Gluu"` | Organization name. Used for certificate creation. | +| config.redisPassword | string | `"P@assw0rd"` | Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. | +| config.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| config.resources.limits.cpu | string | `"300m"` | CPU limit. | +| config.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| config.resources.requests.cpu | string | `"300m"` | CPU request. | +| config.resources.requests.memory | string | `"300Mi"` | Memory request. | +| config.state | string | `"TX"` | State code. Used for certificate creation. | +| config.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. | +| config.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | +| config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | +| config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| cr-rotate | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/cr-rotate","tag":"5.0.0_dev"},"resources":{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"200m","memory":"200Mi"}},"service":{"crRotateServiceName":"cr-rotate"},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated. | +| cr-rotate.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| cr-rotate.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| cr-rotate.dnsConfig | object | `{}` | Add custom dns config | +| cr-rotate.dnsPolicy | string | `""` | Add custom dns policy | +| cr-rotate.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| cr-rotate.image.pullSecrets | list | `[]` | Image Pull Secrets | +| cr-rotate.image.repository | string | `"gluufederation/cr-rotate"` | Image to use for deploying. | +| cr-rotate.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| cr-rotate.resources | object | `{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"200m","memory":"200Mi"}}` | Resource specs. | +| cr-rotate.resources.limits.cpu | string | `"200m"` | CPU limit. | +| cr-rotate.resources.limits.memory | string | `"200Mi"` | Memory limit. | +| cr-rotate.resources.requests.cpu | string | `"200m"` | CPU request. | +| cr-rotate.resources.requests.memory | string | `"200Mi"` | Memory request. | +| cr-rotate.service.crRotateServiceName | string | `"cr-rotate"` | Name of the cr-rotate service. Please keep it as default. | +| cr-rotate.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| cr-rotate.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| cr-rotate.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| cr-rotate.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| cr-rotate.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.0-beta.13"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| fido2.dnsConfig | object | `{}` | Add custom dns config | +| fido2.dnsPolicy | string | `""` | Add custom dns policy | +| fido2.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| fido2.hpa.behavior | object | `{}` | Scaling Policies | +| fido2.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | +| fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | +| fido2.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | +| fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | +| fido2.readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | +| fido2.replicas | int | `1` | Service replica number. | +| fido2.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | +| fido2.resources.limits.cpu | string | `"500m"` | CPU limit. | +| fido2.resources.limits.memory | string | `"500Mi"` | Memory limit. | +| fido2.resources.requests.cpu | string | `"500m"` | CPU request. | +| fido2.resources.requests.memory | string | `"500Mi"` | Memory request. | +| fido2.service.name | string | `"http-fido2"` | The name of the fido2 port within the fido2 service. Please keep it as default. | +| fido2.service.port | int | `8080` | Port of the fido2 service. Please keep it as default. | +| fido2.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| fido2.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| global | object | `{"admin-ui":{"adminUiApiKey":"xxxxxxxxxxx","adminUiApiKeyFile":"/etc/jans/conf/admin_ui_api_key","adminUiManagementKey":"xxxxxxxxxxx","adminUiManagementKeyFile":"/etc/jans/conf/admin_ui_management_key","adminUiProductCode":"xxxxxxxxxxx","adminUiProductCodeFile":"/etc/jans/conf/admin_ui_product_code","adminUiServiceName":"admin-ui","adminUiSharedKey":"xxxxxxxxxxx","adminUiSharedKeyFile":"/etc/jans/conf/admin_ui_shared_key","enabled":false},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authServerServiceName":"auth-server","enabled":true},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"casaServiceName":"casa"},"client-api":{"appLoggers":{"clientApiLogLevel":"INFO","clientApiLogTarget":"STDOUT"},"clientApiServerServiceName":"client-api","enabled":false},"cloud":{"testEnviroment":false},"cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnJackrabbitCluster":false,"cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","config":{"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT"},"configApiServerServiceName":"config-api","enabled":true},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","cr-rotate":{"enabled":false},"distribution":"default","fido2":{"appLoggers":{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2"},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"ingress":false,"namespace":"istio-system"},"jackrabbit":{"enabled":false,"jackRabbitServiceName":"jackrabbit"},"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global.admin-ui.adminUiApiKeyFile | string | `"/etc/jans/conf/admin_ui_api_key"` | Admin UI license API key mount location. | +| global.admin-ui.adminUiManagementKey | string | `"xxxxxxxxxxx"` | Admin UI license management key. | +| global.admin-ui.adminUiManagementKeyFile | string | `"/etc/jans/conf/admin_ui_management_key"` | Admin UI license management key mount location. | +| global.admin-ui.adminUiProductCode | string | `"xxxxxxxxxxx"` | Admin UI license product code. | +| global.admin-ui.adminUiProductCodeFile | string | `"/etc/jans/conf/admin_ui_product_code"` | Admin UI license product code mount location. | +| global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. | +| global.admin-ui.adminUiSharedKey | string | `"xxxxxxxxxxx"` | Admin UI license shared key. | +| global.admin-ui.adminUiSharedKeyFile | string | `"/etc/jans/conf/admin_ui_shared_key"` | Admin UI license shared key mount location. | +| global.admin-ui.enabled | bool | `false` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. | +| global.alb.ingress | bool | `false` | Activates ALB ingress | +| global.auth-server-key-rotation.enabled | bool | `false` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | +| global.auth-server.appLoggers | object | `{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.auth-server.appLoggers.auditStatsLogLevel | string | `"INFO"` | jans-auth_audit.log level | +| global.auth-server.appLoggers.auditStatsLogTarget | string | `"FILE"` | jans-auth_script.log target | +| global.auth-server.appLoggers.authLogLevel | string | `"INFO"` | jans-auth.log level | +| global.auth-server.appLoggers.authLogTarget | string | `"STDOUT"` | jans-auth.log target | +| global.auth-server.appLoggers.httpLogLevel | string | `"INFO"` | http_request_response.log level | +| global.auth-server.appLoggers.httpLogTarget | string | `"FILE"` | http_request_response.log target | +| global.auth-server.appLoggers.ldapStatsLogLevel | string | `"INFO"` | jans-auth_persistence_ldap_statistics.log level | +| global.auth-server.appLoggers.ldapStatsLogTarget | string | `"FILE"` | jans-auth_persistence_ldap_statistics.log target | +| global.auth-server.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | jans-auth_persistence_duration.log level | +| global.auth-server.appLoggers.persistenceDurationLogTarget | string | `"FILE"` | jans-auth_persistence_duration.log target | +| global.auth-server.appLoggers.persistenceLogLevel | string | `"INFO"` | jans-auth_persistence.log level | +| global.auth-server.appLoggers.persistenceLogTarget | string | `"FILE"` | jans-auth_persistence.log target | +| global.auth-server.appLoggers.scriptLogLevel | string | `"INFO"` | jans-auth_script.log level | +| global.auth-server.appLoggers.scriptLogTarget | string | `"FILE"` | jans-auth_script.log target | +| global.auth-server.authServerServiceName | string | `"auth-server"` | Name of the auth-server service. Please keep it as default. | +| global.auth-server.enabled | bool | `true` | Boolean flag to enable/disable auth-server chart. You should never set this to false. | +| global.awsStorageType | string | `"io1"` | Volume storage type if using AWS volumes. | +| global.azureStorageAccountType | string | `"Standard_LRS"` | Volume storage type if using Azure disks. | +| global.azureStorageKind | string | `"Managed"` | Azure storage kind if using Azure disks | +| global.casa.casaServiceName | string | `"casa"` | Name of the casa service. Please keep it as default. | +| global.client-api.appLoggers | object | `{"clientApiLogLevel":"INFO","clientApiLogTarget":"STDOUT"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.client-api.appLoggers.clientApiLogLevel | string | `"INFO"` | client-api.log level | +| global.client-api.appLoggers.clientApiLogTarget | string | `"STDOUT"` | client-api.log target | +| global.client-api.clientApiServerServiceName | string | `"client-api"` | Name of the client-api service. Please keep it as default. | +| global.client-api.enabled | bool | `false` | Boolean flag to enable/disable the client-api chart. | +| global.cloud.testEnviroment | bool | `false` | Boolean flag if enabled will strip resources requests and limits from all services. | +| global.cnGoogleApplicationCredentials | string | `"/etc/jans/conf/google-credentials.json"` | Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. | +| global.cnJackrabbitCluster | bool | `false` | Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres. | +| global.cnObExtSigningAlias | string | `""` | Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G | +| global.cnObExtSigningJwksCrt | string | `""` | Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksKey | string | `""` | Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksKeyPassPhrase | string | `""` | Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksUri | string | `""` | Open banking external signing jwks uri. Used in SSA Validation. | +| global.cnObStaticSigningKeyKid | string | `""` | Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G | +| global.cnObTransportAlias | string | `""` | Open banking transport Alias used inside the JVM. | +| global.cnObTransportCrt | string | `""` | Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64. | +| global.cnObTransportKey | string | `""` | Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. | +| global.cnObTransportKeyPassPhrase | string | `""` | Open banking AS transport key pas`sphrase to unlock AS transport key. This must be encoded using base64. | +| global.cnObTransportTrustStore | string | `""` | Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64. | +| global.cnPersistenceType | string | `"sql"` | Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. | +| global.config-api.appLoggers | object | `{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.config-api.appLoggers.configApiLogLevel | string | `"INFO"` | configapi.log level | +| global.config-api.appLoggers.configApiLogTarget | string | `"STDOUT"` | configapi.log target | +| global.config-api.configApiServerServiceName | string | `"config-api"` | Name of the config-api service. Please keep it as default. | +| global.config-api.enabled | bool | `true` | Boolean flag to enable/disable the config-api chart. | +| global.config.enabled | bool | `true` | Boolean flag to enable/disable the configuration chart. This normally should never be false | +| global.configAdapterName | string | `"kubernetes"` | The config backend adapter that will hold Gluu configuration layer. google|kubernetes | +| global.configSecretAdapter | string | `"kubernetes"` | The config backend adapter that will hold Gluu secret layer. google|kubernetes | +| global.cr-rotate.enabled | bool | `false` | Boolean flag to enable/disable the cr-rotate chart. | +| global.distribution | string | `"default"` | Gluu distributions supported are: default|openbanking. | +| global.fido2.appLoggers | object | `{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.fido2.appLoggers.fido2LogLevel | string | `"INFO"` | fido2.log level | +| global.fido2.appLoggers.fido2LogTarget | string | `"STDOUT"` | fido2.log target | +| global.fido2.appLoggers.persistenceLogLevel | string | `"INFO"` | fido2_persistence.log level | +| global.fido2.appLoggers.persistenceLogTarget | string | `"FILE"` | fido2_persistence.log target | +| global.fido2.enabled | bool | `true` | Boolean flag to enable/disable the fido2 chart. | +| global.fido2.fido2ServiceName | string | `"fido2"` | Name of the fido2 service. Please keep it as default. | +| global.fqdn | string | `"demoexample.gluu.org"` | Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. | +| global.gcePdStorageType | string | `"pd-standard"` | GCE storage kind if using Google disks | +| global.isFqdnRegistered | bool | `false` | Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. | +| global.istio.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| global.istio.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| global.istio.enabled | bool | `false` | Boolean flag that enables using istio side cars with Gluu services. | +| global.istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. | +| global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. | +| global.jackrabbit.enabled | bool | `false` | Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. If disabled oxShibboleth cannot be run. | +| global.jackrabbit.jackRabbitServiceName | string | `"jackrabbit"` | Name of the Jackrabbit service. Please keep it as default. | +| global.lbIp | string | `"22.22.22.22"` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. | +| global.nginx-ingress.enabled | bool | `true` | Boolean flag to enable/disable the nginx-ingress definitions chart. | +| global.opendj.enabled | bool | `false` | Boolean flag to enable/disable the OpenDJ chart. | +| global.opendj.ldapServiceName | string | `"opendj"` | Name of the OpenDJ service. Please keep it as default. | +| global.oxpassport.oxPassportServiceName | string | `"oxpassport"` | Name of the oxPassport service. Please keep it as default. | +| global.oxshibboleth.enabled | bool | `false` | Boolean flag to enable/disable the oxShibbboleth chart. | +| global.oxshibboleth.oxShibbolethServiceName | string | `"oxshibboleth"` | Name of the oxShibboleth service. Please keep it as default. | +| global.persistence.enabled | bool | `true` | Boolean flag to enable/disable the persistence chart. | +| global.scim.appLoggers | object | `{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.scim.appLoggers.ldapStatsLogLevel | string | `"INFO"` | jans-scim_persistence_ldap_statistics.log level | +| global.scim.appLoggers.ldapStatsLogTarget | string | `"FILE"` | jans-scim_persistence_ldap_statistics.log target | +| global.scim.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | jans-scim_persistence_duration.log level | +| global.scim.appLoggers.persistenceDurationLogTarget | string | `"FILE"` | jans-scim_persistence_duration.log target | +| global.scim.appLoggers.persistenceLogLevel | string | `"INFO"` | jans-scim_persistence.log level | +| global.scim.appLoggers.persistenceLogTarget | string | `"FILE"` | jans-scim_persistence.log target | +| global.scim.appLoggers.scimLogLevel | string | `"INFO"` | jans-scim.log level | +| global.scim.appLoggers.scimLogTarget | string | `"STDOUT"` | jans-scim.log target | +| global.scim.appLoggers.scriptLogLevel | string | `"INFO"` | jans-scim_script.log level | +| global.scim.appLoggers.scriptLogTarget | string | `"FILE"` | jans-scim_script.log target | +| global.scim.enabled | bool | `true` | Boolean flag to enable/disable the SCIM chart. | +| global.scim.scimServiceName | string | `"scim"` | Name of the scim service. Please keep it as default. | +| global.storageClass | object | `{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"}` | StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. | +| global.storageClass.parameters | object | `{}` | parameters: | +| global.upgrade.enabled | bool | `false` | Boolean flag used when running upgrading through versions command. Used when upgrading with LDAP as the persistence to load the 101x ldif. | +| global.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services | +| global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | +| global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | +| installer-settings | object | `{"acceptLicense":"","aws":{"arn":{"arnAcmCert":"","enabled":""},"lbType":"","vpcCidr":"0.0.0.0/0"},"confirmSettings":false,"couchbase":{"backup":{"fullSchedule":"","incrementalSchedule":"","retentionTime":"","storageSize":""},"clusterName":"","commonName":"","customFileOverride":"","install":"","lowResourceInstall":"","namespace":"","subjectAlternativeName":"","totalNumberOfExpectedTransactionsPerSec":"","totalNumberOfExpectedUsers":"","volumeType":""},"currentVersion":"","google":{"useSecretManager":""},"images":{"edit":""},"jackrabbit":{"clusterMode":""},"ldap":{"backup":{"fullSchedule":""},"multiClusterIds":[],"subsequentCluster":""},"namespace":"","nginxIngress":{"namespace":"","releaseName":""},"nodes":{"ips":"","names":"","zones":""},"openbanking":{"cnObTransportTrustStoreP12password":"","hasCnObTransportTrustStore":false},"postgres":{"install":"","namespace":""},"redis":{"install":"","namespace":""},"releaseName":"","sql":{"install":"","namespace":""},"upgrade":{"image":{"repository":"","tag":""},"targetVersion":""},"volumeProvisionStrategy":""}` | Only used by the installer. These settings do not affect nor are used by the chart | +| jackrabbit | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/jackrabbit","tag":"5.0.0_dev"},"livenessProbe":{"initialDelaySeconds":25,"periodSeconds":25,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":30,"periodSeconds":30,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"1000Mi"},"requests":{"cpu":"1500m","memory":"1000Mi"}},"secrets":{"cnJackrabbitAdminPassword":"Test1234#","cnJackrabbitPostgresPassword":"P@ssw0rd"},"storage":{"size":"5Gi"},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications https://jackrabbit.apache.org/jcr/index.html | +| jackrabbit.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| jackrabbit.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| jackrabbit.dnsConfig | object | `{}` | Add custom dns config | +| jackrabbit.dnsPolicy | string | `""` | Add custom dns policy | +| jackrabbit.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| jackrabbit.hpa.behavior | object | `{}` | Scaling Policies | +| jackrabbit.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| jackrabbit.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| jackrabbit.image.pullSecrets | list | `[]` | Image Pull Secrets | +| jackrabbit.image.repository | string | `"gluufederation/jackrabbit"` | Image to use for deploying. | +| jackrabbit.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| jackrabbit.livenessProbe | object | `{"initialDelaySeconds":25,"periodSeconds":25,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the liveness healthcheck for the Jackrabbit if needed. | +| jackrabbit.livenessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| jackrabbit.readinessProbe | object | `{"initialDelaySeconds":30,"periodSeconds":30,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the readiness healthcheck for the Jackrabbit if needed. | +| jackrabbit.readinessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| jackrabbit.replicas | int | `1` | Service replica number. | +| jackrabbit.resources | object | `{"limits":{"cpu":"1500m","memory":"1000Mi"},"requests":{"cpu":"1500m","memory":"1000Mi"}}` | Resource specs. | +| jackrabbit.resources.limits.cpu | string | `"1500m"` | CPU limit. | +| jackrabbit.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| jackrabbit.resources.requests.cpu | string | `"1500m"` | CPU request. | +| jackrabbit.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| jackrabbit.secrets.cnJackrabbitAdminPassword | string | `"Test1234#"` | Jackrabbit admin uid password | +| jackrabbit.secrets.cnJackrabbitPostgresPassword | string | `"P@ssw0rd"` | Jackrabbit Postgres uid password | +| jackrabbit.storage.size | string | `"5Gi"` | Jackrabbit volume size | +| jackrabbit.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| jackrabbit.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| jackrabbit.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| jackrabbit.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| jackrabbit.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| nginx-ingress | object | `{"ingress":{"additionalAnnotations":{},"additionalLabels":{},"adminUiAdditionalAnnotations":{},"adminUiEnabled":true,"adminUiLabels":{},"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authServerProtectedRegister":false,"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedToken":false,"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"hosts":["demoexample.gluu.org"],"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}}}` | Nginx ingress definitions chart | +| nginx-ingress.ingress.additionalAnnotations | object | `{}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | +| nginx-ingress.ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} | +| nginx-ingress.ingress.adminUiAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. | +| nginx-ingress.ingress.adminUiEnabled | bool | `true` | Enable Admin UI endpoints. COMING SOON. | +| nginx-ingress.ingress.adminUiLabels | object | `{}` | Admin UI ingress resource labels. key app is taken. | +| nginx-ingress.ingress.authServerAdditionalAnnotations | object | `{}` | Auth server ingress resource additional annotations. | +| nginx-ingress.ingress.authServerEnabled | bool | `true` | Enable Auth server endpoints /jans-auth | +| nginx-ingress.ingress.authServerLabels | object | `{}` | Auth server ingress resource labels. key app is taken | +| nginx-ingress.ingress.authServerProtectedRegister | bool | `false` | Enable mTLS onn Auth server endpoint /jans-auth/restv1/register | +| nginx-ingress.ingress.authServerProtectedRegisterAdditionalAnnotations | object | `{}` | Auth server protected register ingress resource additional annotations. | +| nginx-ingress.ingress.authServerProtectedRegisterLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| nginx-ingress.ingress.authServerProtectedToken | bool | `false` | Enable mTLS on Auth server endpoint /jans-auth/restv1/token | +| nginx-ingress.ingress.authServerProtectedTokenAdditionalAnnotations | object | `{}` | Auth server protected token ingress resource additional annotations. | +| nginx-ingress.ingress.authServerProtectedTokenLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| nginx-ingress.ingress.configApiAdditionalAnnotations | object | `{}` | ConfigAPI ingress resource additional annotations. | +| nginx-ingress.ingress.configApiLabels | object | `{}` | configAPI ingress resource labels. key app is taken | +| nginx-ingress.ingress.fido2ConfigAdditionalAnnotations | object | `{}` | fido2 config ingress resource additional annotations. | +| nginx-ingress.ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration | +| nginx-ingress.ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken | +| nginx-ingress.ingress.openidAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. | +| nginx-ingress.ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration | +| nginx-ingress.ingress.openidConfigLabels | object | `{}` | openid-configuration ingress resource labels. key app is taken | +| nginx-ingress.ingress.scimAdditionalAnnotations | object | `{}` | SCIM ingress resource additional annotations. | +| nginx-ingress.ingress.scimConfigAdditionalAnnotations | object | `{}` | SCIM config ingress resource additional annotations. | +| nginx-ingress.ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration | +| nginx-ingress.ingress.scimConfigLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| nginx-ingress.ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim | +| nginx-ingress.ingress.scimLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| nginx-ingress.ingress.tls | list | `[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}]` | Secrets holding HTTPS CA cert and key. | +| nginx-ingress.ingress.u2fAdditionalAnnotations | object | `{}` | u2f config ingress resource additional annotations. | +| nginx-ingress.ingress.u2fConfigEnabled | bool | `true` | Enable endpoint /.well-known/fido-configuration | +| nginx-ingress.ingress.u2fConfigLabels | object | `{}` | u2f config ingress resource labels. key app is taken | +| nginx-ingress.ingress.uma2AdditionalAnnotations | object | `{}` | uma2 config ingress resource additional annotations. | +| nginx-ingress.ingress.uma2ConfigEnabled | bool | `true` | Enable endpoint /.well-known/uma2-configuration | +| nginx-ingress.ingress.uma2ConfigLabels | object | `{}` | uma2 config ingress resource labels. key app is taken | +| nginx-ingress.ingress.webdiscoveryAdditionalAnnotations | object | `{}` | webdiscovery ingress resource additional annotations. | +| nginx-ingress.ingress.webdiscoveryEnabled | bool | `true` | Enable endpoint /.well-known/simple-web-discovery | +| nginx-ingress.ingress.webdiscoveryLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | +| nginx-ingress.ingress.webfingerAdditionalAnnotations | object | `{}` | webfinger ingress resource additional annotations. | +| nginx-ingress.ingress.webfingerEnabled | bool | `true` | Enable endpoint /.well-known/webfinger | +| nginx-ingress.ingress.webfingerLabels | object | `{}` | webfinger ingress resource labels. key app is taken | +| opendj | object | `{"additionalAnnotations":{},"additionalLabels":{},"backup":{"cronJobSchedule":"*/59 * * * *","enabled":true},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/opendj","tag":"5.0.0_dev"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"multiCluster":{"clusterId":"","enabled":false,"namespaceIntId":0,"replicaCount":1,"serfAdvertiseAddrSuffix":"regional.gluu.org:30946","serfKey":"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk=","serfPeers":["gluu-opendj-regional-0-regional.gluu.org:30946","gluu-opendj-regional-0-regional.gluu.org:31946"]},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. | +| opendj.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| opendj.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| opendj.backup | object | `{"cronJobSchedule":"*/59 * * * *","enabled":true}` | Configure ldap backup cronjob | +| opendj.dnsConfig | object | `{}` | Add custom dns config | +| opendj.dnsPolicy | string | `""` | Add custom dns policy | +| opendj.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| opendj.hpa.behavior | object | `{}` | Scaling Policies | +| opendj.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| opendj.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| opendj.image.pullSecrets | list | `[]` | Image Pull Secrets | +| opendj.image.repository | string | `"gluufederation/opendj"` | Image to use for deploying. | +| opendj.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| opendj.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py | +| opendj.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | +| opendj.multiCluster.clusterId | string | `""` | This id needs to be unique to each kubernetes cluster in a multi cluster setup west, east, south, north, region ...etc If left empty it will be randomly generated. | +| opendj.multiCluster.enabled | bool | `false` | Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster` | +| opendj.multiCluster.namespaceIntId | int | `0` | Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. Used when gluu is installed in the same kubernetes cluster more than once. | +| opendj.multiCluster.replicaCount | int | `1` | The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org | +| opendj.multiCluster.serfAdvertiseAddrSuffix | string | `"regional.gluu.org:30946"` | OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} | +| opendj.multiCluster.serfKey | string | `"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk="` | Serf key. This key will automatically sync across clusters. | +| opendj.multiCluster.serfPeers | list | `["gluu-opendj-regional-0-regional.gluu.org:30946","gluu-opendj-regional-0-regional.gluu.org:31946"]` | Serf peer addresses. One per cluster. | +| opendj.persistence.size | string | `"5Gi"` | OpenDJ volume size | +| opendj.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py | +| opendj.replicas | int | `1` | Service replica number. | +| opendj.resources | object | `{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}}` | Resource specs. | +| opendj.resources.limits.cpu | string | `"1500m"` | CPU limit. | +| opendj.resources.limits.memory | string | `"2000Mi"` | Memory limit. | +| opendj.resources.requests.cpu | string | `"1500m"` | CPU request. | +| opendj.resources.requests.memory | string | `"2000Mi"` | Memory request. | +| opendj.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| opendj.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| opendj.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| opendj.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| opendj.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| oxpassport | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxpassport","tag":"5.0.0_dev"},"livenessProbe":{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu interface to Passport.js to support social login and inbound identity. | +| oxpassport.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| oxpassport.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| oxpassport.dnsConfig | object | `{}` | Add custom dns config | +| oxpassport.dnsPolicy | string | `""` | Add custom dns policy | +| oxpassport.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| oxpassport.hpa.behavior | object | `{}` | Scaling Policies | +| oxpassport.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| oxpassport.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| oxpassport.image.pullSecrets | list | `[]` | Image Pull Secrets | +| oxpassport.image.repository | string | `"gluufederation/oxpassport"` | Image to use for deploying. | +| oxpassport.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| oxpassport.livenessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for oxPassport if needed. | +| oxpassport.livenessProbe.httpGet.path | string | `"/passport/health-check"` | http liveness probe endpoint | +| oxpassport.readinessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the oxPassport if needed. | +| oxpassport.readinessProbe.httpGet.path | string | `"/passport/health-check"` | http readiness probe endpoint | +| oxpassport.replicas | int | `1` | Service replica number | +| oxpassport.resources | object | `{"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}}` | Resource specs. | +| oxpassport.resources.limits.cpu | string | `"700m"` | CPU limit. | +| oxpassport.resources.limits.memory | string | `"900Mi"` | Memory limit. | +| oxpassport.resources.requests.cpu | string | `"700m"` | CPU request. | +| oxpassport.resources.requests.memory | string | `"900Mi"` | Memory request. | +| oxpassport.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| oxpassport.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| oxpassport.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| oxpassport.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| oxpassport.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| oxshibboleth | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxshibboleth","tag":"5.0.0_dev"},"livenessProbe":{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Shibboleth project for the Gluu Server's SAML IDP functionality. | +| oxshibboleth.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| oxshibboleth.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| oxshibboleth.dnsConfig | object | `{}` | Add custom dns config | +| oxshibboleth.dnsPolicy | string | `""` | Add custom dns policy | +| oxshibboleth.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| oxshibboleth.hpa.behavior | object | `{}` | Scaling Policies | +| oxshibboleth.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| oxshibboleth.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| oxshibboleth.image.pullSecrets | list | `[]` | Image Pull Secrets | +| oxshibboleth.image.repository | string | `"gluufederation/oxshibboleth"` | Image to use for deploying. | +| oxshibboleth.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| oxshibboleth.livenessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the oxShibboleth if needed. | +| oxshibboleth.livenessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| oxshibboleth.readinessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| oxshibboleth.readinessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| oxshibboleth.replicas | int | `1` | Service replica number. | +| oxshibboleth.resources | object | `{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}}` | Resource specs. | +| oxshibboleth.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| oxshibboleth.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| oxshibboleth.resources.requests.cpu | string | `"1000m"` | CPU request. | +| oxshibboleth.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| oxshibboleth.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| oxshibboleth.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.0-beta.13"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Gluu Server persistence layer. | +| persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| persistence.dnsConfig | object | `{}` | Add custom dns config | +| persistence.dnsPolicy | string | `""` | Add custom dns policy | +| persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | +| persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | +| persistence.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| persistence.resources.limits.cpu | string | `"300m"` | CPU limit | +| persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| persistence.resources.requests.cpu | string | `"300m"` | CPU request. | +| persistence.resources.requests.memory | string | `"300Mi"` | Memory request. | +| persistence.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| persistence.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.0-beta.13"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| scim.dnsConfig | object | `{}` | Add custom dns config | +| scim.dnsPolicy | string | `""` | Add custom dns policy | +| scim.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| scim.hpa.behavior | object | `{}` | Scaling Policies | +| scim.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| scim.image.pullSecrets | list | `[]` | Image Pull Secrets | +| scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | +| scim.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | +| scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | +| scim.readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | +| scim.readinessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http readiness probe endpoint | +| scim.replicas | int | `1` | Service replica number. | +| scim.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| scim.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| scim.resources.requests.cpu | string | `"1000m"` | CPU request. | +| scim.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| scim.service.name | string | `"http-scim"` | The name of the scim port within the scim service. Please keep it as default. | +| scim.service.port | int | `8080` | Port of the scim service. Please keep it as default. | +| scim.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| scim.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| scim.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| scim.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| scim.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/app-readme.md b/charts/gluu/gluu/5.0.101/app-readme.md new file mode 100644 index 000000000..84d58ba8c --- /dev/null +++ b/charts/gluu/gluu/5.0.101/app-readme.md @@ -0,0 +1,35 @@ +## Introduction +The Gluu Server is a container distribution of free open source software (FOSS) for identity and access management (IAM). SaaS, custom, open source and commercial web and mobile applications can leverage a Gluu Server for user authentication, identity information, and policy decisions. + +Common use cases include: + +- Single sign-on (SSO) +- Mobile authentication +- API access management +- Two-factor authentication (2FA) +- Customer identity and access management (CIAM) +- Identity federation + +### Free Open Source Software +The Gluu Server is a FOSS platform for IAM. + +### Open Web Standards +The Gluu Server can be deployed to support the following open standards for authentication, authorization, federated identity, and identity management: + +- OAuth 2.0 +- OpenID Connect +- User Managed Access 2.0 (UMA) +- SAML 2.0 +- System for Cross-domain Identity Management (SCIM) +- FIDO Universal 2nd Factor (U2F) +- FIDO 2.0 / WebAuthn +- Lightweight Directory Access Protocol (LDAP) +- Remote Authentication Dial-In User Service (RADIUS) + +### Important notes for installation: +- Make sure to enable `Customize Helm options before install` after clicking the initial `Install` on the top right. When you view your helm options, please uncheck the wait parameter as that conflicts with the post-install hook for the persistence image. + +### Quick install on Rancher UI with Docker single node +- Install the nginx-ingress-controller chart. +- Install the OpenEBS chart. +- Install Gluu chart and specify your persistence as ldap. \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/.helmignore b/charts/gluu/gluu/5.0.101/charts/admin-ui/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/admin-ui/Chart.yaml new file mode 100644 index 000000000..aca713ed0 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Admin GUI. Requires license. +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- Autherization +- OpenID +- GUI +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: admin-ui +sources: +- https://github.com/GluuFederation/docker-gluu-admin-ui +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/README.md b/charts/gluu/gluu/5.0.101/charts/admin-ui/README.md new file mode 100644 index 000000000..c4cc186fb --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/README.md @@ -0,0 +1,59 @@ +# admin-ui + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Admin GUI. Requires license. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | +| readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"2500m"` | CPU limit. | +| resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| resources.requests.cpu | string | `"2500m"` | CPU request. | +| resources.requests.memory | string | `"2500Mi"` | Memory request. | +| service.name | string | `"http-admin-ui"` | The name of the admin ui port within the admin service. Please keep it as default. | +| service.port | int | `8080` | Port of the admin ui service. Please keep it as default. | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/_helpers.tpl new file mode 100644 index 000000000..27e0aa192 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "admin-ui.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "admin-ui.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "admin-ui.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "admin-ui.labels" -}} +app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} +helm.sh/chart: {{ include "admin-ui.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "admin-ui.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "admin-ui.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/admin-ui-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/admin-ui-destination-rules.yaml new file mode 100644 index 000000000..6643bee66 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/admin-ui-destination-rules.yaml @@ -0,0 +1,23 @@ +{{- if .Values.global.istio.enabled }} +# All Rights Reserved © 2021 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-admin-ui-mtls + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ index .Values "global" "admin-ui" "adminUiServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/admin-ui-virtual-services.yaml b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/admin-ui-virtual-services.yaml new file mode 100644 index 000000000..ce044cd00 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/admin-ui-virtual-services.yaml @@ -0,0 +1,33 @@ +{{- if .Values.global.istio.enabled }} +# All Rights Reserved © 2021 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-admin-ui + namespace: {{.Release.Namespace}} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service. + http: + - name: "{{ .Release.Name }}-istio-cn" + match: + - uri: + prefix: "/admin" + route: + - destination: + host: {{ index .Values "global" "admin-ui" "adminUiServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/deployment.yml b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/deployment.yml new file mode 100644 index 000000000..ad7ad6fbe --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/deployment.yml @@ -0,0 +1,158 @@ +# All Rights Reserved © 2021 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "admin-ui.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} + template: + metadata: + labels: + APP_NAME: admin-ui + app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "admin-ui.name" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + {{- include "admin-ui.usr-envs" . | indent 12 }} + {{- include "admin-ui.usr-secret-envs" . | indent 12 }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end}} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "admin-ui.fullname" .}}-updatelbip + mountPath: "/scripts" + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "admin-ui.fullname" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/hpa.yaml new file mode 100644 index 000000000..9b620839f --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{ if .Values.hpa.enabled -}} +# All Rights Reserved © 2021 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "admin-ui.fullname" . }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "admin-ui.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/service.yml b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/service.yml new file mode 100644 index 000000000..86f1a7255 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/service.yml @@ -0,0 +1,26 @@ +# All Rights Reserved © 2021 +apiVersion: v1 +kind: Service +metadata: + name: {{ index .Values "global" "admin-ui" "adminUiServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} #admin-ui + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..95a833ca0 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# All Rights Reserved © 2021 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/admin-ui/values.yaml b/charts/gluu/gluu/5.0.101/charts/admin-ui/values.yaml new file mode 100644 index 000000000..58d2774ae --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/admin-ui/values.yaml @@ -0,0 +1,76 @@ +# All Rights Reserved © 2021 +# -- Admin GUI. Requires license. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/admin-ui + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi +service: + # -- The name of the admin ui port within the admin service. Please keep it as default. + name: http-admin-ui + # -- Port of the admin ui service. Please keep it as default. + port: 8080 +# -- Configure the liveness healthcheck for the admin ui if needed. +livenessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 +# -- Configure the readiness healthcheck for the admin ui if needed. +readinessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/.helmignore b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/Chart.yaml new file mode 100644 index 000000000..d963389af --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Responsible for regenerating auth-keys per x hours +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- Auth keys Rotation +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: auth-server-key-rotation +sources: +- https://github.com/JanssenProject/docker-jans-certmanager +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/README.md b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/README.md new file mode 100644 index 000000000..cfe22b0f1 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/README.md @@ -0,0 +1,47 @@ +# auth-server-key-rotation + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Responsible for regenerating auth-keys per x hours + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| affinity | object | `{}` | | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| keysLife | int | `48` | Auth server key rotation keys life in hours | +| nodeSelector | object | `{}` | | +| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| tolerations | list | `[]` | | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/_helpers.tpl new file mode 100644 index 000000000..3f22c7b89 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "auth-server-key-rotation.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "auth-server-key-rotation.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "auth-server-key-rotation.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "auth-server-key-rotation.labels" -}} +app: {{ .Release.Name }}-{{ include "auth-server-key-rotation.name" . }} +helm.sh/chart: {{ include "auth-server-key-rotation.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "auth-server-key-rotation.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "auth-server-key-rotation.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/cronjobs.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/cronjobs.yaml new file mode 100644 index 000000000..c3f1c5b8c --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/cronjobs.yaml @@ -0,0 +1,114 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +kind: CronJob +apiVersion: batch/v1beta1 +metadata: + name: {{ include "auth-server-key-rotation.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: auth-server-key-rotation + release: {{ .Release.Name }} +{{ include "auth-server-key-rotation.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + schedule: "0 */{{ .Values.keysLife }} * * *" + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 12 }} + {{- end }} + containers: + - name: {{ include "auth-server-key-rotation.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "auth-server-key-rotation.usr-envs" . | indent 16 }} + {{- include "auth-server-key-rotation.usr-secret-envs" . | indent 16 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 16 }} + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 16 }} + {{- end }} + args: ["patch", "auth", "--opts", "interval:{{ .Values.keysLife }}"] + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + restartPolicy: Never + diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/service.yaml new file mode 100644 index 000000000..4b1f6ff07 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ include "auth-server-key-rotation.fullname" . }} + labels: +{{ include "auth-server-key-rotation.fullname" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: {{ .Release.Name }}-{{ include "auth-server-key-rotation.name" . }} + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..187d0948f --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "auth-server-key-rotation.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/values.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/values.yaml new file mode 100644 index 000000000..1de222d6d --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server-key-rotation/values.yaml @@ -0,0 +1,49 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Responsible for regenerating auth-keys per x hours +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/certmanager + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Auth server key rotation keys life in hours +keysLife: 48 +# -- Resource specs. +resources: + limits: + cpu: 300m + memory: 300Mi + requests: + cpu: 300m + memory: 300Mi +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/.helmignore b/charts/gluu/gluu/5.0.101/charts/auth-server/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server/Chart.yaml new file mode 100644 index 000000000..cf9265532 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization + Server--this is the main Internet facing component of Gluu. It's the service that + returns tokens, JWT's and identity assertions. This service must be Internet facing. +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- Autherization +- OpenID +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: auth-server +sources: +- https://github.com/JanssenProject/jans-auth-server +- https://github.com/JanssenProject/docker-jans-auth-server +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/auth-server +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/README.md b/charts/gluu/gluu/5.0.101/charts/auth-server/README.md new file mode 100644 index 000000000..f2111333a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/README.md @@ -0,0 +1,61 @@ +# auth-server + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"2500m"` | CPU limit. | +| resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| resources.requests.cpu | string | `"2500m"` | CPU request. | +| resources.requests.memory | string | `"2500Mi"` | Memory request. | +| service.name | string | `"http-auth"` | The name of the oxauth port within the oxauth service. Please keep it as default. | +| service.port | int | `8080` | Port of the oxauth service. Please keep it as default. | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/_helpers.tpl new file mode 100644 index 000000000..ecc6ffe0f --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "auth-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "auth-server.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "auth-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "auth-server.labels" -}} +app: {{ .Release.Name }}-{{ include "auth-server.name" . }} +helm.sh/chart: {{ include "auth-server.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "auth-server.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "auth-server.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/templates/auth-server-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/auth-server-destination-rules.yaml new file mode 100644 index 000000000..4c83973a7 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/auth-server-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-auth-server-mtls + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/templates/auth-server-virtual-services.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/auth-server-virtual-services.yaml new file mode 100644 index 000000000..0a8891570 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/auth-server-virtual-services.yaml @@ -0,0 +1,94 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-auth-server + namespace: {{.Release.Namespace}} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service. + http: + - name: "{{ .Release.Name }}-istio-openid-config" + match: + - uri: + prefix: "/.well-known/openid-configuration" + rewrite: + uri: "/auth-server/.well-known/openid-configuration" + route: + - destination: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + weight: 100 + - name: "{{ .Release.Name }}-istio-uma2-config" + match: + - uri: + prefix: "/.well-known/uma2-configuration" + rewrite: + uri: "/auth-server/restv1/uma2-configuration" + route: + - destination: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + weight: 100 + - name: "{{ .Release.Name }}-istio-webdiscovery" + match: + - uri: + prefix: "/.well-known/simple-web-discovery" + rewrite: + uri: "/auth-server/.well-known/simple-web-discovery" + route: + - destination: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + weight: 100 + - name: "{{ .Release.Name }}-istio-cn" + match: + - uri: + prefix: "/auth-server" + route: + - destination: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + - name: "{{ .Release.Name }}-istio-webfinger" + match: + - uri: + prefix: "/.well-known/webfinger" + rewrite: + uri: "/auth-server/.well-known/webfinger" + route: + - destination: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + weight: 100 + - name: "{{ .Release.Name }}-istio-u2f-config" + match: + - uri: + prefix: "/.well-known/fido-configuration" + rewrite: + uri: "/auth-server/restv1/fido-configuration" + route: + - destination: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + weight: 100 +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/templates/deployment.yml b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/deployment.yml new file mode 100644 index 000000000..77e24a4b7 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/deployment.yml @@ -0,0 +1,247 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "auth-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "auth-server.name" . }} + template: + metadata: + labels: + APP_NAME: auth-server + app: {{ .Release.Name }}-{{ include "auth-server.name" . }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "auth-server.name" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + {{- include "auth-server.usr-envs" . | indent 12 }} + {{- include "auth-server.usr-secret-envs" . | indent 12 }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end}} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{ if .Values.global.cnObExtSigningJwksKeyPassPhrase }} + - name: cn-ob-ext-signing-jwks-key-passphrase + mountPath: /etc/certs/ob-ext-signing.pin + subPath: ob-ext-signing.pin + {{- end }} + {{ if .Values.global.cnObExtSigningJwksKey }} + - name: cn-ob-ext-signing-jwks-key + mountPath: /etc/certs/ob-ext-signing.key + subPath: ob-ext-signing.key + {{- end }} + {{ if .Values.global.cnObExtSigningJwksCrt }} + - name: cn-ob-ext-signing-jwks-crt + mountPath: /etc/certs/ob-ext-signing.crt + subPath: ob-ext-signing.crt + {{- end }} + {{ if .Values.global.cnObTransportKeyPassPhrase }} + - name: cn-ob-transport-key-passphrase + mountPath: /etc/certs/ob-transport.pin + subPath: ob-transport.pin + {{- end }} + {{ if .Values.global.cnObTransportKey }} + - name: cn-ob-transport-key + mountPath: /etc/certs/ob-transport.key + subPath: ob-transport.key + {{- end }} + {{ if .Values.global.cnObTransportCrt }} + - name: cn-ob-transport-crt + mountPath: /etc/certs/ob-transport.crt + subPath: ob-transport.crt + {{- end }} + {{ if .Values.global.cnObTransportTrustStore }} + - name: cn-ob-transport-truststore + mountPath: /etc/certs/ob-transport-truststore.p12 + subPath: ob-transport-truststore.p12 + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "auth-server.fullname" .}}-updatelbip + mountPath: "/scripts" + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if .Values.global.cnObExtSigningJwksCrt }} + - name: cn-ob-ext-signing-jwks-crt + secret: + secretName: {{ .Release.Name }}-ob-ext-signing-jwks-crt-key-pin + items: + - key: ob-ext-signing.crt + path: ob-ext-signing.crt + {{- end }} + {{ if .Values.global.cnObExtSigningJwksKey }} + - name: cn-ob-ext-signing-jwks-key + secret: + secretName: {{ .Release.Name }}-ob-ext-signing-jwks-crt-key-pin + items: + - key: ob-ext-signing.key + path: ob-ext-signing.key + {{- end }} + {{ if .Values.global.cnObExtSigningJwksKeyPassPhrase }} + - name: cn-ob-ext-signing-jwks-key-passphrase + secret: + secretName: {{ .Release.Name }}-ob-ext-signing-jwks-crt-key-pin + items: + - key: ob-ext-signing.pin + path: ob-ext-signing.pin + {{- end }} + {{ if .Values.global.cnObTransportCrt }} + - name: cn-ob-transport-crt + secret: + secretName: {{ .Release.Name }}-ob-transport-crt-key-pin + items: + - key: ob-transport.crt + path: ob-transport.crt + {{- end }} + {{ if .Values.global.cnObTransportKey }} + - name: cn-ob-transport-key + secret: + secretName: {{ .Release.Name }}-ob-transport-crt-key-pin + items: + - key: ob-transport.key + path: ob-transport.key + {{- end }} + {{ if .Values.global.cnObTransportKeyPassPhrase }} + - name: cn-ob-transport-key-passphrase + secret: + secretName: {{ .Release.Name }}-ob-transport-crt-key-pin + items: + - key: ob-transport.pin + path: ob-transport.pin + {{- end }} + {{ if .Values.global.cnObTransportTrustStore }} + - name: cn-ob-transport-truststore + secret: + secretName: {{ .Release.Name }}-ob-transport-truststore + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "auth-server.fullname" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/hpa.yaml new file mode 100644 index 000000000..859a3986e --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "auth-server.fullname" . }} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "auth-server.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/templates/service.yml b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/service.yml new file mode 100644 index 000000000..7c06df703 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/service.yml @@ -0,0 +1,27 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "auth-server.name" . }} #auth-server + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..1903a4f60 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/auth-server/values.yaml b/charts/gluu/gluu/5.0.101/charts/auth-server/values.yaml new file mode 100644 index 000000000..6ced5cf2b --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/auth-server/values.yaml @@ -0,0 +1,82 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/auth-server + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi +service: + # -- The name of the oxauth port within the oxauth service. Please keep it as default. + name: http-auth + # -- Port of the oxauth service. Please keep it as default. + port: 8080 +# -- Configure the liveness healthcheck for the auth server if needed. +livenessProbe: + # -- Executes the python3 healthcheck. + # https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the auth server if needed. +# https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py +readinessProbe: + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/charts/casa/.helmignore b/charts/gluu/gluu/5.0.101/charts/casa/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/gluu/gluu/5.0.101/charts/casa/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/casa/Chart.yaml new file mode 100644 index 000000000..e33762aca --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Gluu Casa ("Casa") is a self-service web portal for end-users to manage + authentication and authorization preferences for their account in a Gluu Server. +home: https://gluu.org/docs/casa/ +icon: https://casa.gluu.org/wp-content/themes/gluucasa/casafavicon.ico +keywords: +- casa +- 2FA +- passwordless +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: casa +sources: +- https://gluu.org/docs/casa/ +- https://github.com/GluuFederation/docker-casa +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/casa +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/casa/README.md b/charts/gluu/gluu/5.0.101/charts/casa/README.md new file mode 100644 index 000000000..047b22b57 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/README.md @@ -0,0 +1,66 @@ +# casa + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | +| livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | +| nameOverride | string | `""` | | +| podSecurityContext | object | `{}` | | +| readinessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| readinessProbe.httpGet.path | string | `"/casa/health-check"` | http readiness probe endpoint | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"500m"` | CPU limit. | +| resources.limits.memory | string | `"500Mi"` | Memory limit. | +| resources.requests.cpu | string | `"500m"` | CPU request. | +| resources.requests.memory | string | `"500Mi"` | Memory request. | +| securityContext | object | `{}` | | +| service.name | string | `"http-casa"` | The name of the casa port within the casa service. Please keep it as default. | +| service.port | int | `8080` | Port of the casa service. Please keep it as default. | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/casa/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/casa/templates/_helpers.tpl new file mode 100644 index 000000000..07d38cacf --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "casa.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "casa.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "casa.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "casa.labels" -}} +app: {{ .Release.Name }}-{{ include "casa.name" . }} +helm.sh/chart: {{ include "casa.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "casa.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "casa.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "casa.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "casa.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/casa/templates/casa-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/casa/templates/casa-destination-rules.yaml new file mode 100644 index 000000000..1bab638b8 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/templates/casa-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-casa-mtls + namespace: {{.Release.Namespace}} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.casa.casaServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/casa/templates/casa-virtual-services.yaml b/charts/gluu/gluu/5.0.101/charts/casa/templates/casa-virtual-services.yaml new file mode 100644 index 000000000..ebb574274 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/templates/casa-virtual-services.yaml @@ -0,0 +1,36 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + creationTimestamp: null + name: {{ .Release.Name }}-istio-casa + namespace: {{.Release.Namespace}} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + gateways: + - {{ .Release.Name }}-global-gtw + hosts: + - {{ .Values.global.fqdn }} + http: + - name: {{ .Release.Name }}-istio-casa + match: + - uri: + exact: /casa + route: + - destination: + host: {{ .Values.global.casa.casaServiceName }}.{{.Release.Namespace}}.svc.cluster.local + port: + number: 8080 + weight: 100 +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/casa/templates/deployment.yaml b/charts/gluu/gluu/5.0.101/charts/casa/templates/deployment.yaml new file mode 100644 index 000000000..acc457d71 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/templates/deployment.yaml @@ -0,0 +1,163 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "casa.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "casa.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + APP_NAME: casa + app: {{ .Release.Name }}-{{ include "casa.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "casa.name" . }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "casa.usr-envs" . | indent 12 }} + {{- include "casa.usr-secret-envs" . | indent 12 }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port}} + protocol: TCP + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "casa.fullname" .}}-updatelbip + mountPath: "/scripts" + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 12 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "casa.fullname" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/casa/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/casa/templates/hpa.yaml new file mode 100644 index 000000000..835909e49 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "casa.fullname" . }} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "casa.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/casa/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/casa/templates/service.yaml new file mode 100644 index 000000000..872b9f601 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/templates/service.yaml @@ -0,0 +1,27 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.casa.casaServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "casa.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/gluu/gluu/5.0.101/charts/casa/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/casa/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..253106b46 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/casa/values.yaml b/charts/gluu/gluu/5.0.101/charts/casa/values.yaml new file mode 100644 index 000000000..6c5df932b --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/casa/values.yaml @@ -0,0 +1,94 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/casa + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 500m + # -- Memory limit. + memory: 500Mi + requests: + # -- CPU request. + cpu: 500m + # -- Memory request. + memory: 500Mi +service: + # -- Port of the casa service. Please keep it as default. + port: 8080 + # -- The name of the casa port within the casa service. Please keep it as default. + name: http-casa +# -- Configure the liveness healthcheck for casa if needed. +livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the casa if needed. +readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/.helmignore b/charts/gluu/gluu/5.0.101/charts/client-api/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/Chart.yaml new file mode 100644 index 000000000..3f4817d5a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Middleware API to help application developers call an OAuth, OpenID or + UMA server. You may wonder why this is necessary. It makes it easier for client + developers to use OpenID signing and encryption features, without becoming crypto + experts. This API provides some high level endpoints to do some of the heavy lifting. +home: https://gluu.org/docs/oxd +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- client +- API +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: client-api +sources: +- https://github.com/JanssenProject/jans-client-api +- https://github.com/JanssenProject/docker-jans-client-api +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/client-api +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/README.md b/charts/gluu/gluu/5.0.101/charts/client-api/README.md new file mode 100644 index 000000000..8a178ee2b --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/README.md @@ -0,0 +1,62 @@ +# client-api + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| affinity | object | `{}` | | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"janssenproject/client-api"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. | +| nodeSelector | object | `{}` | | +| readinessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"1000m"` | CPU limit. | +| resources.limits.memory | string | `"400Mi"` | Memory limit. | +| resources.requests.cpu | string | `"1000m"` | CPU request. | +| resources.requests.memory | string | `"400Mi"` | Memory request. | +| tolerations | list | `[]` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/client-api/templates/_helpers.tpl new file mode 100644 index 000000000..67460b0fb --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "client-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "client-api.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "client-api.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "client-api.labels" -}} +app: {{ .Release.Name }}-{{ include "client-api.name" . }} +helm.sh/chart: {{ include "client-api.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "client-api.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "client-api.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/templates/client-api-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/templates/client-api-destination-rules.yaml new file mode 100644 index 000000000..22f580790 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/templates/client-api-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-client-api-mtls + namespace: {{.Release.Namespace}} + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ index .Values "global" "client-api" "clientApiServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/templates/deployment.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/templates/deployment.yaml new file mode 100644 index 000000000..a8ee8b470 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/templates/deployment.yaml @@ -0,0 +1,151 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "client-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "client-api.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + APP_NAME: client-api + app: {{ .Release.Name }}-{{ include "client-api.name" . }} + release: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "client-api.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "client-api.usr-envs" . | indent 12 }} + {{- include "client-api.usr-secret-envs" . | indent 12 }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + ports: + - containerPort: 8444 + - containerPort: 8443 + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 12 }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "client-api.name" . }}-updatelbip + mountPath: /scripts + {{- end }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "client-api.name" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/templates/hpa.yaml new file mode 100644 index 000000000..2409795f2 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "client-api.fullname" . }} + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "client-api.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/templates/networkpolicy.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/templates/networkpolicy.yaml new file mode 100644 index 000000000..fa3093109 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/templates/networkpolicy.yaml @@ -0,0 +1,46 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: client-api-policy + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + policyTypes: + - Ingress + podSelector: + matchLabels: + app: client-api + ingress: + - from: + - podSelector: + matchLabels: + app: casa + ports: + - protocol: TCP + port: 8443 + - from: + - podSelector: + matchLabels: + app: auth-server + ports: + - protocol: TCP + port: 8443 + - from: + - namespaceSelector: + matchLabels: + app: ingress-kong + - podSelector: + matchLabels: + app: ingress-kong + ports: + - protocol: TCP + port: 8443 \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/templates/service.yaml new file mode 100644 index 000000000..7e6b79ed6 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/templates/service.yaml @@ -0,0 +1,26 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + # the name must match the application + name: {{ index .Values "global" "client-api" "clientApiServerServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: 8444 + name: tcp-{{ include "client-api.name" . }}-admin-gui + - port: 8443 + name: tcp-{{ include "client-api.name" . }}-app-connector + selector: + app: {{ .Release.Name }}-{{ include "client-api.name" . }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..fe356f484 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/client-api/values.yaml b/charts/gluu/gluu/5.0.101/charts/client-api/values.yaml new file mode 100644 index 000000000..2ea42ffbd --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/client-api/values.yaml @@ -0,0 +1,81 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/client-api + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 400Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 400Mi +# -- Configure the liveness healthcheck for the auth server if needed. +livenessProbe: + # -- Executes the python3 healthcheck. + exec: + command: + - curl + - -k + - https://localhost:8443/health-check + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the auth server if needed. +readinessProbe: + tcpSocket: + port: 8443 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/.helmignore b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/Chart.yaml new file mode 100644 index 000000000..a2e87d03b --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Istio Gateway +home: https://gluu.org/docs/gluu-server/ +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- istio +- gateway +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: cn-istio-ingress +sources: +- https://gluu.org/docs/gluu-server/ +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/README.md b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/README.md new file mode 100644 index 000000000..82552f8e6 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/README.md @@ -0,0 +1,25 @@ +# cn-istio-ingress + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Istio Gateway + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/templates/_helpers.tpl new file mode 100644 index 000000000..75a5dee78 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "istio.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "istio.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "istio.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "istio.labels" -}} +helm.sh/chart: {{ include "istio.chart" . }} +{{ include "istio.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "istio.selectorLabels" -}} +app.kubernetes.io/name: {{ include "istio.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "istio.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "istio.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/templates/gateway.yaml b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/templates/gateway.yaml new file mode 100644 index 000000000..e6013652c --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/templates/gateway.yaml @@ -0,0 +1,36 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: {{ .Release.Name }}-global-gtw + namespace: {{ .Release.Namespace }} +{{- if .Values.global.istio.additionalLabels }} + labels: +{{ toYaml .Values.global.istio.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.global.istio.additionalAnnotations }} + annotations: +{{ toYaml .Values.global.istio.additionalAnnotations | indent 4 }} +{{- end }} +spec: + selector: + istio: ingressgateway + servers: + # oxtrust + - port: + number: 80 + name: http-admin-ui + protocol: HTTP + hosts: + - {{ .Values.global.fqdn }} + tls: + httpsRedirect: true + - port: + number: 443 + name: https + protocol: HTTPS + hosts: + - {{ .Values.global.fqdn }} + tls: + mode: SIMPLE # enable https on this port + credentialName: tls-certificate # fetch cert from k8s secret + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/values.yaml b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/values.yaml new file mode 100644 index 000000000..645a12131 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cn-istio-ingress/values.yaml @@ -0,0 +1,4 @@ +# Default values for istio. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/.helmignore b/charts/gluu/gluu/5.0.101/charts/config-api/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/config-api/Chart.yaml new file mode 100644 index 000000000..bb12a6f01 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Jans Config Api endpoints can be used to configure jans-auth-server, + which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server + (AS) +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- configuration +- API +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: config-api +sources: +- https://github.com/JanssenProject/jans-config-api +- https://github.com/JanssenProject/docker-jans-config-api +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/config-api +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/README.md b/charts/gluu/gluu/5.0.101/charts/config-api/README.md new file mode 100644 index 000000000..7e5bda0be --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/README.md @@ -0,0 +1,65 @@ +# config-api + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| affinity | object | `{}` | | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| readinessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"2500m"` | CPU limit. | +| resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| resources.requests.cpu | string | `"2500m"` | CPU request. | +| resources.requests.memory | string | `"2500Mi"` | Memory request. | +| service.name | string | `"http-config-api"` | The name of the config-api port within the config-api service. Please keep it as default. | +| tolerations | list | `[]` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/config-api/templates/_helpers.tpl new file mode 100644 index 000000000..ff25cbc77 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "config-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "config-api.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "config-api.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "config-api.labels" -}} +app: {{ .Release.Name }}-{{ include "config-api.name" . }} +helm.sh/chart: {{ include "config-api.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "oxauth.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "oxauth.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/templates/config-api-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/config-api/templates/config-api-destination-rules.yaml new file mode 100644 index 000000000..78a019dd4 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/templates/config-api-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-config-api-mtls + namespace: {{.Release.Namespace}} + labels: + APP_NAME: config-api +{{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ index .Values "global" "config-api" "configApiServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/templates/deployment.yaml b/charts/gluu/gluu/5.0.101/charts/config-api/templates/deployment.yaml new file mode 100644 index 000000000..9f440ca32 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/templates/deployment.yaml @@ -0,0 +1,178 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "config-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: config-api +{{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "config-api.name" . }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ include "config-api.name" . }} + release: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "config-api.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + securityContext: + runAsUser: 1000 + runAsNonRoot: true + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + ports: + - containerPort: 9444 + - containerPort: 8074 + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 12 }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{- if index .Values "global" "admin-ui" "enabled" }} + - mountPath: {{ index .Values "global" "admin-ui" "adminUiApiKeyFile" }} + name: admin-ui-license-api-key + subPath: admin_ui_api_key + - mountPath: {{ index .Values "global" "admin-ui" "adminUiProductCodeFile" }} + name: admin-ui-license-product-code + subPath: admin_ui_product_code + - mountPath: {{ index .Values "global" "admin-ui" "adminUiSharedKeyFile" }} + name: admin-ui-license-shared-key + subPath: admin_ui_shared_key + - mountPath: {{ index .Values "global" "admin-ui" "adminUiManagementKeyFile" }} + name: admin-ui-license-management-key + subPath: admin_ui_management_key + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "config-api.name" . }}-updatelbip + mountPath: /scripts + {{- end }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{- if index .Values "global" "admin-ui" "enabled" }} + - name: admin-ui-license-api-key + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_api_key + path: admin_ui_api_key + - name: admin-ui-license-product-code + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_product_code + path: admin_ui_product_code + - name: admin-ui-license-shared-key + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_shared_key + path: admin_ui_shared_key + - name: admin-ui-license-management-key + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_management_key + path: admin_ui_management_key + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "config-api.name" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/config-api/templates/hpa.yaml new file mode 100644 index 000000000..8807ac220 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "config-api.fullname" . }} + labels: + APP_NAME: config-api +{{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "config-api.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/config-api/templates/service.yaml new file mode 100644 index 000000000..145b3149e --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/templates/service.yaml @@ -0,0 +1,26 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + # the name must match the application + name: {{ index .Values "global" "config-api" "configApiServerServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: config-api +{{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: 9444 + name: tcp-{{ include "config-api.name" . }}-ssl + - port: 8074 + name: tcp-{{ include "config-api.name" . }}-http + selector: + app: {{ .Release.Name }}-{{ include "config-api.name" . }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config-api/values.yaml b/charts/gluu/gluu/5.0.101/charts/config-api/values.yaml new file mode 100644 index 000000000..00dab38a9 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config-api/values.yaml @@ -0,0 +1,91 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Gluu Admin UI. This shouldn't be internet facing. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + + +nameOverride: "" +fullnameOverride: "" + +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/config-api + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi +service: + # -- The name of the config-api port within the config-api service. Please keep it as default. + name: http-config-api +# -- Configure the liveness healthcheck for the auth server if needed. +livenessProbe: + # -- Executes the python3 healthcheck. + # https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py + httpGet: + path: /jans-config-api/api/v1/health/live + port: 8074 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the auth server if needed. +# https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py +readinessProbe: + httpGet: + path: /jans-config-api/api/v1/health/ready + port: 8074 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + + +nodeSelector: {} + +tolerations: [] + +affinity: {} +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/charts/config/.helmignore b/charts/gluu/gluu/5.0.101/charts/config/.helmignore new file mode 100644 index 000000000..b8204d744 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +tls_generator.py diff --git a/charts/gluu/gluu/5.0.101/charts/config/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/config/Chart.yaml new file mode 100644 index 000000000..060ff5534 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Configuration parameters for setup and initial configuration secret and + config layers used by Gluu services. +home: https://gluu.org/docs/gluu-server/reference/container-configs/ +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- configuration +- secrets +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: config +sources: +- https://gluu.org/docs/gluu-server/reference/container-configs/ +- https://github.com/JanssenProject/docker-jans-configurator +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/config +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/config/README.md b/charts/gluu/gluu/5.0.101/charts/config/README.md new file mode 100644 index 000000000..d3ad1c36a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/README.md @@ -0,0 +1,121 @@ +# config + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | +| city | string | `"Austin"` | City. Used for certificate creation. | +| cnOxtrustConfigGeneration | bool | `true` | | +| configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | +| configmap.cnCasaEnabled | bool | `false` | Enable Casa flag . | +| configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api . | +| configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api. | +| configmap.cnClientApiBindIpAddresses | string | `"*"` | Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy | +| configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | +| configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | +| configmap.cnCouchbaseCertFile | string | `"/etc/certs/couchbase.crt"` | Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. | +| configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | +| configmap.cnCouchbaseIndexNumReplica | int | `0` | The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. | +| configmap.cnCouchbasePassword | string | `"P@ssw0rd"` | Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . | +| configmap.cnCouchbasePasswordFile | string | `"/etc/gluu/conf/couchbase_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password | +| configmap.cnCouchbaseSuperUser | string | `"admin"` | The Couchbase super user (admin) user name. This user is used during initialization only. | +| configmap.cnCouchbaseSuperUserPassword | string | `"Test1234#"` | Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol | +| configmap.cnCouchbaseSuperUserPasswordFile | string | `"/etc/gluu/conf/couchbase_superuser_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. | +| configmap.cnCouchbaseUrl | string | `"cbgluu.default.svc.cluster.local"` | Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster | +| configmap.cnCouchbaseUser | string | `"gluu"` | Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. | +| configmap.cnDocumentStoreType | string | `"JCA"` | Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. | +| configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnGoogleSecretManagerServiceAccount | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | | +| configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | +| configmap.cnGoogleSpannerInstanceId | string | `""` | | +| configmap.cnJackrabbitAdminId | string | `"admin"` | Jackrabbit admin uid. | +| configmap.cnJackrabbitAdminIdFile | string | `"/etc/gluu/conf/jackrabbit_admin_id"` | The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. | +| configmap.cnJackrabbitAdminPasswordFile | string | `"/etc/gluu/conf/jackrabbit_admin_password"` | The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. | +| configmap.cnJackrabbitPostgresDatabaseName | string | `"jackrabbit"` | Jackrabbit postgres database name. | +| configmap.cnJackrabbitPostgresHost | string | `"postgresql.postgres.svc.cluster.local"` | Postgres url | +| configmap.cnJackrabbitPostgresPasswordFile | string | `"/etc/gluu/conf/postgres_password"` | The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. | +| configmap.cnJackrabbitPostgresPort | int | `5432` | Jackrabbit Postgres port | +| configmap.cnJackrabbitPostgresUser | string | `"jackrabbit"` | Jackrabbit Postgres uid | +| configmap.cnJackrabbitSyncInterval | int | `300` | Interval between files sync (default to 300 seconds). | +| configmap.cnJackrabbitUrl | string | `"http://jackrabbit:8080"` | Jackrabbit internal url. Normally left as default. | +| configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | +| configmap.cnLdapUrl | string | `"opendj:1636"` | | +| configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | +| configmap.cnPassportEnabled | bool | `false` | Boolean flag to enable/disable passport chart | +| configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | +| configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| configmap.cnSamlEnabled | bool | `false` | Enable SAML-related features; UI menu, etc. | +| configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnSecretGoogleSecretVersionId | string | `"latest"` | | +| configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | +| configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | +| configmap.cnSqlDbHost | string | `"my-release-mysql.default.svc.cluster.local"` | SQL database host uri. | +| configmap.cnSqlDbName | string | `"jans"` | SQL database name. | +| configmap.cnSqlDbPort | int | `3306` | SQL database port. | +| configmap.cnSqlDbTimezone | string | `"UTC"` | SQL database timezone. | +| configmap.cnSqlDbUser | string | `"jans"` | SQL database username. | +| configmap.cnSqlPasswordFile | string | `"/etc/jans/conf/sql_password"` | SQL password file holding password from config.configmap.cnSqldbUserPassword . | +| configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected as config.configmap.cnSqlPasswordFile . | +| configmap.containerMetadataName | string | `"kubernetes"` | | +| configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. | +| countryCode | string | `"US"` | Country code. Used for certificate creation. | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | +| fullNameOverride | string | `""` | | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | +| migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | +| migration.enabled | bool | `false` | Boolean flag to enable migration from CE | +| migration.migrationDataFormat | string | `"ldif"` | migration data-format depending on persistence backend. Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. | +| migration.migrationDir | string | `"/ce-migration"` | Directory holding all migration files | +| nameOverride | string | `""` | | +| orgName | string | `"Gluu"` | Organization name. Used for certificate creation. | +| redisPassword | string | `"P@assw0rd"` | Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. | +| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"300m"` | CPU limit. | +| resources.limits.memory | string | `"300Mi"` | Memory limit. | +| resources.requests.cpu | string | `"300m"` | CPU request. | +| resources.requests.memory | string | `"300Mi"` | Memory request. | +| state | string | `"TX"` | State code. Used for certificate creation. | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/config/templates/_helpers.tpl new file mode 100644 index 000000000..499071cdd --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/_helpers.tpl @@ -0,0 +1,94 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "config.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "config.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "config.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "config.labels" -}} +app: {{ .Release.Name }}-{{ include "config.name" . }}-init-load +helm.sh/chart: {{ include "config.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "config.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "config.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} + +{{/* +Create optional scopes list +*/}} +{{- define "config.optionalScopes"}} +{{ $newList := list }} +{{- if eq .Values.configmap.cnCacheType "REDIS" }} +{{ $newList = append $newList ("redis" | quote ) }} +{{- end}} +{{ if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} +{{ $newList = append $newList ("couchbase" | quote) }} +{{- end}} +{{- if .Values.global.opendj.enabled}} +{{ $newList = append $newList ("ldap" | quote) }} +{{- end}} +{{- if .Values.global.fido2.enabled}} +{{ $newList = append $newList ("fido2" | quote) }} +{{- end}} +{{- if .Values.global.scim.enabled}} +{{ $newList = append $newList ("scim" | quote) }} +{{- end}} +{{- if index .Values "global" "client-api" "enabled"}} +{{ $newList = append $newList ("client-api" |quote) }} +{{- end}} +{{ toJson $newList }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/clusterrolebinding.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..f85789872 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/clusterrolebinding.yaml @@ -0,0 +1,47 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-{{ .Release.Namespace }}-cluster-admin-binding + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: User + # change it to your actual account; the email can be fetched using + # the following command: `gcloud info | grep Account` + name: "ACCOUNT" + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ include "config.name" . }}-load + name: {{ .Release.Name }}-{{ .Release.Namespace }}-rolebinding +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edit +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/configmaps.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/configmaps.yaml new file mode 100644 index 000000000..412e3d0af --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/configmaps.yaml @@ -0,0 +1,419 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-config-cm + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + # Jetty header size in bytes in the auth server + CN_JETTY_REQUEST_HEADER_SIZE: {{ .Values.configmap.cnJettyRequestHeaderSize | quote }} + # Distribution + CN_DISTRIBUTION: {{ .Values.global.distribution | quote }} + {{ if .Values.global.cnObExtSigningJwksUri }} + CN_OB_EXT_SIGNING_JWKS_URI: {{ .Values.global.cnObExtSigningJwksUri | quote }} + CN_OB_AS_TRANSPORT_ALIAS: {{ .Values.global.cnObTransportAlias | quote }} + CN_OB_EXT_SIGNING_ALIAS: {{ .Values.global.cnObExtSigningAlias | quote }} + # force the AS to use a specific signing key + CN_OB_STATIC_KID: {{ .Values.global.cnObStaticSigningKeyKid | quote }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + # [google_envs] Envs related to using Google + GOOGLE_APPLICATION_CREDENTIALS: {{ .Values.global.cnGoogleApplicationCredentials | quote }} + GOOGLE_PROJECT_ID: {{ .Values.configmap.cnGoogleProjectId | quote }} + {{- end }} + {{ if eq .Values.global.cnPersistenceType "spanner" }} + # [google_spanner_envs] Envs related to using Google Secret Manager to store config and secret layer + CN_GOOGLE_SPANNER_INSTANCE_ID: {{ .Values.configmap.cnGoogleSpannerInstanceId | quote }} + CN_GOOGLE_SPANNER_DATABASE_ID: {{ .Values.configmap.cnGoogleSpannerDatabaseId | quote }} + # [google_spanner_envs] END + {{- end }} + {{ if eq .Values.global.configSecretAdapter "google" }} + # [google_secret_manager_envs] Envs related to using Google Secret Manager to store config and secret layer + CN_SECRET_GOOGLE_SECRET_VERSION_ID: {{ .Values.configmap.cnSecretGoogleSecretVersionId | quote }} + CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE: {{ .Values.configmap.cnGoogleSecretManagerPassPhrase | quote }} + CN_SECRET_GOOGLE_SECRET_NAME_PREFIX: {{ .Values.configmap.cnSecretGoogleSecretNamePrefix | quote }} + CN_CONFIG_GOOGLE_SECRET_VERSION_ID: {{ .Values.configmap.cnConfigGoogleSecretVersionId | quote }} + CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX: {{ .Values.configmap.cnConfigGoogleSecretNamePrefix | quote }} + # [google_secret_manager_envs] END + {{- end }} + CN_SQL_DB_DIALECT: {{ .Values.configmap.cnSqlDbDialect }} + CN_SQL_DB_HOST: {{ .Values.configmap.cnSqlDbHost }} + CN_SQL_DB_PORT: {{ .Values.configmap.cnSqlDbPort | quote }} + CN_SQL_DB_NAME: {{ .Values.configmap.cnSqlDbName }} + CN_SQL_DB_USER: {{ .Values.configmap.cnSqlDbUser }} + CN_SQL_DB_TIMEZONE: {{ .Values.configmap.cnSqlDbTimezone }} + CN_SQL_PASSWORD_FILE: {{ .Values.configmap.cnSqlPasswordFile }} + CN_CONFIG_ADAPTER: {{ .Values.global.configAdapterName }} + CN_SECRET_ADAPTER: {{ .Values.global.configSecretAdapter }} + CN_CONFIG_KUBERNETES_NAMESPACE: {{ .Release.Namespace | quote }} + CN_SECRET_KUBERNETES_NAMESPACE: {{ .Release.Namespace | quote }} + CN_CONFIG_KUBERNETES_CONFIGMAP: {{ .Values.configmap.cnConfigKubernetesConfigMap }} + CN_SECRET_KUBERNETES_SECRET: {{ .Values.configmap.cnSecretKubernetesSecret }} + CN_CONTAINER_METADATA: {{ .Values.configmap.containerMetadataName | quote }} + CN_MAX_RAM_PERCENTAGE: {{ .Values.configmap.cnMaxRamPercent | quote }} + CN_CACHE_TYPE: {{ .Values.configmap.cnCacheType | quote }} + {{- if not .Values.global.jackrabbit.enabled }} + CN_DOCUMENT_STORE_TYPE: LOCAL + {{- else }} + CN_DOCUMENT_STORE_TYPE: {{ .Values.configmap.cnDocumentStoreType | quote }} + {{- end }} + CN_JACKRABBIT_SYNC_INTERVAL: {{ .Values.configmap.cnJackrabbitSyncInterval | quote }} + {{- if .Values.configmap.cnJackrabbitUrl }} + CN_JACKRABBIT_URL: {{ .Values.configmap.cnJackrabbitUrl | quote }} + {{- else }} + CN_JACKRABBIT_URL: {{ cat "http://" ( .Values.global.jackrabbit.jackRabbitServiceName ) ":8080" | quote | nospace }} + {{- end }} + DOMAIN: {{ .Values.global.fqdn | quote }} + CN_AUTH_SERVER_BACKEND: {{ cat ( index .Values "global" "auth-server" "authServerServiceName" ) ":8080" | quote | nospace }} + CN_AUTH_APP_LOGGERS: {{ index .Values "global" "auth-server" "appLoggers" + | toJson + | replace "authLogTarget" "auth_log_target" + | replace "authLogLevel" "auth_log_level" + | replace "httpLogTarget" "http_log_target" + | replace "httpLogLevel" "http_log_level" + | replace "persistenceLogTarget" "persistence_log_target" + | replace "persistenceLogLevel" "persistence_log_level" + | replace "persistenceDurationLogTarget" "persistence_duration_log_target" + | replace "persistenceDurationLogLevel" "persistence_duration_log_level" + | replace "ldapStatsLogTarget" "ldap_stats_log_target" + | replace "ldapStatsLogLevel" "ldap_stats_log_level" + | replace "scriptLogTarget" "script_log_target" + | replace "scriptLogLevel" "script_log_level" + | replace "auditStatsLogTarget" "audit_log_target" + | replace "auditStatsLogLevel" "audit_log_level" + | squote + }} + {{- if index .Values "global" "client-api" "enabled" }} + CN_CLIENT_API_SERVER_URL: {{ cat ( index .Values "global" "client-api" "clientApiServerServiceName" ) ":8443" | quote | nospace }} + CN_CLIENT_API_BIND_IP_ADDRESSES: {{ .Values.configmap.cnClientApiBindIpAddresses | quote }} + CN_CLIENT_API_APP_LOGGERS: {{ index .Values "global" "client-api" "appLoggers" + | toJson + | replace "clientApiLogTarget" "client_api_log_target" + | replace "clientApiLogLevel" "client_api_log_level" + | squote + }} + {{- end }} + {{- if index .Values "global" "config-api" "enabled" }} + CN_CONFIG_API_APP_LOGGERS: {{ index .Values "global" "config-api" "appLoggers" + | toJson + | replace "configApiLogTarget" "config_api_log_target" + | replace "configApiLogLevel" "config_api_log_level" + | squote + }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + LB_ADDR: {{ .Values.configmap.lbAddr }} + {{- end }} + CN_PERSISTENCE_TYPE: {{ .Values.global.cnPersistenceType }} + {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} + # used only if CN_PERSISTENCE_TYPE is ldap or hybrid + {{- if .Values.configmap.cnLdapUrl }} + CN_LDAP_URL: {{ .Values.configmap.cnLdapUrl | quote }} + {{- else }} + CN_LDAP_URL: {{ cat ( .Values.global.opendj.ldapServiceName ) ":1636" | quote | nospace }} + {{- end }} + {{- else if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + # used only if CN_PERSISTENCE_TYPE is couchbase or hybrid + CN_COUCHBASE_URL: {{ .Values.configmap.cnCouchbaseUrl }} + CN_COUCHBASE_BUCKET_PREFIX: {{ .Values.configmap.cnCouchbaseBucketPrefix }} + CN_COUCHBASE_INDEX_NUM_REPLICA: {{ .Values.configmap.cnCouchbaseIndexNumReplica | quote }} + CN_COUCHBASE_USER: {{ .Values.configmap.cnCouchbaseUser }} + CN_COUCHBASE_CERT_FILE: {{ .Values.configmap.cnCouchbaseCertFile | quote }} + CN_COUCHBASE_PASSWORD_FILE: {{ .Values.configmap.cnCouchbasePasswordFile | quote }} + CN_COUCHBASE_SUPERUSER: {{ .Values.configmap.cnCouchbaseSuperUser }} + CN_COUCHBASE_SUPERUSER_PASSWORD_FILE: {{ .Values.configmap.cnCouchbaseSuperUserPasswordFile | quote }} + {{- end }} + CN_KEY_ROTATION_FORCE: "false" + CN_KEY_ROTATION_CHECK: "3600" + CN_KEY_ROTATION_INTERVAL: "48" + CN_SSL_CERT_FROM_SECRETS: "true" + CN_CONTAINER_MAIN_NAME: {{ .Release.Name }}-auth-server + # options: default/user/site/cache/statistic used only if CN_PERSISTENCE_TYPE is hybrid or hybrid + {{- if or (eq .Values.global.cnPersistenceType "hybrid") (eq .Values.global.cnPersistenceType "ldap") }} + # must the same as the opendj service name + CN_CERT_ALT_NAME: {{ .Values.global.opendj.ldapServiceName }} #{{ template "cn.fullname" . }}-service + CN_PERSISTENCE_LDAP_MAPPING: {{ .Values.configmap.cnPersistenceLdapMapping | quote }} + {{- end }} + CN_OXTRUST_CONFIG_GENERATION: {{ .Values.cnOxtrustConfigGeneration | quote }} + {{ if .Values.global.cnJackrabbitCluster }} + CN_JACKRABBIT_ADMIN_ID: {{ .Values.configmap.cnJackrabbitAdminId | quote }} + CN_JACKRABBIT_ADMIN_PASSWORD_FILE: {{ .Values.configmap.cnJackrabbitAdminPasswordFile | quote }} + CN_JACKRABBIT_CLUSTER: {{ .Values.global.cnJackrabbitCluster | quote }} + CN_JACKRABBIT_POSTGRES_USER: {{ .Values.configmap.cnJackrabbitPostgresUser | quote }} + CN_JACKRABBIT_POSTGRES_PASSWORD_FILE: {{ .Values.configmap.cnJackrabbitPostgresPasswordFile | quote }} + CN_JACKRABBIT_POSTGRES_HOST: {{ .Values.configmap.cnJackrabbitPostgresHost | quote }} + CN_JACKRABBIT_POSTGRES_PORT: {{ .Values.configmap.cnJackrabbitPostgresPort | quote }} + CN_JACKRABBIT_POSTGRES_DATABASE: {{ .Values.configmap.cnJackrabbitPostgresDatabaseName | quote }} + # CN_JACKRABBIT_PASSWORD_FILE: {{ .Values.configmap.cnJcaPasswordFile | quote }} NOT IMPLEMENTED + {{- end }} + # Auto enable installation of some services + CN_CASA_ENABLED: {{ .Values.configmap.cnCasaEnabled | quote }} + CN_PASSPORT_ENABLED: {{ .Values.configmap.cnPassportEnabled | quote }} + {{- if .Values.global.oxshibboleth.enabled }} + CN_SAML_ENABLED: {{ .Values.configmap.cnSamlEnabled | quote }} + {{- end }} + CN_CLIENT_API_APPLICATION_CERT_CN: {{ .Values.configmap.cnClientApiApplicationCertCn | quote }} + CN_CLIENT_API_ADMIN_CERT_CN: {{ .Values.configmap.cnClientApiAdminCertCn | quote }} + {{ if eq .Values.configmap.cnCacheType "REDIS" }} + CN_REDIS_URL: {{ .Values.configmap.cnRedisUrl | quote }} + CN_REDIS_TYPE: {{ .Values.configmap.cnRedisType | quote }} + CN_REDIS_USE_SSL: {{ .Values.configmap.cnRedisUseSsl | quote }} + CN_REDIS_SSL_TRUSTSTORE: {{ .Values.configmap.cnRedisSslTruststore | quote }} + CN_REDIS_SENTINEL_GROUP: {{ .Values.configmap.cnRedisSentinelGroup | quote }} + {{- end }} + {{- if .Values.global.istio.enabled }} + CN_COUCHBASE_TRUSTSTORE_ENABLE: "false" + CN_LDAP_USE_SSL: "false" + {{- end }} + {{- if .Values.global.scim.enabled }} + CN_SCIM_ENABLED: {{ .Values.global.scim.enabled | quote }} + CN_SCIM_PROTECTION_MODE: {{ .Values.configmap.cnScimProtectionMode | quote }} + CN_SCIM_APP_LOGGERS: {{ .Values.global.scim.appLoggers + | toJson + | replace "scimLogTarget" "scim_log_target" + | replace "scimLogLevel" "scim_log_level" + | replace "persistenceLogTarget" "persistence_log_target" + | replace "persistenceLogLevel" "persistence_log_level" + | replace "persistenceDurationLogTarget" "persistence_duration_log_target" + | replace "persistenceDurationLogLevel" "persistence_duration_log_level" + | replace "ldapStatsLogTarget" "ldap_stats_log_target" + | replace "ldapStatsLogLevel" "ldap_stats_log_level" + | replace "scriptLogTarget" "script_log_target" + | replace "scriptLogLevel" "script_log_level" + | squote + }} + {{- end }} + {{- if .Values.global.fido2.enabled }} + CN_FIDO2_APP_LOGGERS: {{ .Values.global.fido2.appLoggers + | toJson + | replace "fido2LogTarget" "fido2_log_target" + | replace "fido2LogLevel" "fido2_log_level" + | replace "persistenceLogTarget" "persistence_log_target" + | replace "persistenceLogLevel" "persistence_log_level" + | squote + }} + {{- end }} + {{- if index .Values "global" "admin-ui" "enabled" }} + # ADMIN-UI + ADMIN_UI_JWKS: {{ cat "http://" ( index .Values "global" "auth-server" "authServerServiceName" ) ":8080/jans-auth/restv1/jwks" | quote | nospace }} + CN_CONFIG_API_PLUGINS: "admin-ui,scim" + {{- end }} +--- + +apiVersion: v1 +data: + tls_generator.py: |- + from kubernetes import config, client + import logging + + log_format = '%(asctime)s - %(name)8s - %(levelname)5s - %(message)s' + logging.basicConfig(format=log_format, level=logging.INFO) + logger = logging.getLogger("tls-generator") + + # use the serviceAccount k8s gives to pods + config.load_incluster_config() + core_cli = client.CoreV1Api() + + def patch_or_create_namespaced_secret(name, literal, value_of_literal, namespace="default", + secret_type="Opaque", second_literal=None, value_of_second_literal=None, + data=None): + """Patch secret and if not exist create + :param name: + :param literal: + :param value_of_literal: + :param namespace: + :param secret_type: + :param second_literal: + :param value_of_second_literal: + :param data: + :return: + """ + # Instantiate the Secret object + body = client.V1Secret() + metadata = client.V1ObjectMeta(name=name) + body.data = data + if not data: + body.data = {literal: value_of_literal} + body.metadata = metadata + body.type = secret_type + if second_literal: + body.data = {literal: value_of_literal, second_literal: value_of_second_literal} + try: + core_cli.patch_namespaced_secret(name, namespace, body) + logger.info('Secret {} in namespace {} has been patched'.format(name, namespace)) + return + except client.rest.ApiException as e: + if e.status == 404 or not e.status: + try: + core_cli.create_namespaced_secret(namespace=namespace, body=body) + logger.info('Created secret {} of type {} in namespace {}'.format(name, secret_type, namespace)) + return True + except client.rest.ApiException as e: + logger.exception(e) + return False + logger.exception(e) + return False + + # check if gluu secret exists + def get_certs(secret_name, namespace): + """ + + :param namespace: + :return: ssl cert and key from gluu secrets + """ + ssl_cert = None + ssl_key = None + if core_cli.read_namespaced_secret(secret_name, namespace): + ssl_cert = core_cli.read_namespaced_secret(secret_name, namespace).data['ssl_cert'] + ssl_key = core_cli.read_namespaced_secret(secret_name, namespace).data['ssl_key'] + + return ssl_cert, ssl_key + + + def main(): + namespace = {{.Release.Namespace | quote}} + secret_name = {{ .Values.configmap.cnSecretKubernetesSecret | quote }} + cert, key = get_certs(secret_name, namespace) + # global vars + name = "tls-certificate" + + # if istio is enabled + {{- if.Values.global.istio.ingress}} + namespace = {{.Values.global.istio.namespace | quote}} + {{- end}} + + if cert and key: + patch_or_create_namespaced_secret(name=name, + namespace=namespace, + literal="tls.crt", + value_of_literal=cert, + secret_type="kubernetes.io/tls", + second_literal="tls.key", + value_of_second_literal=key) + else: + logger.error("No certificate or key was found in secrets.") + + if __name__ == "__main__": + main() + +kind: ConfigMap +metadata: + name: {{ include "config.fullname" . }}-tls-script + namespace: {{ .Release.Namespace }} + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + +--- + +apiVersion: v1 +data: + updatelbip.py: |- + #!/usr/bin/env python3 + # -*- coding: utf-8 -*- + + # Update the IP of the load balancer automatically + + """ + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + """ + + import socket + import os + import logging + import time + + logger = logging.getLogger("update-lb-ip") + logger.setLevel(logging.INFO) + ch = logging.StreamHandler() + fmt = logging.Formatter('%(levelname)s - %(asctime)s - %(message)s') + ch.setFormatter(fmt) + logger.addHandler(ch) + + + def backup(hosts): + timenow = time.strftime("%c") + timestamp = "Backup occurred %s \n" % timenow + logger.info("Backing up hosts file to /etc/hosts.back ...") + with open('/etc/hosts.back', 'a+') as f: + f.write(timestamp) + for line in hosts: + f.write(line) + + + def get_hosts(lb_addr, domain): + ip_list = [] + hosts_list = [] + ais = socket.getaddrinfo(lb_addr, 0, 0, 0, 0) + for result in ais: + ip_list.append(result[-1][0]) + ip_list = list(set(ip_list)) + for ip in ip_list: + add_host = ip + " " + domain + hosts_list.append(add_host) + + return hosts_list + + + def main(): + try: + while True: + lb_addr = os.environ.get("LB_ADDR", "") + domain = os.environ.get("DOMAIN", "demoexample.gluu.org") + host_file = open('/etc/hosts', 'r').readlines() + hosts = get_hosts(lb_addr, domain) + stop = [] + for host in hosts: + for i in host_file: + if host.replace(" ", "") in i.replace(" ", ""): + stop.append("found") + if len(stop) != len(hosts): + backup(host_file) + logger.info("Writing new hosts file") + with open('/etc/hosts', 'w') as f: + for line in host_file: + if domain not in line: + f.write(line) + for host in hosts: + f.write(host) + f.write("\n") + f.write("\n") + time.sleep(300) + except KeyboardInterrupt: + logger.warning("Canceled by user; exiting ...") + + + if __name__ == "__main__": + main() + +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-updatelbip + namespace: {{ .Release.Namespace }} + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/load-init-config.yml b/charts/gluu/gluu/5.0.101/charts/config/templates/load-init-config.yml new file mode 100644 index 000000000..0cf54d565 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/load-init-config.yml @@ -0,0 +1,104 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "config.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ttlSecondsAfterFinished: 120 + template: + metadata: + name: {{ include "config.name" . }}-job + labels: + APP_NAME: configurator + app: {{ .Release.Name }}-{{ include "config.name" . }}-init-load + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + - name: {{ include "config.fullname" . }}-mount-gen-file + secret: + secretName: {{ include "config.fullname" . }}-gen-json-file + - name: {{ include "config.fullname" . }}-tls-script + configMap: + name: {{ include "config.fullname" . }}-tls-script + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + containers: + - name: {{ include "config.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + securityContext: + runAsUser: 1000 + runAsNonRoot: true + env: + {{- include "config.usr-envs" . | indent 12 }} + {{- include "config.usr-secret-envs" . | indent 12 }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + - mountPath: /app/db/generate.json + name: {{ include "config.fullname" . }}-mount-gen-file + subPath: generate.json + - mountPath: /scripts/tls_generator.py + name: {{ include "config.fullname" . }}-tls-script + subPath: tls_generator.py + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + command: + - tini + - -g + - -- + - /bin/sh + - -c + - | + {{- if .Values.migration.enabled }} + /app/scripts/entrypoint.sh migrate --migration-dir {{ .Values.migration.migrationDir | quote }} --data-format {{ .Values.migration.migrationDataFormat | quote }} + {{- else }} + /app/scripts/entrypoint.sh load + {{- end }} + /usr/bin/python3 /scripts/tls_generator.py + {{- if .Values.global.istio.enabled }} + curl -X POST http://localhost:15020/quitquitquit + {{- end }} + restartPolicy: Never diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/rolebinding.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/rolebinding.yaml new file mode 100644 index 000000000..54ab7ef8c --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-{{ .Release.Namespace }}-rolebinding + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +subjects: +- kind: User + name: system:serviceaccount:{{ .Release.Namespace }}:default # Name is case sensitive + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role # this must be Role or ClusterRole + name: {{ .Release.Name }}-{{ .Release.Namespace }}-cn-role # this must match the name of the Role or ClusterRole you wish to bind to + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/roles.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/roles.yaml new file mode 100644 index 000000000..efa403d47 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/roles.yaml @@ -0,0 +1,21 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-{{ .Release.Namespace }}-cn-role + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +rules: +- apiGroups: [""] # "" refers to the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/secrets.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/secrets.yaml new file mode 100644 index 000000000..de691d41a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/secrets.yaml @@ -0,0 +1,244 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "config.fullname" . }}-gen-json-file + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +stringData: + generate.json: |- + { + "hostname": {{ .Values.global.fqdn | quote }}, + "country_code": {{ .Values.countryCode | quote }}, + "state": {{ .Values.state | quote }}, + "city": {{ .Values.city | quote }}, + "admin_pw": {{ .Values.adminPassword | quote }}, + "ldap_pw": {{ .Values.ldapPassword | quote }}, + "redis_pw": {{ .Values.redisPassword | quote }}, + "email": {{ .Values.email | quote }}, + "org_name": {{ .Values.orgName | quote }}, + "optional_scopes": {{ list (include "config.optionalScopes" . | fromJsonArray | join ",") }} + } + +{{ if eq .Values.global.cnPersistenceType "sql" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-sql-pass + namespace: {{ .Release.Namespace }} + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + sql_password: {{ .Values.configmap.cnSqldbUserPassword | b64enc }} +{{- end }} + +{{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-cb-pass + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + couchbase_password: {{ .Values.configmap.cnCouchbasePassword | b64enc }} + +{{- if not .Values.global.istio.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-cb-crt + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + couchbase.crt: {{ .Values.configmap.cnCouchbaseCrt }} +{{- end }} +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-superuser-cb-pass + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + couchbase_superuser_password: {{ .Values.configmap.cnCouchbaseSuperUserPassword | b64enc }} +{{- end }} + +{{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-google-sa + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + google-credentials.json: {{ .Values.configmap.cnGoogleSecretManagerServiceAccount }} +{{- end}} + +{{ if .Values.global.cnObExtSigningJwksCrt }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ob-ext-signing-jwks-crt-key-pin + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ob-ext-signing.crt: {{ .Values.global.cnObExtSigningJwksCrt }} + {{ if .Values.global.cnObExtSigningJwksKey }} + ob-ext-signing.key: {{ .Values.global.cnObExtSigningJwksKey }} + {{- end }} + {{ if .Values.global.cnObExtSigningJwksKeyPassPhrase }} + ob-ext-signing.pin: {{ .Values.global.cnObExtSigningJwksKeyPassPhrase }} + {{- end }} +{{- end }} +{{ if .Values.global.cnObTransportCrt }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ob-transport-crt-key-pin + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ob-transport.crt: {{ .Values.global.cnObTransportCrt }} + {{ if .Values.global.cnObTransportKey }} + ob-transport.key: {{ .Values.global.cnObTransportKey }} + {{- end }} + {{ if .Values.global.cnObTransportKeyPassPhrase }} + ob-transport.pin: {{ .Values.global.cnObTransportKeyPassPhrase }} + {{- end }} +{{- end }} +{{ if .Values.global.cnObTransportTrustStore }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ob-transport-truststore + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ob-transport-truststore.p12: {{ .Values.global.cnObTransportTrustStore }} +{{- end }} +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +--- +# Consider removing secret after moving ldapPass to global. This is only used by the cronJob ldap backup. +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ldap-cron-pass + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + password: {{ .Values.ldapPassword | b64enc }} +{{- end}} +{{- if index .Values "global" "admin-ui" "enabled" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-admin-ui-license + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + admin_ui_api_key: {{ index .Values "global" "admin-ui" "adminUiApiKey" | b64enc }} + admin_ui_product_code: {{ index .Values "global" "admin-ui" "adminUiProductCode" | b64enc }} + admin_ui_shared_key: {{ index .Values "global" "admin-ui" "adminUiSharedKey" | b64enc }} + admin_ui_management_key: {{ index .Values "global" "admin-ui" "adminUiManagementKey" | b64enc }} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/service.yaml new file mode 100644 index 000000000..da5dedf89 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/service.yaml @@ -0,0 +1,27 @@ +{{- if ( .Values.global.istio.enabled) }} +# License terms and conditions: +# https://www.apache.org/licenses/LICENSE-2.0 +# Used with Istio +apiVersion: v1 +kind: Service +metadata: + name: {{ include "config.fullname" . }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: {{ .Release.Name }}-{{ include "config.name" . }}-init-load + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/upgrade-ldap-101-jans.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/upgrade-ldap-101-jans.yaml new file mode 100644 index 000000000..83b4e9b61 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/upgrade-ldap-101-jans.yaml @@ -0,0 +1,1778 @@ +{{- if .Values.global.upgrade.enabled }} +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-oxjans + namespace: {{ .Release.Namespace }} + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.additionalAnnotations }} +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + 101-jans.ldif: |+ + dn: cn=schema + objectClass: top + objectClass: ldapSubentry + objectClass: subschema + cn: schema + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1 NAME 'jansAssociatedClnt' + DESC 'Associate the dn of an OAuth2 client with a person or UMA Resource Set.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.2 NAME 'county' + DESC 'ISO 3166-1 Alpha-2 Country Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.3 NAME 'creationDate' + DESC 'Creation Date used for password reset requests' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.4 NAME 'jansDefScope' + DESC 'Track the default scope for an custom OAuth2 Scope.' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.5 NAME 'jansAttrViewTyp' + DESC 'Specify in exclude who can view an attribute, admin or user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.6 NAME 'jansAttrEditTyp' + DESC 'Specify in exclude who can update an attribute, admin or user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.7 NAME 'jansAttrName' + DESC 'Specify an identifier for an attribute. May be multi-value where an attribute has two names, like givenName and first-name.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.8 NAME 'jansAttrOrigin' + DESC 'Specify the person objectclass associated with the attribute, used for display purposes in exclude.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.9 NAME 'jansAttrSystemEditTyp' + DESC 'TODO - still required?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.10 NAME 'jansAttrTyp' + DESC 'Data type of attribute. Values can be string, photo, numeric, date' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.11 NAME 'jansAttrUsgTyp' + DESC 'TODO - Usg? Value can be OpenID' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.12 NAME 'jansCustomMessage' + DESC 'exclude custom welcome message' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.13 NAME 'jansFaviconImage' + DESC 'TODO - Stores URL of favicon' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.14 NAME 'jansHostname' + DESC 'The hostname of the Jans Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.15 NAME 'jansIpAddr' + DESC 'IP address of the Jans Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.16 NAME 'jansLastUpd' + DESC 'Monitors last time the server was able to connect to the monitoring system.' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.17 NAME 'jansLogoImage' + DESC 'Logo used by exclude for default look and feel.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.18 NAME 'jansManagedOrganizations' + DESC 'Used to track with which organizations a person is associated' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.19 NAME 'jansManager' + DESC 'Used to specify if a person has the manager role' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.20 NAME 'jansManagerGrp' + DESC 'Used in organizatoin entry to specifies the dn of the group that has admin priviledges in exclude.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.21 NAME 'jansOptOuts' + DESC 'White pages attributes restricted by person in exclude profile management' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.22 NAME 'jansOrgProfileMgt' + DESC 'enable or disable profile management feature in exclude' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.23 NAME 'jansOrgShortName' + DESC 'Short description, as few letters as possible, no spaces.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.24 NAME 'jansSAML1URI' + DESC 'SAML 1 uri of attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.25 NAME 'jansSAML2URI' + DESC 'SAML 2 uri of attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.26 NAME 'jansScimEnabled' + DESC 'exclude SCIM feature - enabled or disabled' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.27 NAME 'jansSslExpiry' + DESC 'SAML Trust Relationship configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.28 NAME 'jansStatus' + DESC 'Status of the entry, used by many objectclasses' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.29 NAME 'jansThemeColor' + DESC 'exclude login page configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.30 NAME 'jansUrl' + DESC 'Jans instance URL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.31 NAME 'inum' + DESC 'XRI i-number' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.32 NAME 'memberOf' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.33 NAME 'jansAmHost' + DESC 'am host' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.34 NAME 'jansClaimName' + DESC 'Used by jans in conjunction with jansttributeName to map claims to attributes in LDAP.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.35 NAME 'jansAppTyp' + DESC 'jans App Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.36 NAME 'authnTime' + DESC 'jans Authn Time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.37 NAME 'authzCode' + DESC 'jans authorization code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.38 NAME 'jansClaim' + DESC 'jans Attr Claim' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.39 NAME 'jansGrpClaims' + DESC 'jans Grp Attr Claims (true or false)' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.40 NAME 'jansClntId' + DESC 'jans Clnt id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.41 NAME 'clnId' + DESC 'jans Clnt id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.42 NAME 'jansClntIdIssuedAt' + DESC 'jans Clnt Issued At' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.43 NAME 'jansClntSecret' + DESC 'jans Clnt Secret' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.44 NAME 'jansClntSecretExpAt' + DESC 'Date client expires' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.45 NAME 'jansClntURI' + DESC 'jans Clnt URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.46 NAME 'jansConfDyn' + DESC 'jans Dyn Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.47 NAME 'jansConfErrors' + DESC 'jans Errors Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.48 NAME 'jansConfStatic' + DESC 'jans Static Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.49 NAME 'jansConfWebKeys' + DESC 'jans Web Keys Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.50 NAME 'jansContact' + DESC 'jans Contact' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.51 NAME 'iat' + DESC 'jans Creation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.52 NAME 'jansDefAcrValues' + DESC 'jans Def Acr Values' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.53 NAME 'jansDefMaxAge' + DESC 'jans Def Max Age' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.54 NAME 'exp' + DESC 'jans Exp' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.55 NAME 'grtId' + DESC 'jans grant id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.56 NAME 'jansGrantTyp' + DESC 'jans Grant Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.57 NAME 'grtTyp' + DESC 'jans Grant Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.58 NAME 'jansIdTknEncRespAlg' + DESC 'jans ID Tkn Enc Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.59 NAME 'jansIdTknEncRespEnc' + DESC 'jans ID Tkn Enc Resp Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.60 NAME 'jansIdTknSignedRespAlg' + DESC 'jans ID Tkn Signed Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.61 NAME 'jansInitiateLoginURI' + DESC 'jans Initiate Login URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.62 NAME 'jansJwksURI' + DESC 'jans JWKs URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.63 NAME 'jansJwks' + DESC 'jans JWKs' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.64 NAME 'jwtReq' + DESC 'jans JWT Req' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.65 NAME 'jansLogoURI' + DESC 'jans Logo URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.66 NAME 'nnc' + DESC 'jans nonce' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.67 NAME 'jansSessState' + DESC 'jans Sess State' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.68 NAME 'jansPermissionGrantedMap' + DESC 'jans Permission Granted Map' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.69 NAME 'jansPersistentJWT' + DESC 'jans Persistent JWT' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.70 NAME 'jansPolicyURI' + DESC 'jans Policy URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.71 NAME 'jansLogoutURI' + DESC 'jans Policy URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.72 NAME 'jansLogoutSessRequired' + DESC 'jans Policy URI' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.73 NAME 'jansPostLogoutRedirectURI' + DESC 'jans Post Logout Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.74 NAME 'jansRedirectURI' + DESC 'jans Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.75 NAME 'jansRegistrationAccessTkn' + DESC 'jans Registration Access Tkn' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.76 NAME 'jansReleasedScope' + DESC 'jans released scope attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.77 NAME 'jansReqObjSigAlg' + DESC 'jans Req Obj Sig Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.78 NAME 'jansReqObjEncAlg' + DESC 'jans Req Obj Enc Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.79 NAME 'jansReqObjEncEnc' + DESC 'jans Req Obj Enc Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.80 NAME 'jansReqURI' + DESC 'jans Req URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.81 NAME 'jansRequireAuthTime' + DESC 'jans Require Authn Time' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.82 NAME 'jansRespTyp' + DESC 'jans Resp Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.83 NAME 'jansScope' + DESC 'jans Attr Scope' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.84 NAME 'scp' + DESC 'jans Attr Scope' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.85 NAME 'jansScopeTyp' + DESC 'OX Attr Scope type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.86 NAME 'jansSectorIdentifierURI' + DESC 'jans Sector Identifier URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.87 NAME 'jansSignedRespAlg' + DESC 'jans Signed Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.88 NAME 'jansSkipAuthz' + DESC 'jans skip authorization attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.89 NAME 'jansSubjectTyp' + DESC 'jans Subject Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.90 NAME 'tknCde' + DESC 'jans Tkn Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.91 NAME 'jansTknEndpointAuthMethod' + DESC 'jans Tkn Endpoint Auth Method' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.92 NAME 'jansTknEndpointAuthSigAlg' + DESC 'jans Tkn Endpoint Auth Sig Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.93 NAME 'tknTyp' + DESC 'jans Tkn Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.94 NAME 'jansTosURI' + DESC 'jans TOS URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.95 NAME 'jansTrustedClnt' + DESC 'jans Trusted Clnt' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.96 NAME 'jansUmaScope' + DESC 'URI reference of scope descriptor' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.97 NAME 'jansUsrDN' + DESC 'jans Usr DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.98 NAME ( 'jansUsrId' 'usrId' ) + DESC 'jans user id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.99 NAME 'jansUsrInfEncRespAlg' + DESC 'jans Usr Inf Enc Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.100 NAME 'jansUsrInfEncRespEnc' + DESC 'jans Usr Inf Enc Resp Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.101 NAME 'jansExtraConf' + DESC 'jans additional configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.102 NAME 'jansAuthMode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.103 NAME 'acr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.104 NAME 'jansConfCode' + DESC 'jans configuration code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.105 NAME 'jansCreationTimestamp' + DESC 'Registration time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.106 NAME 'jansExtUid' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.107 NAME 'jansOTPCache' + DESC 'Stores a used OTP to prevent a hacker from using it again. Complementary to jansExtUid attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.108 NAME 'jansGrp' + DESC 'Usr group' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.109 NAME 'jansGuid' + DESC 'A random string to mark temporary tokens' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.110 NAME 'uuid' + DESC 'Unique identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.111 NAME 'jansHost' + DESC 'jans host' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.112 NAME 'jansDbAuth' + DESC 'Custom IDP authentication configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.113 NAME 'jansIconUrl' + DESC 'jans icon url' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.114 NAME 'jansId' + DESC 'Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.115 NAME 'sid' + DESC 'Sess Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.116 NAME 'jansAsJwt' + DESC 'Boolean field to indicate whether object is used as JWT' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.117 NAME 'jansJwt' + DESC 'JWT representation of the object or otherwise jwt associated with the object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.118 NAME 'jansInvolvedClnts' + DESC 'Involved clients' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.119 NAME 'jansLastAccessTime' + DESC 'Last access time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.120 NAME 'jansLastLogonTime' + DESC 'Last logon time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.121 NAME 'jansLogViewerConfig' + DESC 'Log viewer configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.122 NAME 'jansMultivaluedAttr' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.123 NAME 'jansName' + DESC 'Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.124 NAME 'jansNameIdTyp' + DESC 'NameId Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.125 NAME 'jansPolicyRule' + DESC 'Policy Rule' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.126 NAME 'jansUmaPolicyScrDn' + DESC 'OX policy script Dn' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.127 NAME 'jansState' + DESC 'jansState' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.128 NAME 'jansCounter' + DESC 'jansCounter' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.129 NAME 'jansApp' + DESC 'jansApp' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.130 NAME 'jansDeviceRegistrationConf' + DESC 'jansDeviceRegistrationConf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.131 NAME 'jansDeviceKeyHandle' + DESC 'jansDeviceKeyHandle' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.132 NAME 'jansDeviceHashCode' + DESC 'jansDeviceHashCode' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.133 NAME 'jansReq' + DESC 'jansReq' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.134 NAME 'jansReqId' + DESC 'jansReqId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.135 NAME 'jansDeviceData' + DESC 'jansDeviceData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.136 NAME 'jansEnrollmentCode' + DESC 'jansEnrollmentCode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.137 NAME 'jansPushApp' + DESC 'jansPush application DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.138 NAME 'jansPushAppConf' + DESC 'jansPush application configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.139 NAME 'jansPushDeviceConf' + DESC 'jansPush device configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.140 NAME 'jansRegistrationConf' + DESC 'Registration Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.141 NAME 'jansResource' + DESC 'Host path' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.142 NAME 'jansResourceSetId' + DESC 'jans resource set id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.143 NAME 'jansRevision' + DESC 'Revision' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.144 NAME 'jansLevel' + DESC 'Level' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.145 NAME 'jansScimCustomAttr' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.146 NAME 'jansScr' + DESC 'Attr that contains script (python, java script)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.147 NAME 'jansScrDn' + DESC 'Script object DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.148 NAME 'jansScrTyp' + DESC 'Attr that contains script type (e.g. python, java script)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.149 NAME 'jansScrError' + DESC 'Attr that contains first error which application get during it execution' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.150 NAME 'jansSmtpConf' + DESC 'SMTP configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.151 NAME 'jansSourceAttr' + DESC 'Source Attr for this Attr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.152 NAME 'jansTicket' + DESC 'jans ticket' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.153 NAME 'jansActive' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.154 NAME 'jansAddres' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.155 NAME 'jansConfApp' + DESC 'jans App Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.156 NAME 'jansEmail' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.157 NAME 'jansEntitlements' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.158 NAME 'jansExtId' + EQUALITY caseExactMatch + SUBSTR caseExactSubStringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.159 NAME 'jansImsValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.160 NAME 'jansMetaCreated' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.161 NAME 'jansMetaLastMod' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.162 NAME 'jansMetaLocation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.163 NAME 'jansMetaVer' + EQUALITY caseExactMatch + SUBSTR caseExactSubStringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.164 NAME 'jansNameFormatted' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.165 NAME 'jansPhoneValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.166 NAME 'jansPhotos' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.167 NAME 'jansProfileURL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.168 NAME 'jansRole' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.169 NAME 'jansTitle' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.170 NAME 'jansUsrTyp' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.171 NAME 'jansHonorificPrefix' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.172 NAME 'jansHonorificSuffix' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.173 NAME 'jans509Certificate' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.174 NAME 'jansTyp' + DESC 'jans type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.175 NAME 'jansUmaPermission' + DESC 'jans uma permission' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.176 NAME 'persistentId' + DESC 'PersistentId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Persistent ID reserved for SAML' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.177 NAME 'personInum' + DESC 'Inum of a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.178 NAME 'jansProgLng' + DESC 'programming language' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.179 NAME 'registrationDate' + DESC 'Registration date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.180 NAME 'role' + DESC 'Role' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.181 NAME 'secretAnswer' + DESC 'Secret Answer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.182 NAME 'secretQuestion' + DESC 'Secret Question' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.183 NAME 'jansSoftVer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.184 NAME 'transientId' + DESC 'TransientId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.185 NAME 'url' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.186 NAME 'urn' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.187 NAME ( 'middleName' 'excludeMiddleName' ) + DESC 'Middle name(s)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.188 NAME ( 'nickname' 'excludenickname' ) + DESC 'Casual name of the End-Usr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.189 NAME 'jansPrefUsrName' + DESC 'Shorthand Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.190 NAME 'profile' + DESC 'Profile page URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.191 NAME ( 'picture' 'photo1' ) + DESC 'Profile picture URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.192 NAME 'website' + DESC 'Web page or blog URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.193 NAME 'emailVerified' + DESC 'True if the e-mail address of the person has been verified; otherwise false' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.194 NAME 'gender' + DESC 'Gender of the person either female or male' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.195 NAME 'birthdate' + DESC 'Birthday of the person, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.196 NAME ( 'zoneinfo' 'timezone' ) + DESC 'Time zone database representing the End-Usrs time zone. For example, Europe/Paris or America/Los_Angeles' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.197 NAME ( 'locale' 'excludeLocale' ) + DESC 'Locale of the person, represented as a BCP47 [RFC5646] language tag' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.198 NAME 'phoneNumberVerified' + DESC 'True if the phone number of the person has been verified, otherwise false' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.199 NAME 'address' + DESC 'OpenID Connect formatted JSON object representing the address of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.200 NAME 'updatedAt' + DESC 'Time the information of the person was last updated. Seconds from 1970-01-01T0:0:0Z' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.201 NAME 'jansRegExp' + DESC 'Regular expression used to validate attribute data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.202 NAME 'jansTooltip' + DESC 'Custom tooltip to be shown on the UI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.203 NAME 'jansModuleProperty' + DESC 'Module property' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.204 NAME 'jansConfProperty' + DESC 'Conf property' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.205 NAME 'jansSessAttr' + DESC 'jansSessAttr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.206 NAME 'jansStartDate' + DESC 'Start date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.207 NAME 'jansEndDate' + DESC 'End date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.208 NAME 'jansMetricTyp' + DESC 'Metric type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.209 NAME 'jansData' + DESC 'OX data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.210 NAME 'dat' + DESC 'OX data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.211 NAME 'jansCodeChallenge' + DESC 'OX PKCE code challenge' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.212 NAME 'chlng' + DESC 'OX PKCE code challenge' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.213 NAME 'chlngMth' + DESC 'OX PKCE code challenge method' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.214 NAME 'jansSectorIdentifier' + DESC 'jans Sector Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.215 NAME 'jansPersistClntAuthzs' + DESC 'jans Persist Clnt Authzs' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.216 NAME 'jansSessStateId' + DESC 'jansSessStateId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.217 NAME 'ssnId' + DESC 'jans Sess DN' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.218 NAME 'jansPassExpDate' + DESC 'Pass Exp date, represented as an ISO 8601 (YYYY-MM-DD) format' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.219 NAME 'jansCountInvalidLogin' + DESC 'Invalid login attempts count' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.220 NAME 'jansIMAPData' + DESC 'This data has information about your imap connection' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.221 NAME 'jansValidation' + DESC 'This data has information about attribute Validation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.222 NAME 'jansPPID' + DESC 'Persistent Pairwise ID for OpenID Connect' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.223 NAME 'jansSessId' + DESC 'jans Sess Id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.224 NAME 'jansCacheConf' + DESC 'Cache configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.225 NAME 'jansLogConfigLocation' + DESC 'Path to external log4j2.xml' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.226 NAME 'jansInclClaimsInIdTkn' + DESC 'jans Incl Claims In Id Tkn' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.227 NAME 'jansClaimValues' + DESC 'Claim Values' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.228 NAME 'jansClaimRedirectURI' + DESC 'Claim Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.229 NAME 'jansAttrs' + DESC 'Attrs' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.230 NAME 'attr' + DESC 'Attrs' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.231 NAME 'jansRefreshTknLife' + DESC 'Life of refresh token' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.232 NAME 'jansPermissionGranted' + DESC 'jans Permission Granted' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.233 NAME 'jansNickName' + DESC 'jansNickName' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.234 NAME 'jansDeviceNotificationConf' + DESC 'Extended push notification configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.235 NAME 'clms' + DESC 'jans Claims' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.236 NAME 'jansDisabled' + DESC 'Status of client' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.237 NAME 'jansWebKeysSettings' + DESC 'jans Web Keys Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.238 NAME 'jansScopeExpression' + DESC 'Scope expression' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.239 NAME 'jansPreferredMethod' + DESC 'Jans Casa - jansPref method to use for user authentication' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.240 NAME 'jansOTPDevices' + DESC 'Jans Casa - Json representation of OTP devices. Complementary to jansExtUid attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.241 NAME 'jansMobileDevices' + DESC 'Jans Casa - Json representation of mobile devices. Complementary to mobile attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.242 NAME 'jansdId' + DESC 'jansd Id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.243 NAME 'jansAuthorizedOrigins' + DESC 'jans Authorized Origins' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.244 NAME 'jansStrongAuthPolicy' + DESC 'Jans Casa - 2FA Enforcement Policy for Usr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.245 NAME 'tknBndCnf' + DESC 'jansauth - Tkn Binding Id Hash' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.246 NAME 'jansUnlinkedExternalUids' + DESC 'Jans Casa - List of unlinked social accounts (ie disabled jansExtUids)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.247 NAME 'jansAccessTknAsJwt' + DESC 'jansauth - indicator whether to return access token as JWT' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.248 NAME 'jansAccessTknSigAlg' + DESC 'jansauth - access token signing algorithm' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.249 NAME 'jansRegistrationData' + DESC 'jansRegistrationData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.250 NAME 'jansAuthData' + DESC 'jansAuthData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.251 NAME 'jansPublicKeyId' + DESC 'jansPublicKeyId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.252 NAME 'jansAccessTknLife' + DESC 'Life of access token' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.253 NAME 'jansSoftId' + DESC 'Soft Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.254 NAME 'jansSoftStatement' + DESC 'Soft Statement' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.255 NAME 'jansRptAsJwt' + DESC 'jansRptAsJwt' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.256 NAME 'jansCodeChallengeHash' + DESC 'OX code challenge hash' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.257 NAME 'del' + DESC 'del' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.258 NAME 'jansEnabled' + DESC 'Status of the entry, used by many objectclasses' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.259 NAME 'jansAlias' + DESC 'jansAlias' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.260 NAME 'jansLogoPath' + DESC 'jansLogoPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.261 NAME 'jansFaviconPath' + DESC 'jansFaviconPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.262 NAME 'jansBackchannelTknDeliveryMode' + DESC 'jans Backchannel Tkn Delivery Mode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.263 NAME 'jansBackchannelClntNotificationEndpoint' + DESC 'jans Backchannel Clnt Notification Endpoint' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.264 NAME 'jansBackchannelAuthnReqSigAlg' + DESC 'jans Backchannel Authn Req Sig Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.265 NAME 'jansBackchannelUsrCodeParameter' + DESC 'jans Backchannel Usr Code Parameter' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.266 NAME 'jansBackchannelDeviceRegistrationTkn' + DESC 'jans Backchannel Device Registration Tkn' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.267 NAME 'jansBackchannelUsrCode' + DESC 'jans Backchannel Usr Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.268 NAME 'jansDocStoreConf' + DESC 'jansDocStoreConf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.269 NAME 'authReqId' + DESC 'Authn request id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.1 NAME 'jansPairwiseIdentifier' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ jansSectorIdentifier $ jansClntId $ jansUsrId ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.2 NAME 'jansPerson' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansAssociatedClnt $ c $ displayName $ givenName $ jansManagedOrganizations $ jansOptOuts $ jansStatus $ inum $ mail $ memberOf $ o $ jansPersistentJWT $ jansCreationTimestamp $ jansExtUid $ jansOTPCache $ jansLastLogonTime $ jansActive $ jansAddres $ jansEmail $ jansEntitlements $ jansExtId $ jansImsValue $ jansMetaCreated $ jansMetaLastMod $ jansMetaLocation $ jansMetaVer $ jansNameFormatted $ jansPhoneValue $ jansPhotos $ jansProfileURL $ jansRole $ jansTitle $ jansUsrTyp $ jansHonorificPrefix $ jansHonorificSuffix $ jans509Certificate $ jansPassExpDate $ persistentId $ middleName $ nickname $ jansPrefUsrName $ profile $ picture $ website $ emailVerified $ gender $ birthdate $ zoneinfo $ locale $ phoneNumberVerified $ address $ updatedAt $ preferredLanguage $ role $ secretAnswer $ secretQuestion $ seeAlso $ sn $ cn $ transientId $ uid $ userPassword $ st $ street $ l $ jansCountInvalidLogin $ jansEnrollmentCode $ jansIMAPData $ jansPPID $ jansGuid $ jansPreferredMethod $ userCertificate $ jansOTPDevices $ jansMobileDevices $ jansStrongAuthPolicy $ jansUnlinkedExternalUids $ jansBackchannelDeviceRegistrationTkn $ jansBackchannelUsrCode ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.3 NAME 'jansGrp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ description $ displayName $ jansStatus $ inum $ member $ o $ owner $ seeAlso $ jansMetaCreated $ jansMetaLastMod $ jansMetaLocation $ jansMetaVer ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.4 NAME 'jansOrganization' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ county $ description $ displayName $ jansCustomMessage $ jansFaviconImage $ jansLogoImage $ jansManager $ jansManagerGrp $ jansOrgShortName $ jansThemeColor $ inum $ l $ mail $ memberOf $ o $ jansCreationTimestamp $ jansRegistrationConf $ postalCode $ st $ street $ telephoneNumber $ title $ uid $ jansLogoPath $ jansFaviconPath ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.5 NAME 'jansAppConf' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ ou $ description $ displayName $ jansHostname $ jansLastUpd $ jansManager $ jansOrgProfileMgt $ jansScimEnabled $ jansEmail $ jansSmtpConf $ jansSslExpiry $ jansStatus $ jansUrl $ inum $ o $ jansAuthMode $ jansDbAuth $ jansLogViewerConfig $ jansLogConfigLocation $ jansCacheConf $ jansDocStoreConf $ jansSoftVer $ userPassword $ jansConfDyn $ jansConfErrors $ jansConfStatic $ jansConfWebKeys $ jansWebKeysSettings $ jansConfApp $ jansRevision ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.6 NAME 'jansAttr' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( description $ displayName $ jansAttrEditTyp $ jansAttrName $ jansAttrOrigin $ jansAttrSystemEditTyp $ jansAttrTyp $ jansClaimName $ jansAttrUsgTyp $ jansAttrViewTyp $ jansSAML1URI $ jansSAML2URI $ jansStatus $ inum $ jansMultivaluedAttr $ jansNameIdTyp $ jansScimCustomAttr $ jansSourceAttr $ seeAlso $ urn $ jansRegExp $ jansTooltip $ jansValidation ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.7 NAME 'jansPassResetReq' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( creationDate $ jansGuid $ personInum ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.8 NAME 'jansEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ inum ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.9 NAME 'jansClnt' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ description $ inum $ jansAppTyp $ jansClntIdIssuedAt $ jansClntSecret $ jansClntSecretExpAt $ exp $ del $ jansClntURI $ jansContact $ jansDefAcrValues $ jansDefMaxAge $ jansGrantTyp $ jansIdTknEncRespAlg $ jansIdTknEncRespEnc $ jansIdTknSignedRespAlg $ jansInitiateLoginURI $ jansJwksURI $ jansJwks $ jansLogoURI $ jansPolicyURI $ jansPostLogoutRedirectURI $ jansRedirectURI $ jansRegistrationAccessTkn $ jansReqObjSigAlg $ jansReqObjEncAlg $ jansReqObjEncEnc $ jansReqURI $ jansRequireAuthTime $ jansRespTyp $ jansScope $ jansClaim $ jansSectorIdentifierURI $ jansSignedRespAlg $ jansSubjectTyp $ jansTknEndpointAuthMethod $ jansTknEndpointAuthSigAlg $ jansTosURI $ jansTrustedClnt $ jansUsrInfEncRespAlg $ jansUsrInfEncRespEnc $ jansExtraConf $ jansClaimRedirectURI $ jansLastAccessTime $ jansLastLogonTime $ jansPersistClntAuthzs $ jansInclClaimsInIdTkn $ jansRefreshTknLife $ jansDisabled $ jansLogoutURI $ jansLogoutSessRequired $ jansdId $ jansAuthorizedOrigins $ tknBndCnf $ jansAccessTknAsJwt $ jansAccessTknSigAlg $ jansAccessTknLife $ jansSoftId $ jansSoftVer $ jansSoftStatement $ jansRptAsJwt $ jansAttrs $ jansBackchannelTknDeliveryMode $ jansBackchannelClntNotificationEndpoint $ jansBackchannelAuthnReqSigAlg $ jansBackchannelUsrCodeParameter ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.10 NAME 'jansScope' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansDefScope $ description $ displayName $ inum $ jansScopeTyp $ jansClaim $ jansScrDn $ jansGrpClaims $ jansId $ jansIconUrl $ jansUmaPolicyScrDn $ jansAttrs $ exp $ del ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.11 NAME 'jansSessId' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ sid $ creationDate $ exp $ del $ jansLastAccessTime $ jansUsrDN $ authnTime $ jansState $ jansSessState $ jansPermissionGranted $ jansAsJwt $ jansJwt $ jansPermissionGrantedMap $ jansInvolvedClnts $ jansSessAttr ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.12 NAME 'jansUmaResource' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ inum $ owner $ jansAssociatedClnt $ jansUmaScope $ jansFaviconImage $ jansGrp $ jansId $ jansResource $ jansRevision $ jansTyp $ jansScopeExpression $ iat $ exp $ del $ description ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.13 NAME 'jansUmaResourcePermission' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( exp $ del $ jansUmaScope $ jansConfCode $ jansResourceSetId $ jansAttrs $ jansTicket $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.14 NAME 'jansGrant' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( grtId $ iat ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.15 NAME 'jansToken' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authnTime $ authzCode $ iat $ exp $ del $ grtId $ grtTyp $ jwtReq $ nnc $ scp $ tknCde $ tknTyp $ usrId $ clnId $ acr $ uuid $ chlng $ chlngMth $ clms $ ssnId $ attr $ tknBndCnf ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.16 NAME 'jansUmaRPT' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authnTime $ clnId $ iat $ exp $ del $ tknCde $ usrId $ jansUmaPermission $ uuid ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.17 NAME 'jansScr' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( inum $ jansScr $ jansScrTyp ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.18 NAME 'jansPushApp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ jansId $ jansName $ jansPushAppConf ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.19 NAME 'jansPushDevice' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansUsrId $ jansId $ jansPushApp $ jansPushDeviceConf $ jansTyp ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.20 NAME 'jansCustomScr' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( inum $ displayName $ description $ jansScr $ jansScrTyp $ jansProgLng $ jansModuleProperty $ jansConfProperty $ jansLevel $ jansRevision $ jansEnabled $ jansScrError $ jansAlias ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.21 NAME 'jansDeviceRegistration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ displayName $ description $ jansDeviceKeyHandle $ jansDeviceHashCode $ jansApp $ jansDeviceRegistrationConf $ jansDeviceNotificationConf $ jansNickName $ jansDeviceData $ jansCounter $ jansStatus $ del $ exp $ personInum $ creationDate $ jansLastAccessTime $ jansMetaLastMod $ jansMetaLocation $ jansMetaVer ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.22 NAME 'jansU2fReq' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ jansReqId $ jansReq $ jansSessStateId $ del $ exp $ personInum $ creationDate ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.23 NAME 'jansMetric' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( uniqueIdentifier $ jansStartDate $ jansEndDate $ jansAppTyp $ jansMetricTyp $ creationDate $ del $ exp $ jansData $ jansHost ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.24 NAME 'jansClntAuthz' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ jansClntId $ jansUsrId $ exp $ del $ jansScope ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.25 NAME 'jansSectorIdentifier' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ description $ jansRedirectURI $ jansClntId ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.26 NAME 'jansUmaPCT' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( clnId $ iat $ exp $ del $ tknCde $ jansClaimValues ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.27 NAME 'jansCache' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( uuid $ iat $ exp $ del $ dat ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.28 NAME 'jansFido2AuthnEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ creationDate $ jansSessStateId $ jansCodeChallenge $ personInum $ jansAuthData $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.29 NAME 'jansFido2RegistrationEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ creationDate $ displayName $ jansSessStateId $ jansCodeChallenge $ jansCodeChallengeHash $ jansPublicKeyId $ personInum $ jansRegistrationData $ jansDeviceNotificationConf $ jansCounter $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.30 NAME 'jansExpiredObj' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ dat $ iat $ exp $ jansTyp ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.31 NAME 'jansRp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ dat ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.32 NAME 'jansCibaReq' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authReqId $ clnId $ usrId $ creationDate $ exp $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.33 NAME 'jansStatEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ dat $ attr ) + X-ORIGIN 'Gluu created objectclass' ) +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/config/templates/user-custom-envs.yaml b/charts/gluu/gluu/5.0.101/charts/config/templates/user-custom-envs.yaml new file mode 100644 index 000000000..1f08348fe --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/templates/user-custom-envs.yaml @@ -0,0 +1,66 @@ +{{ if .Values.global.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-global-user-custom-envs + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.global.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} +{{ if .Values.global.usrEnvs.normal }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-global-user-custom-envs + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + {{- range $key, $val := .Values.global.usrEnvs.normal }} + {{ $key }}: {{ $val }} + {{- end}} +{{- end}} +{{ if .Values.usrEnvs.secret }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} diff --git a/charts/gluu/gluu/5.0.101/charts/config/values.yaml b/charts/gluu/gluu/5.0.101/charts/config/values.yaml new file mode 100644 index 000000000..ff37aa294 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/config/values.yaml @@ -0,0 +1,197 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# Required environment variables for generating Gluu server initial config +# -- Add custom normal and secret envs to the service. +usrEnvs: + # -- Add custom normal envs to the service. + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service. + # variable1: value1 + secret: {} +# -- Admin password to log in to the UI. +adminPassword: Test1234# +# -- City. Used for certificate creation. +city: Austin +configmap: + # -- Jetty header size in bytes in the auth server + cnJettyRequestHeaderSize: 8192 + # -- SQL database dialect. `mysql` or `pgsql` + cnSqlDbDialect: mysql + # -- SQL database host uri. + cnSqlDbHost: my-release-mysql.default.svc.cluster.local + # -- SQL database port. + cnSqlDbPort: 3306 + # -- SQL database name. + cnSqlDbName: jans + # -- SQL database username. + cnSqlDbUser: jans + # -- SQL database timezone. + cnSqlDbTimezone: UTC + # -- SQL password file holding password from config.configmap.cnSqldbUserPassword . + cnSqlPasswordFile: /etc/jans/conf/sql_password + # -- SQL password injected as config.configmap.cnSqlPasswordFile . + cnSqldbUserPassword: Test1234# + # -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . + cnCacheType: NATIVE_PERSISTENCE + # -- Enable Casa flag . + cnCasaEnabled: false + # -- Client-api OAuth client admin certificate common name. This should be left to the default value client-api . + cnClientApiAdminCertCn: client-api + # -- Client-api OAuth client application certificate common name. This should be left to the default value client-api. + cnClientApiApplicationCertCn: client-api + # -- Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy + cnClientApiBindIpAddresses: "*" + containerMetadataName: kubernetes + # -- The name of the Kubernetes ConfigMap that will hold the configuration layer + cnConfigKubernetesConfigMap: cn + # -- The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. + cnCouchbaseBucketPrefix: jans + # -- Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. + cnCouchbaseCertFile: /etc/certs/couchbase.crt + # -- Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. + cnCouchbaseCrt: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= + # -- The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. + cnCouchbaseIndexNumReplica: 0 + # -- Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . + cnCouchbasePassword: P@ssw0rd + # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password + cnCouchbasePasswordFile: /etc/gluu/conf/couchbase_password + # -- The Couchbase super user (admin) user name. This user is used during initialization only. + cnCouchbaseSuperUser: admin + # -- Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol + cnCouchbaseSuperUserPassword: Test1234# + # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. + cnCouchbaseSuperUserPasswordFile: /etc/gluu/conf/couchbase_superuser_password + # -- Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster + cnCouchbaseUrl: cbgluu.default.svc.cluster.local + # -- Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. + cnCouchbaseUser: gluu + # -- Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. + cnDocumentStoreType: JCA + # -- Jackrabbit admin uid. + cnJackrabbitAdminId: admin + # -- The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. + cnJackrabbitAdminIdFile: /etc/gluu/conf/jackrabbit_admin_id + # -- The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. + cnJackrabbitAdminPasswordFile: /etc/gluu/conf/jackrabbit_admin_password + # -- Jackrabbit postgres database name. + cnJackrabbitPostgresDatabaseName: jackrabbit + # -- Postgres url + cnJackrabbitPostgresHost: postgresql.postgres.svc.cluster.local + # -- The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. + cnJackrabbitPostgresPasswordFile: /etc/gluu/conf/postgres_password + # -- Jackrabbit Postgres port + cnJackrabbitPostgresPort: 5432 + # -- Jackrabbit Postgres uid + cnJackrabbitPostgresUser: jackrabbit + # -- Interval between files sync (default to 300 seconds). + cnJackrabbitSyncInterval: 300 + # -- Jackrabbit internal url. Normally left as default. + cnJackrabbitUrl: "http://jackrabbit:8080" + # [google_envs] Envs related to using Google + # -- Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerServiceAccount: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= + # -- Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleProjectId: google-project-to-save-config-and-secrets-to + # [google_spanner_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Google Spanner ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerInstanceId: "" + # -- Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerDatabaseId: "" + # [google_spanner_envs] END + # [google_secret_manager_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretVersionId: "latest" + # -- Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretNamePrefix: gluu + # -- Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerPassPhrase: Test1234# + # -- Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretVersionId: "latest" + # -- Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretNamePrefix: gluu + # [google_secret_manager_envs] END + # [google_envs] END + # -- OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`. + cnLdapUrl: "opendj:1636" + # -- Value passed to Java option -XX:MaxRAMPercentage + cnMaxRamPercent: "75.0" + # -- Boolean flag to enable/disable passport chart + cnPassportEnabled: false + # -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. + cnPersistenceLdapMapping: default + # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSentinelGroup: "" + # -- Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSslTruststore: "" + # -- Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisType: STANDALONE + # -- Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUrl: "redis.redis.svc.cluster.local:6379" + # -- Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUseSsl: false + # -- Enable SAML-related features; UI menu, etc. + cnSamlEnabled: false + # -- Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. + cnSecretKubernetesSecret: cn + # -- Loadbalancer address for AWS if the FQDN is not registered. + lbAddr: "" +# -- Country code. Used for certificate creation. +countryCode: US +# -- Email address of the administrator usually. Used for certificate creation. +email: support@gluu.org +image: + # -- Image to use for deploying. + repository: janssenproject/configurator + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- LDAP admin password if OpennDJ is used for persistence. +ldapPassword: P@ssw0rds +# -- Organization name. Used for certificate creation. +orgName: Gluu +# -- Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. +redisPassword: P@assw0rd +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi +# -- State code. Used for certificate creation. +state: TX +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +# -- CE to CN Migration section +migration: + # -- Boolean flag to enable migration from CE + enabled: false + # -- Directory holding all migration files + migrationDir: /ce-migration + # -- migration data-format depending on persistence backend. + # Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. + migrationDataFormat: ldif + +cnOxtrustConfigGeneration: true + +nameOverride: "" +fullNameOverride: "" + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/.helmignore b/charts/gluu/gluu/5.0.101/charts/cr-rotate/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/cr-rotate/Chart.yaml new file mode 100644 index 000000000..5bd11f215 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: CacheRefreshRotation is a special container to monitor cache refresh + on oxTrust containers. This may become depreciated in 5.0. +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- CacheRefresh +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: cr-rotate +sources: +- https://gluu.org/docs/gluu-server/ +- https://github.com/GluuFederation/docker-cr-rotate +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/README.md b/charts/gluu/gluu/5.0.101/charts/cr-rotate/README.md new file mode 100644 index 000000000..bfa8a0320 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/README.md @@ -0,0 +1,53 @@ +# cr-rotate + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may become depreciated in 5.0. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/cr-rotate"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| nameOverride | string | `""` | | +| resources | object | `{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"200m","memory":"200Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"200m"` | CPU limit. | +| resources.limits.memory | string | `"200Mi"` | Memory limit. | +| resources.requests.cpu | string | `"200m"` | CPU request. | +| resources.requests.memory | string | `"200Mi"` | Memory request. | +| service.crRotateServiceName | string | `"cr-rotate"` | Name of the cr-rotate service. Please keep it as default. | +| service.name | string | `"http-cr-rotate"` | The name of the cr-rotate port within the cr-rotate service. Please keep it as default. | +| service.port | int | `8084` | Port of the casa service. Please keep it as default. | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/_helpers.tpl new file mode 100644 index 000000000..c8570f6e7 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cr-rotate.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cr-rotate.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cr-rotate.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "cr-rotate.labels" -}} +app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} +helm.sh/chart: {{ include "cr-rotate.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "cr-rotate.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "cr-rotate.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} + diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/daemonset.yaml b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/daemonset.yaml new file mode 100644 index 000000000..b5ab71c19 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/daemonset.yaml @@ -0,0 +1,88 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "cr-rotate.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: cr-rotote +{{ include "cr-rotate.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + release: {{ .Release.Name }} + APP_NAME: cr-rotate + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "cr-rotate.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "cr-rotate.usr-envs" . | indent 12 }} + {{- include "cr-rotate.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/service.yaml new file mode 100644 index 000000000..5f8bb2638 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/service.yaml @@ -0,0 +1,29 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.crRotateServiceName }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + chart: {{ include "cr-rotate.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + APP_NAME: cr-rotote +{{ include "cr-rotate.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: {{ .Values.service.port }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + release: {{ .Release.Name }} diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..ec8a84a1e --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: cr-rotote +{{ include "cr-rotate.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/cr-rotate/values.yaml b/charts/gluu/gluu/5.0.101/charts/cr-rotate/values.yaml new file mode 100644 index 000000000..3e4d433af --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/cr-rotate/values.yaml @@ -0,0 +1,55 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated. +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/cr-rotate + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 200m + # -- Memory limit. + memory: 200Mi + requests: + # -- CPU request. + cpu: 200m + # -- Memory request. + memory: 200Mi +service: + # -- Name of the cr-rotate service. Please keep it as default. + crRotateServiceName: cr-rotate + # -- Port of the casa service. Please keep it as default. + port: 8084 + # -- The name of the cr-rotate port within the cr-rotate service. Please keep it as default. + name: http-cr-rotate +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/.helmignore b/charts/gluu/gluu/5.0.101/charts/fido2/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/fido2/Chart.yaml new file mode 100644 index 000000000..45080f866 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging + common devices to authenticate to online services in both mobile and desktop environments. +home: https://gluu.org/docs/gluu-server/ +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- fido2 +- u2f +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: fido2 +sources: +- https://gluu.org/docs/gluu-server/ +- https://github.com/JanssenProject/jans-fido2 +- https://github.com/JanssenProject/docker-jans-fido2 +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/fido2 +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/README.md b/charts/gluu/gluu/5.0.101/charts/fido2/README.md new file mode 100644 index 000000000..765a2ff2f --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/README.md @@ -0,0 +1,59 @@ +# fido2 + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | +| livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | +| readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"500m"` | CPU limit. | +| resources.limits.memory | string | `"500Mi"` | Memory limit. | +| resources.requests.cpu | string | `"500m"` | CPU request. | +| resources.requests.memory | string | `"500Mi"` | Memory request. | +| service.name | string | `"http-fido2"` | The name of the fido2 port within the fido2 service. Please keep it as default. | +| service.port | int | `8080` | Port of the fido2 service. Please keep it as default. | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/fido2/templates/_helpers.tpl new file mode 100644 index 000000000..0d9982ead --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "fido2.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fido2.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fido2.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "fido2.labels" -}} +app: {{ .Release.Name }}-{{ include "fido2.name" . }} +helm.sh/chart: {{ include "fido2.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "fido2.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "fido2.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/templates/deployment.yml b/charts/gluu/gluu/5.0.101/charts/fido2/templates/deployment.yml new file mode 100644 index 000000000..97c3c90d4 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/templates/deployment.yml @@ -0,0 +1,149 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "fido2.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "fido2.name" . }} + template: + metadata: + labels: + APP_NAME: fido2 + app: {{ .Release.Name }}-{{ include "fido2.name" . }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "fido2.name" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true + env: + {{- include "fido2.usr-envs" . | indent 12 }} + {{- include "fido2.usr-secret-envs" . | indent 12 }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end}} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "fido2.fullname" .}}-updatelbip + mountPath: "/scripts" + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "fido2.fullname" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/templates/fido2-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/fido2/templates/fido2-destination-rules.yaml new file mode 100644 index 000000000..84221c9ba --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/templates/fido2-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-fido2-mtls + namespace: {{.Release.Namespace}} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.fido2.fido2ServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/templates/fido2-virtual-services.yaml b/charts/gluu/gluu/5.0.101/charts/fido2/templates/fido2-virtual-services.yaml new file mode 100644 index 000000000..af0721a8b --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/templates/fido2-virtual-services.yaml @@ -0,0 +1,37 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-fido2-configuration + namespace: {{.Release.Namespace}} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw + http: + - name: {{ .Release.Name }}-istio-fido2-configuration + match: + - uri: + prefix: /.well-known/fido2-configuration + rewrite: + uri: /fido2/restv1/fido2/configuration + route: + - destination: + host: {{ .Values.global.fido2.fido2ServiceName }}.{{.Release.Namespace}}.svc.cluster.local + port: + number: 8080 + weight: 100 +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/fido2/templates/hpa.yaml new file mode 100644 index 000000000..1f0aeb8c2 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "fido2.fullname" . }} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "fido2.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/templates/service.yml b/charts/gluu/gluu/5.0.101/charts/fido2/templates/service.yml new file mode 100644 index 000000000..cc685f484 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/templates/service.yml @@ -0,0 +1,27 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.fido2.fido2ServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "fido2.name" . }} #fido2 + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/fido2/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..fb0afcfa9 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/fido2/values.yaml b/charts/gluu/gluu/5.0.101/charts/fido2/values.yaml new file mode 100644 index 000000000..a1345fc15 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/fido2/values.yaml @@ -0,0 +1,80 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. + +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/fido2 + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 500m + # -- Memory limit. + memory: 500Mi + requests: + # -- CPU request. + cpu: 500m + # -- Memory request. + memory: 500Mi +service: + # -- The name of the fido2 port within the fido2 service. Please keep it as default. + name: http-fido2 + # -- Port of the fido2 service. Please keep it as default. + port: 8080 +# -- Configure the liveness healthcheck for the fido2 if needed. +livenessProbe: + # -- http liveness probe endpoint + httpGet: + path: /jans-fido2/sys/health-check + port: http-fido2 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the fido2 if needed. +readinessProbe: + httpGet: + path: /jans-fido2/sys/health-check + port: http-fido2 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/.helmignore b/charts/gluu/gluu/5.0.101/charts/jackrabbit/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/Chart.yaml new file mode 100644 index 000000000..578ecd0dc --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Jackrabbit Oak is a complementary implementation of the JCR specification. + It is an effort to implement a scalable and performant hierarchical content repository + for use as the foundation of modern world-class web sites and other demanding content + applications. +home: https://gluu.org/docs/gluu-server/installation-guide/install-kubernetes/#working-with-jackrabbit +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- jackrabbit +- content repository +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: jackrabbit +sources: +- https://gluu.org/docs/gluu-server/installation-guide/install-kubernetes/#working-with-jackrabbit +- https://github.com/GluuFederation/docker-jackrabbit +- https://jackrabbit.apache.org/jcr/index.html +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/README.md b/charts/gluu/gluu/5.0.101/charts/jackrabbit/README.md new file mode 100644 index 000000000..4cd457615 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/README.md @@ -0,0 +1,77 @@ +# jackrabbit + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| clusterId | string | `""` | This id needs to be unique to each kubernetes cluster in a multi cluster setup west, east, south, north, region ...etc If left empty it will be randomly generated. | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/jackrabbit"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| jackrabbitVolumeMounts.repository.mountPath | string | `"/opt/jackrabbit/repository"` | | +| jackrabbitVolumeMounts.repository.name | string | `"jackrabbit-volume"` | | +| jackrabbitVolumeMounts.version.mountPath | string | `"/opt/jackrabbit/version"` | | +| jackrabbitVolumeMounts.version.name | string | `"jackrabbit-volume"` | | +| jackrabbitVolumeMounts.workspaces.mountPath | string | `"opt/jackrabbit/workspaces"` | | +| jackrabbitVolumeMounts.workspaces.name | string | `"jackrabbit-volume"` | | +| livenessProbe | object | `{"initialDelaySeconds":25,"periodSeconds":25,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the liveness healthcheck for the Jackrabbit if needed. | +| livenessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| nameOverride | string | `""` | | +| readinessProbe | object | `{"initialDelaySeconds":30,"periodSeconds":30,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the readiness healthcheck for the Jackrabbit if needed. | +| readinessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"1500m","memory":"1000Mi"},"requests":{"cpu":"1500m","memory":"1000Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"1500m"` | CPU limit. | +| resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| resources.requests.cpu | string | `"1500m"` | CPU request. | +| resources.requests.memory | string | `"1000Mi"` | Memory request. | +| secrets.cnJackrabbitAdminPassword | string | `"admin"` | Jackrabbit admin uid password | +| secrets.cnJackrabbitPostgresPassword | string | `"P@ssw0rd"` | Jackrabbit Postgres uid password | +| service.name | string | `"http-jackrabbit"` | The name of the jackrabbit port within the jackrabbit service. Please keep it as default. | +| service.port | int | `8080` | Port of the jackrabbit service. Please keep it as default. | +| storage.accessModes | string | `"ReadWriteOnce"` | | +| storage.size | string | `"5Gi"` | Jackrabbit volume size | +| storage.type | string | `"DirectoryOrCreate"` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/_helpers.tpl new file mode 100644 index 000000000..1ff588817 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "jackrabbit.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "jackrabbit.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Generate random clusterId to appended to the name. This is relevent expecially when there are multiple kubernetes clusters where this id otherwise would be the same. +In Jackrabbit: + + + + +*/}} +{{- define "jackrabbit.clusterId" -}} +{{- if .Values.clusterId -}} +{{- .Values.clusterId | lower -}} +{{- else -}} +{{- randAlpha 5 | lower -}} +{{- end -}} +{{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "jackrabbit.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "jackrabbit.labels" -}} +app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} +helm.sh/chart: {{ include "jackrabbit.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "jackrabbit.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "jackrabbit.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/hpa.yaml new file mode 100644 index 000000000..c1b1e022a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "jackrabbit.fullname" . }}-{{ include "jackrabbit.clusterId" . }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "jackrabbit.fullname" . }}-{{ include "jackrabbit.clusterId" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/jackrabbit-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/jackrabbit-destination-rules.yaml new file mode 100644 index 000000000..c5b384bb3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/jackrabbit-destination-rules.yaml @@ -0,0 +1,23 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-jackrabbit-mtls + namespace: {{.Release.Namespace}} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.jackrabbit.jackRabbitServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/secret.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/secret.yaml new file mode 100644 index 000000000..c93bfe7cd --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/secret.yaml @@ -0,0 +1,37 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: cn-jackrabbit-admin-pass + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + jackrabbit_admin_password: {{ .Values.secrets.cnJackrabbitAdminPassword | b64enc }} +{{ if .Values.global.cnJackrabbitCluster }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: cn-jackrabbit-postgres-pass + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + postgres_password: {{ .Values.secrets.cnJackrabbitPostgresPassword | b64enc }} +{{- end -}} diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/service.yaml new file mode 100644 index 000000000..4aa643b52 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/service.yaml @@ -0,0 +1,23 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.jackrabbit.jackRabbitServiceName }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + clusterIP: None + selector: + app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/statefulset.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/statefulset.yaml new file mode 100644 index 000000000..f31ab58b5 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/statefulset.yaml @@ -0,0 +1,117 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "jackrabbit.fullname" . }}-{{ include "jackrabbit.clusterId" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} + serviceName: {{ include "jackrabbit.name" . }} + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- if .Values.global.cnJackrabbitCluster }} + - name: cn-jackrabbit-postgres-pass + secret: + secretName: cn-jackrabbit-postgres-pass + {{- end }} + containers: + - name: {{ include "jackrabbit.name" . }} + env: + {{- include "jackrabbit.usr-envs" . | indent 12 }} + {{- include "jackrabbit.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + protocol: TCP + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- if .Values.global.cnJackrabbitCluster }} + - name: cn-jackrabbit-postgres-pass + mountPath: /etc/gluu/conf/postgres_password + subPath: postgres_password + {{- end }} + {{- range $key, $values := .Values.jackrabbitVolumeMounts }} + - mountPath: {{$values.mountPath}} + name: {{$values.name}} + subPath: {{$key}} + {{- end }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: jackrabbit-volume + spec: + accessModes: + - {{ .Values.storage.accessModes }} + resources: + requests: + storage: {{ .Values.storage.size }} + {{- if eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath" }} + storageClassName: standard + {{- else }} + storageClassName: {{ include "jackrabbit.fullname" . | quote }} + {{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/storageclass.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/storageclass.yaml new file mode 100644 index 000000000..ee7281c2f --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/storageclass.yaml @@ -0,0 +1,58 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ include "jackrabbit.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + storage: jackrabbit +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.additionalAnnotations }} +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + annotations: + # Annotation below is to keep the storage class during upgrade. Otherwise, due to the flag at line 1 which is needed, this resource will be deleted. + helm.sh/resource-policy: keep + storageclass.beta.kubernetes.io/is-default-class: "false" + {{- if eq .Values.global.storageClass.provisioner "openebs.io/local" }} + openebs.io/cas-type: local + cas.openebs.io/config: | + - name: StorageType + value: hostpath + - name: BasePath + value: /var/local-hostpath + {{- end }} +provisioner: {{ .Values.global.storageClass.provisioner }} +{{- if and ( ne .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) ( ne .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") ( ne .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") ( ne .Values.global.storageClass.provisioner "kubernetes.io/gce-pd") ( ne .Values.global.storageClass.provisioner "dobs.csi.digitalocean.com") ( ne .Values.global.storageClass.provisioner "openebs.io/local") ( ne .Values.global.storageClass.provisioner "kubernetes.io/azure-disk") }} +parameters: +{{ toYaml .Values.global.storageClass.parameters | indent 4 }} +{{- else }} +parameters: + {{- if eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs" }} + type: {{ .Values.global.awsStorageType }} + fsType: ext4 + {{- else if eq .Values.global.storageClass.provisioner "kubernetes.io/gce-pd" }} + type: {{ .Values.global.gcePdStorageType }} + {{- else if eq .Values.global.storageClass.provisioner "kubernetes.io/azure-disk" }} + storageAccountType: {{ .Values.global.azureStorageAccountType }} + kind: {{ .Values.global.azureStorageKind }} + {{- else if eq .Values.global.storageClass.provisioner "dobs.csi.digitalocean.com" }} + {{- else if eq .Values.global.storageClass.provisioner "openebs.io/local" }} + {{- else }} + pool: default + fsType: ext4 + {{- end }} +{{- end }} +allowVolumeExpansion: {{ .Values.global.storageClass.allowVolumeExpansion }} +volumeBindingMode: {{ .Values.global.storageClass.volumeBindingMode }} +reclaimPolicy: {{ .Values.global.storageClass.reclaimPolicy }} +mountOptions: {{ .Values.global.storageClass.mountOptions | toJson }} +allowedTopologies: {{ .Values.global.storageClass.allowedTopologies | toJson }} diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..21d4c1864 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/jackrabbit/values.yaml b/charts/gluu/gluu/5.0.101/charts/jackrabbit/values.yaml new file mode 100644 index 000000000..9bd04a77c --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/jackrabbit/values.yaml @@ -0,0 +1,110 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# jackrabbit Environament Variables +# -- Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications +# https://jackrabbit.apache.org/jcr/index.html +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/jackrabbit + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 1500m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1500m + # -- Memory request. + memory: 1000Mi +secrets: + # -- Jackrabbit admin uid password + cnJackrabbitAdminPassword: admin + # -- Jackrabbit Postgres uid password + cnJackrabbitPostgresPassword: P@ssw0rd +service: + # -- The name of the jackrabbit port within the jackrabbit service. Please keep it as default. + name: http-jackrabbit + # -- Port of the jackrabbit service. Please keep it as default. + port: 8080 + +storage: + # -- Jackrabbit volume size + size: 5Gi + accessModes: ReadWriteOnce + type: DirectoryOrCreate +# -- Configure the liveness healthcheck for the Jackrabbit if needed. +livenessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the Jackrabbit if needed. +readinessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" +# -- This id needs to be unique to each kubernetes cluster in a multi cluster setup +# west, east, south, north, region ...etc If left empty it will be randomly generated. +clusterId: "" + +# VolumeMounts for StatefulSet +# jackrabbit-init vm +jackrabbitVolumeMounts: + repository: + mountPath: /opt/jackrabbit/repository + name: jackrabbit-volume + version: + mountPath: /opt/jackrabbit/version + name: jackrabbit-volume + workspaces: + mountPath: opt/jackrabbit/workspaces + name: jackrabbit-volume + +# -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} +additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/charts/nginx-ingress/.helmignore b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/nginx-ingress/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/Chart.yaml new file mode 100644 index 000000000..244dd5bfe --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Nginx ingress definitions chart +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- nginx +- ingress +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: nginx-ingress +sources: +- https://github.com/kubernetes/ingress-nginx +- https://kubernetes.io/docs/concepts/services-networking/ingress/ +- https://github.com/GluuFederation/cloud-native-edition/tree/4.3/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/nginx-ingress/README.md b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/README.md new file mode 100644 index 000000000..7c99efe12 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/README.md @@ -0,0 +1,68 @@ +# nginx-ingress + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Nginx ingress definitions chart + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| fullnameOverride | string | `""` | | +| ingress.additionalAnnotations | object | `{}` | | +| ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} | +| ingress.adminUiEnabled | bool | `true` | Enable Admin UI endpoints. COMING SOON. | +| ingress.adminUiLabels | object | `{}` | Admin UI ingress resource labels. key app is taken. | +| ingress.annotations | object | `{}` | | +| ingress.authServerEnabled | bool | `true` | Enable Auth server endpoints /jans-auth | +| ingress.authServerLabels | object | `{}` | Auth server config ingress resource labels. key app is taken | +| ingress.authServerProtectedRedisterLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| ingress.authServerProtectedRegister | bool | `false` | Enable mTLS onn Auth server endpoint /jans-auth/restv1/register | +| ingress.authServerProtectedToken | bool | `false` | Enable mTLS on Auth server endpoint /jans-auth/restv1/token | +| ingress.authServerProtectedTokenLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| ingress.configApiEnabled | bool | `true` | | +| ingress.configApiLabels | object | `{}` | configAPI ingress resource labels. key app is taken | +| ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration | +| ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken | +| ingress.hosts[0] | string | `"demoexample.gluu.org"` | | +| ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration | +| ingress.openidConfigLabels | object | `{}` | openid-configuration ingress resource labels. key app is taken | +| ingress.path | string | `"/"` | | +| ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration | +| ingress.scimConfigLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | +| ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim | +| ingress.scimLabels | object | `{}` | scim config ingress resource labels. key app is taken | +| ingress.tls[0].hosts[0] | string | `"demoexample.gluu.org"` | | +| ingress.tls[0].secretName | string | `"tls-certificate"` | | +| ingress.u2fConfigEnabled | bool | `true` | Enable endpoint /.well-known/fido-configuration | +| ingress.u2fConfigLabels | object | `{}` | u2f config ingress resource labels. key app is taken | +| ingress.uma2ConfigEnabled | bool | `true` | Enable endpoint /.well-known/uma2-configuration | +| ingress.uma2ConfigLabels | object | `{}` | uma 2 config ingress resource labels. key app is taken | +| ingress.webdiscoveryEnabled | bool | `true` | Enable endpoint /.well-known/simple-web-discovery | +| ingress.webdiscoveryLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | +| ingress.webfingerEnabled | bool | `true` | Enable endpoint /.well-known/webfinger | +| ingress.webfingerLabels | object | `{}` | webfinger ingress resource labels. key app is taken | +| nameOverride | string | `""` | | +| service.port | int | `8080` | | +| service.type | string | `"ClusterIP"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/nginx-ingress/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/templates/_helpers.tpl new file mode 100644 index 000000000..7b3845569 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nginx-ingress.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nginx-ingress.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nginx-ingress.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/gluu/gluu/5.0.101/charts/nginx-ingress/templates/ingress.yaml b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/templates/ingress.yaml new file mode 100644 index 000000000..0a7007bf0 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/templates/ingress.yaml @@ -0,0 +1,749 @@ +# License terms and conditions for Janssen Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +{{ if .Values.ingress.adminUiEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-admin-ui + labels: + app: {{ $fullName }}-admin-ui +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.adminUiLabels }} +{{ toYaml .Values.ingress.adminUiLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" +{{- if .Values.ingress.adminUiAdditionalAnnotations }} +{{ toYaml .Values.ingress.adminUiAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /admin(|$)(.*) + pathType: Prefix + backend: + service: + name: {{ index .Values "global" "admin-ui" "adminUiServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.openidConfigEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-openid-config + labels: + app: {{ $fullName }}-openid-config +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.openidConfigLabels }} +{{ toYaml .Values.ingress.openidConfigLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/openid-configuration /jans-auth/.well-known/openid-configuration$1 break;" + nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/.well-known/openid-configuration +{{- if .Values.ingress.openidAdditionalAnnotations }} +{{ toYaml .Values.ingress.openidAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /.well-known/openid-configuration + pathType: Exact + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.uma2ConfigEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-uma2-config + labels: + app: {{ $fullName }}-uma2-config +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.uma2ConfigLabels }} +{{ toYaml .Values.ingress.uma2ConfigLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/uma2-configuration /jans-auth/restv1/uma2-configuration$1 break;" + nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/restv1/uma2-configuration +{{- if .Values.ingress.uma2AdditionalAnnotations }} +{{ toYaml .Values.ingress.uma2AdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /.well-known/uma2-configuration + pathType: Exact + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.webfingerEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-webfinger + labels: + app: {{ $fullName }}-webfinger +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.webfingerLabels }} +{{ toYaml .Values.ingress.webfingerLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/webfinger /jans-auth/.well-known/webfinger$1 break;" + nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/.well-known/webfinger +{{- if .Values.ingress.webfingerAdditionalAnnotations }} +{{ toYaml .Values.ingress.webfingerAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /.well-known/webfinger + pathType: Exact + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.webdiscoveryEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-webdiscovery + labels: + app: {{ $fullName }}-webdiscovery +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.webdiscoveryLabels }} +{{ toYaml .Values.ingress.webdiscoveryLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/simple-web-discovery /jans-auth/.well-known/simple-web-discovery$1 break;" + nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/.well-known/simple-web-discovery +{{- if .Values.ingress.webdiscoveryAdditionalAnnotations }} +{{ toYaml .Values.ingress.webdiscoveryAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /.well-known/simple-web-discovery + pathType: Exact + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.scimConfigEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-scim-config + labels: + app: {{ $fullName }}-scim-config +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.scimConfigLabels }} +{{ toYaml .Values.ingress.scimConfigLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/scim-configuration /jans-scim/restv1/scim-configuration$1 break;" + nginx.ingress.kubernetes.io/rewrite-target: /jans-scim/restv1/scim-configuration +{{- if .Values.ingress.scimConfigAdditionalAnnotations }} +{{ toYaml .Values.ingress.scimConfigAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /.well-known/scim-configuration + pathType: Exact + backend: + service: + name: {{ .Values.global.scim.scimServiceName }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.scimEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-jans-scim + labels: + app: {{ $fullName }}-scim +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.scimLabels }} +{{ toYaml .Values.ingress.scimLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/ssl-services: "scim" + nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.scimAdditionalAnnotations }} +{{ toYaml .Values.ingress.scimAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /jans-scim + pathType: Prefix + backend: + service: + name: {{ .Values.global.scim.scimServiceName }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.configApiEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-jans-config-api + labels: + app: {{ $fullName }}-jans-config-api +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.configApiLabels }} +{{ toYaml .Values.ingress.configApiLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/ssl-services: "configapi" + nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.configApiAdditionalAnnotations }} +{{ toYaml .Values.ingress.configApiAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /jans-config-api + pathType: Prefix + backend: + service: + name: {{ index .Values "global" "config-api" "configApiServerServiceName" }} + port: + number: 8074 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.u2fConfigEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-u2f-config + labels: + app: {{ $fullName }}-u2f-config +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.u2fConfigLabels }} +{{ toYaml .Values.ingress.u2fConfigLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/fido-configuration /jans-auth/restv1/fido-configuration$1 break;" + nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/restv1/fido-configuration +{{- if .Values.ingress.u2fAdditionalAnnotations }} +{{ toYaml .Values.ingress.u2fAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /.well-known/fido-configuration + pathType: Exact + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.fido2ConfigEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-fido2-configuration + labels: + app: {{ $fullName }}-fido2 +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.fido2ConfigLabels }} +{{ toYaml .Values.ingress.fido2ConfigLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/fido2-configuration /jans-fido2/restv1/configuration$1 break;" + nginx.ingress.kubernetes.io/rewrite-target: /jans-fido2/restv1/configuration +{{- if .Values.ingress.fido2ConfigAdditionalAnnotations }} +{{ toYaml .Values.ingress.fido2ConfigAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /.well-known/fido2-configuration + pathType: Exact + backend: + service: + name: {{ .Values.global.fido2.fido2ServiceName }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.authServerEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-auth-server + labels: + app: {{ $fullName }}-auth-server +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.authServerLabels }} +{{ toYaml .Values.ingress.authServerLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/ssl-services: "auth-server" + nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.authServerAdditionalAnnotations }} +{{ toYaml .Values.ingress.authServerAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /jans-auth + pathType: Prefix + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.authServerProtectedToken -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-auth-server-protected-token + labels: + app: {{ $fullName }}-auth-server-protected-token +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.authServerProtectedTokenLabels }} +{{ toYaml .Values.ingress.authServerProtectedTokenLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/ssl-services: "auth-server" + nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.authServerProtectedTokenAdditionalAnnotations }} +{{ toYaml .Values.ingress.authServerProtectedTokenAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($ssl_client_verify != SUCCESS) {return 403;} + proxy_set_header X-ClientCert $ssl_client_escaped_cert; +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /jans-auth/restv1/token + pathType: Exact + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + +{{ if .Values.ingress.authServerProtectedRegister -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-auth-server-protected-register + labels: + app: {{ $fullName }}-auth-server-protected-register +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.authServerProtectedRegisterLabels }} +{{ toYaml .Values.ingress.authServerProtectedRegisterLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/ssl-services: "auth-server" + nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.authServerProtectedRegisterAdditionalAnnotations }} +{{ toYaml .Values.ingress.authServerProtectedRegisterAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($ssl_client_verify != SUCCESS) {return 403;} + proxy_set_header X-ClientCert $ssl_client_escaped_cert; +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /jans-auth/restv1/register + pathType: Exact + backend: + service: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/nginx-ingress/values.yaml b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/values.yaml new file mode 100644 index 000000000..e845b6be3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/nginx-ingress/values.yaml @@ -0,0 +1,74 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# Default values for nginx-ingress. +nameOverride: "" +fullnameOverride: "" + +service: + type: ClusterIP + port: 8080 +ingress: + # -- Enable Admin UI endpoints. COMING SOON. + adminUiEnabled: true + # -- Admin UI ingress resource labels. key app is taken. + adminUiLabels: { } + # -- Enable endpoint /.well-known/openid-configuration + openidConfigEnabled: true + # -- openid-configuration ingress resource labels. key app is taken + openidConfigLabels: { } + # -- Enable endpoint /.well-known/uma2-configuration + uma2ConfigEnabled: true + # -- uma 2 config ingress resource labels. key app is taken + uma2ConfigLabels: { } + # -- Enable endpoint /.well-known/webfinger + webfingerEnabled: true + # -- webfinger ingress resource labels. key app is taken + webfingerLabels: { } + # -- Enable endpoint /.well-known/simple-web-discovery + webdiscoveryEnabled: true + # -- webdiscovery ingress resource labels. key app is taken + webdiscoveryLabels: { } + # -- Enable endpoint /.well-known/scim-configuration + scimConfigEnabled: false + # -- webdiscovery ingress resource labels. key app is taken + scimConfigLabels: { } + # -- Enable SCIM endpoints /jans-scim + scimEnabled: false + # -- scim config ingress resource labels. key app is taken + scimLabels: { } + # Enable config API endpoints /jans-config-api + configApiEnabled: true + # -- configAPI ingress resource labels. key app is taken + configApiLabels: { } + # -- Enable endpoint /.well-known/fido-configuration + u2fConfigEnabled: true + # -- u2f config ingress resource labels. key app is taken + u2fConfigLabels: { } + # -- Enable endpoint /.well-known/fido2-configuration + fido2ConfigEnabled: false + # -- fido2 config ingress resource labels. key app is taken + fido2ConfigLabels: { } + # -- Enable Auth server endpoints /jans-auth + authServerEnabled: true + # -- Auth server config ingress resource labels. key app is taken + authServerLabels: { } + # -- Enable mTLS on Auth server endpoint /jans-auth/restv1/token + authServerProtectedToken: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedTokenLabels: { } + # -- Enable mTLS onn Auth server endpoint /jans-auth/restv1/register + authServerProtectedRegister: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedRedisterLabels: { } + # -- Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} + additionalLabels: { } + # in the format of {cert-manager.io/cluster-issuer: nameOfClusterIssuer, kubernetes.io/tls-acme: "true"} + additionalAnnotations: {} + annotations: {} + path: / + hosts: + - demoexample.gluu.org + tls: + - secretName: tls-certificate + hosts: + - demoexample.gluu.org diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/.helmignore b/charts/gluu/gluu/5.0.101/charts/opendj/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/Chart.yaml new file mode 100644 index 000000000..8283f5460 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: OpenDJ is a directory server which implements a wide range of Lightweight + Directory Access Protocol and related standards, including full compliance with + LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in + Java, OpenDJ offers multi-master replication, access control, and many extensions. +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- LDAP +- OpenDJ +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: opendj +sources: +- https://github.com/GluuFederation/docker-opendj +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/opendj +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/README.md b/charts/gluu/gluu/5.0.101/charts/opendj/README.md new file mode 100644 index 000000000..f67c1443a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/README.md @@ -0,0 +1,81 @@ +# opendj + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/opendj"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py | +| livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | +| multiCluster.clusterId | string | `""` | This id needs to be unique to each kubernetes cluster in a multi cluster setup west, east, south, north, region ...etc If left empty it will be randomly generated. | +| multiCluster.enabled | bool | `false` | Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster` | +| multiCluster.namespaceIntId | int | `0` | Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. Used when gluu is installed in the same kubernetes cluster more than once. | +| multiCluster.replicaCount | int | `1` | The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-CLUSTERID-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org | +| multiCluster.serfAdvertiseAddrSuffix | string | `"regional.gluu.org:30946"` | OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} | +| multiCluster.serfKey | string | `"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk="` | Serf key. This key will automatically sync across clusters. | +| multiCluster.serfPeers | list | `["gluu-opendj-regional-0-regional.gluu.org:30946","gluu-opendj-regional-0-regional.gluu.org:31946"]` | Serf peer addresses. One per cluster. | +| nameOverride | string | `""` | | +| openDjVolumeMounts.config.mountPath | string | `"/opt/opendj/config"` | | +| openDjVolumeMounts.config.name | string | `"opendj-volume"` | | +| openDjVolumeMounts.db.mountPath | string | `"/opt/opendj/db"` | | +| openDjVolumeMounts.db.name | string | `"opendj-volume"` | | +| openDjVolumeMounts.flag.mountPath | string | `"/flag"` | | +| openDjVolumeMounts.flag.name | string | `"opendj-volume"` | | +| openDjVolumeMounts.ldif.mountPath | string | `"/opt/opendj/ldif"` | | +| openDjVolumeMounts.ldif.name | string | `"opendj-volume"` | | +| openDjVolumeMounts.logs.mountPath | string | `"/opt/opendj/logs"` | | +| openDjVolumeMounts.logs.name | string | `"opendj-volume"` | | +| persistence.accessModes | string | `"ReadWriteOnce"` | | +| persistence.size | string | `"5Gi"` | OpenDJ volume size | +| persistence.type | string | `"DirectoryOrCreate"` | | +| ports | object | `{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}}` | servicePorts values used in StatefulSet container | +| readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"1500m"` | CPU limit. | +| resources.limits.memory | string | `"2000Mi"` | Memory limit. | +| resources.requests.cpu | string | `"1500m"` | CPU request. | +| resources.requests.memory | string | `"2000Mi"` | Memory request. | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/opendj/templates/_helpers.tpl new file mode 100644 index 000000000..7ec959c4d --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "opendj.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "opendj.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "opendj.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "opendj.labels" -}} +app: {{ .Release.Name }}-{{ include "opendj.name" . }} +helm.sh/chart: {{ include "opendj.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "opendj.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "opendj.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/configmaps.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/configmaps.yaml new file mode 100644 index 000000000..b9cd7c3b1 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/configmaps.yaml @@ -0,0 +1,21 @@ +{{- if .Values.multiCluster.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-serf-peers + namespace: {{ .Release.Namespace }} + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + serf-peers-static.json: | + {{ .Values.multiCluster.serfPeers | toJson }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/cronjobs.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/cronjobs.yaml new file mode 100644 index 000000000..3e108163d --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/cronjobs.yaml @@ -0,0 +1,101 @@ +{{- if .Values.backup.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +kind: CronJob +apiVersion: batch/v1beta1 +metadata: + name: {{ include "opendj.fullname" . }}-backup +spec: + schedule: {{ .Values.backup.cronJobSchedule | quote }} + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{ toYaml . | indent 12 }} + {{- end }} + containers: + - name: {{ include "opendj.fullname" . }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + ports: + {{- range $key, $value := .Values.ports }} + - containerPort: {{ $value.targetPort }} + name: {{ $key }} + {{- end }} + env: + - name: LDAP_HOST + valueFrom: + configMapKeyRef: + # ConfigMap generated by the Configuration chart when Gluu was installed. This is normally cn. + # Found in Gluu chart under config.configmap.cnConfigKubernetesConfigMap + name: cn + key: ldap_init_host + - name: LDAP_PORT + valueFrom: + configMapKeyRef: + # ConfigMap generated by the Configuration chart when Gluu was installed. This is normally cn. + # Found in Gluu chart under config.configmap.cnConfigKubernetesConfigMap + name: cn + key: ldap_init_port + - name: LDAP_BIND_DN + valueFrom: + configMapKeyRef: + # ConfigMap generated by the Configuration chart when Gluu was installed. This is normally cn. + # Found in Gluu chart under config.configmap.cnConfigKubernetesConfigMap + name: cn + key: ldap_site_binddn + - name: LDAP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-ldap-cron-pass + key: password + # while true; do sleep 60; ldaplog=$(cat /opt/opendj/logs/server.out); startedstr="The Directory Server has started successfully"; if [ -z "${ldaplog##*$startedstr*}" ]; then break; fi; echo "Waiting for opendj server to start"; done + command: + - /bin/sh + - -c + - | + # ========= + # FUNCTIONS + # ========= + + set_java_args() { + # not sure if we can omit `-server` safely + local java_args="-server" + java_args="${java_args} -XX:+UseContainerSupport -XX:MaxRAMPercentage=${GLUU_MAX_RAM_PERCENTAGE} ${GLUU_JAVA_OPTIONS}" + # set the env var so it is loaded by `start-ds` script + export OPENDJ_JAVA_ARGS=${java_args} + } + + # ========== + # ENTRYPOINT + # ========== + + mkdir -p /opt/opendj/locks + + export JAVA_VERSION=$(java -version 2>&1 | awk -F '[\"_]' 'NR==1{print $2}') + + python3 /app/scripts/wait.py + + if [ ! -f /deploy/touched ]; then + python3 /app/scripts/entrypoint.py + touch /deploy/touched + fi + # run OpenDJ server + set_java_args + exec /opt/opendj/bin/start-ds -N & + sleep 300 + RANDOM_NUM=$(cat /dev/urandom | tr -cd '0-5' | head -c 1) + LDAP_BACKUP_FILE=backup-$RANDOM_NUM.ldif + {{- if .Values.multiCluster.enabled }} + /opt/opendj/bin/export-ldif --hostname "$LDAP_HOST" --port "304{{$.Values.multiCluster.namespaceIntId}}0" --bindDN "$LDAP_BIND_DN" --bindPassword "$LDAP_PASSWORD" --backendID userRoot --ldifFile /opt/opendj/ldif/$LDAP_BACKUP_FILE --trustAll + {{- else }} + /opt/opendj/bin/export-ldif --hostname "$LDAP_HOST" --port 4444 --bindDN "$LDAP_BIND_DN" --bindPassword "$LDAP_PASSWORD" --backendID userRoot --ldifFile /opt/opendj/ldif/$LDAP_BACKUP_FILE --trustAll + {{- end }} + restartPolicy: Never +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/hpa.yaml new file mode 100644 index 000000000..625b98c4a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "opendj.fullname" . }} + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "opendj.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/opendj-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/opendj-destination-rules.yaml new file mode 100644 index 000000000..017ec49f7 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/opendj-destination-rules.yaml @@ -0,0 +1,25 @@ +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-ldap-mtls + namespace: {{.Release.Namespace}} + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.opendj.ldapServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/secrets.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/secrets.yaml new file mode 100644 index 000000000..752626fa3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/secrets.yaml @@ -0,0 +1,20 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +{{- if .Values.multiCluster.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-serf-key + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + serf-key: {{ .Values.multiCluster.serfKey | b64enc }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/service.yaml new file mode 100644 index 000000000..652d54fb5 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/service.yaml @@ -0,0 +1,114 @@ +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +{{ range $k, $v := until ( .Values.multiCluster.replicaCount | int ) }} +--- +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + {{- if $.Values.multiCluster.enabled }} + name: {{ $.Values.global.opendj.ldapServiceName }}-regional-{{$v}} + {{- else }} + name: {{ $.Values.global.opendj.ldapServiceName }} + {{- end }} + namespace: {{ $.Release.Namespace }} + labels: +{{ include "opendj.labels" $ | indent 4}} + {{- if $.Values.multiCluster.enabled }} + appregion: {{ include "opendj.name" $ }}-regional-{{$v}} + {{- end }} +{{- if $.Values.additionalLabels }} +{{ toYaml $.Values.additionalLabels | indent 4 }} +{{- end }} +{{- if $.Values.additionalAnnotations }} + annotations: +{{ toYaml $.Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + {{- if $.Values.multiCluster.enabled }} + - port: 1636 + name: tcp-ldaps + targetPort: 1636 + protocol: TCP + nodePort: 306{{$.Values.multiCluster.namespaceIntId}}{{$v}} + - port: 309{{$.Values.multiCluster.namespaceIntId}}{{$v}} + name: tcp-replication + targetPort: 309{{$.Values.multiCluster.namespaceIntId}}{{$v}} + protocol: TCP + nodePort: 309{{$.Values.multiCluster.namespaceIntId}}{{$v}} + - port: 304{{$.Values.multiCluster.namespaceIntId}}{{$v}} + name: tcp-admin + targetPort: 304{{$.Values.multiCluster.namespaceIntId}}{{$v}} + nodePort: 304{{$.Values.multiCluster.namespaceIntId}}{{$v}} + protocol: TCP + - port: 7946 + name: tcp-serf + targetPort: 7946 + protocol: TCP + nodePort: 307{{$.Values.multiCluster.namespaceIntId}}{{$v}} + - port: 7946 + name: udp-serf + targetPort: 7946 + protocol: UDP + nodePort: 307{{$.Values.multiCluster.namespaceIntId}}{{$v}} + type: NodePort + {{- else }} + {{- range $key, $value := $.Values.ports }} + - port: {{ $value.port }} + name: {{ $key }} + targetPort: {{ $value.targetPort }} + protocol: {{ $value.protocol}} + {{- if $value.nodePort }} + nodePort: {{ $value.nodePort }} + {{- end }} + {{- end }} + clusterIP: None + {{- end }} + selector: + {{- if $.Values.multiCluster.enabled }} + appregion: {{ include "opendj.name" $ }}-regional-{{$v}} + {{- else }} + app: {{ include "opendj.name" $ }} + {{- end }} +{{- end }} +{{- if .Values.multiCluster.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.opendj.ldapServiceName }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "opendj.labels" . | indent 4}} +spec: + ports: + - port: 1636 + name: tcp-ldaps + targetPort: 1636 + protocol: TCP + - port: 1389 + name: tcp-ldap + targetPort: 1389 + protocol: TCP + - port: 8989 + name: tcp-replication + targetPort: 8989 + protocol: TCP + - port: 4444 + name: tcp-admin + targetPort: 4444 + protocol: TCP + - port: 7946 + name: tcp-serf + targetPort: 7946 + protocol: TCP + - port: 7946 + name: udp-serf + targetPort: 7946 + protocol: UDP + clusterIP: None + selector: + app: {{ include "opendj.name" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/statefulset.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/statefulset.yaml new file mode 100644 index 000000000..628ce0e45 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/statefulset.yaml @@ -0,0 +1,168 @@ +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +{{ range $k, $v := until ( .Values.multiCluster.replicaCount | int ) }} +--- +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: StatefulSet +metadata: + {{- if $.Values.multiCluster.enabled }} + name: {{ include "opendj.fullname" $ }}-regional-{{$v}} + {{- else }} + name: {{ include "opendj.fullname" $ }} + {{- end }} + namespace: {{ $.Release.Namespace }} + labels: +{{ include "opendj.labels" $ | indent 4}} + {{- if $.Values.multiCluster.enabled }} + appregion: {{ include "opendj.name" $ }}-regional-{{$v}} + {{- end }} +{{- if $.Values.additionalLabels }} +{{ toYaml $.Values.additionalLabels | indent 4 }} +{{- end }} +{{- if $.Values.additionalAnnotations }} + annotations: +{{ toYaml $.Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + {{- if $.Values.multiCluster.enabled }} + app: {{ include "opendj.name" $ }} + appregion: {{ include "opendj.name" $ }}-regional-{{$v}} + {{- else }} + app: {{ include "opendj.name" $ }} + {{- end }} + serviceName: {{ include "opendj.name" $ }} + {{- if $.Values.multiCluster.enabled }} + replicas: 1 + {{- else }} + replicas: {{ $.Values.replicas }} + {{- end }} + template: + metadata: + labels: + {{- if $.Values.multiCluster.enabled }} + app: {{ include "opendj.name" $ }} + appregion: {{ include "opendj.name" $ }}-regional-{{$v}} + {{- else }} + app: {{ include "opendj.name" $ }} + {{- end }} + {{- if $.Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with $.Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ $.Values.dnsPolicy | quote }} + {{- with $.Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- with $.Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{- if $.Values.multiCluster.enabled }} + - name: serfkey + secret: + secretName: {{ $.Release.Name }}-serf-key + - name: serfpeers + configMap: + name: {{ $.Release.Name }}-serf-peers + {{- end }} + {{- if $.Values.global.upgrade.enabled }} + - name: ox-ldif-cm + configMap: + name: {{ $.Release.Name }}-oxjans + {{- end }} + containers: + - name: {{ include "opendj.name" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" + env: + {{- include "opendj.usr-envs" $ | indent 12 }} + {{- include "opendj.usr-secret-envs" $ | indent 12 }} + {{- if $.Values.multiCluster.enabled }} + - name: GLUU_SERF_ADVERTISE_ADDR + value: "{{ $.Release.Name }}-opendj-{{$.Values.multiCluster.clusterId}}-regional-{{$v}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }}:307{{$.Values.multiCluster.namespaceIntId}}{{$v}}" + - name: GLUU_LDAP_ADVERTISE_ADMIN_PORT + value: "304{{$.Values.multiCluster.namespaceIntId}}{{$v}}" + - name: GLUU_LDAP_ADVERTISE_LDAPS_PORT + value: "306{{$.Values.multiCluster.namespaceIntId}}{{$v}}" + - name: GLUU_LDAP_ADVERTISE_REPLICATION_PORT + value: "309{{$.Values.multiCluster.namespaceIntId}}{{$v}}" + {{- end }} + lifecycle: + preStop: + exec: + command: ["python3", "/app/scripts/deregister_peer.py"] + envFrom: + - configMapRef: + name: {{ $.Release.Name }}-config-cm + {{ if $.Values.global.usrEnvs.secret }} + - secretRef: + name: {{ $.Release.Name }}-global-user-custom-envs + {{- end }} + {{ if $.Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ $.Release.Name }}-global-user-custom-envs + {{- end }} + ports: + {{- range $key, $value := $.Values.ports }} + - containerPort: {{ $value.targetPort }} + name: {{ $key }} + {{- end }} + volumeMounts: + {{- range $key, $values := $.Values.openDjVolumeMounts }} + - mountPath: {{$values.mountPath}} + name: {{$values.name}} + subPath: {{$key}} + {{- end }} + {{- with $.Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{- if $.Values.multiCluster.enabled }} + - mountPath: "/etc/gluu/conf/serf-key" + name: serfkey + subPath: serf-key + - mountPath: "/etc/gluu/conf/serf-peers-static.json" + name: serfpeers + subPath: serf-peers-static.json + {{- end }} + {{- if $.Values.global.upgrade.enabled }} + - name: ox-ldif-cm + mountPath: /opt/opendj/config/schema/101-jans.ldif + subPath: 101-jans.ldif + {{- end }} + livenessProbe: +{{- toYaml $.Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml $.Values.readinessProbe | nindent 10 }} + {{- if or (eq $.Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq $.Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if $.Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml $.Values.resources | nindent 10 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: opendj-volume + spec: + accessModes: + - {{ $.Values.persistence.accessModes }} + resources: + requests: + storage: {{ $.Values.persistence.size }} + {{- if eq $.Values.global.storageClass.provisioner "k8s.io/minikube-hostpath" }} + storageClassName: standard + {{- else }} + storageClassName: {{ include "opendj.fullname" $ | quote }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/storageclass.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/storageclass.yaml new file mode 100644 index 000000000..3af1e452a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/storageclass.yaml @@ -0,0 +1,59 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ include "opendj.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + storage: opendj +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "3" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.additionalAnnotations }} +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + # Annotation below is to keep the storage class during upgrade. Otherwise, due to the flag at line 1 which is needed, this resource will be deleted. + helm.sh/resource-policy: keep + storageclass.beta.kubernetes.io/is-default-class: "false" + {{- if eq .Values.global.storageClass.provisioner "openebs.io/local" }} + openebs.io/cas-type: local + cas.openebs.io/config: | + - name: StorageType + value: hostpath + - name: BasePath + value: /var/local-hostpath + {{- end }} +provisioner: {{ .Values.global.storageClass.provisioner }} +{{- if and ( ne .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) ( ne .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") ( ne .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") ( ne .Values.global.storageClass.provisioner "kubernetes.io/gce-pd") ( ne .Values.global.storageClass.provisioner "dobs.csi.digitalocean.com") ( ne .Values.global.storageClass.provisioner "openebs.io/local") ( ne .Values.global.storageClass.provisioner "kubernetes.io/azure-disk") }} +parameters: +{{ toYaml .Values.global.storageClass.parameters | indent 4 }} +{{- else }} +parameters: + {{- if eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs" }} + type: {{ .Values.global.awsStorageType }} + fsType: ext4 + {{- else if eq .Values.global.storageClass.provisioner "kubernetes.io/gce-pd" }} + type: {{ .Values.global.gcePdStorageType }} + {{- else if eq .Values.global.storageClass.provisioner "kubernetes.io/azure-disk" }} + storageAccountType: {{ .Values.global.azureStorageAccountType }} + kind: {{ .Values.global.azureStorageKind }} + {{- else if eq .Values.global.storageClass.provisioner "dobs.csi.digitalocean.com" }} + {{- else if eq .Values.global.storageClass.provisioner "openebs.io/local" }} + {{- else }} + pool: default + fsType: ext4 + {{- end }} +{{- end }} +allowVolumeExpansion: {{ .Values.global.storageClass.allowVolumeExpansion }} +volumeBindingMode: {{ .Values.global.storageClass.volumeBindingMode }} +reclaimPolicy: {{ .Values.global.storageClass.reclaimPolicy }} +mountOptions: {{ .Values.global.storageClass.mountOptions | toJson }} +allowedTopologies: {{ .Values.global.storageClass.allowedTopologies | toJson }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..61332221a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/opendj/values.yaml b/charts/gluu/gluu/5.0.101/charts/opendj/values.yaml new file mode 100644 index 000000000..66670e44a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/opendj/values.yaml @@ -0,0 +1,157 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/opendj + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +multiCluster: + # -- Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster` + enabled: false + # -- OpenDJ Serf advertise address suffix that will be added to each opendj replica. + # i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} + serfAdvertiseAddrSuffix: "regional.gluu.org:30946" + # -- Serf key. This key will automatically sync across clusters. + serfKey: Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk= + # -- Serf peer addresses. One per cluster. + serfPeers: + - "gluu-opendj-regional-0-regional.gluu.org:30946" + - "gluu-opendj-regional-0-regional.gluu.org:31946" + # -- The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows + # the patterm RELEASE-NAME-opendj-CLUSTERID-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} + # If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org + replicaCount: 1 + # -- This id needs to be unique to each kubernetes cluster in a multi cluster setup + # west, east, south, north, region ...etc If left empty it will be randomly generated. + clusterId: "" + # -- Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. + # Used when gluu is installed in the same kubernetes cluster more than once. + namespaceIntId: 0 +persistence: + # -- OpenDJ volume size + size: 5Gi + accessModes: ReadWriteOnce + type: DirectoryOrCreate +# -- servicePorts values used in StatefulSet container +ports: + tcp-admin: + nodePort: "" + port: 4444 + protocol: TCP + targetPort: 4444 + tcp-ldap: + nodePort: "" + port: 1389 + protocol: TCP + targetPort: 1389 + tcp-ldaps: + nodePort: "" + port: 1636 + protocol: TCP + targetPort: 1636 + tcp-repl: + nodePort: "" + port: 8989 + protocol: TCP + targetPort: 8989 + tcp-serf: + nodePort: "" + port: 7946 + protocol: TCP + targetPort: 7946 + udp-serf: + nodePort: "" + port: 7946 + protocol: UDP + targetPort: 7946 +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 1500m + # -- Memory limit. + memory: 2000Mi + requests: + # -- CPU request. + cpu: 1500m + # -- Memory request. + memory: 2000Mi +# -- Configure the liveness healthcheck for OpenDJ if needed. +# https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py +livenessProbe: + # -- Executes the python3 healthcheck. + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 20 +# -- Configure the readiness healthcheck for OpenDJ if needed. +# https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py +readinessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] +nameOverride: "" +fullnameOverride: "" +# VolumeMounts for StatefulSet +# opendj-init vm +openDjVolumeMounts: + config: + mountPath: /opt/opendj/config + name: opendj-volume + ldif: + mountPath: /opt/opendj/ldif + name: opendj-volume + logs: + mountPath: /opt/opendj/logs + name: opendj-volume + db: + mountPath: /opt/opendj/db + name: opendj-volume + flag: + mountPath: /flag + name: opendj-volume + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/.helmignore b/charts/gluu/gluu/5.0.101/charts/oxpassport/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/Chart.yaml new file mode 100644 index 000000000..77009aa3d --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Gluu interface to Passport.js to support social login and inbound identity. +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- Passport.js +- Inbound Identity +- Social login +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: oxpassport +sources: +- https://github.com/GluuFederation/gluu-passport +- https://github.com/GluuFederation/docker-oxpassport +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/README.md b/charts/gluu/gluu/5.0.101/charts/oxpassport/README.md new file mode 100644 index 000000000..f26135cc3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/README.md @@ -0,0 +1,67 @@ +# oxpassport + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Gluu interface to Passport.js to support social login and inbound identity. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| affinity | object | `{}` | | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/oxpassport"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| livenessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for oxPassport if needed. | +| livenessProbe.httpGet.path | string | `"/passport/health-check"` | http liveness probe endpoint | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| readinessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the oxPassport if needed. | +| readinessProbe.httpGet.path | string | `"/passport/health-check"` | http readiness probe endpoint | +| replicas | int | `1` | Service replica number | +| resources | object | `{"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"700m"` | CPU limit. | +| resources.limits.memory | string | `"900Mi"` | Memory limit. | +| resources.requests.cpu | string | `"700m"` | CPU request. | +| resources.requests.memory | string | `"900Mi"` | Memory request. | +| service.name | string | `"http-passport"` | The name of the oxPassport port within the oxPassport service. Please keep it as default. | +| service.port | int | `8090` | Port of the oxPassport service. Please keep it as default. | +| tolerations | list | `[]` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/_helpers.tpl new file mode 100644 index 000000000..9a8fa7197 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oxpassport.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oxpassport.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oxpassport.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "oxpassport.labels" -}} +app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} +helm.sh/chart: {{ include "oxpassport.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "oxpassport.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "oxpassport.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/deployment.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/deployment.yaml new file mode 100644 index 000000000..cbac26eda --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/deployment.yaml @@ -0,0 +1,160 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "oxpassport.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} + release: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "oxpassport.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: PASSPORT_LOG_LEVEL + value: "info" + {{- include "oxpassport.usr-envs" . | indent 12 }} + {{- include "oxpassport.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + protocol: TCP + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxpassport.name" . }}-updatelbip + mountPath: /scripts + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxpassport.name" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/hpa.yaml new file mode 100644 index 000000000..dff8d9d10 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "oxpassport.fullname" . }} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "oxpassport.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/oxpassport-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/oxpassport-destination-rules.yaml new file mode 100644 index 000000000..5c2ddf682 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/oxpassport-destination-rules.yaml @@ -0,0 +1,23 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-oxpassport-mtls + namespace: {{.Release.Namespace}} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.oxpassport.oxPassportServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/oxpassport-virtual-services.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/oxpassport-virtual-services.yaml new file mode 100644 index 000000000..089d78b10 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/oxpassport-virtual-services.yaml @@ -0,0 +1,34 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-passport + namespace: {{.Release.Namespace}} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw + http: + - name: {{ .Release.Name }}-istio-passport + match: + - uri: + prefix: "/passport" + route: + - destination: + host: {{ .Values.global.oxpassport.oxPassportServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8090 + weight: 100 +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/service.yaml new file mode 100644 index 000000000..47c0d0ba6 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/service.yaml @@ -0,0 +1,26 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.oxpassport.oxPassportServiceName }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} + release: {{ .Release.Name }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..05369703d --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxpassport/values.yaml b/charts/gluu/gluu/5.0.101/charts/oxpassport/values.yaml new file mode 100644 index 000000000..0d8bea7fd --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxpassport/values.yaml @@ -0,0 +1,91 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Gluu interface to Passport.js to support social login and inbound identity. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxpassport + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 700m + # -- Memory limit. + memory: 900Mi + requests: + # -- CPU request. + cpu: 700m + # -- Memory request. + memory: 900Mi +service: + # -- Port of the oxPassport service. Please keep it as default. + port: 8090 + # -- The name of the oxPassport port within the oxPassport service. Please keep it as default. + name: http-passport +# -- Configure the liveness healthcheck for oxPassport if needed. +livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 20 +# -- Configure the readiness healthcheck for the oxPassport if needed. +readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + failureThreshold: 20 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/.helmignore b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/Chart.yaml new file mode 100644 index 000000000..363c972a3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Shibboleth project for the Gluu Server's SAML IDP functionality. +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- SAML +- Shibboleth +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: oxshibboleth +sources: +- https://github.com/GluuFederation/oxShibboleth +- https://github.com/GluuFederation/docker-oxshibboleth +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/README.md b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/README.md new file mode 100644 index 000000000..ae4795e20 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/README.md @@ -0,0 +1,68 @@ +# oxshibboleth + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Shibboleth project for the Gluu Server's SAML IDP functionality. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| affinity | object | `{}` | | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/oxshibboleth"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| livenessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the oxShibboleth if needed. | +| livenessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| readinessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| readinessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"1000m"` | CPU limit. | +| resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| resources.requests.cpu | string | `"1000m"` | CPU request. | +| resources.requests.memory | string | `"1000Mi"` | Memory request. | +| service.name | string | `"http-oxshib"` | Port of the oxShibboleth service. Please keep it as default. | +| service.port | int | `8080` | The name of the oxShibboleth port within the oxPassport service. Please keep it as default. | +| service.targetPort | int | `8080` | | +| tolerations | list | `[]` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/_helpers.tpl new file mode 100644 index 000000000..daa1f2ea7 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oxshibboleth.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oxshibboleth.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oxshibboleth.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "oxshibboleth.labels" -}} +app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} +helm.sh/chart: {{ include "oxshibboleth.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "oxshibboleth.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "oxshibboleth.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/hpa.yaml new file mode 100644 index 000000000..4818d6e27 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "oxshibboleth.fullname" . }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "oxshibboleth.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml new file mode 100644 index 000000000..c629f0ef9 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-oxshibboleth-mtls + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.oxshibboleth.oxShibbolethServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml new file mode 100644 index 000000000..b45004c5d --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml @@ -0,0 +1,37 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-oxshibbioleth + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw + http: + - name: {{ .Release.Name }}-istio-oxshibbioleth + match: + - uri: + prefix: /idp + rewrite: + uri: /identity + route: + - destination: + host: {{ .Values.global.oxshibboleth.oxShibbolethServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + weight: 100 +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/service.yaml new file mode 100644 index 000000000..34da26c11 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/service.yaml @@ -0,0 +1,30 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.oxshibboleth.oxShibbolethServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- else }} + clusterIP: None + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} + release: {{ .Release.Name }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/statefulset.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/statefulset.yaml new file mode 100644 index 000000000..47f43198f --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/statefulset.yaml @@ -0,0 +1,159 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "oxshibboleth.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + serviceName: oxshibboleth + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + APP_NAME: oxshibboleth + app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} + release: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "oxshibboleth.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "oxshibboleth.usr-envs" . | indent 12 }} + {{- include "oxshibboleth.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + protocol: TCP + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxshibboleth.fullname" .}}-updatelbip + mountPath: /scripts + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxshibboleth.fullname" .}}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..e126166a9 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/oxshibboleth/values.yaml b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/values.yaml new file mode 100644 index 000000000..089e154bd --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/oxshibboleth/values.yaml @@ -0,0 +1,91 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Shibboleth project for the Gluu Server's SAML IDP functionality. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxshibboleth + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 1000Mi +service: + # -- The name of the oxShibboleth port within the oxPassport service. Please keep it as default. + port: 8080 + targetPort: 8080 + # -- Port of the oxShibboleth service. Please keep it as default. + name: http-oxshib + +# -- Configure the liveness healthcheck for the oxShibboleth if needed. +livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the casa if needed. +readinessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/.helmignore b/charts/gluu/gluu/5.0.101/charts/persistence/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/persistence/Chart.yaml new file mode 100644 index 000000000..4fb8b3869 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: Job to generate data and initial config for Gluu Server persistence layer. +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- persistence prep +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: persistence +sources: +- https://github.com/JanssenProject/docker-jans-persistence-loader +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/persistence +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/README.md b/charts/gluu/gluu/5.0.101/charts/persistence/README.md new file mode 100644 index 000000000..0d378a0e5 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/README.md @@ -0,0 +1,50 @@ +# persistence + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Job to generate data and initial config for Gluu Server persistence layer. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/persistence"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | | +| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"300m"` | CPU limit | +| resources.limits.memory | string | `"300Mi"` | Memory limit. | +| resources.requests.cpu | string | `"300m"` | CPU request. | +| resources.requests.memory | string | `"300Mi"` | Memory request. | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/persistence/templates/_helpers.tpl new file mode 100644 index 000000000..ca0c55207 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "persistence.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "persistence.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "persistence.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "persistence.labels" -}} +app: {{ .Release.Name }}-{{ include "persistence.name" . }} +helm.sh/chart: {{ include "persistence.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "persistence.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "persistence.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "persistence.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "persistence.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/templates/jobs.yml b/charts/gluu/gluu/5.0.101/charts/persistence/templates/jobs.yml new file mode 100644 index 000000000..45f6d927f --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/templates/jobs.yml @@ -0,0 +1,129 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "persistence.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: persistence-loader +{{ include "persistence.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ttlSecondsAfterFinished: 120 + template: + metadata: + name: {{ include "persistence.name" . }} + labels: + APP_NAME: persistence-loader + app: {{ .Release.Name }}-{{ include "persistence.name" . }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + restartPolicy: Never + containers: + - name: {{ include "persistence.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + securityContext: + runAsUser: 1000 + runAsNonRoot: true + env: + {{- include "persistence.usr-envs" . | indent 12 }} + {{- include "persistence.usr-secret-envs" . | indent 12 }} + {{- if .Values.global.istio.enabled }} + command: + - tini + - -g + - -- + - /bin/sh + - -c + - | + /app/scripts/entrypoint.sh + curl -X POST http://localhost:15020/quitquitquit + {{- end }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/jans/conf/couchbase_password" + subPath: couchbase_password + - name: cb-super-pass + mountPath: "/etc/jans/conf/couchbase_superuser_password" + subPath: couchbase_superuser_password + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + - name: cb-super-pass + secret: + secretName: {{ .Release.Name }}-superuser-cb-pass + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/templates/service.yaml b/charts/gluu/gluu/5.0.101/charts/persistence/templates/service.yaml new file mode 100644 index 000000000..b266650a6 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/templates/service.yaml @@ -0,0 +1,27 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions: +# https://www.apache.org/licenses/LICENSE-2.0 +# Used with Istio +apiVersion: v1 +kind: Service +metadata: + name: {{ include "persistence.fullname" . }} + labels: + APP_NAME: persistence-loader +{{ include "persistence.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: {{ .Release.Name }}-{{ include "persistence.name" . }} + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/persistence/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..b8b3b87e8 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "persistence.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/persistence/values.yaml b/charts/gluu/gluu/5.0.101/charts/persistence/values.yaml new file mode 100644 index 000000000..396ea6b7a --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/persistence/values.yaml @@ -0,0 +1,49 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Job to generate data and initial config for Gluu Server persistence layer. +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/persistence + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Resource specs. +resources: + limits: + # -- CPU limit + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/scim/.helmignore b/charts/gluu/gluu/5.0.101/charts/scim/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/5.0.101/charts/scim/Chart.yaml b/charts/gluu/gluu/5.0.101/charts/scim/Chart.yaml new file mode 100644 index 000000000..45b482d1b --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +appVersion: 5.0.0 +description: System for Cross-domain Identity Management (SCIM) version 2.0 +home: https://gluu.org/docs/gluu-server +icon: https://gluu.org/docs/gluu-server/favicon.ico +keywords: +- SCIM +- API +kubeVersion: '>=v1.21.0-0' +maintainers: +- email: support@gluu.org + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: scim +sources: +- https://github.com/JanssenProject/jans-scim +- https://gluu.org/docs/gluu-server/api-guide/scim-api/ +- https://github.com/JanssenProject/docker-jans-scim +- https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/scim +type: application +version: 5.0.1 diff --git a/charts/gluu/gluu/5.0.101/charts/scim/README.md b/charts/gluu/gluu/5.0.101/charts/scim/README.md new file mode 100644 index 000000000..1ec0a3b09 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/README.md @@ -0,0 +1,62 @@ +# scim + +![Version: 5.0.1](https://img.shields.io/badge/Version-5.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +System for Cross-domain Identity Management (SCIM) version 2.0 + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | +| livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | +| readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | +| readinessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http readiness probe endpoint | +| replicas | int | `1` | Service replica number. | +| resources.limits.cpu | string | `"1000m"` | CPU limit. | +| resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| resources.requests.cpu | string | `"1000m"` | CPU request. | +| resources.requests.memory | string | `"1000Mi"` | Memory request. | +| service.name | string | `"http-scim"` | The name of the scim port within the scim service. Please keep it as default. | +| service.port | int | `8080` | Port of the scim service. Please keep it as default. | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/charts/scim/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/charts/scim/templates/_helpers.tpl new file mode 100644 index 000000000..d779e8f5e --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "scim.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "scim.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "scim.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "scim.labels" -}} +app: {{ .Release.Name }}-{{ include "scim.name" . }} +helm.sh/chart: {{ include "scim.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "scim.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "scim.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/scim/templates/deployment.yml b/charts/gluu/gluu/5.0.101/charts/scim/templates/deployment.yml new file mode 100644 index 000000000..d53671ac3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/templates/deployment.yml @@ -0,0 +1,149 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "scim.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "scim.name" . }} + template: + metadata: + labels: + APP_NAME: scim + app: {{ .Release.Name }}-{{ include "scim.name" . }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "scim.name" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true + env: + {{- include "scim.usr-envs" . | indent 12 }} + {{- include "scim.usr-secret-envs" . | indent 12 }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end}} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + mountPath: "/etc/jans/conf/sql_password" + subPath: sql_password + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "scim.fullname" .}}-updatelbip + mountPath: "/scripts" + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + mountPath: "/etc/gluu/conf/couchbase_password" + subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if eq .Values.global.cnPersistenceType "sql" }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "scim.fullname" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/scim/templates/hpa.yaml b/charts/gluu/gluu/5.0.101/charts/scim/templates/hpa.yaml new file mode 100644 index 000000000..840aa5122 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "scim.fullname" . }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "scim.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/scim/templates/scim-destination-rules.yaml b/charts/gluu/gluu/5.0.101/charts/scim/templates/scim-destination-rules.yaml new file mode 100644 index 000000000..acb5f393d --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/templates/scim-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-scim-mtls + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.scim.scimServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/scim/templates/scim-virtual-services.yaml b/charts/gluu/gluu/5.0.101/charts/scim/templates/scim-virtual-services.yaml new file mode 100644 index 000000000..a04ab63ef --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/templates/scim-virtual-services.yaml @@ -0,0 +1,47 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-scim-config + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service. + http: + - name: {{ .Release.Name }}-istio-scim-config + match: + - uri: + prefix: /.well-known/scim-configuration + rewrite: + uri: /scim/restv1/scim-configuration + route: + - destination: + host: {{ .Values.global.scim.scimServiceName }}.{{.Release.Namespace}}.svc.cluster.local + port: + number: 8080 + weight: 100 + - name: {{ .Release.Name }}-istio-scim + match: + - uri: + prefix: "/scim" + route: + - destination: + host: {{ .Values.service.scimServiceName }}.{{.Release.Namespace}}.svc.cluster.local + port: + number: 8080 + weight: 100 +{{- end }} diff --git a/charts/gluu/gluu/5.0.101/charts/scim/templates/service.yml b/charts/gluu/gluu/5.0.101/charts/scim/templates/service.yml new file mode 100644 index 000000000..38381e602 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/templates/service.yml @@ -0,0 +1,27 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.scim.scimServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "scim.name" . }} #scim + \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/scim/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/5.0.101/charts/scim/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..01dda2bf1 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/charts/scim/values.yaml b/charts/gluu/gluu/5.0.101/charts/scim/values.yaml new file mode 100644 index 000000000..055214ce3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/charts/scim/values.yaml @@ -0,0 +1,79 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- System for Cross-domain Identity Management (SCIM) version 2.0 +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/scim + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 1000Mi +service: + # -- The name of the scim port within the scim service. Please keep it as default. + name: http-scim + # -- Port of the scim service. Please keep it as default. + port: 8080 +# -- Configure the liveness healthcheck for SCIM if needed. +livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /jans-scim/sys/health-check + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the SCIM if needed. +readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /jans-scim/sys/health-check + port: 8080 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/openbanking-helm.md b/charts/gluu/gluu/5.0.101/openbanking-helm.md new file mode 100644 index 000000000..1d370af88 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/openbanking-helm.md @@ -0,0 +1,245 @@ +# gluu + +![version: 5.0.1](https://img.shields.io/badge/Version-5.0.0-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Gluu Access and Identity Management OpenBanking distribution + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| moabu | support@gluu.org | | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.17.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| | auth-server | 5.0.0 | +| | cn-istio-ingress | 5.0.0 | +| | config | 5.0.0 | +| | config-api | 5.0.0 | +| | nginx-ingress | 5.0.0 | +| | persistence | 5.0.0 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| auth-server | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/auth-server","tag":"1.0.0-beta.13"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server.dnsConfig | object | `{}` | Add custom dns config | +| auth-server.dnsPolicy | string | `""` | Add custom dns policy | +| auth-server.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| auth-server.hpa.behavior | object | `{}` | Scaling Policies | +| auth-server.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | +| auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | +| auth-server.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | +| auth-server.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | +| auth-server.replicas | int | `1` | Service replica number. | +| auth-server.resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| auth-server.resources.limits.cpu | string | `"2500m"` | CPU limit. | +| auth-server.resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| auth-server.resources.requests.cpu | string | `"2500m"` | CPU request. | +| auth-server.resources.requests.memory | string | `"2500Mi"` | Memory request. | +| auth-server.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| auth-server.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| config | object | `{"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnCasaEnabled":false,"cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCertFile":"/etc/certs/couchbase.crt","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbasePasswordFile":"/etc/gluu/conf/couchbase_password","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseSuperUserPasswordFile":"/etc/gluu/conf/couchbase_superuser_password","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnDocumentStoreType":"JCA","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJackrabbitAdminId":"admin","cnJackrabbitAdminIdFile":"/etc/gluu/conf/jackrabbit_admin_id","cnJackrabbitAdminPasswordFile":"/etc/gluu/conf/jackrabbit_admin_password","cnJackrabbitPostgresDatabaseName":"jackrabbit","cnJackrabbitPostgresHost":"postgresql.postgres.svc.cluster.local","cnJackrabbitPostgresPasswordFile":"/etc/gluu/conf/postgres_password","cnJackrabbitPostgresPort":5432,"cnJackrabbitPostgresUser":"jackrabbit","cnJackrabbitSyncInterval":300,"cnJackrabbitUrl":"http://jackrabbit:8080","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPassportEnabled":false,"cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnSamlEnabled":false,"cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqlPasswordFile":"/etc/jans/conf/sql_password","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.0-beta.13"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.0-beta.13"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config-api.dnsConfig | object | `{}` | Add custom dns config | +| config-api.dnsPolicy | string | `""` | Add custom dns policy | +| config-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| config-api.hpa.behavior | object | `{}` | Scaling Policies | +| config-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | +| config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | +| config-api.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | +| config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint | +| config-api.replicas | int | `1` | Service replica number. | +| config-api.resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | +| config-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| config-api.resources.limits.memory | string | `"400Mi"` | Memory limit. | +| config-api.resources.requests.cpu | string | `"1000m"` | CPU request. | +| config-api.resources.requests.memory | string | `"400Mi"` | Memory request. | +| config-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| config-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| config-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| config-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| config-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| config.adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | +| config.city | string | `"Austin"` | City. Used for certificate creation. | +| config.configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | +| config.configmap.cnCasaEnabled | bool | `false` | Enable Casa flag . | +| config.configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api . | +| config.configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api. | +| config.configmap.cnClientApiBindIpAddresses | string | `"*"` | Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy | +| config.configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | +| config.configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | +| config.configmap.cnCouchbaseCertFile | string | `"/etc/certs/couchbase.crt"` | Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. | +| config.configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | +| config.configmap.cnCouchbaseIndexNumReplica | int | `0` | The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. | +| config.configmap.cnCouchbasePassword | string | `"P@ssw0rd"` | Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . | +| config.configmap.cnCouchbasePasswordFile | string | `"/etc/gluu/conf/couchbase_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password | +| config.configmap.cnCouchbaseSuperUser | string | `"admin"` | The Couchbase super user (admin) user name. This user is used during initialization only. | +| config.configmap.cnCouchbaseSuperUserPassword | string | `"Test1234#"` | Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol | +| config.configmap.cnCouchbaseSuperUserPasswordFile | string | `"/etc/gluu/conf/couchbase_superuser_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. | +| config.configmap.cnCouchbaseUrl | string | `"cbgluu.default.svc.cluster.local"` | Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster | +| config.configmap.cnCouchbaseUser | string | `"gluu"` | Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. | +| config.configmap.cnDocumentStoreType | string | `"JCA"` | Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. | +| config.configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | +| config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | +| config.configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | +| config.configmap.cnPassportEnabled | bool | `false` | Boolean flag to enable/disable passport chart | +| config.configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | +| config.configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnSamlEnabled | bool | `false` | Enable SAML-related features; UI menu, etc. | +| config.configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | +| config.configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | +| config.configmap.cnSqlDbHost | string | `"my-release-mysql.default.svc.cluster.local"` | SQL database host uri. | +| config.configmap.cnSqlDbName | string | `"jans"` | SQL database name. | +| config.configmap.cnSqlDbPort | int | `3306` | SQL database port. | +| config.configmap.cnSqlDbTimezone | string | `"UTC"` | SQL database timezone. | +| config.configmap.cnSqlDbUser | string | `"jans"` | SQL database username. | +| config.configmap.cnSqlPasswordFile | string | `"/etc/jans/conf/sql_password"` | SQL password file holding password from config.configmap.cnSqldbUserPassword . | +| config.configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected as config.configmap.cnSqlPasswordFile . | +| config.configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. | +| config.countryCode | string | `"US"` | Country code. Used for certificate creation. | +| config.dnsConfig | object | `{}` | Add custom dns config | +| config.dnsPolicy | string | `""` | Add custom dns policy | +| config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | +| config.image.pullSecrets | list | `[]` | Image Pull Secrets | +| config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | +| config.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | +| config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | +| config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | +| config.migration.migrationDataFormat | string | `"ldif"` | migration data-format depending on persistence backend. Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. | +| config.migration.migrationDir | string | `"/ce-migration"` | Directory holding all migration files | +| config.orgName | string | `"Gluu"` | Organization name. Used for certificate creation. | +| config.redisPassword | string | `"P@assw0rd"` | Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. | +| config.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| config.resources.limits.cpu | string | `"300m"` | CPU limit. | +| config.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| config.resources.requests.cpu | string | `"300m"` | CPU request. | +| config.resources.requests.memory | string | `"300Mi"` | Memory request. | +| config.state | string | `"TX"` | State code. Used for certificate creation. | +| config.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. | +| config.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | +| config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | +| config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| global | object | `{"alb":{"ingress":false},"auth-server":{"authServerServiceName":"auth-server","enabled":true},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","client-api":{"clientApiServerServiceName":"client-api","enabled":false},"cloud":{"testEnviroment":false},"cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnJackrabbitCluster":true,"cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"ldap","config":{"enabled":true},"config-api":{"configApiServerServiceName":"config-api","enabled":true},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","cr-rotate":{"enabled":false},"distribution":"default","fido2":{"enabled":false},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"enabled":false,"ingress":false,"namespace":"istio-system"},"jackrabbit":{"enabled":false,"jackRabbitServiceName":"jackrabbit"},"lbIp":"","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxshibboleth":{"enabled":false},"persistence":{"enabled":true},"scim":{"enabled":false},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global.alb.ingress | bool | `false` | Activates ALB ingress | +| global.auth-server.authServerServiceName | string | `"auth-server"` | Name of the auth-server service. Please keep it as default. | +| global.auth-server.enabled | bool | `true` | Boolean flag to enable/disable auth-server chart. You should never set this to false. | +| global.cloud.testEnviroment | bool | `false` | Boolean flag if enabled will strip resources requests and limits from all services. | +| global.cnGoogleApplicationCredentials | string | `"/etc/jans/conf/google-credentials.json"` | Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. | +| global.cnObExtSigningAlias | string | `""` | Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G | +| global.cnObExtSigningJwksCrt | string | `""` | Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksKey | string | `""` | Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksKeyPassPhrase | string | `""` | Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksUri | string | `""` | Open banking external signing jwks uri. Used in SSA Validation. | +| global.cnObStaticSigningKeyKid | string | `""` | Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G | +| global.cnObTransportAlias | string | `""` | Open banking transport Alias used inside the JVM. | +| global.cnObTransportCrt | string | `""` | Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64. | +| global.cnObTransportKey | string | `""` | Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. | +| global.cnObTransportKeyPassPhrase | string | `""` | Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64. | +| global.cnObTransportTrustStore | string | `""` | Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64. | +| global.cnPersistenceType | string | `"sql"` | Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. | +| global.config-api.configApiServerServiceName | string | `"config-api"` | Name of the config-api service. Please keep it as default. | +| global.config-api.enabled | bool | `true` | Boolean flag to enable/disable the config-api chart. | +| global.config.enabled | bool | `true` | Boolean flag to enable/disable the configuration chart. This normally should never be false | +| global.configAdapterName | string | `"kubernetes"` | The config backend adapter that will hold Gluu configuration layer. google|kubernetes | +| global.configSecretAdapter | string | `"kubernetes"` | The config backend adapter that will hold Gluu secret layer. google|kubernetes | +| global.distribution | string | `"openbanking"` | Gluu distributions supported are: default|openbanking. | +| global.fqdn | string | `"demoexample.gluu.org"` | Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. | +| global.gcePdStorageType | string | `"pd-standard"` | GCE storage kind if using Google disks | +| global.isFqdnRegistered | bool | `false` | Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. | +| global.istio.enabled | bool | `false` | Boolean flag that enables using istio side cars with Gluu services. | +| global.istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. | +| global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. | +| global.lbIp | string | `""` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. | +| global.nginx-ingress.enabled | bool | `true` | Boolean flag to enable/disable the nginx-ingress definitions chart. | +| global.opendj.enabled | bool | `false` | Boolean flag to enable/disable the OpenDJ chart. | +| global.persistence.enabled | bool | `true` | Boolean flag to enable/disable the persistence chart. | +| global.storageClass | object | `{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"}` | StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. | +| global.storageClass.parameters | object | `{}` | parameters: | +| global.upgrade.enabled | bool | `false` | Boolean flag used when running helm upgrade command. This allows upgrading the chart without immutable objects errors. | +| global.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services | +| global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | +| global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | +| nginx-ingress | object | `{"ingress":{"additionalAnnotations":{},"additionalLabels":{},"adminUiEnabled":true,"adminUiLabels":{},"authServerEnabled":true,"authServerLabels":{},"authServerProtectedRedisterLabels":{},"authServerProtectedRegister":false,"authServerProtectedToken":false,"authServerProtectedTokenLabels":{},"configApiEnabled":true,"configApiLabels":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"hosts":["demoexample.gluu.org"],"openidConfigEnabled":true,"openidConfigLabels":{},"path":"/","scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerEnabled":true,"webfingerLabels":{}}}` | Nginx ingress definitions chart | +| nginx-ingress.ingress.additionalAnnotations | object | `{}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | +| nginx-ingress.ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} | +| nginx-ingress.ingress.adminUiEnabled | bool | `true` | Enable Admin UI endpoints. COMING SOON. | +| nginx-ingress.ingress.adminUiLabels | object | `{}` | Admin UI ingress resource labels. key app is taken. | +| nginx-ingress.ingress.authServerEnabled | bool | `true` | Enable Auth server endpoints /jans-auth | +| nginx-ingress.ingress.authServerLabels | object | `{}` | Auth server config ingress resource labels. key app is taken | +| nginx-ingress.ingress.authServerProtectedRedisterLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| nginx-ingress.ingress.authServerProtectedRegister | bool | `false` | Enable mTLS onn Auth server endpoint /jans-auth/restv1/register | +| nginx-ingress.ingress.authServerProtectedToken | bool | `false` | Enable mTLS on Auth server endpoint /jans-auth/restv1/token | +| nginx-ingress.ingress.authServerProtectedTokenLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| nginx-ingress.ingress.configApiLabels | object | `{}` | configAPI ingress resource labels. key app is taken | +| nginx-ingress.ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration | +| nginx-ingress.ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken | +| nginx-ingress.ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration | +| nginx-ingress.ingress.openidConfigLabels | object | `{}` | openid-configuration ingress resource labels. key app is taken | +| nginx-ingress.ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration | +| nginx-ingress.ingress.scimConfigLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| nginx-ingress.ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim | +| nginx-ingress.ingress.scimLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| nginx-ingress.ingress.tls | list | `[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}]` | Secrets holding HTTPS CA cert and key. | +| nginx-ingress.ingress.u2fConfigEnabled | bool | `true` | Enable endpoint /.well-known/fido-configuration | +| nginx-ingress.ingress.u2fConfigLabels | object | `{}` | u2f config ingress resource labels. key app is taken | +| nginx-ingress.ingress.uma2ConfigEnabled | bool | `true` | Enable endpoint /.well-known/uma2-configuration | +| nginx-ingress.ingress.uma2ConfigLabels | object | `{}` | uma2 config ingress resource labels. key app is taken | +| nginx-ingress.ingress.webdiscoveryEnabled | bool | `true` | Enable endpoint /.well-known/simple-web-discovery | +| nginx-ingress.ingress.webdiscoveryLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | +| nginx-ingress.ingress.webfingerEnabled | bool | `true` | Enable endpoint /.well-known/webfinger | +| nginx-ingress.ingress.webfingerLabels | object | `{}` | webfinger ingress resource labels. key app is taken | +| persistence | object | `{"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.0-beta.13"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Gluu Server persistence layer. | +| persistence.dnsConfig | object | `{}` | Add custom dns config | +| persistence.dnsPolicy | string | `""` | Add custom dns policy | +| persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | +| persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | +| persistence.image.tag | string | `"1.0.0-beta.13"` | Image tag to use for deploying. | +| persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| persistence.resources.limits.cpu | string | `"300m"` | CPU limit | +| persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| persistence.resources.requests.cpu | string | `"300m"` | CPU request. | +| persistence.resources.requests.memory | string | `"300Mi"` | Memory request. | +| persistence.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| persistence.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/gluu/gluu/5.0.101/openbanking-values.yaml b/charts/gluu/gluu/5.0.101/openbanking-values.yaml new file mode 100644 index 000000000..f768e7db3 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/openbanking-values.yaml @@ -0,0 +1,634 @@ +# -- OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. +auth-server: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/auth-server + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- Executes the python3 healthcheck. + # https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the auth server if needed. + # https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py + readinessProbe: + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } + +# -- Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. +config: + # -- Add custom normal and secret envs to the service. + usrEnvs: + # -- Add custom normal envs to the service. + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service. + # variable1: value1 + secret: {} + # -- City. Used for certificate creation. + city: Austin + configmap: + # -- Jetty header size in bytes in the auth server + cnJettyRequestHeaderSize: 8192 + # -- SQL database dialect. `mysql` or `pgsql` + cnSqlDbDialect: mysql + # -- SQL database host uri. + cnSqlDbHost: my-release-mysql.default.svc.cluster.local + # -- SQL database port. + cnSqlDbPort: 3306 + # -- SQL database name. + cnSqlDbName: jans + # -- SQL database username. + cnSqlDbUser: jans + # -- SQL database timezone. + cnSqlDbTimezone: UTC + # -- SQL password file holding password from config.configmap.cnSqldbUserPassword . + cnSqlPasswordFile: /etc/jans/conf/sql_password + # -- SQL password injected as config.configmap.cnSqlPasswordFile . + cnSqldbUserPassword: Test1234# + # -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . + cnCacheType: NATIVE_PERSISTENCE + # -- The name of the Kubernetes ConfigMap that will hold the configuration layer + cnConfigKubernetesConfigMap: cn + # [google_envs] Envs related to using Google + # -- Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerServiceAccount: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= + # -- Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleProjectId: google-project-to-save-config-and-secrets-to + # [google_spanner_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Google Spanner ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerInstanceId: "" + # -- Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerDatabaseId: "" + # [google_spanner_envs] END + # [google_secret_manager_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretVersionId: "latest" + # -- Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretNamePrefix: gluu + # -- Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerPassPhrase: Test1234# + # -- Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretVersionId: "latest" + # -- Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretNamePrefix: gluu + # [google_secret_manager_envs] END + # [google_envs] END + # -- Value passed to Java option -XX:MaxRAMPercentage + cnMaxRamPercent: "75.0" + # -- Boolean flag to enable/disable passport chart. Not part of the openbanking distribution. Please leave this disabled. + cnPassportEnabled: false + # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSentinelGroup: "" + # -- Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSslTruststore: "" + # -- Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisType: STANDALONE + # -- Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUrl: "redis.redis.svc.cluster.local:6379" + # -- Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUseSsl: false + # -- Enable SAML-related features; UI menu, etc. Not part of the openbanking distribution. Please leave this disabled. + cnSamlEnabled: false + # -- Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. + cnSecretKubernetesSecret: cn + # -- Loadbalancer address for AWS if the FQDN is not registered. + lbAddr: "" + # -- Country code. Used for certificate creation. + countryCode: US + # -- Email address of the administrator usually. Used for certificate creation. + email: support@gluu.org + image: + # -- Image to use for deploying. + repository: janssenproject/configurator + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Organization name. Used for certificate creation. + orgName: Gluu + # -- Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. + redisPassword: P@assw0rd + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- State code. Used for certificate creation. + state: TX + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). +config-api: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/config-api + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 400Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 400Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- http liveness probe endpoint + httpGet: + path: /jans-config-api/api/v1/health/live + port: 8074 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + # -- http readiness probe endpoint + httpGet: + path: /jans-config-api/api/v1/health/ready + port: 8074 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Parameters used globally across all services helm charts. +global: + # -- Add custom normal and secret envs to the service. + # Envs defined in global.userEnvs will be globally available to all services + usrEnvs: + # -- Add custom normal envs to the service. + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service. + # variable1: value1 + secret: {} + alb: + # -- Activates ALB ingress + ingress: false + + auth-server: + # -- Name of the auth-server service. Please keep it as default. + authServerServiceName: auth-server + # -- Boolean flag to enable/disable auth-server chart. You should never set this to false. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-auth.log target + authLogTarget: "STDOUT" + # -- jans-auth.log level + authLogLevel: "INFO" + # -- http_request_response.log target + httpLogTarget: "FILE" + # -- http_request_response.log level + httpLogLevel: "INFO" + # -- jans-auth_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-auth_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-auth_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-auth_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-auth_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-auth_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-auth_script.log target + scriptLogTarget: "FILE" + # -- jans-auth_script.log level + scriptLogLevel: "INFO" + # -- jans-auth_script.log target + auditStatsLogTarget: "FILE" + # -- jans-auth_audit.log level + auditStatsLogLevel: "INFO" + + auth-server-key-rotation: + # -- Boolean flag to enable/disable the auth-server-key rotation cronjob chart. + enabled: false + # -- Volume storage type if using AWS volumes. + awsStorageType: io1 + # -- Volume storage type if using Azure disks. + azureStorageAccountType: Standard_LRS + # -- Azure storage kind if using Azure disks + azureStorageKind: Managed + casa: + # -- Name of the casa service. Please keep it as default. + casaServiceName: casa + client-api: + # -- Name of the client-api service. Please keep it as default. + clientApiServerServiceName: client-api + # -- Boolean flag to enable/disable the client-api chart. + enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- client-api.log target + clientApiLogTarget: "STDOUT" + # -- client-api.log level + clientApiLogLevel: "INFO" + cloud: + # -- Boolean flag if enabled will strip resources requests and limits from all services. + testEnviroment: false + # -- Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres. + cnJackrabbitCluster: false + # -- Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. + cnPersistenceType: sql + # -- Open banking external signing jwks uri. Used in SSA Validation. + cnObExtSigningJwksUri: "" + # -- Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksCrt: "" + # -- Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksKey: "" + # -- Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksKeyPassPhrase: "" + # -- Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G + cnObExtSigningAlias: "" + # -- Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G + cnObStaticSigningKeyKid: "" + # -- Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64. + cnObTransportCrt: "" + # -- Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. + cnObTransportKey: "" + # -- Open banking AS transport key pas`sphrase to unlock AS transport key. This must be encoded using base64. + cnObTransportKeyPassPhrase: "" + # -- Open banking transport Alias used inside the JVM. + cnObTransportAlias: "" + # -- Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64. + cnObTransportTrustStore: "" + config: + # -- Boolean flag to enable/disable the configuration chart. This normally should never be false + enabled: true + # -- The config backend adapter that will hold Gluu configuration layer. google|kubernetes + configAdapterName: kubernetes + # -- The config backend adapter that will hold Gluu secret layer. google|kubernetes + configSecretAdapter: kubernetes + # -- Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. + cnGoogleApplicationCredentials: /etc/jans/conf/google-credentials.json + config-api: + # -- Name of the config-api service. Please keep it as default. + configApiServerServiceName: config-api + # -- Boolean flag to enable/disable the config-api chart. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- configapi.log target + configApiLogTarget: "STDOUT" + # -- configapi.log level + configApiLogLevel: "INFO" + cr-rotate: + # -- Boolean flag to enable/disable the cr-rotate chart. + enabled: false + # -- Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. + fqdn: demoexample.gluu.org + fido2: + # -- Name of the fido2 service. Please keep it as default. + fido2ServiceName: fido2 + # -- Boolean flag to enable/disable the fido2 chart. + enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- fido2.log target + fido2LogTarget: "STDOUT" + # -- fido2.log level + fido2LogLevel: "INFO" + # -- fido2_persistence.log target + persistenceLogTarget: "FILE" + # -- fido2_persistence.log level + persistenceLogLevel: "INFO" + # -- GCE storage kind if using Google disks + gcePdStorageType: pd-standard + # -- Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. + isFqdnRegistered: false + istio: + # -- Boolean flag that enables using istio side cars with Gluu services. + enabled: false + # -- Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. + ingress: false + # -- The namespace istio is deployed in. The is normally istio-system. + namespace: istio-system + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } + jackrabbit: + # -- Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. If disabled oxShibboleth cannot be run. + enabled: false + # -- Name of the Jackrabbit service. Please keep it as default. + jackRabbitServiceName: jackrabbit + # -- The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. + lbIp: 22.22.22.22 + nginx-ingress: + # -- Boolean flag to enable/disable the nginx-ingress definitions chart. + enabled: true + # -- Gluu distributions supported are: default|openbanking. + distribution: openbanking + persistence: + # -- Boolean flag to enable/disable the persistence chart. + enabled: true + scim: + # -- Name of the scim service. Please keep it as default. + scimServiceName: scim + # -- Boolean flag to enable/disable the SCIM chart. + enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-scim.log target + scimLogTarget: "STDOUT" + # -- jans-scim.log level + scimLogLevel: "INFO" + # -- jans-scim_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-scim_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-scim_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-scim_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-scim_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-scim_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-scim_script.log target + scriptLogTarget: "FILE" + # -- jans-scim_script.log level + scriptLogLevel: "INFO" + # -- StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. + storageClass: + allowVolumeExpansion: true + allowedTopologies: [] + mountOptions: + - debug + # -- parameters: + #fsType: "" + #kind: "" + #pool: "" + #storageAccountType: "" + #type: "" + parameters: {} + provisioner: microk8s.io/hostpath + reclaimPolicy: Retain + volumeBindingMode: WaitForFirstConsumer + oxshibboleth: + # -- Boolean flag to enable/disable the oxShibbboleth chart. Not part of the openbanking distribution. Keep as default. + enabled: false + opendj: + # -- Boolean flag to enable/disable the OpenDJ chart. Not part of the openbanking distribution. Keep as default. + enabled: false + admin-ui: + # -- Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. + enabled: false + upgrade: + # -- Boolean flag used when running upgrading through versions command. + enabled: false + +# -- Nginx ingress definitions chart +nginx-ingress: + ingress: + # -- Enable Admin UI endpoints. COMING SOON. + adminUiEnabled: false + # -- Admin UI ingress resource labels. key app is taken. + adminUiLabels: { } + # -- openid-configuration ingress resource additional annotations. + adminUiAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/openid-configuration + openidConfigEnabled: true + # -- openid-configuration ingress resource labels. key app is taken + openidConfigLabels: { } + # -- openid-configuration ingress resource additional annotations. + openidAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/uma2-configuration + uma2ConfigEnabled: true + # -- uma2 config ingress resource labels. key app is taken + uma2ConfigLabels: { } + # -- uma2 config ingress resource additional annotations. + uma2AdditionalAnnotations: { } + # -- Enable endpoint /.well-known/webfinger + webfingerEnabled: true + # -- webfinger ingress resource labels. key app is taken + webfingerLabels: { } + # -- webfinger ingress resource additional annotations. + webfingerAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/simple-web-discovery + webdiscoveryEnabled: true + # -- webdiscovery ingress resource labels. key app is taken + webdiscoveryLabels: { } + # -- webdiscovery ingress resource additional annotations. + webdiscoveryAdditionalAnnotations: { } + # Enable config API endpoints /jans-config-api + configApiEnabled: true + # -- configAPI ingress resource labels. key app is taken + configApiLabels: { } + # -- ConfigAPI ingress resource additional annotations. + configApiAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/fido-configuration + u2fConfigEnabled: true + # -- u2f config ingress resource labels. key app is taken + u2fConfigLabels: { } + # -- u2f config ingress resource additional annotations. + u2fAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/fido2-configuration + fido2ConfigEnabled: false + # -- fido2 config ingress resource labels. key app is taken + fido2ConfigLabels: { } + # -- fido2 config ingress resource additional annotations. + fido2ConfigAdditionalAnnotations: { } + # -- Enable Auth server endpoints /jans-auth + authServerEnabled: true + # -- Auth server ingress resource labels. key app is taken + authServerLabels: { } + # -- Auth server ingress resource additional annotations. + authServerAdditionalAnnotations: { } + # -- Enable mTLS on Auth server endpoint /jans-auth/restv1/token + authServerProtectedToken: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedTokenLabels: { } + # -- Auth server protected token ingress resource additional annotations. + authServerProtectedTokenAdditionalAnnotations: { } + # -- Enable mTLS onn Auth server endpoint /jans-auth/restv1/register + authServerProtectedRegister: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedRegisterLabels: { } + # -- Auth server protected register ingress resource additional annotations. + authServerProtectedRegisterAdditionalAnnotations: { } + # -- Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + # Enable client certificate authentication + # nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" + # Create the secret containing the trusted ca certificates + # nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" + # Specify the verification depth in the client certificates chain + # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" + # Specify if certificates are passed to upstream server + # nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" + additionalAnnotations: {} + path: / + hosts: + - demoexample.gluu.org + # -- Secrets holding HTTPS CA cert and key. + tls: + - secretName: tls-certificate + hosts: + - demoexample.gluu.org + +# -- Job to generate data and intial config for Gluu Server persistence layer. +persistence: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/persistence-loader + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Resource specs. + resources: + limits: + # -- CPU limit + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } diff --git a/charts/gluu/gluu/5.0.101/questions.yaml b/charts/gluu/gluu/5.0.101/questions.yaml new file mode 100644 index 000000000..0fd1713bc --- /dev/null +++ b/charts/gluu/gluu/5.0.101/questions.yaml @@ -0,0 +1,1191 @@ +questions: +# ================== +# Distribution group +# ================== +- variable: global.distribution + default: "openbanking" + required: true + type: enum + label: Gluu Distribution + description: "Gluu Distribution. Openbanking only contains Config-API and the Auth Server customized for Openbanking industry." + group: "Global Settings" + options: + - "default" + - "openbanking" + +# ======================== +# OpenBanking Distribution +# ======================== +- variable: global.cnObExtSigningJwksUri + required: true + default: "https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks" + description: "Open banking external signing jwks uri. Used in SSA Validation." + type: hostname + group: "OpenBanking Distribution" + label: Openbanking external signing JWKS URI + show_if: "global.distribution=openbanking" + subquestions: + - variable: global.cnObExtSigningJwksCrt + default: "" + required: true + group: "OpenBanking Distribution" + description: "Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set." + type: multiline + label: Open banking external signing jwks AS certificate authority string + - variable: global.cnObExtSigningJwksKey + default: "" + required: true + group: "OpenBanking Distribution" + description: "Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set." + type: multiline + label: Open banking external signing jwks AS key string + - variable: global.cnObExtSigningJwksKeyPassPhrase + default: "" + required: true + group: "OpenBanking Distribution" + description: "Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set." + type: password + label: Open banking external signing jwks AS key passphrase + min_length: 6 + - variable: global.cnObExtSigningAlias + default: "XkwIzWy44xWSlcWnMiEc8iq9s2G" + required: true + group: "OpenBanking Distribution" + description: "Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G" + type: string + label: Open banking external signing AS Alias +- variable: global.cnObStaticSigningKeyKid + default: "Wy44xWSlcWnMiEc8iq9s2G" + required: true + group: "OpenBanking Distribution" + description: "Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G" + type: string + label: Open banking signing AS kid + show_if: "global.distribution=openbanking" +- variable: global.cnObTransportAlias + default: "" + required: false + group: "OpenBanking Distribution" + description: "Open banking transport Alias used inside the JVM." + type: string + label: Open banking transport Alias used inside the JVM. + show_if: "global.distribution=openbanking" + subquestions: + - variable: global.cnObTransportCrt + default: "" + required: true + group: "OpenBanking Distribution" + description: "Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64." + type: multiline + label: Open banking AS transport crt + - variable: global.cnObTransportKey + default: "" + required: true + group: "OpenBanking Distribution" + description: "Open banking AS transport key. Used in SSA Validation. This must be encoded using base64." + type: multiline + label: Open banking AS transport key + - variable: global.cnObTransportKeyPassPhrase + default: "" + required: true + group: "OpenBanking Distribution" + description: "Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64." + type: password + label: Open banking AS transport key passphrase + min_length: 6 + - variable: global.cnObTransportTrustStore + default: "" + required: true + group: "OpenBanking Distribution" + description: "Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64." + type: multiline + label: Open banking external signing jwks AS certificate authority string + +# ======================= +# Optional Services group +# ======================= +- variable: global.admin-ui.enabled + default: false + type: boolean + group: "Optional Services" + required: false + label: Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. This requires a license agreement with Gluu. + show_if: "global.distribution=default" + show_subquestion_if: true + subquestions: + - variable: global.admin-ui.adminUiApiKey + default: "" + required: true + description: "Admin UI license API key. Obtain this from Gluu." + type: multiline + label: Admin UI license API key. Obtain this from Gluu + - variable: global.admin-ui.adminUiProductCode + default: "" + required: true + description: "Admin UI license product code. Obtain this from Gluu." + type: multiline + label: Admin UI license product code. Obtain this from Gluu. + - variable: global.admin-ui.adminUiSharedKey + default: "" + required: true + description: "Admin UI license shared key. Obtain this from Gluu." + type: multiline + label: Admin UI license shared key. Obtain this from Gluu. + - variable: global.admin-ui.adminUiManagementKey + default: "" + required: true + description: "Admin UI license management key. Obtain this from Gluu." + type: multiline + label: Admin UI license management key. Obtain this from Gluu. +- variable: global.auth-server-key-rotation.enabled + default: false + type: boolean + group: "Optional Services" + required: true + label: Enable Auth key rotation cronjob + show_if: "global.distribution=default" + show_subquestion_if: true + subquestions: + - variable: auth-server-key-rotation.keysLife + default: 48 + description: "Auth server key rotation keys life in hours." + type: int + label: Key life +- variable: global.fido2.enabled + default: false + type: boolean + group: "Optional Services" + required: true + show_if: "global.distribution=default" + label: Enable Fido2 + description: "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments." +- variable: global.config-api.enabled + default: false + type: boolean + group: "Optional Services" + required: true + label: Enable ConfigAPI + description: "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)." +- variable: global.scim.enabled + default: false + type: boolean + group: "Optional Services" + required: true + show_if: "global.distribution=default" + label: Enable SCIM + description: "System for Cross-domain Identity Management (SCIM) version 2.0" +- variable: global.client-api.enabled + default: false + type: boolean + group: "Optional Services" + required: true + label: Enable ClientAPI + show_if: "global.distribution=default" + description: "Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting." + show_subquestion_if: true + subquestions: + - variable: config.configmap.cnClientApiApplicationCertCn + default: "client-api" + description: "Client API application keystore name" + type: string + label: Client API application keystore name + - variable: config.configmap.cnClientApiAdminCertCn + default: "client-api" + description: "Client API admin keystore name" + type: string + label: Client API admin keystore name +- variable: global.jackrabbit.enabled + default: false + type: boolean + group: "Optional Services" + required: true + label: Enable Jackrabbit + show_if: "global.distribution=default" + show_subquestion_if: true + description: "Needed for SAML. Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. https://jackrabbit.apache.org/jcr/index.html ." + subquestions: + - variable: jackrabbit.storage.size + default: "4Gi" + description: "Size of Jackrabbit content repository volume storage." + type: string + label: Volume storage + - variable: config.configmap.cnJackrabbitUrl + default: "http://jackrabbit:8080" + description: "Please enter jackrabbit url." + type: hostname + label: Jackrabbit URL + - variable: config.configmap.cnJackrabbitAdminId + default: "admin" + description: "Jackrabbit admin user" + type: string + label: Jackrabbit Admin User + valid_chars: "^[a-z]+$" + - variable: jackrabbit.secrets.cnJackrabbitAdminPassword + default: "Test1234#" + description: "Jackrabbit admin password" + type: password + label: Jackrabbit Admin User Password + min_length: 6 +- variable: installer-settings.jackrabbit.clusterMode + default: false + type: boolean + group: "Optional Services" + required: true + label: Enable Jackrabbit in Cluster Mode (HA) + show_if: "global.jackrabbit.enabled=true" + show_subquestion_if: true + description: "Requires postgres." + subquestions: + - variable: config.configmap.cnJackrabbitPostgresUser + default: "admin" + description: "Jackrabbit postgres user" + type: string + label: Jackrabbit postgres user + valid_chars: "^[a-z]+$" + - variable: jackrabbit.secrets.cnJackrabbitPostgresPassword + default: "admin" + description: "Jackrabbit postgres password" + type: password + label: Jackrabbit postgres password + + - variable: config.configmap.cnJackrabbitPostgresDatabaseName + default: "jackrabbit" + description: "Jackrabbit postgres database name" + type: string + label: Jackrabbit postgres database name + +# ====================== +# Test environment group +# ====================== +- variable: global.cloud.testEnviroment + default: false + type: boolean + group: "Test Environment" + required: true + label: Test environment + description: "Boolean flag if enabled will strip resources requests and limits from all services." + +# ================= +# Persistence group +# ================= +- variable: global.cnPersistenceType + default: "sql" + required: true + type: enum + group: "Persistence" + label: Gluu Persistence backend + description: "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner" + options: + - "ldap" + - "couchbase" + - "hybrid" + - "spanner" + - "sql" +# LDAP +- variable: global.opendj.enabled + default: false + type: boolean + group: "Persistence" + required: true + label: Enable installation of OpenDJ + description: "Boolean flag to enable/disable the OpenDJ chart." + show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnLdapUrl + default: "opendj:1636" + type: hostname + group: "Persistence" + required: true + label: OpenDJ remote URL + description: "OpenDJ remote URL. This must be resolvable by the pods" + show_if: "global.opendj.enabled=false&&global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnPersistenceLdapMapping + default: "default" + required: false + type: enum + group: "Persistence" + label: Gluu Persistence LDAP mapping + description: "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`." + options: + - "default" + - "user" + - "site" + - "cache" + - "token" + - "session" + show_if: "global.cnPersistenceType=hybrid" +# Multi cluster ldap replication +- variable: opendj.multiCluster.enabled + default: false + type: boolean + group: "Persistence" + required: true + label: Enable OpenDJ multiCluster mode + description: "Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster`" + show_if: "global.opendj.enabled=true" + show_subquestion_if: true + subquestions: + - variable: opendj.multiCluster.serfAdvertiseAddrSuffix + default: "regional.gluu.org:30946s" + type: hostname + group: "Persistence" + required: true + description: "OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }}" + label: OpenDJ Serf advertise address suffix + - variable: opendj.multiCluster.replicaCount + default: 1 + type: int + group: "Persistence" + required: true + description: "The number of opendj non scalable statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org" + label: The number of opendj non scalable statefulsets to create. + - variable: opendj.multiCluster.clusterId + default: "west" + type: string + group: "Persistence" + required: true + description: "This id needs to be unique to each kubernetes cluster in a multi cluster setup; west, east, south, north, region ...etc If left empty it will be randomly generated." + label: Unique kubernetes cluster id + - variable: opendj.multiCluster.serfPeers + default: "['gluu-opendj-regional-0-regional.gluu.org:30946', 'gluu-opendj-regional-0-regional.gluu.org:31946']" + type: string + group: "Persistence" + required: true + description: "Serf peer addresses. One per replica." + label: Serf peer addresses +# SQL +- variable: config.configmap.cnSqlDbDialect + default: "default" + required: false + type: enum + group: "Persistence" + label: Gluu SQL Database dialect + description: "SQL database dialect. `mysql` or `pgsql`. The former is still not supported yet!" + options: + - "mysql" + - "pgsql" + show_if: "global.cnPersistenceType=sql" +- variable: config.configmap.cnSqlDbHost + default: "my-release-mysql.default.svc.cluster.local" + required: false + type: hostname + group: "Persistence" + label: SQL database host uri + description: "SQL database host uri" + show_if: "global.cnPersistenceType=sql" +- variable: config.configmap.cnSqlDbPort + default: 3306 + required: false + type: int + group: "Persistence" + label: SQL database port + description: "SQL database port" + show_if: "global.cnPersistenceType=sql" +- variable: config.configmap.cnSqlDbUser + default: "gluu" + group: "Persistence" + description: "SQL database username" + type: string + label: SQL database username + valid_chars: "^[a-z]+$" + show_if: "global.cnPersistenceType=sql" +- variable: config.configmap.cnSqldbUserPassword + default: "Test1234#" + group: "Persistence" + description: "SQL password" + type: password + label: SQL password + + show_if: "global.cnPersistenceType=sql" +- variable: config.configmap.cnSqlDbName + default: "gluu" + group: "Persistence" + description: "SQL database name" + type: string + label: SQL database name + show_if: "global.cnPersistenceType=sql" +# Spanner +- variable: config.configmap.cnGoogleSpannerInstanceId + default: "" + group: "Persistence" + description: "The google spanner instance ID" + type: string + label: Google Spanner Instance ID + show_if: "global.cnPersistenceType=spanner" +- variable: config.configmap.cnGoogleSpannerDatabaseId + default: "" + group: "Persistence" + description: "The google spanner database ID" + type: string + label: Google Spanner Database ID + show_if: "global.cnPersistenceType=spanner" +- variable: config.configmap.cnGoogleSecretManagerServiceAccount + default: "" + group: "Persistence" + description: "The service account with access roles/secretmanager.admin to use Google secret manager and/or roles/spanner.databaseUser to use Spanner." + type: multiline + label: Google Spanner Service Account json + show_if: "global.cnPersistenceType=spanner" +- variable: config.configmap.cnGoogleProjectId + default: "" + group: "Persistence" + description: "The Google Project ID" + type: string + label: Google Project ID + show_if: "global.cnPersistenceType=spanner" +#Couchbase +- variable: config.configmap.cnCouchbaseCrt + default: "" + group: "Persistence" + description: "Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required." + type: multiline + label: Couchbase certificate authority string + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnCouchbaseUrl + default: "gluu.cbns.svc.cluster.local" + required: false + type: hostname + group: "Persistence" + label: Couchbase host uri + description: "Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster" + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnCouchbaseBucketPrefix + default: "gluu" + type: string + description: "The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu." + group: "Persistence" + required: true + label: The prefix of Couchbase buckets + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnCouchbaseIndexNumReplica + default: 0 + type: int + description: "The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1." + group: "Persistence" + required: true + label: The number of replicas per index created + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnCouchbaseSuperUser + default: "admin" + group: "Persistence" + description: "he Couchbase super user (admin) user name. This user is used during initialization only." + type: string + label: The Couchbase super user (admin) user name. + valid_chars: "^[a-z]+$" + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnCouchbaseSuperUserPassword + default: "Test1234#" + group: "Persistence" + description: "Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization and upgrade process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" + type: password + label: Couchbase password for the super users + + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnCouchbaseUser + default: "gluu" + group: "Persistence" + description: "Couchbase restricted user, used in Gluu operations with Couchbase. Used only when global.cnPersistenceType is hybrid or couchbase." + type: string + label: Couchbase restricted username + valid_chars: "^[a-z]+$" + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" +- variable: config.configmap.cnCouchbasePassword + default: "Test1234#" + group: "Persistence" + description: "Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ." + type: password + label: Couchbase password for the restricted user + show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid" + +# ============================== +# StorageClass and volume group +# ============================== +- variable: global.storageClass.provisioner + default: "microk8s.io/hostpath" + type: string + group: "Volumes" + required: true + label: StorageClass provisioner + show_if: "global.cnPersistenceType=ldap||global.jackrabbit.enabled=true" + subquestions: + - variable: global.storageClass.allowVolumeExpansion + default: true + type: boolean + group: "Volumes" + required: true + label: StorageClass Volume expansion + - variable: global.storageClass.reclaimPolicy + default: "Retain" + type: enum + group: "Volumes" + required: true + label: StorageClass reclaimPolicy + options: + - "Delete" + - "Retain" + - variable: global.storageClass.volumeBindingMode + default: "WaitForFirstConsumer" + type: enum + group: "Volumes" + required: true + options: + - "WaitForFirstConsumer" + - "Immediate" + label: StorageClass volumeBindingMode + +# =========== +# Cache group +# =========== +- variable: config.configmap.cnCacheType + default: "NATIVE_PERSISTENCE" + required: true + type: enum + group: "Cache" + label: Gluu Cache + description: "Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` ." + options: + - "NATIVE_PERSISTENCE" + - "IN_MEMORY" + - "REDIS" + show_subquestion_if: "REDIS" + subquestions: + - variable: config.configmap.cnRedisType + default: "STANDALONE" + type: enum + group: "Cache" + required: false + label: Redix service type + description: "Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`." + options: + - "STANDALONE" + - "CLUSTER" + - variable: config.redisPassword + default: "Test1234#" + type: password + group: "Cache" + required: false + label: Redis admin password + description: "Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`." + + - variable: config.configmap.cnRedisUrl + default: "redis.redis.svc.cluster.local:6379" + required: false + type: hostname + group: "Cache" + label: Redis URL + description: "Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`." + +# ================== +# Configuration group +# ================== +- variable: global.fqdn + default: "demoexample.gluu.org" + required: true + type: hostname + group: "Configuration" + label: Gluu Installation FQDN + description: "Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services." +- variable: global.countryCode + default: "US" + required: true + type: string + group: "Configuration" + label: Country code + description: "Country code. Used for certificate creation." +- variable: config.state + default: "TX" + required: true + type: string + group: "Configuration" + label: State code + description: "State code. Used for certificate creation." +- variable: config.city + default: "Austin" + required: true + type: string + group: "Configuration" + label: City + description: "City. Used for certificate creation." +- variable: config.email + default: "support@gluu.org" + required: true + type: string + group: "Configuration" + label: Email + description: "Email address of the administrator usually. Used for certificate creation." +- variable: config.orgName + default: "Gluu" + required: true + type: string + group: "Configuration" + label: Organization + description: "Organization name. Used for certificate creation." +- variable: config.adminPassword + default: "Test1234#" + type: password + group: "Configuration" + required: true + label: Admin UI password + description: "Admin password to log in to the UI." + +- variable: config.ldapPassword + default: "Test1234#" + type: password + group: "Configuration" + required: true + label: LDAP password + description: "LDAP admin password if OpenDJ is used for persistence" + show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid" + +- variable: global.isFqdnRegistered + default: true + required: true + type: boolean + group: "Configuration" + label: Is the FQDN globally resolvable + description: "Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically." +- variable: config.migration.enabled + default: false + required: true + type: boolean + group: "Configuration" + label: Migration from Gluu CE + description: "Boolean flag to enable migration from CE" + show_subquestion_if: true + subquestions: + - variable: config.migration.migrationDataFormat + default: "ldif" + type: enum + group: "Configuration" + required: false + label: Migration data-format + description: "Migration data-format depending on persistence backend." + options: + - "ldif" + - "couchbase+json" + - "spanner+avro" + - "postgresql+json" + - "mysql+json" + - variable: config.migration.migrationDir + default: "/ce-migration" + required: false + type: string + group: "Configuration" + label: Migration Directory + description: "Directory holding all migration files" + +# =========================== +# Ingress group(Istio, NGINX) +# =========================== + +# =========== +# Istio group +# =========== +- variable: global.istio.enabled + default: false + type: boolean + group: "Istio" + required: true + description: "Boolean flag that enables using istio side cars with Gluu services." + label: Use Istio side cars + show_subquestion_if: true + subquestions: + - variable: global.istio.ingress + default: false + type: boolean + group: "Istio" + required: true + description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available." + label: Use Istio Ingress + - variable: global.istio.namespace + default: "istio-system" + type: string + group: "Istio" + required: true + description: "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available." + label: Istio namespace + - variable: config.configmap.lbAddr + default: "" + group: "Istio" + description: "Istio loadbalancer address (eks) or ip (gke, aks, digital ocean, local)" + type: hostname + label: LB address or ip + +# =========== +# NGINX group +# =========== +- variable: config.configmap.lbAddr + default: "" + group: "NGINX" + show_if: "global.istio.ingress=false&&global.isFqdnRegistered=false" + description: "loadbalancer address (eks) or ip (gke, aks, digital ocean, local)" + type: hostname + label: LB address or ip +- variable: nginx-ingress.ingress.adminUiEnabled + default: false + type: boolean + group: "NGINX" + required: false + show_if: "global.istio.ingress=false" + description: "Enable Admin UI endpoints. COMING SOON." + label: Enable Admin UI endpoints + subquestions: + - variable: nginx-ingress.ingress.openidConfigEnabled + default: true + type: boolean + group: "NGINX" + required: true + description: "Enable endpoint /.well-known/openid-configuration" + label: Enable endpoint /.well-known/openid-configuration + - variable: nginx-ingress.ingress.uma2ConfigEnabled + default: true + type: boolean + group: "NGINX" + required: true + description: "Enable endpoint /.well-known/uma2-configuration" + label: Enable endpoint /.well-known/uma2-configuration + - variable: nginx-ingress.ingress.webfingerEnabled + default: true + type: boolean + group: "NGINX" + required: true + description: "Enable endpoint /.well-known/webfinger" + label: Enable endpoint /.well-known/webfinger + - variable: nginx-ingress.ingress.webdiscoveryEnabled + default: true + type: boolean + group: "NGINX" + required: true + description: "Enable endpoint /.well-known/simple-web-discovery" + label: Enable endpoint /.well-known/simple-web-discovery + - variable: nginx-ingress.ingress.configApiEnabled + default: true + type: boolean + group: "NGINX" + required: true + description: "Enable config API endpoints /jans-config-api" + label: Enable config API endpoints /jans-config-api + - variable: nginx-ingress.ingress.u2fConfigEnabled + default: true + type: boolean + group: "NGINX" + required: true + description: "Enable endpoint /.well-known/fido-configuration" + label: Enable endpoint /.well-known/fido-configuration + - variable: nginx-ingress.ingress.authServerEnabled + default: true + type: boolean + group: "NGINX" + required: true + description: "Enable Auth server endpoints /jans-auth" + label: Enable Auth server endpoints /jans-auth +- variable: nginx-ingress.ingress.fido2ConfigEnabled + default: false + type: boolean + group: "NGINX" + show_if: "global.distribution=default&&global.istio.ingress=false" + required: true + description: "Enable endpoint /.well-known/fido2-configuration" + label: Enable endpoint /.well-known/fido2-configuration +- variable: nginx-ingress.ingress.authServerProtectedToken + default: true + type: boolean + group: "NGINX" + show_if: "global.distribution=openbanking&&global.istio.ingress=false" + required: true + description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/token" + label: Enable mTLS on Auth server endpoint /jans-auth/restv1/token +- variable: nginx-ingress.ingress.authServerProtectedRegister + default: true + type: boolean + group: "NGINX" + show_if: "global.distribution=openbanking&&global.istio.ingress=false" + required: true + description: "Enable mTLS on Auth server endpoint /jans-auth/restv1/register" + label: Enable mTLS onn Auth server endpoint /jans-auth/restv1/register +- variable: nginx-ingress.ingress.scimConfigEnabled + default: false + type: boolean + group: "NGINX" + show_if: "global.distribution=default&&global.istio.ingress=false" + required: true + description: "Enable endpoint /.well-known/scim-configuration" + label: Enable endpoint /.well-known/scim-configuration +- variable: nginx-ingress.ingress.scimEnabled + default: false + type: boolean + group: "NGINX" + show_if: "global.distribution=default&&global.istio.ingress=false" + required: true + description: "Enable SCIM endpoints /jans-scim" + label: Enable SCIM endpoints /jans-scim + +# ============ +# Images group +# ============ +# AuthServer +- variable: auth-server.image.repository + required: true + type: string + default: "janssenproject/auth-server" + description: "The Auth Server Image repository" + label: Auth Server image repo + group: "Images" + show_if: "global.auth-server.enabled=true" +- variable: auth-server.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The Auth Server Image pull policy" + label: Auth Server imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.auth-server.enabled=true" +- variable: auth-server.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The Auth Server Image tag" + label: Auth Server image tag + group: "Images" + show_if: "global.auth-server.enabled=true" +# AuthServer KeyRotation +- variable: auth-server-key-rotation.image.repository + required: true + type: string + default: "janssenproject/certmanager" + description: "The Auth Server KeyRotation Image repository" + label: Auth Server KeyRotation image repo + group: "Images" + show_if: "global.auth-server-key-rotation.enabled=true" +- variable: auth-server-key-rotation.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The Auth Server KeyRotation Image pull policy" + label: Auth Server KeyRotation imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.auth-server-key-rotation.enabled=true" +- variable: auth-server-key-rotation.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The Auth Server Image tag" + label: Auth Server KeyRotation image tag + group: "Images" + show_if: "global.auth-server-key-rotation.enabled=true" +# ClientAPI +- variable: client-api.image.repository + required: true + type: string + default: "janssenproject/client-api" + description: "The ClientAPI Image repository" + label: ClientAPI image repo + group: "Images" + show_if: "global.client-api.enabled=true" +- variable: client-api.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The ClientAPI Image pull policy" + label: ClientAPI imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.client-api.enabled=true" +- variable: client-api.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The ClientAPI Image tag" + label: ClientAPI image tag + group: "Images" + show_if: "global.client-api.enabled=true" +# Configurator +- variable: config.image.repository + required: true + type: string + default: "janssenproject/configurator" + description: "The Configurator Image repository" + label: Configurator image repo + group: "Images" + show_if: "global.config.enabled=true" +- variable: config.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The Configurator Image pull policy" + label: Configurator imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.config.enabled=true" +- variable: config.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The Configurator Image tag" + label: Configurator image tag + group: "Images" + show_if: "global.config.enabled=true" +# ConfigAPI +- variable: config-api.image.repository + required: true + type: string + default: "janssenproject/config-api" + description: "The ConfigAPI Image repository" + label: ConfigAPI image repo + group: "Images" + show_if: "global.config-api.enabled=true" +- variable: config-api.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The ConfigAPI Image pull policy" + label: ConfigAPI imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.config-api.enabled=true" +- variable: config-api.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The ConfigAPI Image tag" + label: ConfigAPI image tag + group: "Images" + show_if: "global.config-api.enabled=true" +# Fido2 +- variable: fido2.image.repository + required: true + type: string + default: "janssenproject/fido2" + description: "The Fido2 Image repository" + label: Fido2 image repo + group: "Images" + show_if: "global.fido2.enabled=true" +- variable: fido2.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The Fido2 Image pull policy" + label: Fido2 imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.fido2.enabled=true" +- variable: fido2.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The Fido2 Image tag" + label: Fido2 image tag + group: "Images" + show_if: "global.fido2.enabled=true" +# Jackrabbit +- variable: jackrabbit.image.repository + required: true + type: string + default: "janssenproject/jackrabbit" + description: "The Jackrabbit Image repository" + label: Jackrabbit image repo + group: "Images" + show_if: "global.jackrabbit.enabled=true" +- variable: jackrabbit.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The Jackrabbit Image pull policy" + label: Jackrabbit imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.jackrabbit.enabled=true" +- variable: jackrabbit.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The Jackrabbit Image tag" + label: Jackrabbit image tag + group: "Images" + show_if: "global.jackrabbit.enabled=true" +# OpenDJ +- variable: opendj.image.repository + required: true + type: string + default: "gluufederation/opendj" + description: "The OpenDJ Image repository" + label: OpenDJ image repo + group: "Images" + show_if: "global.opendj.enabled=true" +- variable: opendj.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The OpenDJ Image pull policy" + label: OpenDJ imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.opendj.enabled=true" +- variable: opendj.image.tag + required: true + type: string + default: "5.0.0_dev" + description: "The OpenDJ Image tag" + label: OpenDJ image tag + group: "Images" + show_if: "global.opendj.enabled=true" +# Persistence +- variable: persistence.image.repository + required: true + type: string + default: "janssenproject/persistence-loader" + description: "The Persistence Image repository" + label: Persistence image repo + group: "Images" + show_if: "global.persistence.enabled=true" +- variable: persistence.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The Persistence Image pull policy" + label: Persistence imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.persistence.enabled=true" +- variable: persistence.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The Persistence Image tag" + label: Persistence image tag + group: "Images" + show_if: "global.persistence.enabled=true" +# SCIM +- variable: scim.image.repository + required: true + type: string + default: "janssenproject/scim" + description: "The SCIM Image repository" + label: SCIM image repo + group: "Images" + show_if: "global.scim.enabled=true" +- variable: scim.image.pullPolicy + required: true + type: enum + group: "Images" + default: IfNotPresent + description: "The SCIM Image pull policy" + label: SCIM imagePullPolicy + options: + - "Always" + - "IfNotPresent" + - "Never" + show_if: "global.scim.enabled=true" +- variable: scim.image.tag + required: true + type: string + default: "1.0.0-beta.13" + description: "The SCIM Image tag" + label: SCIM image tag + group: "Images" + show_if: "global.scim.enabled=true" + +# ============== +# Replicas group +# ============== +# AuthServer +- variable: auth-server.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: Auth-server Replicas + description: "Service replica number." + show_if: "global.auth-server.enabled=true" +# ClientAPI +- variable: client-api.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: ClientAPI Replicas + description: "Service replica number." + show_if: "global.client-api.enabled=true" +# ConfigAPI +- variable: config-api.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: ConfigAPI Replicas + description: "Service replica number." + show_if: "global.config-api.enabled=true" +# ConfigAPI +- variable: config-api.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: ConfigAPI Replicas + description: "Service replica number." + show_if: "global.config-api.enabled=true" +# Fido2 +- variable: fido2.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: Fido2 Replicas + description: "Service replica number." + show_if: "global.fido2.enabled=true" +# Jackrabbit +- variable: jackrabbit.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: Jackrabbit Replicas + description: "Service replica number." + show_if: "global.jackrabbit.enabled=true" +# OpenDJ +- variable: opendj.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: OpenDJ Replicas + description: "Service replica number." + show_if: "global.opendj.enabled=true&&opendj.multiCluster.enabled=false" +# SCIM +- variable: scim.replicas + default: 1 + required: false + type: int + group: "Replicas" + label: SCIM Replicas + description: "Service replica number." + show_if: "global.scim.enabled=true" + diff --git a/charts/gluu/gluu/5.0.101/templates/_helpers.tpl b/charts/gluu/gluu/5.0.101/templates/_helpers.tpl new file mode 100644 index 000000000..c5b8d3d30 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cn.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cn.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/gluu/gluu/5.0.101/values.schema.json b/charts/gluu/gluu/5.0.101/values.schema.json new file mode 100644 index 000000000..610844ece --- /dev/null +++ b/charts/gluu/gluu/5.0.101/values.schema.json @@ -0,0 +1,3356 @@ +{ + "$schema":"https://json-schema.org/draft/2020-12/schema#", + "type":"object", + "properties":{ + "admin-ui":{ + "description":"Admin GUI for configuration of the auth-server", + "type":"object", + "properties":{ + + } + }, + "auth-server":{ + "description":"OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.", + "type":"object", + "properties":{ + + } + }, + "auth-server-key-rotation":{ + "description":"Responsible for regenerating auth-keys per x hours", + "type":"object", + "properties":{ + + } + }, + "casa":{ + "description":"Gluu Casa (\"Casa\") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", + "type":"object", + "properties":{ + + } + }, + "client-api":{ + "description":"Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting.", + "type":"object", + "properties":{ + + } + }, + "config":{ + "description":"Configuration parameters for setup and initial configuration secret annd config layers used by Gluu services.", + "type":"object", + "properties":{ + "adminPass":{ + "description":"Admin password to login to the UI", + "$ref":"#/definitions/password" + }, + "city":{ + "description":"City of the company or individual. Used in generating the self-signed certificate", + "type":"string", + "pattern":"^[a-zA-Z]+$" + }, + "configmap":{ + "description":"Configuration parameters mapped to envs in a ConfigMap", + "type":"object", + "properties":{ + "cnSqlDbDialect":{ + "description":"SQL dialect", + "type":"string", + "pattern":"^(mysql)$" + }, + "cnSqlDbHost":{ + "description":"SQL server address or ip", + "anyOf":[ + { + "$ref":"#/definitions/url-pattern" + }, + { + "$ref":"#/definitions/ip-pattern" + } + ] + }, + "cnSqlDbPort":{ + "description":"SQL server port", + "type":"integer" + }, + "cnSqlDbName":{ + "description":"SQL server database name for Jans", + "type":"string", + "pattern":"^[a-z-0-9]+$" + }, + "cnSqlDbUser":{ + "description":"SQL database Jans username", + "type":"string", + "pattern":"^[a-z-0-9]+$" + }, + "cnSqlDbTimezone":{ + "description":"SQL database timezone", + "type":"string", + "pattern":"^(GMT|UTC|ECT|EET|ART|EAT|MET|NET|PLT|IST|BST|VST|CTT|JST|ACT|AET|SST|NST|MIT|HST|AST|PST|PNT|MST|CST|EST|IET|PRT|CNT|AGT|BET|CAT)$" + }, + "cnSqlPasswordFile":{ + "description":"SQL server password file location. This file path must end with sql_password", + "type":"string", + "pattern":".*sql_password\\b.*" + }, + "cnSqldbUserPassword":{ + "description":"Password for user config.configmap.cnSqlDbUser.", + "$ref":"#/definitions/password" + }, + "cnCacheType":{ + "description":"Cache type. NATIVE_PERSISTENCE, REDIS. or IN_MEMORY. Defaults to NATIVE_PERSISTENCE", + "type":"string", + "pattern":"^(NATIVE_PERSISTENCE|REDIS|IN_MEMORY)$" + }, + "cnCasaEnabled":{ + "description":"Enable Casa. Gluu Casa is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", + "type":"boolean" + }, + "cnClientApiAdminCertCn":{ + "description":"Client-api OAuth client admin certificate common name. This should be left to the default value client-api", + "type":"string", + "pattern":"^[a-z-]+$" + }, + "cnClientApiApplicationCertCn":{ + "description":"Client-api OAuth client application certificate common name. This should be left to the default value client-api", + "type":"string", + "pattern":"^[a-z-]+$" + }, + "cnClientApiBindIpAddresses":{ + "description":"Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy", + "$ref":"#/definitions/ip-pattern" + }, + "cnConfigKubernetesConfigMap":{ + "description":"The name of the ConfigMap that will hold the configuration layer", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnCouchbaseBucketPrefix":{ + "description":"The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnCouchbaseCertFile":{ + "description":"Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required.", + "type":"string", + "pattern":".*couchbase.crt\\b.*" + }, + "cnCouchbaseCrt":{ + "description":"Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnCouchbaseIndexNumReplica":{ + "description":"The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1.", + "type":"integer" + }, + "cnCouchbasePass":{ + "description":"Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", + "$ref":"#/definitions/password" + }, + "cnCouchbasePasswordFile":{ + "description":"The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password", + "type":"string", + "pattern":".*couchbase_password\\b.*" + }, + "cnCouchbaseSuperUser":{ + "description":"The Couchbase super user (admin) user name. This user is used during initialization only.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnCouchbaseSuperUserPass":{ + "description":"Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", + "$ref":"#/definitions/password" + }, + "cnCouchbaseSuperUserPassFile":{ + "description":"The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", + "type":"string", + "pattern":".*couchbase_superuser_password\\b.*" + }, + "cnCouchbaseUrl":{ + "description":"Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster", + "$ref":"#/definitions/fqdn-pattern" + }, + "cnCouchbaseUser":{ + "description":"Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnDocumentStoreType":{ + "description":"Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily.", + "type":"string", + "pattern":"^(LOCAL|JCA)$" + }, + "cnJackrabbitAdminId":{ + "description":"Jackrabbit admin uid.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnJackrabbitAdminIdFile":{ + "description":"The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id.", + "type":"string", + "pattern":".*jackrabbit_admin_id\\b.*" + }, + "cnJackrabbitAdminPassFile":{ + "description":"The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password.", + "type":"string", + "pattern":".*jackrabbit_admin_password\\b.*" + }, + "cnJackrabbitPostgresDatabaseName":{ + "description":"Jackrabbit postgres database name.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnJackrabbitPostgresHost":{ + "description":"Postgres url", + "$ref":"#/definitions/fqdn-pattern" + }, + "cnJackrabbitPostgresPasswordFile":{ + "description":"The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password.", + "type":"string", + "pattern":".*postgres_password\\b.*" + }, + "cnJackrabbitPostgresPort":{ + "description":"Jackrabbit Postgres port", + "type":"integer" + }, + "cnJackrabbitPostgresUser":{ + "description":"Jackrabbit Postgres uid", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnJackrabbitSyncInterval":{ + "description":"Interval between files sync (default to 300 seconds).", + "type":"integer" + }, + "cnJackrabbitUrl":{ + "description":"Jackrabbit internal url. Normally left as default.", + "type":"string", + "pattern":"^(http:\/\/)?[a-z0-9-:]+$" + }, + "cnGoogleSecretManagerServiceAccount":{ + "description":"Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnGoogleProjectId":{ + "description":"Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type":"string", + "pattern":"" + }, + "cnGoogleSpannerInstanceId":{ + "description":"Google Spanner ID. Used only when global.cnPersistenceType is spanner.", + "type":"string", + "pattern":"^([a-z0-9\\-])*$" + }, + "cnGoogleSpannerDatabaseId":{ + "description":"Google Spanner Database ID. Used only when global.cnPersistenceType is spanner.", + "type":"string", + "pattern":"^[a-z0-9\\-]*$" + }, + "cnSecretGoogleSecretVersionId":{ + "description":"Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type":"string", + "pattern":"^([0-9]|latest)*$" + }, + "cnSecretGoogleSecretNamePrefix":{ + "description":"Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnGoogleSecretManagerPassPhrase":{ + "description":"Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "$ref":"#/definitions/password" + }, + "cnConfigGoogleSecretVersionId":{ + "description":"Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type":"string", + "pattern":"^([0-9]|latest)*$" + }, + "cnConfigGoogleSecretNamePrefix":{ + "description":"Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type":"string" + }, + "cnLdapUrl":{ + "description":"OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`.", + "type":"string", + "pattern":"^[a-z0-9-:]+$" + }, + "cnMaxRamPercent":{ + "description":"Value passed to Java option -XX:MaxRAMPercentage", + "type":"string", + "pattern":"^(\\d{0,2}(\\.\\d{1,2})?|100(\\.0?)?)$" + }, + "cnScimProtectionMode":{ + "description":"SCIM protection mode OAUTH|TEST|UMA", + "type":"string", + "pattern":"^(OAUTH|TEST|UMA)$" + }, + "cnPassportEnabled":{ + "description":"Boolean flag to enable/disable Passport chart", + "type":"boolean" + }, + "cnPersistenceLdapMapping":{ + "description":"Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`.", + "type":"string", + "pattern":"^(default|user|site|cache|statistic)$" + }, + "cnRedisSentinelGroup":{ + "description":"Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type":"string" + }, + "cnRedisSslTruststore":{ + "description":"Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type":"string" + }, + "cnRedisType":{ + "description":"Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type":"string", + "pattern":"^(SHARDED|STANDALONE|CLUSTER|SENTINEL)$" + }, + "cnRedisUrl":{ + "description":"Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "$ref":"#/definitions/url-pattern" + }, + "cnRedisUseSsl":{ + "description":"Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type":"boolean" + }, + "cnSamlEnabled":{ + "description":"Enable SAML-related features; UI menu, etc.", + "type":"boolean" + }, + "cnSecretKubernetesSecret":{ + "description":"Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "lbAddr":{ + "description":"Loadbalancer address for AWS if the FQDN is not registered.", + "$ref":"#/definitions/url-pattern" + } + } + }, + "countryCode":{ + "description":"Country code. Used for certificate creation.", + "type":"string", + "pattern":"^[A-Z]+$" + }, + "email":{ + "description":"Email address of the administrator usually. Used for certificate creation.", + "$ref":"#/definitions/email-format" + }, + "image":{ + "type":"object", + "properties":{ + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "ldapPassword":{ + "description":"LDAP admin password if OpennDJ is used for persistence.", + "$ref":"#/definitions/password" + }, + "orgName":{ + "description":"Organization name. Used for certificate creation.", + "type":"string", + "pattern":"^[a-zA-Z]+$" + }, + "redisPassword":{ + "description":"Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`", + "$ref":"#/definitions/password" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "state":{ + "description":"State code. Used for certificate creation.", + "type":"string", + "pattern":"^[a-zA-Z]+$" + } + } + }, + "config-api":{ + "description":"Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS).", + "type":"object", + "properties":{ + + } + }, + "cr-rotate":{ + "description":"CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated.", + "type":"object", + "properties":{ + + } + }, + "fido2":{ + "description":"FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.", + "type":"object", + "properties":{ + + } + }, + "global":{ + "description":"Parameters used globally across all services helm charts.", + "type":"object", + "properties":{ + "alb":{ + "type":"object", + "properties":{ + "ingress":{ + "description":"Activates ALB ingress", + "type":"boolean" + } + } + }, + "auth-server":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable auth-server chart. You should never set this to false.", + "type":"boolean" + }, + "authServerServiceName":{ + "description":"Name of the auth-server service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "authLogTarget":{ + "description":"jans-auth.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "authLogLevel":{ + "description":"jans-auth.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "httpLogTarget":{ + "description":"http_request_response target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "httpLogLevel":{ + "description":"http_request_response level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget":{ + "description":"jans-auth_persistence.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceLogLevel":{ + "description":"jans-auth_persistence.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget":{ + "description":"jans-auth_persistence_duration.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel":{ + "description":"jans-auth_persistence_duration.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget":{ + "description":"jans-auth_persistence_ldap_statistics.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel":{ + "description":"jans-auth_persistence_ldap_statistics.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget":{ + "description":"jans-auth_script.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "scriptLogLevel":{ + "description":"jans-auth_script.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "auditStatsLogTarget":{ + "description":"jans-auth_audit.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "auditStatsLogLevel":{ + "description":"jans-auth_audit.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + } + } + }, + "auth-server-key-rotation":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the auth-server-key rotation cronjob chart.", + "type":"boolean" + } + } + }, + "awsStorageType":{ + "description":"Volume stroage type if using AWS volumes.", + "type":"string", + "pattern":"^(io1|io2|gp2|st1|sc1)$" + }, + "azureStorageAccountType":{ + "description":"Volume storage type if using Azure disks.", + "type":"string", + "pattern":"^(Standard_LRS|Premium_LRS|StandardSSD_LRS|UltraSSD_LRS)$" + }, + "azureStorageKind":{ + "description":"Azure storage kind if using Azure disks", + "type":"string", + "pattern":"^(Managed)$" + }, + "client-api":{ + "type":"object", + "properties":{ + "clientApiServerServiceName":{ + "description":"Name of the client-api service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + }, + "enabled":{ + "description":"Boolean flag to enable/disable the client-api chart.", + "type":"boolean" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "clientApiLogTarget":{ + "description":"client-api.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "clientApiLogLevel":{ + "description":"client-api.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + } + } + }, + "cloud":{ + "type":"object", + "properties":{ + "testEnviroment":{ + "description":"Boolean flag if enabled will strip resources requests and limits from all services.", + "type":"boolean" + } + } + }, + "cnJackrabbitCluster":{ + "description":"Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres.", + "type":"boolean" + }, + "cnPersistenceType":{ + "description":"Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner.", + "type":"string", + "pattern":"^(ldap|couchbase|hybrid|sql|spanner)$" + }, + "cnObExtSigningJwksUri":{ + "description":"Open banking external signing jwks uri. Used in SSA Validation.", + "type":"string" + }, + "cnObExtSigningJwksCrt":{ + "description":"Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObExtSigningJwksKey":{ + "description":"Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObExtSigningJwksKeyPassPhrase":{ + "description":"Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObExtSigningAlias":{ + "description":"Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G", + "type":"string" + }, + "cnObStaticSigningKeyKid":{ + "description":"Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G", + "type":"string" + }, + "cnObTransportCrt":{ + "description":"Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportKey":{ + "description":"Open banking AS transport key. Used in SSA Validation. This must be encoded using base64.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportKeyPassPhrase":{ + "description":"Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportAlias":{ + "description":"Open banking transport Alias used inside the JVM.", + "type":"string" + }, + "cnObTransportTrustStore":{ + "description":"Open banking AS transport truststore in .p12 format. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "config":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the configuration chart. This normally should always be true", + "type":"boolean" + } + } + }, + "configAdapterName":{ + "description":"The config backend adapter that will hold Gluu configuration layer. google|kubernetes", + "type":"string", + "pattern":"^(kubernetes|google)$" + }, + "configSecretAdapter":{ + "description":"The config backend adapter that will hold Gluu secret layer. google|kubernetes", + "type":"string", + "pattern":"^(kubernetes|google)$" + }, + "cnGoogleApplicationCredentials":{ + "description":"Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner.", + "type":"string", + "pattern":".*google-credentials.json\\b.*" + }, + "config-api":{ + "type":"object", + "properties":{ + "configApiServerServiceName":{ + "description":"Name of the config-api service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + }, + "enabled":{ + "description":"Boolean flag to enable/disable the config-api chart.", + "type":"boolean" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "configApiLogTarget":{ + "description":"configapi.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "configApiLogLevel":{ + "description":"configapi.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + } + } + }, + "cr-rotate":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the cr-rotate chart.", + "type":"boolean" + } + } + }, + "fqdn":{ + "description":"Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services.", + "$ref":"#/definitions/fqdn-pattern" + }, + "fido2":{ + "type":"object", + "properties":{ + "fido2ServiceName":{ + "description":"Name of the fido2 service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + }, + "enabled":{ + "description":"Boolean flag to enable/disable the fido2 chart.", + "type":"boolean" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "fido2LogTarget":{ + "description":"fido2.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "fido2LogLevel":{ + "description":"fido2.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget":{ + "description":"fido2_persistence.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceLogLevel":{ + "description":"fido2_persistence.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + } + } + }, + "gcePdStorageType":{ + "description":"GCE storage kind if using Google disks", + "type":"string", + "pattern":"^(pd-standard|pd-balanced|pd-ssd)$" + }, + "isFqdnRegistered":{ + "description":"Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically.", + "type":"boolean" + }, + "istio":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag that enables using istio side cars with Gluu services.", + "type":"boolean" + }, + "ingress":{ + "description":"Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.", + "type":"boolean" + }, + "namespace":{ + "description":"The namespace istio is deployed in. The is normally istio-system.", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + } + } + }, + "jackrabbit":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. ", + "type":"boolean" + }, + "jackRabbitServiceName":{ + "description":"Name of the Jackrabbit service. Please keep it as default.", + "pattern":"^[a-z0-9-]+$" + } + } + }, + "lbIp":{ + "description":"The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable.", + "$ref":"#/definitions/ip-pattern" + }, + "nginx-ingress":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the nginx-ingress definitions chart.", + "type":"boolean" + } + } + }, + "opendj":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the OpenDJ chart.", + "type":"boolean" + }, + "ldapServiceName":{ + "description":"Name of the OpenDJ service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + } + } + }, + "oxshibboleth":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the oxShibbboleth chart.", + "type":"boolean" + } + } + }, + "distribution":{ + "description":"Gluu distributions supported are: default|openbanking.", + "type":"string", + "pattern":"^(default|openbanking)$" + }, + "persistence":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the persistence chart.", + "type":"boolean" + } + } + }, + "scim":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag to enable/disable the SCIM chart.", + "type":"boolean" + }, + "scimServiceName":{ + "description":"Name of the scim service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "authLogTarget":{ + "description":"jans-scim.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "authLogLevel":{ + "description":"jans-scim.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget":{ + "description":"jans-scim_persistence.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceLogLevel":{ + "description":"jans-scim_persistence.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget":{ + "description":"jans-scim_persistence_duration.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel":{ + "description":"jans-scim_persistence_duration.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget":{ + "description":"jans-scim_persistence_ldap_statistics.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel":{ + "description":"jans-scim_persistence_ldap_statistics.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget":{ + "description":"jans-scim_script.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "scriptLogLevel":{ + "description":"jans-scim_script.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + } + } + }, + "storageClass":{ + "description":"StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed.", + "type":"object", + "properties":{ + "allowVolumeExpansion":{ + "type":"boolean" + }, + "allowedTopologies":{ + "type":"array", + "items":{ + "type":"string" + } + }, + "mountOptions":{ + "type":"array", + "items":{ + "type":"string" + } + }, + "parameters":{ + "type":"object", + "properties":{ + "fsType":{ + "type":"string" + }, + "kind":{ + "type":"string" + }, + "pool":{ + "type":"string" + }, + "storageAccountType":{ + "type":"string" + }, + "type":{ + "type":"string" + } + } + }, + "provisioner":{ + "type":"string" + }, + "reclaimPolicy":{ + "type":"string" + }, + "volumeBindingMode":{ + "type":"string" + } + } + }, + "upgrade":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Boolean flag used when running helm upgrade command. This allows upgrading the chart without immutable objects errors.", + "type":"boolean" + } + } + } + } + }, + "jackrabbit":{ + "description":"Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. https://jackrabbit.apache.org/jcr/index.html .", + "type":"object", + "properties":{ + + } + }, + "nginx-ingress":{ + "description":"Nginx ingress definitions chart", + "type":"object", + "properties":{ + + } + }, + "opendj":{ + "description":"OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.", + "type":"object", + "properties":{ + + } + }, + "oxpassport":{ + "description":"Gluu interface to Passport.js to support social login and inbound identity.", + "type":"object", + "properties":{ + + } + }, + "oxshibboleth":{ + "description":"Shibboleth project for the Gluu Server's SAML IDP functionality.", + "type":"object", + "properties":{ + + } + }, + "persistence":{ + "description":"Job to generate data and intial config for Gluu Server persistence layer.", + "type":"object", + "properties":{ + + } + }, + "scim":{ + "description":"System for Cross-domain Identity Management (SCIM) version 2.0", + "type":"object", + "properties":{ + + } + } + }, + "allOf":[ + { + "$ref":"#/definitions/admin-ui-enabled" + }, + { + "$ref":"#/definitions/auth-server-enabled" + }, + { + "$ref":"#/definitions/auth-server-key-rotation-enabled" + }, + { + "$ref":"#/definitions/casa-enabled" + }, + { + "$ref":"#/definitions/client-api-enabled" + }, + { + "$ref":"#/definitions/config-api-enabled" + }, + { + "$ref":"#/definitions/cr-rotate-enabled" + }, + { + "$ref":"#/definitions/fido2-enabled" + }, + { + "$ref":"#/definitions/jackrabbit-enabled" + }, + { + "$ref":"#/definitions/nginx-ingress-enabled" + }, + { + "$ref":"#/definitions/opendj-enabled" + }, + { + "$ref":"#/definitions/oxpassport-enabled" + }, + { + "$ref":"#/definitions/oxshibboleth-enabled" + }, + { + "$ref":"#/definitions/persistence-enabled" + }, + { + "$ref":"#/definitions/scim-enabled" + } + ], + "definitions":{ + "password":{ + "anyOf":[ + { + "type":"string", + "minLength":8, + "pattern":"", + "description":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol", + "errors":{ + "minLength":"Password minimum 6 character", + "pattern":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" + } + }, + { + "type":"string", + "maxLength":0 + } + ] + }, + "password-pattern":{ + "type":"string", + "minLength":6, + "pattern":"", + "errors":{ + "minLength":"Password minimum 6 character", + "pattern":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" + } + }, + "email-format":{ + "type":"string", + "format":"email" + }, + "fqdn-pattern":{ + "anyOf":[ + { + "type":"string", + "errors":{ + "pattern":"Setting not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org" + } + }, + { + "type":"string", + "maxLength":0 + } + ] + }, + "url-pattern":{ + "anyOf":[ + { + "type":"string", + "pattern":"(^|\\s)((https?:\\/\\/)?[\\w-]+(\\.[\\w-]+)+\\.?(:\\d+)?(\\/\\S*)?)", + "errors":{ + "pattern":"URL pattern is not meeting standards." + } + }, + { + "type":"string", + "maxLength":0 + } + ] + }, + "ip-pattern":{ + "anyOf":[ + { + "type":"string", + "pattern":"^(\\*|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))$", + "errors":{ + "pattern":"Not a valid IP." + } + }, + { + "type":"string", + "maxLength":0 + } + ] + }, + "admin-ui-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "admin-ui":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "admin-ui":{ + "required":[ + "image", + "replicas", + "resources" + ], + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + } + } + } + }, + "else":true + }, + "auth-server-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "auth-server":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "auth-server":{ + "required":[ + "image", + "replicas", + "resources" + ], + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + } + } + } + }, + "else":true + }, + "auth-server-key-rotation-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "auth-server-key-rotation":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "auth-server-key-rotation":{ + "properties":{ + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "keysLife":{ + "description":"Auth server key rotation keys life in hours", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + }, + "required":[ + "image", + "resources", + "keysLife" + ] + } + } + }, + "else":true + }, + "casa-enabled":{ + "if":{ + "properties":{ + "config":{ + "properties":{ + "configmap":{ + "properties":{ + "cnCasaEnabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "casa":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "service":{ + "type":"object", + "properties":{ + "casaServiceName":{ + "description":"Name of the casa service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + } + } + } + } + } + } + }, + "else":true + }, + "client-api-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "client-api":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "client-api":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + } + } + } + }, + "else":true + }, + "config-api-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "config-api":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "config-api":{ + "required":[ + "image", + "replicas", + "resources" + ], + "type":"object", + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + } + } + } + }, + "else":true + }, + "cr-rotate-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "cr-rotate":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "cr-rotate":{ + "properties":{ + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "service":{ + "type":"object", + "properties":{ + "crRotateServiceName":{ + "description":"Name of the cr-rotate service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + } + } + } + } + } + } + }, + "else":true + }, + "fido2-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "fido2":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "fido2":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "type":"object", + "properties":{ + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "service":{ + "type":"object", + "properties":{ + "fido2ServiceName":{ + "description":"Name of the Fido2 service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + } + } + } + } + } + } + }, + "else":true + }, + "jackrabbit-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "jackrabbit":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "jackrabbit":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "type":"object", + "properties":{ + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "secrets":{ + "type":"object", + "properties":{ + "cnJackrabbitAdminPass": { + "description":"Jackrabbit admin uid password", + "$ref":"#/definitions/password" + }, + "cnJackrabbitPostgresPass":{ + "description":"Jackrabbit Postgres uid password", + "$ref":"#/definitions/password" + } + } + }, + "storage":{ + "type":"object", + "properties":{ + "size":{ + "description":"Jackrabbit volume size", + "type":"string", + "pattern":"^[0-9]Gi+$" + } + } + } + } + } + } + }, + "else":true + }, + "nginx-ingress-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "nginx-ingress":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "nginx-ingress":{ + "type":"object", + "properties":{ + "ingress":{ + "type":"object", + "required":[ + "openidConfigEnabled", + "uma2ConfigEnabled", + "webfingerEnabled", + "webdiscoveryEnabled", + "configApiEnabled", + "u2fConfigEnabled", + "authServerEnabled", + "authServerProtectedToken", + "authServerProtectedRegister", + "additionalAnnotations", + "path", + "hosts", + "tls" + ], + "properties":{ + "adminUiEnabled":{ + "description":"Enable Admin UI endpoints. COMING SOON.", + "type":"boolean" + }, + "adminUiLabels":{ + "description":"Admin UI ingress resource labels. key app is taken.", + "type":"object" + }, + "openidConfigEnabled":{ + "description":"Enable endpoint /.well-known/openid-configuration", + "type":"boolean" + }, + "openidConfigLabels":{ + "description":"openid-configuration ingress resource labels. key app is taken", + "type":"object" + }, + "uma2ConfigEnabled":{ + "description":"Enable endpoint /.well-known/uma2-configuration", + "type":"boolean" + }, + "uma2ConfigLabels":{ + "description":"uma2 config ingress resource labels. key app is taken", + "type":"object" + }, + "webfingerEnabled":{ + "description":"Enable endpoint /.well-known/webfinger", + "type":"boolean" + }, + "webfingerLabels":{ + "description":"webfinger ingress resource labels. key app is taken", + "type":"object" + }, + "webdiscoveryEnabled":{ + "description":"Enable endpoint /.well-known/simple-web-discovery", + "type":"boolean" + }, + "webdiscoveryLabels":{ + "description":"webdiscovery ingress resource labels. key app is taken", + "type":"object" + }, + "scimConfigEnabled":{ + "description":"Enable endpoint /.well-known/scim-configuration", + "type":"boolean" + }, + "scimConfigLabels":{ + "description":"SCIM config ingress resource labels. key app is taken", + "type":"object" + }, + "scimEnabled":{ + "description":"Enable SCIM endpoints /jans-scim", + "type":"boolean" + }, + "scimLabels":{ + "description":"SCIM ingress resource labels. key app is taken", + "type":"object" + }, + "configApiEnabled":{ + "description":"Enable config API endpoints /jans-config-api", + "type":"boolean" + }, + "configApiLabels":{ + "description":"configAPI ingress resource labels. key app is taken", + "type":"object" + }, + "u2fConfigEnabled":{ + "description":"Enable endpoint /.well-known/fido-configuration", + "type":"boolean" + }, + "u2fConfigLabels":{ + "description":"u2f ingress resource labels. key app is taken", + "type":"object" + }, + "fido2ConfigEnabled":{ + "description":"Enable endpoint /.well-known/fido2-configuration", + "type":"boolean" + }, + "fido2ConfigLabels":{ + "description":"fido2 ingress resource labels. key app is taken", + "type":"object" + }, + "authServerEnabled":{ + "description":"Enable Auth server endpoints /jans-auth", + "type":"boolean" + }, + "authServerLabels":{ + "description":"Auth server config ingress resource labels. key app is taken", + "type":"object" + }, + "authServerProtectedToken":{ + "description":"Enable mTLS on Auth server endpoint /jans-auth/restv1/token", + "type":"boolean" + }, + "authServerProtectedTokenLabels":{ + "description":"Auth server protected token ingress resource labels. key app is taken", + "type":"object" + }, + "authServerProtectedRegister":{ + "description":"Enable mTLS onn Auth server endpoint /jans-auth/restv1/register", + "type":"boolean" + }, + "authServerProtectedRedisterLabels":{ + "description":"Auth server protected token ingress resource labels. key app is taken", + "type":"object" + }, + "additionalAnnotations":{ + "description":"Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: \"letsencrypt-prod\"}", + "type":"object" + }, + "hosts":{ + "type":"array", + "items":{ + "$ref":"#/definitions/fqdn-pattern" + } + }, + "path":{ + "type":"string" + }, + "tls":{ + "description":"Secret holding HTTPS CA cert and key.", + "type":"array", + "items":{ + "type":"object", + "properties":{ + "hosts":{ + "type":"array", + "items":{ + "$ref":"#/definitions/fqdn-pattern" + } + }, + "secretName":{ + "type":"string", + "pattern":"^[a-z-]+$" + } + } + } + } + } + } + } + } + } + }, + "else":true + }, + "opendj-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "opendj":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "opendj":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "type":"object", + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "multiCluster":{ + "type":"object", + "properties":{ + "enabled":{ + "description":"Enable OpenDJ multiCluster mode. This flag enabbles loading keys under `opendj.multiCluster`", + "type":"boolean" + }, + "serfAdvertiseAddrSuffix":{ + "description":"OpenDJ Serf advertise address for the cluster", + "type":"string" + }, + "serfKey":{ + "description":"Serf key. This key will automatically sync across clusters.", + "type":"string" + }, + "serfPeers":{ + "description":"Serf peer addresses. One per cluster.", + "type":"array", + "items":{ + "type":"string" + } + } + } + }, + "persistence":{ + "type":"object", + "properties":{ + "size":{ + "description":"OpenDJ volume size", + "type":"string", + "pattern":"^[0-9]Gi+$" + } + } + }, + "ports":{ + "type":"object", + "properties":{ + "tcp-admin":{ + "type":"object", + "properties":{ + "nodePort":{ + "type":"string" + }, + "port":{ + "type":"integer" + }, + "protocol":{ + "type":"string" + }, + "targetPort":{ + "type":"integer" + } + } + }, + "tcp-ldap":{ + "type":"object", + "properties":{ + "nodePort":{ + "type":"string" + }, + "port":{ + "type":"integer" + }, + "protocol":{ + "type":"string" + }, + "targetPort":{ + "type":"integer" + } + } + }, + "tcp-ldaps":{ + "type":"object", + "properties":{ + "nodePort":{ + "type":"string" + }, + "port":{ + "type":"integer" + }, + "protocol":{ + "type":"string" + }, + "targetPort":{ + "type":"integer" + } + } + }, + "tcp-repl":{ + "type":"object", + "properties":{ + "nodePort":{ + "type":"string" + }, + "port":{ + "type":"integer" + }, + "protocol":{ + "type":"string" + }, + "targetPort":{ + "type":"integer" + } + } + }, + "tcp-serf":{ + "type":"object", + "properties":{ + "nodePort":{ + "type":"string" + }, + "port":{ + "type":"integer" + }, + "protocol":{ + "type":"string" + }, + "targetPort":{ + "type":"integer" + } + } + }, + "udp-serf":{ + "type":"object", + "properties":{ + "nodePort":{ + "type":"string" + }, + "port":{ + "type":"integer" + }, + "protocol":{ + "type":"string" + }, + "targetPort":{ + "type":"integer" + } + } + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + } + } + } + }, + "else":true + }, + "oxpassport-enabled":{ + "if":{ + "properties":{ + "config":{ + "properties":{ + "configmap":{ + "properties":{ + "cnPassportEnabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "oxpassport":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "type":"object", + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "service":{ + "type":"object", + "properties":{ + "oxPassportServiceName":{ + "description":"Name of the oxPassport service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + } + } + } + } + } + } + }, + "else":true + }, + "oxshibboleth-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "oxshibboleth":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "oxshibboleth":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "type":"object", + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "service":{ + "type":"object", + "properties":{ + "oxShibbolethServiceName":{ + "description":"Name of the oxShibboleth service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + } + } + } + } + } + } + }, + "else":true + }, + "persistence-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "persistence":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "persistence":{ + "required":[ + "image", + "resources" + ], + "type":"object", + "properties":{ + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + } + } + } + }, + "else":true + }, + "scim-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "scim":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "scim":{ + "required":[ + "image", + "replicas", + "resources", + "service" + ], + "type":"object", + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + }, + "service":{ + "type":"object", + "properties":{ + "scimServiceName":{ + "description":"Name of the SCIM service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + } + } + } + } + } + } + }, + "else":true + } + } +} \ No newline at end of file diff --git a/charts/gluu/gluu/5.0.101/values.yaml b/charts/gluu/gluu/5.0.101/values.yaml new file mode 100644 index 000000000..69b3eb573 --- /dev/null +++ b/charts/gluu/gluu/5.0.101/values.yaml @@ -0,0 +1,1650 @@ +# -- Only used by the installer. These settings do not affect nor are used by the chart +installer-settings: + currentVersion: "" + upgrade: + targetVersion: "" + image: + repository: "" + tag: "" + acceptLicense: "" + namespace: "" + releaseName: "" + nginxIngress: + releaseName: "" + namespace: "" + nodes: + names: "" + zones: "" + ips: "" + images: + edit: "" + aws: + lbType: "" + arn: + enabled: "" + arnAcmCert: "" + vpcCidr: "0.0.0.0/0" + couchbase: + clusterName: "" + namespace: "" + lowResourceInstall: "" + install: "" + customFileOverride: "" + backup: + incrementalSchedule: "" + fullSchedule: "" + retentionTime: "" + storageSize: "" + # Couchbase cert related keys + subjectAlternativeName: "" + commonName: "" + # Couchbase cluster yaml generator keys + totalNumberOfExpectedUsers: "" + totalNumberOfExpectedTransactionsPerSec: "" + volumeType: "" + volumeProvisionStrategy: "" + ldap: + multiClusterIds: [] + subsequentCluster: "" + backup: + fullSchedule: "" + jackrabbit: + clusterMode: "" + postgres: + install: "" + namespace: "" + sql: + install: "" + namespace: "" + google: + useSecretManager: "" + redis: + install: "" + namespace: "" + openbanking: + hasCnObTransportTrustStore: false + cnObTransportTrustStoreP12password: "" + confirmSettings: false + +# -- Admin GUI for configuration of the auth-server +admin-ui: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/admin-ui + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi + # -- Configure the liveness healthcheck for the admin ui if needed. + livenessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 + # -- Configure the readiness healthcheck for the admin ui if needed. + readinessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. +auth-server: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/auth-server + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- Executes the python3 healthcheck. + # https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the auth server if needed. + # https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py + readinessProbe: + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Responsible for regenerating auth-keys per x hours +auth-server-key-rotation: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/certmanager + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Auth server key rotation keys life in hours + keysLife: 48 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. +casa: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/casa + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 500m + # -- Memory limit. + memory: 500Mi + requests: + # -- CPU request. + cpu: 500m + # -- Memory request. + memory: 500Mi + # -- Configure the liveness healthcheck for casa if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the casa if needed. + readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. +client-api: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/client-api + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 400Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 400Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- Executes the python3 healthcheck. + exec: + command: + - curl + - -k + - https://localhost:8443/health-check + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the auth server if needed. + readinessProbe: + tcpSocket: + port: 8443 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. +config: + # -- Add custom normal and secret envs to the service. + usrEnvs: + # -- Add custom normal envs to the service. + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service. + # variable1: value1 + secret: {} + # -- Admin password to log in to the UI. + adminPassword: Test1234# + # -- City. Used for certificate creation. + city: Austin + configmap: + # -- Jetty header size in bytes in the auth server + cnJettyRequestHeaderSize: 8192 + # -- SQL database dialect. `mysql` or `pgsql` + cnSqlDbDialect: mysql + # -- SQL database host uri. + cnSqlDbHost: my-release-mysql.default.svc.cluster.local + # -- SQL database port. + cnSqlDbPort: 3306 + # -- SQL database name. + cnSqlDbName: jans + # -- SQL database username. + cnSqlDbUser: jans + # -- SQL database timezone. + cnSqlDbTimezone: UTC + # -- SQL password file holding password from config.configmap.cnSqldbUserPassword . + cnSqlPasswordFile: /etc/jans/conf/sql_password + # -- SQL password injected as config.configmap.cnSqlPasswordFile . + cnSqldbUserPassword: Test1234# + # -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . + cnCacheType: NATIVE_PERSISTENCE + # -- Enable Casa flag . + cnCasaEnabled: false + # -- Client-api OAuth client admin certificate common name. This should be left to the default value client-api . + cnClientApiAdminCertCn: client-api + # -- Client-api OAuth client application certificate common name. This should be left to the default value client-api. + cnClientApiApplicationCertCn: client-api + # -- Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy + cnClientApiBindIpAddresses: "*" + # -- The name of the Kubernetes ConfigMap that will hold the configuration layer + cnConfigKubernetesConfigMap: cn + # -- The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. + cnCouchbaseBucketPrefix: jans + # -- Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. + cnCouchbaseCertFile: /etc/certs/couchbase.crt + # -- Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. + cnCouchbaseCrt: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= + # -- The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. + cnCouchbaseIndexNumReplica: 0 + # -- Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . + cnCouchbasePassword: P@ssw0rd + # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password + cnCouchbasePasswordFile: /etc/gluu/conf/couchbase_password + # -- The Couchbase super user (admin) user name. This user is used during initialization only. + cnCouchbaseSuperUser: admin + # -- Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol + cnCouchbaseSuperUserPassword: Test1234# + # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. + cnCouchbaseSuperUserPasswordFile: /etc/gluu/conf/couchbase_superuser_password + # -- Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster + cnCouchbaseUrl: cbgluu.default.svc.cluster.local + # -- Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. + cnCouchbaseUser: gluu + # -- Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. + cnDocumentStoreType: JCA + # -- Jackrabbit admin uid. + cnJackrabbitAdminId: admin + # -- The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. + cnJackrabbitAdminIdFile: /etc/gluu/conf/jackrabbit_admin_id + # -- The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. + cnJackrabbitAdminPasswordFile: /etc/gluu/conf/jackrabbit_admin_password + # -- Jackrabbit postgres database name. + cnJackrabbitPostgresDatabaseName: jackrabbit + # -- Postgres url + cnJackrabbitPostgresHost: postgresql.postgres.svc.cluster.local + # -- The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. + cnJackrabbitPostgresPasswordFile: /etc/gluu/conf/postgres_password + # -- Jackrabbit Postgres port + cnJackrabbitPostgresPort: 5432 + # -- Jackrabbit Postgres uid + cnJackrabbitPostgresUser: jackrabbit + # -- Interval between files sync (default to 300 seconds). + cnJackrabbitSyncInterval: 300 + # -- Jackrabbit internal url. Normally left as default. + cnJackrabbitUrl: "http://jackrabbit:8080" + # [google_envs] Envs related to using Google + # -- Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerServiceAccount: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= + # -- Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleProjectId: google-project-to-save-config-and-secrets-to + # [google_spanner_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Google Spanner ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerInstanceId: "" + # -- Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerDatabaseId: "" + # [google_spanner_envs] END + # [google_secret_manager_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretVersionId: "latest" + # -- Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretNamePrefix: gluu + # -- Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerPassPhrase: Test1234# + # -- Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretVersionId: "latest" + # -- Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretNamePrefix: gluu + # [google_secret_manager_envs] END + # [google_envs] END + # -- OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`. + cnLdapUrl: "opendj:1636" + # -- Value passed to Java option -XX:MaxRAMPercentage + cnMaxRamPercent: "75.0" + # -- SCIM protection mode OAUTH|TEST|UMA + cnScimProtectionMode: "OAUTH" + # -- Boolean flag to enable/disable passport chart + cnPassportEnabled: false + # -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. + cnPersistenceLdapMapping: default + # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSentinelGroup: "" + # -- Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSslTruststore: "" + # -- Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisType: STANDALONE + # -- Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUrl: "redis.redis.svc.cluster.local:6379" + # -- Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUseSsl: false + # -- Enable SAML-related features; UI menu, etc. + cnSamlEnabled: false + # -- Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. + cnSecretKubernetesSecret: cn + # -- Loadbalancer address for AWS if the FQDN is not registered. + lbAddr: "" + # -- Country code. Used for certificate creation. + countryCode: US + # -- Email address of the administrator usually. Used for certificate creation. + email: support@gluu.org + image: + # -- Image to use for deploying. + repository: janssenproject/configurator + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- LDAP admin password if OpennDJ is used for persistence. + ldapPassword: P@ssw0rds + # -- Organization name. Used for certificate creation. + orgName: Gluu + # -- Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. + redisPassword: P@assw0rd + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- State code. Used for certificate creation. + state: TX + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + # -- CE to CN Migration section + migration: + # -- Boolean flag to enable migration from CE + enabled: false + # -- Directory holding all migration files + migrationDir: /ce-migration + # -- migration data-format depending on persistence backend. + # Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. + migrationDataFormat: ldif + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). +config-api: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/config-api + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 400Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 400Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- http liveness probe endpoint + httpGet: + path: /jans-config-api/api/v1/health/live + port: 8074 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + # -- http readiness probe endpoint + httpGet: + path: jans-config-api/api/v1/health/ready + port: 8074 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated. +cr-rotate: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/cr-rotate + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 200m + # -- Memory limit. + memory: 200Mi + requests: + # -- CPU request. + cpu: 200m + # -- Memory request. + memory: 200Mi + service: + # -- Name of the cr-rotate service. Please keep it as default. + crRotateServiceName: cr-rotate + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. +fido2: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/fido2 + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 500m + # -- Memory limit. + memory: 500Mi + requests: + # -- CPU request. + cpu: 500m + # -- Memory request. + memory: 500Mi + service: + # -- The name of the fido2 port within the fido2 service. Please keep it as default. + name: http-fido2 + # -- Port of the fido2 service. Please keep it as default. + port: 8080 + # -- Configure the liveness healthcheck for the fido2 if needed. + livenessProbe: + # -- http liveness probe endpoint + httpGet: + path: /jans-fido2/sys/health-check + port: http-fido2 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the fido2 if needed. + readinessProbe: + httpGet: + path: /jans-fido2/sys/health-check + port: http-fido2 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Parameters used globally across all services helm charts. +global: + # -- Add custom normal and secret envs to the service. + # Envs defined in global.userEnvs will be globally available to all services + usrEnvs: + # -- Add custom normal envs to the service. + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service. + # variable1: value1 + secret: {} + alb: + # -- Activates ALB ingress + ingress: false + + admin-ui: + # -- Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. + enabled: false + # -- Name of the admin-ui service. Please keep it as default. + adminUiServiceName: admin-ui + # License parameters + # -- Admin UI license API key. + adminUiApiKey: xxxxxxxxxxx + # -- Admin UI license API key mount location. + adminUiApiKeyFile: /etc/jans/conf/admin_ui_api_key + # -- Admin UI license product code. + adminUiProductCode: xxxxxxxxxxx + # -- Admin UI license product code mount location. + adminUiProductCodeFile: /etc/jans/conf/admin_ui_product_code + # -- Admin UI license shared key. + adminUiSharedKey: xxxxxxxxxxx + # -- Admin UI license shared key mount location. + adminUiSharedKeyFile: /etc/jans/conf/admin_ui_shared_key + # -- Admin UI license management key. + adminUiManagementKey: xxxxxxxxxxx + # -- Admin UI license management key mount location. + adminUiManagementKeyFile: /etc/jans/conf/admin_ui_management_key + + auth-server: + # -- Name of the auth-server service. Please keep it as default. + authServerServiceName: auth-server + # -- Boolean flag to enable/disable auth-server chart. You should never set this to false. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-auth.log target + authLogTarget: "STDOUT" + # -- jans-auth.log level + authLogLevel: "INFO" + # -- http_request_response.log target + httpLogTarget: "FILE" + # -- http_request_response.log level + httpLogLevel: "INFO" + # -- jans-auth_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-auth_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-auth_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-auth_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-auth_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-auth_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-auth_script.log target + scriptLogTarget: "FILE" + # -- jans-auth_script.log level + scriptLogLevel: "INFO" + # -- jans-auth_script.log target + auditStatsLogTarget: "FILE" + # -- jans-auth_audit.log level + auditStatsLogLevel: "INFO" + + auth-server-key-rotation: + # -- Boolean flag to enable/disable the auth-server-key rotation cronjob chart. + enabled: false + # -- Volume storage type if using AWS volumes. + awsStorageType: io1 + # -- Volume storage type if using Azure disks. + azureStorageAccountType: Standard_LRS + # -- Azure storage kind if using Azure disks + azureStorageKind: Managed + casa: + # -- Name of the casa service. Please keep it as default. + casaServiceName: casa + client-api: + # -- Name of the client-api service. Please keep it as default. + clientApiServerServiceName: client-api + # -- Boolean flag to enable/disable the client-api chart. + enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- client-api.log target + clientApiLogTarget: "STDOUT" + # -- client-api.log level + clientApiLogLevel: "INFO" + cloud: + # -- Boolean flag if enabled will strip resources requests and limits from all services. + testEnviroment: false + # -- Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres. + cnJackrabbitCluster: false + # -- Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. + cnPersistenceType: sql + # -- Open banking external signing jwks uri. Used in SSA Validation. + cnObExtSigningJwksUri: "" + # -- Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksCrt: "" + # -- Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksKey: "" + # -- Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksKeyPassPhrase: "" + # -- Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G + cnObExtSigningAlias: "" + # -- Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G + cnObStaticSigningKeyKid: "" + # -- Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64. + cnObTransportCrt: "" + # -- Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. + cnObTransportKey: "" + # -- Open banking AS transport key pas`sphrase to unlock AS transport key. This must be encoded using base64. + cnObTransportKeyPassPhrase: "" + # -- Open banking transport Alias used inside the JVM. + cnObTransportAlias: "" + # -- Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64. + cnObTransportTrustStore: "" + config: + # -- Boolean flag to enable/disable the configuration chart. This normally should never be false + enabled: true + # -- The config backend adapter that will hold Gluu configuration layer. google|kubernetes + configAdapterName: kubernetes + # -- The config backend adapter that will hold Gluu secret layer. google|kubernetes + configSecretAdapter: kubernetes + # -- Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. + cnGoogleApplicationCredentials: /etc/jans/conf/google-credentials.json + config-api: + # -- Name of the config-api service. Please keep it as default. + configApiServerServiceName: config-api + # -- Boolean flag to enable/disable the config-api chart. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- configapi.log target + configApiLogTarget: "STDOUT" + # -- configapi.log level + configApiLogLevel: "INFO" + cr-rotate: + # -- Boolean flag to enable/disable the cr-rotate chart. + enabled: false + # -- Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. + fqdn: demoexample.gluu.org + fido2: + # -- Name of the fido2 service. Please keep it as default. + fido2ServiceName: fido2 + # -- Boolean flag to enable/disable the fido2 chart. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- fido2.log target + fido2LogTarget: "STDOUT" + # -- fido2.log level + fido2LogLevel: "INFO" + # -- fido2_persistence.log target + persistenceLogTarget: "FILE" + # -- fido2_persistence.log level + persistenceLogLevel: "INFO" + # -- GCE storage kind if using Google disks + gcePdStorageType: pd-standard + # -- Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. + isFqdnRegistered: false + istio: + # -- Boolean flag that enables using istio side cars with Gluu services. + enabled: false + # -- Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. + ingress: false + # -- The namespace istio is deployed in. The is normally istio-system. + namespace: istio-system + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } + jackrabbit: + # -- Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. If disabled oxShibboleth cannot be run. + enabled: false + # -- Name of the Jackrabbit service. Please keep it as default. + jackRabbitServiceName: jackrabbit + # -- The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. + lbIp: 22.22.22.22 + nginx-ingress: + # -- Boolean flag to enable/disable the nginx-ingress definitions chart. + enabled: true + opendj: + # -- Boolean flag to enable/disable the OpenDJ chart. + enabled: false + # -- Name of the OpenDJ service. Please keep it as default. + ldapServiceName: opendj + oxpassport: + # -- Name of the oxPassport service. Please keep it as default. + oxPassportServiceName: oxpassport + oxshibboleth: + # -- Name of the oxShibboleth service. Please keep it as default. + oxShibbolethServiceName: oxshibboleth + # -- Boolean flag to enable/disable the oxShibbboleth chart. + enabled: false + # -- Gluu distributions supported are: default|openbanking. + distribution: default + persistence: + # -- Boolean flag to enable/disable the persistence chart. + enabled: true + scim: + # -- Name of the scim service. Please keep it as default. + scimServiceName: scim + # -- Boolean flag to enable/disable the SCIM chart. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-scim.log target + scimLogTarget: "STDOUT" + # -- jans-scim.log level + scimLogLevel: "INFO" + # -- jans-scim_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-scim_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-scim_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-scim_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-scim_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-scim_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-scim_script.log target + scriptLogTarget: "FILE" + # -- jans-scim_script.log level + scriptLogLevel: "INFO" + # -- StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. + storageClass: + allowVolumeExpansion: true + allowedTopologies: [] + mountOptions: + - debug + # -- parameters: + #fsType: "" + #kind: "" + #pool: "" + #storageAccountType: "" + #type: "" + parameters: {} + provisioner: microk8s.io/hostpath + reclaimPolicy: Retain + volumeBindingMode: WaitForFirstConsumer + upgrade: + # -- Boolean flag used when running upgrading through versions command. Used when upgrading with LDAP as the persistence to load the 101x ldif. + enabled: false + +# -- Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications +# https://jackrabbit.apache.org/jcr/index.html +jackrabbit: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/jackrabbit + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1500m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1500m + # -- Memory request. + memory: 1000Mi + secrets: + # -- Jackrabbit admin uid password + cnJackrabbitAdminPassword: Test1234# + # -- Jackrabbit Postgres uid password + cnJackrabbitPostgresPassword: P@ssw0rd + storage: + # -- Jackrabbit volume size + size: 5Gi + # -- Configure the liveness healthcheck for the Jackrabbit if needed. + livenessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the Jackrabbit if needed. + readinessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Nginx ingress definitions chart +nginx-ingress: + ingress: + # -- Enable Admin UI endpoints. COMING SOON. + adminUiEnabled: false + # -- Admin UI ingress resource labels. key app is taken. + adminUiLabels: { } + # -- openid-configuration ingress resource additional annotations. + adminUiAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/openid-configuration + openidConfigEnabled: true + # -- openid-configuration ingress resource labels. key app is taken + openidConfigLabels: { } + # -- openid-configuration ingress resource additional annotations. + openidAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/uma2-configuration + uma2ConfigEnabled: true + # -- uma2 config ingress resource labels. key app is taken + uma2ConfigLabels: { } + # -- uma2 config ingress resource additional annotations. + uma2AdditionalAnnotations: { } + # -- Enable endpoint /.well-known/webfinger + webfingerEnabled: true + # -- webfinger ingress resource labels. key app is taken + webfingerLabels: { } + # -- webfinger ingress resource additional annotations. + webfingerAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/simple-web-discovery + webdiscoveryEnabled: true + # -- webdiscovery ingress resource labels. key app is taken + webdiscoveryLabels: { } + # -- webdiscovery ingress resource additional annotations. + webdiscoveryAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/scim-configuration + scimConfigEnabled: false + # -- SCIM config ingress resource labels. key app is taken + scimConfigLabels: { } + # -- SCIM config ingress resource additional annotations. + scimConfigAdditionalAnnotations: { } + # -- Enable SCIM endpoints /jans-scim + scimEnabled: false + # -- SCIM config ingress resource labels. key app is taken + scimLabels: { } + # -- SCIM ingress resource additional annotations. + scimAdditionalAnnotations: { } + # Enable config API endpoints /jans-config-api + configApiEnabled: true + # -- configAPI ingress resource labels. key app is taken + configApiLabels: { } + # -- ConfigAPI ingress resource additional annotations. + configApiAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/fido-configuration + u2fConfigEnabled: true + # -- u2f config ingress resource labels. key app is taken + u2fConfigLabels: { } + # -- u2f config ingress resource additional annotations. + u2fAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/fido2-configuration + fido2ConfigEnabled: false + # -- fido2 config ingress resource labels. key app is taken + fido2ConfigLabels: { } + # -- fido2 config ingress resource additional annotations. + fido2ConfigAdditionalAnnotations: { } + # -- Enable Auth server endpoints /jans-auth + authServerEnabled: true + # -- Auth server ingress resource labels. key app is taken + authServerLabels: { } + # -- Auth server ingress resource additional annotations. + authServerAdditionalAnnotations: { } + # -- Enable mTLS on Auth server endpoint /jans-auth/restv1/token + authServerProtectedToken: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedTokenLabels: { } + # -- Auth server protected token ingress resource additional annotations. + authServerProtectedTokenAdditionalAnnotations: { } + # -- Enable mTLS onn Auth server endpoint /jans-auth/restv1/register + authServerProtectedRegister: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedRegisterLabels: { } + # -- Auth server protected register ingress resource additional annotations. + authServerProtectedRegisterAdditionalAnnotations: { } + # -- Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + # Enable client certificate authentication + # nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" + # Create the secret containing the trusted ca certificates + # nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" + # Specify the verification depth in the client certificates chain + # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" + # Specify if certificates are passed to upstream server + # nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" + additionalAnnotations: {} + path: / + hosts: + - demoexample.gluu.org + # -- Secrets holding HTTPS CA cert and key. + tls: + - secretName: tls-certificate + hosts: + - demoexample.gluu.org + +# -- OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. +opendj: + # -- Configure ldap backup cronjob + backup: + enabled: true + cronJobSchedule: "*/59 * * * *" + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/opendj + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + multiCluster: + # -- Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster` + enabled: false + # -- OpenDJ Serf advertise address suffix that will be added to each opendj replica. + # i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} + serfAdvertiseAddrSuffix: "regional.gluu.org:30946" + # -- Serf key. This key will automatically sync across clusters. + serfKey: Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk= + # -- Serf peer addresses. One per cluster. + serfPeers: + - "gluu-opendj-regional-0-regional.gluu.org:30946" + - "gluu-opendj-regional-0-regional.gluu.org:31946" + # -- The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows + # the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} + # If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org + replicaCount: 1 + # -- This id needs to be unique to each kubernetes cluster in a multi cluster setup + # west, east, south, north, region ...etc If left empty it will be randomly generated. + clusterId: "" + # -- Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. + # Used when gluu is installed in the same kubernetes cluster more than once. + namespaceIntId: 0 + + persistence: + # -- OpenDJ volume size + size: 5Gi + ports: + tcp-admin: + nodePort: "" + port: 4444 + protocol: TCP + targetPort: 4444 + tcp-ldap: + nodePort: "" + port: 1389 + protocol: TCP + targetPort: 1389 + tcp-ldaps: + nodePort: "" + port: 1636 + protocol: TCP + targetPort: 1636 + tcp-repl: + nodePort: "" + port: 8989 + protocol: TCP + targetPort: 8989 + tcp-serf: + nodePort: "" + port: 7946 + protocol: TCP + targetPort: 7946 + udp-serf: + nodePort: "" + port: 7946 + protocol: UDP + targetPort: 7946 + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1500m + # -- Memory limit. + memory: 2000Mi + requests: + # -- CPU request. + cpu: 1500m + # -- Memory request. + memory: 2000Mi + # -- Configure the liveness healthcheck for OpenDJ if needed. + # https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py + livenessProbe: + # -- Executes the python3 healthcheck. + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 20 + # -- Configure the readiness healthcheck for OpenDJ if needed. + # https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py + readinessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Gluu interface to Passport.js to support social login and inbound identity. +oxpassport: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxpassport + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 700m + # -- Memory limit. + memory: 900Mi + requests: + # -- CPU request. + cpu: 700m + # -- Memory request. + memory: 900Mi + # -- Configure the liveness healthcheck for oxPassport if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 20 + # -- Configure the readiness healthcheck for the oxPassport if needed. + readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + failureThreshold: 20 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Shibboleth project for the Gluu Server's SAML IDP functionality. +oxshibboleth: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxshibboleth + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 1000Mi + # -- Configure the liveness healthcheck for the oxShibboleth if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the casa if needed. + readinessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Job to generate data and intial config for Gluu Server persistence layer. +persistence: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/persistence-loader + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Resource specs. + resources: + limits: + # -- CPU limit + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- System for Cross-domain Identity Management (SCIM) version 2.0 +scim: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/scim + # -- Image tag to use for deploying. + tag: 1.0.0-beta.13 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 1000Mi + service: + # -- The name of the scim port within the scim service. Please keep it as default. + name: http-scim + # -- Port of the scim service. Please keep it as default. + port: 8080 + # -- Configure the liveness healthcheck for SCIM if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /jans-scim/sys/health-check + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the SCIM if needed. + readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /jans-scim/sys/health-check + port: 8080 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } diff --git a/index.yaml b/index.yaml index 485b4f4d1..da3d564a0 100755 --- a/index.yaml +++ b/index.yaml @@ -1197,6 +1197,123 @@ entries: - assets/fpga-operator/fpga-operator-2.5.201.tgz version: 2.5.201 gluu: + - annotations: + artifacthub.io/changes: | + - Gluu 5.0 Openbanking Distribution. Auth-server and config-api. + - Updated new images + - https://gluu.org/docs/openbanking + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/images: | + - name: auth-server + image: janssenproject/auth-server:1.0.0-beta.13 + - name: auth-server-key-rotation + image: janssenproject/certmanager:1.0.0-beta.13 + - name: client-api + image: janssenproject/client-api:1.0.0-beta.13 + - name: configuration-manager + image: janssenproject/configurator:1.0.0-beta.13 + - name: config-api + image: janssenproject/config-api:1.0.0-beta.13 + - name: fido2 + image: janssenproject/fido2:1.0.0-beta.13 + - name: opendj + image: gluufederation/opendj:5.0.0_dev + - name: persistence + image: janssenproject/persistence-loader:1.0.0-beta.13 + - name: scim + image: janssenproject/scim:1.0.0-beta.13 + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "true" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management + catalog.cattle.io/release-name: gluu + apiVersion: v2 + appVersion: 5.0.0 + created: "2021-12-06T09:13:44.889427-05:00" + dependencies: + - condition: global.config.enabled + name: config + repository: "" + version: 5.0.1 + - condition: global.config-api.enabled + name: config-api + repository: "" + version: 5.0.1 + - condition: global.opendj.enabled + name: opendj + repository: "" + version: 5.0.1 + - condition: global.jackrabbit.enabled + name: jackrabbit + repository: "" + version: 5.0.1 + - condition: global.auth-server.enabled + name: auth-server + repository: "" + version: 5.0.1 + - condition: global.admin-ui.enabled + name: admin-ui + repository: "" + version: 5.0.1 + - condition: global.fido2.enabled + name: fido2 + repository: "" + version: 5.0.1 + - condition: global.scim.enabled + name: scim + repository: "" + version: 5.0.1 + - condition: global.nginx-ingress.enabled + name: nginx-ingress + repository: "" + version: 5.0.1 + - condition: global.oxshibboleth.enabled + name: oxshibboleth + repository: "" + version: 5.0.1 + - condition: config.configmap.cnPassportEnabled + name: oxpassport + repository: "" + version: 5.0.1 + - condition: config.configmap.cnCasaEnabled + name: casa + repository: "" + version: 5.0.1 + - condition: global.auth-server-key-rotation.enabled + name: auth-server-key-rotation + repository: "" + version: 5.0.1 + - condition: global.cr-rotate.enabled + name: cr-rotate + repository: "" + version: 5.0.1 + - condition: global.client-api.enabled + name: client-api + repository: "" + version: 5.0.1 + - condition: global.persistence.enabled + name: persistence + repository: "" + version: 5.0.1 + - condition: global.istio.ingress + name: cn-istio-ingress + repository: "" + version: 5.0.1 + description: Gluu Access and Identity Management OpenBanking distribution + digest: e3550c2d34d6febf7ed2d5c59cb6ec9d07b5dcc5fb4258fd67185008663e151e + home: https://www.gluu.org + icon: https://gluu.org/docs/gluu-server/favicon.ico + kubeVersion: '>=v1.21.0-0' + maintainers: + - email: support@gluu.org + name: moabu + name: gluu + sources: + - https://gluu.org/docs/gluu-server + - https://github.com/GluuFederation/cloud-native-edition + urls: + - assets/gluu/gluu-5.0.101.tgz + version: 5.0.101 - annotations: artifacthub.io/changes: | - Gluu 5.0 Openbanking Distribution. Auth-server and config-api. diff --git a/packages/gluu/generated-changes/overlay/questions.yaml b/packages/gluu/generated-changes/overlay/questions.yaml index 4142d0a60..0fd1713bc 100644 --- a/packages/gluu/generated-changes/overlay/questions.yaml +++ b/packages/gluu/generated-changes/overlay/questions.yaml @@ -104,6 +104,39 @@ questions: # ======================= # Optional Services group # ======================= +- variable: global.admin-ui.enabled + default: false + type: boolean + group: "Optional Services" + required: false + label: Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. This requires a license agreement with Gluu. + show_if: "global.distribution=default" + show_subquestion_if: true + subquestions: + - variable: global.admin-ui.adminUiApiKey + default: "" + required: true + description: "Admin UI license API key. Obtain this from Gluu." + type: multiline + label: Admin UI license API key. Obtain this from Gluu + - variable: global.admin-ui.adminUiProductCode + default: "" + required: true + description: "Admin UI license product code. Obtain this from Gluu." + type: multiline + label: Admin UI license product code. Obtain this from Gluu. + - variable: global.admin-ui.adminUiSharedKey + default: "" + required: true + description: "Admin UI license shared key. Obtain this from Gluu." + type: multiline + label: Admin UI license shared key. Obtain this from Gluu. + - variable: global.admin-ui.adminUiManagementKey + default: "" + required: true + description: "Admin UI license management key. Obtain this from Gluu." + type: multiline + label: Admin UI license management key. Obtain this from Gluu. - variable: global.auth-server-key-rotation.enabled default: false type: boolean @@ -127,7 +160,7 @@ questions: label: Enable Fido2 description: "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments." - variable: global.config-api.enabled - default: true + default: false type: boolean group: "Optional Services" required: true @@ -813,7 +846,7 @@ questions: - variable: auth-server.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The Auth Server Image tag" label: Auth Server image tag group: "Images" @@ -842,7 +875,7 @@ questions: - variable: auth-server-key-rotation.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The Auth Server Image tag" label: Auth Server KeyRotation image tag group: "Images" @@ -871,7 +904,7 @@ questions: - variable: client-api.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The ClientAPI Image tag" label: ClientAPI image tag group: "Images" @@ -900,7 +933,7 @@ questions: - variable: config.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The Configurator Image tag" label: Configurator image tag group: "Images" @@ -929,7 +962,7 @@ questions: - variable: config-api.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The ConfigAPI Image tag" label: ConfigAPI image tag group: "Images" @@ -958,7 +991,7 @@ questions: - variable: fido2.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The Fido2 Image tag" label: Fido2 image tag group: "Images" @@ -987,7 +1020,7 @@ questions: - variable: jackrabbit.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The Jackrabbit Image tag" label: Jackrabbit image tag group: "Images" @@ -1045,7 +1078,7 @@ questions: - variable: persistence.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The Persistence Image tag" label: Persistence image tag group: "Images" @@ -1074,7 +1107,7 @@ questions: - variable: scim.image.tag required: true type: string - default: "1.0.0_b12" + default: "1.0.0-beta.13" description: "The SCIM Image tag" label: SCIM image tag group: "Images" diff --git a/packages/gluu/package.yaml b/packages/gluu/package.yaml index 8900ead5a..299697eb7 100644 --- a/packages/gluu/package.yaml +++ b/packages/gluu/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/GluuFederation/cloud-native-edition/releases/download/v5.0.0/gluu-5.0.0.tgz -packageVersion: 00 \ No newline at end of file +url: https://github.com/GluuFederation/cloud-native-edition/releases/download/v5.0.1/gluu-5.0.1.tgz +packageVersion: 01 \ No newline at end of file