Home

Authentication

This chart deploys and executes authentication services using gradle run command with build.gradle and application.properties files populated using given value parameters.

Authentication service definition values are typically loaded from a url when calling this chart. The chart also deploys a service accessible within the cluster.

Containers

Init Container

Chart contains an initialization container, which retrieves certifications required.

Main Container

Main container of this chart is a Java based process, which executes actual service and typically has liveness probes enabled.

Configuration

Local Configuration

Chart contains:

  • 1 x config map containing build/execution files mounted on /app/config

  • 1 x environment config map that can be used to add environment variables

  • 1 x secret that can be used to add secret files mounted on /app/secrets

  • 1 x environment secret that can be used to add environment variables

  • 1 x secret that contains keycloak configuration file

Global Configuration

Chart containers also have access to:

  • global-config: Mounted on /app/globalconfig including key-value pairs and extra lines to include in application.properties files

  • global-config-env: A config map that can be used to add environment variables for all namespace deployments

  • global-secrets: Mounted on /app/globalsecrets including key-secret pairs and extra lines to include in application.properties files

  • global-secrets-env: A secret that can be used to add environment variables for all namespace deployments

Configuration

The following table lists the configurable parameters of the Controller-auth chart and their default values.

Parameter
Description
Default

id

unique id of the authentication service

"x"

namespace

namespace to deploy on

"x"

tier

tier annotation to use for deployment

"controller"

unit

unit annotation to use for deployment

"auth"

scope

scope annotation to use for deployment

"admin"

language

language annotation to use for deployment

"java"

image

docker image to use for main container

"gradle:openj9"

cloud

cloud vendor to use for deployment (e.g. gcp, aws)

"TBD"

poolSelector

node pool selector annotation specific to cloud vendor

"TBD"

pool

node pool to deploy on

"admin-gateway-pool"

strategyType

deployment strategy to use

"Recreate"

replicaCount

number of replicas to deploy

1

useProbes

whether main container should use liveness, etc. probes

false

initMemoryRequest

memory request for init container

"256Mi"

initCpuRequest

cpu request for init container

"250m"

initMemoryLimit

memory limit for init container

"512Mi"

initCpuLimit

cpu limit for init container

"500m"

memoryRequest

memory request for main container

"256Mi"

cpuRequest

cpu request for main container

"250m"

memoryLimit

memory limit for main container

"512Mi"

cpuLimit

cpu limit for main container

"500m"

disableMavenCentral

whether gradle should access maven central

false

mavenUrl

url for Rierino maven packages

"https://maven.pkg.github.com/rierino/maven"

rierinoVersion

Rierino package version to deploy

"0.1.1"

application

application name to use

"TBD"

logLevel

logging level for the main container

"ERROR"

port

port to use for web services

0

scheme

scheme to use for web services

"HTTP"

useDiscovery

whether the service should use service discovery to be discoverable

false

consulHost

Consul host (if useDiscovery)

"${dollar}{{rierino.system.consul.main.host}}"

consulPort

Consul port (if useDiscovery)

"${dollar}{{rierino.system.consul.main.port}}"

useCert

whether the service should generate and use a certificate (requires additional parameters)

false

valueLoaderClass

Java class name for key-value lookups

"com.rierino.runner.loader.PropertiesKVLoader"

valueLoaderProperties.path

File path for key-value lookups

"/app/globalconfig/properties"

valueLoaderProperties.dynamic

Whether key-values can change over time

"true"

secretLoaderClass

Java class name for key-secret lookups

"com.rierino.runner.loader.PropertiesKVLoader"

secretLoaderProperties.path

File path for key-secret lookups

"/app/globalsecrets/properties"

secretLoaderProperties.dynamic

Whether key-secrets can change over time

"true"

auth_extra_properties

extra application.properties to include

"# No extra properties"

attemptstoreUri

database uri to store login attempts

"${dollar}{{rierino.system.mongodb.auth.uri}}"

attemptstoreDatabase

database name to store login attempts

"authentication"

kcType

assigned type for keycloak authentications (used in paths/requests)

"user"

kcRoles

default roles for keycloak users

"user"

kcRegister

whether service allows user registration

"false"

kcIdToken

whether service uses id tokens

"false"

kcUrl

keycloak server url

"${{rierino.system.keycloak.main.url}}"

kcResource

keycloak resource name

"TBD"

kcRealm

keycloak realm

"TBD"

kcUser

keycloak user

"TBD"

kcSecret

keycloa user secret

"TBD"

PreviousDeprecatedNextSession

Last updated