feat: backport fixes and features from 4.5 (#596)

* feat: backport custom salt and regcred features from 4.5 Release-As: 1.7.12 * fix: use interval-based cronjob schedule syntax * chore: update config-init image tag * fix: stale request error when having multiple pod replicas in istio * fix: permissions to create tls cert in istio namespace * chore: release of 1.7.12 --------- Co-authored-by: moabu <[email protected]>
GluuFederation · Sep 18, 2023 · 5c03353 · 5c03353
1 parent e413bf5
commit 5c03353
Show file tree

Hide file tree

Showing 56 changed files with 449 additions and 165 deletions.
diff --git a/pygluu/kubernetes/helm.py b/pygluu/kubernetes/helm.py
@@ -208,7 +208,7 @@ def analyze_global_values(self):
             values_file_parser["config"]["configmap"]["gluuCouchbasePass"] = self.settings.get("COUCHBASE_PASSWORD")
             values_file_parser["config"]["configmap"]["gluuCouchbaseSuperUserPass"] = \
                 self.settings.get("COUCHBASE_SUPERUSER_PASSWORD")
-            
+
         if self.settings.get("PERSISTENCE_BACKEND") == "sql":
             values_file_parser["config"]["configmap"]["cnSqlDbDialect"] = \
                 self.settings.get("GLUU_SQL_DB_DIALECT")
@@ -222,7 +222,7 @@ def analyze_global_values(self):
                 self.settings.get("GLUU_SQL_DB_USER")
             values_file_parser["config"]["configmap"]["cnSqldbUserPassword"] = \
                 self.settings.get("GLUU_SQL_DB_PASSWORD")
-            
+
         if self.settings.get("PERSISTENCE_BACKEND") == "spanner":
             values_file_parser["config"]["configmap"]["cnGoogleSpannerEmulatorHost"] = \
                 self.settings.get("SPANNER_EMULATOR_HOST")
@@ -419,6 +419,45 @@ def analyze_global_values(self):
         values_file_parser["oxtrust"]["image"]["repository"] = self.settings.get("OXTRUST_IMAGE_NAME")
         values_file_parser["oxtrust"]["image"]["tag"] = self.settings.get("OXTRUST_IMAGE_TAG")
         values_file_parser["oxtrust"]["replicas"] = self.settings.get("OXTRUST_REPLICAS")
+
+        # append container registry credentials name
+        ctr_registry_cred_name = self.settings.get("CONTAINER_REGISTRY_SECRET_NAME")
+        if ctr_registry_cred_name:
+            for comp in [
+                "casa",
+                "fido2",
+                "scim",
+                "config",
+                "cr-rotate",
+                "oxauth-key-rotation",
+                "opendj",
+                "persistence",
+                "oxauth",
+                "oxd-server",
+                "oxpassport",
+                "oxshibboleth",
+                "jackrabbit",
+                "oxtrust",
+            ]:
+                # collect all creds and remove name matches ctr_registry_cred_name
+                # to avoid duplication
+                creds = [
+                    cred for cred in values_file_parser[comp]["image"]["pullSecrets"]
+                    if cred["name"] != ctr_registry_cred_name
+                ]
+                creds.append({"name": ctr_registry_cred_name})
+
+                # example of generated yaml
+                #
+                # oxauth:
+                #   image:
+                #     pullSecrets:
+                #       - name: regcred
+                values_file_parser[comp]["image"]["pullSecrets"] = creds
+
+        # add custom salt
+        values_file_parser["config"]["salt"] = self.settings.get("SALT") or ""
+
         values_file_parser.dump_it()
 
     def install_gluu(self, install_ingress=True):
@@ -444,7 +483,7 @@ def install_gluu(self, install_ingress=True):
         try:
             exec_cmd("helm install {} -f {} ./helm/gluu --timeout 10m0s --namespace={}".format(
                 self.settings.get('GLUU_HELM_RELEASE_NAME'), self.values_file, self.settings.get("GLUU_NAMESPACE")))
-    
+
         except FileNotFoundError:
             logger.error("Helm v3 is not installed. Please install it to continue "
                          "https://helm.sh/docs/intro/install/")

diff --git a/pygluu/kubernetes/settings.py b/pygluu/kubernetes/settings.py
@@ -215,7 +215,10 @@ def default_settings(self):
                                 GLUU_LDAP_MULTI_CLUSTER_NAMESPACE_INT_ID="",
                                 GLUU_LDAP_MULTI_CLUSTERS_IDS=[],
                                 NGINX_LEGACY="",
-                                SPANNER_EMULATOR_HOST=""
+                                SPANNER_EMULATOR_HOST="",
+                                CONTAINER_REGISTRY_SECRET_NAME="",
+                                USE_CUSTOM_SALT="",
+                                SALT="",
                                 )
         return default_settings
 

diff --git a/pygluu/kubernetes/templates/gluu_versions.json b/pygluu/kubernetes/templates/gluu_versions.json
@@ -7,7 +7,7 @@
     "SCIM_IMAGE_NAME": "gluufederation/scim",
     "SCIM_IMAGE_TAG": "4.4.2-1",
     "CONFIG_IMAGE_NAME": "gluufederation/config-init",
-    "CONFIG_IMAGE_TAG": "4.4.2-3",
+    "CONFIG_IMAGE_TAG": "4.4.2-4",
     "CACHE_REFRESH_ROTATE_IMAGE_NAME": "gluufederation/cr-rotate",
     "CACHE_REFRESH_ROTATE_IMAGE_TAG": "4.4.2-1",
     "CERT_MANAGER_IMAGE_NAME": "gluufederation/certmanager",

diff --git a/pygluu/kubernetes/templates/helm/gluu-1.7.12.tgz b/pygluu/kubernetes/templates/helm/gluu-1.7.12.tgz
diff --git a/pygluu/kubernetes/templates/helm/gluu/Chart.yaml b/pygluu/kubernetes/templates/helm/gluu/Chart.yaml
@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 appVersion: "4.4.2"
-kubeVersion: ">=v1.21.0-0"
+kubeVersion: ">=v1.22.0-0"
 annotations:
   artifacthub.io/changes: |
     - Gluu 4.4.2 official chart release
@@ -48,73 +48,73 @@ maintainers:
   email: [email protected]
 description: Gluu Access and Identity Mangement
 name: gluu
-version: 1.7.11
+version: 1.7.12
 
 dependencies:
     - name: config
       condition: global.config.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: opendj
       condition: global.opendj.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: jackrabbit
       condition: global.jackrabbit.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: oxauth
       condition: global.oxauth.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: fido2
       condition: global.fido2.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: scim
       condition: global.scim.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: oxtrust
       condition: global.oxtrust.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: nginx-ingress
       condition: global.nginx-ingress.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: oxshibboleth
       condition: global.oxshibboleth.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: oxpassport
-      version: 1.7.11
+      version: 1.7.12
       condition: config.configmap.gluuPassportEnabled
 
     - name: casa
-      version: 1.7.11
+      version: 1.7.12
       condition: config.configmap.gluuCasaEnabled
 
     - name: oxauth-key-rotation
       condition: global.oxauth-key-rotation.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: cr-rotate
-      version: 1.7.11
+      version: 1.7.12
       condition: global.cr-rotate.enabled
 
     - name: oxd-server
       condition: global.oxd-server.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: persistence
       condition: global.persistence.enabled
-      version: 1.7.11
+      version: 1.7.12
 
     - name: gluu-istio-ingress
       condition: global.istio.ingress
-      version: 1.7.11
+      version: 1.7.12
 
     - name: gluu-alb-ingress
       condition: global.alb.ingress
-      version: 1.7.11
+      version: 1.7.12