From ce575c260989f4fb4405e54bb0c8ae86d0c48c26 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Wed, 16 Nov 2022 09:25:51 +0000 Subject: [PATCH] feat(charts): add pdb and topology spread constrants --- .../templates/_helpers.tpl | 4 +- .../charts/auth-server/templates/_helpers.tpl | 34 ++++++- .../templates/auth-server-pdb.yaml | 11 +++ .../auth-server/templates/deployment.yml | 4 + .../charts/config-api/templates/_helpers.tpl | 38 +++++++- .../config-api/templates/config-api-pdb.yaml | 11 +++ .../config-api/templates/deployment.yaml | 7 ++ .../charts/config/templates/_helpers.tpl | 4 +- .../config/templates/user-custom-envs.yaml | 2 +- .../charts/fido2/templates/_helpers.tpl | 34 ++++++- .../charts/fido2/templates/deployment.yml | 4 + .../charts/fido2/templates/fido2-pdb.yaml | 11 +++ .../charts/opendj/templates/_helpers.tpl | 34 ++++++- .../charts/opendj/templates/opendj-pdb.yaml | 11 +++ .../charts/opendj/templates/statefulset.yaml | 4 + .../charts/persistence/templates/_helpers.tpl | 4 +- .../charts/scim/templates/_helpers.tpl | 34 ++++++- .../charts/scim/templates/deployment.yml | 4 + .../charts/scim/templates/scim-pdb.yaml | 11 +++ charts/janssen/values.yaml | 95 +++++++++++++++++++ 20 files changed, 342 insertions(+), 19 deletions(-) create mode 100644 charts/janssen/charts/auth-server/templates/auth-server-pdb.yaml create mode 100644 charts/janssen/charts/config-api/templates/config-api-pdb.yaml create mode 100644 charts/janssen/charts/fido2/templates/fido2-pdb.yaml create mode 100644 charts/janssen/charts/opendj/templates/opendj-pdb.yaml create mode 100644 charts/janssen/charts/scim/templates/scim-pdb.yaml diff --git a/charts/janssen/charts/auth-server-key-rotation/templates/_helpers.tpl b/charts/janssen/charts/auth-server-key-rotation/templates/_helpers.tpl index 3f22c7b89b5..e76631f29c4 100644 --- a/charts/janssen/charts/auth-server-key-rotation/templates/_helpers.tpl +++ b/charts/janssen/charts/auth-server-key-rotation/templates/_helpers.tpl @@ -50,7 +50,7 @@ Create user custom defined envs {{- define "auth-server-key-rotation.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} @@ -63,6 +63,6 @@ Create user custom defined secret envs valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} diff --git a/charts/janssen/charts/auth-server/templates/_helpers.tpl b/charts/janssen/charts/auth-server/templates/_helpers.tpl index ecc6ffe0f15..2712f9870a8 100644 --- a/charts/janssen/charts/auth-server/templates/_helpers.tpl +++ b/charts/janssen/charts/auth-server/templates/_helpers.tpl @@ -50,7 +50,7 @@ Create user custom defined envs {{- define "auth-server.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} @@ -63,6 +63,36 @@ Create user custom defined secret envs valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} + +{{/* +Create topologySpreadConstraints lists +*/}} +{{- define "auth-server.topology-spread-constraints"}} +{{- range $key, $val := .Values.topologySpreadConstraints }} +- maxSkew: {{ $val.maxSkew }} + {{- if $val.minDomains }} + minDomains: {{ $val.minDomains }} # optional; beta since v1.25 + {{- end}} + {{- if $val.topologyKey }} + topologyKey: {{ $val.topologyKey }} + {{- end}} + {{- if $val.whenUnsatisfiable }} + whenUnsatisfiable: {{ $val.whenUnsatisfiable }} + {{- end}} + labelSelector: + matchLabels: + app: {{ $.Release.Name }}-{{ include "auth-server.name" $ }} + {{- if $val.matchLabelKeys }} + matchLabelKeys: {{ $val.matchLabelKeys }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeAffinityPolicy }} + nodeAffinityPolicy: {{ $val.nodeAffinityPolicy }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeTaintsPolicy }} + nodeTaintsPolicy: {{ $val.nodeTaintsPolicy }} # optional; alpha since v1.25 + {{- end}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/auth-server/templates/auth-server-pdb.yaml b/charts/janssen/charts/auth-server/templates/auth-server-pdb.yaml new file mode 100644 index 00000000000..5ca61a62551 --- /dev/null +++ b/charts/janssen/charts/auth-server/templates/auth-server-pdb.yaml @@ -0,0 +1,11 @@ +{{ if .Values.pdb.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "auth-server.fullname" . }} +spec: + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "auth-server.name" . }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/auth-server/templates/deployment.yml b/charts/janssen/charts/auth-server/templates/deployment.yml index 52a3a7018cd..d8604e06427 100644 --- a/charts/janssen/charts/auth-server/templates/deployment.yml +++ b/charts/janssen/charts/auth-server/templates/deployment.yml @@ -37,6 +37,10 @@ spec: dnsConfig: {{ toYaml . | indent 8 }} {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- include "auth-server.topology-spread-constraints" . | indent 8 }} + {{- end }} containers: - name: {{ include "auth-server.name" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/charts/janssen/charts/config-api/templates/_helpers.tpl b/charts/janssen/charts/config-api/templates/_helpers.tpl index ff25cbc7786..a32d54db37f 100644 --- a/charts/janssen/charts/config-api/templates/_helpers.tpl +++ b/charts/janssen/charts/config-api/templates/_helpers.tpl @@ -47,22 +47,52 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Create user custom defined envs */}} -{{- define "oxauth.usr-envs"}} +{{- define "config-api.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} {{/* Create user custom defined secret envs */}} -{{- define "oxauth.usr-secret-envs"}} +{{- define "config-api.usr-secret-envs"}} {{- range $key, $val := .Values.usrEnvs.secret }} - name: {{ $key }} valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} + +{{/* +Create topologySpreadConstraints lists +*/}} +{{- define "config-api.topology-spread-constraints"}} +{{- range $key, $val := .Values.topologySpreadConstraints }} +- maxSkew: {{ $val.maxSkew }} + {{- if $val.minDomains }} + minDomains: {{ $val.minDomains }} # optional; beta since v1.25 + {{- end}} + {{- if $val.topologyKey }} + topologyKey: {{ $val.topologyKey }} + {{- end}} + {{- if $val.whenUnsatisfiable }} + whenUnsatisfiable: {{ $val.whenUnsatisfiable }} + {{- end}} + labelSelector: + matchLabels: + app: {{ $.Release.Name }}-{{ include "config-api.name" $ }} + {{- if $val.matchLabelKeys }} + matchLabelKeys: {{ $val.matchLabelKeys }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeAffinityPolicy }} + nodeAffinityPolicy: {{ $val.nodeAffinityPolicy }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeTaintsPolicy }} + nodeTaintsPolicy: {{ $val.nodeTaintsPolicy }} # optional; alpha since v1.25 + {{- end}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/config-api/templates/config-api-pdb.yaml b/charts/janssen/charts/config-api/templates/config-api-pdb.yaml new file mode 100644 index 00000000000..2153d9a39c3 --- /dev/null +++ b/charts/janssen/charts/config-api/templates/config-api-pdb.yaml @@ -0,0 +1,11 @@ +{{ if .Values.pdb.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "config-api.fullname" . }} +spec: + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "config-api.name" . }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/config-api/templates/deployment.yaml b/charts/janssen/charts/config-api/templates/deployment.yaml index 892a387f74c..eb3a15c3e70 100644 --- a/charts/janssen/charts/config-api/templates/deployment.yaml +++ b/charts/janssen/charts/config-api/templates/deployment.yaml @@ -37,9 +37,16 @@ spec: dnsConfig: {{ toYaml . | indent 8 }} {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- include "config-api.topology-spread-constraints" . | indent 8 }} + {{- end }} containers: - name: {{ include "config-api.name" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "config-api.usr-envs" . | indent 12 }} + {{- include "config-api.usr-secret-envs" . | indent 12 }} securityContext: runAsUser: 1000 runAsNonRoot: true diff --git a/charts/janssen/charts/config/templates/_helpers.tpl b/charts/janssen/charts/config/templates/_helpers.tpl index 64b98743e1d..6dc449daa2f 100644 --- a/charts/janssen/charts/config/templates/_helpers.tpl +++ b/charts/janssen/charts/config/templates/_helpers.tpl @@ -50,7 +50,7 @@ Create user custom defined envs {{- define "config.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} @@ -63,7 +63,7 @@ Create user custom defined secret envs valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} diff --git a/charts/janssen/charts/config/templates/user-custom-envs.yaml b/charts/janssen/charts/config/templates/user-custom-envs.yaml index 67b2f814be3..35b4fa8cb04 100644 --- a/charts/janssen/charts/config/templates/user-custom-envs.yaml +++ b/charts/janssen/charts/config/templates/user-custom-envs.yaml @@ -37,7 +37,7 @@ metadata: {{- end }} data: {{- range $key, $val := .Values.global.usrEnvs.normal }} - {{ $key }}: {{ $val }} + {{ $key }}: {{ $val | quote }} {{- end}} {{- end}} {{ if .Values.usrEnvs.secret }} diff --git a/charts/janssen/charts/fido2/templates/_helpers.tpl b/charts/janssen/charts/fido2/templates/_helpers.tpl index 0d9982eade4..10484b1e979 100644 --- a/charts/janssen/charts/fido2/templates/_helpers.tpl +++ b/charts/janssen/charts/fido2/templates/_helpers.tpl @@ -50,7 +50,7 @@ Create user custom defined envs {{- define "fido2.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} @@ -63,6 +63,36 @@ Create user custom defined secret envs valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} + +{{/* +Create topologySpreadConstraints lists +*/}} +{{- define "fido2.topology-spread-constraints"}} +{{- range $key, $val := .Values.topologySpreadConstraints }} +- maxSkew: {{ $val.maxSkew }} + {{- if $val.minDomains }} + minDomains: {{ $val.minDomains }} # optional; beta since v1.25 + {{- end}} + {{- if $val.topologyKey }} + topologyKey: {{ $val.topologyKey }} + {{- end}} + {{- if $val.whenUnsatisfiable }} + whenUnsatisfiable: {{ $val.whenUnsatisfiable }} + {{- end}} + labelSelector: + matchLabels: + app: {{ $.Release.Name }}-{{ include "fido2.name" $ }} + {{- if $val.matchLabelKeys }} + matchLabelKeys: {{ $val.matchLabelKeys }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeAffinityPolicy }} + nodeAffinityPolicy: {{ $val.nodeAffinityPolicy }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeTaintsPolicy }} + nodeTaintsPolicy: {{ $val.nodeTaintsPolicy }} # optional; alpha since v1.25 + {{- end}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/fido2/templates/deployment.yml b/charts/janssen/charts/fido2/templates/deployment.yml index 7e316905500..9a2d36673e5 100644 --- a/charts/janssen/charts/fido2/templates/deployment.yml +++ b/charts/janssen/charts/fido2/templates/deployment.yml @@ -37,6 +37,10 @@ spec: dnsConfig: {{ toYaml . | indent 8 }} {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- include "fido2.topology-spread-constraints" . | indent 8 }} + {{- end }} containers: - name: {{ include "fido2.name" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/charts/janssen/charts/fido2/templates/fido2-pdb.yaml b/charts/janssen/charts/fido2/templates/fido2-pdb.yaml new file mode 100644 index 00000000000..ebc9ce8dc8b --- /dev/null +++ b/charts/janssen/charts/fido2/templates/fido2-pdb.yaml @@ -0,0 +1,11 @@ +{{ if .Values.pdb.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "fido2.fullname" . }} +spec: + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "fido2.name" . }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/opendj/templates/_helpers.tpl b/charts/janssen/charts/opendj/templates/_helpers.tpl index 7ec959c4df0..ecab10b7530 100644 --- a/charts/janssen/charts/opendj/templates/_helpers.tpl +++ b/charts/janssen/charts/opendj/templates/_helpers.tpl @@ -50,7 +50,7 @@ Create user custom defined envs {{- define "opendj.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} @@ -63,6 +63,36 @@ Create user custom defined secret envs valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} + +{{/* +Create topologySpreadConstraints lists +*/}} +{{- define "opendj.topology-spread-constraints"}} +{{- range $key, $val := .Values.topologySpreadConstraints }} +- maxSkew: {{ $val.maxSkew }} + {{- if $val.minDomains }} + minDomains: {{ $val.minDomains }} # optional; beta since v1.25 + {{- end}} + {{- if $val.topologyKey }} + topologyKey: {{ $val.topologyKey }} + {{- end}} + {{- if $val.whenUnsatisfiable }} + whenUnsatisfiable: {{ $val.whenUnsatisfiable }} + {{- end}} + labelSelector: + matchLabels: + app: {{ $.Release.Name }}-{{ include "opendj.name" $ }} + {{- if $val.matchLabelKeys }} + matchLabelKeys: {{ $val.matchLabelKeys }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeAffinityPolicy }} + nodeAffinityPolicy: {{ $val.nodeAffinityPolicy }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeTaintsPolicy }} + nodeTaintsPolicy: {{ $val.nodeTaintsPolicy }} # optional; alpha since v1.25 + {{- end}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/opendj/templates/opendj-pdb.yaml b/charts/janssen/charts/opendj/templates/opendj-pdb.yaml new file mode 100644 index 00000000000..1615c4ac294 --- /dev/null +++ b/charts/janssen/charts/opendj/templates/opendj-pdb.yaml @@ -0,0 +1,11 @@ +{{ if .Values.pdb.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "opendj.fullname" . }} +spec: + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + selector: + matchLabels: + app: {{ include "opendj.name" $ }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/opendj/templates/statefulset.yaml b/charts/janssen/charts/opendj/templates/statefulset.yaml index 72d44fec9c9..8be213563ac 100644 --- a/charts/janssen/charts/opendj/templates/statefulset.yaml +++ b/charts/janssen/charts/opendj/templates/statefulset.yaml @@ -46,6 +46,10 @@ spec: configMap: name: {{ $.Release.Name }}-oxjans {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- include "opendj.topology-spread-constraints" . | indent 8 }} + {{- end }} containers: - name: {{ include "opendj.name" $ }} imagePullPolicy: {{ $.Values.image.pullPolicy }} diff --git a/charts/janssen/charts/persistence/templates/_helpers.tpl b/charts/janssen/charts/persistence/templates/_helpers.tpl index ca0c55207ca..bf0a313b232 100644 --- a/charts/janssen/charts/persistence/templates/_helpers.tpl +++ b/charts/janssen/charts/persistence/templates/_helpers.tpl @@ -61,7 +61,7 @@ Create user custom defined envs {{- define "persistence.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} @@ -74,6 +74,6 @@ Create user custom defined secret envs valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} diff --git a/charts/janssen/charts/scim/templates/_helpers.tpl b/charts/janssen/charts/scim/templates/_helpers.tpl index d779e8f5e08..04b66d5afd9 100644 --- a/charts/janssen/charts/scim/templates/_helpers.tpl +++ b/charts/janssen/charts/scim/templates/_helpers.tpl @@ -50,7 +50,7 @@ Create user custom defined envs {{- define "scim.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} @@ -63,6 +63,36 @@ Create user custom defined secret envs valueFrom: secretKeyRef: name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs - key: {{ $key }} + key: {{ $key | quote }} {{- end }} {{- end }} + +{{/* +Create topologySpreadConstraints lists +*/}} +{{- define "scim.topology-spread-constraints"}} +{{- range $key, $val := .Values.topologySpreadConstraints }} +- maxSkew: {{ $val.maxSkew }} + {{- if $val.minDomains }} + minDomains: {{ $val.minDomains }} # optional; beta since v1.25 + {{- end}} + {{- if $val.topologyKey }} + topologyKey: {{ $val.topologyKey }} + {{- end}} + {{- if $val.whenUnsatisfiable }} + whenUnsatisfiable: {{ $val.whenUnsatisfiable }} + {{- end}} + labelSelector: + matchLabels: + app: {{ $.Release.Name }}-{{ include "scim.name" $ }} + {{- if $val.matchLabelKeys }} + matchLabelKeys: {{ $val.matchLabelKeys }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeAffinityPolicy }} + nodeAffinityPolicy: {{ $val.nodeAffinityPolicy }} # optional; alpha since v1.25 + {{- end}} + {{- if $val.nodeTaintsPolicy }} + nodeTaintsPolicy: {{ $val.nodeTaintsPolicy }} # optional; alpha since v1.25 + {{- end}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/charts/scim/templates/deployment.yml b/charts/janssen/charts/scim/templates/deployment.yml index 8d0a4b13529..eab5946f88a 100644 --- a/charts/janssen/charts/scim/templates/deployment.yml +++ b/charts/janssen/charts/scim/templates/deployment.yml @@ -37,6 +37,10 @@ spec: dnsConfig: {{ toYaml . | indent 8 }} {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- include "scim.topology-spread-constraints" . | indent 8 }} + {{- end }} containers: - name: {{ include "scim.name" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/charts/janssen/charts/scim/templates/scim-pdb.yaml b/charts/janssen/charts/scim/templates/scim-pdb.yaml new file mode 100644 index 00000000000..d700490a856 --- /dev/null +++ b/charts/janssen/charts/scim/templates/scim-pdb.yaml @@ -0,0 +1,11 @@ +{{ if .Values.pdb.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "scim.fullname" . }} +spec: + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "scim.name" . }} +{{- end }} \ No newline at end of file diff --git a/charts/janssen/values.yaml b/charts/janssen/values.yaml index a0e18b0f000..9239959e0df 100644 --- a/charts/janssen/values.yaml +++ b/charts/janssen/values.yaml @@ -1,5 +1,24 @@ # -- OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. auth-server: + # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API + # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: {} + # -- Define below as many constraints as needed. The key name should follow the structure tsc1, tsc2...etc. + # Do not enter the key labelSelector in the entry/entries below as that is automatically injected by the chart + #tsc1: + # maxSkew: 1 + # minDomains: 1 # optional; beta since v1.25 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: DoNotSchedule + # matchLabelKeys: [] # optional; alpha since v1.25 + # nodeAffinityPolicy: [] # optional; alpha since v1.25 + # nodeTaintsPolicy: [] # optional; alpha since v1.25 + #tsc2: + #maxSkew: 1 + # -- Configure the PodDisruptionBudget + pdb: + enabled: true + maxUnavailable: "90%" # -- Configure the HorizontalPodAutoscaler hpa: enabled: true @@ -272,6 +291,25 @@ config: additionalAnnotations: { } # -- Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). config-api: + # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API + # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: {} + # -- Define below as many constraints as needed. The key name should follow the structure tsc1, tsc2...etc. + # Do not enter the key labelSelector in the entry/entries below as that is automatically injected by the chart + #tsc1: + # maxSkew: 1 + # minDomains: 1 # optional; beta since v1.25 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: DoNotSchedule + # matchLabelKeys: [] # optional; alpha since v1.25 + # nodeAffinityPolicy: [] # optional; alpha since v1.25 + # nodeTaintsPolicy: [] # optional; alpha since v1.25 + #tsc2: + #maxSkew: 1 + # -- Configure the PodDisruptionBudget + pdb: + enabled: true + maxUnavailable: "90%" # -- Configure the HorizontalPodAutoscaler hpa: enabled: true @@ -345,6 +383,25 @@ config-api: additionalAnnotations: { } # -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. fido2: + # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API + # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: {} + # -- Define below as many constraints as needed. The key name should follow the structure tsc1, tsc2...etc. + # Do not enter the key labelSelector in the entry/entries below as that is automatically injected by the chart + #tsc1: + # maxSkew: 1 + # minDomains: 1 # optional; beta since v1.25 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: DoNotSchedule + # matchLabelKeys: [] # optional; alpha since v1.25 + # nodeAffinityPolicy: [] # optional; alpha since v1.25 + # nodeTaintsPolicy: [] # optional; alpha since v1.25 + #tsc2: + #maxSkew: 1 + # -- Configure the PodDisruptionBudget + pdb: + enabled: true + maxUnavailable: "90%" # -- Configure the HorizontalPodAutoscaler hpa: enabled: true @@ -732,6 +789,25 @@ nginx-ingress: # -- OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. opendj: + # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API + # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: {} + # -- Define below as many constraints as needed. The key name should follow the structure tsc1, tsc2...etc. + # Do not enter the key labelSelector in the entry/entries below as that is automatically injected by the chart + #tsc1: + # maxSkew: 1 + # minDomains: 1 # optional; beta since v1.25 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: DoNotSchedule + # matchLabelKeys: [] # optional; alpha since v1.25 + # nodeAffinityPolicy: [] # optional; alpha since v1.25 + # nodeTaintsPolicy: [] # optional; alpha since v1.25 + #tsc2: + #maxSkew: 1 + # -- Configure the PodDisruptionBudget + pdb: + enabled: true + maxUnavailable: 1 # -- Configure ldap backup cronjob backup: enabled: true @@ -892,6 +968,25 @@ persistence: additionalAnnotations: { } # -- System for Cross-domain Identity Management (SCIM) version 2.0 scim: + # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API + # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: {} + # -- Define below as many constraints as needed. The key name should follow the structure tsc1, tsc2...etc. + # Do not enter the key labelSelector in the entry/entries below as that is automatically injected by the chart + #tsc1: + # maxSkew: 1 + # minDomains: 1 # optional; beta since v1.25 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: DoNotSchedule + # matchLabelKeys: [] # optional; alpha since v1.25 + # nodeAffinityPolicy: [] # optional; alpha since v1.25 + # nodeTaintsPolicy: [] # optional; alpha since v1.25 + #tsc2: + #maxSkew: 1 + # -- Configure the PodDisruptionBudget + pdb: + enabled: true + maxUnavailable: "90%" # -- Configure the HorizontalPodAutoscaler hpa: enabled: true