Articles in this section
Category / Section

Install Gluu4 with Helm in microk8s

Published:
31 mins read

Helm + Microk8s

  • helm uninstall gluu -n gluu
  • helm uninstall gluu -n sql
  • apt update && apt upgrade -y
  • sudo apt-get install ca-certificates curl
  • sudo install -m 0755 -d /etc/apt/keyrings
  • sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
  • sudo chmod a+r /etc/apt/keyrings/docker.asc
  • echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  • apt update && apt upgrade -y
  • sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  • snap install microk8s --classic
  • snap install helm --classic
  • microk8s.enable community
  • microk8s.enable helm3
  • microk8s.enable storage
  • microk8s.enable ingress
  • microk8s.enable dns
  • microk8s.kubectl create namespace gluu
  • microk8s.kubectl create namespace sql

Is a must for microk8s

  • microk8s.kubectl config view --raw > ~/.kube/config
  • microk8s.kubectl -n gluu create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=yyyy --docker-password=xxxx
  • helm repo add gluu https://gluufederation.github.io/gluu4/pygluu/kubernetes/templates/helm
  • helm install my-release --set auth.password=Test1234#,auth.database=gluu,auth.username=gluu,auth.rootPassword=Test1234# -n sql oci://registry-1.docker.io/bitnamicharts/mysql
  • echo Username: root MYSQL_ROOT_PASSWORD=$(microk8s.kubectl get secret --namespace sql my-release-mysql -o jsonpath="{.data.mysql-root-password}" | base64 -d)
  • microk8s.kubectl run my-release-mysql-client --rm --tty -i --restart='Never' --image docker.io/bitnami/mysql:8.4.4-debian-12-r4 --namespace sql --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash
  • mysql -h my-release-mysql.sql.svc.cluster.local -uroot -p"$MYSQL_ROOT_PASSWORD"
  • Get this “values.yaml”:
      global:
        usrEnvs:
          normal: {}
          secret: {}
        istio:
          ingress: false
          enabled: false
          gateways: []
          namespace: istio-system
          additionalLabels: {}
          additionalAnnotations: {}
        alb:
          ingress:
            enabled: false
            adminUiEnabled: true
            openidConfigEnabled: true
            uma2ConfigEnabled: true
            webfingerEnabled: true
            webdiscoveryEnabled: true
            scimConfigEnabled: false
            scimEnabled: false
            u2fConfigEnabled: true
            fido2Enabled: false
            fido2ConfigEnabled: false
            authServerEnabled: true
            casaEnabled: false
            passportEnabled: true
            shibEnabled: false
            additionalLabels: {}
            additionalAnnotations:
              kubernetes.io/ingress.class: alb
              alb.ingress.kubernetes.io/scheme: internet-facing
              alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxx:certificate/xxxxxx
              alb.ingress.kubernetes.io/auth-session-cookie: custom-cookie
        cloud:
          testEnviroment: true
        upgrade:
          enabled: false
          image:
            repository: gluufederation/upgrade
            tag: 4.5.8-1
          sourceVersion: "4.5"
          targetVersion: "4.5"
        storageClass:
          allowVolumeExpansion: true
          allowedTopologies: []
          mountOptions:
          - debug
          parameters: {}
          provisioner: microk8s.io/hostpath
          reclaimPolicy: Retain
          volumeBindingMode: WaitForFirstConsumer
        gcePdStorageType: pd-standard
        azureStorageAccountType: Standard_LRS
        azureStorageKind: Managed
        casa:
          gluuCustomJavaOptions: ""
        lbIp: 172.31.23.40
        domain: tmpcn2.gluu.info
        isDomainRegistered: "false"
        enableSecurityContextWithNonRegisteredDomain: "true"
        ldapServiceName: opendj
        gluuPersistenceType: sql
        gluuJackrabbitCluster: "false"
        configAdapterName: kubernetes
        configSecretAdapter: kubernetes
        sslCertFromDomain: "false"
        cnGoogleApplicationCredentials: /etc/gluu/conf/google-credentials.json
        cnAwsSharedCredentialsFile: /etc/gluu/conf/aws_shared_credential_file
        cnAwsConfigFile: /etc/gluu/conf/aws_config_file
        cnAwsSecretsReplicaRegionsFile: /etc/gluu/conf/aws_secrets_replica_regions
        oxauth:
          enabled: true
          gluuCustomJavaOptions: ""
          appLoggers:
            enableStdoutLogPrefix: "true"
            authLogTarget: "STDOUT"
            authLogLevel: "INFO"
            httpLogTarget: "FILE"
            httpLogLevel: "INFO"
            persistenceLogTarget: "FILE"
            persistenceLogLevel: "INFO"
            persistenceDurationLogTarget: "FILE"
            persistenceDurationLogLevel: "INFO"
            ldapStatsLogTarget: "FILE"
            ldapStatsLogLevel: "INFO"
            scriptLogTarget: "FILE"
            scriptLogLevel: "INFO"
            auditStatsLogTarget: "FILE"
            auditStatsLogLevel: "INFO"
            cleanerLogTarget: "FILE"
            cleanerLogLevel: "INFO"
        fido2:
          enabled: false
          gluuCustomJavaOptions: ""
          appLoggers:
            enableStdoutLogPrefix: "true"
            fido2LogTarget: "STDOUT"
            fido2LogLevel: "INFO"
            persistenceLogTarget: "FILE"
            persistenceLogLevel: "INFO"
        scim:
          enabled: false
          gluuCustomJavaOptions: ""
          appLoggers:
            enableStdoutLogPrefix: "true"
            scimLogTarget: "STDOUT"
            scimLogLevel: "INFO"
            persistenceLogTarget: "FILE"
            persistenceLogLevel: "INFO"
            persistenceDurationLogTarget: "FILE"
            persistenceDurationLogLevel: "INFO"
            scriptLogTarget: "FILE"
            scriptLogLevel: "INFO"
        config:
          enabled: true
        jobTtlSecondsAfterFinished: 300
        jackrabbit:
          enabled: false
          appLoggers:
            jackrabbitLogTarget: "STDOUT"
            jackrabbitLogLevel: "INFO"
        persistence:
          enabled: true
        oxtrust:
          enabled: true
          gluuCustomJavaOptions: "-XshowSettings:vm -XX:MaxRAMPercentage=80"
          appLoggers:
            enableStdoutLogPrefix: "true"
            oxtrustLogTarget: "STDOUT"
            oxtrustLogLevel: "INFO"
            httpLogTarget: "FILE"
            httpLogLevel: "INFO"
            persistenceLogTarget: "FILE"
            persistenceLogLevel: "INFO"
            persistenceDurationLogTarget: "FILE"
            persistenceDurationLogLevel: "INFO"
            ldapStatsLogTarget: "FILE"
            ldapStatsLogLevel: "INFO"
            scriptLogTarget: "FILE"
            scriptLogLevel: "INFO"
            auditStatsLogTarget: "FILE"
            auditStatsLogLevel: "INFO"
            cleanerLogTarget: "FILE"
            cleanerLogLevel: "INFO"
            velocityLogLevel: "INFO"
            velocityLogTarget: "FILE"
            cacheRefreshLogLevel: "INFO"
            cacheRefreshLogTarget: "FILE"
            cacheRefreshPythonLogLevel: "INFO"
            cacheRefreshPythonLogTarget: "FILE"
            apachehcLogLevel: "INFO"
            apachehcLogTarget: "FILE"
        opendj:
          enabled: false
        oxshibboleth:
          enabled: false
          gluuCustomJavaOptions: ""
          appLoggers:
            enableStdoutLogPrefix: "true"
            idpLogTarget: "STDOUT"
            idpLogLevel: "INFO"
            scriptLogTarget: "FILE"
            scriptLogLevel: "INFO"
            auditStatsLogTarget: "FILE"
            auditStatsLogLevel: "INFO"
            consentAuditLogTarget: "FILE"
            consentAuditLogLevel: "INFO"
            ldapLogLevel: ""
            messagesLogLevel: ""
            encryptionLogLevel: ""
            opensamlLogLevel: ""
            propsLogLevel: ""
            httpclientLogLevel: ""
            springLogLevel: ""
            containerLogLevel: ""
            xmlsecLogLevel: ""
        oxd-server:
          enabled: false
          gluuCustomJavaOptions: ""
          appLoggers:
            oxdServerLogTarget: "STDOUT"
            oxdServerLogLevel: "INFO"
        nginx-ingress:
          enabled: true
        oxauth-key-rotation:
          enabled: true
        cr-rotate:
          enabled: true
      config:
        usrEnvs:
          normal: {}
          secret: {}
        orgName: Gluu
        email: support@gluu.org
        adminPass: P@ssw0rd
        ldapPass: P@ssw0rd
        redisPass: P@assw0rd
        countryCode: US
        state: TX
        city: Austin
        salt: ""
        configmap:
          cnSqlDbSchema: ""
          cnSqlDbDialect: mysql
          cnSqlDbHost: my-release-mysql.sql.svc.cluster.local
          cnSqlDbPort: 3306
          cnSqlDbName: gluu
          cnSqlDbUser: gluu
          cnSqlDbTimezone: UTC
          cnSqlPasswordFile: /etc/gluu/conf/sql_password
          cnSqldbUserPassword: Test1234#
          gluuOxdApplicationCertCn: oxd-server
          gluuOxdAdminCertCn: oxd-server
          gluuCouchbaseCrt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlakNDQW1LZ0F3SUJBZ0lKQUwyem5UWlREUHFNTUEwR0NTcUdTSWIzRFFFQkN3VUFNQzB4S3pBcEJnTlYKQkFNTUlpb3VZMkpuYkhWMUxtUmxabUYxYkhRdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd3d0hoY05NakF3TWpBMQpNRGt4T1RVeFdoY05NekF3TWpBeU1Ea3hPVFV4V2pBdE1Tc3dLUVlEVlFRRERDSXFMbU5pWjJ4MWRTNWtaV1poCmRXeDBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUIKQ2dLQ0FRRUFycmQ5T3lvSnRsVzhnNW5nWlJtL2FKWjJ2eUtubGU3dVFIUEw4Q2RJa1RNdjB0eHZhR1B5UkNQQgo3RE00RTFkLzhMaU5takdZZk41QjZjWjlRUmNCaG1VNmFyUDRKZUZ3c0x0cTFGT3MxaDlmWGo3d3NzcTYrYmlkCjV6Umw3UEE0YmdvOXVkUVRzU1UrWDJUUVRDc0dxVVVPWExrZ3NCMjI0RDNsdkFCbmZOeHcvYnFQa2ZCQTFxVzYKVXpxellMdHN6WE5GY0dQMFhtU3c4WjJuaFhhUGlva2pPT2dyMkMrbVFZK0htQ2xGUWRpd2g2ZjBYR0V0STMrKwoyMStTejdXRkF6RlFBVUp2MHIvZnk4TDRXZzh1YysvalgwTGQrc2NoQTlNQjh3YmJORUp2ZjNMOGZ5QjZ0cTd2CjF4b0FnL0g0S1dJaHdqSEN0dFVnWU1oU0xWV3UrUUlEQVFBQm80R2NNSUdaTUIwR0ExVWREZ1FXQkJTWmQxWU0KVGNIRVZjSENNUmp6ejczZitEVmxxREJkQmdOVkhTTUVWakJVZ0JTWmQxWU1UY0hFVmNIQ01Sanp6NzNmK0RWbApxS0V4cEM4d0xURXJNQ2tHQTFVRUF3d2lLaTVqWW1kc2RYVXVaR1ZtWVhWc2RDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlKQUwyem5UWlREUHFNTUF3R0ExVWRFd1FGTUFNQkFmOHdDd1lEVlIwUEJBUURBZ0VHTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQk9meTVWSHlKZCtWUTBXaUQ1aSs2cmhidGNpSmtFN0YwWVVVZnJ6UFN2YWVFWQp2NElVWStWOC9UNnE4Mk9vVWU1eCtvS2dzbFBsL01nZEg2SW9CRnVtaUFqek14RTdUYUhHcXJ5dk13Qk5IKzB5CnhadG9mSnFXQzhGeUlwTVFHTEs0RVBGd3VHRlJnazZMRGR2ZEN5NVdxWW1MQWdBZVh5VWNaNnlHYkdMTjRPUDUKZTFiaEFiLzRXWXRxRHVydFJrWjNEejlZcis4VWNCVTRLT005OHBZN05aaXFmKzlCZVkvOEhZaVQ2Q0RRWWgyTgoyK0VWRFBHcFE4UkVsRThhN1ZLL29MemlOaXFyRjllNDV1OU1KdjM1ZktmNUJjK2FKdWduTGcwaUZUYmNaT1prCkpuYkUvUENIUDZFWmxLaEFiZUdnendtS1dDbTZTL3g0TklRK2JtMmoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
          gluuCouchbasePass: P@ssw0rd
          gluuCouchbaseSuperUserPass: P@ssw0rd
          gluuCouchbaseSuperUser: admin
          gluuCouchbaseUrl: cbgluu.default.svc.cluster.local
          gluuCouchbaseBucketPrefix: gluu
          gluuCouchbaseUser: gluu
          gluuCouchbaseIndexNumReplica: 0
          gluuCouchbasePassFile: /etc/gluu/conf/couchbase_password
          gluuCouchbaseSuperUserPassFile: /etc/gluu/conf/couchbase_superuser_password
          gluuCouchbaseCertFile: /etc/certs/couchbase.crt
          gluuPersistenceLdapMapping: ''
          gluuCacheType: NATIVE_PERSISTENCE
          gluuSyncShibManifests: false
          gluuSyncCasaManifests: false
          gluuMaxRamPercent: "75.0"
          containerMetadataName: kubernetes
          gluuRedisUrl: redis:6379
          gluuRedisUseSsl: "false"
          gluuRedisType: STANDALONE
          gluuRedisSslTruststore: ""
          gluuRedisSentinelGroup: ""
          gluuOxtrustConfigGeneration: true
          gluuOxtrustBackend: oxtrust:8080
          gluuOxauthBackend: oxauth:8080
          gluuOxdServerUrl: oxd-server:8443
          gluuOxdBindIpAddresses: "*"
          gluuLdapUrl: opendj:1636
          gluuJackrabbitPostgresUser: jackrabbit
          gluuJackrabbitPostgresPasswordFile: /etc/gluu/conf/postgres_password
          gluuJackrabbitPostgresDatabaseName: jackrabbit
          gluuJackrabbitPostgresHost: postgresql.postgres.svc.cluster.local
          gluuJackrabbitPostgresPort: 5432
          gluuJackrabbitAdminId: admin
          gluuJackrabbitAdminPassFile: /etc/gluu/conf/jackrabbit_admin_password
          gluuJackrabbitSyncInterval: 300
          gluuJackrabbitUrl: http://jackrabbit:8080
          gluuJackrabbitAdminIdFile: /etc/gluu/conf/jackrabbit_admin_id
          gluuDocumentStoreType: DB
          cnGoogleServiceAccount: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=
          cnGoogleProjectId: google-project-to-save-config-and-secrets-to
          cnGoogleSpannerInstanceId: ""
          cnGoogleSpannerDatabaseId: ""
          cnGoogleSpannerEmulatorHost: ""
          cnSecretGoogleSecretVersionId: "latest"
          cnSecretGoogleSecretNamePrefix: gluu
          cnAwsAccessKeyId: ""
          cnAwsSecretAccessKey: ""
          cnAwsSecretsEndpointUrl: ""
          cnAwsSecretsNamePrefix: gluu
          cnAwsDefaultRegion: us-west-1
          cnAwsProfile: gluu
          cnAwsSecretsReplicaRegions: []
          lbAddr: ""
          gluuOxtrustApiEnabled: true
          gluuOxtrustApiTestMode: false
          gluuScimProtectionMode: "OAUTH"
          gluuPassportEnabled: true
          gluuPassportFailureRedirectUrl: ""
          gluuCasaEnabled: false
          gluuSamlEnabled: false
          gluuPersistenceType: sql
        image:
          repository: gluufederation/config-init
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        volumes: []
        volumeMounts: []
        lifecycle: {}
        dnsPolicy: ""
        dnsConfig: {}
        migration:
          enabled: false
          migrationDir: /ce-migration
          migrationDataFormat: ldif
        resources:
          limits:
            cpu: 300m
            memory: 300Mi
          requests:
            cpu: 300m
            memory: 300Mi
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
      nginx-ingress:
        certManager:
          certificate:
            enabled: false
            issuerKind: ClusterIssuer
            issuerName: ""
            issuerGroup: cert-manager.io
        ingress:
          enabled: true
          legacy: false
          path: /
          adminUiEnabled: true
          adminUiLabels: {}
          adminUiAdditionalAnnotations: {}
          openidConfigEnabled: true
          openidConfigLabels: {}
          openidAdditionalAnnotations: {}
          deviceCodeEnabled: true
          deviceCodeLabels: {}
          deviceCodeAdditionalAnnotations: {}
          firebaseMessagingEnabled: true
          firebaseMessagingLabels: {}
          firebaseMessagingAdditionalAnnotations: {}
          uma2ConfigEnabled: true
          uma2ConfigLabels: {}
          uma2AdditionalAnnotations: {}
          webfingerEnabled: true
          webfingerLabels: {}
          webfingerAdditionalAnnotations: {}
          webdiscoveryEnabled: true
          webdiscoveryLabels: {}
          webdiscoveryAdditionalAnnotations: {}
          scimConfigEnabled: false
          scimConfigLabels: {}
          scimConfigAdditionalAnnotations: {}
          scimEnabled: false
          scimLabels: {}
          scimAdditionalAnnotations: {}
          u2fConfigEnabled: true
          u2fConfigLabels: {}
          u2fAdditionalAnnotations: {}
          fido2ConfigEnabled: false
          fido2ConfigLabels: {}
          fido2ConfigAdditionalAnnotations: {}
          fido2Enabled: false
          fido2Labels: {}
          authServerEnabled: true
          authServerLabels: {}
          authServerAdditionalAnnotations: {}
          casaEnabled: false
          casaLabels: {}
          casaAdditionalAnnotations: {}
          passportEnabled: true
          passportLabels: {}
          passportAdditionalAnnotations: {}
          shibEnabled: false
          shibLabels: {}
          shibAdditionalAnnotations: {}
          additionalLabels: {}
          additionalAnnotations: {}
          ingressClassName: public
          hosts:
          - tmpcn2.gluu.info
          tls:
          - secretName: tls-certificate # DON'T change
            hosts:
            - tmpcn2.gluu.info
      jackrabbit:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: 1
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/jackrabbit
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: 1
        resources:
          limits:
            cpu: 1500m
            memory: 1000Mi
          requests:
            cpu: 1500m
            memory: 1000Mi
        secrets:
          gluuJackrabbitAdminPass: Test1234#
          gluuJackrabbitPostgresPass: P@ssw0rd
        service:
          jackRabbitServiceName: jackrabbit
          name: http-jackrabbit
          port: 8080
        clusterId: "first"
        storage:
          size: 5Gi
        livenessProbe:
          tcpSocket:
            port: http-jackrabbit
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        readinessProbe:
          tcpSocket:
            port: http-jackrabbit
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
      opendj:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: 1
        backup:
          enabled: true
          cronJobSchedule: "*/59 * * * *"
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/opendj
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        persistence:
          size: ''
        ports:
          tcp-admin:
            nodePort: ""
            port: 4444
            protocol: TCP
            targetPort: 4444
          tcp-ldap:
            nodePort: ""
            port: 1389
            protocol: TCP
            targetPort: 1389
          tcp-ldaps:
            nodePort: ""
            port: 1636
            protocol: TCP
            targetPort: 1636
          tcp-repl:
            nodePort: ""
            port: 8989
            protocol: TCP
            targetPort: 8989
          tcp-serf:
            nodePort: ""
            port: 7946
            protocol: TCP
            targetPort: 7946
          udp-serf:
            nodePort: ""
            port: 7946
            protocol: UDP
            targetPort: 7946
        replicas: ''
        resources:
          limits:
            cpu: 1500m
            memory: 2000Mi
          requests:
            cpu: 1500m
            memory: 2000Mi
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
          failureThreshold: 20
        readinessProbe:
          tcpSocket:
            port: 1636
          initialDelaySeconds: 60
          timeoutSeconds: 5
          periodSeconds: 25
          failureThreshold: 20
        volumes: []
        volumeMounts: []
        lifecycle:
          preStop:
            exec:
              command: ["/bin/sh", "-c", "python3 /app/scripts/deregister_peer.py 1>&/proc/1/fd/1"]
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
        gluuRedisEnabled: false
      persistence:
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/persistence
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        resources:
          limits:
            cpu: 300m
            memory: 300Mi
          requests:
            cpu: 300m
            memory: 300Mi
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
      oxauth:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: "90%"
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/oxauth
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: 1
        resources:
          limits:
            cpu: 2500m
            memory: 2500Mi
          requests:
            cpu: 2500m
            memory: 2500Mi
        service:
          oxAuthServiceName: oxauth
          name: http-oxauth
          port: 8080
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
      oxtrust:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: 1
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/oxtrust
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: 1
        resources:
          limits:
            cpu: 2500m
            memory: 2500Mi
          requests:
            cpu: 2500m
            memory: 2500Mi
        service:
          name: http-oxtrust
          port: 8080
          clusterIp: None
          oxTrustServiceName: oxtrust
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
        istioDestinationRuleCookieTTL: 60s
      fido2:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: "90%"
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/fido2
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: ''
        resources:
          limits:
            cpu: 500m
            memory: 500Mi
          requests:
            cpu: 500m
            memory: 500Mi
        service:
          fido2ServiceName: fido2
          name: http-fido2
          port: 8080
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
      scim:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: "90%"
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/scim
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: ''
        resources:
          limits:
            cpu: 1000m
            memory: 1000Mi
          requests:
            cpu: 1000m
            memory: 1000Mi
        service:
          scimServiceName: scim
          name: http-scim
          port: 8080
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
      oxd-server:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: "90%"
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/oxd-server
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: 1
        resources:
          limits:
            cpu: 1000m
            memory: 400Mi
          requests:
            cpu: 1000m
            memory: 400Mi
        service:
          oxdServerServiceName: oxd-server
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
      casa:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: "90%"
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/casa
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: ''
        resources:
          limits:
            cpu: 500m
            memory: 500Mi
          requests:
            cpu: 500m
            memory: 500Mi
        service:
          casaServiceName: casa
          port: 8080
          name: http-casa
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
        istioDestinationRuleCookieTTL: 60s
      oxpassport:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: "90%"
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: 
          NODE_ENV: production
          NODE_CONFIG_DIR: /opt/gluu/node/passport/config
          NODE_LOGS: /opt/gluu/node/passport/logs
          DEBUG: "*"
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/oxpassport
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: ''
        resources:
          limits:
            cpu: 700m
            memory: 900Mi
          requests:
            cpu: 700m
            memory: 900Mi
        service:
          oxPassportServiceName: oxpassport
          port: 8090
          name: http-passport
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
          failureThreshold: 20
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
          failureThreshold: 20
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
        istioDestinationRuleCookieTTL: 60s
      oxshibboleth:
        topologySpreadConstraints: {}
        pdb:
          enabled: true
          maxUnavailable: 1
        hpa:
          enabled: true
          minReplicas: 1
          maxReplicas: 10
          targetCPUUtilizationPercentage: 50
          metrics: []
          behavior: {}
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/oxshibboleth
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        replicas: ''
        resources:
          limits:
            cpu: 1000m
            memory: 1000Mi
          requests:
            cpu: 1000m
            memory: 1000Mi
        service:
          sessionAffinity: ClientIP
          port: 8080
          oxShibbolethServiceName: oxshibboleth
          name: http-oxshib
        livenessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 30
          periodSeconds: 30
          timeoutSeconds: 5
        readinessProbe:
          exec:
            command:
            - python3
            - /app/scripts/healthcheck.py
          initialDelaySeconds: 25
          periodSeconds: 25
          timeoutSeconds: 5
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
        istioDestinationRuleCookieTTL: 60s
      cr-rotate:
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/cr-rotate
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        resources:
          limits:
            cpu: 200m
            memory: 200Mi
          requests:
            cpu: 200m
            memory: 200Mi
        service:
          crRotateServiceName: cr-rotate
          port: 8084
          name: http-cr-rotate
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
      oxauth-key-rotation:
        usrEnvs:
          normal: {}
          secret: {}
        dnsPolicy: ""
        dnsConfig: {}
        image:
          pullPolicy: IfNotPresent
          repository: gluufederation/certmanager
          tag: 4.5.8-1
          pullSecrets:
          - name: regcred
        cronJobSchedule: ""
        keysLife: 48
        keysStrategy: NEWER
        keysPushDelay: 0
        keysPushStrategy: NEWER
        resources:
          limits:
            cpu: 300m
            memory: 300Mi
          requests:
            cpu: 300m
            memory: 300Mi
        volumes: []
        volumeMounts: []
        lifecycle: {}
        additionalLabels: {}
        additionalAnnotations: {}
        tolerations: []
        affinity: {}
        nodeSelector: {}
        customScripts: []
    
    
    
  • helm -n gluu install gluu gluu/gluu -f values.yaml
  • microk8s.kubectl get pods --all-namespaces
  • microk8s.kubectl logs -f gluu-oxauth-54665db4b-wpb4w --all-containers -n gluu
  • microk8s.kubectl describe pod gluu-oxauth-54665db4b-wpb4w -n gluu
  • microk8s.kubectl logs -f my-release-mysql-0 -n sql
  • microk8s.kubectl describe pod my-release-mysql-0 -n sql
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied