feat(oxauth-key-rotation): add schedule property (#654)

* feat(oxauth-key-rotation): add schedule property
GluuFederation · Aug 27, 2024 · 87fedbc · 87fedbc
1 parent 12962f1
commit 87fedbc
Show file tree

Hide file tree

Showing 21 changed files with 33 additions and 23 deletions.
diff --git a/pygluu/kubernetes/templates/helm/gluu/README.md b/pygluu/kubernetes/templates/helm/gluu/README.md
@@ -506,18 +506,19 @@ Kubernetes: `>=v1.22.0-0`
 | opendj.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
 | opendj.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 | oxauth | object | `{"additionalAnnotations":{},"additionalLabels":{},"affinity":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxauth","tag":"4.5.5-1"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"service":{"name":"http-oxauth","oxAuthServiceName":"oxauth","port":8080},"tolerations":[],"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. |
-| oxauth-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"affinity":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/certmanager","tag":"4.5.5-1"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"nodeSelector":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"tolerations":[],"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
+| oxauth-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"affinity":{},"cronJobSchedule":"","customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/certmanager","tag":"4.5.5-1"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"nodeSelector":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"tolerations":[],"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
 | oxauth-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken |
 | oxauth-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} |
 | oxauth-key-rotation.affinity | object | `{}` | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ |
+| oxauth-key-rotation.cronJobSchedule | string | `""` | Auth server key rotation job schedule. It accepts any Cron syntax supported by Kubernetes. If empty, the schedule will run based on keysLife value. |
 | oxauth-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh |
 | oxauth-key-rotation.dnsConfig | object | `{}` | Add custom dns config |
 | oxauth-key-rotation.dnsPolicy | string | `""` | Add custom dns policy |
 | oxauth-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | oxauth-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets |
 | oxauth-key-rotation.image.repository | string | `"gluufederation/certmanager"` | Image  to use for deploying. |
 | oxauth-key-rotation.image.tag | string | `"4.5.5-1"` | Image  tag to use for deploying. |
-| oxauth-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours |
+| oxauth-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours. |
 | oxauth-key-rotation.keysPushDelay | int | `0` | Delay (in seconds) before pushing private keys to Auth server |
 | oxauth-key-rotation.keysPushStrategy | string | `"NEWER"` | Set key selection strategy after pushing private keys to Auth server (only takes effect when keysPushDelay value is greater than 0) |
 | oxauth-key-rotation.keysStrategy | string | `"NEWER"` | Set key selection strategy used by Auth server |
@@ -761,4 +762,4 @@ Kubernetes: `>=v1.22.0-0`
 | scim.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md
@@ -68,4 +68,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md
@@ -133,4 +133,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/README.md
@@ -57,4 +57,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md
@@ -63,4 +63,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/gluu-alb-ingress/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/gluu-alb-ingress/README.md
@@ -45,4 +45,4 @@ Kubernetes: `>=v1.22.0-0`
 | ingress.webfingerEnabled | bool | `true` | Enable endpoint /.well-known/webfinger |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/README.md
@@ -22,4 +22,4 @@ Istio Gateway
 Kubernetes: `>=v1.22.0-0`
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/README.md
@@ -79,4 +79,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md
@@ -83,4 +83,4 @@ Kubernetes: `>=v1.22.0-0`
 | service.type | string | `"ClusterIP"` |  |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md
@@ -75,4 +75,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/README.md
@@ -28,14 +28,15 @@ Kubernetes: `>=v1.22.0-0`
 | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken |
 | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} |
 | affinity | object | `{}` |  |
+| cronJobSchedule | string | `""` | Auth server key rotation job schedule. It accepts any Cron syntax supported by Kubernetes. If empty, the schedule will run based on keysLife value. |
 | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
 | image.pullSecrets | list | `[]` | Image Pull Secrets |
 | image.repository | string | `"gluufederation/certmanager"` | Image  to use for deploying. |
 | image.tag | string | `"4.5.5-1"` | Image  tag to use for deploying. |
-| keysLife | int | `48` | Auth server key rotation keys life in hours |
+| keysLife | int | `48` | Auth server key rotation keys life in hours. |
 | keysPushDelay | int | `0` | Delay (in seconds) before pushing private keys to Auth server |
 | keysPushStrategy | string | `"NEWER"` | Set key selection strategy after pushing private keys to Auth server (only takes effect when keysPushDelay value is greater than 0) |
 | keysStrategy | string | `"NEWER"` | Set key selection strategy used by Auth server |
@@ -54,4 +55,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/templates/cronjobs.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/templates/cronjobs.yaml
@@ -16,7 +16,11 @@ metadata:
 {{ toYaml .Values.additionalAnnotations | indent 4 }}
 {{- end }}
 spec:
+{{- if ne .Values.cronJobSchedule "" }}
+  schedule: {{ .Values.cronJobSchedule | quote }}
+{{- else }}
   schedule: "@every {{ .Values.keysLife }}h"
+{{- end }}  
   concurrencyPolicy: Forbid
   jobTemplate:
     spec:

diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/values.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/values.yaml
@@ -22,7 +22,9 @@ image:
   tag: 4.5.5-1
   # -- Image Pull Secrets
   pullSecrets: [ ]
-# -- Auth server key rotation keys life in hours
+# -- Auth server key rotation job schedule. It accepts any Cron syntax supported by Kubernetes. If empty, the schedule will run based on keysLife value.
+cronJobSchedule: ""
+# -- Auth server key rotation keys life in hours.
 keysLife: 48
 # -- Set key selection strategy used by Auth server
 keysStrategy: NEWER

diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/README.md
@@ -62,4 +62,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/README.md
@@ -60,4 +60,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md
@@ -66,4 +66,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md
@@ -65,4 +65,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxtrust/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/oxtrust/README.md
@@ -64,4 +64,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md
@@ -53,4 +53,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md b/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md
@@ -63,4 +63,4 @@ Kubernetes: `>=v1.22.0-0`
 | volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
diff --git a/pygluu/kubernetes/templates/helm/gluu/values.yaml b/pygluu/kubernetes/templates/helm/gluu/values.yaml
@@ -2120,7 +2120,9 @@ oxauth-key-rotation:
     tag: 4.5.5-1
     # -- Image Pull Secrets
     pullSecrets: [ ]
-  # -- Auth server key rotation keys life in hours
+  # -- Auth server key rotation job schedule. It accepts any Cron syntax supported by Kubernetes. If empty, the schedule will run based on keysLife value.
+  cronJobSchedule: ""
+  # -- Auth server key rotation keys life in hours.
   keysLife: 48
   # -- Set key selection strategy used by Auth server
   keysStrategy: NEWER