feat: add support for custom scripts in flex (#1494)

GluuFederation · Dec 7, 2023 · 591eca2 · 591eca2
1 parent 6f78b4c
commit 591eca2
Show file tree

Hide file tree

Showing 36 changed files with 200 additions and 31 deletions.
diff --git a/charts/gluu-all-in-one/README.md b/charts/gluu-all-in-one/README.md
@@ -34,9 +34,10 @@ Kubernetes: `>=v1.22.0-0`
 | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. |
 | alb.ingress | bool | `false` | switches the service to Nodeport for ALB ingress |
 | auth-server | object | `{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}}` | Parameters used globally across all services helm charts. |
-| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.21_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
+| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.21_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
 | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
+| auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh |
 | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config |
 | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy |
 | auth-server-key-rotation.enabled | bool | `true` | Boolean flag to enable/disable the auth-server-key rotation cronjob. |
@@ -181,6 +182,7 @@ Kubernetes: `>=v1.22.0-0`
 | configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password  injected the secrets . |
 | configmap.lbAddr | string | `""` | Load balancer address for AWS if the FQDN is not registered. |
 | countryCode | string | `"US"` | Country code. Used for certificate creation. |
+| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. |

diff --git a/charts/gluu-all-in-one/templates/cronjobs.yaml b/charts/gluu-all-in-one/templates/cronjobs.yaml
@@ -35,6 +35,16 @@ spec:
         {{- end }}
           containers:
             - name: {{ include "flex-all-in-one.name" . }}-as-key-rotation
+              {{- if .Values.customScripts }}
+              command:
+                - /bin/sh
+                - -c
+                - |
+                    {{- with .Values.customScripts }}
+                    {{- toYaml . | replace "- " "" | nindent 20}}
+                    {{- end }}
+                    /app/bin/entrypoint.sh
+              {{- end}}
               image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
               env:
                 {{- include "flex-all-in-one.usr-envs" . | indent 16 }}

diff --git a/charts/gluu-all-in-one/templates/deployment.yml b/charts/gluu-all-in-one/templates/deployment.yml
@@ -50,14 +50,17 @@ spec:
         securityContext:
           runAsUser: 1000
           runAsNonRoot: true
-        {{- if not .Values.isFqdnRegistered }}
+        {{- if or (not .Values.isFqdnRegistered) ( .Values.customScripts) }}
         command:
           - /bin/sh
           - -c
           - |
+              {{- with .Values.customScripts }}
+              {{- toYaml . | replace "- " "" | nindent 14}}
+              {{- end }}
+              {{- if not .Values.isFqdnRegistered }}
               /usr/bin/python3 /scripts/updatelbip.py &
-              /app/bin/entrypoint.sh
-        {{- end}}
+              {{- end}}
         ports:
         - name: {{ .Values.service.name }}
           containerPort: {{ .Values.service.port }}

diff --git a/charts/gluu-all-in-one/values.yaml b/charts/gluu-all-in-one/values.yaml
@@ -253,6 +253,10 @@ auth-server-key-rotation:
   additionalAnnotations: {}
   # -- Boolean flag to enable/disable the auth-server-key rotation cronjob.
   enabled: true
+  # -- Add custom scripts that have been mounted to run before the entrypoint.
+  # - /tmp/custom.sh
+  # - /tmp/custom2.sh
+  customScripts: [ ]
 # --  Admin GUI for configuration of the auth-server
 admin-ui:
   # -- Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded.
@@ -668,3 +672,7 @@ lifecycle: {}
 additionalLabels: { }
 # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"}
 additionalAnnotations: { }
+# -- Add custom scripts that have been mounted to run before the entrypoint.
+# - /tmp/custom.sh
+# - /tmp/custom2.sh
+customScripts: [ ]