diff --git a/charts/janssen-all-in-one/README.md b/charts/janssen-all-in-one/README.md index 73122e40d34..14739d85fb9 100644 --- a/charts/janssen-all-in-one/README.md +++ b/charts/janssen-all-in-one/README.md @@ -30,9 +30,10 @@ Kubernetes: `>=v1.22.0-0` | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | | alb.ingress | bool | `false` | switches the service to Nodeport for ALB ingress | | auth-server | object | `{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}}` | Parameters used globally across all services helm charts. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.21_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.21_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | | auth-server-key-rotation.enabled | bool | `true` | Boolean flag to enable/disable the auth-server-key rotation cronjob. | @@ -170,6 +171,7 @@ Kubernetes: `>=v1.22.0-0` | configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected the secrets . | | configmap.lbAddr | string | `""` | Load balancer address for AWS if the FQDN is not registered. | | countryCode | string | `"US"` | Country code. Used for certificate creation. | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | email | string | `"support@jans.io"` | Email address of the administrator usually. Used for certificate creation. | diff --git a/charts/janssen-all-in-one/templates/cronjobs.yaml b/charts/janssen-all-in-one/templates/cronjobs.yaml index 83adcff0922..eb6b4536e7e 100644 --- a/charts/janssen-all-in-one/templates/cronjobs.yaml +++ b/charts/janssen-all-in-one/templates/cronjobs.yaml @@ -35,6 +35,16 @@ spec: {{- end }} containers: - name: {{ include "janssen-all-in-one.name" . }}-as-key-rotation + {{- if .Values.customScripts }} + command: + - /bin/sh + - -c + - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 20}} + {{- end }} + /app/bin/entrypoint.sh + {{- end}} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" env: {{- include "janssen-all-in-one.usr-envs" . | indent 16 }} diff --git a/charts/janssen-all-in-one/templates/deployment.yml b/charts/janssen-all-in-one/templates/deployment.yml index 974d9baa730..f1f1b9938aa 100644 --- a/charts/janssen-all-in-one/templates/deployment.yml +++ b/charts/janssen-all-in-one/templates/deployment.yml @@ -50,12 +50,17 @@ spec: securityContext: runAsUser: 1000 runAsNonRoot: true - {{- if not .Values.isFqdnRegistered }} + {{- if or (not .Values.isFqdnRegistered) ( .Values.customScripts) }} command: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 14}} + {{- end }} + {{- if not .Values.isFqdnRegistered }} /usr/bin/python3 /scripts/updatelbip.py & + {{- end}} /app/bin/entrypoint.sh {{- end}} ports: diff --git a/charts/janssen-all-in-one/values.yaml b/charts/janssen-all-in-one/values.yaml index e0e8b0ceeed..5ab9a17f3e2 100644 --- a/charts/janssen-all-in-one/values.yaml +++ b/charts/janssen-all-in-one/values.yaml @@ -251,7 +251,10 @@ auth-server-key-rotation: additionalAnnotations: {} # -- Boolean flag to enable/disable the auth-server-key rotation cronjob. enabled: true - + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] casa: # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. appLoggers: @@ -647,3 +650,7 @@ lifecycle: {} additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/README.md b/charts/janssen/README.md index 954e965ff42..ac69c184e54 100644 --- a/charts/janssen/README.md +++ b/charts/janssen/README.md @@ -39,10 +39,11 @@ Kubernetes: `>=v1.22.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.21_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.21_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | @@ -65,6 +66,7 @@ Kubernetes: `>=v1.22.0-0` | auth-server-key-rotation.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | | auth-server.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server.dnsConfig | object | `{}` | Add custom dns config | | auth-server.dnsPolicy | string | `""` | Add custom dns policy | | auth-server.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | @@ -90,9 +92,10 @@ Kubernetes: `>=v1.22.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| casa.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | casa.dnsConfig | object | `{}` | Add custom dns config | | casa.dnsPolicy | string | `""` | Add custom dns policy | | casa.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | @@ -119,10 +122,11 @@ Kubernetes: `>=v1.22.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"janssen","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"janssen","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"janssen","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapKey":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.0.21_dev"},"ldapPassword":"P@ssw0rds","ldapTruststorePassword":"changeit","lifecycle":{},"orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"janssen","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"janssen","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"janssen","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapKey":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","customScripts":[],"dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.0.21_dev"},"ldapPassword":"P@ssw0rds","ldapTruststorePassword":"changeit","lifecycle":{},"orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| config-api.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | config-api.dnsConfig | object | `{}` | Add custom dns config | | config-api.dnsPolicy | string | `""` | Add custom dns policy | | config-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | @@ -190,6 +194,7 @@ Kubernetes: `>=v1.22.0-0` | config.configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected the secrets . | | config.configmap.lbAddr | string | `""` | Load balancer address for AWS if the FQDN is not registered. | | config.countryCode | string | `"US"` | Country code. Used for certificate creation. | +| config.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | config.dnsConfig | object | `{}` | Add custom dns config | | config.dnsPolicy | string | `""` | Add custom dns policy | | config.email | string | `"support@jans.io"` | Email address of the administrator usually. Used for certificate creation. | @@ -212,9 +217,10 @@ Kubernetes: `>=v1.22.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| fido2.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | fido2.dnsConfig | object | `{}` | Add custom dns config | | fido2.dnsPolicy | string | `""` | Add custom dns policy | | fido2.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | @@ -242,9 +248,9 @@ Kubernetes: `>=v1.22.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnLdapCacertFile":"/etc/certs/opendj.pem","cnLdapCertFile":"/etc/certs/opendj.crt","cnLdapKeyFile":"/etc/certs/opendj.key","cnLdapPasswordFile":"/etc/jans/conf/ldap_password","cnLdapTruststoreFile":"/etc/certs/opendj.pkcs12","cnLdapTruststorePasswordFile":"/etc/jans/conf/ldap_truststore_password","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":true},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnLdapCacertFile":"/etc/certs/opendj.pem","cnLdapCertFile":"/etc/certs/opendj.crt","cnLdapKeyFile":"/etc/certs/opendj.key","cnLdapPasswordFile":"/etc/jans/conf/ldap_password","cnLdapTruststoreFile":"/etc/certs/opendj.pkcs12","cnLdapTruststorePasswordFile":"/etc/jans/conf/ldap_truststore_password","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.alb.ingress | bool | `false` | Activates ALB ingress | -| global.auth-server-key-rotation.enabled | bool | `false` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | +| global.auth-server-key-rotation.enabled | bool | `true` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | | global.auth-server.appLoggers | object | `{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | | global.auth-server.appLoggers.auditStatsLogLevel | string | `"INFO"` | jans-auth_audit.log level | | global.auth-server.appLoggers.auditStatsLogTarget | string | `"FILE"` | jans-auth_script.log target | @@ -385,9 +391,10 @@ Kubernetes: `>=v1.22.0-0` | global.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services | | global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | | global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | -| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1000Mi"},"requests":{"cpu":"500m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | +| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1000Mi"},"requests":{"cpu":"500m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | | link.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | link.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| link.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | link.dnsConfig | object | `{}` | Add custom dns config | | link.dnsPolicy | string | `""` | Add custom dns policy | | link.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | @@ -443,10 +450,11 @@ Kubernetes: `>=v1.22.0-0` | nginx-ingress.ingress.webdiscoveryLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | | nginx-ingress.ingress.webfingerAdditionalAnnotations | object | `{}` | webfinger ingress resource additional annotations. | | nginx-ingress.ingress.webfingerLabels | object | `{}` | webfinger ingress resource labels. key app is taken | -| opendj | object | `{"additionalAnnotations":{},"additionalLabels":{},"backup":{"cronJobSchedule":"*/59 * * * *","enabled":true},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/opendj","tag":"5.0.0_dev"},"lifecycle":{"preStop":{"exec":{"command":["/bin/sh","-c","python3 /app/scripts/deregister_peer.py 1>&/proc/1/fd/1"]}}},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. | +| opendj | object | `{"additionalAnnotations":{},"additionalLabels":{},"backup":{"cronJobSchedule":"*/59 * * * *","enabled":true},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/opendj","tag":"5.0.0_dev"},"lifecycle":{"preStop":{"exec":{"command":["/bin/sh","-c","python3 /app/scripts/deregister_peer.py 1>&/proc/1/fd/1"]}}},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. | | opendj.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | opendj.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | opendj.backup | object | `{"cronJobSchedule":"*/59 * * * *","enabled":true}` | Configure ldap backup cronjob | +| opendj.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | opendj.dnsConfig | object | `{}` | Add custom dns config | | opendj.dnsPolicy | string | `""` | Add custom dns policy | | opendj.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | @@ -473,9 +481,10 @@ Kubernetes: `>=v1.22.0-0` | opendj.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | opendj.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | opendj.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.0.21_dev"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Janssen Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.0.21_dev"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Janssen Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| persistence.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | persistence.dnsConfig | object | `{}` | Add custom dns config | | persistence.dnsPolicy | string | `""` | Add custom dns policy | | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | @@ -492,9 +501,10 @@ Kubernetes: `>=v1.22.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.0.21_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| scim.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | scim.dnsConfig | object | `{}` | Add custom dns config | | scim.dnsPolicy | string | `""` | Add custom dns policy | | scim.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | diff --git a/charts/janssen/charts/auth-server-key-rotation/README.md b/charts/janssen/charts/auth-server-key-rotation/README.md index 616e5dbf117..5a0514fd00b 100644 --- a/charts/janssen/charts/auth-server-key-rotation/README.md +++ b/charts/janssen/charts/auth-server-key-rotation/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.22.0-0` | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | diff --git a/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml b/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml index 8fbdb3d7e28..9ffce240cd5 100644 --- a/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml +++ b/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml @@ -35,6 +35,16 @@ spec: {{- end }} containers: - name: {{ include "auth-server-key-rotation.name" . }} + {{- if .Values.customScripts }} + command: + - /bin/sh + - -c + - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 20}} + {{- end }} + /app/scripts/entrypoint.sh + {{- end}} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" env: {{- include "auth-server-key-rotation.usr-envs" . | indent 16 }} diff --git a/charts/janssen/charts/auth-server-key-rotation/values.yaml b/charts/janssen/charts/auth-server-key-rotation/values.yaml index 3494f16d0b7..a8c9aaca4e2 100644 --- a/charts/janssen/charts/auth-server-key-rotation/values.yaml +++ b/charts/janssen/charts/auth-server-key-rotation/values.yaml @@ -58,3 +58,5 @@ affinity: {} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +customScripts: [] \ No newline at end of file diff --git a/charts/janssen/charts/auth-server/README.md b/charts/janssen/charts/auth-server/README.md index 6f6b3fc7fe3..db107c6ebc3 100644 --- a/charts/janssen/charts/auth-server/README.md +++ b/charts/janssen/charts/auth-server/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | diff --git a/charts/janssen/charts/auth-server/templates/deployment.yml b/charts/janssen/charts/auth-server/templates/deployment.yml index 268355852d0..c6c3f1a2c12 100644 --- a/charts/janssen/charts/auth-server/templates/deployment.yml +++ b/charts/janssen/charts/auth-server/templates/deployment.yml @@ -51,12 +51,17 @@ spec: securityContext: runAsUser: 1000 runAsNonRoot: true - {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} command: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 14}} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} /usr/bin/python3 /scripts/updatelbip.py & + {{- end}} /app/scripts/entrypoint.sh {{- end}} ports: diff --git a/charts/janssen/charts/auth-server/values.yaml b/charts/janssen/charts/auth-server/values.yaml index b6c7a87c023..6e259d81d66 100644 --- a/charts/janssen/charts/auth-server/values.yaml +++ b/charts/janssen/charts/auth-server/values.yaml @@ -90,3 +90,5 @@ lifecycle: {} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +customScripts: [] \ No newline at end of file diff --git a/charts/janssen/charts/casa/README.md b/charts/janssen/charts/casa/README.md index 856eaf53d4b..ab002e643bf 100644 --- a/charts/janssen/charts/casa/README.md +++ b/charts/janssen/charts/casa/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.21.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | fullnameOverride | string | `""` | | diff --git a/charts/janssen/charts/casa/templates/deployment.yaml b/charts/janssen/charts/casa/templates/deployment.yaml index 75e8942b050..01da56ad232 100644 --- a/charts/janssen/charts/casa/templates/deployment.yaml +++ b/charts/janssen/charts/casa/templates/deployment.yaml @@ -54,14 +54,19 @@ spec: env: {{- include "casa.usr-envs" . | indent 12 }} {{- include "casa.usr-secret-envs" . | indent 12 }} - {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} command: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 16}} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} /usr/bin/python3 /scripts/updatelbip.py & + {{- end}} /app/scripts/entrypoint.sh - {{- end }} + {{- end}} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: {{ .Values.service.name }} diff --git a/charts/janssen/charts/casa/values.yaml b/charts/janssen/charts/casa/values.yaml index 1af8642d561..8912ff2fe00 100644 --- a/charts/janssen/charts/casa/values.yaml +++ b/charts/janssen/charts/casa/values.yaml @@ -103,3 +103,5 @@ securityContext: {} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +customScripts: [] \ No newline at end of file diff --git a/charts/janssen/charts/config-api/README.md b/charts/janssen/charts/config-api/README.md index c9f0e2fdf6a..ee24559eb6f 100644 --- a/charts/janssen/charts/config-api/README.md +++ b/charts/janssen/charts/config-api/README.md @@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0` | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | fullnameOverride | string | `""` | | diff --git a/charts/janssen/charts/config-api/templates/deployment.yaml b/charts/janssen/charts/config-api/templates/deployment.yaml index a70d0a5ef99..cde3f36201c 100644 --- a/charts/janssen/charts/config-api/templates/deployment.yaml +++ b/charts/janssen/charts/config-api/templates/deployment.yaml @@ -51,14 +51,19 @@ spec: runAsUser: 1000 runAsNonRoot: true imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} command: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 16}} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} /usr/bin/python3 /scripts/updatelbip.py & + {{- end}} /app/scripts/entrypoint.sh - {{- end }} + {{- end}} ports: - containerPort: 9444 - containerPort: 8074 diff --git a/charts/janssen/charts/config-api/values.yaml b/charts/janssen/charts/config-api/values.yaml index d047d952a3f..617197752c1 100644 --- a/charts/janssen/charts/config-api/values.yaml +++ b/charts/janssen/charts/config-api/values.yaml @@ -96,3 +96,7 @@ lifecycle: {} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/charts/config/README.md b/charts/janssen/charts/config/README.md index a127276ee55..95ecc7a0505 100644 --- a/charts/janssen/charts/config/README.md +++ b/charts/janssen/charts/config/README.md @@ -74,6 +74,7 @@ Kubernetes: `>=v1.22.0-0` | configmap.containerMetadataName | string | `"kubernetes"` | | | configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. | | countryCode | string | `"US"` | Country code. Used for certificate creation. | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | email | string | `"support@jans.io"` | Email address of the administrator usually. Used for certificate creation. | diff --git a/charts/janssen/charts/config/templates/load-init-config.yml b/charts/janssen/charts/config/templates/load-init-config.yml index 6abb3036cb3..64c48a7e3c6 100644 --- a/charts/janssen/charts/config/templates/load-init-config.yml +++ b/charts/janssen/charts/config/templates/load-init-config.yml @@ -160,12 +160,15 @@ spec: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 14}} + {{- end }} {{- if .Values.migration.enabled }} - /app/scripts/entrypoint.sh migrate --migration-dir {{ .Values.migration.migrationDir | quote }} --data-format {{ .Values.migration.migrationDataFormat | quote }} && /usr/bin/python3 /scripts/tls_generator.py - {{- else }} - /app/scripts/entrypoint.sh load && /usr/bin/python3 /scripts/tls_generator.py - {{- end }} - {{- if .Values.global.istio.enabled }} - curl -X POST http://localhost:15020/quitquitquit - {{- end }} + /app/scripts/entrypoint.sh migrate --migration-dir {{ .Values.migration.migrationDir | quote }} --data-format {{ .Values.migration.migrationDataFormat | quote }} && /usr/bin/python3 /scripts/tls_generator.py + {{- else }} + /app/scripts/entrypoint.sh load && /usr/bin/python3 /scripts/tls_generator.py + {{- end }} + {{- if .Values.global.istio.enabled }} + curl -X POST http://localhost:15020/quitquitquit + {{- end }} restartPolicy: Never diff --git a/charts/janssen/charts/config/values.yaml b/charts/janssen/charts/config/values.yaml index 8bb3ddd3e0c..895d86b6780 100644 --- a/charts/janssen/charts/config/values.yaml +++ b/charts/janssen/charts/config/values.yaml @@ -185,3 +185,7 @@ fullNameOverride: "" additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/charts/fido2/README.md b/charts/janssen/charts/fido2/README.md index ed19f733816..2ca52aa8880 100644 --- a/charts/janssen/charts/fido2/README.md +++ b/charts/janssen/charts/fido2/README.md @@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | diff --git a/charts/janssen/charts/fido2/templates/deployment.yml b/charts/janssen/charts/fido2/templates/deployment.yml index f0f923315d2..8942ac3d364 100644 --- a/charts/janssen/charts/fido2/templates/deployment.yml +++ b/charts/janssen/charts/fido2/templates/deployment.yml @@ -51,12 +51,17 @@ spec: env: {{- include "fido2.usr-envs" . | indent 12 }} {{- include "fido2.usr-secret-envs" . | indent 12 }} - {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} command: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 14}} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} /usr/bin/python3 /scripts/updatelbip.py & + {{- end}} /app/scripts/entrypoint.sh {{- end}} ports: diff --git a/charts/janssen/charts/fido2/values.yaml b/charts/janssen/charts/fido2/values.yaml index 75f77f88521..f71432b5f92 100644 --- a/charts/janssen/charts/fido2/values.yaml +++ b/charts/janssen/charts/fido2/values.yaml @@ -89,3 +89,7 @@ lifecycle: {} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/charts/link/README.md b/charts/janssen/charts/link/README.md index d607180665a..26309f040a6 100644 --- a/charts/janssen/charts/link/README.md +++ b/charts/janssen/charts/link/README.md @@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0` | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | fullnameOverride | string | `""` | | diff --git a/charts/janssen/charts/link/templates/deployment.yaml b/charts/janssen/charts/link/templates/deployment.yaml index 63a166a95ca..c9c439c59ff 100644 --- a/charts/janssen/charts/link/templates/deployment.yaml +++ b/charts/janssen/charts/link/templates/deployment.yaml @@ -51,14 +51,19 @@ spec: runAsUser: 1000 runAsNonRoot: true imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} command: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 16}} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} /usr/bin/python3 /scripts/updatelbip.py & + {{- end}} /app/scripts/entrypoint.sh - {{- end }} + {{- end}} ports: - containerPort: 9091 {{ if .Values.global.cnPrometheusPort }} diff --git a/charts/janssen/charts/link/values.yaml b/charts/janssen/charts/link/values.yaml index fdf57507768..1dd43648be4 100644 --- a/charts/janssen/charts/link/values.yaml +++ b/charts/janssen/charts/link/values.yaml @@ -98,3 +98,7 @@ lifecycle: {} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/charts/opendj/README.md b/charts/janssen/charts/opendj/README.md index 56e552212d9..d60ebdb1bbe 100644 --- a/charts/janssen/charts/opendj/README.md +++ b/charts/janssen/charts/opendj/README.md @@ -26,6 +26,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | fullnameOverride | string | `""` | | diff --git a/charts/janssen/charts/opendj/templates/statefulset.yaml b/charts/janssen/charts/opendj/templates/statefulset.yaml index 8136ef33c3e..a44a60e2175 100644 --- a/charts/janssen/charts/opendj/templates/statefulset.yaml +++ b/charts/janssen/charts/opendj/templates/statefulset.yaml @@ -35,6 +35,16 @@ spec: fsGroup: 1000 containers: - name: {{ include "opendj.name" $ }} + {{- if .Values.customScripts }} + command: + - /bin/sh + - -c + - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 14}} + {{- end }} + /app/scripts/entrypoint.sh + {{- end}} imagePullPolicy: {{ $.Values.image.pullPolicy }} image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" env: diff --git a/charts/janssen/charts/opendj/values.yaml b/charts/janssen/charts/opendj/values.yaml index 9a0fd694adc..ec163f09272 100644 --- a/charts/janssen/charts/opendj/values.yaml +++ b/charts/janssen/charts/opendj/values.yaml @@ -133,4 +133,8 @@ openDjVolumeMounts: # -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken -additionalAnnotations: { } \ No newline at end of file +additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/charts/persistence/README.md b/charts/janssen/charts/persistence/README.md index 6dbe85edf28..e7a6e6c436d 100644 --- a/charts/janssen/charts/persistence/README.md +++ b/charts/janssen/charts/persistence/README.md @@ -26,6 +26,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | fullnameOverride | string | `""` | | diff --git a/charts/janssen/charts/persistence/templates/jobs.yml b/charts/janssen/charts/persistence/templates/jobs.yml index 593d02b1b76..80f8b592f73 100644 --- a/charts/janssen/charts/persistence/templates/jobs.yml +++ b/charts/janssen/charts/persistence/templates/jobs.yml @@ -41,7 +41,7 @@ spec: env: {{- include "persistence.usr-envs" . | indent 12 }} {{- include "persistence.usr-secret-envs" . | indent 12 }} - {{- if .Values.global.istio.enabled }} + {{- if or ( .Values.global.istio.enabled ) ( .Values.customScripts )}} command: - tini - -g @@ -49,8 +49,13 @@ spec: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 12}} + {{- end }} /app/scripts/entrypoint.sh + {{- if .Values.global.istio.enabled }} curl -X POST http://localhost:15020/quitquitquit + {{- end }} {{- end }} envFrom: - configMapRef: diff --git a/charts/janssen/charts/persistence/values.yaml b/charts/janssen/charts/persistence/values.yaml index b16e916357a..54bd8b35893 100644 --- a/charts/janssen/charts/persistence/values.yaml +++ b/charts/janssen/charts/persistence/values.yaml @@ -51,4 +51,8 @@ fullnameOverride: "" # -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken -additionalAnnotations: { } \ No newline at end of file +additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/charts/scim/README.md b/charts/janssen/charts/scim/README.md index 9e51722095b..54772a476e8 100644 --- a/charts/janssen/charts/scim/README.md +++ b/charts/janssen/charts/scim/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | diff --git a/charts/janssen/charts/scim/templates/deployment.yml b/charts/janssen/charts/scim/templates/deployment.yml index 80c9e25c869..1090ab1a2c1 100644 --- a/charts/janssen/charts/scim/templates/deployment.yml +++ b/charts/janssen/charts/scim/templates/deployment.yml @@ -51,12 +51,17 @@ spec: env: {{- include "scim.usr-envs" . | indent 12 }} {{- include "scim.usr-secret-envs" . | indent 12 }} - {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} command: - /bin/sh - -c - | + {{- with .Values.customScripts }} + {{- toYaml . | replace "- " "" | nindent 14}} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} /usr/bin/python3 /scripts/updatelbip.py & + {{- end}} /app/scripts/entrypoint.sh {{- end}} {{- if and ( .Values.global.opendj.enabled ) (or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath")) }} diff --git a/charts/janssen/charts/scim/values.yaml b/charts/janssen/charts/scim/values.yaml index d5214f4b03c..3b352676d11 100644 --- a/charts/janssen/charts/scim/values.yaml +++ b/charts/janssen/charts/scim/values.yaml @@ -87,4 +87,8 @@ lifecycle: {} # -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken -additionalAnnotations: { } \ No newline at end of file +additionalAnnotations: { } +# -- Add custom scripts that have been mounted to run before the entrypoint. +# - /tmp/custom.sh +# - /tmp/custom2.sh +customScripts: [ ] \ No newline at end of file diff --git a/charts/janssen/values.yaml b/charts/janssen/values.yaml index 3a67a0a0ec9..8a1c0cc6c6d 100644 --- a/charts/janssen/values.yaml +++ b/charts/janssen/values.yaml @@ -100,6 +100,10 @@ auth-server: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [] # -- Responsible for regenerating auth-keys per x hours auth-server-key-rotation: # -- Add custom normal and secret envs to the service @@ -159,6 +163,10 @@ auth-server-key-rotation: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: {} + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [] # -- Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. config: # -- Add custom normal and secret envs to the service. @@ -335,6 +343,10 @@ config: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] # -- Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). config-api: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -434,6 +446,10 @@ config-api: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] # -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. fido2: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -538,6 +554,10 @@ fido2: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] # -- Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. casa: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -638,6 +658,10 @@ casa: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [] # -- Parameters used globally across all services helm charts. global: # -- Add custom normal and secret envs to the service. @@ -715,7 +739,7 @@ global: auth-server-key-rotation: # -- Boolean flag to enable/disable the auth-server-key rotation cronjob chart. - enabled: false + enabled: true # -- Volume storage type if using AWS volumes. awsStorageType: io1 # -- Volume storage type if using Azure disks. @@ -1183,6 +1207,10 @@ opendj: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] # -- Job to generate data and initial config for Janssen Server persistence layer. persistence: # -- Add custom normal and secret envs to the service @@ -1234,6 +1262,10 @@ persistence: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] # -- System for Cross-domain Identity Management (SCIM) version 2.0 scim: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -1338,7 +1370,10 @@ scim: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } - + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] # -- Link. link: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -1442,3 +1477,7 @@ link: additionalLabels: { } # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} additionalAnnotations: { } + # -- Add custom scripts that have been mounted to run before the entrypoint. + # - /tmp/custom.sh + # - /tmp/custom2.sh + customScripts: [ ] \ No newline at end of file diff --git a/docs/admin/kubernetes-ops/customization.md b/docs/admin/kubernetes-ops/customization.md index 947d8ab4be3..f4e3996df45 100644 --- a/docs/admin/kubernetes-ops/customization.md +++ b/docs/admin/kubernetes-ops/customization.md @@ -81,6 +81,7 @@ Templates refers to the common interface layout and style. For example, a banner ## Custom Jar file for scripts +### for JARs less than 1MB 1. Create a configmap with the custom jar file: `kubectl -n create cm my-custom-jar --from-file=mycustom.jar` @@ -97,12 +98,43 @@ Templates refers to the common interface layout and style. For example, a banner configMap: name: my-custom-jar ``` - + 1. Run helm install or helm upgrade if Jans has been already installed. ```bash helm upgrade janssen/janssen -n -f values.yaml --version=1.0.x ``` +### For JARs greater than 1MB +1. Create a configmap or secret for a shell script that contains instructions to pull the custom jar file: + + ```shell + #!/bin/sh + # This script will pull the custom jar file from a remote location + # and place it in the correct location for the Jans Auth server to use it + wget -O /opt/jans/jetty/jans-auth/custom/libs/mycustom.jar https://mydomain.com/mycustom.jar + ``` + `kubectl -n create cm my-custom-jar --from-file=mycustomjar.sh` + +1. Mount the configmap or secret in your values.yaml under `auth-server.volumes` and `auth-server.volumeMounts` + ``` + auth-server: + volumeMounts: + - name: my-custom-jar-volume + mountPath: /tmp/mycustomjar.sh + subPath: mycustomjar.sh + volumes: + - name: my-custom-jar-volume + configMap: + name: my-custom-jar + defaultMode: 0755 + customScripts: + - /tmp/mycustomjar.sh + ``` + +1. Run helm install or helm upgrade if Jans has been already installed. + ```bash + helm upgrade janssen/janssen -n -f values.yaml --version=1.0.x + ``` ## Customized pages examples ### Custom Login page