From 2eea9bd22dce903580d025e1c1aea0e32a24c8c2 Mon Sep 17 00:00:00 2001 From: rconway Date: Tue, 6 Jul 2021 16:04:23 +0000 Subject: [PATCH] Commit triggered by a change on the main branch of helm-charts-dev --- charts/cheese/Chart.yaml | 4 +- charts/cheese/templates/cheese-ingress.yaml | 9 +++ charts/cheese/templates/cheese.yml | 9 +++ charts/jupyter/Chart.yaml | 2 +- charts/jupyter/templates/ingress.yaml | 3 + charts/login-service/Chart.yaml | 4 +- .../charts/config/templates/configmaps.yaml | 3 +- .../config/templates/load-init-config.yml | 6 ++ .../login-service/charts/config/values.yaml | 8 ++- charts/login-service/charts/nginx/Chart.yaml | 2 +- charts/login-service/charts/opendj/Chart.yaml | 2 +- .../opendj/scripts/77-customAttributes.ldif | 8 ++- .../charts/opendj/templates/configmap.yaml | 1 + .../charts/opendj/templates/persistence.yml | 5 +- .../charts/opendj/templates/statefulset.yaml | 26 +++++--- .../login-service/charts/opendj/values.yaml | 17 ++++- charts/login-service/charts/oxauth/Chart.yaml | 2 +- .../oxauth/templates/oxauth-deployment.yml | 1 + .../login-service/charts/oxauth/values.yaml | 19 +++--- .../charts/oxpassport/Chart.yaml | 2 +- .../oxpassport/templates/deployment.yaml | 21 ++----- .../charts/oxpassport/values.yaml | 17 ++--- .../login-service/charts/oxtrust/Chart.yaml | 2 +- .../oxtrust/templates/oxtrust-statefulset.yml | 1 + .../login-service/charts/oxtrust/values.yaml | 18 +++--- charts/login-service/templates/pv.yaml | 17 +++++ charts/login-service/templates/pvc.yaml | 23 +++++++ charts/login-service/values.yaml | 13 ++-- charts/pdp-engine/Chart.yaml | 4 +- charts/pdp-engine/templates/ingress.yaml | 14 +++-- charts/pdp-engine/templates/pdp-cm.yml | 8 +-- .../pdp-engine/templates/pdp-deployment.yml | 37 ++++++++--- charts/pdp-engine/templates/pdp-service.yml | 21 +++---- charts/pdp-engine/templates/pv.yaml | 17 +++++ charts/pdp-engine/templates/pvc.yaml | 23 +++++++ charts/pdp-engine/values.yaml | 39 +++++++++--- charts/pep-engine/Chart.yaml | 4 +- .../pep-engine/scripts/default-resources.json | 2 + charts/pep-engine/templates/ingress.yaml | 8 +++ charts/pep-engine/templates/pep-service.yml | 3 + charts/pep-engine/values.yaml | 4 +- charts/user-profile/Chart.yaml | 4 +- charts/user-profile/templates/ingress.yaml | 22 ++++--- charts/user-profile/templates/pv.yaml | 17 +++++ charts/user-profile/templates/pvc.yaml | 23 +++++++ charts/user-profile/templates/user-cm.yml | 27 ++++++++ .../templates/user-deployment.yml | 63 +++++++++++++++++++ .../user-profile/templates/user-service.yml | 19 ++++++ charts/user-profile/values.yaml | 54 +++++++++++----- 49 files changed, 509 insertions(+), 149 deletions(-) create mode 100644 charts/login-service/templates/pv.yaml create mode 100644 charts/login-service/templates/pvc.yaml create mode 100644 charts/pdp-engine/templates/pv.yaml create mode 100644 charts/pdp-engine/templates/pvc.yaml create mode 100644 charts/user-profile/templates/pv.yaml create mode 100644 charts/user-profile/templates/pvc.yaml create mode 100755 charts/user-profile/templates/user-cm.yml create mode 100755 charts/user-profile/templates/user-deployment.yml create mode 100755 charts/user-profile/templates/user-service.yml diff --git a/charts/cheese/Chart.yaml b/charts/cheese/Chart.yaml index 290b437..a10c2ed 100644 --- a/charts/cheese/Chart.yaml +++ b/charts/cheese/Chart.yaml @@ -15,9 +15,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.8 +version: 0.2.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.2.8 +appVersion: 0.2.9 diff --git a/charts/cheese/templates/cheese-ingress.yaml b/charts/cheese/templates/cheese-ingress.yaml index ee04883..431b01a 100644 --- a/charts/cheese/templates/cheese-ingress.yaml +++ b/charts/cheese/templates/cheese-ingress.yaml @@ -4,6 +4,9 @@ metadata: name: cheddar annotations: cert-manager.io/cluster-issuer: letsencrypt + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- end }} spec: tls: - hosts: @@ -24,6 +27,9 @@ metadata: name: stilton annotations: cert-manager.io/cluster-issuer: letsencrypt + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- end }} spec: tls: - hosts: @@ -44,6 +50,9 @@ metadata: name: wensleydale annotations: cert-manager.io/cluster-issuer: letsencrypt + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- end }} spec: tls: - hosts: diff --git a/charts/cheese/templates/cheese.yml b/charts/cheese/templates/cheese.yml index df1a507..9483f71 100644 --- a/charts/cheese/templates/cheese.yml +++ b/charts/cheese/templates/cheese.yml @@ -71,6 +71,9 @@ spec: targetPort: 80 selector: app: cheddar + {{- if .Values.elbIp }} + type: NodePort + {{- end }} --- apiVersion: v1 kind: Service @@ -85,6 +88,9 @@ spec: targetPort: 80 selector: app: stilton + {{- if .Values.elbIp }} + type: NodePort + {{- end }} --- apiVersion: v1 kind: Service @@ -99,3 +105,6 @@ spec: targetPort: 80 selector: app: wensleydale + {{- if .Values.elbIp }} + type: NodePort + {{- end }} diff --git a/charts/jupyter/Chart.yaml b/charts/jupyter/Chart.yaml index 3a09007..33139ee 100644 --- a/charts/jupyter/Chart.yaml +++ b/charts/jupyter/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/jupyter/templates/ingress.yaml b/charts/jupyter/templates/ingress.yaml index 79fe3e0..945cd94 100644 --- a/charts/jupyter/templates/ingress.yaml +++ b/charts/jupyter/templates/ingress.yaml @@ -4,6 +4,9 @@ metadata: name: jupyter annotations: cert-manager.io/cluster-issuer: letsencrypt + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- end }} spec: tls: - hosts: diff --git a/charts/login-service/Chart.yaml b/charts/login-service/Chart.yaml index 7388360..f33aea5 100644 --- a/charts/login-service/Chart.yaml +++ b/charts/login-service/Chart.yaml @@ -16,9 +16,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.0 +version: 0.9.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v1.0-RC +appVersion: v1.0.1-RC diff --git a/charts/login-service/charts/config/templates/configmaps.yaml b/charts/login-service/charts/config/templates/configmaps.yaml index 5c0832f..cc1210c 100644 --- a/charts/login-service/charts/config/templates/configmaps.yaml +++ b/charts/login-service/charts/config/templates/configmaps.yaml @@ -34,7 +34,8 @@ data: "org_name": {{ .Values.orgName | quote }}, "gluu_config_adapter": {{.Values.gluuConfAdapter | quote }}, "ldap_type": {{.Values.ldapType | quote }}, - "redis_pw": {{.Values.redisPass | quote }} + "redis_pw": {{.Values.redisPass | quote }}, + "pdp_ep": {{.Values.pdpEp | quote }} } --- diff --git a/charts/login-service/charts/config/templates/load-init-config.yml b/charts/login-service/charts/config/templates/load-init-config.yml index 4df33f1..bdfeecf 100644 --- a/charts/login-service/charts/config/templates/load-init-config.yml +++ b/charts/login-service/charts/config/templates/load-init-config.yml @@ -22,6 +22,12 @@ spec: containers: - name: {{ template "login-service.name" . }}-load image: gluufederation/config-init:4.1.1_02 + resources: + requests: + memory: {{ .Values.requests.memory }} + cpu: {{ .Values.requests.cpu }} + # limits: + # memory: {{ .Values.limits.memory }} volumeMounts: - mountPath: /opt/config-init/db/ subPath: config-init/db diff --git a/charts/login-service/charts/config/values.yaml b/charts/login-service/charts/config/values.yaml index 6ad95a2..808815b 100644 --- a/charts/login-service/charts/config/values.yaml +++ b/charts/login-service/charts/config/values.yaml @@ -14,8 +14,8 @@ ldapPass: admin_Abcd1234# email: eoepca@deimos-space.com orgName: Deimos Space S.L.U. gluuConfAdapter: kubernetes -ldapType: opendj redisPass: aaaa +pdpEp: /pdp nameOverride: "" fullNameOverride: "" @@ -24,6 +24,12 @@ fullNameOverride: "" volumeClaim: name: um-login-service-config-pvc +limits: + memory: 600Mi +requests: + cpu: 100m + memory: 500Mi + persistence: size: 1Gi accessModes: ReadWriteOnce diff --git a/charts/login-service/charts/nginx/Chart.yaml b/charts/login-service/charts/nginx/Chart.yaml index e24c62a..3c57118 100644 --- a/charts/login-service/charts/nginx/Chart.yaml +++ b/charts/login-service/charts/nginx/Chart.yaml @@ -2,6 +2,6 @@ apiVersion: v1 appVersion: 1 description: nginx chart name: nginx -version: 1.1.5 +version: 1.1.2 maintainers: - name: eoepca diff --git a/charts/login-service/charts/opendj/Chart.yaml b/charts/login-service/charts/opendj/Chart.yaml index 6032424..b5d1067 100644 --- a/charts/login-service/charts/opendj/Chart.yaml +++ b/charts/login-service/charts/opendj/Chart.yaml @@ -4,4 +4,4 @@ maintainers: - name: eoepca description: A Helm chart for Gluu server name: opendj -version: 1.1.1 \ No newline at end of file +version: 1.1.2 \ No newline at end of file diff --git a/charts/login-service/charts/opendj/scripts/77-customAttributes.ldif b/charts/login-service/charts/opendj/scripts/77-customAttributes.ldif index 369f1ce..bf9c764 100644 --- a/charts/login-service/charts/opendj/scripts/77-customAttributes.ldif +++ b/charts/login-service/charts/opendj/scripts/77-customAttributes.ldif @@ -27,8 +27,14 @@ attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1403 NAME 'TermsConditions' SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Gluu custom attribute' ) +attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1404 NAME 'StorageDetails' + DESC 'Custom Attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu custom attribute' ) objectClasses: ( 1.3.6.1.4.1.48710.1.4.101 NAME 'gluuCustomPerson' SUP ( top ) AUXILIARY - MAY ( TermsConditions $ Licenses $ apiKeys $ isOperator $ telephoneNumber $ mobile $ carLicense $ facsimileTelephoneNumber $ departmentNumber $ employeeType $ cn $ st $ manager $ street $ postOfficeBox $ employeeNumber $ preferredDeliveryMethod $ roomNumber $ secretary $ homePostalAddress $ l $ postalCode $ description $ title ) + MAY ( StorageDetails $ TermsConditions $ Licenses $ apiKeys $ isOperator $ telephoneNumber $ mobile $ carLicense $ facsimileTelephoneNumber $ departmentNumber $ employeeType $ cn $ st $ manager $ street $ postOfficeBox $ employeeNumber $ preferredDeliveryMethod $ roomNumber $ secretary $ homePostalAddress $ l $ postalCode $ description $ title ) X-ORIGIN 'Gluu - Custom persom objectclass' ) diff --git a/charts/login-service/charts/opendj/templates/configmap.yaml b/charts/login-service/charts/opendj/templates/configmap.yaml index a56ac20..9cce914 100644 --- a/charts/login-service/charts/opendj/templates/configmap.yaml +++ b/charts/login-service/charts/opendj/templates/configmap.yaml @@ -15,6 +15,7 @@ data: GLUU_CACHE_TYPE: {{ .Values.gluuRedisCacheType | quote }} GLUU_REDIS_URL: {{ .Values.gluuRedisUrl | quote }} GLUU_REDIS_TYPE: {{ .Values.gluuRedisType | quote }} + PDP_EP: {{ .Values.persistence.pdpEp | quote}} {{- else }} GLUU_CACHE_TYPE: {{ .Values.gluuCacheType | quote }} {{- end }} diff --git a/charts/login-service/charts/opendj/templates/persistence.yml b/charts/login-service/charts/opendj/templates/persistence.yml index 6cd1356..b05ae00 100644 --- a/charts/login-service/charts/opendj/templates/persistence.yml +++ b/charts/login-service/charts/opendj/templates/persistence.yml @@ -32,4 +32,7 @@ spec: value: {{ .Values.persistence.clientIDv }} - name: {{ .Values.persistence.clientSecret }} value: {{ .Values.persistence.clientSecretv }} - \ No newline at end of file + - name: {{ .Values.persistence.coihClientID }} + value: '{{ .Values.persistence.coihClientIDv }}' + - name: {{ .Values.persistence.coihClientSecret }} + value: {{ .Values.persistence.coihClientSecretv }} \ No newline at end of file diff --git a/charts/login-service/charts/opendj/templates/statefulset.yaml b/charts/login-service/charts/opendj/templates/statefulset.yaml index 18f1d5a..ac4f62e 100644 --- a/charts/login-service/charts/opendj/templates/statefulset.yaml +++ b/charts/login-service/charts/opendj/templates/statefulset.yaml @@ -24,6 +24,12 @@ spec: - name: {{ template "login-service.fullname" . }}-init-container imagePullPolicy: {{ .Values.imagePullPolicy }} image: {{ .Values.image }} + resources: + requests: + memory: {{ .Values.requests.memory }} + cpu: {{ .Values.requests.cpu }} + # limits: + # memory: {{ .Values.limits.memory }} lifecycle: postStart: exec: @@ -55,14 +61,14 @@ spec: - mountPath: /flag subPath: opendj/flag name: vol-userman - readinessProbe: - tcpSocket: - port: {{ .Values.tcpSocket.port }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - livenessProbe: - tcpSocket: - port: {{ .Values.tcpSocket.port }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + # readinessProbe: + # tcpSocket: + # port: {{ .Values.tcpSocket.port }} + # initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + # periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + # livenessProbe: + # tcpSocket: + # port: {{ .Values.tcpSocket.port }} + # initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + # periodSeconds: {{ .Values.livenessProbe.periodSeconds }} \ No newline at end of file diff --git a/charts/login-service/charts/opendj/values.yaml b/charts/login-service/charts/opendj/values.yaml index a7356d9..30cd48f 100644 --- a/charts/login-service/charts/opendj/values.yaml +++ b/charts/login-service/charts/opendj/values.yaml @@ -38,7 +38,7 @@ persistence: statefulSetReplicas: 1 imagePullPolicy: Always restartPolicy: Never - image: eoepca/um-login-persistence:v1.0-RC + image: eoepca/um-login-persistence:v1.0.1-RC configAdapter: GLUU_CONFIG_ADAPTER adapter: "kubernetes" secretAdapter: GLUU_SECRET_ADAPTER @@ -56,16 +56,27 @@ persistence: clientIDv: "59f1fed27153f631bc08" clientSecret: LP_CLIENT_SECRET clientSecretv: "640baffac0948454c48de2505726f53d11adc8a6" + pdpEp: /pdp +#COIH Provider values needs to be configured after deployment for security issues + coihClientID: COIH_CLIENT_ID + coihClientIDv: "" + coihClientSecret: COIH_CLIENT_SECRET + coihClientSecretv: "" #container specific values declared here tcpSocket: port: 1636 readinessProbe: - initialDelaySeconds: 90 + initialDelaySeconds: 150 periodSeconds: 90 livenessProbe: - initialDelaySeconds: 90 + initialDelaySeconds: 150 periodSeconds: 90 +limits: + memory: 600Mi +requests: + cpu: 700m + memory: 500Mi #servicePorts values used in StatefulSet container ports: ldaps: diff --git a/charts/login-service/charts/oxauth/Chart.yaml b/charts/login-service/charts/oxauth/Chart.yaml index d950c59..cb848a6 100755 --- a/charts/login-service/charts/oxauth/Chart.yaml +++ b/charts/login-service/charts/oxauth/Chart.yaml @@ -4,4 +4,4 @@ maintainers: - name: eoepca description: A Helm chart for Kubernetes name: oxauth -version: 1.1.1 +version: 1.1.2 diff --git a/charts/login-service/charts/oxauth/templates/oxauth-deployment.yml b/charts/login-service/charts/oxauth/templates/oxauth-deployment.yml index d0c4f22..43cd1c1 100755 --- a/charts/login-service/charts/oxauth/templates/oxauth-deployment.yml +++ b/charts/login-service/charts/oxauth/templates/oxauth-deployment.yml @@ -21,6 +21,7 @@ spec: resources: requests: memory: {{ .Values.requests.memory }} + cpu: {{ .Values.requests.cpu }} # limits: # memory: {{ .Values.limits.memory }} ports: diff --git a/charts/login-service/charts/oxauth/values.yaml b/charts/login-service/charts/oxauth/values.yaml index a521f12..2010af2 100755 --- a/charts/login-service/charts/oxauth/values.yaml +++ b/charts/login-service/charts/oxauth/values.yaml @@ -15,9 +15,10 @@ gluuMaxRamFraction: 1 #Resources for the deployment requests: - memory: 128Mi + cpu: 200m + memory: 900Mi limits: - memory: 128Mi + memory: 1.2Gi persistence: size: 100M pvcSize: 3Gi @@ -28,7 +29,7 @@ persistence: statefulSetReplicas: 1 imagePullPolicy: Always restartPolicy: Never - image: eoepca/um-login-persistence:v1.0-RC + image: eoepca/um-login-persistence:v1.0.1-RC configAdapter: GLUU_CONFIG_ADAPTER adapter: "kubernetes" secretAdapter: GLUU_SECRET_ADAPTER @@ -42,10 +43,6 @@ persistence: oxtrustConfv: "'false'" cacheType: GLUU_CACHE_TYPE cacheTypev: "NATIVE_PERSISTENCE" - clientID: LP_CLIENT_ID - clientIDv: "59f1fed27153f631bc08" - clientSecret: LP_CLIENT_SECRET - clientSecretv: "640baffac0948454c48de2505726f53d11adc8a6" #hostAliases nginxIp: 10.0.2.15 @@ -55,13 +52,13 @@ ports: # livenessProbe livenessProbe: - initialDelaySeconds: 600 - periodSeconds: 90 + initialDelaySeconds: 100 + periodSeconds: 60 # readinessProbe readinessProbe: - initialDelaySeconds: 600 - periodSeconds: 90 + initialDelaySeconds: 100 + periodSeconds: 60 # VolumeClaim values volumeClaim: diff --git a/charts/login-service/charts/oxpassport/Chart.yaml b/charts/login-service/charts/oxpassport/Chart.yaml index 1ceaeee..2b15aaf 100755 --- a/charts/login-service/charts/oxpassport/Chart.yaml +++ b/charts/login-service/charts/oxpassport/Chart.yaml @@ -2,6 +2,6 @@ apiVersion: v1 appVersion: 1 description: A Helm chart for the Login Service name: oxpassport -version: 1.1.0 +version: 1.1.2 maintainers: - name: eoepca diff --git a/charts/login-service/charts/oxpassport/templates/deployment.yaml b/charts/login-service/charts/oxpassport/templates/deployment.yaml index 1d28e35..e73bce7 100755 --- a/charts/login-service/charts/oxpassport/templates/deployment.yaml +++ b/charts/login-service/charts/oxpassport/templates/deployment.yaml @@ -25,7 +25,7 @@ spec: - {{ .Values.global.domain }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: oxpassport @@ -34,18 +34,9 @@ spec: envFrom: - configMapRef: name: {{ template "oxpassport.fullname" . }}-cm - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} + requests: + memory: {{ .Values.requests.memory }} + cpu: {{ .Values.requests.cpu }} + # limits: + # memory: {{ .Values.limits.memory }} diff --git a/charts/login-service/charts/oxpassport/values.yaml b/charts/login-service/charts/oxpassport/values.yaml index e6f6e8d..0571765 100755 --- a/charts/login-service/charts/oxpassport/values.yaml +++ b/charts/login-service/charts/oxpassport/values.yaml @@ -18,14 +18,13 @@ service: port: 8090 livenessProbe: - initialDelaySeconds: 90 - periodSeconds: 90 + initialDelaySeconds: 60 + periodSeconds: 30 # readinessProbe readinessProbe: - initialDelaySeconds: 90 - periodSeconds: 90 -resources: {} + initialDelaySeconds: 60 + periodSeconds: 30 # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -33,9 +32,11 @@ resources: {} # limits: # cpu: 100m # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi +requests: + cpu: 100m + memory: 500Mi +limits: + memory: 600Mi nodeSelector: {} diff --git a/charts/login-service/charts/oxtrust/Chart.yaml b/charts/login-service/charts/oxtrust/Chart.yaml index d229761..50fdf15 100755 --- a/charts/login-service/charts/oxtrust/Chart.yaml +++ b/charts/login-service/charts/oxtrust/Chart.yaml @@ -2,6 +2,6 @@ apiVersion: v1 appVersion: 1 description: An oxtrust Helm chart for Kubernetes name: oxtrust -version: 1.1.0 +version: 1.1.2 maintainers: - name: eoepca diff --git a/charts/login-service/charts/oxtrust/templates/oxtrust-statefulset.yml b/charts/login-service/charts/oxtrust/templates/oxtrust-statefulset.yml index 22ed028..c49c105 100755 --- a/charts/login-service/charts/oxtrust/templates/oxtrust-statefulset.yml +++ b/charts/login-service/charts/oxtrust/templates/oxtrust-statefulset.yml @@ -22,6 +22,7 @@ spec: resources: requests: memory: {{ .Values.requests.memory }} + cpu: {{ .Values.requests.cpu }} # limits: # memory: {{ .Values.limits.memory }} ports: diff --git a/charts/login-service/charts/oxtrust/values.yaml b/charts/login-service/charts/oxtrust/values.yaml index 08bc075..1f148a5 100755 --- a/charts/login-service/charts/oxtrust/values.yaml +++ b/charts/login-service/charts/oxtrust/values.yaml @@ -20,15 +20,12 @@ service: type: ClusterIP port: 80 -# PVC storage -volumeClaim: - storage: 10M - #resources: limits: - memory: 128Mi + memory: 600Mi requests: - memory: 300Mi + cpu: 200m + memory: 500Mi #containerPOrt ot connect the container with containerPort: 8080 @@ -36,13 +33,13 @@ nginxIp: 10.0.2.15 gluuOxauthBackend: oxauth:8080 livenessProbe: - initialDelaySeconds: 200 - periodSeconds: 200 + initialDelaySeconds: 100 + periodSeconds: 60 # readinessProbe readinessProbe: - initialDelaySeconds: 200 - periodSeconds: 200 + initialDelaySeconds: 100 + periodSeconds: 60 #service values #port for which to open in oxtrust ss @@ -52,6 +49,7 @@ clusterIp: None # VolumeClaim values volumeClaim: name: um-login-service-oxtrust-pvc + storage: 10M volumeMounts: logs: diff --git a/charts/login-service/templates/pv.yaml b/charts/login-service/templates/pv.yaml new file mode 100644 index 0000000..b737fa0 --- /dev/null +++ b/charts/login-service/templates/pv.yaml @@ -0,0 +1,17 @@ +{{ if .Values.volumeClaim.create }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.volumeClaim.name }} + labels: + eoepca_type: userman +spec: + capacity: + storage: {{ .Values.persistence.dbStorageSize }} + accessModes: + - {{ .Values.persistence.accessModes }} + hostPath: + path: "/data/" + type: {{ .Values.persistence.type }} +{{ end }} diff --git a/charts/login-service/templates/pvc.yaml b/charts/login-service/templates/pvc.yaml new file mode 100644 index 0000000..1ebf042 --- /dev/null +++ b/charts/login-service/templates/pvc.yaml @@ -0,0 +1,23 @@ +{{ if .Values.volumeClaim.create }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.volumeClaim.name }} + namespace: {{ .Release.Namespace }} + labels: + eoepca_type: userman + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + storageClassName: "" + accessModes: + - {{ .Values.persistence.accessModes }} + resources: + requests: + storage: {{ .Values.persistence.dbStorageSize }} + selector: + matchLabels: + eoepca_type: userman +{{ end }} diff --git a/charts/login-service/values.yaml b/charts/login-service/values.yaml index 0f9faae..553beb6 100644 --- a/charts/login-service/values.yaml +++ b/charts/login-service/values.yaml @@ -23,6 +23,10 @@ persistence: dbStorageSize: 5Gi type: DirectoryOrCreate +volumeClaim: + name: um-login-service-pvc + create: true + config: enabled: true # email address of the administrator usually. Used for certificate creation @@ -41,7 +45,6 @@ config: email: eoepca@deimos-space.com orgName: Deimos Space S.L.U. gluuConfAdapter: kubernetes - ldapType: opendj redisPass: aaaa # <<<---------------------- SKIPPED THIS IN THE DOCUMENTATION -------->>> # StorageClass values @@ -57,7 +60,7 @@ config: azureStorageAccountType: Standard_LRS azureStorageKind: Shared volumeClaim: - name: um-login-service-config-pvc + name: um-login-service-pvc opendj: enabled: true @@ -66,7 +69,7 @@ opendj: # options true/false : must be enabled if cache type is REDIS gluuRedisEnabled: false volumeClaim: - name: um-login-service-opendj-pvc + name: um-login-service-pvc oxpassport: enabled: true @@ -75,13 +78,13 @@ oxauth: enabled: true dynamicStorage: true volumeClaim: - name: um-login-service-oxauth-pvc + name: um-login-service-pvc oxtrust: enabled: true dynamicStorage: true volumeClaim: - name: um-login-service-oxtrust-pvc + name: um-login-service-pvc nginx: enabled: true diff --git a/charts/pdp-engine/Chart.yaml b/charts/pdp-engine/Chart.yaml index e992f0d..4b27b81 100644 --- a/charts/pdp-engine/Chart.yaml +++ b/charts/pdp-engine/Chart.yaml @@ -16,9 +16,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.0 +version: 0.9.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v1.0-RC +appVersion: v1.0.1-RC diff --git a/charts/pdp-engine/templates/ingress.yaml b/charts/pdp-engine/templates/ingress.yaml index cca87f6..d6705d4 100644 --- a/charts/pdp-engine/templates/ingress.yaml +++ b/charts/pdp-engine/templates/ingress.yaml @@ -1,18 +1,22 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: gluu-ingress-pdp-engine + name: pdp-{{ .Values.context }}-service annotations: + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- else }} kubernetes.io/ingress.class: nginx + {{- end }} nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: rules: - - host: {{ .Values.global.ep | quote }} + - host: {{ .Values.global.domain | quote }} http: paths: - - path: /pdp(/|$)(.*) + - path: {{ .Values.global.ingressPath }}(/|$)(.*) backend: - serviceName: pdp-engine - servicePort: 5567 \ No newline at end of file + serviceName: {{ .Values.global.pdp }} + servicePort: {{ .Values.global.port }} \ No newline at end of file diff --git a/charts/pdp-engine/templates/pdp-cm.yml b/charts/pdp-engine/templates/pdp-cm.yml index cba0edc..1b9ff25 100644 --- a/charts/pdp-engine/templates/pdp-cm.yml +++ b/charts/pdp-engine/templates/pdp-cm.yml @@ -1,11 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: um-pdp-engine-config + name: {{ .Values.global.pdp }}-cm data: - PDP_AUTH_SERVER_URL: {{ .Values.global.auth_server_url | quote }} + PDP_AUTH_SERVER_URL: https://{{ .Values.global.domain | quote }} PDP_PREFIX: {{ .Values.global.prefix | quote }} PDP_HOST: {{ .Values.global.host | quote }} PDP_PORT: {{ .Values.global.port | quote }} - PDP_CHECK_SSL_CERTS: {{ .Values.global.check_ssl_certs | quote }} - PDP_DEBUG_MODE: {{ .Values.global.debug_mode | quote }} + PDP_CHECK_SSL_CERTS: {{ .Values.configMap.check_ssl_certs | quote }} + PDP_DEBUG_MODE: {{ .Values.configMap.debug_mode | quote }} diff --git a/charts/pdp-engine/templates/pdp-deployment.yml b/charts/pdp-engine/templates/pdp-deployment.yml index 27d4a65..fcaa609 100644 --- a/charts/pdp-engine/templates/pdp-deployment.yml +++ b/charts/pdp-engine/templates/pdp-deployment.yml @@ -18,34 +18,51 @@ spec: - name: {{ .Values.global.pdp }} imagePullPolicy: {{ .Values.image.imagePullPolicy }} image: {{ .Values.image.image }} + resources: + requests: + memory: {{ .Values.requests.serviceMemory }} + cpu: {{ .Values.requests.serviceCpu }} + livenessProbe: + tcpSocket: + port: {{ .Values.global.port }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + readinessProbe: + tcpSocket: + port: {{ .Values.global.port }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.initialDelaySeconds }} ports: - - name: http-pdp - containerPort: 5567 - protocol: TCP - - name: https-pdp - containerPort: 443 - protocol: TCP + {{- range $key, $value := .Values.ports }} + - containerPort: {{ $value.targetPort }} + name: {{ $key }} + protocol: {{ $value.type }} + {{- end }} envFrom: - configMapRef: - name: um-pdp-engine-config + name: {{ .Values.global.pdp }}-cm - name: mongo imagePullPolicy: {{ .Values.image.imagePullPolicy }} image: mongo + resources: + requests: + memory: {{ .Values.requests.dbMemory }} + cpu: {{ .Values.requests.dbCpu }} ports: - name: http-rp containerPort: 27017 protocol: TCP envFrom: - configMapRef: - name: um-pdp-engine-config + name: {{ .Values.global.pdp }}-cm volumeMounts: - mountPath: /data/db/ - subPath: pdp-engine/data/db + subPath: {{ .Values.global.pdp }}/data/db name: vol-userman hostAliases: - ip: {{ .Values.global.nginxIp }} hostnames: - - {{ .Values.global.ep }} + - {{ .Values.global.domain }} volumes: - name: vol-userman persistentVolumeClaim: diff --git a/charts/pdp-engine/templates/pdp-service.yml b/charts/pdp-engine/templates/pdp-service.yml index c1976c8..7d057e8 100644 --- a/charts/pdp-engine/templates/pdp-service.yml +++ b/charts/pdp-engine/templates/pdp-service.yml @@ -5,16 +5,15 @@ metadata: labels: app: {{ .Values.global.pdp }} spec: - type: NodePort ports: - - port: 5567 - name: http-pdp - targetPort: 5567 - protocol: TCP - nodePort: 31708 - - port: 1025 - name: https-pdp - targetPort: 443 - protocol: TCP + {{- range $key, $value := .Values.ports }} + - port: {{ $value.port }} + targetPort: {{ $value.targetPort }} + protocol: {{ $value.type }} + name: {{ $key }} + {{- end }} selector: - app: {{ .Values.global.pdp }} \ No newline at end of file + app: {{ .Values.global.pdp }} + {{- if .Values.elbIp }} + type: NodePort + {{- end }} \ No newline at end of file diff --git a/charts/pdp-engine/templates/pv.yaml b/charts/pdp-engine/templates/pv.yaml new file mode 100644 index 0000000..b737fa0 --- /dev/null +++ b/charts/pdp-engine/templates/pv.yaml @@ -0,0 +1,17 @@ +{{ if .Values.volumeClaim.create }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.volumeClaim.name }} + labels: + eoepca_type: userman +spec: + capacity: + storage: {{ .Values.persistence.dbStorageSize }} + accessModes: + - {{ .Values.persistence.accessModes }} + hostPath: + path: "/data/" + type: {{ .Values.persistence.type }} +{{ end }} diff --git a/charts/pdp-engine/templates/pvc.yaml b/charts/pdp-engine/templates/pvc.yaml new file mode 100644 index 0000000..1ebf042 --- /dev/null +++ b/charts/pdp-engine/templates/pvc.yaml @@ -0,0 +1,23 @@ +{{ if .Values.volumeClaim.create }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.volumeClaim.name }} + namespace: {{ .Release.Namespace }} + labels: + eoepca_type: userman + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + storageClassName: "" + accessModes: + - {{ .Values.persistence.accessModes }} + resources: + requests: + storage: {{ .Values.persistence.dbStorageSize }} + selector: + matchLabels: + eoepca_type: userman +{{ end }} diff --git a/charts/pdp-engine/values.yaml b/charts/pdp-engine/values.yaml index 1f08c88..8cf89d7 100644 --- a/charts/pdp-engine/values.yaml +++ b/charts/pdp-engine/values.yaml @@ -2,31 +2,52 @@ global: namespace: default - ep: test.10.0.2.15.nip.io - domain: https://test.10.0.2.15.nip.io + domain: demoexample.gluu.org pdp: pdp-engine - auth_server_url: https://test.10.0.2.15.nip.io prefix: / host: 0.0.0.0 port: 5567 + nginxIp: 10.0.2.15 + ingressPath: /pdp + +ports: + http-pdp: + port: 5567 + targetPort: 5567 + type: TCP + https-pdp: + port: 1025 + targetPort: 443 + type: TCP + +configMap: check_ssl_certs: "'false'" debug_mode: "'true'" - nginxIp: 10.0.2.15 +readinessProbe: + initialDelaySeconds: 1 + periodSeconds: 90 +livenessProbe: + initialDelaySeconds: 1 + periodSeconds: 90 +requests: + serviceCpu: 4m + serviceMemory: 70Mi + dbCpu: 2m + dbMemory: 70Mi image: - statefulSetReplicas: 1 imagePullPolicy: IfNotPresent - image: eoepca/um-pdp-engine:v1.0-RC + image: eoepca/um-pdp-engine:v1.0.1-RC persistence: accessModes: ReadWriteMany dbStorageSize: 5Gi type: DirectoryOrCreate -config: - enabled: true - # VolumeClaim values volumeClaim: name: um-pdp-engine-pvc + create: true + +context: generic diff --git a/charts/pep-engine/Chart.yaml b/charts/pep-engine/Chart.yaml index 9f57328..b31ba81 100644 --- a/charts/pep-engine/Chart.yaml +++ b/charts/pep-engine/Chart.yaml @@ -16,9 +16,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.1 +version: 0.9.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v1.0-RC +appVersion: v1.0.2-RC diff --git a/charts/pep-engine/scripts/default-resources.json b/charts/pep-engine/scripts/default-resources.json index 3ee9a94..0e2152f 100644 --- a/charts/pep-engine/scripts/default-resources.json +++ b/charts/pep-engine/scripts/default-resources.json @@ -1,4 +1,6 @@ { "default_resources": [ + {"name": "Base Path", "description": "Base path for Open Access to PEP", "resource_uri": "/", "scopes": ["public_access"], "default_owner": "0000000000000"} + ] } diff --git a/charts/pep-engine/templates/ingress.yaml b/charts/pep-engine/templates/ingress.yaml index f35dca5..8cc5e92 100644 --- a/charts/pep-engine/templates/ingress.yaml +++ b/charts/pep-engine/templates/ingress.yaml @@ -5,7 +5,11 @@ metadata: name: {{ .Values.context }}-service annotations: + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- else }} kubernetes.io/ingress.class: nginx + {{- end }} spec: rules: - host: {{ printf "%s.%s" .Values.context .Values.global.domain | quote }} @@ -22,7 +26,11 @@ metadata: name: {{ .Values.context }}-resources annotations: + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- else }} kubernetes.io/ingress.class: nginx + {{- end }} spec: rules: - host: {{ printf "%s-pepapi.%s" .Values.context .Values.global.domain | quote }} diff --git a/charts/pep-engine/templates/pep-service.yml b/charts/pep-engine/templates/pep-service.yml index 32f8bec..db7533e 100755 --- a/charts/pep-engine/templates/pep-service.yml +++ b/charts/pep-engine/templates/pep-service.yml @@ -5,6 +5,9 @@ metadata: labels: app: {{ .Values.global.pep }} spec: + {{- if .Values.elbIp }} + type: NodePort + {{- end }} ports: {{- range $key, $value := .Values.ports }} - port: {{ $value.port }} diff --git a/charts/pep-engine/values.yaml b/charts/pep-engine/values.yaml index c515729..227ce59 100644 --- a/charts/pep-engine/values.yaml +++ b/charts/pep-engine/values.yaml @@ -48,8 +48,8 @@ requests: image: statefulSetReplicas: 1 - imagePullPolicy: Always - image: eoepca/um-pep-engine:v1.0-RC + imagePullPolicy: IfNotPresent + image: eoepca/um-pep-engine:v1.0.2-RC persistence: accessModes: ReadWriteMany dbStorageSize: 5Gi diff --git a/charts/user-profile/Chart.yaml b/charts/user-profile/Chart.yaml index 0372222..46595e4 100644 --- a/charts/user-profile/Chart.yaml +++ b/charts/user-profile/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: user-profile -description: A Helm chart for User Profile +description: A Helm chart for the User Profile maintainers: - name: eoepca # A chart can be either an 'application' or a 'library' chart. @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.0 +version: 0.9.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/user-profile/templates/ingress.yaml b/charts/user-profile/templates/ingress.yaml index 42f860a..2c79188 100644 --- a/charts/user-profile/templates/ingress.yaml +++ b/charts/user-profile/templates/ingress.yaml @@ -2,20 +2,24 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: gluu-ingress-user-profile-static + name: {{ .Values.context }}-service-static annotations: + {{- if .Values.elbIp }} + kubernetes.io/elb.ip: {{ .Values.elbIp }} + {{- else }} kubernetes.io/ingress.class: nginx + {{- end }} nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - - host: {{ .Values.global.ep | quote }} + - host: {{ .Values.global.domain | quote }} http: paths: - path: /static backend: - serviceName: user-profile - servicePort: 5566 + serviceName: {{ .Values.global.user }} + servicePort: {{ .Values.global.servicePort }} @@ -25,17 +29,17 @@ spec: apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: gluu-ingress-user-profile + name: {{ .Values.context }}-service annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "false" spec: rules: - - host: {{ .Values.global.ep | quote }} + - host: {{ .Values.global.domain | quote }} http: paths: - - path: /web_ui + - path: {{ .Values.global.baseUri }} backend: - serviceName: user-profile - servicePort: 5566 \ No newline at end of file + serviceName: {{ .Values.global.user }} + servicePort: {{ .Values.global.servicePort }} \ No newline at end of file diff --git a/charts/user-profile/templates/pv.yaml b/charts/user-profile/templates/pv.yaml new file mode 100644 index 0000000..b737fa0 --- /dev/null +++ b/charts/user-profile/templates/pv.yaml @@ -0,0 +1,17 @@ +{{ if .Values.volumeClaim.create }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.volumeClaim.name }} + labels: + eoepca_type: userman +spec: + capacity: + storage: {{ .Values.persistence.dbStorageSize }} + accessModes: + - {{ .Values.persistence.accessModes }} + hostPath: + path: "/data/" + type: {{ .Values.persistence.type }} +{{ end }} diff --git a/charts/user-profile/templates/pvc.yaml b/charts/user-profile/templates/pvc.yaml new file mode 100644 index 0000000..1ebf042 --- /dev/null +++ b/charts/user-profile/templates/pvc.yaml @@ -0,0 +1,23 @@ +{{ if .Values.volumeClaim.create }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.volumeClaim.name }} + namespace: {{ .Release.Namespace }} + labels: + eoepca_type: userman + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + storageClassName: "" + accessModes: + - {{ .Values.persistence.accessModes }} + resources: + requests: + storage: {{ .Values.persistence.dbStorageSize }} + selector: + matchLabels: + eoepca_type: userman +{{ end }} diff --git a/charts/user-profile/templates/user-cm.yml b/charts/user-profile/templates/user-cm.yml new file mode 100755 index 0000000..a9b3929 --- /dev/null +++ b/charts/user-profile/templates/user-cm.yml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.global.user }}-cm +data: + UP_SSO_URL: {{ .Values.global.domain | quote }} + UP_TITLE: {{ .Values.configMap.title | quote }} + UP_SCOPES: {{ .Values.configMap.scopes | quote }} + UP_REDIRECT_URI: "http://{{ .Values.global.domain }}{{ .Values.configMap.redirectUri }}" + UP_POST_LOGOUT_REDIRECT_URI: "http://{{ .Values.global.domain }}{{ .Values.configMap.postLogoutRedirectUri }}" + UP_BASE_URI: {{ .Values.global.baseUri | quote }} + UP_OAUTH_CALLBACK_PATH: {{ .Values.configMap.oauthCallbackPath | quote }} + UP_LOGOUT_ENDPOINT: {{ .Values.configMap.logoutEndpoint | quote }} + UP_SERVICE_HOST: {{ .Values.global.serviceHost | quote }} + UP_SERVICE_PORT: {{ .Values.global.servicePort | quote }} + UP_PROTECTED_ATTRIBUTES: {{ .Values.configMap.protectedAttributes | quote }} + UP_BLACKLIST_ATTRIBUTES: {{ .Values.configMap.blacklistAttributes | quote }} + UP_SEPARATOR_UI_ATTRIBUTES: {{ .Values.configMap.separatorUiAttributes | quote }} + UP_COLOR_WEB_BACKGROUND: {{ .Values.configMap.colorWebBackground | quote }} + UP_COLOR_WEB_HEADER: {{ .Values.configMap.colorWebHeader | quote }} + UP_LOGO_ALT_NAME: {{ .Values.configMap.logoAltName | quote }} + UP_LOGO_IMAGE_PATH: {{ .Values.configMap.logoImagePath | quote }} + UP_COLOR_HEADER_TABLE: {{ .Values.configMap.colorHeaderTable | quote }} + UP_COLOR_TEXT_HEADER_TABLE: {{ .Values.configMap.colorTextHeaderTable | quote }} + UP_COLOR_BUTTON_MODIFY: {{ .Values.configMap.colorButtonModify | quote }} + UP_USE_THREADS: {{ .Values.configMap.useThreads | quote }} + UP_DEBUG_MODE: {{ .Values.configMap.debugMode | quote }} diff --git a/charts/user-profile/templates/user-deployment.yml b/charts/user-profile/templates/user-deployment.yml new file mode 100755 index 0000000..2d7b8f7 --- /dev/null +++ b/charts/user-profile/templates/user-deployment.yml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.global.user }} + labels: + app: {{ .Values.global.user }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.global.user }} + template: + metadata: + labels: + app: {{ .Values.global.user }} + spec: + containers: + - name: {{ .Values.global.user }} + imagePullPolicy: {{ .Values.image.imagePullPolicy }} + image: {{ .Values.image.image }} + resources: + requests: + memory: {{ .Values.requests.memory }} + cpu: {{ .Values.requests.cpu }} + livenessProbe: + tcpSocket: + port: {{ .Values.global.servicePort }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + readinessProbe: + tcpSocket: + port: {{ .Values.global.servicePort }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + ports: + {{- range $key, $value := .Values.ports }} + - containerPort: {{ $value.targetPort }} + name: {{ $key }} + protocol: {{ $value.type }} + {{- end }} + envFrom: + - configMapRef: + name: {{ .Values.global.user }}-cm + volumeMounts: + - mountPath: /opt/user-profile/db/um-user-profile-config + subPath: um-user-profile-config + name: config-user + mountPropagation: HostToContainer + - mountPath: /opt/gluu/jetty/user-profile/logs + subPath: user-profile/logs + name: {{ .Values.volumeClaim.name }} + + hostAliases: + - ip: {{ .Values.global.nginxIp }} + hostnames: + - {{ .Values.global.domain }} + volumes: + - name: {{ .Values.volumeClaim.name }} + persistentVolumeClaim: + claimName: {{ .Values.volumeClaim.name }} + - name: config-user + configMap: + name: {{ .Values.global.user }}-cm diff --git a/charts/user-profile/templates/user-service.yml b/charts/user-profile/templates/user-service.yml new file mode 100755 index 0000000..6fadbdb --- /dev/null +++ b/charts/user-profile/templates/user-service.yml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.user }} + labels: + app: {{ .Values.global.user }} +spec: + ports: + {{- range $key, $value := .Values.ports }} + - port: {{ $value.port }} + targetPort: {{ $value.targetPort }} + protocol: {{ $value.type }} + name: {{ $key }} + {{- end }} + selector: + app: {{ .Values.global.user }} + {{- if .Values.elbIp }} + type: NodePort + {{- end }} \ No newline at end of file diff --git a/charts/user-profile/values.yaml b/charts/user-profile/values.yaml index 17d6637..43e45b9 100644 --- a/charts/user-profile/values.yaml +++ b/charts/user-profile/values.yaml @@ -1,18 +1,30 @@ -# Default values for user-profile +# Default values for login-service. global: - namespace: default - ep: test.10.0.2.15.nip.io - ssoUrl: https://test.10.0.2.15.nip.io + nginxIp: 10.0.2.15 + domain: demoexample.gluu.org + serviceHost: 0.0.0.0 + servicePort: 5566 + user: user-profile + baseUri: "/web_ui" + +ports: + http-up: + port: 5566 + targetPort: 5566 + type: TCP + https-up: + port: 1028 + targetPort: 443 + type: TCP + +configMap: title: "EOEPCA User Profile" scopes: "openid email user_name" - redirectUri: "http://test.10.0.2.15.nip.io/web_ui/oauth/callback" - postLogoutRedirectUri: http://test.10.0.2.15.nip.io/web_ui" - baseUri: "/web_ui" + redirectUri: "/web_ui/oauth/callback" + postLogoutRedirectUri: "/web_ui" oauthCallbackPath: "/oauth/callback" logoutEndpoint: "/logout" - serviceHost: "0.0.0.0" - servicePort: "5566" protectedAttributes: "userName active emails displayName value primary" blacklistAttributes: "schemas id meta $ref" separatorUiAttributes: "->" @@ -25,23 +37,31 @@ global: colorButtonModify: "#38A79F" useThreads: "true" debugMode: "true" - user: user-profile - nginxIp: 10.0.2.15 - image: - statefulSetReplicas: 1 - imagePullPolicy: Always + imagePullPolicy: IfNotPresent image: eoepca/um-user-profile:v0.3 + persistence: accessModes: ReadWriteMany dbStorageSize: 5Gi type: DirectoryOrCreate -config: - enabled: true - # VolumeClaim values volumeClaim: name: um-user-profile-pvc + create: true + +readinessProbe: + initialDelaySeconds: 150 + periodSeconds: 90 +livenessProbe: + initialDelaySeconds: 150 + periodSeconds: 90 + +requests: + memory: 70Mi + cpu: 3m + +context: user