From 32ae5c798b7a399fe74b1af42dae61e7437c0f39 Mon Sep 17 00:00:00 2001 From: Amro Misbah Date: Fri, 8 Sep 2023 14:31:09 +0300 Subject: [PATCH 1/3] fix: add default lbIP to avoid potential errors during helm install Example error: spec.template.spec.hostAliases.ip: Invalid value: "": must be valid IP address --- pygluu/kubernetes/templates/helm/gluu/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pygluu/kubernetes/templates/helm/gluu/values.yaml b/pygluu/kubernetes/templates/helm/gluu/values.yaml index bb94aa35..c08ab741 100644 --- a/pygluu/kubernetes/templates/helm/gluu/values.yaml +++ b/pygluu/kubernetes/templates/helm/gluu/values.yaml @@ -100,7 +100,7 @@ global: # -- Azure storage kind if using Azure disks azureStorageKind: Managed # -- The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.domain` is globally resolvable. - lbIp: "" + lbIp: 22.22.22.22 # -- Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. domain: demoexample.gluu.org # -- Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. From 307bcb87ba55a8eb3cf67b7346ee99ffa73e5b45 Mon Sep 17 00:00:00 2001 From: Amro Misbah Date: Wed, 6 Mar 2024 16:51:55 +0200 Subject: [PATCH 2/3] feat: add java memory options to services --- .../helm/gluu/charts/fido2/templates/_helpers.tpl | 12 ++++++++++++ .../gluu/charts/fido2/templates/deployment.yml | 2 ++ .../helm/gluu/charts/oxauth/templates/_helpers.tpl | 12 ++++++++++++ .../gluu/charts/oxauth/templates/deployment.yml | 2 ++ .../gluu/charts/oxd-server/templates/_helpers.tpl | 12 ++++++++++++ .../charts/oxd-server/templates/deployment.yaml | 2 ++ .../helm/gluu/charts/scim/templates/_helpers.tpl | 12 ++++++++++++ .../helm/gluu/charts/scim/templates/deployment.yml | 2 ++ pygluu/kubernetes/templates/helm/gluu/values.yaml | 14 +++++++++++--- 9 files changed, 67 insertions(+), 3 deletions(-) diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/_helpers.tpl b/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/_helpers.tpl index 3f66630d..100367a6 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/_helpers.tpl +++ b/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/_helpers.tpl @@ -67,6 +67,18 @@ Create user custom defined secret envs {{- end }} {{- end }} +{{/* +Create GLUU_JAVA_OPTIONS ENV for passing custom work and detailed logs +*/}} +{{- define "fido2.customJavaOptions"}} +{{ $custom := "" }} +{{- if .Values.global.fido2.gluuCustomJavaOptions }} +{{ $custom = printf "%s" .Values.global.fido2.gluuCustomJavaOptions }} +{{- end}} +{{ $customJavaOptions := printf "%s -DCN_IDP_HOST=http://oxshibboleth:8080" $custom }} +{{ $customJavaOptions | trimSuffix " " | quote }} +{{- end }} + {{/* Create topologySpreadConstraints lists */}} diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml b/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml index bae157d4..c8bb0f1b 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml +++ b/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml @@ -73,6 +73,8 @@ spec: runAsNonRoot: true {{- end }} env: + - name: GLUU_JAVA_OPTIONS + value: {{ include "fido2.customJavaOptions" . | trim }} {{- include "fido2.usr-envs" . | indent 12 }} {{- include "fido2.usr-secret-envs" . | indent 12 }} {{- if and (eq .Values.global.isDomainRegistered "false") (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/_helpers.tpl b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/_helpers.tpl index 031555de..a350aa42 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/_helpers.tpl +++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/_helpers.tpl @@ -67,6 +67,18 @@ Create user custom defined secret envs {{- end }} {{- end }} +{{/* +Create GLUU_JAVA_OPTIONS ENV for passing custom work and detailed logs +*/}} +{{- define "oxauth.customJavaOptions"}} +{{ $custom := "" }} +{{- if .Values.global.oxauth.gluuCustomJavaOptions }} +{{ $custom = printf "%s" .Values.global.oxauth.gluuCustomJavaOptions }} +{{- end}} +{{ $customJavaOptions := printf "%s -DCN_IDP_HOST=http://oxshibboleth:8080" $custom }} +{{ $customJavaOptions | trimSuffix " " | quote }} +{{- end }} + {{/* Create topologySpreadConstraints lists */}} diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/deployment.yml b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/deployment.yml index d3cc41d9..0c4a3f21 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/deployment.yml +++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxauth/templates/deployment.yml @@ -71,6 +71,8 @@ spec: runAsNonRoot: true {{- end }} env: + - name: GLUU_JAVA_OPTIONS + value: {{ include "oxauth.customJavaOptions" . | trim }} {{- include "oxauth.usr-envs" . | indent 12 }} {{- include "oxauth.usr-secret-envs" . | indent 12 }} {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl b/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl index 5f043853..7f2f418b 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl +++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl @@ -67,6 +67,18 @@ Create user custom defined secret envs {{- end }} {{- end }} +{{/* +Create GLUU_JAVA_OPTIONS ENV for passing custom work and detailed logs +*/}} +{{- define "oxd-server.customJavaOptions"}} +{{ $custom := "" }} +{{- if .Values.global.oxd-server.gluuCustomJavaOptions }} +{{ $custom = printf "%s" .Values.global.oxd-server.gluuCustomJavaOptions }} +{{- end}} +{{ $customJavaOptions := printf "%s -DCN_IDP_HOST=http://oxshibboleth:8080" $custom }} +{{ $customJavaOptions | trimSuffix " " | quote }} +{{- end }} + {{/* Create topologySpreadConstraints lists */}} diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/deployment.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/deployment.yaml index 8e7502bc..a7eccc56 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/deployment.yaml +++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/deployment.yaml @@ -72,6 +72,8 @@ spec: runAsNonRoot: true {{- end }} env: + - name: GLUU_JAVA_OPTIONS + value: {{ include "oxd-server.customJavaOptions" . | trim }} {{- include "oxd-server.usr-envs" . | indent 12 }} {{- include "oxd-server.usr-secret-envs" . | indent 12 }} imagePullPolicy: {{ .Values.image.pullPolicy }} diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/_helpers.tpl b/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/_helpers.tpl index 5c1ea5fa..c9499107 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/_helpers.tpl +++ b/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/_helpers.tpl @@ -67,6 +67,18 @@ Create user custom defined secret envs {{- end }} {{- end }} +{{/* +Create GLUU_JAVA_OPTIONS ENV for passing custom work and detailed logs +*/}} +{{- define "scim.customJavaOptions"}} +{{ $custom := "" }} +{{- if .Values.global.scim.gluuCustomJavaOptions }} +{{ $custom = printf "%s" .Values.global.scim.gluuCustomJavaOptions }} +{{- end}} +{{ $customJavaOptions := printf "%s -DCN_IDP_HOST=http://oxshibboleth:8080" $custom }} +{{ $customJavaOptions | trimSuffix " " | quote }} +{{- end }} + {{/* Create topologySpreadConstraints lists */}} diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/deployment.yml b/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/deployment.yml index e7389284..af5484ff 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/deployment.yml +++ b/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/deployment.yml @@ -73,6 +73,8 @@ spec: runAsNonRoot: true {{- end }} env: + - name: GLUU_JAVA_OPTIONS + value: {{ include "oxauth.customJavaOptions" . | trim }} {{- include "scim.usr-envs" . | indent 12 }} {{- include "scim.usr-secret-envs" . | indent 12 }} {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} diff --git a/pygluu/kubernetes/templates/helm/gluu/values.yaml b/pygluu/kubernetes/templates/helm/gluu/values.yaml index 09f01df8..a9aea2b0 100644 --- a/pygluu/kubernetes/templates/helm/gluu/values.yaml +++ b/pygluu/kubernetes/templates/helm/gluu/values.yaml @@ -135,6 +135,8 @@ global: oxauth: # -- Boolean flag to enable/disable oxauth chart. You should never set this to false. enabled: true + # -- passing custom java options to oxauth. + gluuCustomJavaOptions: "-XX:MaxDirectMemorySize=2500m -Xmx2200m" # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. # log levels are "OFF", "FATAL", "ERROR", "WARN", "INFO", "DEBUG", "TRACE" # Targets are "STDOUT" and "FILE" @@ -176,6 +178,8 @@ global: fido2: # -- Boolean flag to enable/disable the fido2 chart. enabled: false + # -- passing custom java options to fido2. + gluuCustomJavaOptions: "-XX:MaxDirectMemorySize=500m -Xmx200m" # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. # log levels are "OFF", "FATAL", "ERROR", "WARN", "INFO", "DEBUG", "TRACE" # Targets are "STDOUT" and "FILE" @@ -193,6 +197,8 @@ global: scim: # -- Boolean flag to enable/disable the SCIM chart. enabled: false + # -- passing custom java options to scim. + gluuCustomJavaOptions: "-XX:MaxDirectMemorySize=1000m -Xmx700m" # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. # log levels are "OFF", "FATAL", "ERROR", "WARN", "INFO", "DEBUG", "TRACE" # Targets are "STDOUT" and "FILE" @@ -238,7 +244,7 @@ global: # -- Boolean flag to enable/disable the oxtrust chart. enabled: true # -- passing custom java options to oxTrust. - gluuCustomJavaOptions: "-XshowSettings:vm -XX:MaxRAMPercentage=80" + gluuCustomJavaOptions: "-XshowSettings:vm -XX:MaxRAMPercentage=80 -XX:MaxDirectMemorySize=2500m -Xmx2200m" # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. # log levels are "OFF", "FATAL", "ERROR", "WARN", "INFO", "DEBUG", "TRACE" # Targets are "STDOUT" and "FILE" @@ -299,8 +305,8 @@ global: oxshibboleth: # -- Boolean flag to enable/disable the oxShibbboleth chart. enabled: false - # -- passing custom java options to oxShibboleth. Notice you do not need to pass in any loggers optoins as they are introduced below in appLoggers. - gluuCustomJavaOptions: "" + # -- passing custom java options to oxShibboleth. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. + gluuCustomJavaOptions: "-XX:MaxDirectMemorySize=1000m -Xmx700m" # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. # log levels are "OFF", "FATAL", "ERROR", "WARN", "INFO", "DEBUG", "TRACE" # Targets are "STDOUT" and "FILE" @@ -337,6 +343,8 @@ global: oxd-server: # -- Boolean flag to enable/disable the oxd-server chart. enabled: true + # -- passing custom java options to oxd-server. + gluuCustomJavaOptions: "-XX:MaxDirectMemorySize=400m -Xmx100m" # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. # log levels are "OFF", "FATAL", "ERROR", "WARN", "INFO", "DEBUG", "TRACE" # Targets are "STDOUT" and "FILE" From 370d34904911df861fa215592a14f38acdbd6bfe Mon Sep 17 00:00:00 2001 From: Amro Misbah Date: Thu, 7 Mar 2024 11:59:57 +0200 Subject: [PATCH 3/3] fix: workaround the dash in oxd-server --- .../helm/gluu/charts/oxd-server/templates/_helpers.tpl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl b/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl index 7f2f418b..24bbce7e 100644 --- a/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl +++ b/pygluu/kubernetes/templates/helm/gluu/charts/oxd-server/templates/_helpers.tpl @@ -72,8 +72,9 @@ Create GLUU_JAVA_OPTIONS ENV for passing custom work and detailed logs */}} {{- define "oxd-server.customJavaOptions"}} {{ $custom := "" }} -{{- if .Values.global.oxd-server.gluuCustomJavaOptions }} -{{ $custom = printf "%s" .Values.global.oxd-server.gluuCustomJavaOptions }} +{{- $gluuCustomJavaOptions := index .Values.global "oxd-server" "gluuCustomJavaOptions" }} +{{- if $gluuCustomJavaOptions }} +{{- $custom := printf "%s" $gluuCustomJavaOptions }} {{- end}} {{ $customJavaOptions := printf "%s -DCN_IDP_HOST=http://oxshibboleth:8080" $custom }} {{ $customJavaOptions | trimSuffix " " | quote }}