feat(charts): make Gateway ports configurable and support Gateway in janssen helm chart

[misba7]

closes #12955

Summary by CodeRabbit

• New Features

  • Added Gateway API deployment option with configurable class, name, HTTP/HTTPS ports, and customizable gateway/route labels & annotations; listener ports now sourced from configuration.
  • Added cert-manager issuer fields and TLS secret configuration.

• Bug Fixes

  • HTTPS redirects no longer include a hard-coded port; redirects rely on scheme.

• Documentation

  • Installation guide updated to favor Gateway API (legacy Ingress retained); example endpoint paths and README footers cleaned up.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Make Gateway API listener ports configurable via Helm values; remove hard-coded redirect ports; add gatewayApi configuration fields and templates; update installer docs to prefer Gateway API (retain legacy Ingress path); and remove autogenerated helm-docs footers from many subchart README files.

Changes

Cohort / File(s)	Summary
All-in-One chart gateway config charts/janssen-all-in-one/templates/gateway-api.yaml, charts/janssen-all-in-one/values.yaml	Parameterize Gateway listener ports with gatewayApi.httpPort / gatewayApi.httpsPort; remove explicit 443 from HTTPRoute redirect blocks; add gatewayClassName, name, ports, route labels/annotations and related comments.
Janssen chart gateway implementation charts/janssen/templates/gateway-api.yaml, charts/janssen/values.yaml	Add Helm-templated Gateway and HTTPRoute manifests (public/secure/redirect) with many conditional route rules; derive hosts/services/ports from global.gatewayApi values; introduce gatewayApi values and defaults.
Values and README updates charts/janssen/README.md, charts/janssen-all-in-one/README.md, charts/janssen/values.yaml, charts/janssen-all-in-one/values.yaml	Add gatewayApi public values (enabled, gatewayClassName, name, httpPort, httpsPort, tlsSecretName, gatewayLabels/annotations, routeLabels/annotations); change Casa ingress example path from /casa to /jans-casa; minor wording edits.
Installer docs (GKE / Helm) docs/janssen-server/install/helm-install/google-gke.md	Rework Helm install docs to recommend Gateway API (CRDs/controller, IP handling, override.yaml examples) and include a legacy Ingress path with updated examples.
Subchart README footers removed charts/janssen/charts/*/README.md (e.g., .../auth-server/README.md, .../casa/README.md, .../cleanup/README.md, .../nginx-ingress/README.md, .../persistence/README.md, etc.)	Remove trailing autogenerated helm-docs footer/separator lines from many subchart README files (documentation-only).
System requirements doc docs/includes/cn-system-requirements.md	Reorder table rows, adjust nginx “Required” wording, and update image release style reference.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat(charts): support gateway api in janssen-aio #12907: Overlaps on Gateway API Helm templates and values; modifies gateway-api.yaml and gatewayApi values similar to this change.
• Issue #12955: Requested configurable Gateway listener ports — directly motivates addition of gatewayApi.httpPort / gatewayApi.httpsPort.

Suggested reviewers

• iromli
• moabu

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is minimal, containing only 'closes #12955'. The template requires sections for Target issue, Implementation Details, and testing/documentation confirmation with specific checkboxes. The author did not follow the provided template structure.	Expand the description to include all template sections: target issue explanation, implementation details about how ports are made configurable, test results, and confirmation of documentation updates following the provided template format.
Out of Scope Changes check	❓ Inconclusive	Most changes directly support the Gateway ports configurability goal. However, the PR includes scope-tangential changes: updating casa endpoint references (/casa to /jans-casa), updating documentation table ordering/formatting, and removing README footers across multiple chart subdirectories.	Clarify whether the casa path updates and README footer removals are necessary for this feature. Consider separating documentation-only or formatting-only changes into a separate PR to keep scope focused on Gateway port configurability.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main changes: making Gateway ports configurable and adding Gateway support to the janssen Helm chart, matching the PR's primary objectives.
Linked Issues check	✅ Passed	The PR successfully addresses the linked issue #12955 by making Gateway listener ports (HTTP and HTTPS) configurable through Helm values (gatewayApi.httpPort and gatewayApi.httpsPort), enabling support for different Gateway controllers like Traefik.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mo-auto]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

charts/janssen-all-in-one/templates/gateway-api.yaml (1)

414-420: Redirect port is hardcoded, breaking configurability.

The HTTPS redirect port is hardcoded to 443 but should use the configurable httpsPort value. When using controllers like Traefik that listen on port 8443, this redirect will fail.

The same issue exists in all 6 redirect rules (lines 418, 432, 446, 460, 474, 488).

🔧 Proposed fix for all redirect rules

     filters:
     - type: RequestRedirect
       requestRedirect:
         scheme: https
-        port: 443
+        port: {{ .Values.gatewayApi.httpsPort }}
         statusCode: 301

Apply this change to all 6 occurrences in the redirect route section.

charts/janssen-all-in-one/values.yaml (1)

594-614: LGTM: Gateway API configuration values are well-structured.

The new gatewayApi configuration block provides appropriate defaults and covers all necessary settings (ports, className, TLS, labels/annotations).

Minor: Consider adding the -- prefix to all comments (lines 597-614) for consistency with helm-docs conventions used elsewhere in this file.

🤖 Fix all issues with AI agents

In @charts/janssen/templates/gateway-api.yaml:
- Around line 417-422: The RequestRedirect filters hardcode port: 443 causing
incorrect redirects when .Values.gatewayApi.httpsPort is changed; update each
RequestRedirect block (the filters with type: RequestRedirect) to set the port
using the Helm value .Values.gatewayApi.httpsPort instead of the literal 443 so
redirects point to the configured HTTPS listener; apply this change to all six
redirect rules (the RequestRedirect entries around the noted lines).

In @charts/janssen/values.yaml:
- Around line 1080-1082: The comment line under gatewayApi is misindented; make
the inline comment a child of gatewayApi by indenting it to match the enabled
key so the comment and the enabled: false entry are at the same indentation
level under gatewayApi (adjust the comment line so it is indented to the same
column as the enabled key).

In @docs/janssen-server/install/helm-install/google-gke.md:
- Around line 115-120: Add shell language specifiers to the fenced code blocks
that contain shell commands so MD040 is resolved: change the backtick fences for
the block with "helm repo add ingress-nginx ..." (the helm install nginx
ingress-nginx/ingress-nginx block) and the three wget blocks ("wget
https://raw.githubusercontent.com/JanssenProject/jans/.../automation/pgsql.yaml",
"wget .../mysql.yaml") and the "helm repo add janssen
https://docs.jans.io/charts" block to use ```bash at the opening fence.
- Line 111: Fix the typo in the heading "#### Option 2: Using Kubernetes Ingress
resrouces(Legacy)" by changing "resrouces" to "resources" and add a space before
the parentheses so the line reads "#### Option 2: Using Kubernetes Ingress
resources (Legacy)"; update the exact heading text in the docs content where
this header appears.
- Around line 76-82: The ordered list after the code block uses incorrect
numbering (lines containing "3. Add the retrieved IP to `global.lbIp`..." and
"4. Run `helm upgrade`..."); update those list item markers to restart the list
(change "3." → "1." and "4." → "2.") so the markdown numbering is valid, or if
the intent was to continue the previous sequence instead change them to "3." and
"4." accordingly—modify the two list lines following the ```bash block to
correct the numbering.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a9eb502 and 5ade9b1.

📒 Files selected for processing (6)

• charts/janssen-all-in-one/templates/gateway-api.yaml
• charts/janssen-all-in-one/values.yaml
• charts/janssen/templates/gateway-api.yaml
• charts/janssen/values.yaml
• docs/includes/cn-system-requirements.md
• docs/janssen-server/install/helm-install/google-gke.md

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-11-26T12:38:52.165Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12737
File: automation/mysql.yaml:22-59
Timestamp: 2025-11-26T12:38:52.165Z
Learning: In the Janssen project, Kubernetes manifests in the automation/ directory (such as mysql.yaml and pgsql.yaml) are for demo and testing purposes only. These manifests do not require production-level hardening (security contexts, resource limits, health checks, etc.) as they are intended for local development and demonstration scenarios, not production deployments.

Applied to files:

• docs/janssen-server/install/helm-install/google-gke.md

📚 Learning: 2025-11-18T07:43:55.761Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12704
File: jans-config-api/docs/jans-config-api-swagger.yaml:17540-17546
Timestamp: 2025-11-18T07:43:55.761Z
Learning: The file `jans-config-api/docs/jans-config-api-swagger.yaml` is auto-generated with dependent modules changes and metadata. The config API does not override it.

Applied to files:

• docs/janssen-server/install/helm-install/google-gke.md
• charts/janssen-all-in-one/values.yaml

📚 Learning: 2025-12-17T13:07:08.750Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12847
File: jans-config-api/docs/jans-config-api-swagger.yaml:15497-15498
Timestamp: 2025-12-17T13:07:08.750Z
Learning: In the JanssenProject/jans repository, Swagger specification files under `jans-config-api/docs/` are auto-generated from underlying API code in source components. Property descriptions must be added in the source components (like `jans-auth`, `jans-fido2`, `jans-lock`) rather than directly in the generated Swagger YAML files.

Applied to files:

• charts/janssen-all-in-one/values.yaml

🪛 Checkov (3.2.334)

charts/janssen/values.yaml

[low] 1218-1219: Base64 High Entropy String

(CKV_SECRET_6)

🪛 markdownlint-cli2 (0.18.1)

docs/janssen-server/install/helm-install/google-gke.md

62-62: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

70-70: Trailing spaces
Expected: 0 or 2; Actual: 4

(MD009, no-trailing-spaces)

---

76-76: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

79-79: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

80-80: Ordered list item prefix
Expected: 1; Actual: 3; Style: 1/2/3

(MD029, ol-prefix)

---

82-82: Ordered list item prefix
Expected: 2; Actual: 4; Style: 1/2/3

(MD029, ol-prefix)

---

114-114: Trailing spaces
Expected: 0 or 2; Actual: 4

(MD009, no-trailing-spaces)

---

115-115: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

123-123: Trailing spaces
Expected: 0 or 2; Actual: 4

(MD009, no-trailing-spaces)

---

124-124: Trailing spaces
Expected: 0 or 2; Actual: 8

(MD009, no-trailing-spaces)

---

125-125: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

126-126: Trailing spaces
Expected: 0 or 2; Actual: 6

(MD009, no-trailing-spaces)

---

128-128: Trailing spaces
Expected: 0 or 2; Actual: 10

(MD009, no-trailing-spaces)

---

129-129: Trailing spaces
Expected: 0 or 2; Actual: 6

(MD009, no-trailing-spaces)

---

156-156: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

181-181: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

188-188: Trailing spaces
Expected: 0 or 2; Actual: 8

(MD009, no-trailing-spaces)

---

227-227: Multiple spaces after hash on atx style heading

(MD019, no-multiple-space-atx)

---

231-231: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🪛 YAMLlint (1.37.1)

charts/janssen/templates/gateway-api.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

---

[error] 14-14: too many spaces inside braces

(braces)

---

[error] 15-15: too many spaces inside braces

(braces)

---

[error] 15-15: too many spaces inside braces

(braces)

---

[error] 17-17: too many spaces inside braces

(braces)

---

[error] 17-17: too many spaces inside braces

(braces)

charts/janssen/values.yaml

[warning] 1081-1081: comment not indented like content

(comments-indentation)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Deploy docs
• GitHub Check: lint_docs
• GitHub Check: microk8s (true, PGSQL)
• GitHub Check: microk8s (true, MYSQL)
• GitHub Check: microk8s (false, MYSQL)
• GitHub Check: microk8s (false, PGSQL)

🔇 Additional comments (10)

charts/janssen-all-in-one/templates/gateway-api.yaml (1)

28-31: LGTM: Listener ports are now correctly configurable.

The Gateway listener ports are properly templated to use gatewayApi.httpPort and gatewayApi.httpsPort, addressing the PR objective of supporting controllers with non-standard ports.

docs/includes/cn-system-requirements.md (1)

15-25: LGTM: Documentation updates align with Gateway API changes.

The table updates appropriately reflect the optional nature of nginx when using Gateway API as an alternative ingress solution.

charts/janssen/values.yaml (1)

1208-1226: LGTM: Gateway API configuration block is well-defined.

The configuration structure mirrors the janssen-all-in-one chart, ensuring consistency across charts.

docs/janssen-server/install/helm-install/google-gke.md (1)

41-108: Documentation clearly explains Gateway API setup.

The step-by-step guidance for Gateway API installation, controller requirements, and IP configuration (static vs. dynamic) is comprehensive and well-structured.

charts/janssen/templates/gateway-api.yaml (6)

1-10: LGTM! Variable declarations are well-structured.

Service name lookups correctly use index for hyphenated keys like auth-server and config-api, while using dot notation for simple keys.

---

32-42: Gateway listeners correctly use configurable ports.

The HTTP and HTTPS listener ports are properly templated from gatewayApi.httpPort and gatewayApi.httpsPort, fulfilling the PR objective for configurable Gateway listener ports.

---

64-67: Public route correctly omits sectionName to attach to both listeners.

Well-known discovery endpoints (like .well-known/openid-configuration) are appropriately accessible via both HTTP and HTTPS, which aligns with the comment on lines 46-48.

---

310-316: Secure routes correctly attach only to the HTTPS listener.

The sectionName: https properly restricts these routes to serve only over HTTPS.

---

16-24: Labels and annotations handling is well-structured.

The template correctly:

• Always includes a base app label
• Conditionally merges additional gatewayLabels
• Only emits the annotations: key when gatewayAnnotations is defined

---

1-1: Static analysis hints are false positives.

The YAMLlint errors reported (syntax error at line 1, spaces inside braces) are false positives. This is a Helm template file where {{- and {{ .Values... }} are valid Go template syntax, not pure YAML.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @charts/janssen/templates/gateway-api.yaml:
- Around line 39-42: The Gateway TLS certificateRefs block currently only sets
the secret name (certificateRefs: - name: {{ .Values.gatewayApi.tlsSecretName
}}) so the controller will look in the Gateway resource's namespace; update the
certificateRefs entry to include a namespace field (e.g., namespace: {{
.Values.gatewayApi.tlsSecretNamespace }}) and add a new values key
(gatewayApi.tlsSecretNamespace) if missing so templates can render the secret's
namespace explicitly when the secret lives in a different namespace than the
Gateway.
- Line 1: The template's enabled check uses .Values.global.gatewayApi.enabled
while all other gatewayApi properties are read from .Values.gatewayApi.*,
causing a path mismatch; fix by making the enabled check use
.Values.gatewayApi.enabled (or alternatively move all gatewayApi properties
under global.gatewayApi) so the conditional and properties reference the same
configuration namespace (update the if condition that currently references
.Values.global.gatewayApi.enabled to reference .Values.gatewayApi.enabled, and
ensure any other gatewayApi references are consistent).

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5ade9b1 and 2065fc8.

📒 Files selected for processing (2)

• charts/janssen-all-in-one/templates/gateway-api.yaml
• charts/janssen/templates/gateway-api.yaml

🧰 Additional context used

🪛 YAMLlint (1.37.1)

charts/janssen/templates/gateway-api.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

---

[error] 14-14: too many spaces inside braces

(braces)

---

[error] 15-15: too many spaces inside braces

(braces)

---

[error] 15-15: too many spaces inside braces

(braces)

---

[error] 17-17: too many spaces inside braces

(braces)

---

[error] 17-17: too many spaces inside braces

(braces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Deploy docs
• GitHub Check: microk8s (false, MYSQL)
• GitHub Check: microk8s (true, PGSQL)
• GitHub Check: microk8s (true, MYSQL)
• GitHub Check: microk8s (false, PGSQL)

🔇 Additional comments (5)

charts/janssen-all-in-one/templates/gateway-api.yaml (2)

26-36: LGTM! Gateway listener ports are now properly configurable.

The HTTP and HTTPS listener ports are correctly templated from gatewayApi.httpPort and gatewayApi.httpsPort, addressing the PR objective to support controllers like Traefik that use non-standard ports.

---

414-420: LGTM! Redirect rules consistently use the configurable HTTPS port.

All six redirect rules correctly derive their target port from gatewayApi.httpsPort, ensuring HTTP-to-HTTPS redirects work correctly regardless of the configured HTTPS listener port.

charts/janssen/templates/gateway-api.yaml (3)

82-101: Hard-coded backend ports are appropriate here.

Unlike the all-in-one chart which uses a single service, this chart correctly uses distinct backend ports for each service (8080 for auth, 8074 for config-api, 8083 for SAML). These are internal service ports that should remain constant.

---

411-422: LGTM! Redirect rules use configurable HTTPS port.

All redirect rules correctly use {{ .Values.gatewayApi.httpsPort }} for the target port, ensuring proper HTTP-to-HTTPS redirection regardless of the configured listener port.

---

340-348: No action required. Port 8074 is the correct HTTP port for the Config API service, as defined in both the service definition and health check probes.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 6

🤖 Fix all issues with AI agents

In @charts/janssen/values.yaml:
- Around line 1208-1226: Update the inline comments in the gatewayApi block to
use the helm-docs comment marker format ("# --") for consistency; specifically
replace the descriptive comments above gatewayClassName, name, httpPort,
httpsPort, tlsSecretName, gatewayLabels, gatewayAnnotations, routeLabels, and
routeAnnotations with helm-docs-style comments so helm-docs will pick them up
and maintain uniformity across values.yaml.

In @docs/janssen-server/install/helm-install/google-gke.md:
- Around line 114-119: The fenced code blocks are missing language specifiers;
update each block by adding a language hint (e.g., bash) to enable syntax
highlighting: change the block starting with "helm repo add ingress-nginx
https://kubernetes.github.io/ingress-nginx" to begin with "```bash", similarly
change the blocks starting with "wget
https://raw.githubusercontent.com/JanssenProject/jans/vreplace-janssen-version/automation/pgsql.yaml",
"wget
https://raw.githubusercontent.com/JanssenProject/jans/vreplace-janssen-version/automation/mysql.yaml",
and "helm repo add janssen https://docs.jans.io/charts" so each begins with
"```bash" (leave the closing "```" unchanged).
- Around line 110-119: The text incorrectly calls ingress-nginx "retired";
update the wording in the "Option 2: Using Kubernetes Ingress resources(Legacy)"
section to remove the "retired" label and instead describe ingress-nginx as the
actively maintained Kubernetes community ingress controller (e.g., replace "the
retired [ingress-nginx]" with "the community‑maintained [ingress-nginx]" or
simply "[ingress-nginx]"). Ensure the link and helm commands remain unchanged
and keep the section heading unless the section truly is legacy content.
- Around line 121-129: Remove the trailing whitespace on the lines containing
the kubectl command and the surrounding markdown (the lines with "kubectl get
svc nginx-ingress-nginx-controller --output
jsonpath='{.status.loadBalancer.ingress[0].ip}'" and the following "Then add the
following yaml snippet to your `override.yaml` file:"), ensuring the inline code
fence and surrounding backticks are correct and there are no extra blank spaces
at the ends of those lines.
- Line 226: The heading "###  Install Janssen" contains an extra space after the
Markdown heading markers; update the heading to a single-space format "###
Install Janssen" so it conforms to standard Markdown heading syntax and removes
the redundant whitespace.
- Around line 62-81: In the "Gateway IP" section fix markdown lint issues by
removing trailing spaces on the affected lines, convert the inline/backticked
command into a fenced code block (use ```bash with the command kubectl get
gateway -n <janssen-namespace> inside) and correct the sub-list numbering so the
steps under "Option B: Dynamic IP" restart at 1 (i.e., list items for the four
steps should be 1–4 within that sub-list); ensure `global.lbIp` remains in
inline code formatting where mentioned.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2065fc8 and 9839b25.

📒 Files selected for processing (2)

• charts/janssen/values.yaml
• docs/janssen-server/install/helm-install/google-gke.md

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-11-26T12:38:52.165Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12737
File: automation/mysql.yaml:22-59
Timestamp: 2025-11-26T12:38:52.165Z
Learning: In the Janssen project, Kubernetes manifests in the automation/ directory (such as mysql.yaml and pgsql.yaml) are for demo and testing purposes only. These manifests do not require production-level hardening (security contexts, resource limits, health checks, etc.) as they are intended for local development and demonstration scenarios, not production deployments.

Applied to files:

• docs/janssen-server/install/helm-install/google-gke.md

📚 Learning: 2025-12-04T12:17:12.662Z

Learnt from: olehbozhok
Repo: JanssenProject/jans PR: 12797
File: jans-cedarling/AGENTS.md:82-88
Timestamp: 2025-12-04T12:17:12.662Z
Learning: In the jans-cedarling project, the AGENTS.md file is AI-generated and used only by AI agents, so markdown linting issues (such as MD031, MD040) for this file can be ignored during code reviews.

Applied to files:

• docs/janssen-server/install/helm-install/google-gke.md

📚 Learning: 2025-11-18T07:43:55.761Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12704
File: jans-config-api/docs/jans-config-api-swagger.yaml:17540-17546
Timestamp: 2025-11-18T07:43:55.761Z
Learning: The file `jans-config-api/docs/jans-config-api-swagger.yaml` is auto-generated with dependent modules changes and metadata. The config API does not override it.

Applied to files:

• charts/janssen/values.yaml

🪛 Checkov (3.2.334)

charts/janssen/values.yaml

[low] 1218-1219: Base64 High Entropy String

(CKV_SECRET_6)

🪛 markdownlint-cli2 (0.18.1)

docs/janssen-server/install/helm-install/google-gke.md

62-62: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

70-70: Trailing spaces
Expected: 0 or 2; Actual: 4

(MD009, no-trailing-spaces)

---

77-77: Code block style
Expected: fenced; Actual: indented

(MD046, code-block-style)

---

79-79: Ordered list item prefix
Expected: 1; Actual: 3; Style: 1/2/3

(MD029, ol-prefix)

---

81-81: Ordered list item prefix
Expected: 2; Actual: 4; Style: 1/2/3

(MD029, ol-prefix)

---

113-113: Trailing spaces
Expected: 0 or 2; Actual: 4

(MD009, no-trailing-spaces)

---

114-114: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

122-122: Trailing spaces
Expected: 0 or 2; Actual: 4

(MD009, no-trailing-spaces)

---

123-123: Trailing spaces
Expected: 0 or 2; Actual: 8

(MD009, no-trailing-spaces)

---

124-124: Trailing spaces
Expected: 0 or 2; Actual: 1

(MD009, no-trailing-spaces)

---

125-125: Trailing spaces
Expected: 0 or 2; Actual: 6

(MD009, no-trailing-spaces)

---

127-127: Trailing spaces
Expected: 0 or 2; Actual: 10

(MD009, no-trailing-spaces)

---

128-128: Trailing spaces
Expected: 0 or 2; Actual: 6

(MD009, no-trailing-spaces)

---

155-155: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

180-180: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

187-187: Trailing spaces
Expected: 0 or 2; Actual: 8

(MD009, no-trailing-spaces)

---

226-226: Multiple spaces after hash on atx style heading

(MD019, no-multiple-space-atx)

---

230-230: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Deploy docs
• GitHub Check: microk8s (false, MYSQL)
• GitHub Check: microk8s (false, PGSQL)
• GitHub Check: microk8s (true, MYSQL)
• GitHub Check: microk8s (true, PGSQL)

🔇 Additional comments (2)

charts/janssen/values.yaml (1)

1080-1082: LGTM!

The global.gatewayApi.enabled flag provides a clean toggle for enabling/disabling Gateway API resources. The default of false ensures backward compatibility with existing Ingress-based deployments.

docs/janssen-server/install/helm-install/google-gke.md (1)

45-107: Gateway API documentation is current and well-structured.

The CRD installation references the latest stable Gateway API version (v1.4.1), provides clear IP configuration options for GKE, and documents controller requirements properly.

[moabu]

I think we need to move the gateway instructions into a separate document to keep it simple and straightforward. Most of the instructions will be duplicated across providers. We need to come up with a more coherent display.

Please handle all CodeRabbit comments.
Valid unresolved comments:

• https://github.com/JanssenProject/jans/pull/12995/changes#r2683996445

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @charts/janssen-all-in-one/values.yaml:
- Around line 595-604: Remove the trailing whitespace after the httpPort value
so the line reads exactly "httpPort: 80"; update the values.yaml entry for the
httpPort field (the httpPort symbol) to eliminate the extra space character and
ensure no other trailing whitespace exists on that line.

In @charts/janssen/values.yaml:
- Around line 1208-1226: In the gatewayApi block, remove the trailing space
after the httpPort value (httpPort: 80) and standardize the inline comment style
to the helm-docs convention (use the "# --" prefix) for the gatewayApi section
comments (gatewayClassName, name, httpPort, httpsPort, tlsSecretName,
gatewayLabels, gatewayAnnotations, routeLabels, routeAnnotations) so they match
the rest of the file; leave tlsSecretName: tls-certificate as-is (the
CKV_SECRET_6 finding is a false positive for a secret name reference).

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9839b25 and fba244b.

📒 Files selected for processing (2)

• charts/janssen-all-in-one/values.yaml
• charts/janssen/values.yaml

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2026-01-12T21:48:15.672Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In the Janssen Helm chart (charts/janssen), the established pattern for feature flags is: `global.X.enabled` controls whether feature X is enabled, while the root-level `X:` section contains all configuration values for that feature. For example: `global.gatewayApi.enabled` for the flag, and `gatewayApi.httpPort`, `gatewayApi.httpsPort`, etc. for configuration. This pattern is used consistently across istio, nginx-ingress, and gatewayApi features.

Applied to files:

• charts/janssen-all-in-one/values.yaml

📚 Learning: 2026-01-12T21:48:15.672Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In Helm charts under charts/janssen, adopt the pattern where feature flags use global.<feature>.enabled to toggle a feature, and place feature-specific configuration under the root <feature>:. For example, global.gatewayApi.enabled toggles gatewayApi, while gatewayApi.httpPort and gatewayApi.httpsPort contain configuration. This convention should be consistently applied across related charts (istio, nginx-ingress, gatewayApi) and across YAML files in the Janssen chart bundle.

Applied to files:

• charts/janssen/values.yaml

📚 Learning: 2025-11-18T07:43:55.761Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12704
File: jans-config-api/docs/jans-config-api-swagger.yaml:17540-17546
Timestamp: 2025-11-18T07:43:55.761Z
Learning: The file `jans-config-api/docs/jans-config-api-swagger.yaml` is auto-generated with dependent modules changes and metadata. The config API does not override it.

Applied to files:

• charts/janssen/values.yaml

📚 Learning: 2025-11-26T12:38:52.165Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12737
File: automation/mysql.yaml:22-59
Timestamp: 2025-11-26T12:38:52.165Z
Learning: In the Janssen project, Kubernetes manifests in the automation/ directory (such as mysql.yaml and pgsql.yaml) are for demo and testing purposes only. These manifests do not require production-level hardening (security contexts, resource limits, health checks, etc.) as they are intended for local development and demonstration scenarios, not production deployments.

Applied to files:

• charts/janssen/values.yaml

🪛 Checkov (3.2.334)

charts/janssen/values.yaml

[low] 1218-1219: Base64 High Entropy String

(CKV_SECRET_6)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: microk8s (true, PGSQL)
• GitHub Check: microk8s (true, MYSQL)
• GitHub Check: microk8s (false, PGSQL)
• GitHub Check: microk8s (false, MYSQL)

🔇 Additional comments (1)

charts/janssen/values.yaml (1)

1080-1082: LGTM!

The feature flag follows the established pattern (global.gatewayApi.enabled) consistent with other features like istio and nginx-ingress in this chart. Defaulting to false is a safe choice. Based on learnings, this aligns with the Janssen Helm chart conventions.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

charts/janssen-all-in-one/templates/gateway-api.yaml (1)

414-419: HTTP→HTTPS redirects will fail when using non-standard HTTPS ports.

All redirect filters (lines 415-418, 428-431, 441-444, 454-457, 467-470, 480-483) omit the port parameter. Per Gateway API specification, this causes redirects to default to port 443 regardless of the configured httpsPort value. When httpsPort is set to a non-standard port (e.g., 8443), clients will be redirected to https://host:443/... instead of the correct https://host:8443/..., causing connection failures.

Add the configured HTTPS port to all redirect filters:

Required changes to all redirect filters

    filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
+       port: {{ .Values.gatewayApi.httpsPort }}
        statusCode: 301

Apply this change to all six redirect rules at lines 415-418, 428-431, 441-444, 454-457, 467-470, and 480-483.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fba244b and 31b9573.

📒 Files selected for processing (1)

• charts/janssen-all-in-one/templates/gateway-api.yaml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In the Janssen Helm chart (charts/janssen), the established pattern for feature flags is: `global.X.enabled` controls whether feature X is enabled, while the root-level `X:` section contains all configuration values for that feature. For example: `global.gatewayApi.enabled` for the flag, and `gatewayApi.httpPort`, `gatewayApi.httpsPort`, etc. for configuration. This pattern is used consistently across istio, nginx-ingress, and gatewayApi features.

📚 Learning: 2026-01-12T21:48:15.672Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In the Janssen Helm chart (charts/janssen), the established pattern for feature flags is: `global.X.enabled` controls whether feature X is enabled, while the root-level `X:` section contains all configuration values for that feature. For example: `global.gatewayApi.enabled` for the flag, and `gatewayApi.httpPort`, `gatewayApi.httpsPort`, etc. for configuration. This pattern is used consistently across istio, nginx-ingress, and gatewayApi features.

Applied to files:

• charts/janssen-all-in-one/templates/gateway-api.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Deploy docs
• GitHub Check: microk8s (false, PGSQL)
• GitHub Check: microk8s (true, PGSQL)
• GitHub Check: microk8s (true, MYSQL)
• GitHub Check: microk8s (false, MYSQL)

🔇 Additional comments (3)

charts/janssen-all-in-one/templates/gateway-api.yaml (3)

26-36: LGTM! Port configuration now supports non-standard Gateway controller ports.

The templated httpPort and httpsPort values correctly address issue #12955, enabling compatibility with Gateway controllers like Traefik that use ports other than 80/443. This follows the established gatewayApi.* configuration pattern used in this chart.

---

57-80: Public routes correctly attach to both HTTP and HTTPS listeners.

The design decision to omit sectionName (line 60 comment) is appropriate for well-known discovery endpoints like /.well-known/openid-configuration that clients may access before knowing to use HTTPS. The URLRewrite pattern is applied consistently across all public routes.

---

305-322: Secure routes properly restrict traffic to HTTPS listener.

The explicit sectionName: https binding ensures sensitive application endpoints are only served over TLS. The routing pattern is consistent across all secure endpoints.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@charts/janssen/README.md`:
- Around line 310-318: The gatewayApi.* entries in the README lack descriptions
because the comments in the gatewayApi: block in values.yaml are not using the
documented "# --" prefix; edit the gatewayApi: block in
charts/janssen/values.yaml to prefix each descriptive comment with "# --" (or
add such prefixed comments for each key like gatewayAnnotations,
gatewayClassName, httpPort, httpsPort, name, routeAnnotations, routeLabels,
tlsSecretName), then regenerate the README so the descriptions populate from
those comments.

♻️ Duplicate comments (1)

charts/janssen/values.yaml (1)

1208-1226: Use # -- comment prefix for helm-docs compatibility.

The comments in the gatewayApi block use plain # format instead of the # -- prefix used elsewhere in this file for helm-docs generation. This causes these fields to appear without descriptions in the generated README.

🔧 Suggested fix

 gatewayApi:
-  # Set the gatewayClassName corresponding to your installed controller. We support all GA-conformant implementations(e.g., 'nginx', 'istio', 'cilium', 'traefik') | https://gateway-api.sigs.k8s.io/implementations/#conformant
+  # -- Set the gatewayClassName corresponding to your installed controller. We support all GA-conformant implementations(e.g., 'nginx', 'istio', 'cilium', 'traefik') | https://gateway-api.sigs.k8s.io/implementations/#conformant
   gatewayClassName: nginx
-  # The name of the Gateway resource to be created
+  # -- The name of the Gateway resource to be created
   name: jans-gateway
-  # Gateway http port number
+  # -- Gateway http port number
   httpPort: 80
-  # Gateway https port number
+  # -- Gateway https port number
   httpsPort: 443
-  # Secret containing the TLS certificate for the Gateway
+  # -- Secret containing the TLS certificate for the Gateway
   tlsSecretName: tls-certificate
-  # Specific labels for the Gateway resource
+  # -- Specific labels for the Gateway resource
   gatewayLabels: {}
-  # Specific annotations for the Gateway resource
+  # -- Specific annotations for the Gateway resource
   gatewayAnnotations: {}
-  # Specific labels for the HTTPRoute resource
+  # -- Specific labels for the HTTPRoute resource
   routeLabels: {}
-  # Specific annotations for the HTTPRoute resource
+  # -- Specific annotations for the HTTPRoute resource
   routeAnnotations: {}

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31b9573 and 9d07a7c.

📒 Files selected for processing (16)

• charts/janssen-all-in-one/README.md
• charts/janssen/README.md
• charts/janssen/charts/auth-server-key-rotation/README.md
• charts/janssen/charts/auth-server/README.md
• charts/janssen/charts/casa/README.md
• charts/janssen/charts/cleanup/README.md
• charts/janssen/charts/cn-istio-ingress/README.md
• charts/janssen/charts/config-api/README.md
• charts/janssen/charts/config/README.md
• charts/janssen/charts/fido2/README.md
• charts/janssen/charts/kc-scheduler/README.md
• charts/janssen/charts/nginx-ingress/README.md
• charts/janssen/charts/persistence/README.md
• charts/janssen/charts/saml/README.md
• charts/janssen/charts/scim/README.md
• charts/janssen/values.yaml

💤 Files with no reviewable changes (13)

• charts/janssen/charts/cn-istio-ingress/README.md
• charts/janssen/charts/fido2/README.md
• charts/janssen/charts/auth-server-key-rotation/README.md
• charts/janssen/charts/config/README.md
• charts/janssen/charts/auth-server/README.md
• charts/janssen/charts/persistence/README.md
• charts/janssen/charts/saml/README.md
• charts/janssen/charts/nginx-ingress/README.md
• charts/janssen/charts/cleanup/README.md
• charts/janssen/charts/scim/README.md
• charts/janssen/charts/config-api/README.md
• charts/janssen/charts/casa/README.md
• charts/janssen/charts/kc-scheduler/README.md

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2026-01-12T21:48:15.672Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In the Janssen Helm chart (charts/janssen), the established pattern for feature flags is: `global.X.enabled` controls whether feature X is enabled, while the root-level `X:` section contains all configuration values for that feature. For example: `global.gatewayApi.enabled` for the flag, and `gatewayApi.httpPort`, `gatewayApi.httpsPort`, etc. for configuration. This pattern is used consistently across istio, nginx-ingress, and gatewayApi features.

Applied to files:

• charts/janssen/README.md
• charts/janssen-all-in-one/README.md

📚 Learning: 2025-11-18T07:43:55.761Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12704
File: jans-config-api/docs/jans-config-api-swagger.yaml:17540-17546
Timestamp: 2025-11-18T07:43:55.761Z
Learning: The file `jans-config-api/docs/jans-config-api-swagger.yaml` is auto-generated with dependent modules changes and metadata. The config API does not override it.

Applied to files:

• charts/janssen-all-in-one/README.md
• charts/janssen/values.yaml

📚 Learning: 2025-12-17T13:07:08.750Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12847
File: jans-config-api/docs/jans-config-api-swagger.yaml:15497-15498
Timestamp: 2025-12-17T13:07:08.750Z
Learning: In the JanssenProject/jans repository, Swagger specification files under `jans-config-api/docs/` are auto-generated from underlying API code in source components. Property descriptions must be added in the source components (like `jans-auth`, `jans-fido2`, `jans-lock`) rather than directly in the generated Swagger YAML files.

Applied to files:

• charts/janssen-all-in-one/README.md

📚 Learning: 2026-01-12T21:48:15.672Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In Helm charts under charts/janssen, adopt the pattern where feature flags use global.<feature>.enabled to toggle a feature, and place feature-specific configuration under the root <feature>:. For example, global.gatewayApi.enabled toggles gatewayApi, while gatewayApi.httpPort and gatewayApi.httpsPort contain configuration. This convention should be consistently applied across related charts (istio, nginx-ingress, gatewayApi) and across YAML files in the Janssen chart bundle.

Applied to files:

• charts/janssen/values.yaml

🪛 Checkov (3.2.334)

charts/janssen/values.yaml

[low] 1218-1219: Base64 High Entropy String

(CKV_SECRET_6)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: microk8s (true, PGSQL)
• GitHub Check: Deploy docs
• GitHub Check: microk8s (false, MYSQL)
• GitHub Check: microk8s (true, MYSQL)
• GitHub Check: microk8s (false, PGSQL)

🔇 Additional comments (4)

charts/janssen-all-in-one/README.md (1)

396-397: LGTM!

The service documentation entries have been updated with clearer, more generic descriptions that accurately reflect their purpose.

charts/janssen/values.yaml (2)

1080-1082: LGTM!

The global.gatewayApi.enabled flag follows the established chart pattern where global.<feature>.enabled controls the feature toggle while root-level configuration holds the actual settings. This is consistent with how istio and nginx-ingress features are structured. Based on learnings, this pattern is the established convention for this chart.

---

223-224: LGTM!

Minor formatting adjustment on the comment line - no functional impact.

charts/janssen/README.md (1)

451-451: LGTM!

The global.gatewayApi.enabled entry is properly documented with a clear description that explains its purpose.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

charts/janssen-all-in-one/README.md (1)

129-133: Add helm-docs descriptions for certManager.certificate.* (currently blank in README).
These rows will stay empty unless the corresponding keys in charts/janssen-all-in-one/values.yaml have # -- doc comments.

♻️ Duplicate comments (4)

charts/janssen-all-in-one/values.yaml (1)

594-614: Fix trailing whitespace + convert gatewayApi comments to # -- so helm-docs populates READMEs.

Proposed fix

 gatewayApi:
   # -- Boolean flag to enable/disable the Kubernetes Gateway and HTTPRoute resources.
   enabled: false
-  # Set the gatewayClassName corresponding to your installed controller. We support all GA-conformant implementations(e.g., 'nginx', 'istio', 'cilium', 'traefik') | https://gateway-api.sigs.k8s.io/implementations/#conformant
+  # -- Set the gatewayClassName corresponding to your installed controller. We support all GA-conformant implementations (e.g., 'nginx', 'istio', 'cilium', 'traefik') | https://gateway-api.sigs.k8s.io/implementations/#conformant
   gatewayClassName: nginx
-  # The name of the Gateway resource to be created
+  # -- The name of the Gateway resource to be created
   name: jans-gateway
-  # Gateway http port number
-  httpPort: 80 
-  # Gateway https port number
+  # -- Gateway http port number
+  httpPort: 80
+  # -- Gateway https port number
   httpsPort: 443
-  # Secret containing the TLS certificate for the Gateway
+  # -- Secret containing the TLS certificate for the Gateway
   tlsSecretName: tls-certificate
-  # Specific labels for the Gateway resource
+  # -- Specific labels for the Gateway resource
   gatewayLabels: {}
-  # Specific annotations for the Gateway resource
+  # -- Specific annotations for the Gateway resource
   gatewayAnnotations: {}
-  # Specific labels for the HTTPRoute resource
+  # -- Specific labels for the HTTPRoute resource
   routeLabels: {}
-  # Specific annotations for the HTTPRoute resource
+  # -- Specific annotations for the HTTPRoute resource
   routeAnnotations: {}

charts/janssen-all-in-one/README.md (1)

297-306: gatewayApi.* rows missing descriptions in the generated table.
Fix by adding # -- doc comments for the gatewayApi.* keys in charts/janssen-all-in-one/values.yaml, then re-run helm-docs.

charts/janssen/values.yaml (1)

1208-1226: Switch gatewayApi comments to # -- so helm-docs populates README descriptions.

Proposed fix

 gatewayApi:
-  # Set the gatewayClassName corresponding to your installed controller. We support all GA-conformant implementations(e.g., 'nginx', 'istio', 'cilium', 'traefik') | https://gateway-api.sigs.k8s.io/implementations/#conformant
+  # -- Set the gatewayClassName corresponding to your installed controller. We support all GA-conformant implementations (e.g., 'nginx', 'istio', 'cilium', 'traefik') | https://gateway-api.sigs.k8s.io/implementations/#conformant
   gatewayClassName: nginx
-  # The name of the Gateway resource to be created
+  # -- The name of the Gateway resource to be created
   name: jans-gateway
-  # Gateway http port number
+  # -- Gateway http port number
   httpPort: 80
-  # Gateway https port number
+  # -- Gateway https port number
   httpsPort: 443
-  # Secret containing the TLS certificate for the Gateway
+  # -- Secret containing the TLS certificate for the Gateway
   tlsSecretName: tls-certificate
-  # Specific labels for the Gateway resource
+  # -- Specific labels for the Gateway resource
   gatewayLabels: {}
-  # Specific annotations for the Gateway resource
+  # -- Specific annotations for the Gateway resource
   gatewayAnnotations: {}
-  # Specific labels for the HTTPRoute resource
+  # -- Specific labels for the HTTPRoute resource
   routeLabels: {}
-  # Specific annotations for the HTTPRoute resource
+  # -- Specific annotations for the HTTPRoute resource
   routeAnnotations: {}

charts/janssen/README.md (1)

310-318: gatewayApi.* table entries are missing descriptions (helm-docs input missing).
Update charts/janssen/values.yaml gatewayApi comments to # -- and regenerate this README.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9d07a7c and e0a3c6f.

📒 Files selected for processing (4)

• charts/janssen-all-in-one/README.md
• charts/janssen-all-in-one/values.yaml
• charts/janssen/README.md
• charts/janssen/values.yaml

🧰 Additional context used

🧠 Learnings (7)

📚 Learning: 2026-01-12T21:48:15.672Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In Helm charts under charts/janssen, adopt the pattern where feature flags use global.<feature>.enabled to toggle a feature, and place feature-specific configuration under the root <feature>:. For example, global.gatewayApi.enabled toggles gatewayApi, while gatewayApi.httpPort and gatewayApi.httpsPort contain configuration. This convention should be consistently applied across related charts (istio, nginx-ingress, gatewayApi) and across YAML files in the Janssen chart bundle.

Applied to files:

• charts/janssen/values.yaml

📚 Learning: 2026-01-12T21:48:15.672Z

Learnt from: misba7
Repo: JanssenProject/jans PR: 12995
File: charts/janssen/templates/gateway-api.yaml:1-1
Timestamp: 2026-01-12T21:48:15.672Z
Learning: In the Janssen Helm chart (charts/janssen), the established pattern for feature flags is: `global.X.enabled` controls whether feature X is enabled, while the root-level `X:` section contains all configuration values for that feature. For example: `global.gatewayApi.enabled` for the flag, and `gatewayApi.httpPort`, `gatewayApi.httpsPort`, etc. for configuration. This pattern is used consistently across istio, nginx-ingress, and gatewayApi features.

Applied to files:

• charts/janssen/README.md
• charts/janssen-all-in-one/values.yaml
• charts/janssen-all-in-one/README.md

📚 Learning: 2025-11-18T07:43:55.761Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12704
File: jans-config-api/docs/jans-config-api-swagger.yaml:17540-17546
Timestamp: 2025-11-18T07:43:55.761Z
Learning: The file `jans-config-api/docs/jans-config-api-swagger.yaml` is auto-generated with dependent modules changes and metadata. The config API does not override it.

Applied to files:

• charts/janssen/README.md

📚 Learning: 2025-12-17T13:07:08.750Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12847
File: jans-config-api/docs/jans-config-api-swagger.yaml:15497-15498
Timestamp: 2025-12-17T13:07:08.750Z
Learning: When reviewing components like `jans-auth`, `jans-fido2`, `jans-lock` in the JanssenProject/jans repository, raise issues about missing property descriptions in API model classes, as these descriptions will be reflected in the auto-generated Swagger specifications.

Applied to files:

• charts/janssen/README.md
• charts/janssen-all-in-one/README.md

📚 Learning: 2025-12-17T13:07:08.750Z

Learnt from: pujavs
Repo: JanssenProject/jans PR: 12847
File: jans-config-api/docs/jans-config-api-swagger.yaml:15497-15498
Timestamp: 2025-12-17T13:07:08.750Z
Learning: In the JanssenProject/jans repository, Swagger specification files under `jans-config-api/docs/` are auto-generated from underlying API code in source components. Property descriptions must be added in the source components (like `jans-auth`, `jans-fido2`, `jans-lock`) rather than directly in the generated Swagger YAML files.

Applied to files:

• charts/janssen/README.md
• charts/janssen-all-in-one/README.md

📚 Learning: 2026-01-14T12:08:10.770Z

Learnt from: moabu
Repo: JanssenProject/jans PR: 12999
File: terraform-provider-jans/docs/data-sources/service_status.md:20-20
Timestamp: 2026-01-14T12:08:10.770Z
Learning: In the JanssenProject/jans terraform-provider-jans, documentation files in the docs/ directory with the "# generated by https://github.com/hashicorp/terraform-plugin-docs" header comment are auto-generated by the terraform-plugin-docs tool and should not be manually modified. Changes to documentation should be made in the corresponding Go schema definitions (e.g., in the Description field) or in template files (*.md.tmpl) in the templates/ directory.

Applied to files:

• charts/janssen/README.md
• charts/janssen-all-in-one/README.md

📚 Learning: 2026-01-14T12:02:29.355Z

Learnt from: moabu
Repo: JanssenProject/jans PR: 12999
File: terraform-provider-jans/docs/data-sources/database_configuration.md:36-46
Timestamp: 2026-01-14T12:02:29.355Z
Learning: Documentation files in terraform-provider-jans marked with "generated by https://github.com/hashicorp/terraform-plugin-docs" comment are auto-generated and should not be manually modified. Any fixes should be made in the corresponding template files (*.md.tmpl) or in the terraform-plugin-docs tool itself.

Applied to files:

• charts/janssen-all-in-one/README.md

🪛 Checkov (3.2.334)

charts/janssen/values.yaml

[low] 1218-1219: Base64 High Entropy String

(CKV_SECRET_6)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: microk8s (true, PGSQL)
• GitHub Check: microk8s (true, MYSQL)
• GitHub Check: microk8s (false, MYSQL)
• GitHub Check: microk8s (false, PGSQL)

🔇 Additional comments (7)

charts/janssen-all-in-one/README.md (2)

127-128: Casa endpoint path doc update is correct.

---

396-397: Service field descriptions are clearer now.

charts/janssen-all-in-one/values.yaml (1)

385-390: Casa ingress documentation matches /jans-casa.

charts/janssen/values.yaml (3)

223-224: YAML comment indentation change looks fine.

---

914-919: Casa ingress documentation matches /jans-casa.

---

1080-1082: global.gatewayApi.enabled matches the established feature-flag pattern. (global flag + root-level config)
Based on learnings, this is consistent with existing conventions.

charts/janssen/README.md (1)

451-452: Global gatewayApi enable flag is documented correctly.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[iromli]

Added some comments that need to be addressed.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@charts/janssen-all-in-one/README.md`:
- Around line 297-306: The table row for gatewayApi.gatewayClassName is split
into an extra column by a bare URL; update the gatewayApi.gatewayClassName row
so the URL is part of the description cell (not a separate table column) — e.g.,
append "See https://gateway-api.sigs.k8s.io/implementations/#conformant" to the
description text for gatewayApi.gatewayClassName (or convert the URL into an
inline Markdown link) and remove the stray trailing table delimiter so the row
has the correct number of columns.

In `@charts/janssen/README.md`:
- Around line 310-318: The table row for gatewayApi.gatewayClassName contains an
unescaped pipe that breaks the table and a bare URL; edit the README table so
the description does not include an unescaped '|' (either escape it or reword to
remove the character) and replace the bare URL with a proper markdown link
(e.g., descriptive text linking to the Gateway API implementations URL) so the
row for gatewayApi.gatewayClassName renders correctly and passes lint rules.

♻️ Duplicate comments (1)

charts/janssen-all-in-one/values.yaml (1)

595-604: Remove trailing whitespace after httpPort. Line 602 still has a trailing space.

🔧 Suggested fix

-  httpPort: 80 
+  httpPort: 80