Skip to content

gluu#

Version: 5.0.21 AppVersion: 5.0.0

Gluu Access and Identity Management

Homepage: https://www.gluu.org

Maintainers#

Name Email Url
moabu support@gluu.org

Source Code#

Requirements#

Kubernetes: >=v1.21.0-0

Repository Name Version
admin-ui 5.0.21
auth-server 5.0.21
auth-server-key-rotation 5.0.21
casa 5.0.21
cn-istio-ingress 5.0.21
config 5.0.21
config-api 5.0.21
fido2 5.0.21
nginx-ingress 5.0.21
opendj 5.0.21
oxpassport 5.0.21
oxshibboleth 5.0.21
persistence 5.0.21
scim 5.0.21

Values#

Key Type Default Description
admin-ui object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/admin-ui","tag":"1.0.16-1"},"lifecycle":{},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Admin GUI for configuration of the auth-server
admin-ui.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
admin-ui.additionalLabels object {} Additional labels that will be added across the gateway in the format of
admin-ui.dnsConfig object {} Add custom dns config
admin-ui.dnsPolicy string "" Add custom dns policy
admin-ui.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
admin-ui.hpa.behavior object {} Scaling Policies
admin-ui.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
admin-ui.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
admin-ui.image.pullSecrets list [] Image Pull Secrets
admin-ui.image.repository string "ghcr.io/gluufederation/flex/admin-ui" Image to use for deploying.
admin-ui.image.tag string "1.0.16-1" Image tag to use for deploying.
admin-ui.livenessProbe object {"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5} Configure the liveness healthcheck for the admin ui if needed.
admin-ui.pdb object {"enabled":true,"maxUnavailable":"90%"} Configure the PodDisruptionBudget
admin-ui.readinessProbe object {"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5} Configure the readiness healthcheck for the admin ui if needed.
admin-ui.replicas int 1 Service replica number.
admin-ui.resources object {"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}} Resource specs.
admin-ui.resources.limits.cpu string "2000m" CPU limit.
admin-ui.resources.limits.memory string "2000Mi" Memory limit.
admin-ui.resources.requests.cpu string "2000m" CPU request.
admin-ui.resources.requests.memory string "2000Mi" Memory request.
admin-ui.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
admin-ui.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
admin-ui.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
admin-ui.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
admin-ui.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
admin-ui.volumes list [] Configure any additional volumes that need to be attached to the pod
auth-server object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.0.16-1"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
auth-server-key-rotation object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.16-1"},"keysLife":48,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Responsible for regenerating auth-keys per x hours
auth-server-key-rotation.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
auth-server-key-rotation.additionalLabels object {} Additional labels that will be added across the gateway in the format of
auth-server-key-rotation.dnsConfig object {} Add custom dns config
auth-server-key-rotation.dnsPolicy string "" Add custom dns policy
auth-server-key-rotation.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
auth-server-key-rotation.image.pullSecrets list [] Image Pull Secrets
auth-server-key-rotation.image.repository string "ghcr.io/janssenproject/jans/certmanager" Image to use for deploying.
auth-server-key-rotation.image.tag string "1.0.16-1" Image tag to use for deploying.
auth-server-key-rotation.keysLife int 48 Auth server key rotation keys life in hours
auth-server-key-rotation.resources object {"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}} Resource specs.
auth-server-key-rotation.resources.limits.cpu string "300m" CPU limit.
auth-server-key-rotation.resources.limits.memory string "300Mi" Memory limit.
auth-server-key-rotation.resources.requests.cpu string "300m" CPU request.
auth-server-key-rotation.resources.requests.memory string "300Mi" Memory request.
auth-server-key-rotation.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
auth-server-key-rotation.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
auth-server-key-rotation.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
auth-server-key-rotation.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
auth-server-key-rotation.volumes list [] Configure any additional volumes that need to be attached to the pod
auth-server.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
auth-server.additionalLabels object {} Additional labels that will be added across the gateway in the format of
auth-server.dnsConfig object {} Add custom dns config
auth-server.dnsPolicy string "" Add custom dns policy
auth-server.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
auth-server.hpa.behavior object {} Scaling Policies
auth-server.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
auth-server.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
auth-server.image.pullSecrets list [] Image Pull Secrets
auth-server.image.repository string "ghcr.io/janssenproject/jans/auth-server" Image to use for deploying.
auth-server.image.tag string "1.0.16-1" Image tag to use for deploying.
auth-server.livenessProbe object {"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the liveness healthcheck for the auth server if needed.
auth-server.livenessProbe.exec object {"command":["python3","/app/scripts/healthcheck.py"]} Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py
auth-server.pdb object {"enabled":true,"maxUnavailable":"90%"} Configure the PodDisruptionBudget
auth-server.readinessProbe object {"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5} Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py
auth-server.replicas int 1 Service replica number.
auth-server.resources object {"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}} Resource specs.
auth-server.resources.limits.cpu string "2500m" CPU limit.
auth-server.resources.limits.memory string "2500Mi" Memory limit.
auth-server.resources.requests.cpu string "2500m" CPU request.
auth-server.resources.requests.memory string "2500Mi" Memory request.
auth-server.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
auth-server.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
auth-server.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
auth-server.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
auth-server.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
auth-server.volumes list [] Configure any additional volumes that need to be attached to the pod
casa object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/casa","tag":"5.0.0-15"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
casa.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
casa.additionalLabels object {} Additional labels that will be added across the gateway in the format of
casa.dnsConfig object {} Add custom dns config
casa.dnsPolicy string "" Add custom dns policy
casa.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
casa.hpa.behavior object {} Scaling Policies
casa.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
casa.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
casa.image.pullSecrets list [] Image Pull Secrets
casa.image.repository string "ghcr.io/gluufederation/flex/casa" Image to use for deploying.
casa.image.tag string "5.0.0-15" Image tag to use for deploying.
casa.livenessProbe object {"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5} Configure the liveness healthcheck for casa if needed.
casa.livenessProbe.httpGet.path string "/casa/health-check" http liveness probe endpoint
casa.pdb object {"enabled":true,"maxUnavailable":"90%"} Configure the PodDisruptionBudget
casa.readinessProbe object {"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the readiness healthcheck for the casa if needed.
casa.readinessProbe.httpGet.path string "/casa/health-check" http readiness probe endpoint
casa.replicas int 1 Service replica number.
casa.resources object {"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}} Resource specs.
casa.resources.limits.cpu string "500m" CPU limit.
casa.resources.limits.memory string "500Mi" Memory limit.
casa.resources.requests.cpu string "500m" CPU request.
casa.resources.requests.memory string "500Mi" Memory request.
casa.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
casa.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
casa.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
casa.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
casa.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
casa.volumes list [] Configure any additional volumes that need to be attached to the pod
config object {"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.0.16-1"},"ldapPassword":"P@ssw0rds","lifecycle":{},"migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Configuration parameters for setup and initial configuration secret and config layers used by Gluu services.
config-api object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.0.16-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS).
config-api.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
config-api.additionalLabels object {} Additional labels that will be added across the gateway in the format of
config-api.dnsConfig object {} Add custom dns config
config-api.dnsPolicy string "" Add custom dns policy
config-api.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
config-api.hpa.behavior object {} Scaling Policies
config-api.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
config-api.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
config-api.image.pullSecrets list [] Image Pull Secrets
config-api.image.repository string "ghcr.io/janssenproject/jans/config-api" Image to use for deploying.
config-api.image.tag string "1.0.16-1" Image tag to use for deploying.
config-api.livenessProbe object {"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the liveness healthcheck for the auth server if needed.
config-api.livenessProbe.httpGet object {"path":"/jans-config-api/api/v1/health/live","port":8074} http liveness probe endpoint
config-api.pdb object {"enabled":true,"maxUnavailable":"90%"} Configure the PodDisruptionBudget
config-api.readinessProbe.httpGet object {"path":"jans-config-api/api/v1/health/ready","port":8074} http readiness probe endpoint
config-api.replicas int 1 Service replica number.
config-api.resources object {"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}} Resource specs.
config-api.resources.limits.cpu string "1000m" CPU limit.
config-api.resources.limits.memory string "1000Mi" Memory limit.
config-api.resources.requests.cpu string "1000m" CPU request.
config-api.resources.requests.memory string "1000Mi" Memory request.
config-api.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
config-api.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
config-api.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
config-api.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
config-api.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
config-api.volumes list [] Configure any additional volumes that need to be attached to the pod
config.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
config.additionalLabels object {} Additional labels that will be added across the gateway in the format of
config.adminPassword string "Test1234#" Admin password to log in to the UI.
config.city string "Austin" City. Used for certificate creation.
config.configmap.cnCacheType string "NATIVE_PERSISTENCE" Cache type. NATIVE_PERSISTENCE, REDIS. or IN_MEMORY. Defaults to NATIVE_PERSISTENCE .
config.configmap.cnConfigKubernetesConfigMap string "cn" The name of the Kubernetes ConfigMap that will hold the configuration layer
config.configmap.cnCouchbaseBucketPrefix string "jans" The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu.
config.configmap.cnCouchbaseCrt string "SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=" Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required.
config.configmap.cnCouchbaseIndexNumReplica int 0 The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1.
config.configmap.cnCouchbasePassword string "P@ssw0rd" Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol .
config.configmap.cnCouchbaseSuperUser string "admin" The Couchbase super user (admin) username. This user is used during initialization only.
config.configmap.cnCouchbaseSuperUserPassword string "Test1234#" Couchbase password for the superuser config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol
config.configmap.cnCouchbaseUrl string "cbgluu.default.svc.cluster.local" Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster
config.configmap.cnCouchbaseUser string "gluu" Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase.
config.configmap.cnGoogleProjectId string "google-project-to-save-config-and-secrets-to" Project id of the Google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google.
config.configmap.cnGoogleSecretManagerServiceAccount string "SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=" Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google.
config.configmap.cnGoogleSecretNamePrefix string "gluu" Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.
config.configmap.cnGoogleSecretVersionId string "latest" Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google.
config.configmap.cnGoogleSpannerDatabaseId string "" Google Spanner Database ID. Used only when global.cnPersistenceType is spanner.
config.configmap.cnGoogleSpannerInstanceId string "" Google Spanner ID. Used only when global.cnPersistenceType is spanner.
config.configmap.cnJettyRequestHeaderSize int 8192 Jetty header size in bytes in the auth server
config.configmap.cnLdapUrl string "opendj:1636" OpenDJ internal address. Leave as default. Used when global.cnPersistenceType is set to ldap.
config.configmap.cnMaxRamPercent string "75.0" Value passed to Java option -XX:MaxRAMPercentage
config.configmap.cnPersistenceHybridMapping string "{}" Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when global.cnPersistenceType is set to hybrid. { "default": "<couchbase
config.configmap.cnRedisSentinelGroup string "" Redis Sentinel Group. Often set when config.configmap.cnRedisType is set to SENTINEL. Can be used when config.configmap.cnCacheType is set to REDIS.
config.configmap.cnRedisSslTruststore string "" Redis SSL truststore. Optional. Can be used when config.configmap.cnCacheType is set to REDIS.
config.configmap.cnRedisType string "STANDALONE" Redis service type. STANDALONE or CLUSTER. Can be used when config.configmap.cnCacheType is set to REDIS.
config.configmap.cnRedisUrl string "redis.redis.svc.cluster.local:6379" Redis URL and port number :. Can be used when config.configmap.cnCacheType is set to REDIS.
config.configmap.cnRedisUseSsl bool false Boolean to use SSL in Redis. Can be used when config.configmap.cnCacheType is set to REDIS.
config.configmap.cnScimProtectionMode string "OAUTH" SCIM protection mode OAUTH
config.configmap.cnSecretKubernetesSecret string "cn" Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default.
config.configmap.cnSqlDbDialect string "mysql" SQL database dialect. mysql or pgsql
config.configmap.cnSqlDbHost string "my-release-mysql.default.svc.cluster.local" SQL database host uri.
config.configmap.cnSqlDbName string "gluu" SQL database name.
config.configmap.cnSqlDbPort int 3306 SQL database port.
config.configmap.cnSqlDbSchema string "" Schema name used by SQL database (default to empty-string; if using MySQL, the schema name will be resolved as the database name, whereas in PostgreSQL the schema name will be resolved as "public").
config.configmap.cnSqlDbTimezone string "UTC" SQL database timezone.
config.configmap.cnSqlDbUser string "gluu" SQL database username.
config.configmap.cnSqldbUserPassword string "Test1234#" SQL password injected the secrets .
config.configmap.lbAddr string "" Load balancer address for AWS if the FQDN is not registered.
config.countryCode string "US" Country code. Used for certificate creation.
config.dnsConfig object {} Add custom dns config
config.dnsPolicy string "" Add custom dns policy
config.email string "support@gluu.org" Email address of the administrator usually. Used for certificate creation.
config.image.pullSecrets list [] Image Pull Secrets
config.image.repository string "ghcr.io/janssenproject/jans/configurator" Image to use for deploying.
config.image.tag string "1.0.16-1" Image tag to use for deploying.
config.ldapPassword string "P@ssw0rds" LDAP admin password if OpenDJ is used for persistence.
config.migration object {"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"} CE to CN Migration section
config.migration.enabled bool false Boolean flag to enable migration from CE
config.migration.migrationDataFormat string "ldif" migration data-format depending on persistence backend. Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json.
config.migration.migrationDir string "/ce-migration" Directory holding all migration files
config.orgName string "Gluu" Organization name. Used for certificate creation.
config.redisPassword string "P@assw0rd" Redis admin password if config.configmap.cnCacheType is set to REDIS.
config.resources object {"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}} Resource specs.
config.resources.limits.cpu string "300m" CPU limit.
config.resources.limits.memory string "300Mi" Memory limit.
config.resources.requests.cpu string "300m" CPU request.
config.resources.requests.memory string "300Mi" Memory request.
config.state string "TX" State code. Used for certificate creation.
config.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service.
config.usrEnvs.normal object {} Add custom normal envs to the service. variable1: value1
config.usrEnvs.secret object {} Add custom secret envs to the service. variable1: value1
config.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
config.volumes list [] Configure any additional volumes that need to be attached to the pod
fido2 object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.0.16-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
fido2.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
fido2.additionalLabels object {} Additional labels that will be added across the gateway in the format of
fido2.dnsConfig object {} Add custom dns config
fido2.dnsPolicy string "" Add custom dns policy
fido2.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
fido2.hpa.behavior object {} Scaling Policies
fido2.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
fido2.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
fido2.image.pullSecrets list [] Image Pull Secrets
fido2.image.repository string "ghcr.io/janssenproject/jans/fido2" Image to use for deploying.
fido2.image.tag string "1.0.16-1" Image tag to use for deploying.
fido2.livenessProbe object {"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5} Configure the liveness healthcheck for the fido2 if needed.
fido2.livenessProbe.httpGet object {"path":"/jans-fido2/sys/health-check","port":"http-fido2"} http liveness probe endpoint
fido2.pdb object {"enabled":true,"maxUnavailable":"90%"} Configure the PodDisruptionBudget
fido2.readinessProbe object {"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the readiness healthcheck for the fido2 if needed.
fido2.replicas int 1 Service replica number.
fido2.resources object {"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}} Resource specs.
fido2.resources.limits.cpu string "500m" CPU limit.
fido2.resources.limits.memory string "500Mi" Memory limit.
fido2.resources.requests.cpu string "500m" CPU request.
fido2.resources.requests.memory string "500Mi" Memory request.
fido2.service.name string "http-fido2" The name of the fido2 port within the fido2 service. Please keep it as default.
fido2.service.port int 8080 Port of the fido2 service. Please keep it as default.
fido2.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
fido2.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
fido2.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
fido2.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
fido2.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
fido2.volumes list [] Configure any additional volumes that need to be attached to the pod
global object {"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","licenseSsa":"","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}} Parameters used globally across all services helm charts.
global.admin-ui.adminUiServiceName string "admin-ui" Name of the admin-ui service. Please keep it as default.
global.admin-ui.enabled bool true Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin.
global.admin-ui.ingress.adminUiEnabled bool false Enable Admin UI endpoints in either istio or nginx ingress depending on users choice
global.alb.ingress bool false Activates ALB ingress
global.auth-server-key-rotation.enabled bool false Boolean flag to enable/disable the auth-server-key rotation cronjob chart.
global.auth-server.appLoggers object {"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"} App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
global.auth-server.appLoggers.auditStatsLogLevel string "INFO" jans-auth_audit.log level
global.auth-server.appLoggers.auditStatsLogTarget string "FILE" jans-auth_script.log target
global.auth-server.appLoggers.authLogLevel string "INFO" jans-auth.log level
global.auth-server.appLoggers.authLogTarget string "STDOUT" jans-auth.log target
global.auth-server.appLoggers.enableStdoutLogPrefix string "true" Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e auth-server-script ===> 2022-12-20 17:49:55,744 INFO
global.auth-server.appLoggers.httpLogLevel string "INFO" http_request_response.log level
global.auth-server.appLoggers.httpLogTarget string "FILE" http_request_response.log target
global.auth-server.appLoggers.ldapStatsLogLevel string "INFO" jans-auth_persistence_ldap_statistics.log level
global.auth-server.appLoggers.ldapStatsLogTarget string "FILE" jans-auth_persistence_ldap_statistics.log target
global.auth-server.appLoggers.persistenceDurationLogLevel string "INFO" jans-auth_persistence_duration.log level
global.auth-server.appLoggers.persistenceDurationLogTarget string "FILE" jans-auth_persistence_duration.log target
global.auth-server.appLoggers.persistenceLogLevel string "INFO" jans-auth_persistence.log level
global.auth-server.appLoggers.persistenceLogTarget string "FILE" jans-auth_persistence.log target
global.auth-server.appLoggers.scriptLogLevel string "INFO" jans-auth_script.log level
global.auth-server.appLoggers.scriptLogTarget string "FILE" jans-auth_script.log target
global.auth-server.authEncKeys string "RSA1_5 RSA-OAEP" space-separated key algorithm for encryption (default to RSA1_5 RSA-OAEP)
global.auth-server.authServerServiceName string "auth-server" Name of the auth-server service. Please keep it as default.
global.auth-server.authSigKeys string "RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512" space-separated key algorithm for signing (default to RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512)
global.auth-server.enabled bool true Boolean flag to enable/disable auth-server chart. You should never set this to false.
global.auth-server.ingress object {"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true} Enable endpoints in either istio or nginx ingress depending on users choice
global.auth-server.ingress.authServerEnabled bool true Enable Auth server endpoints /jans-auth
global.auth-server.ingress.authServerProtectedRegister bool false Enable mTLS onn Auth server endpoint /jans-auth/restv1/register. Currently not working in Istio.
global.auth-server.ingress.authServerProtectedToken bool false Enable mTLS on Auth server endpoint /jans-auth/restv1/token. Currently not working in Istio.
global.auth-server.ingress.deviceCodeEnabled bool true Enable endpoint /device-code
global.auth-server.ingress.firebaseMessagingEnabled bool true Enable endpoint /firebase-messaging-sw.js
global.auth-server.ingress.openidConfigEnabled bool true Enable endpoint /.well-known/openid-configuration
global.auth-server.ingress.u2fConfigEnabled bool true Enable endpoint /.well-known/fido-configuration
global.auth-server.ingress.uma2ConfigEnabled bool true Enable endpoint /.well-known/uma2-configuration
global.auth-server.ingress.webdiscoveryEnabled bool true Enable endpoint /.well-known/simple-web-discovery
global.auth-server.ingress.webfingerEnabled bool true Enable endpoint /.well-known/webfinger
global.awsStorageType string "io1" Volume storage type if using AWS volumes.
global.azureStorageAccountType string "Standard_LRS" Volume storage type if using Azure disks.
global.azureStorageKind string "Managed" Azure storage kind if using Azure disks
global.casa.appLoggers object {"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"} App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
global.casa.appLoggers.casaLogLevel string "INFO" casa.log level
global.casa.appLoggers.casaLogTarget string "STDOUT" casa.log target
global.casa.appLoggers.enableStdoutLogPrefix string "true" Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e casa ===> 2022-12-20 17:49:55,744 INFO
global.casa.appLoggers.timerLogLevel string "INFO" casa timer log level
global.casa.appLoggers.timerLogTarget string "FILE" casa timer log target
global.casa.casaServiceName string "casa" Name of the casa service. Please keep it as default.
global.casa.enabled bool true Boolean flag to enable/disable the casa chart.
global.casa.ingress object {"casaEnabled":false} Enable endpoints in either istio or nginx ingress depending on users choice
global.casa.ingress.casaEnabled bool false Enable casa endpoints /casa
global.cloud.testEnviroment bool false Boolean flag if enabled will strip resources requests and limits from all services.
global.cnDocumentStoreType string "LOCAL" Document store type to use for shibboleth files LOCAL.
global.cnGoogleApplicationCredentials string "/etc/jans/conf/google-credentials.json" Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. Leave as this is a sensible default.
global.cnObExtSigningAlias string "" Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e. XkwIzWy44xWSlcWnMiEc8iq9s2G
global.cnObExtSigningJwksCrt string "" Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when .global.cnObExtSigningJwksUri is set.
global.cnObExtSigningJwksKey string "" Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when .global.cnObExtSigningJwksUri is set.
global.cnObExtSigningJwksKeyPassPhrase string "" Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when .global.cnObExtSigningJwksUri is set.
global.cnObExtSigningJwksUri string "" Open banking external signing jwks uri. Used in SSA Validation.
global.cnObStaticSigningKeyKid string "" Open banking signing AS kid to force the AS to use a specific signing key. i.e. Wy44xWSlcWnMiEc8iq9s2G
global.cnObTransportAlias string "" Open banking transport Alias used inside the JVM.
global.cnObTransportCrt string "" Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64.
global.cnObTransportKey string "" Open banking AS transport key. Used in SSA Validation. This must be encoded using base64.
global.cnObTransportKeyPassPhrase string "" Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64.
global.cnObTransportTrustStore string "" Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64.
global.cnPersistenceType string "sql" Persistence backend to run Gluu with ldap
global.cnPrometheusPort string "" Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number.
global.config-api.adminUiAppLoggers.adminUiAuditLogLevel string "INFO" config-api admin-ui plugin audit log level
global.config-api.adminUiAppLoggers.adminUiAuditLogTarget string "FILE" config-api admin-ui plugin audit log target
global.config-api.adminUiAppLoggers.adminUiLogLevel string "INFO" config-api admin-ui plugin log target
global.config-api.adminUiAppLoggers.adminUiLogTarget string "FILE" config-api admin-ui plugin log level
global.config-api.adminUiAppLoggers.enableStdoutLogPrefix string "true" Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e config-api_persistence ===> 2022-12-20 17:49:55,744 INFO
global.config-api.appLoggers object {"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"} App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
global.config-api.appLoggers.configApiLogLevel string "INFO" configapi.log level
global.config-api.appLoggers.configApiLogTarget string "STDOUT" configapi.log target
global.config-api.appLoggers.enableStdoutLogPrefix string "true" Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e config-api_persistence ===> 2022-12-20 17:49:55,744 INFO
global.config-api.appLoggers.ldapStatsLogLevel string "INFO" config-api_persistence_ldap_statistics.log level
global.config-api.appLoggers.ldapStatsLogTarget string "FILE" config-api_persistence_ldap_statistics.log target
global.config-api.appLoggers.persistenceDurationLogLevel string "INFO" config-api_persistence_duration.log level
global.config-api.appLoggers.persistenceDurationLogTarget string "FILE" config-api_persistence_duration.log target
global.config-api.appLoggers.persistenceLogLevel string "INFO" config-api_persistence.log level
global.config-api.appLoggers.persistenceLogTarget string "FILE" config-api_persistence.log target
global.config-api.appLoggers.scriptLogLevel string "INFO" config-api_script.log level
global.config-api.appLoggers.scriptLogTarget string "FILE" config-api_script.log target
global.config-api.configApiServerServiceName string "config-api" Name of the config-api service. Please keep it as default.
global.config-api.enabled bool true Boolean flag to enable/disable the config-api chart.
global.config-api.ingress object {"configApiEnabled":true} Enable endpoints in either istio or nginx ingress depending on users choice
global.config.enabled bool true Boolean flag to enable/disable the configuration chart. This normally should never be false
global.configAdapterName string "kubernetes" The config backend adapter that will hold Gluu configuration layer. aws
global.configSecretAdapter string "kubernetes" The config backend adapter that will hold Gluu secret layer. aws
global.distribution string "default" Gluu distributions supported are: default
global.fido2.appLoggers object {"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"} App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
global.fido2.appLoggers.enableStdoutLogPrefix string "true" Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e fido2 ===> 2022-12-20 17:49:55,744 INFO
global.fido2.appLoggers.fido2LogLevel string "INFO" fido2.log level
global.fido2.appLoggers.fido2LogTarget string "STDOUT" fido2.log target
global.fido2.appLoggers.persistenceDurationLogLevel string "INFO" fido2_persistence_duration.log level
global.fido2.appLoggers.persistenceDurationLogTarget string "FILE" fido2_persistence_duration.log target
global.fido2.appLoggers.persistenceLogLevel string "INFO" fido2_persistence.log level
global.fido2.appLoggers.persistenceLogTarget string "FILE" fido2_persistence.log target
global.fido2.appLoggers.scriptLogLevel string "INFO" fido2_script.log level
global.fido2.appLoggers.scriptLogTarget string "FILE" fido2_script.log target
global.fido2.enabled bool true Boolean flag to enable/disable the fido2 chart.
global.fido2.fido2ServiceName string "fido2" Name of the fido2 service. Please keep it as default.
global.fido2.ingress object {"fido2ConfigEnabled":false} Enable endpoints in either istio or nginx ingress depending on users choice
global.fido2.ingress.fido2ConfigEnabled bool false Enable endpoint /.well-known/fido2-configuration
global.fqdn string "demoexample.gluu.org" Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services.
global.gcePdStorageType string "pd-standard" GCE storage kind if using Google disks
global.isFqdnRegistered bool false Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for load balancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically.
global.istio.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
global.istio.additionalLabels object {} Additional labels that will be added across the gateway in the format of
global.istio.enabled bool false Boolean flag that enables using istio side-cars with Gluu services.
global.istio.gateways list [] Override the gateway that can be created by default. This is used when istio ingress has already been setup and the gateway exists.
global.istio.ingress bool false Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.
global.istio.namespace string "istio-system" The namespace istio is deployed in. The is normally istio-system.
global.jobTtlSecondsAfterFinished int 300 https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
global.lbIp string "22.22.22.22" The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if global.fqdn is globally resolvable.
global.licenseSsa string "" Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded.
global.nginx-ingress.enabled bool true Boolean flag to enable/disable the nginx-ingress definitions chart.
global.opendj.enabled bool false Boolean flag to enable/disable the OpenDJ chart.
global.opendj.ldapServiceName string "opendj" Name of the OpenDJ service. Please keep it as default.
global.oxpassport.enabled bool false Boolean flag to enable/disable passport chart
global.oxpassport.oxPassportServiceName string "oxpassport" Name of the oxPassport service. Please keep it as default.
global.oxshibboleth.appLoggers object {"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""} App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. log levels are "OFF", "FATAL", "ERROR", "WARN", "INFO", "DEBUG", "TRACE" Targets are "STDOUT" and "FILE"
global.oxshibboleth.appLoggers.auditStatsLogLevel string "INFO" idp-audit.log level
global.oxshibboleth.appLoggers.auditStatsLogTarget string "FILE" idp-audit.log target
global.oxshibboleth.appLoggers.consentAuditLogLevel string "INFO" idp-consent-audit.log level
global.oxshibboleth.appLoggers.consentAuditLogTarget string "FILE" idp-consent-audit.log target
global.oxshibboleth.appLoggers.idpLogLevel string "INFO" idp-process.log level
global.oxshibboleth.appLoggers.idpLogTarget string "STDOUT" idp-process.log target
global.oxshibboleth.appLoggers.ldapLogLevel string "" https://github.com/GluuFederation/docker-oxshibboleth#additional-logger-configuration The below are very noisy logs and are better left untouched
global.oxshibboleth.appLoggers.scriptLogLevel string "INFO" idp-script.log level
global.oxshibboleth.appLoggers.scriptLogTarget string "FILE" idp-script.log target
global.oxshibboleth.enabled bool false Boolean flag to enable/disable the oxShibbboleth chart.
global.oxshibboleth.oxShibbolethServiceName string "oxshibboleth" Name of the oxShibboleth service. Please keep it as default.
global.persistence.enabled bool true Boolean flag to enable/disable the persistence chart.
global.scim.appLoggers object {"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"} App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
global.scim.appLoggers.enableStdoutLogPrefix string "true" Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e jans-scim ===> 2022-12-20 17:49:55,744 INFO
global.scim.appLoggers.ldapStatsLogLevel string "INFO" jans-scim_persistence_ldap_statistics.log level
global.scim.appLoggers.ldapStatsLogTarget string "FILE" jans-scim_persistence_ldap_statistics.log target
global.scim.appLoggers.persistenceDurationLogLevel string "INFO" jans-scim_persistence_duration.log level
global.scim.appLoggers.persistenceDurationLogTarget string "FILE" jans-scim_persistence_duration.log target
global.scim.appLoggers.persistenceLogLevel string "INFO" jans-scim_persistence.log level
global.scim.appLoggers.persistenceLogTarget string "FILE" jans-scim_persistence.log target
global.scim.appLoggers.scimLogLevel string "INFO" jans-scim.log level
global.scim.appLoggers.scimLogTarget string "STDOUT" jans-scim.log target
global.scim.appLoggers.scriptLogLevel string "INFO" jans-scim_script.log level
global.scim.appLoggers.scriptLogTarget string "FILE" jans-scim_script.log target
global.scim.enabled bool true Boolean flag to enable/disable the SCIM chart.
global.scim.ingress object {"scimConfigEnabled":false,"scimEnabled":false} Enable endpoints in either istio or nginx ingress depending on users choice
global.scim.ingress.scimConfigEnabled bool false Enable endpoint /.well-known/scim-configuration
global.scim.ingress.scimEnabled bool false Enable SCIM endpoints /jans-scim
global.scim.scimServiceName string "scim" Name of the scim service. Please keep it as default.
global.storageClass object {"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"} StorageClass section for OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed.
global.storageClass.parameters object {} parameters: fsType: "" kind: "" pool: "" storageAccountType: "" type: ""
global.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services
global.usrEnvs.normal object {} Add custom normal envs to the service. variable1: value1
global.usrEnvs.secret object {} Add custom secret envs to the service. variable1: value1
installer-settings object {"acceptLicense":"","aws":{"arn":{"arnAcmCert":"","enabled":""},"lbType":"","vpcCidr":"0.0.0.0/0"},"confirmSettings":false,"couchbase":{"backup":{"fullSchedule":"","incrementalSchedule":"","retentionTime":"","storageSize":""},"clusterName":"","commonName":"","customFileOverride":"","install":"","lowResourceInstall":"","namespace":"","subjectAlternativeName":"","totalNumberOfExpectedTransactionsPerSec":"","totalNumberOfExpectedUsers":"","volumeType":""},"currentVersion":"","google":{"useSecretManager":""},"images":{"edit":""},"ldap":{"backup":{"fullSchedule":""}},"namespace":"","nginxIngress":{"namespace":"","releaseName":""},"nodes":{"ips":"","names":"","zones":""},"openbanking":{"cnObTransportTrustStoreP12password":"","hasCnObTransportTrustStore":false},"postgres":{"install":"","namespace":""},"redis":{"install":"","namespace":""},"releaseName":"","sql":{"install":"","namespace":""},"volumeProvisionStrategy":""} Only used by the installer. These settings do not affect nor are used by the chart
nginx-ingress object {"certManager":{"certificate":{"enabled":false,"issuerGroup":"cert-manager.io","issuerKind":"ClusterIssuer","issuerName":""}},"ingress":{"additionalAnnotations":{},"additionalLabels":{},"adminUiAdditionalAnnotations":{},"adminUiLabels":{},"authServerAdditionalAnnotations":{},"authServerLabels":{},"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"casaAdditionalAnnotations":{},"casaLabels":{},"configApiAdditionalAnnotations":{},"configApiLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeLabels":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingLabels":{},"hosts":["demoexample.gluu.org"],"ingressClassName":"nginx","openidAdditionalAnnotations":{},"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigLabels":{},"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerLabels":{}}} Nginx ingress definitions chart
nginx-ingress.ingress.additionalAnnotations object {} Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
nginx-ingress.ingress.additionalLabels object {} Additional labels that will be added across all ingress definitions in the format of
nginx-ingress.ingress.adminUiAdditionalAnnotations object {} openid-configuration ingress resource additional annotations.
nginx-ingress.ingress.adminUiLabels object {} Admin UI ingress resource labels. key app is taken.
nginx-ingress.ingress.authServerAdditionalAnnotations object {} Auth server ingress resource additional annotations.
nginx-ingress.ingress.authServerLabels object {} Auth server ingress resource labels. key app is taken
nginx-ingress.ingress.authServerProtectedRegisterAdditionalAnnotations object {} Auth server protected register ingress resource additional annotations.
nginx-ingress.ingress.authServerProtectedRegisterLabels object {} Auth server protected token ingress resource labels. key app is taken
nginx-ingress.ingress.authServerProtectedTokenAdditionalAnnotations object {} Auth server protected token ingress resource additional annotations.
nginx-ingress.ingress.authServerProtectedTokenLabels object {} Auth server protected token ingress resource labels. key app is taken
nginx-ingress.ingress.casaAdditionalAnnotations object {} Casa ingress resource additional annotations.
nginx-ingress.ingress.casaLabels object {} Casa ingress resource labels. key app is taken
nginx-ingress.ingress.configApiAdditionalAnnotations object {} ConfigAPI ingress resource additional annotations.
nginx-ingress.ingress.configApiLabels object {} configAPI ingress resource labels. key app is taken
nginx-ingress.ingress.deviceCodeAdditionalAnnotations object {} device-code ingress resource additional annotations.
nginx-ingress.ingress.deviceCodeLabels object {} device-code ingress resource labels. key app is taken
nginx-ingress.ingress.fido2ConfigAdditionalAnnotations object {} fido2 config ingress resource additional annotations.
nginx-ingress.ingress.fido2ConfigLabels object {} fido2 config ingress resource labels. key app is taken
nginx-ingress.ingress.firebaseMessagingAdditionalAnnotations object {} Firebase Messaging ingress resource additional annotations.
nginx-ingress.ingress.firebaseMessagingLabels object {} Firebase Messaging ingress resource labels. key app is taken
nginx-ingress.ingress.openidAdditionalAnnotations object {} openid-configuration ingress resource additional annotations.
nginx-ingress.ingress.openidConfigLabels object {} openid-configuration ingress resource labels. key app is taken
nginx-ingress.ingress.scimAdditionalAnnotations object {} SCIM ingress resource additional annotations.
nginx-ingress.ingress.scimConfigAdditionalAnnotations object {} SCIM config ingress resource additional annotations.
nginx-ingress.ingress.scimConfigLabels object {} SCIM config ingress resource labels. key app is taken
nginx-ingress.ingress.scimLabels object {} SCIM config ingress resource labels. key app is taken
nginx-ingress.ingress.tls list [{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}] Secrets holding HTTPS CA cert and key.
nginx-ingress.ingress.u2fAdditionalAnnotations object {} u2f config ingress resource additional annotations.
nginx-ingress.ingress.u2fConfigLabels object {} u2f config ingress resource labels. key app is taken
nginx-ingress.ingress.uma2AdditionalAnnotations object {} uma2 config ingress resource additional annotations.
nginx-ingress.ingress.uma2ConfigLabels object {} uma2 config ingress resource labels. key app is taken
nginx-ingress.ingress.webdiscoveryAdditionalAnnotations object {} webdiscovery ingress resource additional annotations.
nginx-ingress.ingress.webdiscoveryLabels object {} webdiscovery ingress resource labels. key app is taken
nginx-ingress.ingress.webfingerAdditionalAnnotations object {} webfinger ingress resource additional annotations.
nginx-ingress.ingress.webfingerLabels object {} webfinger ingress resource labels. key app is taken
opendj object {"additionalAnnotations":{},"additionalLabels":{},"backup":{"cronJobSchedule":"*/59 * * * *","enabled":true},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/opendj","tag":"5.0.0-12"},"lifecycle":{"preStop":{"exec":{"command":["/bin/sh","-c","python3 /app/scripts/deregister_peer.py 1>&/proc/1/fd/1"]}}},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.
opendj.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
opendj.additionalLabels object {} Additional labels that will be added across the gateway in the format of
opendj.backup object {"cronJobSchedule":"*/59 * * * *","enabled":true} Configure ldap backup cronjob
opendj.dnsConfig object {} Add custom dns config
opendj.dnsPolicy string "" Add custom dns policy
opendj.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
opendj.hpa.behavior object {} Scaling Policies
opendj.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
opendj.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
opendj.image.pullSecrets list [] Image Pull Secrets
opendj.image.repository string "gluufederation/opendj" Image to use for deploying.
opendj.image.tag string "5.0.0-12" Image tag to use for deploying.
opendj.livenessProbe object {"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the liveness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py
opendj.livenessProbe.exec object {"command":["python3","/app/scripts/healthcheck.py"]} Executes the python3 healthcheck.
opendj.pdb object {"enabled":true,"maxUnavailable":1} Configure the PodDisruptionBudget
opendj.persistence.size string "5Gi" OpenDJ volume size
opendj.readinessProbe object {"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5} Configure the readiness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py
opendj.replicas int 1 Service replica number.
opendj.resources object {"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}} Resource specs.
opendj.resources.limits.cpu string "1500m" CPU limit.
opendj.resources.limits.memory string "2000Mi" Memory limit.
opendj.resources.requests.cpu string "1500m" CPU request.
opendj.resources.requests.memory string "2000Mi" Memory request.
opendj.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
opendj.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
opendj.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
opendj.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
opendj.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
opendj.volumes list [] Configure any additional volumes that need to be attached to the pod
oxpassport object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxpassport","tag":"5.0.0-12"},"lifecycle":{},"livenessProbe":{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Gluu interface to Passport.js to support social login and inbound identity.
oxpassport.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
oxpassport.additionalLabels object {} Additional labels that will be added across the gateway in the format of
oxpassport.dnsConfig object {} Add custom dns config
oxpassport.dnsPolicy string "" Add custom dns policy
oxpassport.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
oxpassport.hpa.behavior object {} Scaling Policies
oxpassport.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
oxpassport.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
oxpassport.image.pullSecrets list [] Image Pull Secrets
oxpassport.image.repository string "gluufederation/oxpassport" Image to use for deploying.
oxpassport.image.tag string "5.0.0-12" Image tag to use for deploying.
oxpassport.livenessProbe object {"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the liveness healthcheck for oxPassport if needed.
oxpassport.livenessProbe.httpGet.path string "/passport/health-check" http liveness probe endpoint
oxpassport.pdb object {"enabled":true,"maxUnavailable":"90%"} Configure the PodDisruptionBudget
oxpassport.readinessProbe object {"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5} Configure the readiness healthcheck for the oxPassport if needed.
oxpassport.readinessProbe.httpGet.path string "/passport/health-check" http readiness probe endpoint
oxpassport.replicas int 1 Service replica number
oxpassport.resources object {"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}} Resource specs.
oxpassport.resources.limits.cpu string "700m" CPU limit.
oxpassport.resources.limits.memory string "900Mi" Memory limit.
oxpassport.resources.requests.cpu string "700m" CPU request.
oxpassport.resources.requests.memory string "900Mi" Memory request.
oxpassport.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
oxpassport.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
oxpassport.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
oxpassport.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
oxpassport.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
oxpassport.volumes list [] Configure any additional volumes that need to be attached to the pod
oxshibboleth object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxshibboleth","tag":"5.0.0-12"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Shibboleth project for the Gluu Server's SAML IDP functionality.
oxshibboleth.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
oxshibboleth.additionalLabels object {} Additional labels that will be added across the gateway in the format of
oxshibboleth.dnsConfig object {} Add custom dns config
oxshibboleth.dnsPolicy string "" Add custom dns policy
oxshibboleth.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
oxshibboleth.hpa.behavior object {} Scaling Policies
oxshibboleth.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
oxshibboleth.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
oxshibboleth.image.pullSecrets list [] Image Pull Secrets
oxshibboleth.image.repository string "gluufederation/oxshibboleth" Image to use for deploying.
oxshibboleth.image.tag string "5.0.0-12" Image tag to use for deploying.
oxshibboleth.livenessProbe object {"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the liveness healthcheck for oxshibboleth if needed. https://github.com/GluuFederation/docker-oxshibboleth/blob/master/scripts/healthcheck.py
oxshibboleth.livenessProbe.exec object {"command":["python3","/app/scripts/healthcheck.py"]} Executes the python3 healthcheck.
oxshibboleth.pdb object {"enabled":true,"maxUnavailable":1} Configure the PodDisruptionBudget
oxshibboleth.readinessProbe object {"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the readiness healthcheck for the casa if needed.
oxshibboleth.readinessProbe.exec object {"command":["python3","/app/scripts/healthcheck.py"]} Executes the python3 healthcheck.
oxshibboleth.replicas int 1 Service replica number.
oxshibboleth.resources object {"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}} Resource specs.
oxshibboleth.resources.limits.cpu string "1000m" CPU limit.
oxshibboleth.resources.limits.memory string "1000Mi" Memory limit.
oxshibboleth.resources.requests.cpu string "1000m" CPU request.
oxshibboleth.resources.requests.memory string "1000Mi" Memory request.
oxshibboleth.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
oxshibboleth.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
oxshibboleth.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
oxshibboleth.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
oxshibboleth.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
oxshibboleth.volumes list [] Configure any additional volumes that need to be attached to the pod
persistence object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.0.16-1"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} Job to generate data and initial config for Gluu Server persistence layer.
persistence.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
persistence.additionalLabels object {} Additional labels that will be added across the gateway in the format of
persistence.dnsConfig object {} Add custom dns config
persistence.dnsPolicy string "" Add custom dns policy
persistence.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
persistence.image.pullSecrets list [] Image Pull Secrets
persistence.image.repository string "ghcr.io/janssenproject/jans/persistence-loader" Image to use for deploying.
persistence.image.tag string "1.0.16-1" Image tag to use for deploying.
persistence.resources object {"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}} Resource specs.
persistence.resources.limits.cpu string "300m" CPU limit
persistence.resources.limits.memory string "300Mi" Memory limit.
persistence.resources.requests.cpu string "300m" CPU request.
persistence.resources.requests.memory string "300Mi" Memory request.
persistence.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
persistence.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
persistence.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
persistence.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
persistence.volumes list [] Configure any additional volumes that need to be attached to the pod
scim object {"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.0.16-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]} System for Cross-domain Identity Management (SCIM) version 2.0
scim.additionalAnnotations object {} Additional annotations that will be added across the gateway in the format of
scim.additionalLabels object {} Additional labels that will be added across the gateway in the format of
scim.dnsConfig object {} Add custom dns config
scim.dnsPolicy string "" Add custom dns policy
scim.hpa object {"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50} Configure the HorizontalPodAutoscaler
scim.hpa.behavior object {} Scaling Policies
scim.hpa.metrics list [] metrics if targetCPUUtilizationPercentage is not set
scim.image.pullPolicy string "IfNotPresent" Image pullPolicy to use for deploying.
scim.image.pullSecrets list [] Image Pull Secrets
scim.image.repository string "ghcr.io/janssenproject/jans/scim" Image to use for deploying.
scim.image.tag string "1.0.16-1" Image tag to use for deploying.
scim.livenessProbe object {"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5} Configure the liveness healthcheck for SCIM if needed.
scim.livenessProbe.httpGet.path string "/jans-scim/sys/health-check" http liveness probe endpoint
scim.pdb object {"enabled":true,"maxUnavailable":"90%"} Configure the PodDisruptionBudget
scim.readinessProbe object {"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5} Configure the readiness healthcheck for the SCIM if needed.
scim.readinessProbe.httpGet.path string "/jans-scim/sys/health-check" http readiness probe endpoint
scim.replicas int 1 Service replica number.
scim.resources.limits.cpu string "1000m" CPU limit.
scim.resources.limits.memory string "1000Mi" Memory limit.
scim.resources.requests.cpu string "1000m" CPU request.
scim.resources.requests.memory string "1000Mi" Memory request.
scim.service.name string "http-scim" The name of the scim port within the scim service. Please keep it as default.
scim.service.port int 8080 Port of the scim service. Please keep it as default.
scim.topologySpreadConstraints object {} Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
scim.usrEnvs object {"normal":{},"secret":{}} Add custom normal and secret envs to the service
scim.usrEnvs.normal object {} Add custom normal envs to the service variable1: value1
scim.usrEnvs.secret object {} Add custom secret envs to the service variable1: value1
scim.volumeMounts list [] Configure any additional volumesMounts that need to be attached to the containers
scim.volumes list [] Configure any additional volumes that need to be attached to the pod

Autogenerated from chart metadata using helm-docs v1.11.0


Last update: 2023-08-14
Created: 2022-01-24