feat(jans-lock): add jans-lock ingress (#1790)

* feat(lock): add lock ingress and its respective labels and annotations

* fix(ingress): remove extra end

* docs(jans-lock): update jans-lock endpoint

* chore: update JANS_SOURCE_VERSION

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Isman Firmansyah <[email protected]>
Co-authored-by: iromli <[email protected]>

Author: misba7

charts/gluu-all-in-one/README.md

@@ -97,7 +97,7 @@ Kubernetes: `>=v1.22.0-0`
 | auth-server.ingress.firebaseMessagingEnabled | bool | `true` | Enable endpoint /firebase-messaging-sw.js |
 | auth-server.ingress.firebaseMessagingLabels | object | `{}` | Firebase Messaging ingress resource labels. key app is taken |
 | auth-server.ingress.lockConfigAdditionalAnnotations | object | `{}` | Lock config ingress resource additional annotations. |
-| auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-master-configuration |
+| auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-server-configuration |
 | auth-server.ingress.lockConfigLabels | object | `{}` | Lock config ingress resource labels. key app is taken |
 | auth-server.ingress.openidAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. |
 | auth-server.ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration |

charts/gluu-all-in-one/templates/nginx-ingress.yaml

@@ -748,7 +748,7 @@ spec:
     - host: {{ .Values.fqdn | quote }}
       http:
         paths:
-          - path: /.well-known/lock-master-configuration
+          - path: /.well-known/lock-server-configuration
             pathType: Exact
             backend:
               service:
@@ -757,4 +757,52 @@ spec:
                   number: 8080
 {{- end }}
 
+---
+
+{{ if and (index .Values "auth-server" "lockEnabled") (index .Values "auth-server" "ingress" "lockEnabled") -}}
+{{ $fullName := include "flex-all-in-one.fullname" . -}}
+{{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-lock
+  labels:
+    app: {{ $fullName }}-lock
+{{- if index .Values "nginx-ingress" "ingress" "additionalLabels" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalLabels") | indent 4 }}
+{{- end }}
+{{- if index .Values "auth-server" "ingress" "lockLabels" }}
+{{ toYaml (index .Values "auth-server" "ingress" "lockLabels") | indent 4 }}
+{{- end }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/rewrite-target: /jans-auth
+{{- if index .Values "auth-server" "ingress" "lockAdditionalAnnotations" }}
+{{ toYaml (index .Values "auth-server" "ingress" "lockAdditionalAnnotations") | indent 4 }}
+{{- end }}
+{{- if index .Values "nginx-ingress" "ingress" "additionalAnnotations" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalAnnotations") | indent 4 }}
+{{- end }}
+spec:
+  ingressClassName: {{ index .Values "nginx-ingress" "ingress" "ingressClassName" }}
+{{- if index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
+  tls:
+    - hosts:
+        - {{ .Values.fqdn | quote }}
+      secretName: {{ index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
 {{- end }}
+  rules:
+    - host: {{ .Values.fqdn | quote }}
+      http:
+        paths:
+          - path: /jans-lock
+            pathType: Exact
+            backend:
+              service:
+                name: {{ .Values.service.name }}
+                port:
+                  number: 8080
+{{- end }}
+
+{{- end }}

charts/gluu-all-in-one/values.yaml

@@ -256,12 +256,18 @@ auth-server:
     authServerProtectedToken: false
     # -- Enable mTLS onn Auth server endpoint /jans-auth/restv1/register. Currently not working in Istio.
     authServerProtectedRegister: false
-    # -- Enable endpoint /.well-known/lock-master-configuration
+    # -- Enable endpoint /.well-known/lock-server-configuration
     lockConfigEnabled: false
+    # -- Enable endpoint /jans-lock
+    lockEnabled: false    
     # -- Lock config ingress resource labels. key app is taken
     lockConfigLabels: {}
     # -- Lock config ingress resource additional annotations.
     lockConfigAdditionalAnnotations: {}    
+    # -- Lock ingress resource labels. key app is taken
+    lockLabels: { }
+    # -- Lock ingress resource additional annotations.
+    lockAdditionalAnnotations: { }            
     # -- openid-configuration ingress resource labels. key app is taken
     openidConfigLabels: { }
     # -- openid-configuration ingress resource additional annotations.

charts/gluu/README.md

@@ -353,7 +353,7 @@ Kubernetes: `>=v1.21.0-0`
 | global.auth-server.ingress.firebaseMessagingEnabled | bool | `true` | Enable endpoint /firebase-messaging-sw.js |
 | global.auth-server.ingress.firebaseMessagingLabels | object | `{}` | Firebase Messaging ingress resource labels. key app is taken |
 | global.auth-server.ingress.lockConfigAdditionalAnnotations | object | `{}` | Lock config ingress resource additional annotations. |
-| global.auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-master-configuration |
+| global.auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-server-configuration |
 | global.auth-server.ingress.lockConfigLabels | object | `{}` | Lock config ingress resource labels. key app is taken |
 | global.auth-server.ingress.openidAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. |
 | global.auth-server.ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration |

charts/gluu/charts/nginx-ingress/templates/ingress.yaml

@@ -888,7 +888,7 @@ spec:
     - host: {{ $host | quote }}
       http:
         paths:
-          - path: /.well-known/lock-master-configuration
+          - path: /.well-known/lock-server-configuration
             pathType: Exact
             backend:
               service:
@@ -898,3 +898,60 @@ spec:
   {{- end }}
   {{- end }}
 {{- end }}
+
+---
+
+{{ if and (index .Values "global" "auth-server" "lockEnabled") (index .Values "global" "auth-server" "ingress" "lockEnabled") -}}
+{{ $fullName := include "nginx-ingress.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-lock
+  labels:
+    app: {{ $fullName }}-lock
+{{- if .Values.ingress.additionalLabels }}
+{{ toYaml .Values.ingress.additionalLabels | indent 4 }}
+{{- end }}
+{{- if index .Values.global "auth-server" "ingress" "lockLabels" }}
+{{ toYaml (index .Values.global "auth-server" "ingress" "lockLabels") | indent 4 }}
+{{- end }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/
+{{- if index .Values.global "auth-server" "ingress" "lockAdditionalAnnotations" }}
+{{ toYaml (index .Values.global "auth-server" "ingress" "lockAdditionalAnnotations") | indent 4 }}
+{{- end }}
+{{- if .Values.ingress.additionalAnnotations }}
+{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }}
+{{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+  {{- $host := . -}}
+  {{- with $ }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+          - path: /jans-lock
+            pathType: Exact
+            backend:
+              service:
+                name: {{ index .Values "global" "auth-server" "authServerServiceName" }}
+                port:
+                  number: 8080
+  {{- end }}
+  {{- end }}
+{{- end }}

charts/gluu/values.yaml

@@ -989,12 +989,18 @@ global:
       authServerProtectedToken: false
       # -- Enable mTLS onn Auth server endpoint /jans-auth/restv1/register. Currently not working in Istio.
       authServerProtectedRegister: false
-      # -- Enable endpoint /.well-known/lock-master-configuration
+      # -- Enable endpoint /.well-known/lock-server-configuration
       lockConfigEnabled: false
+      # -- Enable endpoint /jans-lock
+      lockEnabled: false
       # -- Lock config ingress resource labels. key app is taken
       lockConfigLabels: { }
       # -- Lock config ingress resource additional annotations.
-      lockConfigAdditionalAnnotations: { }      
+      lockConfigAdditionalAnnotations: { }
+      # -- Lock ingress resource labels. key app is taken
+      lockLabels: { }
+      # -- Lock ingress resource additional annotations.
+      lockAdditionalAnnotations: { }            
       # -- openid-configuration ingress resource labels. key app is taken
       openidConfigLabels: { }
       # -- openid-configuration ingress resource additional annotations.

docker-admin-ui/Dockerfile

@@ -20,7 +20,7 @@ EXPOSE 8080
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=e157cd4c8ff92c04e400fea29c51ae54f842a678
+ENV JANS_SOURCE_VERSION=1a86124407fdd8adb9f6360c8210b7e86291212f
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-flex-all-in-one/Dockerfile

@@ -65,7 +65,7 @@ RUN ln -sf /app/flex_aio/admin_ui/entrypoint.sh /app/bin/admin-ui-entrypoint.sh
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=e157cd4c8ff92c04e400fea29c51ae54f842a678
+ENV JANS_SOURCE_VERSION=1a86124407fdd8adb9f6360c8210b7e86291212f
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets