feat: add custom scripts to cn (#613)

* fix: add default lbIP to avoid potential errors during helm install

Example error: spec.template.spec.hostAliases.ip: Invalid value: "": must be valid IP address

* feat: add support for custom scripts in cn

* chore: prepare release 1.8.29

* chore: prepare release 1.8.29

---------

Co-authored-by: moabu <[email protected]>

pygluu/kubernetes/templates/helm/gluu/Chart.yaml

@@ -46,73 +46,73 @@ maintainers:
   email: [email protected]
 description: Gluu Access and Identity Mangement
 name: gluu
-version: 1.8.28
+version: 1.8.29
 
 dependencies:
     - name: config
       condition: global.config.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: opendj
       condition: global.opendj.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: jackrabbit
       condition: global.jackrabbit.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: oxauth
       condition: global.oxauth.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: fido2
       condition: global.fido2.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: scim
       condition: global.scim.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: oxtrust
       condition: global.oxtrust.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: nginx-ingress
       condition: global.nginx-ingress.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: oxshibboleth
       condition: global.oxshibboleth.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: oxpassport
-      version: 1.8.28
+      version: 1.8.29
       condition: config.configmap.gluuPassportEnabled
 
     - name: casa
-      version: 1.8.28
+      version: 1.8.29
       condition: config.configmap.gluuCasaEnabled
 
     - name: oxauth-key-rotation
       condition: global.oxauth-key-rotation.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: cr-rotate
-      version: 1.8.28
+      version: 1.8.29
       condition: global.cr-rotate.enabled
 
     - name: oxd-server
       condition: global.oxd-server.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: persistence
       condition: global.persistence.enabled
-      version: 1.8.28
+      version: 1.8.29
 
     - name: gluu-istio-ingress
       condition: global.istio.ingress
-      version: 1.8.28
+      version: 1.8.29
 
     - name: gluu-alb-ingress
       condition: global.alb.ingress
-      version: 1.8.28
+      version: 1.8.29

pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name: casa
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md

@@ -1,6 +1,6 @@
 # casa
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
 
@@ -29,6 +29,7 @@ Kubernetes: `>=v1.22.0-0`
 | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken |
 | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} |
 | affinity | object | `{}` | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ |
+| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | fullnameOverride | string | `""` |  |

pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/deployment.yaml

@@ -81,14 +81,19 @@ spec:
           env:
             {{- include "casa.usr-envs" . | indent 12 }}
             {{- include "casa.usr-secret-envs" . | indent 12 }}
-          {{- if and (eq .Values.global.isDomainRegistered "false") (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
+          {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }}
           command:
             - /bin/sh
             - -c
             - |
+                {{- with .Values.customScripts }}
+                {{- toYaml . | replace "- " "" | nindent 16}}
+                {{- end }}
+                {{- if and (not .Values.global.isDomainRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
                 /usr/bin/python3 /scripts/updatelbip.py &
+                {{- end}}
                 /app/scripts/entrypoint.sh
-          {{- end }}
+          {{- end}}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: {{ .Values.service.name }}

pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml

@@ -113,3 +113,5 @@ tolerations: []
 # -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
 affinity: {}
 nodeSelector: {}
+# -- Add custom scripts that have been mounted to run before the entrypoint.
+customScripts: []

pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name: config
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: Configuration parameters for setup and initial configuration secret and config layers used by Gluu services.
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/config/README.md

@@ -1,6 +1,6 @@
 # config
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 Configuration parameters for setup and initial configuration secret and config layers used by Gluu services.
 
@@ -102,6 +102,7 @@ Kubernetes: `>=v1.22.0-0`
 | configmap.gluuSyncShibManifests | bool | `false` | Activate manual Shib files sync - depreciated |
 | configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. |
 | countryCode | string | `"US"` | Country code. Used for certificate creation. |
+| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | email | string | `"[email protected]"` | Email address of the administrator usually. Used for certificate creation. |

pygluu/kubernetes/templates/helm/gluu/charts/config/templates/load-init-config.yml

@@ -145,6 +145,9 @@ spec:
           - /bin/sh
           - -c
           - |
+              {{- with .Values.customScripts }}
+              {{- toYaml . | replace "- " "" | nindent 14}}
+              {{- end }}
               {{- if .Values.migration.enabled }}
               /app/scripts/entrypoint.sh migrate --migration-dir {{ .Values.migration.migrationDir | quote }} --data-format {{ .Values.migration.migrationDataFormat | quote }}
               {{- else }}

pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml

@@ -230,3 +230,5 @@ tolerations: []
 # -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
 affinity: {}
 nodeSelector: {}
+# -- Add custom scripts that have been mounted to run before the entrypoint.
+customScripts: []

pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name: cr-rotate
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may become depreciated in 5.0.
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/README.md

@@ -1,6 +1,6 @@
 # cr-rotate
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may become depreciated in 5.0.
 

pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name: fido2
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md

@@ -1,6 +1,6 @@
 # fido2
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
 
@@ -29,6 +29,7 @@ Kubernetes: `>=v1.22.0-0`
 | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken |
 | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} |
 | affinity | object | `{}` | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ |
+| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler |

pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml

@@ -80,7 +80,12 @@ spec:
           - /bin/sh
           - -c
           - |
+              {{- with .Values.customScripts }}
+              {{- toYaml . | replace "- " "" | nindent 14}}
+              {{- end }}
+              {{- if and (not .Values.global.isDomainRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
               /usr/bin/python3 /scripts/updatelbip.py &
+              {{- end}}
               /app/scripts/entrypoint.sh
         {{- end}}
         ports:

pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml

@@ -98,3 +98,5 @@ tolerations: []
 # -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
 affinity: {}
 nodeSelector: {}
+# -- Add custom scripts that have been mounted to run before the entrypoint.
+customScripts: []

pygluu/kubernetes/templates/helm/gluu/charts/gluu-alb-ingress/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name: gluu-alb-ingress
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: Nginx ingress definitions chart
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/gluu-alb-ingress/README.md

@@ -1,6 +1,6 @@
 # gluu-alb-ingress
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 Nginx ingress definitions chart
 

pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name:  gluu-istio-ingress
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: Istio Gateway
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/gluu-istio-ingress/README.md

@@ -1,6 +1,6 @@
 # gluu-istio-ingress
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 Istio Gateway
 

pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name: jackrabbit
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications.
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/README.md

@@ -1,6 +1,6 @@
 # jackrabbit
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications.
 
@@ -31,6 +31,7 @@ Kubernetes: `>=v1.22.0-0`
 | additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
 | affinity | object | `{}` | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ |
 | clusterId | string | `""` | This id needs to be unique to each kubernetes cluster in a multi cluster setup west, east, south, north, region ...etc If left empty it will be randomly generated. |
+| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | fullnameOverride | string | `""` |  |

pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/statefulset.yaml

@@ -98,6 +98,16 @@ spec:
       {{- end }}
       containers:
       - name: {{ include "jackrabbit.name" . }}
+        {{- if .Values.customScripts }}
+        command:
+          - /bin/sh
+          - -c
+          - |
+              {{- with .Values.customScripts }}
+              {{- toYaml . | replace "- " "" | nindent 14}}
+              {{- end }}
+              /app/scripts/entrypoint.sh
+        {{- end}}
         lifecycle:
 {{- toYaml .Values.lifecycle | nindent 10 }}        
         securityContext:

pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/values.yaml

@@ -126,3 +126,5 @@ tolerations: []
 # -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
 affinity: {}
 nodeSelector: {}
+# -- Add custom scripts that have been mounted to run before the entrypoint.
+customScripts: []

pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml

@@ -2,7 +2,7 @@
 # https://www.apache.org/licenses/LICENSE-2.0
 apiVersion: v2
 name: nginx-ingress
-version: 1.8.28
+version: 1.8.29
 kubeVersion: ">=v1.22.0-0"
 description: Nginx ingress definitions chart
 type: application

pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md

@@ -1,6 +1,6 @@
 # nginx-ingress
 
-![Version: 1.8.28](https://img.shields.io/badge/Version-1.8.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
+![Version: 1.8.29](https://img.shields.io/badge/Version-1.8.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square)
 
 Nginx ingress definitions chart
 

pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md

@@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0`
 | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken |
 | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} |
 | affinity | object | `{}` | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ |
+| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | fullnameOverride | string | `""` |  |

pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/statefulset.yaml

@@ -70,6 +70,16 @@ spec:
         fsGroup: 1000
       containers:
       - name: {{ include "opendj.name" $ }}
+        {{- if .Values.customScripts }}
+        command:
+          - /bin/sh
+          - -c
+          - |
+              {{- with .Values.customScripts }}
+              {{- toYaml . | replace "- " "" | nindent 14}}
+              {{- end }}
+              /app/scripts/entrypoint.sh
+        {{- end}}
         lifecycle:
 {{- toYaml .Values.lifecycle | nindent 10 }}
         securityContext:

pygluu/kubernetes/templates/helm/gluu/charts/opendj/values.yaml

@@ -141,3 +141,5 @@ tolerations: []
 # -- https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
 affinity: {}
 nodeSelector: {}
+# -- Add custom scripts that have been mounted to run before the entrypoint.
+customScripts: []

pygluu/kubernetes/templates/helm/gluu/charts/oxauth-key-rotation/README.md

@@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0`
 | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken |
 | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} |
 | affinity | object | `{}` |  |
+| customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |