diff --git a/assets/gluu/gluu-5.1.1.tgz b/assets/gluu/gluu-5.1.1.tgz index ff789d194..068ccf412 100644 Binary files a/assets/gluu/gluu-5.1.1.tgz and b/assets/gluu/gluu-5.1.1.tgz differ diff --git a/assets/gluu/gluu-5.1.2.tgz b/assets/gluu/gluu-5.1.2.tgz new file mode 100644 index 000000000..6f9552d07 Binary files /dev/null and b/assets/gluu/gluu-5.1.2.tgz differ diff --git a/assets/jfrog/artifactory-ha-107.84.14.tgz b/assets/jfrog/artifactory-ha-107.84.14.tgz new file mode 100644 index 000000000..1e1931696 Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.84.14.tgz differ diff --git a/assets/jfrog/artifactory-jcr-107.84.14.tgz b/assets/jfrog/artifactory-jcr-107.84.14.tgz new file mode 100644 index 000000000..6c9bc8821 Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.84.14.tgz differ diff --git a/assets/percona/psmdb-db-1.16.1.tgz b/assets/percona/psmdb-db-1.16.1.tgz new file mode 100644 index 000000000..bab818fe7 Binary files /dev/null and b/assets/percona/psmdb-db-1.16.1.tgz differ diff --git a/charts/gluu/gluu/Chart.yaml b/charts/gluu/gluu/Chart.yaml index 51a2c76b8..d0bef2e5f 100644 --- a/charts/gluu/gluu/Chart.yaml +++ b/charts/gluu/gluu/Chart.yaml @@ -2,27 +2,29 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/images: | - name: auth-server - image: ghcr.io/janssenproject/jans/auth-server:1.1.1-1 + image: ghcr.io/janssenproject/jans/auth-server:1.1.2-2 - name: auth-server-key-rotation - image: ghcr.io/janssenproject/jans/certmanager:1.1.1-1 + image: ghcr.io/janssenproject/jans/certmanager:1.1.2-2 - name: configuration-manager - image: ghcr.io/janssenproject/jans/configurator:1.1.1-1 + image: ghcr.io/janssenproject/jans/configurator:1.1.2-2 - name: config-api - image: ghcr.io/janssenproject/jans/config-api:1.1.1-1 + image: ghcr.io/janssenproject/jans/config-api:1.1.2-2 - name: fido2 - image: ghcr.io/janssenproject/jans/fido2:1.1.1-1 + image: ghcr.io/janssenproject/jans/fido2:1.1.2-2 - name: persistence - image: ghcr.io/janssenproject/jans/persistence-loader:1.1.1-1 + image: ghcr.io/janssenproject/jans/persistence-loader:1.1.2-2 - name: scim - image: ghcr.io/janssenproject/jans/scim:1.1.1-1 + image: ghcr.io/janssenproject/jans/scim:1.1.2-2 - name: casa - image: ghcr.io/janssenproject/jans/casa:1.1.1-1 + image: ghcr.io/janssenproject/jans/casa:1.1.2-2 - name: admin-ui - image: ghcr.io/gluufederation/flex/admin-ui:5.1.1-1 + image: ghcr.io/gluufederation/flex/admin-ui:5.1.2-1 - name: link - image: ghcr.io/janssenproject/jans/link:1.1.1-1 + image: ghcr.io/janssenproject/jans/link:1.1.2-2 - name: saml - image: ghcr.io/janssenproject/jans/saml:1.1.1-1 + image: ghcr.io/janssenproject/jans/saml:1.1.2-2 + - name: kc-scheduler + image: ghcr.io/janssenproject/jans/kc-scheduler:1.1.2-2 artifacthub.io/license: Apache-2.0 catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management @@ -30,64 +32,68 @@ annotations: catalog.cattle.io/kube-version: '>=v1.21.0-0' catalog.cattle.io/release-name: gluu apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 dependencies: - condition: global.config.enabled name: config repository: file://./charts/config - version: 1.1.1 + version: 1.1.2 - condition: global.config-api.enabled name: config-api repository: file://./charts/config-api - version: 1.1.1 + version: 1.1.2 - condition: global.opendj.enabled name: opendj repository: file://./charts/opendj - version: 5.1.1 + version: 5.1.2 - condition: global.auth-server.enabled name: auth-server repository: file://./charts/auth-server - version: 1.1.1 + version: 1.1.2 - condition: global.admin-ui.enabled name: admin-ui repository: file://./charts/admin-ui - version: 5.1.1 + version: 5.1.2 - condition: global.fido2.enabled name: fido2 repository: file://./charts/fido2 - version: 1.1.1 + version: 1.1.2 - condition: global.scim.enabled name: scim repository: file://./charts/scim - version: 1.1.1 + version: 1.1.2 - condition: global.nginx-ingress.enabled name: nginx-ingress repository: file://./charts/nginx-ingress - version: 5.1.1 + version: 5.1.2 - condition: global.casa.enabled name: casa repository: file://./charts/casa - version: 1.1.1 + version: 1.1.2 - condition: global.auth-server-key-rotation.enabled name: auth-server-key-rotation repository: file://./charts/auth-server-key-rotation - version: 1.1.1 + version: 1.1.2 - condition: global.persistence.enabled name: persistence repository: file://./charts/persistence - version: 1.1.1 + version: 1.1.2 - condition: global.istio.ingress name: cn-istio-ingress repository: file://./charts/cn-istio-ingress - version: 5.1.1 + version: 5.1.2 - condition: global.link.enabled name: link repository: file://./charts/link - version: 1.1.1 + version: 1.1.2 - condition: global.saml.enabled name: saml repository: file://./charts/saml - version: 1.1.1 + version: 1.1.2 +- condition: global.kc-scheduler.enabled + name: kc-scheduler + repository: file://./charts/kc-scheduler + version: 1.1.2 description: Gluu Access and Identity Management home: https://www.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -98,4 +104,4 @@ maintainers: name: gluu sources: - https://docs.gluu.org -version: 5.1.1 +version: 5.1.2 diff --git a/charts/gluu/gluu/README.md b/charts/gluu/gluu/README.md index e4a5c4f83..64f6de971 100644 --- a/charts/gluu/gluu/README.md +++ b/charts/gluu/gluu/README.md @@ -1,6 +1,6 @@ # gluu -![Version: 5.1.1](https://img.shields.io/badge/Version-5.1.1--dev-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 5.1.2](https://img.shields.io/badge/Version-5.1.2-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Gluu Access and Identity Management @@ -22,26 +22,27 @@ Kubernetes: `>=v1.21.0-0` | Repository | Name | Version | |------------|------|---------| -| | admin-ui | 5.1.1 | -| | auth-server | 1.1.1 | -| | auth-server-key-rotation | 1.1.1 | -| | casa | 1.1.1 | -| | cn-istio-ingress | 5.1.1 | -| | config | 1.1.1 | -| | config-api | 1.1.1 | -| | fido2 | 1.1.1 | -| | link | 1.1.1 | -| | nginx-ingress | 5.1.1 | -| | opendj | 5.1.1 | -| | persistence | 1.1.1 | -| | saml | 1.1.1 | -| | scim | 1.1.1 | +| | admin-ui | 5.1.2 | +| | auth-server | 1.1.2 | +| | auth-server-key-rotation | 1.1.2 | +| | casa | 1.1.2 | +| | cn-istio-ingress | 5.1.2 | +| | config | 1.1.2 | +| | config-api | 1.1.2 | +| | fido2 | 1.1.2 | +| | kc-scheduler | 1.1.2 | +| | link | 1.1.2 | +| | nginx-ingress | 5.1.2 | +| | opendj | 5.1.2 | +| | persistence | 1.1.2 | +| | saml | 1.1.2 | +| | scim | 1.1.2 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/admin-ui","tag":"5.1.1-1"},"lifecycle":{},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | +| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/admin-ui","tag":"5.1.2-1"},"lifecycle":{},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | | admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | admin-ui.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -53,7 +54,7 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets | | admin-ui.image.repository | string | `"ghcr.io/gluufederation/flex/admin-ui"` | Image to use for deploying. | -| admin-ui.image.tag | string | `"5.1.1-1"` | Image tag to use for deploying. | +| admin-ui.image.tag | string | `"5.1.2-1"` | Image tag to use for deploying. | | admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | admin-ui.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | @@ -69,8 +70,8 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.1.1-1"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.1-1"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.1.2-2"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.2-2"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -79,7 +80,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server-key-rotation.image.repository | string | `"ghcr.io/janssenproject/jans/certmanager"` | Image to use for deploying. | -| auth-server-key-rotation.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | | auth-server-key-rotation.keysPushDelay | int | `0` | Delay (in seconds) before pushing private keys to Auth server | | auth-server-key-rotation.keysPushStrategy | string | `"NEWER"` | Set key selection strategy after pushing private keys to Auth server (only takes effect when keysPushDelay value is greater than 0) | @@ -105,7 +106,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server.image.repository | string | `"ghcr.io/janssenproject/jans/auth-server"` | Image to use for deploying. | -| auth-server.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| auth-server.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | | auth-server.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -113,7 +114,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.replicas | int | `1` | Service replica number. | | auth-server.resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | | auth-server.resources.limits.cpu | string | `"2500m"` | CPU limit. | -| auth-server.resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| auth-server.resources.limits.memory | string | `"2500Mi"` | Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. | | auth-server.resources.requests.cpu | string | `"2500m"` | CPU request. | | auth-server.resources.requests.memory | string | `"2500Mi"` | Memory request. | | auth-server.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | @@ -122,7 +123,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.1.1-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.1.2-2"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | casa.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -134,7 +135,7 @@ Kubernetes: `>=v1.21.0-0` | casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | casa.image.pullSecrets | list | `[]` | Image Pull Secrets | | casa.image.repository | string | `"ghcr.io/janssenproject/jans/casa"` | Image to use for deploying. | -| casa.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| casa.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | casa.livenessProbe | object | `{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | casa.livenessProbe.httpGet.path | string | `"/jans-casa/health-check"` | http liveness probe endpoint | | casa.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -143,7 +144,7 @@ Kubernetes: `>=v1.21.0-0` | casa.replicas | int | `1` | Service replica number. | | casa.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | | casa.resources.limits.cpu | string | `"500m"` | CPU limit. | -| casa.resources.limits.memory | string | `"500Mi"` | Memory limit. | +| casa.resources.limits.memory | string | `"500Mi"` | Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. | | casa.resources.requests.cpu | string | `"500m"` | CPU request. | | casa.resources.requests.memory | string | `"500Mi"` | Memory request. | | casa.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | @@ -152,8 +153,8 @@ Kubernetes: `>=v1.21.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapKey":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnMessageType":"DISABLED","cnOpaUrl":"http://opa.opa.svc.cluster.cluster.local:8181/v1","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","cnVaultAddr":"http://localhost:8200","cnVaultAppRolePath":"approle","cnVaultKvPath":"secret","cnVaultNamespace":"","cnVaultPrefix":"jans","cnVaultRoleId":"","cnVaultRoleIdFile":"/etc/certs/vault_role_id","cnVaultSecretId":"","cnVaultSecretIdFile":"/etc/certs/vault_secret_id","cnVaultVerify":false,"kcDbPassword":"Test1234#","kcDbSchema":"keycloak","kcDbUrlDatabase":"keycloak","kcDbUrlHost":"mysql.kc.svc.cluster.local","kcDbUrlPort":3306,"kcDbUrlProperties":"?useUnicode=true&characterEncoding=UTF-8&character_set_server=utf8mb4","kcDbUsername":"keycloak","kcDbVendor":"mysql","kcLogLevel":"INFO","kcProxy":"edge","lbAddr":"","quarkusTransactionEnableRecovery":true},"countryCode":"US","customScripts":[],"dnsConfig":{},"dnsPolicy":"","email":"team@gluu.org","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.1.1-1"},"ldapPassword":"P@ssw0rds","ldapTruststorePassword":"changeit","lifecycle":{},"migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.1.1-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapKey":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnMessageType":"DISABLED","cnOpaUrl":"http://opa.opa.svc.cluster.cluster.local:8181/v1","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","cnVaultAddr":"http://localhost:8200","cnVaultAppRolePath":"approle","cnVaultKvPath":"secret","cnVaultNamespace":"","cnVaultPrefix":"jans","cnVaultRoleId":"","cnVaultRoleIdFile":"/etc/certs/vault_role_id","cnVaultSecretId":"","cnVaultSecretIdFile":"/etc/certs/vault_secret_id","cnVaultVerify":false,"kcDbPassword":"Test1234#","kcDbSchema":"keycloak","kcDbUrlDatabase":"keycloak","kcDbUrlHost":"mysql.kc.svc.cluster.local","kcDbUrlPort":3306,"kcDbUrlProperties":"?useUnicode=true&characterEncoding=UTF-8&character_set_server=utf8mb4","kcDbUsername":"keycloak","kcDbVendor":"mysql","kcLogLevel":"INFO","kcProxy":"edge","lbAddr":"","quarkusTransactionEnableRecovery":true},"countryCode":"US","customScripts":[],"dnsConfig":{},"dnsPolicy":"","email":"team@gluu.org","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.1.2-2"},"ldapPassword":"P@ssw0rds","ldapTruststorePassword":"changeit","lifecycle":{},"migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.1.2-2"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | config-api.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -165,17 +166,17 @@ Kubernetes: `>=v1.21.0-0` | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | | config-api.image.repository | string | `"ghcr.io/janssenproject/jans/config-api"` | Image to use for deploying. | -| config-api.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| config-api.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | | config-api.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint | | config-api.replicas | int | `1` | Service replica number. | -| config-api.resources | object | `{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}}` | Resource specs. | +| config-api.resources | object | `{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}}` | Resource specs. | | config-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | -| config-api.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| config-api.resources.limits.memory | string | `"1200Mi"` | Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. | | config-api.resources.requests.cpu | string | `"1000m"` | CPU request. | -| config-api.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| config-api.resources.requests.memory | string | `"1200Mi"` | Memory request. | | config-api.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | config-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | config-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | @@ -254,7 +255,7 @@ Kubernetes: `>=v1.21.0-0` | config.email | string | `"team@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | | config.image.pullSecrets | list | `[]` | Image Pull Secrets | | config.image.repository | string | `"ghcr.io/janssenproject/jans/configurator"` | Image to use for deploying. | -| config.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| config.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpenDJ is used for persistence. | | config.ldapTruststorePassword | string | `"changeit"` | LDAP truststore password if OpenDJ is used for persistence | | config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | @@ -275,7 +276,7 @@ Kubernetes: `>=v1.21.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.1.1-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.1.2-2"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | fido2.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -287,7 +288,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | | fido2.image.repository | string | `"ghcr.io/janssenproject/jans/fido2"` | Image to use for deploying. | -| fido2.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| fido2.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | fido2.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -295,7 +296,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.replicas | int | `1` | Service replica number. | | fido2.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | | fido2.resources.limits.cpu | string | `"500m"` | CPU limit. | -| fido2.resources.limits.memory | string | `"500Mi"` | Memory limit. | +| fido2.resources.limits.memory | string | `"500Mi"` | Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. | | fido2.resources.requests.cpu | string | `"500m"` | CPU request. | | fido2.resources.requests.memory | string | `"500Mi"` | Memory request. | | fido2.service.name | string | `"http-fido2"` | The name of the fido2 port within the fido2 service. Please keep it as default. | @@ -306,7 +307,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true},"lockEnabled":false},"auth-server-key-rotation":{"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnLdapCacertFile":"/etc/certs/opendj.pem","cnLdapCertFile":"/etc/certs/opendj.crt","cnLdapKeyFile":"/etc/certs/opendj.key","cnLdapPasswordFile":"/etc/jans/conf/ldap_password","cnLdapTruststoreFile":"/etc/certs/opendj.pkcs12","cnLdapTruststorePasswordFile":"/etc/jans/conf/ldap_truststore_password","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true},"plugins":"admin-ui,fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false,"fido2Enabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kcAdminCredentialsFile":"/etc/jans/conf/kc_admin_creds","kcDbPasswordFile":"/etc/jans/conf/kc_db_password","lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"persistence":{"enabled":true},"saml":{"cnCustomJavaOptions":"","enabled":false,"ingress":{"samlEnabled":false},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true},"lockEnabled":false},"auth-server-key-rotation":{"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnLdapCacertFile":"/etc/certs/opendj.pem","cnLdapCertFile":"/etc/certs/opendj.crt","cnLdapKeyFile":"/etc/certs/opendj.key","cnLdapPasswordFile":"/etc/jans/conf/ldap_password","cnLdapTruststoreFile":"/etc/certs/opendj.pkcs12","cnLdapTruststorePasswordFile":"/etc/jans/conf/ldap_truststore_password","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true},"plugins":"admin-ui,fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false,"fido2Enabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kc-scheduler":{"enabled":false},"kcAdminCredentialsFile":"/etc/jans/conf/kc_admin_creds","kcDbPasswordFile":"/etc/jans/conf/kc_db_password","lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"persistence":{"enabled":true},"saml":{"cnCustomJavaOptions":"","enabled":false,"ingress":{"samlEnabled":false},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. | | global.admin-ui.enabled | bool | `true` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. | | global.admin-ui.ingress.adminUiEnabled | bool | `false` | Enable Admin UI endpoints in either istio or nginx ingress depending on users choice | @@ -437,6 +438,7 @@ Kubernetes: `>=v1.21.0-0` | global.istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. | | global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. | | global.jobTtlSecondsAfterFinished | int | `300` | https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| global.kc-scheduler.enabled | bool | `false` | Boolean flag to enable/disable the kc-scheduler cronjob chart. | | global.kcAdminCredentialsFile | string | `"/etc/jans/conf/kc_admin_creds"` | Path to file contains Keycloak admin credentials (username and password) | | global.kcDbPasswordFile | string | `"/etc/jans/conf/kc_db_password"` | Path to file contains password for database access | | global.lbIp | string | `"22.22.22.22"` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. | @@ -488,7 +490,28 @@ Kubernetes: `>=v1.21.0-0` | global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | | global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | installer-settings | object | `{"acceptLicense":"","aws":{"arn":{"arnAcmCert":"","enabled":""},"lbType":"","vpcCidr":"0.0.0.0/0"},"confirmSettings":false,"couchbase":{"backup":{"fullSchedule":"","incrementalSchedule":"","retentionTime":"","storageSize":""},"clusterName":"","commonName":"","customFileOverride":"","install":"","lowResourceInstall":"","namespace":"","subjectAlternativeName":"","totalNumberOfExpectedTransactionsPerSec":"","totalNumberOfExpectedUsers":"","volumeType":""},"currentVersion":"","google":{"useSecretManager":""},"images":{"edit":""},"ldap":{"backup":{"fullSchedule":""}},"namespace":"","nginxIngress":{"namespace":"","releaseName":""},"nodes":{"ips":"","names":"","zones":""},"openbanking":{"cnObTransportTrustStoreP12password":"","hasCnObTransportTrustStore":false},"postgres":{"install":"","namespace":""},"redis":{"install":"","namespace":""},"releaseName":"","sql":{"install":"","namespace":""},"volumeProvisionStrategy":""}` | Only used by the installer. These settings do not affect nor are used by the chart | -| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.1.1-1"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1000Mi"},"requests":{"cpu":"500m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | +| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"1.1.2-2"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients | +| kc-scheduler.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| kc-scheduler.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| kc-scheduler.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | +| kc-scheduler.dnsConfig | object | `{}` | Add custom dns config | +| kc-scheduler.dnsPolicy | string | `""` | Add custom dns policy | +| kc-scheduler.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| kc-scheduler.image.pullSecrets | list | `[]` | Image Pull Secrets | +| kc-scheduler.image.repository | string | `"ghcr.io/janssenproject/jans/kc-scheduler"` | Image to use for deploying. | +| kc-scheduler.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | +| kc-scheduler.interval | int | `10` | Interval of running the scheduler (in minutes) | +| kc-scheduler.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| kc-scheduler.resources.limits.cpu | string | `"300m"` | CPU limit. | +| kc-scheduler.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| kc-scheduler.resources.requests.cpu | string | `"300m"` | CPU request. | +| kc-scheduler.resources.requests.memory | string | `"300Mi"` | Memory request. | +| kc-scheduler.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| kc-scheduler.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| kc-scheduler.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| kc-scheduler.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| kc-scheduler.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.1.2-2"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | | link.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | link.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | link.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -500,17 +523,17 @@ Kubernetes: `>=v1.21.0-0` | link.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | link.image.pullSecrets | list | `[]` | Image Pull Secrets | | link.image.repository | string | `"ghcr.io/janssenproject/jans/link"` | Image to use for deploying. | -| link.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| link.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | link.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | link.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | http liveness probe endpoint | | link.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | link.readinessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | http readiness probe endpoint | | link.replicas | int | `1` | Service replica number. | -| link.resources | object | `{"limits":{"cpu":"500m","memory":"1000Mi"},"requests":{"cpu":"500m","memory":"1000Mi"}}` | Resource specs. | +| link.resources | object | `{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}}` | Resource specs. | | link.resources.limits.cpu | string | `"500m"` | CPU limit. | -| link.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| link.resources.limits.memory | string | `"1200Mi"` | Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. | | link.resources.requests.cpu | string | `"500m"` | CPU request. | -| link.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| link.resources.requests.memory | string | `"1200Mi"` | Memory request. | | link.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | link.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | link.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | @@ -588,7 +611,7 @@ Kubernetes: `>=v1.21.0-0` | opendj.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | opendj.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | opendj.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.1.1-1"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.1.2-2"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | persistence.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -597,7 +620,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | | persistence.image.repository | string | `"ghcr.io/janssenproject/jans/persistence-loader"` | Image to use for deploying. | -| persistence.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| persistence.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | persistence.resources.limits.cpu | string | `"300m"` | CPU limit | | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | @@ -608,7 +631,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| saml | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/saml","tag":"1.1.1-1"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1000Mi"},"requests":{"cpu":"500m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | SAML. | +| saml | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/saml","tag":"1.1.2-2"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | SAML. | | saml.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | saml.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | saml.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -620,24 +643,24 @@ Kubernetes: `>=v1.21.0-0` | saml.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | saml.image.pullSecrets | list | `[]` | Image Pull Secrets | | saml.image.repository | string | `"ghcr.io/janssenproject/jans/saml"` | Image to use for deploying. | -| saml.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| saml.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | saml.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | saml.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | http liveness probe endpoint | | saml.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | saml.readinessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | http readiness probe endpoint | | saml.replicas | int | `1` | Service replica number. | -| saml.resources | object | `{"limits":{"cpu":"500m","memory":"1000Mi"},"requests":{"cpu":"500m","memory":"1000Mi"}}` | Resource specs. | +| saml.resources | object | `{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}}` | Resource specs. | | saml.resources.limits.cpu | string | `"500m"` | CPU limit. | -| saml.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| saml.resources.limits.memory | string | `"1200Mi"` | Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. | | saml.resources.requests.cpu | string | `"500m"` | CPU request. | -| saml.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| saml.resources.requests.memory | string | `"1200Mi"` | Memory request. | | saml.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | saml.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | saml.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | | saml.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | saml.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | saml.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.1.1-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.1.2-2"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | scim.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | @@ -649,7 +672,7 @@ Kubernetes: `>=v1.21.0-0` | scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | scim.image.pullSecrets | list | `[]` | Image Pull Secrets | | scim.image.repository | string | `"ghcr.io/janssenproject/jans/scim"` | Image to use for deploying. | -| scim.image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| scim.image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | scim.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -657,9 +680,9 @@ Kubernetes: `>=v1.21.0-0` | scim.readinessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http readiness probe endpoint | | scim.replicas | int | `1` | Service replica number. | | scim.resources.limits.cpu | string | `"1000m"` | CPU limit. | -| scim.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| scim.resources.limits.memory | string | `"1200Mi"` | Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. | | scim.resources.requests.cpu | string | `"1000m"` | CPU request. | -| scim.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| scim.resources.requests.memory | string | `"1200Mi"` | Memory request. | | scim.service.name | string | `"http-scim"` | The name of the scim port within the scim service. Please keep it as default. | | scim.service.port | int | `8080` | Port of the scim service. Please keep it as default. | | scim.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | diff --git a/charts/gluu/gluu/charts/admin-ui/Chart.yaml b/charts/gluu/gluu/charts/admin-ui/Chart.yaml index 5b5a07860..a1c6b4314 100644 --- a/charts/gluu/gluu/charts/admin-ui/Chart.yaml +++ b/charts/gluu/gluu/charts/admin-ui/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Admin GUI. Requires license. home: https://docs.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -17,4 +17,4 @@ sources: - https://github.com/GluuFederation/docker-gluu-admin-ui - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/admin-ui type: application -version: 5.1.1 +version: 5.1.2 diff --git a/charts/gluu/gluu/charts/admin-ui/README.md b/charts/gluu/gluu/charts/admin-ui/README.md index 23596fb8e..1f112ecc2 100644 --- a/charts/gluu/gluu/charts/admin-ui/README.md +++ b/charts/gluu/gluu/charts/admin-ui/README.md @@ -1,6 +1,6 @@ # admin-ui -![Version: 5.1.1](https://img.shields.io/badge/Version-5.1.1--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 5.1.2](https://img.shields.io/badge/Version-5.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Admin GUI. Requires license. @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | -| image.tag | string | `"5.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"5.1.2-1"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | diff --git a/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml b/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml index d364cef18..6acc307d4 100644 --- a/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml +++ b/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml @@ -202,7 +202,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/admin-ui/values.yaml b/charts/gluu/gluu/charts/admin-ui/values.yaml index 0ba7b6819..dd4137cf4 100644 --- a/charts/gluu/gluu/charts/admin-ui/values.yaml +++ b/charts/gluu/gluu/charts/admin-ui/values.yaml @@ -27,7 +27,7 @@ image: # -- Image to use for deploying. repository: gluufederation/admin-ui # -- Image tag to use for deploying. - tag: 5.1.1-1 + tag: 5.1.2-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml index 7f19f03d5..c103628cd 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Responsible for regenerating auth-keys per x hours home: https://docs.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -15,4 +15,4 @@ sources: - https://github.com/JanssenProject/docker-jans-certmanager - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/auth-server-key-rotation type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md index d2af4b5cb..064c7d542 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md @@ -1,6 +1,6 @@ # auth-server-key-rotation -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Responsible for regenerating auth-keys per x hours @@ -34,7 +34,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | keysLife | int | `48` | Auth server key rotation keys life in hours | | keysPushDelay | int | `0` | Delay (in seconds) before pushing private keys to Auth server | | keysPushStrategy | string | `"NEWER"` | Set key selection strategy after pushing private keys to Auth server (only takes effect when keysPushDelay value is greater than 0) | diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml index 3f159db5a..69c024ba6 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml @@ -169,7 +169,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml index 67380da4a..bc4cedfe8 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours diff --git a/charts/gluu/gluu/charts/auth-server/Chart.yaml b/charts/gluu/gluu/charts/auth-server/Chart.yaml index 231185012..6138373c1 100644 --- a/charts/gluu/gluu/charts/auth-server/Chart.yaml +++ b/charts/gluu/gluu/charts/auth-server/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/docker-jans-auth-server - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/auth-server type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/auth-server/README.md b/charts/gluu/gluu/charts/auth-server/README.md index 593c4b9c5..f1c1a8db3 100644 --- a/charts/gluu/gluu/charts/auth-server/README.md +++ b/charts/gluu/gluu/charts/auth-server/README.md @@ -1,6 +1,6 @@ # auth-server -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | diff --git a/charts/gluu/gluu/charts/auth-server/templates/_helpers.tpl b/charts/gluu/gluu/charts/auth-server/templates/_helpers.tpl index 8abe7329d..5e2ef08c4 100644 --- a/charts/gluu/gluu/charts/auth-server/templates/_helpers.tpl +++ b/charts/gluu/gluu/charts/auth-server/templates/_helpers.tpl @@ -75,13 +75,12 @@ Create JAVA_OPTIONS ENV for passing custom work and detailed logs {{- $cnCustomJavaOptions := index .Values.global "auth-server" "cnCustomJavaOptions" }} {{- $custom := printf "%s" $cnCustomJavaOptions }} {{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}} -{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" $memory -}} -{{- $xmx := printf "-Xmx%dm" (sub $memory 300) -}} +{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.41) 1 ) -}} +{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.49)) -}} {{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}} {{ $customJavaOptions | trim | quote }} {{- end }} - {{/* Create topologySpreadConstraints lists */}} diff --git a/charts/gluu/gluu/charts/auth-server/templates/deployment.yml b/charts/gluu/gluu/charts/auth-server/templates/deployment.yml index a5524d9f0..3a310eff2 100644 --- a/charts/gluu/gluu/charts/auth-server/templates/deployment.yml +++ b/charts/gluu/gluu/charts/auth-server/templates/deployment.yml @@ -298,7 +298,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/auth-server/values.yaml b/charts/gluu/gluu/charts/auth-server/values.yaml index e2553ab90..014870d9e 100644 --- a/charts/gluu/gluu/charts/auth-server/values.yaml +++ b/charts/gluu/gluu/charts/auth-server/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/casa/Chart.yaml b/charts/gluu/gluu/charts/casa/Chart.yaml index 7bd9a5396..940873cbd 100644 --- a/charts/gluu/gluu/charts/casa/Chart.yaml +++ b/charts/gluu/gluu/charts/casa/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Jans Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Jans Server. home: https://gluu.org/docs/casa/ @@ -18,4 +18,4 @@ sources: - https://gluu.org/casa/ - https://github.com/JanssenProject/jans/docker-jans-casa type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/casa/README.md b/charts/gluu/gluu/charts/casa/README.md index ed476add2..b21304c8e 100644 --- a/charts/gluu/gluu/charts/casa/README.md +++ b/charts/gluu/gluu/charts/casa/README.md @@ -1,6 +1,6 @@ # casa -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Jans Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Jans Server. @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/casa"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | livenessProbe.httpGet.path | string | `"/jans-casa/health-check"` | http liveness probe endpoint | diff --git a/charts/gluu/gluu/charts/casa/templates/_helpers.tpl b/charts/gluu/gluu/charts/casa/templates/_helpers.tpl index efdb4a460..62ff8b809 100644 --- a/charts/gluu/gluu/charts/casa/templates/_helpers.tpl +++ b/charts/gluu/gluu/charts/casa/templates/_helpers.tpl @@ -85,8 +85,8 @@ Create JAVA_OPTIONS ENV for passing custom work and detailed logs {{ $custom := "" }} {{ $custom = printf "%s" .Values.global.casa.cnCustomJavaOptions }} {{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}} -{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" $memory -}} -{{- $xmx := printf "-Xmx%dm" (sub $memory 300) -}} +{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.41) 1 ) -}} +{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.49)) -}} {{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}} {{ $customJavaOptions | trim | quote }} {{- end }} diff --git a/charts/gluu/gluu/charts/casa/templates/deployment.yaml b/charts/gluu/gluu/charts/casa/templates/deployment.yaml index fd41e3cda..05336d50b 100644 --- a/charts/gluu/gluu/charts/casa/templates/deployment.yaml +++ b/charts/gluu/gluu/charts/casa/templates/deployment.yaml @@ -208,7 +208,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/casa/values.yaml b/charts/gluu/gluu/charts/casa/values.yaml index 391b0e057..81dd7e8e9 100644 --- a/charts/gluu/gluu/charts/casa/values.yaml +++ b/charts/gluu/gluu/charts/casa/values.yaml @@ -27,7 +27,7 @@ image: # -- Image to use for deploying. repository: janssenproject/casa # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml index 714bd359e..cc85f4d34 100644 --- a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml +++ b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Istio Gateway home: https://docs.gluu.org/ icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -16,4 +16,4 @@ sources: - https://gluu.org/docs/gluu-server/ - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/cn-istio-ingress type: application -version: 5.1.1 +version: 5.1.2 diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/README.md b/charts/gluu/gluu/charts/cn-istio-ingress/README.md index 77c717254..da135db51 100644 --- a/charts/gluu/gluu/charts/cn-istio-ingress/README.md +++ b/charts/gluu/gluu/charts/cn-istio-ingress/README.md @@ -1,6 +1,6 @@ # cn-istio-ingress -![Version: 5.1.1](https://img.shields.io/badge/Version-5.1.1--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 5.1.2](https://img.shields.io/badge/Version-5.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Istio Gateway diff --git a/charts/gluu/gluu/charts/config-api/Chart.yaml b/charts/gluu/gluu/charts/config-api/Chart.yaml index 9850b51fe..5b5adefe9 100644 --- a/charts/gluu/gluu/charts/config-api/Chart.yaml +++ b/charts/gluu/gluu/charts/config-api/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-config-api - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/config-api type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/config-api/README.md b/charts/gluu/gluu/charts/config-api/README.md index f738607c2..715e5451f 100644 --- a/charts/gluu/gluu/charts/config-api/README.md +++ b/charts/gluu/gluu/charts/config-api/README.md @@ -1,6 +1,6 @@ # config-api -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) @@ -39,7 +39,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. | diff --git a/charts/gluu/gluu/charts/config-api/templates/_helpers.tpl b/charts/gluu/gluu/charts/config-api/templates/_helpers.tpl index 0fee22c05..9359661af 100644 --- a/charts/gluu/gluu/charts/config-api/templates/_helpers.tpl +++ b/charts/gluu/gluu/charts/config-api/templates/_helpers.tpl @@ -75,8 +75,8 @@ Create JAVA_OPTIONS ENV for passing custom work and detailed logs {{- $cnCustomJavaOptions := index .Values.global "config-api" "cnCustomJavaOptions" }} {{- $custom := printf "%s" $cnCustomJavaOptions }} {{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}} -{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" $memory -}} -{{- $xmx := printf "-Xmx%dm" (sub $memory 300) -}} +{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.41) 1 ) -}} +{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.49)) -}} {{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}} {{ $customJavaOptions | trim | quote }} {{- end }} diff --git a/charts/gluu/gluu/charts/config-api/templates/deployment.yaml b/charts/gluu/gluu/charts/config-api/templates/deployment.yaml index 77dcec6d9..2df15882c 100644 --- a/charts/gluu/gluu/charts/config-api/templates/deployment.yaml +++ b/charts/gluu/gluu/charts/config-api/templates/deployment.yaml @@ -195,7 +195,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/config-api/values.yaml b/charts/gluu/gluu/charts/config-api/values.yaml index 973222cd6..45d162985 100644 --- a/charts/gluu/gluu/charts/config-api/values.yaml +++ b/charts/gluu/gluu/charts/config-api/values.yaml @@ -31,7 +31,7 @@ image: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/config/Chart.yaml b/charts/gluu/gluu/charts/config/Chart.yaml index c59c26051..b10322839 100644 --- a/charts/gluu/gluu/charts/config/Chart.yaml +++ b/charts/gluu/gluu/charts/config/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. home: https://docs.gluu.org @@ -18,4 +18,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-configurator - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/config type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/config/README.md b/charts/gluu/gluu/charts/config/README.md index 01b3fada5..1315759ed 100644 --- a/charts/gluu/gluu/charts/config/README.md +++ b/charts/gluu/gluu/charts/config/README.md @@ -1,6 +1,6 @@ # config -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. @@ -105,7 +105,7 @@ Kubernetes: `>=v1.21.0-0` | fullNameOverride | string | `""` | | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | | ldapTruststorePassword | string | `"changeit"` | LDAP truststore password if OpenDJ is used for persistence | | lifecycle | object | `{}` | | diff --git a/charts/gluu/gluu/charts/config/templates/load-init-config.yml b/charts/gluu/gluu/charts/config/templates/load-init-config.yml index 9988d9ceb..c5cf13bd5 100644 --- a/charts/gluu/gluu/charts/config/templates/load-init-config.yml +++ b/charts/gluu/gluu/charts/config/templates/load-init-config.yml @@ -81,9 +81,11 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password + - key: couchbase_superuser_password + path: couchbase_superuser_password {{- end }} {{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }} - name: sql-pass @@ -147,6 +149,9 @@ spec: - name: cb-pass mountPath: {{ .Values.global.cnCouchbasePasswordFile }} subPath: couchbase_password + - name: cb-pass + mountPath: {{ .Values.global.cnCouchbaseSuperuserPasswordFile }} + subPath: couchbase_superuser_password {{- end }} {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} - name: ldap-pass diff --git a/charts/gluu/gluu/charts/config/values.yaml b/charts/gluu/gluu/charts/config/values.yaml index 9491bbb3f..e952b8d51 100644 --- a/charts/gluu/gluu/charts/config/values.yaml +++ b/charts/gluu/gluu/charts/config/values.yaml @@ -176,7 +176,7 @@ image: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpennDJ is used for persistence. diff --git a/charts/gluu/gluu/charts/fido2/Chart.yaml b/charts/gluu/gluu/charts/fido2/Chart.yaml index e23565b71..b68667c81 100644 --- a/charts/gluu/gluu/charts/fido2/Chart.yaml +++ b/charts/gluu/gluu/charts/fido2/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. home: https://docs.gluu.org/ @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-fido2 - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/fido2 type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/fido2/README.md b/charts/gluu/gluu/charts/fido2/README.md index 295f1b77d..1a8801c1d 100644 --- a/charts/gluu/gluu/charts/fido2/README.md +++ b/charts/gluu/gluu/charts/fido2/README.md @@ -1,6 +1,6 @@ # fido2 -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. @@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | diff --git a/charts/gluu/gluu/charts/fido2/templates/_helpers.tpl b/charts/gluu/gluu/charts/fido2/templates/_helpers.tpl index 622416f34..650a4e31e 100644 --- a/charts/gluu/gluu/charts/fido2/templates/_helpers.tpl +++ b/charts/gluu/gluu/charts/fido2/templates/_helpers.tpl @@ -74,8 +74,8 @@ Create JAVA_OPTIONS ENV for passing custom work and detailed logs {{ $custom := "" }} {{ $custom = printf "%s" .Values.global.fido2.cnCustomJavaOptions }} {{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}} -{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" $memory -}} -{{- $xmx := printf "-Xmx%dm" (sub $memory 300) -}} +{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.41) 1 ) -}} +{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.49)) -}} {{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}} {{ $customJavaOptions | trim | quote }} {{- end }} diff --git a/charts/gluu/gluu/charts/fido2/templates/deployment.yml b/charts/gluu/gluu/charts/fido2/templates/deployment.yml index 8ec0385f9..c2dfbb6a6 100644 --- a/charts/gluu/gluu/charts/fido2/templates/deployment.yml +++ b/charts/gluu/gluu/charts/fido2/templates/deployment.yml @@ -210,7 +210,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/fido2/values.yaml b/charts/gluu/gluu/charts/fido2/values.yaml index 99f776a78..15b3ae816 100644 --- a/charts/gluu/gluu/charts/fido2/values.yaml +++ b/charts/gluu/gluu/charts/fido2/values.yaml @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/kc-scheduler/.helmignore b/charts/gluu/gluu/charts/kc-scheduler/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/gluu/gluu/charts/kc-scheduler/Chart.yaml b/charts/gluu/gluu/charts/kc-scheduler/Chart.yaml new file mode 100644 index 000000000..03f07d4db --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +appVersion: 1.1.2 +description: Responsible for synchronizing Keycloak SAML clients +home: https://jans.io +icon: https://github.com/JanssenProject/jans/raw/main/docs/assets/logo/janssen_project_favicon_transparent_50px_50px.png +keywords: +- Keycloak +- SAML +kubeVersion: '>=v1.22.0-0' +maintainers: +- email: support@jans.io + name: Mohammad Abudayyeh + url: https://github.com/moabu +name: kc-scheduler +sources: +- https://github.com/JanssenProject/jans/docker-jans-kc-scheduler +type: application +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/kc-scheduler/README.md b/charts/gluu/gluu/charts/kc-scheduler/README.md new file mode 100644 index 000000000..cbec682a7 --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/README.md @@ -0,0 +1,50 @@ +# kc-scheduler + +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.2](https://img.shields.io/badge/AppVersion-1.1.2-informational?style=flat-square) + +Responsible for synchronizing Keycloak SAML clients + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.22.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"ghcr.io/janssenproject/jans/kc-scheduler"` | Image to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | +| interval | int | `10` | Interval of running the scheduler (in minutes) | +| lifecycle | object | `{}` | | +| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"300m"` | CPU limit. | +| resources.limits.memory | string | `"300Mi"` | Memory limit. | +| resources.requests.cpu | string | `"300m"` | CPU request. | +| resources.requests.memory | string | `"300Mi"` | Memory request. | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/gluu/gluu/charts/kc-scheduler/templates/_helpers.tpl b/charts/gluu/gluu/charts/kc-scheduler/templates/_helpers.tpl new file mode 100644 index 000000000..5cf07a22f --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kc-scheduler.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kc-scheduler.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kc-scheduler.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "kc-scheduler.labels" -}} +app: {{ .Release.Name }}-{{ include "kc-scheduler.name" . }} +helm.sh/chart: {{ include "kc-scheduler.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "kc-scheduler.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val | quote }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "kc-scheduler.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key | quote }} +{{- end }} +{{- end }} diff --git a/charts/gluu/gluu/charts/kc-scheduler/templates/cronjobs.yaml b/charts/gluu/gluu/charts/kc-scheduler/templates/cronjobs.yaml new file mode 100644 index 000000000..806277a1e --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/templates/cronjobs.yaml @@ -0,0 +1,196 @@ +{ if and (index .Values "global" "kc-scheduler" "enabled") (.Values.global.saml.enabled) -}} +kind: CronJob +apiVersion: batch/v1 +metadata: + name: {{ include "kc-scheduler.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: kc-scheduler + release: {{ .Release.Name }} +{{ include "kc-scheduler.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + schedule: "@every {{ .Values.interval }}m" + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 12 }} + {{- end }} + containers: + - name: {{ include "kc-scheduler.name" . }} + {{- if .Values.customScripts }} + command: + - /bin/sh + - -c + - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 20}} + {{- end }} + /app/scripts/entrypoint.sh + {{- end}} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "kc-scheduler.usr-envs" . | indent 16 }} + {{- include "kc-scheduler.usr-secret-envs" . | indent 16 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + lifecycle: +{{- toYaml .Values.lifecycle | nindent 16 }} + volumeMounts: + {{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }} + - mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }} + name: aws-shared-credential-file + subPath: aws_shared_credential_file + - mountPath: {{ .Values.global.cnAwsConfigFile }} + name: aws-config-file + subPath: aws_config_file + - mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }} + name: aws-secrets-replica-regions + subPath: aws_secrets_replica_regions + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{ if eq .Values.global.configSecretAdapter "vault" }} + - name: vault + mountPath: /etc/certs/vault_role_id + subPath: vault_role_id + - name: vault + mountPath: /etc/certs/vault_secret_id + subPath: vault_secret_id + {{- end }} + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 16 }} + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + - name: cb-pass + mountPath: {{ .Values.global.cnCouchbasePasswordFile }} + subPath: couchbase_password + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: sql-pass + mountPath: {{ .Values.global.cnSqlPasswordFile }} + subPath: sql_password + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: ldap-pass + mountPath: {{ .Values.global.cnLdapPasswordFile }} + subPath: ldap_password + {{- end }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{- if and ( .Values.global.opendj.enabled ) (or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath")) }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 16 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }} + - name: aws-shared-credential-file + secret: + secretName: {{ .Release.Name }}-aws-config-creds + items: + - key: aws_shared_credential_file + path: aws_shared_credential_file + - name: aws-config-file + secret: + secretName: {{ .Release.Name }}-aws-config-creds + items: + - key: aws_config_file + path: aws_config_file + - name: aws-secrets-replica-regions + secret: + secretName: {{ .Release.Name }}-aws-config-creds + items: + - key: aws_secrets_replica_regions + path: aws_secrets_replica_regions + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{ if eq .Values.global.configSecretAdapter "vault" }} + - name: vault + secret: + secretName: {{ .Release.Name }}-vault + items: + - key: vault_role_id + path: vault_role_id + - key: vault_secret_id + path: vault_secret_id + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + - name: cb-pass + secret: + secretName: {{ .Release.Name }}-cb-pass + items: + # we are mostly need non-superuser couchbase password file here + - key: couchbase_password + path: couchbase_password + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: sql-pass + secret: + secretName: {{ .Release.Name }}-sql-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: ldap-pass + secret: + secretName: {{ .Release.Name }}-ldap-pass + items: + - key: ldap_password + path: ldap_password + {{- end }} + restartPolicy: Never + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} +{{- end }} diff --git a/charts/gluu/gluu/charts/kc-scheduler/templates/service.yaml b/charts/gluu/gluu/charts/kc-scheduler/templates/service.yaml new file mode 100644 index 000000000..e32662e04 --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/templates/service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kc-scheduler.fullname" . }} + labels: +{{ include "kc-scheduler.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: {{ .Release.Name }}-{{ include "kc-scheduler.name" . }} + type: ClusterIP +{{- end }} diff --git a/charts/gluu/gluu/charts/kc-scheduler/templates/user-custom-secret-envs.yaml b/charts/gluu/gluu/charts/kc-scheduler/templates/user-custom-secret-envs.yaml new file mode 100644 index 000000000..8c6cb6075 --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/templates/user-custom-secret-envs.yaml @@ -0,0 +1,20 @@ +{{ if .Values.usrEnvs.secret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "kc-scheduler.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} diff --git a/charts/gluu/gluu/charts/kc-scheduler/values.yaml b/charts/gluu/gluu/charts/kc-scheduler/values.yaml new file mode 100644 index 000000000..4a5623149 --- /dev/null +++ b/charts/gluu/gluu/charts/kc-scheduler/values.yaml @@ -0,0 +1,54 @@ +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: ghcr.io/janssenproject/jans/kc-scheduler + # -- Image tag to use for deploying. + tag: 1.1.2-2 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi +# -- Interval of running the scheduler (in minutes) +interval: 10 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] +# Actions on lifecycle events such as postStart and preStop +# Example +# lifecycle: +# postStart: +# exec: +# command: ["sh", "-c", "mkdir /opt/jans/jetty/jans-auth/custom/static/stylesheet/"] +lifecycle: {} +# -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} +additionalAnnotations: {} +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [] diff --git a/charts/gluu/gluu/charts/link/Chart.yaml b/charts/gluu/gluu/charts/link/Chart.yaml index aba546751..991e00b7e 100644 --- a/charts/gluu/gluu/charts/link/Chart.yaml +++ b/charts/gluu/gluu/charts/link/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Jans Link home: https://jans.io icon: https://github.com/JanssenProject/jans/raw/main/docs/assets/logo/janssen_project_favicon_transparent_50px_50px.png @@ -15,4 +15,4 @@ sources: - https://github.com/JanssenProject/jans/jans-link - https://github.com/JanssenProject/jans/docker-jans-link type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/link/README.md b/charts/gluu/gluu/charts/link/README.md index 4eb60b12d..312db193b 100644 --- a/charts/gluu/gluu/charts/link/README.md +++ b/charts/gluu/gluu/charts/link/README.md @@ -1,6 +1,6 @@ # link -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Jans Link @@ -38,7 +38,7 @@ Kubernetes: `>=v1.22.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"ghcr.io/janssenproject/jans/link"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the link if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | diff --git a/charts/gluu/gluu/charts/link/templates/_helpers.tpl b/charts/gluu/gluu/charts/link/templates/_helpers.tpl index 49c1621e5..f4d7564d4 100644 --- a/charts/gluu/gluu/charts/link/templates/_helpers.tpl +++ b/charts/gluu/gluu/charts/link/templates/_helpers.tpl @@ -74,8 +74,8 @@ Create JAVA_OPTIONS ENV for passing custom work and detailed logs {{ $custom := "" }} {{ $custom = printf "%s" .Values.global.link.cnCustomJavaOptions }} {{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}} -{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" $memory -}} -{{- $xmx := printf "-Xmx%dm" (sub $memory 300) -}} +{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.41) 1 ) -}} +{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.49)) -}} {{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}} {{ $customJavaOptions | trim | quote }} {{- end }} diff --git a/charts/gluu/gluu/charts/link/templates/deployment.yaml b/charts/gluu/gluu/charts/link/templates/deployment.yaml index d9398cadd..bc7497cd7 100644 --- a/charts/gluu/gluu/charts/link/templates/deployment.yaml +++ b/charts/gluu/gluu/charts/link/templates/deployment.yaml @@ -194,7 +194,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/link/values.yaml b/charts/gluu/gluu/charts/link/values.yaml index facaecac3..6734e3797 100644 --- a/charts/gluu/gluu/charts/link/values.yaml +++ b/charts/gluu/gluu/charts/link/values.yaml @@ -31,7 +31,7 @@ image: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/link # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml index 16e6ec6a3..ad4da8627 100644 --- a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml +++ b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Nginx ingress definitions chart home: https://docs.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -17,4 +17,4 @@ sources: - https://kubernetes.io/docs/concepts/services-networking/ingress/ - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/nginx-ingress type: application -version: 5.1.1 +version: 5.1.2 diff --git a/charts/gluu/gluu/charts/nginx-ingress/README.md b/charts/gluu/gluu/charts/nginx-ingress/README.md index ab86bdaa2..5a7cf7c89 100644 --- a/charts/gluu/gluu/charts/nginx-ingress/README.md +++ b/charts/gluu/gluu/charts/nginx-ingress/README.md @@ -1,6 +1,6 @@ # nginx-ingress -![Version: 5.1.1](https://img.shields.io/badge/Version-5.1.1--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 5.1.2](https://img.shields.io/badge/Version-5.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Nginx ingress definitions chart diff --git a/charts/gluu/gluu/charts/opendj/Chart.yaml b/charts/gluu/gluu/charts/opendj/Chart.yaml index be1827c6b..937b1e849 100644 --- a/charts/gluu/gluu/charts/opendj/Chart.yaml +++ b/charts/gluu/gluu/charts/opendj/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in @@ -19,4 +19,4 @@ sources: - https://github.com/GluuFederation/docker-opendj - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/opendj type: application -version: 5.1.1 +version: 5.1.2 diff --git a/charts/gluu/gluu/charts/opendj/README.md b/charts/gluu/gluu/charts/opendj/README.md index d19b60785..3fa11728e 100644 --- a/charts/gluu/gluu/charts/opendj/README.md +++ b/charts/gluu/gluu/charts/opendj/README.md @@ -1,6 +1,6 @@ # opendj -![Version: 5.1.1](https://img.shields.io/badge/Version-5.1.1--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 5.1.2](https://img.shields.io/badge/Version-5.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. diff --git a/charts/gluu/gluu/charts/persistence/Chart.yaml b/charts/gluu/gluu/charts/persistence/Chart.yaml index 456919f26..a45ece6dc 100644 --- a/charts/gluu/gluu/charts/persistence/Chart.yaml +++ b/charts/gluu/gluu/charts/persistence/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Job to generate data and initial config for Gluu Server persistence layer. home: https://docs.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -15,4 +15,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-persistence-loader - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/persistence type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/persistence/README.md b/charts/gluu/gluu/charts/persistence/README.md index cf340d2c3..03799237c 100644 --- a/charts/gluu/gluu/charts/persistence/README.md +++ b/charts/gluu/gluu/charts/persistence/README.md @@ -1,6 +1,6 @@ # persistence -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Job to generate data and initial config for Gluu Server persistence layer. @@ -34,7 +34,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/persistence"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | imagePullSecrets | list | `[]` | | | lifecycle | object | `{}` | | | nameOverride | string | `""` | | diff --git a/charts/gluu/gluu/charts/persistence/values.yaml b/charts/gluu/gluu/charts/persistence/values.yaml index 55901cd85..55210d392 100644 --- a/charts/gluu/gluu/charts/persistence/values.yaml +++ b/charts/gluu/gluu/charts/persistence/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenproject/persistence # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/charts/gluu/gluu/charts/saml/Chart.yaml b/charts/gluu/gluu/charts/saml/Chart.yaml index c07a077a3..38f7ff126 100644 --- a/charts/gluu/gluu/charts/saml/Chart.yaml +++ b/charts/gluu/gluu/charts/saml/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: Jans SAML home: https://jans.io icon: https://github.com/JanssenProject/jans/raw/main/docs/assets/logo/janssen_project_favicon_transparent_50px_50px.png @@ -15,4 +15,4 @@ name: saml sources: - https://github.com/JanssenProject/jans/docker-jans-saml type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/saml/README.md b/charts/gluu/gluu/charts/saml/README.md index 3a757f6da..8265580ce 100644 --- a/charts/gluu/gluu/charts/saml/README.md +++ b/charts/gluu/gluu/charts/saml/README.md @@ -1,6 +1,6 @@ # saml -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) Jans SAML @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/saml"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for saml if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | diff --git a/charts/gluu/gluu/charts/saml/templates/_helpers.tpl b/charts/gluu/gluu/charts/saml/templates/_helpers.tpl index 8139686d8..93ef5f1e1 100644 --- a/charts/gluu/gluu/charts/saml/templates/_helpers.tpl +++ b/charts/gluu/gluu/charts/saml/templates/_helpers.tpl @@ -85,8 +85,8 @@ Create JAVA_OPTIONS ENV for passing custom work and detailed logs {{ $custom := "" }} {{ $custom = printf "%s" .Values.global.saml.cnCustomJavaOptions }} {{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}} -{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" $memory -}} -{{- $xmx := printf "-Xmx%dm" (sub $memory 300) -}} +{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.41) 1 ) -}} +{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.49)) -}} {{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}} {{ $customJavaOptions | trim | quote }} {{- end }} diff --git a/charts/gluu/gluu/charts/saml/templates/deployment.yaml b/charts/gluu/gluu/charts/saml/templates/deployment.yaml index 38039dbef..a8d5bd67d 100644 --- a/charts/gluu/gluu/charts/saml/templates/deployment.yaml +++ b/charts/gluu/gluu/charts/saml/templates/deployment.yaml @@ -214,7 +214,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/saml/values.yaml b/charts/gluu/gluu/charts/saml/values.yaml index f9ae228b3..3da41bb29 100644 --- a/charts/gluu/gluu/charts/saml/values.yaml +++ b/charts/gluu/gluu/charts/saml/values.yaml @@ -27,7 +27,7 @@ image: # -- Image to use for deploying. repository: janssenproject/saml # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/scim/Chart.yaml b/charts/gluu/gluu/charts/scim/Chart.yaml index 38a95f64f..e561c873a 100644 --- a/charts/gluu/gluu/charts/scim/Chart.yaml +++ b/charts/gluu/gluu/charts/scim/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 5.1.1 +appVersion: 5.1.2 description: System for Cross-domain Identity Management (SCIM) version 2.0 home: https://docs.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -17,4 +17,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-scim - https://github.com/GluuFederation/flex/tree/main/charts/gluu/charts/scim type: application -version: 1.1.1 +version: 1.1.2 diff --git a/charts/gluu/gluu/charts/scim/README.md b/charts/gluu/gluu/charts/scim/README.md index ae1d1f513..494d3828d 100644 --- a/charts/gluu/gluu/charts/scim/README.md +++ b/charts/gluu/gluu/charts/scim/README.md @@ -1,6 +1,6 @@ # scim -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.1](https://img.shields.io/badge/AppVersion-5.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.1.2](https://img.shields.io/badge/AppVersion-5.1.2-informational?style=flat-square) System for Cross-domain Identity Management (SCIM) version 2.0 @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| image.tag | string | `"1.1.1-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.1.2-2"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | diff --git a/charts/gluu/gluu/charts/scim/templates/_helpers.tpl b/charts/gluu/gluu/charts/scim/templates/_helpers.tpl index 5c23b42a6..8aab5551e 100644 --- a/charts/gluu/gluu/charts/scim/templates/_helpers.tpl +++ b/charts/gluu/gluu/charts/scim/templates/_helpers.tpl @@ -74,8 +74,8 @@ Create JAVA_OPTIONS ENV for passing custom work and detailed logs {{ $custom := "" }} {{ $custom = printf "%s" .Values.global.scim.cnCustomJavaOptions }} {{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}} -{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" $memory -}} -{{- $xmx := printf "-Xmx%dm" (sub $memory 300) -}} +{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.41) 1 ) -}} +{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.49)) -}} {{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}} {{ $customJavaOptions | trim | quote }} {{- end }} diff --git a/charts/gluu/gluu/charts/scim/templates/deployment.yml b/charts/gluu/gluu/charts/scim/templates/deployment.yml index 4f63d351f..a429b98cf 100644 --- a/charts/gluu/gluu/charts/scim/templates/deployment.yml +++ b/charts/gluu/gluu/charts/scim/templates/deployment.yml @@ -209,7 +209,7 @@ spec: secret: secretName: {{ .Release.Name }}-cb-pass items: - # we are mostly need non-superuser couchbase password file here + # we mostly need non-superuser couchbase password file here - key: couchbase_password path: couchbase_password {{- end }} diff --git a/charts/gluu/gluu/charts/scim/values.yaml b/charts/gluu/gluu/charts/scim/values.yaml index bbdc54637..b51b30261 100644 --- a/charts/gluu/gluu/charts/scim/values.yaml +++ b/charts/gluu/gluu/charts/scim/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/openbanking-values.yaml b/charts/gluu/gluu/openbanking-values.yaml index 195890488..001ea94a3 100644 --- a/charts/gluu/gluu/openbanking-values.yaml +++ b/charts/gluu/gluu/openbanking-values.yaml @@ -28,7 +28,7 @@ auth-server: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -167,7 +167,7 @@ config: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Organization name. Used for certificate creation. @@ -231,7 +231,7 @@ config-api: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -664,7 +664,7 @@ persistence: # -- Image to use for deploying. repository: janssenproject/persistence-loader # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/charts/gluu/gluu/values.schema.json b/charts/gluu/gluu/values.schema.json index 620f8e8f9..0b070c66f 100644 --- a/charts/gluu/gluu/values.schema.json +++ b/charts/gluu/gluu/values.schema.json @@ -1,2577 +1,2671 @@ { - "$schema":"https://json-schema.org/draft/2020-12/schema#", - "type":"object", - "properties":{ - "admin-ui":{ - "description":"Admin GUI for configuration of the auth-server", - "type":"object", - "properties":{ - - } - }, - "auth-server":{ - "description":"OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.", - "type":"object", - "properties":{ - - } - }, - "auth-server-key-rotation":{ - "description":"Responsible for regenerating auth-keys per x hours", - "type":"object", - "properties":{ - - } - }, - "casa":{ - "description":"Gluu Casa (\"Casa\") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", - "type":"object", - "properties":{ - - } - } - }, - "config":{ - "description":"Configuration parameters for setup and initial configuration secret annd config layers used by Gluu services.", - "type":"object", - "properties":{ - "adminPass":{ - "description":"Admin password to login to the UI", - "$ref":"#/definitions/password" - }, - "city":{ - "description":"City of the company or individual. Used in generating the self-signed certificate", - "type":"string", - "pattern":"^[a-zA-Z]+$" - }, - "configmap":{ - "description":"Configuration parameters mapped to envs in a ConfigMap", - "type":"object", - "properties":{ - "cnSqlDbDialect":{ - "description":"SQL dialect", - "type":"string", - "pattern":"^(mysql)$" - }, - "cnSqlDbHost":{ - "description":"SQL server address or ip", - "anyOf":[ - { - "$ref":"#/definitions/url-pattern" + "$schema": "https://json-schema.org/draft/2020-12/schema#", + "type": "object", + "properties": { + "admin-ui": { + "description": "Admin GUI for configuration of the auth-server", + "type": "object", + "properties": {} + }, + "auth-server": { + "description": "OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.", + "type": "object", + "properties": {} + }, + "auth-server-key-rotation": { + "description": "Responsible for regenerating auth-keys per x hours", + "type": "object", + "properties": {} + }, + "casa": { + "description": "Gluu Casa (\"Casa\") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", + "type": "object", + "properties": {} + }, + "config": { + "description": "Configuration parameters for setup and initial configuration secret annd config layers used by Gluu services.", + "type": "object", + "properties": { + "adminPass": { + "description": "Admin password to login to the UI", + "$ref": "#/definitions/password" + }, + "city": { + "description": "City of the company or individual. Used in generating the self-signed certificate", + "type": "string", + "pattern": "^[a-zA-Z]+$" + }, + "configmap": { + "description": "Configuration parameters mapped to envs in a ConfigMap", + "type": "object", + "properties": { + "cnSqlDbDialect": { + "description": "SQL dialect", + "type": "string", + "pattern": "^(mysql|pgsql)$" }, - { - "$ref":"#/definitions/ip-pattern" + "cnSqlDbHost": { + "description": "SQL server address or ip", + "anyOf": [ + { + "$ref": "#/definitions/url-pattern" + }, + { + "$ref": "#/definitions/ip-pattern" + } + ] + }, + "cnSqlDbPort": { + "description": "SQL server port", + "type": "integer" + }, + "cnSqlDbName": { + "description": "SQL server database name for Jans", + "type": "string", + "pattern": "^[a-z-0-9]+$" + }, + "cnSqlDbUser": { + "description": "SQL database Jans username", + "type": "string", + "pattern": "^[a-z-0-9]+$" + }, + "cnSqlDbTimezone": { + "description": "SQL database timezone", + "type": "string", + "pattern": "^(GMT|UTC|ECT|EET|ART|EAT|MET|NET|PLT|IST|BST|VST|CTT|JST|ACT|AET|SST|NST|MIT|HST|AST|PST|PNT|MST|CST|EST|IET|PRT|CNT|AGT|BET|CAT)$" + }, + "cnSqldbUserPassword": { + "description": "Password for user config.configmap.cnSqlDbUser.", + "$ref": "#/definitions/password" + }, + "cnCacheType": { + "description": "Cache type. NATIVE_PERSISTENCE, REDIS. or IN_MEMORY. Defaults to NATIVE_PERSISTENCE", + "type": "string", + "pattern": "^(NATIVE_PERSISTENCE|REDIS|IN_MEMORY)$" + }, + "cnConfigKubernetesConfigMap": { + "description": "The name of the ConfigMap that will hold the configuration layer", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnCouchbaseBucketPrefix": { + "description": "The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnCouchbaseCrt": { + "description": "Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnCouchbaseIndexNumReplica": { + "description": "The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1.", + "type": "integer" + }, + "cnCouchbasePass": { + "description": "Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", + "$ref": "#/definitions/password" + }, + "cnCouchbaseSuperUser": { + "description": "The Couchbase super user (admin) user name. This user is used during initialization only.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnCouchbaseSuperUserPass": { + "description": "Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", + "$ref": "#/definitions/password" + }, + "cnCouchbaseSuperUserPassFile": { + "description": "The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", + "type": "string", + "pattern": ".*couchbase_superuser_password\\b.*" + }, + "cnCouchbaseUrl": { + "description": "Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster", + "$ref": "#/definitions/fqdn-pattern" + }, + "cnCouchbaseUser": { + "description": "Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnGoogleSecretManagerServiceAccount": { + "description": "Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnGoogleProjectId": { + "description": "Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "" + }, + "cnGoogleSpannerInstanceId": { + "description": "Google Spanner ID. Used only when global.cnPersistenceType is spanner.", + "type": "string", + "pattern": "^([a-z0-9\\-])*$" + }, + "cnGoogleSpannerDatabaseId": { + "description": "Google Spanner Database ID. Used only when global.cnPersistenceType is spanner.", + "type": "string", + "pattern": "^[a-z0-9\\-]*$" + }, + "cnGoogleSecretVersionId": { + "description": "Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "^([0-9]|latest)*$" + }, + "cnGoogleSecretNamePrefix": { + "description": "Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnGoogleSecretManagerPassPhrase": { + "description": "Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "$ref": "#/definitions/password" + }, + "cnLdapUrl": { + "description": "OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`.", + "type": "string", + "pattern": "^[a-z0-9-:]+$" + }, + "cnMaxRamPercent": { + "description": "Value passed to Java option -XX:MaxRAMPercentage", + "type": "string", + "pattern": "^(\\d{0,2}(\\.\\d{1,2})?|100(\\.0?)?)$" + }, + "cnScimProtectionMode": { + "description": "SCIM protection mode OAUTH|TEST|UMA", + "type": "string", + "pattern": "^(OAUTH|TEST|UMA)$" + }, + "cnPersistenceHybridMapping": { + "description": "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`.", + "type": "string" + }, + "cnRedisSentinelGroup": { + "description": "Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "string" + }, + "cnRedisSslTruststore": { + "description": "Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "string" + }, + "cnRedisType": { + "description": "Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "string", + "pattern": "^(SHARDED|STANDALONE|CLUSTER|SENTINEL)$" + }, + "cnRedisUrl": { + "description": "Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "$ref": "#/definitions/url-pattern" + }, + "cnRedisUseSsl": { + "description": "Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "boolean" + }, + "cnSecretKubernetesSecret": { + "description": "Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "lbAddr": { + "description": "Loadbalancer address for AWS if the FQDN is not registered.", + "$ref": "#/definitions/url-pattern" + }, + "cnLdapCrt": { + "description": "OpenDJ certificate string. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnLdapKey": { + "description": "OpenDJ key string. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" } - ] - }, - "cnSqlDbPort":{ - "description":"SQL server port", - "type":"integer" - }, - "cnSqlDbName":{ - "description":"SQL server database name for Jans", - "type":"string", - "pattern":"^[a-z-0-9]+$" - }, - "cnSqlDbUser":{ - "description":"SQL database Jans username", - "type":"string", - "pattern":"^[a-z-0-9]+$" - }, - "cnSqlDbTimezone":{ - "description":"SQL database timezone", - "type":"string", - "pattern":"^(GMT|UTC|ECT|EET|ART|EAT|MET|NET|PLT|IST|BST|VST|CTT|JST|ACT|AET|SST|NST|MIT|HST|AST|PST|PNT|MST|CST|EST|IET|PRT|CNT|AGT|BET|CAT)$" - }, - "cnSqldbUserPassword":{ - "description":"Password for user config.configmap.cnSqlDbUser.", - "$ref":"#/definitions/password" - }, - "cnCacheType":{ - "description":"Cache type. NATIVE_PERSISTENCE, REDIS. or IN_MEMORY. Defaults to NATIVE_PERSISTENCE", - "type":"string", - "pattern":"^(NATIVE_PERSISTENCE|REDIS|IN_MEMORY)$" - }, - "cnConfigKubernetesConfigMap":{ - "description":"The name of the ConfigMap that will hold the configuration layer", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnCouchbaseBucketPrefix":{ - "description":"The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnCouchbaseCrt":{ - "description":"Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnCouchbaseIndexNumReplica":{ - "description":"The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1.", - "type":"integer" - }, - "cnCouchbasePass":{ - "description":"Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", - "$ref":"#/definitions/password" - }, - "cnCouchbaseSuperUser":{ - "description":"The Couchbase super user (admin) user name. This user is used during initialization only.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnCouchbaseSuperUserPass":{ - "description":"Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", - "$ref":"#/definitions/password" - }, - "cnCouchbaseSuperUserPassFile":{ - "description":"The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", - "type":"string", - "pattern":".*couchbase_superuser_password\\b.*" - }, - "cnCouchbaseUrl":{ - "description":"Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster", - "$ref":"#/definitions/fqdn-pattern" - }, - "cnCouchbaseUser":{ - "description":"Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnGoogleSecretManagerServiceAccount":{ - "description":"Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnGoogleProjectId":{ - "description":"Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"" - }, - "cnGoogleSpannerInstanceId":{ - "description":"Google Spanner ID. Used only when global.cnPersistenceType is spanner.", - "type":"string", - "pattern":"^([a-z0-9\\-])*$" - }, - "cnGoogleSpannerDatabaseId":{ - "description":"Google Spanner Database ID. Used only when global.cnPersistenceType is spanner.", - "type":"string", - "pattern":"^[a-z0-9\\-]*$" - }, - "cnGoogleSecretVersionId":{ - "description":"Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"^([0-9]|latest)*$" - }, - "cnGoogleSecretNamePrefix":{ - "description":"Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnGoogleSecretManagerPassPhrase":{ - "description":"Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "$ref":"#/definitions/password" - }, - "cnLdapUrl":{ - "description":"OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`.", - "type":"string", - "pattern":"^[a-z0-9-:]+$" - }, - "cnMaxRamPercent":{ - "description":"Value passed to Java option -XX:MaxRAMPercentage", - "type":"string", - "pattern":"^(\\d{0,2}(\\.\\d{1,2})?|100(\\.0?)?)$" - }, - "cnScimProtectionMode":{ - "description":"SCIM protection mode OAUTH|TEST|UMA", - "type":"string", - "pattern":"^(OAUTH|TEST|UMA)$" - }, - "cnPersistenceHybridMapping":{ - "description":"Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`.", - "type":"string" - }, - "cnRedisSentinelGroup":{ - "description":"Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"string" - }, - "cnRedisSslTruststore":{ - "description":"Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"string" - }, - "cnRedisType":{ - "description":"Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"string", - "pattern":"^(SHARDED|STANDALONE|CLUSTER|SENTINEL)$" - }, - "cnRedisUrl":{ - "description":"Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "$ref":"#/definitions/url-pattern" - }, - "cnRedisUseSsl":{ - "description":"Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"boolean" - }, - "cnSecretKubernetesSecret":{ - "description":"Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "lbAddr":{ - "description":"Loadbalancer address for AWS if the FQDN is not registered.", - "$ref":"#/definitions/url-pattern" - }, - "cnLdapCrt": { - "description": "OpenDJ certificate string. This must be encoded using base64.", + } + }, + "countryCode": { + "description": "Country code. Used for certificate creation.", + "type": "string", + "pattern": "^[A-Z]+$" + }, + "email": { + "description": "Email address of the administrator usually. Used for certificate creation.", + "$ref": "#/definitions/email-format" + }, + "image": { + "type": "object", + "properties": { + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "ldapPassword": { + "description": "LDAP admin password if OpennDJ is used for persistence.", + "$ref": "#/definitions/password" + }, + "orgName": { + "description": "Organization name. Used for certificate creation.", + "type": "string", + "pattern": "^[a-zA-Z]+$" + }, + "redisPassword": { + "description": "Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`", + "$ref": "#/definitions/password" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + }, + "state": { + "description": "State code. Used for certificate creation.", + "type": "string", + "pattern": "^[a-zA-Z]+$" + } + } + }, + "config-api": { + "description": "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS).", + "type": "object", + "properties": {} + }, + "fido2": { + "description": "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.", + "type": "object", + "properties": {} + }, + "global": { + "description": "Parameters used globally across all services helm charts.", + "type": "object", + "properties": { + "alb": { + "type": "object", + "properties": { + "ingress": { + "description": "Activates ALB ingress", + "type": "boolean" + } + } + }, + "auth-server": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable auth-server chart. You should never set this to false.", + "type": "boolean" + }, + "authServerServiceName": { + "description": "Name of the auth-server service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "appLoggers": { + "type": "object", + "properties": { + "authLogTarget": { + "description": "jans-auth.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "authLogLevel": { + "description": "jans-auth.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "httpLogTarget": { + "description": "http_request_response target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "httpLogLevel": { + "description": "http_request_response level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget": { + "description": "jans-auth_persistence.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceLogLevel": { + "description": "jans-auth_persistence.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget": { + "description": "jans-auth_persistence_duration.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel": { + "description": "jans-auth_persistence_duration.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget": { + "description": "jans-auth_persistence_ldap_statistics.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel": { + "description": "jans-auth_persistence_ldap_statistics.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget": { + "description": "jans-auth_script.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "scriptLogLevel": { + "description": "jans-auth_script.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "auditStatsLogTarget": { + "description": "jans-auth_audit.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "auditStatsLogLevel": { + "description": "jans-auth_audit.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "authServerEnabled": { + "description": "Enable Auth server endpoints /jans-auth", + "type": "boolean" + }, + "openidConfigEnabled": { + "description": "Enable endpoint /.well-known/openid-configuration", + "type": "boolean" + }, + "deviceCodeEnabled": { + "description": "Enable endpoint /device-code", + "type": "boolean" + }, + "firebaseMessagingEnabled": { + "description": "Enable endpoint /firebase-messaging-sw.js", + "type": "boolean" + }, + "uma2ConfigEnabled": { + "description": "Enable endpoint /.well-known/uma2-configuration", + "type": "boolean" + }, + "webfingerEnabled": { + "description": "Enable endpoint /.well-known/webfinger", + "type": "boolean" + }, + "webdiscoveryEnabled": { + "description": "Enable endpoint /.well-known/simple-web-discovery", + "type": "boolean" + }, + "u2fConfigEnabled": { + "description": "Enable endpoint /.well-known/fido-configuration", + "type": "boolean" + }, + "authServerProtectedToken": { + "description": "Enable mTLS on Auth server endpoint /jans-auth/restv1/token", + "type": "boolean" + }, + "authServerProtectedRegister": { + "description": "Enable mTLS onn Auth server endpoint /jans-auth/restv1/register", + "type": "boolean" + } + } + } + } + }, + "admin-ui": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable admin-ui chart. You should never set this to false.", + "type": "boolean" + }, + "adminUiServiceName": { + "description": "Name of the admin service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "adminUiEnabled": { + "description": "Enable Admin UI endpoints.", + "type": "boolean" + } + } + } + } + }, + "auth-server-key-rotation": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the auth-server-key rotation cronjob chart.", + "type": "boolean" + } + } + }, + "awsStorageType": { + "description": "Volume stroage type if using AWS volumes.", + "type": "string", + "pattern": "^(io1|io2|gp2|st1|sc1)$" + }, + "azureStorageAccountType": { + "description": "Volume storage type if using Azure disks.", + "type": "string", + "pattern": "^(Standard_LRS|Premium_LRS|StandardSSD_LRS|UltraSSD_LRS)$" + }, + "azureStorageKind": { + "description": "Azure storage kind if using Azure disks", + "type": "string", + "pattern": "^(Managed)$" + }, + "cloud": { + "type": "object", + "properties": { + "testEnviroment": { + "description": "Boolean flag if enabled will strip resources requests and limits from all services.", + "type": "boolean" + } + } + }, + "cnPersistenceType": { + "description": "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner.", + "type": "string", + "pattern": "^(ldap|couchbase|hybrid|sql|spanner)$" + }, + "cnDocumentStoreType": { + "description": "Document store type to use for shibboleth files DB.", + "type": "string", + "pattern": "^(DB)$" + }, + "cnObExtSigningJwksUri": { + "description": "Open banking external signing jwks uri. Used in SSA Validation.", + "type": "string" + }, + "cnObExtSigningJwksCrt": { + "description": "Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set.", "type": "string", "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnLdapKey": { - "description": "OpenDJ key string. This must be encoded using base64.", + }, + "cnObExtSigningJwksKey": { + "description": "Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", "type": "string", "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - } - } - }, - "countryCode":{ - "description":"Country code. Used for certificate creation.", - "type":"string", - "pattern":"^[A-Z]+$" - }, - "email":{ - "description":"Email address of the administrator usually. Used for certificate creation.", - "$ref":"#/definitions/email-format" - }, - "image":{ - "type":"object", - "properties":{ - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "ldapPassword":{ - "description":"LDAP admin password if OpennDJ is used for persistence.", - "$ref":"#/definitions/password" - }, - "orgName":{ - "description":"Organization name. Used for certificate creation.", - "type":"string", - "pattern":"^[a-zA-Z]+$" - }, - "redisPassword":{ - "description":"Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`", - "$ref":"#/definitions/password" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" + }, + "cnObExtSigningJwksKeyPassPhrase": { + "description": "Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObExtSigningAlias": { + "description": "Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G", + "type": "string" + }, + "cnObStaticSigningKeyKid": { + "description": "Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G", + "type": "string" + }, + "cnObTransportCrt": { + "description": "Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportKey": { + "description": "Open banking AS transport key. Used in SSA Validation. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportKeyPassPhrase": { + "description": "Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportAlias": { + "description": "Open banking transport Alias used inside the JVM.", + "type": "string" + }, + "cnObTransportTrustStore": { + "description": "Open banking AS transport truststore in .p12 format. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "config": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the configuration chart. This normally should always be true", + "type": "boolean" + } + } + }, + "configAdapterName": { + "description": "The config backend adapter that will hold Gluu configuration layer. google|kubernetes|aws", + "type": "string", + "pattern": "^(kubernetes|google|aws)$" + }, + "configSecretAdapter": { + "description": "The config backend adapter that will hold Gluu secret layer. google|kubernetes|aws", + "type": "string", + "pattern": "^(kubernetes|google|aws|vault)$" + }, + "cnGoogleApplicationCredentials": { + "description": "Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner.", + "type": "string", + "pattern": ".*google-credentials.json\\b.*" + }, + "casa": { + "type": "object", + "properties": { + "casaServiceName": { + "description": "Name of the casa service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" + "enabled": { + "description": "Boolean flag to enable/disable the casa chart.", + "type": "boolean" }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "casaEnabled": { + "description": " Enable casa endpoints /casa", + "type": "boolean" + } + } } - } - } - } - }, - "state":{ - "description":"State code. Used for certificate creation.", - "type":"string", - "pattern":"^[a-zA-Z]+$" - } - } - }, - "config-api":{ - "description":"Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS).", - "type":"object", - "properties":{ - - } - }, - "fido2":{ - "description":"FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.", - "type":"object", - "properties":{ - - } - }, - "global":{ - "description":"Parameters used globally across all services helm charts.", - "type":"object", - "properties":{ - "alb":{ - "type":"object", - "properties":{ - "ingress":{ - "description":"Activates ALB ingress", - "type":"boolean" - } - } - }, - "auth-server":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable auth-server chart. You should never set this to false.", - "type":"boolean" - }, - "authServerServiceName":{ - "description":"Name of the auth-server service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "authLogTarget":{ - "description":"jans-auth.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "authLogLevel":{ - "description":"jans-auth.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "httpLogTarget":{ - "description":"http_request_response target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "httpLogLevel":{ - "description":"http_request_response level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceLogTarget":{ - "description":"jans-auth_persistence.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceLogLevel":{ - "description":"jans-auth_persistence.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceDurationLogTarget":{ - "description":"jans-auth_persistence_duration.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceDurationLogLevel":{ - "description":"jans-auth_persistence_duration.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "ldapStatsLogTarget":{ - "description":"jans-auth_persistence_ldap_statistics.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "ldapStatsLogLevel":{ - "description":"jans-auth_persistence_ldap_statistics.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "scriptLogTarget":{ - "description":"jans-auth_script.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "scriptLogLevel":{ - "description":"jans-auth_script.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "auditStatsLogTarget":{ - "description":"jans-auth_audit.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "auditStatsLogLevel":{ - "description":"jans-auth_audit.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "authServerEnabled":{ - "description":"Enable Auth server endpoints /jans-auth", - "type":"boolean" + } + }, + "config-api": { + "type": "object", + "properties": { + "configApiServerServiceName": { + "description": "Name of the config-api service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" }, - "openidConfigEnabled":{ - "description":"Enable endpoint /.well-known/openid-configuration", - "type":"boolean" - }, - "deviceCodeEnabled":{ - "description":"Enable endpoint /device-code", - "type":"boolean" - }, - "firebaseMessagingEnabled":{ - "description":"Enable endpoint /firebase-messaging-sw.js", - "type":"boolean" + "enabled": { + "description": "Boolean flag to enable/disable the config-api chart.", + "type": "boolean" }, - "uma2ConfigEnabled":{ - "description":"Enable endpoint /.well-known/uma2-configuration", - "type":"boolean" + "appLoggers": { + "type": "object", + "properties": { + "configApiLogTarget": { + "description": "configapi.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "configApiLogLevel": { + "description": "configapi.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } }, - "webfingerEnabled":{ - "description":"Enable endpoint /.well-known/webfinger", - "type":"boolean" + "adminUiAppLoggers": { + "type": "object", + "properties": { + "adminUiLogTarget": { + "description": "config-api admin-ui plugin log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "adminUiLogLevel": { + "description": "config-api admin-ui plugin log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "adminUiAuditLogTarget": { + "description": "config-api admin-ui plugin audit log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "adminUiAuditLogLevel": { + "description": "config-api admin-ui plugin audit log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } }, - "webdiscoveryEnabled":{ - "description":"Enable endpoint /.well-known/simple-web-discovery", - "type":"boolean" + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "configApiEnabled": { + "description": "Enable config API endpoints /jans-config-api", + "type": "boolean" + } + } + } + } + }, + "fqdn": { + "description": "Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services.", + "$ref": "#/definitions/fqdn-pattern" + }, + "fido2": { + "type": "object", + "properties": { + "fido2ServiceName": { + "description": "Name of the fido2 service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" }, - "u2fConfigEnabled":{ - "description":"Enable endpoint /.well-known/fido-configuration", - "type":"boolean" + "enabled": { + "description": "Boolean flag to enable/disable the fido2 chart.", + "type": "boolean" }, - "authServerProtectedToken":{ - "description":"Enable mTLS on Auth server endpoint /jans-auth/restv1/token", - "type":"boolean" - }, - "authServerProtectedRegister":{ - "description":"Enable mTLS onn Auth server endpoint /jans-auth/restv1/register", - "type":"boolean" - } - } - } - - } - }, - "admin-ui":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable admin-ui chart. You should never set this to false.", - "type":"boolean" - }, - "adminUiServiceName":{ - "description":"Name of the admin service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "adminUiEnabled":{ - "description":"Enable Admin UI endpoints.", - "type":"boolean" - } - } - } - } - }, - - "auth-server-key-rotation":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the auth-server-key rotation cronjob chart.", - "type":"boolean" - } - } - }, - "awsStorageType":{ - "description":"Volume stroage type if using AWS volumes.", - "type":"string", - "pattern":"^(io1|io2|gp2|st1|sc1)$" - }, - "azureStorageAccountType":{ - "description":"Volume storage type if using Azure disks.", - "type":"string", - "pattern":"^(Standard_LRS|Premium_LRS|StandardSSD_LRS|UltraSSD_LRS)$" - }, - "azureStorageKind":{ - "description":"Azure storage kind if using Azure disks", - "type":"string", - "pattern":"^(Managed)$" - }, - "cloud":{ - "type":"object", - "properties":{ - "testEnviroment":{ - "description":"Boolean flag if enabled will strip resources requests and limits from all services.", - "type":"boolean" - } - } - }, - "cnPersistenceType":{ - "description":"Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner.", - "type":"string", - "pattern":"^(ldap|couchbase|hybrid|sql|spanner)$" - }, - "cnDocumentStoreType":{ - "description":"Document store type to use for shibboleth files DB.", - "type":"string", - "pattern":"^(DB)$" - }, - "cnObExtSigningJwksUri":{ - "description":"Open banking external signing jwks uri. Used in SSA Validation.", - "type":"string" - }, - "cnObExtSigningJwksCrt":{ - "description":"Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObExtSigningJwksKey":{ - "description":"Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObExtSigningJwksKeyPassPhrase":{ - "description":"Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObExtSigningAlias":{ - "description":"Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G", - "type":"string" - }, - "cnObStaticSigningKeyKid":{ - "description":"Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G", - "type":"string" - }, - "cnObTransportCrt":{ - "description":"Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObTransportKey":{ - "description":"Open banking AS transport key. Used in SSA Validation. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObTransportKeyPassPhrase":{ - "description":"Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObTransportAlias":{ - "description":"Open banking transport Alias used inside the JVM.", - "type":"string" - }, - "cnObTransportTrustStore":{ - "description":"Open banking AS transport truststore in .p12 format. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "config":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the configuration chart. This normally should always be true", - "type":"boolean" - } - } - }, - "configAdapterName":{ - "description":"The config backend adapter that will hold Gluu configuration layer. google|kubernetes|aws", - "type":"string", - "pattern":"^(kubernetes|google|aws)$" - }, - "configSecretAdapter":{ - "description":"The config backend adapter that will hold Gluu secret layer. google|kubernetes|aws", - "type":"string", - "pattern":"^(kubernetes|google|aws|vault)$" - }, - "cnGoogleApplicationCredentials":{ - "description":"Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner.", - "type":"string", - "pattern":".*google-credentials.json\\b.*" - }, - "casa":{ - "type":"object", - "properties":{ - "casaServiceName":{ - "description":"Name of the casa service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "enabled":{ - "description":"Boolean flag to enable/disable the casa chart.", - "type":"boolean" - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "casaEnabled":{ - "description":" Enable casa endpoints /casa", - "type":"boolean" - } - } - } - } - }, - "config-api":{ - "type":"object", - "properties":{ - "configApiServerServiceName":{ - "description":"Name of the config-api service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "enabled":{ - "description":"Boolean flag to enable/disable the config-api chart.", - "type":"boolean" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "configApiLogTarget":{ - "description":"configapi.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "configApiLogLevel":{ - "description":"configapi.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "adminUiAppLoggers":{ - "type":"object", - "properties":{ - "adminUiLogTarget":{ - "description":"config-api admin-ui plugin log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "adminUiLogLevel":{ - "description":"config-api admin-ui plugin log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "adminUiAuditLogTarget":{ - "description":"config-api admin-ui plugin audit log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "adminUiAuditLogLevel":{ - "description":"config-api admin-ui plugin audit log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "configApiEnabled":{ - "description":"Enable config API endpoints /jans-config-api", - "type":"boolean" - } - } - } - - - } - }, - "fqdn":{ - "description":"Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services.", - "$ref":"#/definitions/fqdn-pattern" - }, - "fido2":{ - "type":"object", - "properties":{ - "fido2ServiceName":{ - "description":"Name of the fido2 service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "enabled":{ - "description":"Boolean flag to enable/disable the fido2 chart.", - "type":"boolean" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "fido2LogTarget":{ - "description":"fido2.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "fido2LogLevel":{ - "description":"fido2.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceLogTarget":{ - "description":"fido2_persistence.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceLogLevel":{ - "description":"fido2_persistence.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "fido2ConfigEnabled":{ - "description":"Enable endpoint /.well-known/fido2-configuration", - "type":"boolean" - } - } - } - - } - }, - "gcePdStorageType":{ - "description":"GCE storage kind if using Google disks", - "type":"string", - "pattern":"^(pd-standard|pd-balanced|pd-ssd)$" - }, - "isFqdnRegistered":{ - "description":"Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically.", - "type":"boolean" - }, - "istio":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag that enables using istio side cars with Gluu services.", - "type":"boolean" - }, - "ingress":{ - "description":"Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.", - "type":"boolean" - }, - "namespace":{ - "description":"The namespace istio is deployed in. The is normally istio-system.", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" - } - } - }, - "lbIp":{ - "description":"The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable.", - "$ref":"#/definitions/ip-pattern" - }, - "nginx-ingress":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the nginx-ingress definitions chart.", - "type":"boolean" - } - } - }, - "opendj":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the OpenDJ chart.", - "type":"boolean" - }, - "ldapServiceName":{ - "description":"Name of the OpenDJ service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - } - } - }, - "distribution":{ - "description":"Gluu distributions supported are: default|openbanking.", - "type":"string", - "pattern":"^(default|openbanking)$" - }, - "persistence":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the persistence chart.", - "type":"boolean" - } - } - }, - "scim":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the SCIM chart.", - "type":"boolean" - }, - "scimServiceName":{ - "description":"Name of the scim service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "authLogTarget":{ - "description":"jans-scim.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "authLogLevel":{ - "description":"jans-scim.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceLogTarget":{ - "description":"jans-scim_persistence.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceLogLevel":{ - "description":"jans-scim_persistence.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceDurationLogTarget":{ - "description":"jans-scim_persistence_duration.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceDurationLogLevel":{ - "description":"jans-scim_persistence_duration.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "ldapStatsLogTarget":{ - "description":"jans-scim_persistence_ldap_statistics.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "ldapStatsLogLevel":{ - "description":"jans-scim_persistence_ldap_statistics.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "scriptLogTarget":{ - "description":"jans-scim_script.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "scriptLogLevel":{ - "description":"jans-scim_script.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "scimEnabled":{ - "description":"Enable SCIM endpoints /jans-scim", - "type":"boolean" + "appLoggers": { + "type": "object", + "properties": { + "fido2LogTarget": { + "description": "fido2.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "fido2LogLevel": { + "description": "fido2.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget": { + "description": "fido2_persistence.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceLogLevel": { + "description": "fido2_persistence.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } }, - "scimConfigEnabled":{ - "description":"Enable endpoint /.well-known/scim-configuration", - "type":"boolean" + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "fido2ConfigEnabled": { + "description": "Enable endpoint /.well-known/fido2-configuration", + "type": "boolean" + } + } } - } - } - - } - }, - "storageClass":{ - "description":"StorageClass section for OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed.", - "type":"object", - "properties":{ - "allowVolumeExpansion":{ - "type":"boolean" - }, - "allowedTopologies":{ - "type":"array", - "items":{ - "type":"string" - } - }, - "mountOptions":{ - "type":"array", - "items":{ - "type":"string" - } - }, - "parameters":{ - "type":"object", - "properties":{ - "fsType":{ - "type":"string" + } + }, + "gcePdStorageType": { + "description": "GCE storage kind if using Google disks", + "type": "string", + "pattern": "^(pd-standard|pd-balanced|pd-ssd)$" + }, + "isFqdnRegistered": { + "description": "Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically.", + "type": "boolean" + }, + "istio": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag that enables using istio side cars with Gluu services.", + "type": "boolean" }, - "kind":{ - "type":"string" + "ingress": { + "description": "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.", + "type": "boolean" }, - "pool":{ - "type":"string" + "namespace": { + "description": "The namespace istio is deployed in. The is normally istio-system.", + "type": "string", + "pattern": "^[a-z0-9-_/]+$" + } + } + }, + "lbIp": { + "description": "The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable.", + "$ref": "#/definitions/ip-pattern" + }, + "nginx-ingress": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the nginx-ingress definitions chart.", + "type": "boolean" + } + } + }, + "opendj": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the OpenDJ chart.", + "type": "boolean" }, - "storageAccountType":{ - "type":"string" + "ldapServiceName": { + "description": "Name of the OpenDJ service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + } + } + }, + "distribution": { + "description": "Gluu distributions supported are: default|openbanking.", + "type": "string", + "pattern": "^(default|openbanking)$" + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the persistence chart.", + "type": "boolean" + } + } + }, + "scim": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the SCIM chart.", + "type": "boolean" }, - "type":{ - "type":"string" + "scimServiceName": { + "description": "Name of the scim service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "appLoggers": { + "type": "object", + "properties": { + "authLogTarget": { + "description": "jans-scim.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "authLogLevel": { + "description": "jans-scim.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget": { + "description": "jans-scim_persistence.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceLogLevel": { + "description": "jans-scim_persistence.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget": { + "description": "jans-scim_persistence_duration.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel": { + "description": "jans-scim_persistence_duration.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget": { + "description": "jans-scim_persistence_ldap_statistics.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel": { + "description": "jans-scim_persistence_ldap_statistics.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget": { + "description": "jans-scim_script.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "scriptLogLevel": { + "description": "jans-scim_script.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "scimEnabled": { + "description": "Enable SCIM endpoints /jans-scim", + "type": "boolean" + }, + "scimConfigEnabled": { + "description": "Enable endpoint /.well-known/scim-configuration", + "type": "boolean" + } + } } - } - }, - "provisioner":{ - "type":"string" - }, - "reclaimPolicy":{ - "type":"string" - }, - "volumeBindingMode":{ - "type":"string" - } - } - }, - "cnSqlPasswordFile": { - "description": "The location of file contains password for the SQL user config.configmap.cnSqlDbUser. The file path must end with sql_password.", - "type": "string", - "pattern": ".*sql_password\\b.*" - }, - "cnCouchbasePasswordFile": { - "description": "The location of the Couchbase user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password.", - "type": "string", - "pattern": ".*couchbase_password\\b.*" - }, - "cnCouchbaseSuperuserPasswordFile": { - "description": "The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", - "type": "string", - "pattern": ".*couchbase_superuser_password\\b.*" - }, - "cnLdapPasswordFile": { - "description": "The location of the OpenDJ user password. The file path must end with ldap_password.", - "type": "string", - "pattern": ".*ldap_password\\b.*" - }, - "cnLdapTruststorePasswordFile": { - "description": "The location of the OpenDJ truststore password file. The file path must end with ldap_truststore_password.", - "type": "string", - "pattern": ".*ldap_truststore_password\\b.*" - }, - "cnLdapCertFile": { - "description": "The location of the OpenDJ certificate file. The file path must end with opendj.crt.", - "type": "string", - "pattern": ".*opendj.crt\\b.*" - }, - "cnLdapKeyFile": { - "description": "The location of the OpenDJ certificate file. The file path must end with opendj.key.", - "type": "string", - "pattern": ".*opendj.key\\b.*" - }, - "cnLdapCacertFile": { - "description": "The location of the OpenDJ certificate file. The file path must end with opendj.pem.", - "type": "string", - "pattern": ".*opendj.pem\\b.*" - }, - "cnLdapTruststoreFile": { - "description": "The location of the OpenDJ truststore file. The file path must end with opendj.pkcs12.", - "type": "string", - "pattern": ".*opendj.pkcs12\\b.*" + } + }, + "storageClass": { + "description": "StorageClass section for OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed.", + "type": "object", + "properties": { + "allowVolumeExpansion": { + "type": "boolean" + }, + "allowedTopologies": { + "type": "array", + "items": { + "type": "string" + } + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "pool": { + "type": "string" + }, + "storageAccountType": { + "type": "string" + }, + "type": { + "type": "string" + } + } + }, + "provisioner": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string" + }, + "volumeBindingMode": { + "type": "string" + } + } + }, + "cnSqlPasswordFile": { + "description": "The location of file contains password for the SQL user config.configmap.cnSqlDbUser. The file path must end with sql_password.", + "type": "string", + "pattern": ".*sql_password\\b.*" + }, + "cnCouchbasePasswordFile": { + "description": "The location of the Couchbase user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password.", + "type": "string", + "pattern": ".*couchbase_password\\b.*" + }, + "cnCouchbaseSuperuserPasswordFile": { + "description": "The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", + "type": "string", + "pattern": ".*couchbase_superuser_password\\b.*" + }, + "cnLdapPasswordFile": { + "description": "The location of the OpenDJ user password. The file path must end with ldap_password.", + "type": "string", + "pattern": ".*ldap_password\\b.*" + }, + "cnLdapTruststorePasswordFile": { + "description": "The location of the OpenDJ truststore password file. The file path must end with ldap_truststore_password.", + "type": "string", + "pattern": ".*ldap_truststore_password\\b.*" + }, + "cnLdapCertFile": { + "description": "The location of the OpenDJ certificate file. The file path must end with opendj.crt.", + "type": "string", + "pattern": ".*opendj.crt\\b.*" + }, + "cnLdapKeyFile": { + "description": "The location of the OpenDJ certificate file. The file path must end with opendj.key.", + "type": "string", + "pattern": ".*opendj.key\\b.*" + }, + "cnLdapCacertFile": { + "description": "The location of the OpenDJ certificate file. The file path must end with opendj.pem.", + "type": "string", + "pattern": ".*opendj.pem\\b.*" + }, + "cnLdapTruststoreFile": { + "description": "The location of the OpenDJ truststore file. The file path must end with opendj.pkcs12.", + "type": "string", + "pattern": ".*opendj.pkcs12\\b.*" + } } - } - }, - "nginx-ingress":{ - "description":"Nginx ingress definitions chart", - "type":"object", - "properties":{ - - } - }, - "opendj":{ - "description":"OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.", - "type":"object", - "properties":{ - - } - }, - "persistence":{ - "description":"Job to generate data and intial config for Gluu Server persistence layer.", - "type":"object", - "properties":{ - - } - }, - "scim":{ - "description":"System for Cross-domain Identity Management (SCIM) version 2.0", - "type":"object", - "properties":{ - - } - } - , - "allOf":[ - { - "$ref":"#/definitions/admin-ui-enabled" - }, - { - "$ref":"#/definitions/auth-server-enabled" - }, - { - "$ref":"#/definitions/auth-server-key-rotation-enabled" - }, - { - "$ref":"#/definitions/casa-enabled" - }, - { - "$ref":"#/definitions/config-api-enabled" - }, - { - "$ref":"#/definitions/fido2-enabled" - }, - { - "$ref":"#/definitions/nginx-ingress-enabled" - }, - { - "$ref":"#/definitions/opendj-enabled" - }, - { - "$ref":"#/definitions/persistence-enabled" - }, - { - "$ref":"#/definitions/scim-enabled" - } - ], - "definitions":{ - "password":{ - "anyOf":[ - { - "type":"string", - "minLength":8, - "pattern":"", - "description":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol", - "errors":{ - "minLength":"Password minimum 6 character", - "pattern":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" - } - }, - { - "type":"string", - "maxLength":0 + }, + "nginx-ingress": { + "description": "Nginx ingress definitions chart", + "type": "object", + "properties": {} + }, + "opendj": { + "description": "OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.", + "type": "object", + "properties": {} + }, + "persistence": { + "description": "Job to generate data and intial config for Gluu Server persistence layer.", + "type": "object", + "properties": {} + }, + "scim": { + "description": "System for Cross-domain Identity Management (SCIM) version 2.0", + "type": "object", + "properties": {} + }, + "kc-scheduler": { + "description": "Responsible for synchronizing Keycloak SAML clients", + "type": "object", + "properties": {} + } + }, + "allOf": [ + { + "$ref": "#/definitions/admin-ui-enabled" + }, + { + "$ref": "#/definitions/auth-server-enabled" + }, + { + "$ref": "#/definitions/auth-server-key-rotation-enabled" + }, + { + "$ref": "#/definitions/casa-enabled" + }, + { + "$ref": "#/definitions/config-api-enabled" + }, + { + "$ref": "#/definitions/fido2-enabled" + }, + { + "$ref": "#/definitions/nginx-ingress-enabled" + }, + { + "$ref": "#/definitions/opendj-enabled" + }, + { + "$ref": "#/definitions/persistence-enabled" + }, + { + "$ref": "#/definitions/scim-enabled" + }, + { + "$ref": "#/definitions/kc-scheduler-enabled" + } + ], + "definitions": { + "password": { + "anyOf": [ + { + "type": "string", + "minLength": 8, + "pattern": "", + "description": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol", + "errors": { + "minLength": "Password minimum 6 character", + "pattern": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "password-pattern": { + "type": "string", + "minLength": 6, + "pattern": "", + "errors": { + "minLength": "Password minimum 6 character", + "pattern": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" } - ] - }, - "password-pattern":{ - "type":"string", - "minLength":6, - "pattern":"", - "errors":{ - "minLength":"Password minimum 6 character", - "pattern":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" - } - }, - "email-format":{ - "type":"string", - "format":"email" - }, - "fqdn-pattern":{ - "anyOf":[ - { - "type":"string", - "errors":{ - "pattern":"Setting not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org" - } - }, - { - "type":"string", - "maxLength":0 - } - ] - }, - "url-pattern":{ - "anyOf":[ - { - "type":"string", - "pattern":"(^|\\s)((https?:\\/\\/)?[\\w-]+(\\.[\\w-]+)+\\.?(:\\d+)?(\\/\\S*)?)", - "errors":{ - "pattern":"URL pattern is not meeting standards." - } - }, - { - "type":"string", - "maxLength":0 - } - ] - }, - "ip-pattern":{ - "anyOf":[ - { - "type":"string", - "pattern":"^(\\*|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))$", - "errors":{ - "pattern":"Not a valid IP." - } - }, - { - "type":"string", - "maxLength":0 - } - ] - }, - "admin-ui-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "admin-ui":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "admin-ui":{ - "required":[ - "image", - "replicas", - "resources" - ], - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } - } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } - } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - } - } - } - } - }, - "else":true - }, - "auth-server-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "auth-server":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "auth-server":{ - "required":[ - "image", - "replicas", - "resources" - ], - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } - } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } - } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - } - } - } - } - }, - "else":true - }, - "auth-server-key-rotation-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "auth-server-key-rotation":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "auth-server-key-rotation":{ - "properties":{ - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } - } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "keysLife":{ - "description":"Auth server key rotation keys life in hours", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - } - }, - "required":[ - "image", - "resources", - "keysLife" - ] - } - } - }, - "else":true - }, - "casa-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "casa":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "casa":{ - "required":[ - "image", - "replicas", - "resources" - ], - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } - } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } - } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - } - } - } - } - }, - "else":true - }, - "config-api-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "config-api":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "config-api":{ - "required":[ - "image", - "replicas", - "resources" - ], - "type":"object", - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } - } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } - } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - } - } - } - } - }, - "else":true - }, - "fido2-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "fido2":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "fido2":{ - "required":[ - "image", - "replicas", - "resources", - "service" - ], - "type":"object", - "properties":{ - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - }, - "service":{ - "type":"object", - "properties":{ - "fido2ServiceName":{ - "description":"Name of the Fido2 service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - } - } - } - } - } - } - }, - "else":true - }, - "nginx-ingress-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "nginx-ingress":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "nginx-ingress":{ - "type":"object", - "properties":{ - "ingress":{ - "type":"object", - "required":[ - "additionalAnnotations", - "path", - "hosts", - "tls" - ], - "properties":{ - "adminUiLabels":{ - "description":"Admin UI ingress resource labels. key app is taken.", - "type":"object" - }, - "openidConfigLabels":{ - "description":"openid-configuration ingress resource labels. key app is taken", - "type":"object" - }, - "uma2ConfigLabels":{ - "description":"uma2 config ingress resource labels. key app is taken", - "type":"object" - }, - "webfingerLabels":{ - "description":"webfinger ingress resource labels. key app is taken", - "type":"object" - }, - "webdiscoveryLabels":{ - "description":"webdiscovery ingress resource labels. key app is taken", - "type":"object" - }, - "scimConfigEnabled":{ - "description":"Enable endpoint /.well-known/scim-configuration", - "type":"boolean" - }, - "scimConfigLabels":{ - "description":"SCIM config ingress resource labels. key app is taken", - "type":"object" - }, - "scimLabels":{ - "description":"SCIM ingress resource labels. key app is taken", - "type":"object" - }, - "configApiLabels":{ - "description":"configAPI ingress resource labels. key app is taken", - "type":"object" - }, - "u2fConfigLabels":{ - "description":"u2f ingress resource labels. key app is taken", - "type":"object" - }, - "fido2ConfigLabels":{ - "description":"fido2 ingress resource labels. key app is taken", - "type":"object" - }, - "authServerLabels":{ - "description":"Auth server config ingress resource labels. key app is taken", - "type":"object" - }, - "authServerProtectedTokenLabels":{ - "description":"Auth server protected token ingress resource labels. key app is taken", - "type":"object" - }, - "authServerProtectedRedisterLabels":{ - "description":"Auth server protected token ingress resource labels. key app is taken", - "type":"object" - }, - "additionalAnnotations":{ - "description":"Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: \"letsencrypt-prod\"}", - "type":"object" - }, - "hosts":{ - "type":"array", - "items":{ - "$ref":"#/definitions/fqdn-pattern" - } - }, - "path":{ - "type":"string" - }, - "tls":{ - "description":"Secret holding HTTPS CA cert and key.", - "type":"array", - "items":{ - "type":"object", - "properties":{ - "hosts":{ - "type":"array", - "items":{ - "$ref":"#/definitions/fqdn-pattern" - } - }, - "secretName":{ - "type":"string", - "pattern":"^[a-z-]+$" + }, + "email-format": { + "type": "string", + "format": "email" + }, + "fqdn-pattern": { + "anyOf": [ + { + "type": "string", + "errors": { + "pattern": "Setting not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org" + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "url-pattern": { + "anyOf": [ + { + "type": "string", + "pattern": "(^|\\s)((https?:\\/\\/)?[\\w-]+(\\.[\\w-]+)+\\.?(:\\d+)?(\\/\\S*)?)", + "errors": { + "pattern": "URL pattern is not meeting standards." + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "ip-pattern": { + "anyOf": [ + { + "type": "string", + "pattern": "^(\\*|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))$", + "errors": { + "pattern": "Not a valid IP." + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "admin-ui-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "admin-ui": { + "properties": { + "enabled": { + "const": "true" } - } - } - } + } + } } - } - } - } - } - }, - "else":true - }, - "opendj-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "opendj":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + } + }, + "then": { + "properties": { + "admin-ui": { + "required": [ + "image", + "replicas", + "resources" + ], + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - } - } - } - } - }, - "then":{ - "properties":{ - "opendj":{ - "required":[ - "image", - "replicas", - "resources", - "service" - ], - "type":"object", - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } + } + } + }, + "else": true + }, + "auth-server-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "auth-server": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + } + }, + "then": { + "properties": { + "auth-server": { + "required": [ + "image", + "replicas", + "resources" + ], + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + } + }, + "else": true + }, + "auth-server-key-rotation-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "auth-server-key-rotation": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "persistence":{ - "type":"object", - "properties":{ - "size":{ - "description":"OpenDJ volume size", - "type":"string", - "pattern":"^[0-9]Gi+$" - } + } + } + }, + "then": { + "properties": { + "auth-server-key-rotation": { + "properties": { + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "keysLife": { + "description": "Auth server key rotation keys life in hours", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } + }, + "required": [ + "image", + "resources", + "keysLife" + ] + } + } + }, + "else": true + }, + "casa-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "casa": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "ports":{ - "type":"object", - "properties":{ - "tcp-admin":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-ldap":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-ldaps":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-repl":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-serf":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "udp-serf":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - } + } + } + }, + "then": { + "properties": { + "casa": { + "required": [ + "image", + "replicas", + "resources" + ], + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + } + }, + "else": true + }, + "config-api-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "config-api": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - } - } - } - }, - "else":true - }, - "persistence-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "persistence":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + } + }, + "then": { + "properties": { + "config-api": { + "required": [ + "image", + "replicas", + "resources" + ], + "type": "object", + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - } - } - } - } - }, - "then":{ - "properties":{ - "persistence":{ - "required":[ - "image", - "resources" - ], - "type":"object", - "properties":{ - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + } + }, + "else": true + }, + "fido2-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "fido2": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + } + }, + "then": { + "properties": { + "fido2": { + "required": [ + "image", + "replicas", + "resources", + "service" + ], + "type": "object", + "properties": { + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "fido2ServiceName": { + "description": "Name of the Fido2 service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + } + } + } } - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + } + }, + "else": true + }, + "nginx-ingress-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "nginx-ingress": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - } - } - } - }, - "else":true - }, - "scim-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "scim":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + } + }, + "then": { + "properties": { + "nginx-ingress": { + "type": "object", + "properties": { + "ingress": { + "type": "object", + "required": [ + "additionalAnnotations", + "path", + "hosts", + "tls" + ], + "properties": { + "adminUiLabels": { + "description": "Admin UI ingress resource labels. key app is taken.", + "type": "object" + }, + "openidConfigLabels": { + "description": "openid-configuration ingress resource labels. key app is taken", + "type": "object" + }, + "uma2ConfigLabels": { + "description": "uma2 config ingress resource labels. key app is taken", + "type": "object" + }, + "webfingerLabels": { + "description": "webfinger ingress resource labels. key app is taken", + "type": "object" + }, + "webdiscoveryLabels": { + "description": "webdiscovery ingress resource labels. key app is taken", + "type": "object" + }, + "scimConfigEnabled": { + "description": "Enable endpoint /.well-known/scim-configuration", + "type": "boolean" + }, + "scimConfigLabels": { + "description": "SCIM config ingress resource labels. key app is taken", + "type": "object" + }, + "scimLabels": { + "description": "SCIM ingress resource labels. key app is taken", + "type": "object" + }, + "configApiLabels": { + "description": "configAPI ingress resource labels. key app is taken", + "type": "object" + }, + "u2fConfigLabels": { + "description": "u2f ingress resource labels. key app is taken", + "type": "object" + }, + "fido2ConfigLabels": { + "description": "fido2 ingress resource labels. key app is taken", + "type": "object" + }, + "authServerLabels": { + "description": "Auth server config ingress resource labels. key app is taken", + "type": "object" + }, + "authServerProtectedTokenLabels": { + "description": "Auth server protected token ingress resource labels. key app is taken", + "type": "object" + }, + "authServerProtectedRedisterLabels": { + "description": "Auth server protected token ingress resource labels. key app is taken", + "type": "object" + }, + "additionalAnnotations": { + "description": "Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: \"letsencrypt-prod\"}", + "type": "object" + }, + "hosts": { + "type": "array", + "items": { + "$ref": "#/definitions/fqdn-pattern" + } + }, + "path": { + "type": "string" + }, + "tls": { + "description": "Secret holding HTTPS CA cert and key.", + "type": "array", + "items": { + "type": "object", + "properties": { + "hosts": { + "type": "array", + "items": { + "$ref": "#/definitions/fqdn-pattern" + } + }, + "secretName": { + "type": "string", + "pattern": "^[a-z-]+$" + } + } + } + } + } + } } - } - } - } - } - }, - "then":{ - "properties":{ - "scim":{ - "required":[ - "image", - "replicas", - "resources", - "service" - ], - "type":"object", - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } + } + } + }, + "else": true + }, + "opendj-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "opendj": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + } + }, + "then": { + "properties": { + "opendj": { + "required": [ + "image", + "replicas", + "resources", + "service" + ], + "type": "object", + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "description": "OpenDJ volume size", + "type": "string", + "pattern": "^[0-9]Gi+$" + } + } + }, + "ports": { + "type": "object", + "properties": { + "tcp-admin": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-ldap": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-ldaps": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-repl": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-serf": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "udp-serf": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + } + }, + "else": true + }, + "persistence-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "persistence": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + } + }, + "then": { + "properties": { + "persistence": { + "required": [ + "image", + "resources" + ], + "type": "object", + "properties": { + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - }, - "service":{ - "type":"object", - "properties":{ - "scimServiceName":{ - "description":"Name of the SCIM service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - } + } + } + }, + "else": true + }, + "scim-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "scim": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - } - } - } - }, - "else":true - } - } + } + } + }, + "then": { + "properties": { + "scim": { + "required": [ + "image", + "replicas", + "resources", + "service" + ], + "type": "object", + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "scimServiceName": { + "description": "Name of the SCIM service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + } + } + } + } + } + } + }, + "else": true + }, + "kc-scheduler-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "kc-scheduler": { + "properties": { + "enabled": { + "const": "true" + } + } + } + } + } + } + }, + "then": { + "properties": { + "kc-scheduler": { + "properties": { + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "interval": { + "description": "Interval of running the scheduler (in minutes)", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } + }, + "required": [ + "image", + "resources", + "interval" + ] + } + } + }, + "else": true + } + } } diff --git a/charts/gluu/gluu/values.yaml b/charts/gluu/gluu/values.yaml index 239cca787..e74cea2b8 100644 --- a/charts/gluu/gluu/values.yaml +++ b/charts/gluu/gluu/values.yaml @@ -106,7 +106,7 @@ admin-ui: # -- Image to use for deploying. repository: ghcr.io/gluufederation/flex/admin-ui # -- Image tag to use for deploying. - tag: 5.1.1-1 + tag: 5.1.2-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -207,7 +207,7 @@ auth-server: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/auth-server # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -217,7 +217,7 @@ auth-server: limits: # -- CPU limit. cpu: 2500m - # -- Memory limit. + # -- Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. memory: 2500Mi requests: # -- CPU request. @@ -284,7 +284,7 @@ auth-server-key-rotation: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/certmanager # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours @@ -508,7 +508,7 @@ config: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/configurator # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpenDJ is used for persistence. @@ -615,7 +615,7 @@ config-api: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/config-api # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -625,13 +625,13 @@ config-api: limits: # -- CPU limit. cpu: 1000m - # -- Memory limit. - memory: 1000Mi + # -- Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. + memory: 1200Mi requests: # -- CPU request. cpu: 1000m # -- Memory request. - memory: 1000Mi + memory: 1200Mi # -- Configure the liveness healthcheck for the auth server if needed. livenessProbe: # -- http liveness probe endpoint @@ -718,7 +718,7 @@ fido2: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/fido2 # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -728,7 +728,7 @@ fido2: limits: # -- CPU limit. cpu: 500m - # -- Memory limit. + # -- Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. memory: 500Mi requests: # -- CPU request. @@ -826,7 +826,7 @@ casa: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/casa # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -836,7 +836,7 @@ casa: limits: # -- CPU limit. cpu: 500m - # -- Memory limit. + # -- Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. memory: 500Mi requests: # -- CPU request. @@ -1267,7 +1267,7 @@ global: # Enable saml endpoints /kc samlEnabled: false # -- passing custom java options to saml. DO NOT PASS JAVA_OPTIONS in envs. - cnCustomJavaOptions: "" + cnCustomJavaOptions: "" # -- Path to SQL password file cnSqlPasswordFile: /etc/jans/conf/sql_password @@ -1291,6 +1291,9 @@ global: kcDbPasswordFile: /etc/jans/conf/kc_db_password # -- Path to file contains Keycloak admin credentials (username and password) kcAdminCredentialsFile: /etc/jans/conf/kc_admin_creds + kc-scheduler: + # -- Boolean flag to enable/disable the kc-scheduler cronjob chart. + enabled: false # -- Nginx ingress definitions chart nginx-ingress: @@ -1561,7 +1564,7 @@ persistence: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/persistence-loader # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. @@ -1645,7 +1648,7 @@ scim: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/scim # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -1654,13 +1657,13 @@ scim: limits: # -- CPU limit. cpu: 1000m - # -- Memory limit. - memory: 1000Mi + # -- Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. + memory: 1200Mi requests: # -- CPU request. cpu: 1000m # -- Memory request. - memory: 1000Mi + memory: 1200Mi service: # -- The name of the scim port within the scim service. Please keep it as default. name: http-scim @@ -1753,7 +1756,7 @@ link: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/link # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -1763,13 +1766,13 @@ link: limits: # -- CPU limit. cpu: 500m - # -- Memory limit. - memory: 1000Mi + # -- Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. + memory: 1200Mi requests: # -- CPU request. cpu: 500m # -- Memory request. - memory: 1000Mi + memory: 1200Mi # -- Configure the liveness healthcheck for the auth server if needed. livenessProbe: # -- http liveness probe endpoint @@ -1860,7 +1863,7 @@ saml: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/saml # -- Image tag to use for deploying. - tag: 1.1.1-1 + tag: 1.1.2-2 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -1870,13 +1873,13 @@ saml: limits: # -- CPU limit. cpu: 500m - # -- Memory limit. - memory: 1000Mi + # -- Memory limit. This value is used to calculate memory allocation for Java. Currently it only supports `Mi`. Please refrain from using other units. + memory: 1200Mi requests: # -- CPU request. cpu: 500m # -- Memory request. - memory: 1000Mi + memory: 1200Mi # -- Configure the liveness healthcheck for the auth server if needed. livenessProbe: # -- http liveness probe endpoint @@ -1918,3 +1921,60 @@ saml: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + +# -- Responsible for synchronizing Keycloak SAML clients +kc-scheduler: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: ghcr.io/janssenproject/jans/kc-scheduler + # -- Image tag to use for deploying. + tag: 1.1.2-2 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- Interval of running the scheduler (in minutes) + interval: 10 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + # Actions on lifecycle events such as postStart and preStop + # Example + # lifecycle: + # postStart: + # exec: + # command: ["sh", "-c", "mkdir /opt/jans/jetty/jans-auth/custom/static/stylesheet/"] + lifecycle: {} + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: {} + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [] diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index de7d49941..3b1d19a9f 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.84.12] - May 20, 2024 +## [107.84.14] - May 29, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed loggers.image section @@ -20,6 +20,9 @@ All changes to this chart will be documented in this file * Fixed an issue to generate unified secret to support artifactory fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) * Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) * Override metadata and observability image tag with `global.verisons.artifactory` value +* Fixed resource constraints for "setup" initContainer of nginx deployment [GH-962] (https://github.com/jfrog/charts/issues/962) +* Added .Values.artifactory.unifiedSecretsPrependReleaseName` for unified secret to prepend release name +* Fixed maxCacheSize and cacheProviderDir mix up under azure-blob-storage-v2-direct template in binarystore.xml ## [107.83.0] - Mar 12, 2024 * Added image section for `metadata` and `observability` diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index dc7adb1a7..123f5b01b 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -1,11 +1,11 @@ annotations: - artifactoryServiceVersion: 7.84.16 + artifactoryServiceVersion: 7.84.17 catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - condition: postgresql.enabled name: postgresql @@ -27,4 +27,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/charts/jfrog/artifactory-ha/files/binarystore.xml b/charts/jfrog/artifactory-ha/files/binarystore.xml index 27c77b3b6..0e7bc5af0 100644 --- a/charts/jfrog/artifactory-ha/files/binarystore.xml +++ b/charts/jfrog/artifactory-ha/files/binarystore.xml @@ -417,8 +417,8 @@ - {{ .Values.artifactory.persistence.maxCacheSize | int64 }} - {{ .Values.artifactory.persistence.cacheProviderDir }} + {{ .Values.artifactory.persistence.maxCacheSize | int64 }} + {{ .Values.artifactory.persistence.cacheProviderDir }} {{- if .Values.artifactory.persistence.maxFileSizeLimit }} {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} {{- end }} diff --git a/charts/jfrog/artifactory-ha/templates/_helpers.tpl b/charts/jfrog/artifactory-ha/templates/_helpers.tpl index 467d4e7dd..1ad5af4de 100644 --- a/charts/jfrog/artifactory-ha/templates/_helpers.tpl +++ b/charts/jfrog/artifactory-ha/templates/_helpers.tpl @@ -490,4 +490,15 @@ Calculate the systemYaml from the unstructured text input */}} {{- define "artifactory.systemYaml" -}} {{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Resolve unified secret prepend release name +*/}} +{{- define "artifactory.unifiedSecretPrependReleaseName" -}} +{{- if .Values.artifactory.unifiedSecretPrependReleaseName }} +{{- printf "%s" (include "artifactory-ha.fullname" .) -}} +{{- else }} +{{- printf "%s" (include "artifactory-ha.name" .) -}} +{{- end }} +{{- end }} diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml index 0df644d72..a46819614 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -180,7 +180,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -320,7 +320,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -336,7 +336,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -355,7 +355,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -544,7 +544,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -560,7 +560,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -579,7 +579,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -712,7 +712,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -858,7 +858,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -874,7 +874,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -893,7 +893,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1239,7 +1239,8 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory-ha.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory-ha.fullname" . }}-unified-secret + secretName: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" + {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml index dfddd8126..d63c81c95 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -244,7 +244,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory-ha.joinKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: join-key {{- end }} @@ -255,7 +255,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory-ha.jfConnectTokenSecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: jfconnect-token {{- end }} @@ -266,7 +266,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -428,7 +428,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -444,7 +444,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -463,7 +463,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -656,7 +656,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -672,7 +672,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -691,7 +691,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -964,7 +964,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -980,7 +980,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -999,7 +999,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1366,7 +1366,8 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory-ha.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory-ha.fullname" . }}-unified-secret + secretName: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" + {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-unified-secret.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-unified-secret.yaml index 18cf070c8..d21045d99 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-unified-secret.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-unified-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "artifactory-ha.fullname" . }}-unified-secret + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" labels: app: "{{ template "artifactory-ha.name" $ }}" chart: "{{ template "artifactory-ha.chart" $ }}" diff --git a/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml b/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml index 889392912..d43689b8c 100644 --- a/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml +++ b/charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml @@ -76,6 +76,8 @@ spec: - > rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + resources: + {{- toYaml .Values.initContainers.resources | nindent 10 }} volumeMounts: - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} name: nginx-volume diff --git a/charts/jfrog/artifactory-ha/values.yaml b/charts/jfrog/artifactory-ha/values.yaml index d7cd474ab..f75547e47 100644 --- a/charts/jfrog/artifactory-ha/values.yaml +++ b/charts/jfrog/artifactory-ha/values.yaml @@ -48,7 +48,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.3.1552 + tag: 9.4.949 pullPolicy: IfNotPresent resources: requests: @@ -345,6 +345,8 @@ artifactory: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha internal(chart) secrets, It won't be affecting external secrets. ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.78.x, Users can switch to false to continue with the old way of secret creation. unifiedSecretInstallation: true + ## unifiedSecretPrependReleaseName Set this flag to false if unifiedSecret should not be created with prepended. + unifiedSecretPrependReleaseName: true image: registry: releases-docker.jfrog.io repository: jfrog/artifactory-pro @@ -536,7 +538,7 @@ artifactory: # cpu: "100m" ## Add custom volumes - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.fullname" . }}-unified-secret'. + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret'. customVolumes: "" # - name: custom-script # configMap: @@ -585,7 +587,7 @@ artifactory: # jfConnectTokenSecretName: # Add custom secrets - secret per file - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.fullname" . }}-unified-secret' common to all secrets + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret' common to all secrets customSecrets: # - name: custom-secret # key: custom-secret.yaml diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md index 14d384f13..0462ef636 100644 --- a/charts/jfrog/artifactory-jcr/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.84.12] - Feb 20, 2024 +## [107.84.14] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml index c424da2c6..1d6fb19a3 100644 --- a/charts/jfrog/artifactory-jcr/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/Chart.yaml @@ -4,11 +4,11 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.84.12 + version: 107.84.14 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index b5bf63052..7774a8f8d 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.84.12] - May 16, 2024 +## [107.84.14] - May 29, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed image section for `loggers` @@ -18,6 +18,9 @@ All changes to this chart will be documented in this file. * Added a check if `initContainerImage` exists * Fixed an issue to generate unified secret to support artifactory fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) * Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) +* Fixed resource constraints for "setup" initContainer of nginx deployment [GH-962] (https://github.com/jfrog/charts/issues/962) +* Added .Values.artifactory.unifiedSecretPrependReleaseName` for unified secret to prepend release name +* Fixed maxCacheSize and cacheProviderDir mix up under azure-blob-storage-v2-direct template in binarystore.xml ## [107.82.0] - Mar 04, 2024 * Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router. diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index 021dcafc4..a75fa648a 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml b/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml index fa99e4d4f..e396e0a41 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml @@ -404,8 +404,8 @@ - {{ .Values.artifactory.persistence.maxCacheSize | int64 }} - {{ .Values.artifactory.persistence.cacheProviderDir }} + {{ .Values.artifactory.persistence.maxCacheSize | int64 }} + {{ .Values.artifactory.persistence.cacheProviderDir }} {{- if .Values.artifactory.persistence.maxFileSizeLimit }} {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} {{- end }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl index 03de977a0..1cf6cc365 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl @@ -456,3 +456,14 @@ Calculate the systemYaml from the unstructured text input {{- define "artifactory.systemYaml" -}} {{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} {{- end -}} + +{{/* +Resolve unified secret prepend release name +*/}} +{{- define "artifactory.unifiedSecretPrependReleaseName" -}} +{{- if .Values.artifactory.unifiedSecretPrependReleaseName }} +{{- printf "%s" (include "artifactory.fullname" .) -}} +{{- else }} +{{- printf "%s" (include "artifactory.name" .) -}} +{{- end }} +{{- end }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml index 4b91e0f02..93b2ad50f 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml @@ -226,7 +226,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory.joinKeySecretName" . }} {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: join-key {{- end }} @@ -237,7 +237,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory.jfConnectTokenSecretName" . }} {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: jfconnect-token {{- end }} @@ -248,7 +248,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -408,7 +408,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -424,7 +424,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -443,7 +443,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -622,7 +622,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -638,7 +638,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -657,7 +657,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -934,7 +934,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -950,7 +950,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -969,7 +969,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1321,7 +1321,8 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory.fullname" . }}-unified-secret + secretName: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" + {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ {{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled (not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName) }} diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-unified-secret.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-unified-secret.yaml index ec9e61daa..bb6719b4e 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-unified-secret.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-unified-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "artifactory.fullname" . }}-unified-secret + name: {{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret labels: app: "{{ template "artifactory.name" $ }}" chart: "{{ template "artifactory.chart" $ }}" diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml index 7f1ea6733..774bedcca 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml @@ -79,6 +79,8 @@ spec: - > rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + resources: + {{- toYaml .Values.initContainers.resources | nindent 10 }} volumeMounts: - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} name: nginx-volume diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml index 959be3ad9..84c9d01fc 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml @@ -49,7 +49,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.3.1552 + tag: 9.4.949 pullPolicy: IfNotPresent resources: requests: @@ -287,6 +287,8 @@ artifactory: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory internal(chart) secrets, It won't be affecting external secrets. ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.79.x, Users can switch to false to continue with the old way of secret creation. unifiedSecretInstallation: true + ## unifiedSecretPrependReleaseName Set this flag to false if unifiedSecret should not be created with prepended. + unifiedSecretPrependReleaseName: true # For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above. replicaCount: 1 # minAvailable: 1 @@ -492,7 +494,7 @@ artifactory: # cpu: "100m" ## Add custom volumes - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.fullname" . }}-unified-secret' + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret' customVolumes: "" # - name: custom-script # configMap: @@ -565,7 +567,7 @@ artifactory: # jfConnectTokenSecretName: # Add custom secrets - secret per file - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.fullname" . }}-unified-secret' common to all secrets + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret' common to all secrets customSecrets: # - name: custom-secret # key: custom-secret.yaml diff --git a/charts/jfrog/artifactory-jcr/values.yaml b/charts/jfrog/artifactory-jcr/values.yaml index 2869e5a05..84febcc10 100644 --- a/charts/jfrog/artifactory-jcr/values.yaml +++ b/charts/jfrog/artifactory-jcr/values.yaml @@ -72,4 +72,4 @@ router: tag: 7.105.1 initContainers: image: - tag: 9.3.1552 + tag: 9.4.949 diff --git a/charts/percona/psmdb-db/Chart.yaml b/charts/percona/psmdb-db/Chart.yaml index 6d962948b..26acbf27d 100644 --- a/charts/percona/psmdb-db/Chart.yaml +++ b/charts/percona/psmdb-db/Chart.yaml @@ -15,4 +15,4 @@ maintainers: - email: natalia.marukovich@percona.com name: nmarukovich name: psmdb-db -version: 1.16.0 +version: 1.16.1 diff --git a/charts/percona/psmdb-db/README.md b/charts/percona/psmdb-db/README.md index 544e65b23..bca257632 100644 --- a/charts/percona/psmdb-db/README.md +++ b/charts/percona/psmdb-db/README.md @@ -36,6 +36,7 @@ The chart can be customized using the following configurable parameters: | `unsafeFlags.backupIfUnhealthy` | Allows running backup on a cluster with failed health checks | `false` | | `clusterServiceDNSSuffix` | The (non-standard) cluster domain to be used as a suffix of the Service name | `""` | | `clusterServiceDNSMode` | Mode for the cluster service dns (Internal/ServiceMesh) | `""` | +| `annotations` | PSMDB custom resource annotations | `{}` | | `ignoreAnnotations` | The list of annotations to be ignored by the Operator | `[]` | | `ignoreLabels` | The list of labels to be ignored by the Operator | `[]` | | `multiCluster.enabled` | Enable Multi Cluster Services (MCS) cluster mode | `false` | diff --git a/charts/percona/psmdb-db/templates/cluster.yaml b/charts/percona/psmdb-db/templates/cluster.yaml index e0c006221..db93beb0d 100644 --- a/charts/percona/psmdb-db/templates/cluster.yaml +++ b/charts/percona/psmdb-db/templates/cluster.yaml @@ -1,9 +1,10 @@ apiVersion: psmdb.percona.com/v1 kind: PerconaServerMongoDB metadata: + {{- if .Values.annotations }} annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"psmdb.percona.com/v1","kind":"PerconaServerMongoDB"} +{{ .Values.annotations | toYaml | indent 4 }} + {{- end }} name: {{ include "psmdb-database.fullname" . }} namespace: {{ .Release.Namespace }} labels: diff --git a/charts/percona/psmdb-db/values.yaml b/charts/percona/psmdb-db/values.yaml index 6782481f6..a46c700f9 100644 --- a/charts/percona/psmdb-db/values.yaml +++ b/charts/percona/psmdb-db/values.yaml @@ -28,6 +28,8 @@ unsafeFlags: terminationGracePeriod: false backupIfUnhealthy: false +annotations: {} + # ignoreAnnotations: # - service.beta.kubernetes.io/aws-load-balancer-backend-protocol # ignoreLabels: diff --git a/index.yaml b/index.yaml index 52406fb93..64a40ee0d 100644 --- a/index.yaml +++ b/index.yaml @@ -241,6 +241,40 @@ entries: - assets/amd/amd-gpu-0.9.0.tgz version: 0.9.0 artifactory-ha: + - annotations: + artifactoryServiceVersion: 7.84.17 + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.84.14 + created: "2024-06-07T00:57:38.426373386Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: bd964c37edb6388d44d187075887b1a962cc38aeac9f06e566b3cf32b50fdb2d + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.84.14.tgz + version: 107.84.14 - annotations: artifactoryServiceVersion: 7.84.16 catalog.cattle.io/certified: partner @@ -1268,6 +1302,40 @@ entries: - assets/jfrog/artifactory-ha-107.55.14.tgz version: 107.55.14 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.84.14 + created: "2024-06-07T00:57:38.672526969Z" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.84.14 + description: JFrog Container Registry + digest: 17beb379cb64a4df8589add14a19950934f08d2ee7b162ee08a6a600ce197002 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.84.14.tgz + version: 107.84.14 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -11134,6 +11202,117 @@ entries: - assets/inaccel/fpga-operator-2.5.201.tgz version: 2.5.201 gluu: + - annotations: + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/images: | + - name: auth-server + image: ghcr.io/janssenproject/jans/auth-server:1.1.2-2 + - name: auth-server-key-rotation + image: ghcr.io/janssenproject/jans/certmanager:1.1.2-2 + - name: configuration-manager + image: ghcr.io/janssenproject/jans/configurator:1.1.2-2 + - name: config-api + image: ghcr.io/janssenproject/jans/config-api:1.1.2-2 + - name: fido2 + image: ghcr.io/janssenproject/jans/fido2:1.1.2-2 + - name: persistence + image: ghcr.io/janssenproject/jans/persistence-loader:1.1.2-2 + - name: scim + image: ghcr.io/janssenproject/jans/scim:1.1.2-2 + - name: casa + image: ghcr.io/janssenproject/jans/casa:1.1.2-2 + - name: admin-ui + image: ghcr.io/gluufederation/flex/admin-ui:5.1.2-1 + - name: link + image: ghcr.io/janssenproject/jans/link:1.1.2-2 + - name: saml + image: ghcr.io/janssenproject/jans/saml:1.1.2-2 + - name: kc-scheduler + image: ghcr.io/janssenproject/jans/kc-scheduler:1.1.2-2 + artifacthub.io/license: Apache-2.0 + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management + catalog.cattle.io/featured: "4" + catalog.cattle.io/kube-version: '>=v1.21.0-0' + catalog.cattle.io/release-name: gluu + apiVersion: v2 + appVersion: 5.1.2 + created: "2024-06-07T00:57:37.608217215Z" + dependencies: + - condition: global.config.enabled + name: config + repository: file://./charts/config + version: 1.1.2 + - condition: global.config-api.enabled + name: config-api + repository: file://./charts/config-api + version: 1.1.2 + - condition: global.opendj.enabled + name: opendj + repository: file://./charts/opendj + version: 5.1.2 + - condition: global.auth-server.enabled + name: auth-server + repository: file://./charts/auth-server + version: 1.1.2 + - condition: global.admin-ui.enabled + name: admin-ui + repository: file://./charts/admin-ui + version: 5.1.2 + - condition: global.fido2.enabled + name: fido2 + repository: file://./charts/fido2 + version: 1.1.2 + - condition: global.scim.enabled + name: scim + repository: file://./charts/scim + version: 1.1.2 + - condition: global.nginx-ingress.enabled + name: nginx-ingress + repository: file://./charts/nginx-ingress + version: 5.1.2 + - condition: global.casa.enabled + name: casa + repository: file://./charts/casa + version: 1.1.2 + - condition: global.auth-server-key-rotation.enabled + name: auth-server-key-rotation + repository: file://./charts/auth-server-key-rotation + version: 1.1.2 + - condition: global.persistence.enabled + name: persistence + repository: file://./charts/persistence + version: 1.1.2 + - condition: global.istio.ingress + name: cn-istio-ingress + repository: file://./charts/cn-istio-ingress + version: 5.1.2 + - condition: global.link.enabled + name: link + repository: file://./charts/link + version: 1.1.2 + - condition: global.saml.enabled + name: saml + repository: file://./charts/saml + version: 1.1.2 + - condition: global.kc-scheduler.enabled + name: kc-scheduler + repository: file://./charts/kc-scheduler + version: 1.1.2 + description: Gluu Access and Identity Management + digest: fe5aee957ae0605969bb82ba17b626da9c99927d5f0990d644bbb245413ab94a + home: https://www.gluu.org + icon: https://gluu.org/docs/gluu-server/favicon.ico + kubeVersion: '>=v1.21.0-0' + maintainers: + - email: team@gluu.org + name: moabu + name: gluu + sources: + - https://docs.gluu.org + urls: + - assets/gluu/gluu-5.1.2.tgz + version: 5.1.2 - annotations: artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/images: | @@ -11162,12 +11341,11 @@ entries: artifacthub.io/license: Apache-2.0 catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management - catalog.cattle.io/featured: "4" catalog.cattle.io/kube-version: '>=v1.21.0-0' catalog.cattle.io/release-name: gluu apiVersion: v2 appVersion: 5.1.1 - created: "2024-04-16T10:50:01.9875302-06:00" + created: "2024-06-07T00:57:30.012858903Z" dependencies: - condition: global.config.enabled name: config @@ -11226,9 +11404,9 @@ entries: repository: file://./charts/saml version: 1.1.1 description: Gluu Access and Identity Management - digest: 60470a4e377d5baea30d9a73329c71336cfb158a030cd6f1bb78ce55beddab93 + digest: 29becffe78912baaeb60a44cd0060fae7a10ac327b7d6f6c852aa2be7f61532f home: https://www.gluu.org - icon: file://assets/icons/gluu.ico + icon: https://gluu.org/docs/gluu-server/favicon.ico kubeVersion: '>=v1.21.0-0' maintainers: - email: team@gluu.org @@ -35822,6 +36000,28 @@ entries: - assets/portshift-operator/portshift-operator-0.1.000.tgz version: 0.1.000 psmdb-db: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Percona Server for MongoDB + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: psmdb-db + apiVersion: v2 + appVersion: 1.16.0 + created: "2024-06-07T00:57:41.032836651Z" + description: A Helm chart for installing Percona Server MongoDB Cluster Databases + using the PSMDB Operator. + digest: d6fbf37467ce53a5d668bf82704e252c5f5c3dbb7676146990a5cd571297ab9e + home: https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html + icon: https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/operator.png + maintainers: + - email: tomislav.plavcic@percona.com + name: tplavcic + - email: natalia.marukovich@percona.com + name: nmarukovich + name: psmdb-db + urls: + - assets/percona/psmdb-db-1.16.1.tgz + version: 1.16.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Percona Server for MongoDB