From 471e93ed3935cee2f8cccc9e3129ccf59937c368 Mon Sep 17 00:00:00 2001 From: Warren Strange Date: Thu, 11 Jun 2020 20:21:16 +0000 Subject: [PATCH] chore: Remove deprecated helm/ charts The helm charts are no longer supported. refs: CLOUD-2134 --- etc/cloud-build-push-charts.sh | 48 - etc/gke/create-filestore.sh | 18 - etc/gke/prepsql/.helmignore | 21 - etc/gke/prepsql/Chart.yaml | 4 - etc/gke/prepsql/README.md | 11 - etc/gke/prepsql/cloud-sql.sh | 69 - .../activiti.postgres.create.engine.sql | 299 -- .../activiti.postgres.create.history.sql | 151 - .../activiti.postgres.create.identity.sql | 48 - etc/gke/prepsql/scripts/audit.pgsql | 155 - etc/gke/prepsql/scripts/createDb.sh | 34 - etc/gke/prepsql/scripts/createuser.pgsql | 10 - .../scripts/default_schema_optimization.pgsql | 46 - etc/gke/prepsql/scripts/openidm.pgsql | 360 -- etc/gke/prepsql/templates/NOTES.txt | 16 - etc/gke/prepsql/templates/_helpers.tpl | 16 - etc/gke/prepsql/templates/configmap.yaml | 6 - etc/gke/prepsql/templates/job.yaml | 65 - etc/gke/prepsql/values.yaml | 30 - helm/README.md | 140 - helm/amster/.helmignore | 21 - helm/amster/Chart.yaml | 4 - helm/amster/README.md | 5 - helm/amster/makekey.sh | 15 - helm/amster/secrets/authorized_keys | 1 - helm/amster/secrets/id_rsa | 51 - helm/amster/templates/_helpers.tpl | 24 - helm/amster/templates/amster.yaml | 111 - helm/amster/templates/config-map.yaml | 58 - helm/amster/templates/secrets.yaml | 13 - helm/amster/values.yaml | 128 - helm/ds-empty/.helmignore | 21 - helm/ds-empty/Chart.yaml | 4 - helm/ds-empty/README.md | 78 - helm/ds-empty/cfssl.sh | 109 - helm/ds-empty/ds.sh | 8 - helm/ds-empty/secrets/README.md | 6 - helm/ds-empty/secrets/ca-cert.p12 | Bin 1026 -> 0 bytes helm/ds-empty/secrets/ca-keystore.p12 | Bin 4117 -> 0 bytes helm/ds-empty/secrets/cts.ldif | 5 - helm/ds-empty/secrets/dirmanager.pw | 1 - helm/ds-empty/secrets/hsm.conf | 5 - helm/ds-empty/secrets/keystore.pin | 1 - helm/ds-empty/secrets/monitor.pw | 1 - helm/ds-empty/secrets/ssl-keystore.p12 | Bin 4015 -> 0 bytes helm/ds-empty/templates/_helpers.tpl | 28 - helm/ds-empty/templates/configmap.yaml | 12 - helm/ds-empty/templates/ds.yaml | 178 - helm/ds-empty/templates/secrets.yaml | 13 - helm/ds-empty/templates/service.yaml | 26 - helm/ds-empty/values.yaml | 104 - helm/ds/.helmignore | 21 - helm/ds/Chart.yaml | 4 - helm/ds/README.md | 78 - helm/ds/cfssl.sh | 109 - helm/ds/ds.sh | 8 - helm/ds/secrets/README.md | 6 - helm/ds/secrets/ca-cert.p12 | Bin 1026 -> 0 bytes helm/ds/secrets/ca-keystore.p12 | Bin 4117 -> 0 bytes helm/ds/secrets/cts.ldif | 5 - helm/ds/secrets/dirmanager.pw | 1 - helm/ds/secrets/hsm.conf | 5 - helm/ds/secrets/keystore.pin | 1 - helm/ds/secrets/monitor.pw | 1 - helm/ds/secrets/ssl-keystore.p12 | Bin 4015 -> 0 bytes helm/ds/templates/_helpers.tpl | 28 - helm/ds/templates/configmap.yaml | 15 - helm/ds/templates/ds.yaml | 183 - helm/ds/templates/secrets.yaml | 13 - helm/ds/templates/service.yaml | 26 - helm/ds/values.yaml | 118 - helm/dsadmin/.helmignore | 21 - helm/dsadmin/Chart.yaml | 5 - helm/dsadmin/README.md | 29 - helm/dsadmin/dsadmin.sh | 12 - helm/dsadmin/templates/_helpers.tpl | 32 - helm/dsadmin/templates/backup-pv.yaml | 21 - helm/dsadmin/templates/backup-pvc.yaml | 21 - helm/dsadmin/templates/dsadmin.yaml | 65 - helm/dsadmin/templates/gcs-sync.yaml | 40 - helm/dsadmin/templates/s3-sync.yaml | 40 - helm/dsadmin/templates/verify-job.yaml | 77 - helm/dsadmin/values.yaml | 49 - helm/end-user-ui/.helmignore | 21 - helm/end-user-ui/Chart.yaml | 5 - helm/end-user-ui/templates/_helpers.tpl | 41 - helm/end-user-ui/templates/deployment.yaml | 39 - helm/end-user-ui/templates/ingress.yaml | 33 - helm/end-user-ui/templates/service.yaml | 19 - helm/end-user-ui/values.yaml | 29 - helm/forgerock-metrics/.helmignore | 21 - helm/forgerock-metrics/Chart.yaml | 4 - helm/forgerock-metrics/README.md | 257 -- .../dashboards/am-cts-dashboard.json | 1327 ------- .../am-cts-token-reaper-dashboard.json | 992 ----- .../dashboards/am-overview-dashboard.json | 3303 ----------------- .../dashboards/idm-sample-dashboard.json | 1640 -------- .../dashboards/ig-sample-dashboard.json | 448 --- .../dashboards/topology-dashboard.json | 1637 -------- helm/forgerock-metrics/templates/_helpers.tpl | 16 - helm/forgerock-metrics/templates/am.yaml | 54 - .../templates/config-map.yaml | 8 - helm/forgerock-metrics/templates/ds.yaml | 54 - .../templates/fr-alerts.yaml | 138 - helm/forgerock-metrics/templates/idm.yaml | 52 - helm/forgerock-metrics/templates/ig.yaml | 54 - helm/forgerock-metrics/templates/locust.yaml | 54 - .../templates/prometheusrule.yaml | 19 - helm/forgerock-metrics/values.yaml | 61 - helm/frconfig/.helmignore | 21 - helm/frconfig/Chart.yaml | 5 - helm/frconfig/README.md | 65 - helm/frconfig/secrets/ca.crt | 20 - helm/frconfig/secrets/ca.key | 27 - helm/frconfig/secrets/cm.sh | 10 - helm/frconfig/secrets/id_rsa | 3 - helm/frconfig/secrets/openssl-with-ca.cnf | 29 - helm/frconfig/templates/_helpers.tpl | 32 - helm/frconfig/templates/cert-manager.yaml | 46 - helm/frconfig/templates/config-map.yaml | 13 - helm/frconfig/templates/gateway.yaml | 31 - helm/frconfig/templates/secret-platform.yaml | 15 - helm/frconfig/templates/secret.yaml | 13 - helm/frconfig/values.yaml | 37 - helm/gatling-benchmark/.helmignore | 21 - helm/gatling-benchmark/Chart.yaml | 4 - helm/gatling-benchmark/README.md | 87 - helm/gatling-benchmark/get-logs.sh | 6 - helm/gatling-benchmark/templates/_helpers.tpl | 24 - .../templates/config-map.yaml | 28 - helm/gatling-benchmark/templates/gatling.yaml | 97 - helm/gatling-benchmark/templates/ingress.yaml | 21 - .../templates/results-pv.yaml | 17 - .../templates/results-pvc.yaml | 14 - .../templates/results-web.yaml | 60 - helm/gatling-benchmark/templates/service.yaml | 17 - helm/gatling-benchmark/values.yaml | 119 - helm/openam/.helmignore | 5 - helm/openam/Chart.yaml | 3 - helm/openam/README.md | 40 - helm/openam/secrets/.keypass | 1 - helm/openam/secrets/.storepass | 1 - helm/openam/secrets/authorized_keys | 1 - helm/openam/secrets/keypass | 1 - helm/openam/secrets/keystore.jceks | Bin 14914 -> 0 bytes helm/openam/secrets/storepass | 1 - helm/openam/templates/_helpers.tpl | 44 - helm/openam/templates/config-map.yaml | 47 - helm/openam/templates/ingress.yaml | 32 - helm/openam/templates/istio.yaml | 34 - helm/openam/templates/openam-deployment.yaml | 203 - helm/openam/templates/secrets.yaml | 25 - helm/openam/templates/service.yaml | 21 - helm/openam/values.yaml | 148 - helm/openidm/.helmignore | 21 - helm/openidm/Chart.yaml | 4 - helm/openidm/README.md | 40 - helm/openidm/secrets/keystore.jceks | Bin 8109 -> 0 bytes helm/openidm/secrets/realm.properties | 2 - helm/openidm/templates/NOTES.txt | 4 - helm/openidm/templates/_helpers.tpl | 70 - helm/openidm/templates/configmap.yaml | 261 -- helm/openidm/templates/idm.yaml | 173 - helm/openidm/templates/ingress.yaml | 56 - .../templates/openidm-secrets-env.yaml | 11 - helm/openidm/templates/secrets.yaml | 11 - helm/openidm/templates/service.yaml | 22 - helm/openidm/templates/virtual-service.yaml | 41 - helm/openidm/values.yaml | 143 - helm/openig/.helmignore | 21 - helm/openig/Chart.yaml | 4 - helm/openig/templates/NOTES.txt | 19 - helm/openig/templates/_helpers.tpl | 35 - helm/openig/templates/deployment.yaml | 112 - helm/openig/templates/ingress.yaml | 32 - helm/openig/templates/openig-secrets-env.yaml | 9 - helm/openig/templates/service.yaml | 21 - helm/openig/templates/virtual-service.yaml | 22 - helm/openig/values.yaml | 84 - helm/postgres-openidm/Chart.yaml | 9 - helm/postgres-openidm/README.md | 7 - helm/postgres-openidm/sql/01_openidm.sql | 371 -- .../sql/02_default_schema_optimization.sql | 46 - helm/postgres-openidm/sql/03_audit.sql | 155 - .../sql/activiti.postgres.create.engine.sql | 299 -- .../sql/activiti.postgres.create.history.sql | 151 - .../sql/activiti.postgres.create.identity.sql | 48 - .../sql/sample-explicit-managed-user.sql | 33 - helm/postgres-openidm/templates/NOTES.txt | 14 - helm/postgres-openidm/templates/_helpers.tpl | 16 - .../templates/config-map.yaml | 6 - .../templates/deployment.yaml | 93 - helm/postgres-openidm/templates/pvc.yaml | 22 - helm/postgres-openidm/templates/secrets.yaml | 16 - helm/postgres-openidm/templates/svc.yaml | 21 - helm/postgres-openidm/values.yaml | 53 - helm/web/.helmignore | 21 - helm/web/Chart.yaml | 6 - helm/web/README.md | 5 - helm/web/templates/NOTES.txt | 3 - helm/web/templates/_helpers.tpl | 32 - helm/web/templates/configmap.yaml | 28 - helm/web/templates/deployment.yaml | 58 - helm/web/templates/ingress.yaml | 31 - helm/web/templates/service.yaml | 19 - helm/web/templates/virtual-service.yaml | 24 - helm/web/values.yaml | 46 - kustomize/README.md | 12 +- 208 files changed, 4 insertions(+), 18286 deletions(-) delete mode 100755 etc/cloud-build-push-charts.sh delete mode 100644 etc/gke/create-filestore.sh delete mode 100644 etc/gke/prepsql/.helmignore delete mode 100644 etc/gke/prepsql/Chart.yaml delete mode 100644 etc/gke/prepsql/README.md delete mode 100644 etc/gke/prepsql/cloud-sql.sh delete mode 100644 etc/gke/prepsql/scripts/activiti.postgres.create.engine.sql delete mode 100644 etc/gke/prepsql/scripts/activiti.postgres.create.history.sql delete mode 100644 etc/gke/prepsql/scripts/activiti.postgres.create.identity.sql delete mode 100644 etc/gke/prepsql/scripts/audit.pgsql delete mode 100755 etc/gke/prepsql/scripts/createDb.sh delete mode 100644 etc/gke/prepsql/scripts/createuser.pgsql delete mode 100644 etc/gke/prepsql/scripts/default_schema_optimization.pgsql delete mode 100644 etc/gke/prepsql/scripts/openidm.pgsql delete mode 100644 etc/gke/prepsql/templates/NOTES.txt delete mode 100644 etc/gke/prepsql/templates/_helpers.tpl delete mode 100644 etc/gke/prepsql/templates/configmap.yaml delete mode 100644 etc/gke/prepsql/templates/job.yaml delete mode 100644 etc/gke/prepsql/values.yaml delete mode 100644 helm/README.md delete mode 100644 helm/amster/.helmignore delete mode 100755 helm/amster/Chart.yaml delete mode 100644 helm/amster/README.md delete mode 100755 helm/amster/makekey.sh delete mode 100644 helm/amster/secrets/authorized_keys delete mode 100644 helm/amster/secrets/id_rsa delete mode 100644 helm/amster/templates/_helpers.tpl delete mode 100644 helm/amster/templates/amster.yaml delete mode 100644 helm/amster/templates/config-map.yaml delete mode 100644 helm/amster/templates/secrets.yaml delete mode 100644 helm/amster/values.yaml delete mode 100644 helm/ds-empty/.helmignore delete mode 100755 helm/ds-empty/Chart.yaml delete mode 100644 helm/ds-empty/README.md delete mode 100755 helm/ds-empty/cfssl.sh delete mode 100755 helm/ds-empty/ds.sh delete mode 100644 helm/ds-empty/secrets/README.md delete mode 100644 helm/ds-empty/secrets/ca-cert.p12 delete mode 100644 helm/ds-empty/secrets/ca-keystore.p12 delete mode 100644 helm/ds-empty/secrets/cts.ldif delete mode 100644 helm/ds-empty/secrets/dirmanager.pw delete mode 100644 helm/ds-empty/secrets/hsm.conf delete mode 100644 helm/ds-empty/secrets/keystore.pin delete mode 100644 helm/ds-empty/secrets/monitor.pw delete mode 100644 helm/ds-empty/secrets/ssl-keystore.p12 delete mode 100644 helm/ds-empty/templates/_helpers.tpl delete mode 100644 helm/ds-empty/templates/configmap.yaml delete mode 100644 helm/ds-empty/templates/ds.yaml delete mode 100644 helm/ds-empty/templates/secrets.yaml delete mode 100644 helm/ds-empty/templates/service.yaml delete mode 100644 helm/ds-empty/values.yaml delete mode 100644 helm/ds/.helmignore delete mode 100755 helm/ds/Chart.yaml delete mode 100644 helm/ds/README.md delete mode 100755 helm/ds/cfssl.sh delete mode 100755 helm/ds/ds.sh delete mode 100644 helm/ds/secrets/README.md delete mode 100644 helm/ds/secrets/ca-cert.p12 delete mode 100644 helm/ds/secrets/ca-keystore.p12 delete mode 100644 helm/ds/secrets/cts.ldif delete mode 100644 helm/ds/secrets/dirmanager.pw delete mode 100644 helm/ds/secrets/hsm.conf delete mode 100644 helm/ds/secrets/keystore.pin delete mode 100644 helm/ds/secrets/monitor.pw delete mode 100644 helm/ds/secrets/ssl-keystore.p12 delete mode 100644 helm/ds/templates/_helpers.tpl delete mode 100644 helm/ds/templates/configmap.yaml delete mode 100644 helm/ds/templates/ds.yaml delete mode 100644 helm/ds/templates/secrets.yaml delete mode 100644 helm/ds/templates/service.yaml delete mode 100644 helm/ds/values.yaml delete mode 100644 helm/dsadmin/.helmignore delete mode 100644 helm/dsadmin/Chart.yaml delete mode 100644 helm/dsadmin/README.md delete mode 100755 helm/dsadmin/dsadmin.sh delete mode 100644 helm/dsadmin/templates/_helpers.tpl delete mode 100644 helm/dsadmin/templates/backup-pv.yaml delete mode 100644 helm/dsadmin/templates/backup-pvc.yaml delete mode 100644 helm/dsadmin/templates/dsadmin.yaml delete mode 100644 helm/dsadmin/templates/gcs-sync.yaml delete mode 100644 helm/dsadmin/templates/s3-sync.yaml delete mode 100644 helm/dsadmin/templates/verify-job.yaml delete mode 100644 helm/dsadmin/values.yaml delete mode 100644 helm/end-user-ui/.helmignore delete mode 100644 helm/end-user-ui/Chart.yaml delete mode 100644 helm/end-user-ui/templates/_helpers.tpl delete mode 100644 helm/end-user-ui/templates/deployment.yaml delete mode 100644 helm/end-user-ui/templates/ingress.yaml delete mode 100644 helm/end-user-ui/templates/service.yaml delete mode 100644 helm/end-user-ui/values.yaml delete mode 100644 helm/forgerock-metrics/.helmignore delete mode 100644 helm/forgerock-metrics/Chart.yaml delete mode 100644 helm/forgerock-metrics/README.md delete mode 100644 helm/forgerock-metrics/dashboards/am-cts-dashboard.json delete mode 100644 helm/forgerock-metrics/dashboards/am-cts-token-reaper-dashboard.json delete mode 100644 helm/forgerock-metrics/dashboards/am-overview-dashboard.json delete mode 100644 helm/forgerock-metrics/dashboards/idm-sample-dashboard.json delete mode 100644 helm/forgerock-metrics/dashboards/ig-sample-dashboard.json delete mode 100644 helm/forgerock-metrics/dashboards/topology-dashboard.json delete mode 100644 helm/forgerock-metrics/templates/_helpers.tpl delete mode 100644 helm/forgerock-metrics/templates/am.yaml delete mode 100644 helm/forgerock-metrics/templates/config-map.yaml delete mode 100644 helm/forgerock-metrics/templates/ds.yaml delete mode 100644 helm/forgerock-metrics/templates/fr-alerts.yaml delete mode 100644 helm/forgerock-metrics/templates/idm.yaml delete mode 100644 helm/forgerock-metrics/templates/ig.yaml delete mode 100644 helm/forgerock-metrics/templates/locust.yaml delete mode 100644 helm/forgerock-metrics/templates/prometheusrule.yaml delete mode 100644 helm/forgerock-metrics/values.yaml delete mode 100644 helm/frconfig/.helmignore delete mode 100644 helm/frconfig/Chart.yaml delete mode 100644 helm/frconfig/README.md delete mode 100644 helm/frconfig/secrets/ca.crt delete mode 100644 helm/frconfig/secrets/ca.key delete mode 100755 helm/frconfig/secrets/cm.sh delete mode 100644 helm/frconfig/secrets/id_rsa delete mode 100644 helm/frconfig/secrets/openssl-with-ca.cnf delete mode 100644 helm/frconfig/templates/_helpers.tpl delete mode 100644 helm/frconfig/templates/cert-manager.yaml delete mode 100644 helm/frconfig/templates/config-map.yaml delete mode 100644 helm/frconfig/templates/gateway.yaml delete mode 100644 helm/frconfig/templates/secret-platform.yaml delete mode 100644 helm/frconfig/templates/secret.yaml delete mode 100644 helm/frconfig/values.yaml delete mode 100644 helm/gatling-benchmark/.helmignore delete mode 100644 helm/gatling-benchmark/Chart.yaml delete mode 100644 helm/gatling-benchmark/README.md delete mode 100755 helm/gatling-benchmark/get-logs.sh delete mode 100644 helm/gatling-benchmark/templates/_helpers.tpl delete mode 100644 helm/gatling-benchmark/templates/config-map.yaml delete mode 100644 helm/gatling-benchmark/templates/gatling.yaml delete mode 100644 helm/gatling-benchmark/templates/ingress.yaml delete mode 100644 helm/gatling-benchmark/templates/results-pv.yaml delete mode 100644 helm/gatling-benchmark/templates/results-pvc.yaml delete mode 100644 helm/gatling-benchmark/templates/results-web.yaml delete mode 100644 helm/gatling-benchmark/templates/service.yaml delete mode 100644 helm/gatling-benchmark/values.yaml delete mode 100644 helm/openam/.helmignore delete mode 100755 helm/openam/Chart.yaml delete mode 100644 helm/openam/README.md delete mode 100644 helm/openam/secrets/.keypass delete mode 100644 helm/openam/secrets/.storepass delete mode 100644 helm/openam/secrets/authorized_keys delete mode 100644 helm/openam/secrets/keypass delete mode 100644 helm/openam/secrets/keystore.jceks delete mode 100644 helm/openam/secrets/storepass delete mode 100644 helm/openam/templates/_helpers.tpl delete mode 100644 helm/openam/templates/config-map.yaml delete mode 100644 helm/openam/templates/ingress.yaml delete mode 100644 helm/openam/templates/istio.yaml delete mode 100644 helm/openam/templates/openam-deployment.yaml delete mode 100644 helm/openam/templates/secrets.yaml delete mode 100644 helm/openam/templates/service.yaml delete mode 100644 helm/openam/values.yaml delete mode 100644 helm/openidm/.helmignore delete mode 100644 helm/openidm/Chart.yaml delete mode 100644 helm/openidm/README.md delete mode 100644 helm/openidm/secrets/keystore.jceks delete mode 100644 helm/openidm/secrets/realm.properties delete mode 100644 helm/openidm/templates/NOTES.txt delete mode 100644 helm/openidm/templates/_helpers.tpl delete mode 100644 helm/openidm/templates/configmap.yaml delete mode 100644 helm/openidm/templates/idm.yaml delete mode 100644 helm/openidm/templates/ingress.yaml delete mode 100644 helm/openidm/templates/openidm-secrets-env.yaml delete mode 100644 helm/openidm/templates/secrets.yaml delete mode 100644 helm/openidm/templates/service.yaml delete mode 100644 helm/openidm/templates/virtual-service.yaml delete mode 100644 helm/openidm/values.yaml delete mode 100644 helm/openig/.helmignore delete mode 100755 helm/openig/Chart.yaml delete mode 100644 helm/openig/templates/NOTES.txt delete mode 100644 helm/openig/templates/_helpers.tpl delete mode 100644 helm/openig/templates/deployment.yaml delete mode 100644 helm/openig/templates/ingress.yaml delete mode 100644 helm/openig/templates/openig-secrets-env.yaml delete mode 100644 helm/openig/templates/service.yaml delete mode 100644 helm/openig/templates/virtual-service.yaml delete mode 100644 helm/openig/values.yaml delete mode 100644 helm/postgres-openidm/Chart.yaml delete mode 100644 helm/postgres-openidm/README.md delete mode 100644 helm/postgres-openidm/sql/01_openidm.sql delete mode 100644 helm/postgres-openidm/sql/02_default_schema_optimization.sql delete mode 100644 helm/postgres-openidm/sql/03_audit.sql delete mode 100644 helm/postgres-openidm/sql/activiti.postgres.create.engine.sql delete mode 100644 helm/postgres-openidm/sql/activiti.postgres.create.history.sql delete mode 100644 helm/postgres-openidm/sql/activiti.postgres.create.identity.sql delete mode 100644 helm/postgres-openidm/sql/sample-explicit-managed-user.sql delete mode 100644 helm/postgres-openidm/templates/NOTES.txt delete mode 100644 helm/postgres-openidm/templates/_helpers.tpl delete mode 100644 helm/postgres-openidm/templates/config-map.yaml delete mode 100644 helm/postgres-openidm/templates/deployment.yaml delete mode 100644 helm/postgres-openidm/templates/pvc.yaml delete mode 100644 helm/postgres-openidm/templates/secrets.yaml delete mode 100644 helm/postgres-openidm/templates/svc.yaml delete mode 100644 helm/postgres-openidm/values.yaml delete mode 100644 helm/web/.helmignore delete mode 100644 helm/web/Chart.yaml delete mode 100644 helm/web/README.md delete mode 100644 helm/web/templates/NOTES.txt delete mode 100644 helm/web/templates/_helpers.tpl delete mode 100644 helm/web/templates/configmap.yaml delete mode 100644 helm/web/templates/deployment.yaml delete mode 100644 helm/web/templates/ingress.yaml delete mode 100644 helm/web/templates/service.yaml delete mode 100644 helm/web/templates/virtual-service.yaml delete mode 100644 helm/web/values.yaml diff --git a/etc/cloud-build-push-charts.sh b/etc/cloud-build-push-charts.sh deleted file mode 100755 index 3104656fc1..0000000000 --- a/etc/cloud-build-push-charts.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env bash -# Push our charts up to a gs storage bucket for Helm. -# Runs as a cloud build step, so we need to download helm. - -BUCKET=forgerock-charts -URL="https://storage.googleapis.com/forgerock-charts" - -# Where our helm charts are located. -hdir=`pwd`/helm - -# The previous build step downloaded Helm to our working directory. We need to unpack it. -tar xvf helm.tar.gz - -helm=`pwd`/linux-amd64/helm -chmod +x $helm - -$helm init --client-only - -dir=/tmp/charts - -rm -fr $dir -mkdir -p $dir -cd $dir -charts="frconfig ds amster openam openidm openig postgres-openidm web apache-agent" -for chart in $charts -do - echo "Packaging $chart" - $helm dep update --skip-refresh $hdir/$chart - $helm package $hdir/$chart -done - -# include the unsupported sample fr-platform chart along with the others -# $helm package $hdir/../samples/fr-platform - -# Fetch a copy of the existing index. -gsutil cp gs://${BUCKET}/index.yaml . -# Merge the new charts with the existing index. -$helm repo index --url $URL --merge index.yaml . - -# Copy all the charts and index up to our bucket. -gsutil -q -m rsync ./ gs://${BUCKET} - -# Make the charts world readable. -gsutil -q -m acl set -R -a public-read gs://${BUCKET} - -# See https://github.com/kubernetes/helm/issues/2453. -# This makes sure the bucket is not cached (default is to cache https:// objects for 1 hour). -gsutil -q -m setmeta -h "Content-Type:text/html" -h "Cache-Control:private, max-age=0, no-transform" "gs://${BUCKET}/*" diff --git a/etc/gke/create-filestore.sh b/etc/gke/create-filestore.sh deleted file mode 100644 index 9b838dd666..0000000000 --- a/etc/gke/create-filestore.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env bash -# Create a filstore for shared nfs. Currentnly only used for ds backup and restore. -# See https://rimusz.net/how-to-use-google-cloud-filestore-with-gke/ - -# Note the minimum size that you can requet is 1TB . About $200 / month. -gcloud beta filestore instances create nfs \ - --location=us-central1-c --tier=STANDARD \ - --file-share=name="vol1",capacity=1TB \ - --network=name="default",reserved-ip-range="10.0.0.0/29" - -# Save the IP address of the nfs server from above -# Replace with stable/nfs-client-provisioner. See https://github.com/kubernetes/charts/pull/6433/files -helm repo add rimusz https://helm-charts.rimusz.net -helm repo up - - -helm install --name nfs-us-central1-c rimusz/nfs-client-provisioner --namespace nfs-storage \ - --set nfs.server="10.0.0.2" --dry-run --debug \ No newline at end of file diff --git a/etc/gke/prepsql/.helmignore b/etc/gke/prepsql/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/etc/gke/prepsql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/etc/gke/prepsql/Chart.yaml b/etc/gke/prepsql/Chart.yaml deleted file mode 100644 index bf08d6fb8e..0000000000 --- a/etc/gke/prepsql/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Preps a cloud SQL postgres DB for OpenIDM. Run once to prep the database. -name: prepsql -version: 0.1.0 diff --git a/etc/gke/prepsql/README.md b/etc/gke/prepsql/README.md deleted file mode 100644 index d4898dce3c..0000000000 --- a/etc/gke/prepsql/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# prepsql - -This charts prepares a Google Cloud SQL instance to be ready for an IDM deployment. - -You must edit cloud-sql.sh to your requirements. This initial script is run to create the Cloud SQL instance -and the idm user. - -The chart is then deployed, which connects to the database and creates the schema for IDM. - -After the chart runs, you can remove it using `helm delete`. - diff --git a/etc/gke/prepsql/cloud-sql.sh b/etc/gke/prepsql/cloud-sql.sh deleted file mode 100644 index 7bbbcbe888..0000000000 --- a/etc/gke/prepsql/cloud-sql.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/env bash - -# Cloud SQL instance name -INSTANCE=openidm1 - -# User and password used bu IDM to connect to the database. -PROXY_USER="idmuser" -PASSWORD="idmpassword" -#PROXY_USER="openidm" - -# Kube namespace to create the secrets in. -NAMESPACE="default" - -# Password to use for the super user (postgres) account. -PGPASSWORD="postgres" - -# Path to downloaded service account json file. This is a private key -# and should not be checked in to source control. -PROXY_KEY_FILE_PATH="../../../helm/tmp/EngineeringDevOps-pgkey.json" - -# This creates the pg instance. -# For non shared instance types, you must set the CPU cores and memory together. -# CPU sizing - --cpu=1 --memory=3840MiB \ -gcloud sql instances create "${INSTANCE}" \ - --tier db-f1-micro \ - --database-version=POSTGRES_9_6 - -# Set the password for the postgres user. -gcloud sql users set-password postgres no-host --instance="${INSTANCE}" \ - --password="${PGPASSWORD}" - - -# Create a proxy user that can connect to the instance. -gcloud sql users create "${PROXY_USER}" localhost --instance="${INSTANCE}" --password="${PASSWORD}" - -# get instance name -gcloud sql instances describe "${INSTANCE}" - - -kubectl --namespace "${NAMESPACE}" delete secret cloudsql-instance-credentials - -# Create instance secret -kubectl --namespace "${NAMESPACE}" create secret generic cloudsql-instance-credentials \ - --from-file=credentials.json="${PROXY_KEY_FILE_PATH}" - -kubectl --namespace "${NAMESPACE}" delete secret cloudsql-db-credentials - -# Create the proxy user secret -kubectl --namespace "${NAMESPACE}" create secret generic cloudsql-db-credentials \ - --from-literal=username="${PROXY_USER}" --from-literal=password="${PASSWORD}" - -kubectl --namespace "${NAMESPACE}" delete secret cloudsql-postgres-credentials - -# postgres creds are needed to create the proxy user and database. -kubectl --namespace "${NAMESPACE}" create secret generic cloudsql-postgres-credentials \ - --from-literal=password="${PGPASSWORD}" - - -# Sample commands: -# Starting a stopped instance. -# gcloud sql instances patch [INSTANCE_NAME] --activation-policy ALWAYS - - -# Stop an instance. -# gcloud sql instances patch $INSTANCE --activation-policy NEVER - - -# Restart instance. -# gcloud sql instances restart $INSTANCE diff --git a/etc/gke/prepsql/scripts/activiti.postgres.create.engine.sql b/etc/gke/prepsql/scripts/activiti.postgres.create.engine.sql deleted file mode 100644 index 43529a3dfb..0000000000 --- a/etc/gke/prepsql/scripts/activiti.postgres.create.engine.sql +++ /dev/null @@ -1,299 +0,0 @@ -create table ACT_GE_PROPERTY ( - NAME_ varchar(64), - VALUE_ varchar(300), - REV_ integer, - primary key (NAME_) -); - -insert into ACT_GE_PROPERTY -values ('schema.version', '5.15', 1); - -insert into ACT_GE_PROPERTY -values ('schema.history', 'create(5.15)', 1); - -insert into ACT_GE_PROPERTY -values ('next.dbid', '1', 1); - -create table ACT_GE_BYTEARRAY ( - ID_ varchar(64), - REV_ integer, - NAME_ varchar(255), - DEPLOYMENT_ID_ varchar(64), - BYTES_ bytea, - GENERATED_ boolean, - primary key (ID_) -); - -create table ACT_RE_DEPLOYMENT ( - ID_ varchar(64), - NAME_ varchar(255), - CATEGORY_ varchar(255), - TENANT_ID_ varchar(255) default '', - DEPLOY_TIME_ timestamp, - primary key (ID_) -); - -create table ACT_RE_MODEL ( - ID_ varchar(64) not null, - REV_ integer, - NAME_ varchar(255), - KEY_ varchar(255), - CATEGORY_ varchar(255), - CREATE_TIME_ timestamp, - LAST_UPDATE_TIME_ timestamp, - VERSION_ integer, - META_INFO_ varchar(4000), - DEPLOYMENT_ID_ varchar(64), - EDITOR_SOURCE_VALUE_ID_ varchar(64), - EDITOR_SOURCE_EXTRA_VALUE_ID_ varchar(64), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_EXECUTION ( - ID_ varchar(64), - REV_ integer, - PROC_INST_ID_ varchar(64), - BUSINESS_KEY_ varchar(255), - PARENT_ID_ varchar(64), - PROC_DEF_ID_ varchar(64), - SUPER_EXEC_ varchar(64), - ACT_ID_ varchar(255), - IS_ACTIVE_ boolean, - IS_CONCURRENT_ boolean, - IS_SCOPE_ boolean, - IS_EVENT_SCOPE_ boolean, - SUSPENSION_STATE_ integer, - CACHED_ENT_STATE_ integer, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_JOB ( - ID_ varchar(64) NOT NULL, - REV_ integer, - TYPE_ varchar(255) NOT NULL, - LOCK_EXP_TIME_ timestamp, - LOCK_OWNER_ varchar(255), - EXCLUSIVE_ boolean, - EXECUTION_ID_ varchar(64), - PROCESS_INSTANCE_ID_ varchar(64), - PROC_DEF_ID_ varchar(64), - RETRIES_ integer, - EXCEPTION_STACK_ID_ varchar(64), - EXCEPTION_MSG_ varchar(4000), - DUEDATE_ timestamp, - REPEAT_ varchar(255), - HANDLER_TYPE_ varchar(255), - HANDLER_CFG_ varchar(4000), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RE_PROCDEF ( - ID_ varchar(64) NOT NULL, - REV_ integer, - CATEGORY_ varchar(255), - NAME_ varchar(255), - KEY_ varchar(255) NOT NULL, - VERSION_ integer NOT NULL, - DEPLOYMENT_ID_ varchar(64), - RESOURCE_NAME_ varchar(4000), - DGRM_RESOURCE_NAME_ varchar(4000), - DESCRIPTION_ varchar(4000), - HAS_START_FORM_KEY_ boolean, - SUSPENSION_STATE_ integer, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_TASK ( - ID_ varchar(64), - REV_ integer, - EXECUTION_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - PROC_DEF_ID_ varchar(64), - NAME_ varchar(255), - PARENT_TASK_ID_ varchar(64), - DESCRIPTION_ varchar(4000), - TASK_DEF_KEY_ varchar(255), - OWNER_ varchar(255), - ASSIGNEE_ varchar(255), - DELEGATION_ varchar(64), - PRIORITY_ integer, - CREATE_TIME_ timestamp, - DUE_DATE_ timestamp, - CATEGORY_ varchar(255), - SUSPENSION_STATE_ integer, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_IDENTITYLINK ( - ID_ varchar(64), - REV_ integer, - GROUP_ID_ varchar(255), - TYPE_ varchar(255), - USER_ID_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - PROC_DEF_ID_ varchar (64), - primary key (ID_) -); - -create table ACT_RU_VARIABLE ( - ID_ varchar(64) not null, - REV_ integer, - TYPE_ varchar(255) not null, - NAME_ varchar(255) not null, - EXECUTION_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - TASK_ID_ varchar(64), - BYTEARRAY_ID_ varchar(64), - DOUBLE_ double precision, - LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), - primary key (ID_) -); - -create table ACT_RU_EVENT_SUBSCR ( - ID_ varchar(64) not null, - REV_ integer, - EVENT_TYPE_ varchar(255) not null, - EVENT_NAME_ varchar(255), - EXECUTION_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - ACTIVITY_ID_ varchar(64), - CONFIGURATION_ varchar(255), - CREATED_ timestamp not null, - PROC_DEF_ID_ varchar(64), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create index ACT_IDX_EXEC_BUSKEY on ACT_RU_EXECUTION(BUSINESS_KEY_); -create index ACT_IDX_TASK_CREATE on ACT_RU_TASK(CREATE_TIME_); -create index ACT_IDX_IDENT_LNK_USER on ACT_RU_IDENTITYLINK(USER_ID_); -create index ACT_IDX_IDENT_LNK_GROUP on ACT_RU_IDENTITYLINK(GROUP_ID_); -create index ACT_IDX_EVENT_SUBSCR_CONFIG_ on ACT_RU_EVENT_SUBSCR(CONFIGURATION_); -create index ACT_IDX_VARIABLE_TASK_ID on ACT_RU_VARIABLE(TASK_ID_); - -create index ACT_IDX_BYTEAR_DEPL on ACT_GE_BYTEARRAY(DEPLOYMENT_ID_); -alter table ACT_GE_BYTEARRAY - add constraint ACT_FK_BYTEARR_DEPL - foreign key (DEPLOYMENT_ID_) - references ACT_RE_DEPLOYMENT (ID_); - -alter table ACT_RE_PROCDEF - add constraint ACT_UNIQ_PROCDEF - unique (KEY_,VERSION_, TENANT_ID_); - -create index ACT_IDX_EXE_PROCINST on ACT_RU_EXECUTION(PROC_INST_ID_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_EXE_PARENT on ACT_RU_EXECUTION(PARENT_ID_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_PARENT - foreign key (PARENT_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_EXE_SUPER on ACT_RU_EXECUTION(SUPER_EXEC_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_SUPER - foreign key (SUPER_EXEC_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_EXE_PROCDEF on ACT_RU_EXECUTION(PROC_DEF_ID_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_PROCDEF - foreign key (PROC_DEF_ID_) - references ACT_RE_PROCDEF (ID_); - - -create index ACT_IDX_TSKASS_TASK on ACT_RU_IDENTITYLINK(TASK_ID_); -alter table ACT_RU_IDENTITYLINK - add constraint ACT_FK_TSKASS_TASK - foreign key (TASK_ID_) - references ACT_RU_TASK (ID_); - -create index ACT_IDX_ATHRZ_PROCEDEF on ACT_RU_IDENTITYLINK(PROC_DEF_ID_); -alter table ACT_RU_IDENTITYLINK - add constraint ACT_FK_ATHRZ_PROCEDEF - foreign key (PROC_DEF_ID_) - references ACT_RE_PROCDEF (ID_); - -create index ACT_IDX_IDL_PROCINST on ACT_RU_IDENTITYLINK(PROC_INST_ID_); -alter table ACT_RU_IDENTITYLINK - add constraint ACT_FK_IDL_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_TASK_EXEC on ACT_RU_TASK(EXECUTION_ID_); -alter table ACT_RU_TASK - add constraint ACT_FK_TASK_EXE - foreign key (EXECUTION_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_TASK_PROCINST on ACT_RU_TASK(PROC_INST_ID_); -alter table ACT_RU_TASK - add constraint ACT_FK_TASK_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_TASK_PROCDEF on ACT_RU_TASK(PROC_DEF_ID_); -alter table ACT_RU_TASK - add constraint ACT_FK_TASK_PROCDEF - foreign key (PROC_DEF_ID_) - references ACT_RE_PROCDEF (ID_); - -create index ACT_IDX_VAR_EXE on ACT_RU_VARIABLE(EXECUTION_ID_); -alter table ACT_RU_VARIABLE - add constraint ACT_FK_VAR_EXE - foreign key (EXECUTION_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_VAR_PROCINST on ACT_RU_VARIABLE(PROC_INST_ID_); -alter table ACT_RU_VARIABLE - add constraint ACT_FK_VAR_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION(ID_); - -create index ACT_IDX_VAR_BYTEARRAY on ACT_RU_VARIABLE(BYTEARRAY_ID_); -alter table ACT_RU_VARIABLE - add constraint ACT_FK_VAR_BYTEARRAY - foreign key (BYTEARRAY_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_JOB_EXCEPTION on ACT_RU_JOB(EXCEPTION_STACK_ID_); -alter table ACT_RU_JOB - add constraint ACT_FK_JOB_EXCEPTION - foreign key (EXCEPTION_STACK_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_EVENT_SUBSCR on ACT_RU_EVENT_SUBSCR(EXECUTION_ID_); -alter table ACT_RU_EVENT_SUBSCR - add constraint ACT_FK_EVENT_EXEC - foreign key (EXECUTION_ID_) - references ACT_RU_EXECUTION(ID_); - -create index ACT_IDX_MODEL_SOURCE on ACT_RE_MODEL(EDITOR_SOURCE_VALUE_ID_); -alter table ACT_RE_MODEL - add constraint ACT_FK_MODEL_SOURCE - foreign key (EDITOR_SOURCE_VALUE_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_MODEL_SOURCE_EXTRA on ACT_RE_MODEL(EDITOR_SOURCE_EXTRA_VALUE_ID_); -alter table ACT_RE_MODEL - add constraint ACT_FK_MODEL_SOURCE_EXTRA - foreign key (EDITOR_SOURCE_EXTRA_VALUE_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_MODEL_DEPLOYMENT on ACT_RE_MODEL(DEPLOYMENT_ID_); -alter table ACT_RE_MODEL - add constraint ACT_FK_MODEL_DEPLOYMENT - foreign key (DEPLOYMENT_ID_) - references ACT_RE_DEPLOYMENT (ID_); diff --git a/etc/gke/prepsql/scripts/activiti.postgres.create.history.sql b/etc/gke/prepsql/scripts/activiti.postgres.create.history.sql deleted file mode 100644 index b9a458db53..0000000000 --- a/etc/gke/prepsql/scripts/activiti.postgres.create.history.sql +++ /dev/null @@ -1,151 +0,0 @@ -create table ACT_HI_PROCINST ( - ID_ varchar(64) not null, - PROC_INST_ID_ varchar(64) not null, - BUSINESS_KEY_ varchar(255), - PROC_DEF_ID_ varchar(64) not null, - START_TIME_ timestamp not null, - END_TIME_ timestamp, - DURATION_ bigint, - START_USER_ID_ varchar(255), - START_ACT_ID_ varchar(255), - END_ACT_ID_ varchar(255), - SUPER_PROCESS_INSTANCE_ID_ varchar(64), - DELETE_REASON_ varchar(4000), - TENANT_ID_ varchar(255) default '', - primary key (ID_), - unique (PROC_INST_ID_) -); - -create table ACT_HI_ACTINST ( - ID_ varchar(64) not null, - PROC_DEF_ID_ varchar(64) not null, - PROC_INST_ID_ varchar(64) not null, - EXECUTION_ID_ varchar(64) not null, - ACT_ID_ varchar(255) not null, - TASK_ID_ varchar(64), - CALL_PROC_INST_ID_ varchar(64), - ACT_NAME_ varchar(255), - ACT_TYPE_ varchar(255) not null, - ASSIGNEE_ varchar(255), - START_TIME_ timestamp not null, - END_TIME_ timestamp, - DURATION_ bigint, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_HI_TASKINST ( - ID_ varchar(64) not null, - PROC_DEF_ID_ varchar(64), - TASK_DEF_KEY_ varchar(255), - PROC_INST_ID_ varchar(64), - EXECUTION_ID_ varchar(64), - NAME_ varchar(255), - PARENT_TASK_ID_ varchar(64), - DESCRIPTION_ varchar(4000), - OWNER_ varchar(255), - ASSIGNEE_ varchar(255), - START_TIME_ timestamp not null, - CLAIM_TIME_ timestamp, - END_TIME_ timestamp, - DURATION_ bigint, - DELETE_REASON_ varchar(4000), - PRIORITY_ integer, - DUE_DATE_ timestamp, - FORM_KEY_ varchar(255), - CATEGORY_ varchar(255), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_HI_VARINST ( - ID_ varchar(64) not null, - PROC_INST_ID_ varchar(64), - EXECUTION_ID_ varchar(64), - TASK_ID_ varchar(64), - NAME_ varchar(255) not null, - VAR_TYPE_ varchar(100), - REV_ integer, - BYTEARRAY_ID_ varchar(64), - DOUBLE_ double precision, - LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), - CREATE_TIME_ timestamp, - LAST_UPDATED_TIME_ timestamp, - primary key (ID_) -); - -create table ACT_HI_DETAIL ( - ID_ varchar(64) not null, - TYPE_ varchar(255) not null, - PROC_INST_ID_ varchar(64), - EXECUTION_ID_ varchar(64), - TASK_ID_ varchar(64), - ACT_INST_ID_ varchar(64), - NAME_ varchar(255) not null, - VAR_TYPE_ varchar(64), - REV_ integer, - TIME_ timestamp not null, - BYTEARRAY_ID_ varchar(64), - DOUBLE_ double precision, - LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), - primary key (ID_) -); - -create table ACT_HI_COMMENT ( - ID_ varchar(64) not null, - TYPE_ varchar(255), - TIME_ timestamp not null, - USER_ID_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - ACTION_ varchar(255), - MESSAGE_ varchar(4000), - FULL_MSG_ bytea, - primary key (ID_) -); - -create table ACT_HI_ATTACHMENT ( - ID_ varchar(64) not null, - REV_ integer, - USER_ID_ varchar(255), - NAME_ varchar(255), - DESCRIPTION_ varchar(4000), - TYPE_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - URL_ varchar(4000), - CONTENT_ID_ varchar(64), - primary key (ID_) -); - -create table ACT_HI_IDENTITYLINK ( - ID_ varchar(64), - GROUP_ID_ varchar(255), - TYPE_ varchar(255), - USER_ID_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - primary key (ID_) -); - - -create index ACT_IDX_HI_PRO_INST_END on ACT_HI_PROCINST(END_TIME_); -create index ACT_IDX_HI_PRO_I_BUSKEY on ACT_HI_PROCINST(BUSINESS_KEY_); -create index ACT_IDX_HI_ACT_INST_START on ACT_HI_ACTINST(START_TIME_); -create index ACT_IDX_HI_ACT_INST_END on ACT_HI_ACTINST(END_TIME_); -create index ACT_IDX_HI_DETAIL_PROC_INST on ACT_HI_DETAIL(PROC_INST_ID_); -create index ACT_IDX_HI_DETAIL_ACT_INST on ACT_HI_DETAIL(ACT_INST_ID_); -create index ACT_IDX_HI_DETAIL_TIME on ACT_HI_DETAIL(TIME_); -create index ACT_IDX_HI_DETAIL_NAME on ACT_HI_DETAIL(NAME_); -create index ACT_IDX_HI_DETAIL_TASK_ID on ACT_HI_DETAIL(TASK_ID_); -create index ACT_IDX_HI_PROCVAR_PROC_INST on ACT_HI_VARINST(PROC_INST_ID_); -create index ACT_IDX_HI_PROCVAR_NAME_TYPE on ACT_HI_VARINST(NAME_, VAR_TYPE_); -create index ACT_IDX_HI_ACT_INST_PROCINST on ACT_HI_ACTINST(PROC_INST_ID_, ACT_ID_); -create index ACT_IDX_HI_ACT_INST_EXEC on ACT_HI_ACTINST(EXECUTION_ID_, ACT_ID_); -create index ACT_IDX_HI_IDENT_LNK_USER on ACT_HI_IDENTITYLINK(USER_ID_); -create index ACT_IDX_HI_IDENT_LNK_TASK on ACT_HI_IDENTITYLINK(TASK_ID_); -create index ACT_IDX_HI_IDENT_LNK_PROCINST on ACT_HI_IDENTITYLINK(PROC_INST_ID_); \ No newline at end of file diff --git a/etc/gke/prepsql/scripts/activiti.postgres.create.identity.sql b/etc/gke/prepsql/scripts/activiti.postgres.create.identity.sql deleted file mode 100644 index a007e23e72..0000000000 --- a/etc/gke/prepsql/scripts/activiti.postgres.create.identity.sql +++ /dev/null @@ -1,48 +0,0 @@ -create table ACT_ID_GROUP ( - ID_ varchar(64), - REV_ integer, - NAME_ varchar(255), - TYPE_ varchar(255), - primary key (ID_) -); - -create table ACT_ID_MEMBERSHIP ( - USER_ID_ varchar(64), - GROUP_ID_ varchar(64), - primary key (USER_ID_, GROUP_ID_) -); - -create table ACT_ID_USER ( - ID_ varchar(64), - REV_ integer, - FIRST_ varchar(255), - LAST_ varchar(255), - EMAIL_ varchar(255), - PWD_ varchar(255), - PICTURE_ID_ varchar(64), - primary key (ID_) -); - -create table ACT_ID_INFO ( - ID_ varchar(64), - REV_ integer, - USER_ID_ varchar(64), - TYPE_ varchar(64), - KEY_ varchar(255), - VALUE_ varchar(255), - PASSWORD_ bytea, - PARENT_ID_ varchar(255), - primary key (ID_) -); - -create index ACT_IDX_MEMB_GROUP on ACT_ID_MEMBERSHIP(GROUP_ID_); -alter table ACT_ID_MEMBERSHIP - add constraint ACT_FK_MEMB_GROUP - foreign key (GROUP_ID_) - references ACT_ID_GROUP (ID_); - -create index ACT_IDX_MEMB_USER on ACT_ID_MEMBERSHIP(USER_ID_); -alter table ACT_ID_MEMBERSHIP - add constraint ACT_FK_MEMB_USER - foreign key (USER_ID_) - references ACT_ID_USER (ID_); diff --git a/etc/gke/prepsql/scripts/audit.pgsql b/etc/gke/prepsql/scripts/audit.pgsql deleted file mode 100644 index 39e67651c8..0000000000 --- a/etc/gke/prepsql/scripts/audit.pgsql +++ /dev/null @@ -1,155 +0,0 @@ --- ----------------------------------------------------- --- Table openidm.auditauthentication --- ----------------------------------------------------- -CREATE TABLE openidm.auditauthentication ( - objectid VARCHAR(56) NOT NULL, - transactionid VARCHAR(255) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - eventname VARCHAR(50) DEFAULT NULL, - provider VARCHAR(255) DEFAULT NULL, - method VARCHAR(25) DEFAULT NULL, - result VARCHAR(255) DEFAULT NULL, - principals TEXT, - context TEXT, - entries TEXT, - trackingids TEXT, - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditaccess --- ----------------------------------------------------- - -CREATE TABLE openidm.auditaccess ( - objectid VARCHAR(56) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(255), - transactionid VARCHAR(255) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - server_ip VARCHAR(40), - server_port VARCHAR(5), - client_ip VARCHAR(40), - client_port VARCHAR(5), - request_protocol VARCHAR(255) NULL , - request_operation VARCHAR(255) NULL , - request_detail TEXT NULL , - http_request_secure VARCHAR(255) NULL , - http_request_method VARCHAR(255) NULL , - http_request_path VARCHAR(255) NULL , - http_request_queryparameters TEXT NULL , - http_request_headers TEXT NULL , - http_request_cookies TEXT NULL , - http_response_headers TEXT NULL , - response_status VARCHAR(255) NULL , - response_statuscode VARCHAR(255) NULL , - response_elapsedtime VARCHAR(255) NULL , - response_elapsedtimeunits VARCHAR(255) NULL , - response_detail TEXT NULL , - roles TEXT NULL , - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditconfig --- ----------------------------------------------------- - -CREATE TABLE openidm.auditconfig ( - objectid VARCHAR(56) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(255) DEFAULT NULL, - transactionid VARCHAR(255) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - runas VARCHAR(255) DEFAULT NULL, - configobjectid VARCHAR(255) NULL , - operation VARCHAR(255) NULL , - beforeObject TEXT, - afterObject TEXT, - changedfields TEXT DEFAULT NULL, - rev VARCHAR(255) DEFAULT NULL, - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditactivity --- ----------------------------------------------------- - -CREATE TABLE openidm.auditactivity ( - objectid VARCHAR(56) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(255) DEFAULT NULL, - transactionid VARCHAR(255) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - runas VARCHAR(255) DEFAULT NULL, - activityobjectid VARCHAR(255) NULL , - operation VARCHAR(255) NULL , - subjectbefore TEXT, - subjectafter TEXT, - changedfields TEXT DEFAULT NULL, - subjectrev VARCHAR(255) DEFAULT NULL, - passwordchanged VARCHAR(5) DEFAULT NULL, - message TEXT, - provider VARCHAR(255) DEFAULT NULL, - context VARCHAR(25) DEFAULT NULL, - status VARCHAR(20), - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditrecon --- ----------------------------------------------------- - -CREATE TABLE openidm.auditrecon ( - objectid VARCHAR(56) NOT NULL, - transactionid VARCHAR(255) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(50) DEFAULT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - activity VARCHAR(24) DEFAULT NULL, - exceptiondetail TEXT, - linkqualifier VARCHAR(255) DEFAULT NULL, - mapping VARCHAR(511) DEFAULT NULL, - message TEXT, - messagedetail TEXT, - situation VARCHAR(24) DEFAULT NULL, - sourceobjectid VARCHAR(511) DEFAULT NULL, - status VARCHAR(20) DEFAULT NULL, - targetobjectid VARCHAR(511) DEFAULT NULL, - reconciling VARCHAR(12) DEFAULT NULL, - ambiguoustargetobjectids TEXT, - reconaction VARCHAR(36) DEFAULT NULL, - entrytype VARCHAR(7) DEFAULT NULL, - reconid VARCHAR(56) DEFAULT NULL, - PRIMARY KEY (objectid) -); - -CREATE INDEX idx_auditrecon_reconid ON openidm.auditrecon (reconid); -CREATE INDEX idx_auditrecon_entrytype ON openidm.auditrecon (entrytype); - --- ----------------------------------------------------- --- Table openidm.auditsync --- ----------------------------------------------------- - -CREATE TABLE openidm.auditsync ( - objectid VARCHAR(56) NOT NULL, - transactionid VARCHAR(255) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(50) DEFAULT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - activity VARCHAR(24) DEFAULT NULL, - exceptiondetail TEXT, - linkqualifier VARCHAR(255) DEFAULT NULL, - mapping VARCHAR(511) DEFAULT NULL, - message TEXT, - messagedetail TEXT, - situation VARCHAR(24) DEFAULT NULL, - sourceobjectid VARCHAR(511) DEFAULT NULL, - status VARCHAR(20) DEFAULT NULL, - targetobjectid VARCHAR(511) DEFAULT NULL, - PRIMARY KEY (objectid) -); \ No newline at end of file diff --git a/etc/gke/prepsql/scripts/createDb.sh b/etc/gke/prepsql/scripts/createDb.sh deleted file mode 100755 index 41269201a7..0000000000 --- a/etc/gke/prepsql/scripts/createDb.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash -# This script creates the database for the user passed in via the Env vars. - -echo "Create the postgres database for idm user $IDM_USER" -cd /scripts - -# Give the proxy time to start... -sleep 5 - -# Env var PGPASSWORD is set for us to authenticate to Postgres as the super user. -# This creates the IDM user and database -psql --host=localhost --username=postgres --file=createuser.pgsql -v idmuser="${IDM_USER}" -v password=\'"$IDM_PASSWORD"\' - -# save the postgres root password for later. -pgpass=$PGPASSWORD - -# Subsequent psql commands run as idm user created in the previous step. -export PGPASSWORD="$IDM_PASSWORD" - -psql --host=localhost --username="${IDM_USER}" --file=openidm.pgsql - -psql --host=localhost --username="${IDM_USER}" --file=audit.pgsql - -for file in activiti* -do - psql --host=localhost --username="${IDM_USER}" --file=$file -done - -# This has to be run as super user against the database. -export PGPASSWORD=$pgpass - -psql --host=localhost --username=postgres "${IDM_USER}" --file=default_schema_optimization.pgsql - -echo "Database creation finished. You can now remove this job" \ No newline at end of file diff --git a/etc/gke/prepsql/scripts/createuser.pgsql b/etc/gke/prepsql/scripts/createuser.pgsql deleted file mode 100644 index 62cf3ae65f..0000000000 --- a/etc/gke/prepsql/scripts/createuser.pgsql +++ /dev/null @@ -1,10 +0,0 @@ - - - --- Creates the role (user) for this database. -create role :idmuser login password :password; --- Grant permission to postgres so we can create the database owned by this user. -grant :idmuser to postgres; - --- Create the database. A PG instance might have many databases (dev,qa, tenant1, etc.). -create database :idmuser encoding 'utf8' owner :idmuser; diff --git a/etc/gke/prepsql/scripts/default_schema_optimization.pgsql b/etc/gke/prepsql/scripts/default_schema_optimization.pgsql deleted file mode 100644 index 70c40cfffa..0000000000 --- a/etc/gke/prepsql/scripts/default_schema_optimization.pgsql +++ /dev/null @@ -1,46 +0,0 @@ --- This script is optional; run it after you have executed the 'createuser' and 'openidm' scripts. It is designed --- to optimize the performance of the queries used in the default repo.jdbc.json file for PostgreSQL and the default --- schema, along with the default UI. - --- This file has to be executed by a user with SUPERUSER privileges, so that the extension can be created. --- By default this is the 'postgres' user. For example: - --- psql -U postgres openidm < default_schema_optimization.sql - - --- These btree indexes are great for sorting and exact matches. -CREATE UNIQUE INDEX idx_json_managedobjects_userName ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'userName'), objecttypes_id ); -CREATE INDEX idx_json_managedobjects_givenName ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'givenName') ); -CREATE INDEX idx_json_managedobjects_sn ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'sn') ); -CREATE INDEX idx_json_managedobjects_mail ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'mail') ); -CREATE INDEX idx_json_managedobjects_accountStatus ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'accountStatus') ); - --- The PosgreSQL contrib extension 'pg_trgm' is needed to perform fast LIKE queries. Be sure you have installed --- the 'postgresql-contrib' packages necessary to support it. - --- More info here http://www.depesz.com/2011/02/19/waiting-for-9-1-faster-likeilike/ - -create extension pg_trgm; - --- These "gin" indexes are great for performing LIKE operations. Use if you plan on doing --- a lot of these types of queries. Below are some examples you might create if you are --- using the default project schema with the default OpenIDM UI. Only enable these if you --- need to perform the LIKE queries, otherwise you will incur a cost on creation with no --- associated benefit. - -CREATE INDEX idx_json_managedobjects_userName_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'userName') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_givenName_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'givenName') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_sn_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'sn') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_mail_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'mail') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_accountStatus_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'accountStatus') gin_trgm_ops); - diff --git a/etc/gke/prepsql/scripts/openidm.pgsql b/etc/gke/prepsql/scripts/openidm.pgsql deleted file mode 100644 index bd0928dc8b..0000000000 --- a/etc/gke/prepsql/scripts/openidm.pgsql +++ /dev/null @@ -1,360 +0,0 @@ -DROP SCHEMA IF EXISTS openidm CASCADE; --- Assume we are connecting as the IDM user that is invoking this script. --- This is the only change from the default script provided with IDM that assumes the user is "openidm". -CREATE SCHEMA openidm AUTHORIZATION current_user; - --- ----------------------------------------------------- --- Table openidm.objecttpyes --- ----------------------------------------------------- - -CREATE TABLE openidm.objecttypes ( - id BIGSERIAL NOT NULL, - objecttype VARCHAR(255) DEFAULT NULL, - PRIMARY KEY (id), - CONSTRAINT idx_objecttypes_objecttype UNIQUE (objecttype) -); - - - --- ----------------------------------------------------- --- Table openidm.genericobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.genericobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_genericobjects_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT idx_genericobjects_object UNIQUE (objecttypes_id, objectid) -); - - - --- ----------------------------------------------------- --- Table openidm.genericobjectproperties --- ----------------------------------------------------- - -CREATE TABLE openidm.genericobjectproperties ( - genericobjects_id BIGINT NOT NULL, - propkey VARCHAR(255) NOT NULL, - proptype VARCHAR(32) DEFAULT NULL, - propvalue TEXT, - PRIMARY KEY (genericobjects_id, propkey), - CONSTRAINT fk_genericobjectproperties_genericobjects FOREIGN KEY (genericobjects_id) REFERENCES openidm.genericobjects (id) ON DELETE CASCADE ON UPDATE NO ACTION -); -CREATE INDEX fk_genericobjectproperties_genericobjects ON openidm.genericobjectproperties (genericobjects_id); -CREATE INDEX idx_genericobjectproperties_prop ON openidm.genericobjectproperties (propkey,propvalue); - - --- ----------------------------------------------------- --- Table openidm.managedobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.managedobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_managedobjects_objectypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_managedobjects_object ON openidm.managedobjects (objecttypes_id,objectid); --- Note that the next two indices apply only to role objects, as only role objects have a condition or temporalConstraints -CREATE INDEX idx_json_managedobjects_roleCondition ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'condition') ); -CREATE INDEX idx_json_managedobjects_roleTemporalConstraints ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'temporalConstraints') ); - - --- ----------------------------------------------------- --- Table openidm.managedobjectproperties --- ----------------------------------------------------- - -CREATE TABLE openidm.managedobjectproperties ( - managedobjects_id BIGINT NOT NULL, - propkey VARCHAR(255) NOT NULL, - proptype VARCHAR(32) DEFAULT NULL, - propvalue TEXT, - PRIMARY KEY (managedobjects_id, propkey), - CONSTRAINT fk_managedobjectproperties_managedobjects FOREIGN KEY (managedobjects_id) REFERENCES openidm.managedobjects (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE INDEX fk_managedobjectproperties_managedobjects ON openidm.managedobjectproperties (managedobjects_id); -CREATE INDEX idx_managedobjectproperties_prop ON openidm.managedobjectproperties (propkey,propvalue); - - - --- ----------------------------------------------------- --- Table openidm.configobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.configobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_configobjects_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_configobjects_object ON openidm.configobjects (objecttypes_id,objectid); -CREATE INDEX fk_configobjects_objecttypes ON openidm.configobjects (objecttypes_id); - - --- ----------------------------------------------------- --- Table openidm.configobjectproperties --- ----------------------------------------------------- - -CREATE TABLE openidm.configobjectproperties ( - configobjects_id BIGINT NOT NULL, - propkey VARCHAR(255) NOT NULL, - proptype VARCHAR(255) DEFAULT NULL, - propvalue TEXT, - PRIMARY KEY (configobjects_id, propkey), - CONSTRAINT fk_configobjectproperties_configobjects FOREIGN KEY (configobjects_id) REFERENCES openidm.configobjects (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE INDEX fk_configobjectproperties_configobjects ON openidm.configobjectproperties (configobjects_id); -CREATE INDEX idx_configobjectproperties_prop ON openidm.configobjectproperties (propkey,propvalue); - --- ----------------------------------------------------- --- Table openidm.relationships --- ----------------------------------------------------- - -CREATE TABLE openidm.relationships ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - firstresourcecollection VARCHAR(255), - firstresourceid VARCHAR(56), - firstpropertyname VARCHAR(100), - secondresourcecollection VARCHAR(255), - secondresourceid VARCHAR(56), - secondpropertyname VARCHAR(100), - properties JSON, - PRIMARY KEY (id), - CONSTRAINT fk_relationships_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT idx_relationships_object UNIQUE (objecttypes_id, objectid) -); - -CREATE INDEX idx_json_relationships_first ON openidm.relationships ( json_extract_path_text(fullobject, 'firstId'), json_extract_path_text(fullobject, 'firstPropertyName') ); -CREATE INDEX idx_json_relationships_second ON openidm.relationships ( json_extract_path_text(fullobject, 'secondId'), json_extract_path_text(fullobject, 'secondPropertyName') ); -CREATE INDEX idx_json_relationships ON openidm.relationships ( json_extract_path_text(fullobject, 'firstId'), json_extract_path_text(fullobject, 'firstPropertyName'), json_extract_path_text(fullobject, 'secondId'), json_extract_path_text(fullobject, 'secondPropertyName') ); - --- ----------------------------------------------------- --- Table openidm.relationshipproperties (not used in postgres) --- ----------------------------------------------------- - -CREATE TABLE openidm.relationshipproperties ( - relationships_id BIGINT NOT NULL, - propkey VARCHAR(255) NOT NULL, - proptype VARCHAR(32) DEFAULT NULL, - propvalue TEXT, - PRIMARY KEY (relationships_id, propkey), - CONSTRAINT fk_relationshipproperties_relationships FOREIGN KEY (relationships_id) REFERENCES openidm.relationships (id) ON DELETE CASCADE ON UPDATE NO ACTION -); -CREATE INDEX fk_relationshipproperties_relationships ON openidm.relationshipproperties (relationships_id); -CREATE INDEX idx_relationshipproperties_prop ON openidm.relationshipproperties (propkey,propvalue); - - --- ----------------------------------------------------- --- Table openidm.links --- ----------------------------------------------------- - -CREATE TABLE openidm.links ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - linktype VARCHAR(50) NOT NULL, - linkqualifier VARCHAR(50) NOT NULL, - firstid VARCHAR(255) NOT NULL, - secondid VARCHAR(255) NOT NULL, - PRIMARY KEY (objectid) -); - -CREATE UNIQUE INDEX idx_links_first ON openidm.links (linktype, linkqualifier, firstid); -CREATE UNIQUE INDEX idx_links_second ON openidm.links (linktype, linkqualifier, secondid); - - --- ----------------------------------------------------- --- Table openidm.internaluser --- ----------------------------------------------------- - -CREATE TABLE openidm.internaluser ( - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - pwd VARCHAR(510) DEFAULT NULL, - roles VARCHAR(1024) DEFAULT NULL, - PRIMARY KEY (objectid) -); - - --- ----------------------------------------------------- --- Table openidm.internalrole --- ----------------------------------------------------- - -CREATE TABLE openidm.internalrole ( - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - description VARCHAR(510) DEFAULT NULL, - PRIMARY KEY (objectid) -); - - --- ----------------------------------------------------- --- Table openidm.schedulerobjects --- ----------------------------------------------------- -CREATE TABLE openidm.schedulerobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_schedulerobjects_objectypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_schedulerobjects_object ON openidm.schedulerobjects (objecttypes_id,objectid); -CREATE INDEX fk_schedulerobjects_objectypes ON openidm.schedulerobjects (objecttypes_id); - - --- ----------------------------------------------------- --- Table openidm.schedulerobjectproperties --- ----------------------------------------------------- -CREATE TABLE openidm.schedulerobjectproperties ( - schedulerobjects_id BIGINT NOT NULL, - propkey VARCHAR(255) NOT NULL, - proptype VARCHAR(32) DEFAULT NULL, - propvalue TEXT, - PRIMARY KEY (schedulerobjects_id, propkey), - CONSTRAINT fk_schedulerobjectproperties_schedulerobjects FOREIGN KEY (schedulerobjects_id) REFERENCES openidm.schedulerobjects (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE INDEX fk_schedulerobjectproperties_schedulerobjects ON openidm.schedulerobjectproperties (schedulerobjects_id); -CREATE INDEX idx_schedulerobjectproperties_prop ON openidm.schedulerobjectproperties (propkey,propvalue); - - --- ----------------------------------------------------- --- Table openidm.uinotification --- ----------------------------------------------------- -CREATE TABLE openidm.uinotification ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - notificationType VARCHAR(255) NOT NULL, - createDate VARCHAR(255) NOT NULL, - message TEXT NOT NULL, - requester VARCHAR(255) NULL, - receiverId VARCHAR(255) NOT NULL, - requesterId VARCHAR(255) NULL, - notificationSubtype VARCHAR(255) NULL, - PRIMARY KEY (objectid) -); -CREATE INDEX idx_uinotification_receiverId ON openidm.uinotification (receiverId); - - --- ----------------------------------------------------- --- Table openidm.clusterobjects --- ----------------------------------------------------- -CREATE TABLE openidm.clusterobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_clusterobjects_objectypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_clusterobjects_object ON openidm.clusterobjects (objecttypes_id,objectid); -CREATE INDEX fk_clusterobjects_objectypes ON openidm.clusterobjects (objecttypes_id); - - --- ----------------------------------------------------- --- Table openidm.clusterobjectproperties --- ----------------------------------------------------- -CREATE TABLE openidm.clusterobjectproperties ( - clusterobjects_id BIGINT NOT NULL, - propkey VARCHAR(255) NOT NULL, - proptype VARCHAR(32) DEFAULT NULL, - propvalue TEXT, - PRIMARY KEY (clusterobjects_id, propkey), - CONSTRAINT fk_clusterobjectproperties_clusterobjects FOREIGN KEY (clusterobjects_id) REFERENCES openidm.clusterobjects (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE INDEX fk_clusterobjectproperties_clusterobjects ON openidm.clusterobjectproperties (clusterobjects_id); -CREATE INDEX idx_clusterobjectproperties_prop ON openidm.clusterobjectproperties (propkey,propvalue); - --- ----------------------------------------------------- --- Table openidm.clusteredrecontargetids --- ----------------------------------------------------- - -CREATE TABLE openidm.clusteredrecontargetids ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - reconid VARCHAR(255) NOT NULL, - targetids JSON NOT NULL, - PRIMARY KEY (objectid) -); - -CREATE INDEX idx_clusteredrecontargetids_reconid ON openidm.clusteredrecontargetids (reconid); - --- ----------------------------------------------------- --- Table openidm.updateobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.updateobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_updateobjects_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT idx_updateobjects_object UNIQUE (objecttypes_id, objectid) -); - - - --- ----------------------------------------------------- --- Table openidm.updateobjectproperties --- ----------------------------------------------------- - -CREATE TABLE openidm.updateobjectproperties ( - updateobjects_id BIGINT NOT NULL, - propkey VARCHAR(255) NOT NULL, - proptype VARCHAR(32) DEFAULT NULL, - propvalue TEXT, - PRIMARY KEY (updateobjects_id, propkey), - CONSTRAINT fk_updateobjectproperties_updateobjects FOREIGN KEY (updateobjects_id) REFERENCES openidm.updateobjects (id) ON DELETE CASCADE ON UPDATE NO ACTION -); -CREATE INDEX fk_updateobjectproperties_updateobjects ON openidm.updateobjectproperties (updateobjects_id); -CREATE INDEX idx_updateobjectproperties_prop ON openidm.updateobjectproperties (propkey,propvalue); - - --- ----------------------------------------------------- --- Data for table openidm.internaluser --- ----------------------------------------------------- -START TRANSACTION; -INSERT INTO openidm.internaluser (objectid, rev, pwd, roles) VALUES ('openidm-admin', '0', 'openidm-admin', '[ { "_ref" : "repo/internal/role/openidm-admin" }, { "_ref" : "repo/internal/role/openidm-authorized" } ]'); -INSERT INTO openidm.internaluser (objectid, rev, pwd, roles) VALUES ('anonymous', '0', 'anonymous', '[ { "_ref" : "repo/internal/role/openidm-reg" } ]'); - -INSERT INTO openidm.internalrole (objectid, rev, description) -VALUES -('openidm-authorized', '0', 'Basic minimum user'), -('openidm-admin', '0', 'Administrative access'), -('openidm-cert', '0', 'Authenticated via certificate'), -('openidm-tasks-manager', '0', 'Allowed to reassign workflow tasks'), -('openidm-reg', '0', 'Anonymous access'), -('openidm-prometheus', '0', 'Prometheus access'); - -COMMIT; - -CREATE INDEX idx_json_clusterobjects_timestamp ON openidm.clusterobjects ( json_extract_path_text(fullobject, 'timestamp') ); -CREATE INDEX idx_json_clusterobjects_state ON openidm.clusterobjects ( json_extract_path_text(fullobject, 'state') ); diff --git a/etc/gke/prepsql/templates/NOTES.txt b/etc/gke/prepsql/templates/NOTES.txt deleted file mode 100644 index c63742aa13..0000000000 --- a/etc/gke/prepsql/templates/NOTES.txt +++ /dev/null @@ -1,16 +0,0 @@ - -You can tail the psql logs: - -Find the Pod: - -kubectl get pod -ljob-name=pg-prep-db - - -kubectl logs pg-prep-xxxx -c psql -f - - -When the psql job completes, you can remove this chart using helm. - -helm delete --purge {{.Release.Name }} - - diff --git a/etc/gke/prepsql/templates/_helpers.tpl b/etc/gke/prepsql/templates/_helpers.tpl deleted file mode 100644 index f0d83d2edb..0000000000 --- a/etc/gke/prepsql/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/etc/gke/prepsql/templates/configmap.yaml b/etc/gke/prepsql/templates/configmap.yaml deleted file mode 100644 index 740738f9e7..0000000000 --- a/etc/gke/prepsql/templates/configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: pg-scripts -data: -{{ (.Files.Glob "scripts/*").AsConfig| indent 2 }} \ No newline at end of file diff --git a/etc/gke/prepsql/templates/job.yaml b/etc/gke/prepsql/templates/job.yaml deleted file mode 100644 index 2433c8ff53..0000000000 --- a/etc/gke/prepsql/templates/job.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: pg-prep-db -spec: - template: - metadata: - name: pg-prep-db - spec: - terminationGracePeriodSeconds: 5 - containers: - - image: gcr.io/cloudsql-docker/gce-proxy:1.10 - name: proxy - command: ["/cloud_sql_proxy", "--dir=/cloudsql", - "-instances={{ .Values.connectionName }}=tcp:5432", - "-credential_file=/secrets/cloudsql/credentials.json"] - volumeMounts: - - name: cloudsql-instance-credentials - mountPath: /secrets/cloudsql - readOnly: true - - name: ssl-certs - mountPath: /etc/ssl/certs - - name: cloudsql - mountPath: /cloudsql - - name: psql - image: postgres:9.6.3 - volumeMounts: - - name: scripts - mountPath: /scripts - env: - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: cloudsql-postgres-credentials - key: password - - name: IDM_USER - valueFrom: - secretKeyRef: - name: cloudsql-db-credentials - key: username - - name: IDM_PASSWORD - valueFrom: - secretKeyRef: - name: cloudsql-db-credentials - key: password - args: ["sh", "/scripts/createDb.sh"] - restartPolicy: Never - volumes: - - name: cloudsql-instance-credentials - secret: - secretName: cloudsql-instance-credentials - - name: cloudsql-db-credentials - secret: - secretName: cloudsql-db-credentials - - name: cloudsql-postgres-credentials - secret: - secretName: cloudsql-postgres-credentials - - name: scripts - configMap: - name: pg-scripts - - name: ssl-certs - hostPath: - path: /etc/ssl/certs - - name: cloudsql - emptyDir: diff --git a/etc/gke/prepsql/values.yaml b/etc/gke/prepsql/values.yaml deleted file mode 100644 index ff77da9abe..0000000000 --- a/etc/gke/prepsql/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Default values for prepsql. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - - -image: - repository: nginx - tag: stable - pullPolicy: IfNotPresent -service: - name: nginx - type: ClusterIP - externalPort: 80 - internalPort: 80 - - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - #requests: - # cpu: 100m - # memory: 128Mi - - -connectionName: "engineering-devops:us-central1:openidm1" \ No newline at end of file diff --git a/helm/README.md b/helm/README.md deleted file mode 100644 index 5b7f51c7b9..0000000000 --- a/helm/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# Helm Charts - -## Setup - -1) If you have not already done so, install [helm](https://github.com/kubernetes/helm) and other dependencies. - -2) Build your Docker images, or set up access to a registry where those images can be pulled. -The default docker repository and tag names are set in each helm chart in values.yaml. You can -override these in your custom.yaml file. - -*TIP* If you are using minikube, you can docker build images directly to your docker cache, and set the chart policy to -`image.pullPolicy: IfNotPresent` - - -# Configuration - -The configuration used to bootstrap the system comes from a git repository. -The default repository used in the charts is: - -``` -global: - git: - repo: "https://github.com/ForgeRock/forgeops-init.git" - branch: master -``` - -forgeops-init.git has public read-only access. You can clone this repository but you can not write to it. - -If you wish to use your own Git repository based on the forgeops-init repository, -you can fork and clone the forgeops-init repository. See [frconfig/README.md](frconfig/README.md). - - -# Using a private registry - -* If you are using a private registry, see registry.sh. Edit the `~/etc/registry_env` and set -REGISTRY_PASSWORD, REGISTRY_ID and REGISTRY_EMAIL environment variables with your BackStage credentials. -This is needed so that Kubernetes can authenticate to pull images from a private registry. - -If you are using your own private registry you must modify registry.sh with the relevant credentials. - -# Charts - -This directory contains Helm charts for: - -* ds - A chart to deploy one or more DS instances -* amster - A chart to install and configure OpenAM -* openam - A chart for the OpenAM runtime. Assumes OpenAM is -installed already. This can scale up horizontally by increasing the replica count. -* openidm - OpenIDM -* postgres-opendim - Configures a Postgresql repository database for OpenIDM -* openig - OpenIG - - - -# Modifying the Deployment - -Each Helm chart has a values.yaml file that contains default -chart values for things like the Docker image, number of replicas, etc. - You can either edit the charts' values.yaml files, or better yet, create -your own value overrides in a custom.yaml file that override just the values you want to -change. You can then invoke Helm with your custom values. - -For example, -assume your ```custom.yaml`` file sets the DS image tag to "test-4.1". -You can deploy the DS chart using: - -```helm install -f custom.yaml ds``` - -Further documentation can be found in each chart's README.md - -# Namespaces - -By default charts deploy to the `default` namespace in Kubernetes. - -You can deploy multiple product instances in different namespaces and they will not -interfere with each other. For example, you might have 'dev', 'qa', and 'prod' namespaces. - -The default format used for the FQDN is: -{namespace}.{subdomain}.{domain}/{am|idm|ig|openidm} - -subdomain defaults to "iam" - - For example: - - `default.iam.example.com` - -Note that the details of the ingress will depend on the implementation. You may need to modify the ingress definitions. - -# TLS - -All charts default to using TLS (https) for the inbound ingress. - -If you use nginx on minikube, the ingress will default to using the nginx self signed certificate. If you want to use nginx and a "real" SSL certificate you must modify the ingress.yaml in each chart, and provide a TLS secret. - -For istio, we assume a wildcard certificate is obtained for the istio ingress for the entire cluster. -This certificate handles SSL for all namespaces: *.$subdomain.$domain. - -Note: The frconfig chart no longer defaults to enabling cert-manager - as it is not required by default. - -# Notes - -OpenIDM in "development" mode automatically writes out changes to configuration files as they are made in the GUI -console. OpenAM does not do this, but the amster chart includes a script that loops and exports -the configuration every 90 seconds. - -You can use `kubectl exec` to -shell into the container and run the export.sh script. This script will run Amster to export the -current configuration to /git. - - -The default DS deployment uses persistent volume claims (PVC) and -StatefulSets to provide stateful deployment of the data tier. If you -wish to start from scratch you should delete the PVC volumes. -PVCs and StatefulSets are features introduced in Kubernetes 1.5. - -If you are using Minikube take note that host path PVCs get deleted -every time Minikube is restarted. The ds/ chart is a StatefulSet, -and relies on auto provisioning. If you restart Minikube, you may find you -need to re-install OpenAM. - -# Dependencies - -The script `helm/update-deps.sh` will update all of the dependencies. You must run this anytime you change any of the foundational charts (openam, openidm, etc.) - -# Tips - -To connect an LDAP browser to DS running in the cluster, use -port forwarding: - -kubectl port-forward opendj-configstore-0 1389:1389 - - -To see what is going on in Kubernetes try: - -`kubectl get events -w` - -You can also look at the pods, logs, etc. using kubectl, or the GUI dashboard. - -* Run the `minikube ip` command to obtain the IP address of your deployment, and then add an entry in your /etc/hosts file with the IP address and the FQDN an entry for openam.default.example.com. - diff --git a/helm/amster/.helmignore b/helm/amster/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/amster/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/amster/Chart.yaml b/helm/amster/Chart.yaml deleted file mode 100755 index dea6e4cd2a..0000000000 --- a/helm/amster/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Installs / Configures OpenAM using Amster -name: amster -version: 7.0.0 diff --git a/helm/amster/README.md b/helm/amster/README.md deleted file mode 100644 index 4b7652c916..0000000000 --- a/helm/amster/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Amster chart - -Chart that runs amster image in a pod. This chart configures AM, and -can be removed when the installation is complete. Optionally, the pod -can be left running so that you can exec into the container to perform amster exports. diff --git a/helm/amster/makekey.sh b/helm/amster/makekey.sh deleted file mode 100755 index 6e34bbb303..0000000000 --- a/helm/amster/makekey.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# Make SSH key pairs to be used for Amster authentication. -# We pre-create the RSA key pair so that we can mount a known authorizedkey on the OpenAM pod. -# The key alias is not significant to Amster - as long as the private key and authorizedkey (public) match -# up, the alias can be anything. -# added -m PEM because ssh-keygen on mac doesn't create PEM format by default. -ssh-keygen -t rsa -b 4096 -m PEM -C "openam-install@example.com" -f secrets/id_rsa - -# This is just copied as amster also requires a copy of the authorized_keys -cp secrets/id_rsa.pub ../openam/secrets/authorized_keys - -# If you want to tighten up the authorized_keys to an IP range-, use a from option instead: -#key=`cat secrets/id_rsa.pub` -#echo "\"from=\"127.0.0.0/24,::1\" $key" >secrets/authorized_keys -#rm secrets/id_rsa.pub diff --git a/helm/amster/secrets/authorized_keys b/helm/amster/secrets/authorized_keys deleted file mode 100644 index d14bd9eae2..0000000000 --- a/helm/amster/secrets/authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdlgJZRDOHJLXooSGU8G9phJFR4otJQO+3QY7LGNydxwjzcxvz48okUUbSnMa92xwbZIhj4gSOHrEVSSQOQRsKYYq06FQsJUsiGVew0/OqOnPm8jcMsQdWkzUdgyGk6Mcy5sI16KDVPROd+lLwuna1wpDwy6t/JFWHPOjM7zAPD7+iy9XksMgY2cToTH6aeRsArTfjtwNdcPG/jZJceXMPJ4EdEj3rS2umhhFSpYOSbkeIXwz8jizayk40pgTDdhiIwavtziREgbz0cYHMZkW69XtIaVGv/Gi1N8zcfSKHC//0zVHViREUbM+8kt0B+FP6KfNaz3CrWXYgA1u/H4JkUG6tZJOVQ+KmCF9dI07n8MtpDpgCGcQWqBOeUU+jdStxq+cV73aZ2Asw8+4M8zhomPhQj6LdUtH93YQ6JoKeHJoPX/5PDUM7KNK94LANloGkoW3FiE+h0/TiFONomfrP+FkDLjdQZM0JzyytLgUrxvqUW9Y7ZYm/Vjg9HaKnRnLSfT+9Vy2wAwSXLieQ3PRNupUdS5PIEdSSMUyhjsnoRFJLwYA/S1gTlSM49qrHj8NexXzLTkd1XutVL11DFVOD8p8G/oDJZXiM9DpFfZkJmVpFS+GNzYkNFAGJlH1ydL7iNLXEY3H47Q2Ji10kdJXyAguhGPd7xfHMoXjya9ZhFw== openam-install@example.com diff --git a/helm/amster/secrets/id_rsa b/helm/amster/secrets/id_rsa deleted file mode 100644 index ec961cea3a..0000000000 --- a/helm/amster/secrets/id_rsa +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEA3ZYCWUQzhyS16KEhlPBvaYSRUeKLSUDvt0GOyxjcnccI83Mb -8+PKJFFG0pzGvdscG2SIY+IEjh6xFUkkDkEbCmGKtOhULCVLIhlXsNPzqjpz5vI3 -DLEHVpM1HYMhpOjHMubCNeig1T0TnfpS8Lp2tcKQ8MurfyRVhzzozO8wDw+/osvV -5LDIGNnE6Ex+mnkbAK0347cDXXDxv42SXHlzDyeBHRI960trpoYRUqWDkm5HiF8M -/I4s2spONKYEw3YYiMGr7c4kRIG89HGBzGZFuvV7SGlRr/xotTfM3H0ihwv/9M1R -1YkRFGzPvJLdAfhT+inzWs9wq1l2IANbvx+CZFBurWSTlUPipghfXSNO5/DLaQ6Y -AhnEFqgTnlFPo3UrcavnFe92mdgLMPPuDPM4aJj4UI+i3VLR/d2EOiaCnhyaD1/+ -Tw1DOyjSveCwDZaBpKFtxYhPodP04hTjaJn6z/hZAy43UGTNCc8srS4FK8b6lFvW -O2WJv1Y4PR2ip0Zy0n0/vVctsAMEly4nkNz0TbqVHUuTyBHUkjFMoY7J6ERSS8GA -P0tYE5UjOPaqx4/DXsV8y05HdV7rVS9dQxVTg/KfBv6AyWV4jPQ6RX2ZCZlaRUvh -jc2JDRQBiZR9cnS+4jS1xGNx+O0NiYtdJHSV8gILoRj3e8XxzKF48mvWYRcCAwEA -AQKCAgEAu5pLtsQVVC/yi1gQlIbT7OQ+HLPO9WAzFFY+zRjpf/OJUoR8gAq1k/X0 -HlB5uzgNHewJxXcQIDs/9iOMkTzx5eIbi3q/+PhCGkaWhbGNNOx0QG2Fygr/iX7s -k2X4UCR8sk3I09d2g9NIDpJnMkTMSKrIB/aH5gcfGnapKwi/CaFtwCkPmKVLZC7L -lVlePu6VvAbrsLG7+ZqsMl9sMTrp/USW/cP6BIJATCZp+C0Fri4MBhtjZVgCBeMO -P2jn04zizLYcGCRVdGLbVaHcIO/dzaIUlIQGkxcCl5r8qRiQ6QFx3RMQW9fGTCKr -5p3427ghcUWfMZ07aPc/GW9+d9v3id8lLmBgNdupDa62jCiqN6ZpK81YxWGDEjaZ -9qC+2+VPLU7NKmorm/WDkrgsX09NneXimV46EN1sFpZjmGVyoul3o/1AwbAtoY3S -1nWON4br2V+aRP55CmWkh88BfPS5ElCgglxy/7B9JqjiALT2C1vYn6x1mYlR97Gx -Cafm2QdqaXZvLCSIUTyAArfMnAPWzlHSJriPFQRHRe6JJ06h5Ujp4nCUI0+/Gg4t -aS+o0MW9N6Vu8HLNEDuaEvzYqBHErllYgQN1P51foXZvBPfyelIBgYgMRMZsbXTV -QBhu7omQ8lMyqnxfXLJLgNkatanH1QXGVvvNf4nelmKi+fCcAwECggEBAPgZYEid -4ubTrh7Y5B+HcXFzMiRLyY0rP6Dm9+X/OexwUkY43Wyj101CmR6kfVrfQCBIFGJC -8RUOHOHjRnKuUwsstvh7zYX+CjJNEmGV25PN1gl7Q/HAShQittxa+hstfSXbkgkJ -M11DjlDvuA/H65PI1Kak06tLCVwfuvpoZ2dY8HjCE/rpXx9BqXNa+Vthk2dQnwxi -KUcv7U6CLEQww/iCrT2JMNT706Ezqb+soa+sqkLYz3PYrIyCF1CFUmcpz+GrLKNF -ALL1I/z0tC/3nvUMyrH+YsyecMNDK2h/LFrayHwnIDse4GY5EWBHzas+M/ZLcmTN -yZTKWmavLr2IvNcCggEBAOSkfCv54DAph0EMLQnp6se4wuwouBmxhmF3F6D3KQ93 -e1mQBcfwAruno/M5yMCHrYj5BoPlFKH0GhvG09Nfnk8xni3Q0NzScqgMmmVhy9HD -JqxODym9Pu7qA+6a4wwtYKfdOCt+pp1XrQ3cpsM0u3ZOcIVqg7g8U1FIk+MX/hZI -0cOQGHYl5NAVIZuc+CKP/ukoYi699HHV+T69CGXloR0PD8W3yvtWMoxuyrfm0/NY -vYXLLtiNdhgFuEUMrj1vhxmo0BYXG9Wu2XfKdy9PtJIbUe/2gVCeVhHH4I8CZz6E -fopeZE6qcFsqDLhJEKxcgAUlj+M/tPHaPPQNe5QktcECggEAOeDppmc2/PSbJVUh -+v0FCRt/shoAHi/duzLG2GAvaipV903i0ipy2vJTeGOVXvLAKgfGwZmuVmQhds0n -rS9f7jZzRQrUypKWXF/AjwV/4T5e1X1tP2PFpGbo1AVhXZ/CF2fe7L65veM5u0YB -YaUZHzP18B55xvdNarF4VFyw6tpD11gngxyYdVlDJ8csbxYXZj3XrPLlgFb8/Ji/ -rPTXcw1BTx7HRpitKWk9C5tBaRNV8RxVYUhGEM10lPNVYv3NIm9ljX1WiWlJCQUp -WBtjePWP//BBqky4L8Vmxg0NEvEBXn1eNoygexiLJjP6Fh3/z1CQklWz1kNSzavG -sq7IpwKCAQBOGIS1PJ8/tB+Xr0H+/eAMoeYqZeokFIfy6Iuwllt3Bfei6teeqDM2 -x5bvcBBK+sziWTTJfkii3M7CKBKYQzO+lxMRUR7WHie9kLh34oSMvFyMRAlX12UU -k+gN6uecdC9shto1uQfN/HGGp5RqXqudSEOUvoIJPsmynNium7ZVBEBpzOEeEelq -zZzyGxaCL68BEqMelhFVhKGitUyWCW4Tj95ySUnSuWmAoCMr13MTzn7FoVX576+j -muiK5T7qixqZQBj7Qp9mSFfNW+GDznS95wkArrESyVJatmvUTRzYtMbIGl+mov7H -lMBNfd9tEBdGKsNP+qWiakmhjq1kN3nBAoIBAFVm+vpXDaSprYF2MqJrUwXVknKV -ZsxHUyNkpx1/89S9oqAovuDkEzma/wSUWp72yJRXHE/ZuBHq7xh/cLSq1nx4q4MH -eV0xED9gpHVBKMP7IrM024NcYDxvWx6UjWEJVmd1YEzV4RrxEjhOlvuS9GV53gPU -2UUSWWh/wR3JsBVjgp2EfE6znYwcJV072Egj4561XrotaA5bnu+x1ikzeCCM5y6j -A4sdiFT5cacnhebkMumwIfA7n/1K6CgEvTK881X8nR6BcCW5kl9Zij87a/qas+9x -Csu1Oz//qxRBYixg9hKKbe4wD1MjnEt3chCqPn/kH/D10COm4TaTxKokvCQ= ------END RSA PRIVATE KEY----- diff --git a/helm/amster/templates/_helpers.tpl b/helm/amster/templates/_helpers.tpl deleted file mode 100644 index 885fb8e55f..0000000000 --- a/helm/amster/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 24 characters because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* OpenAM FQDN - if it is not explicity set, generate it */}} -{{- define "fqdn" -}} -{{- if .Values.fqdn }}{{- printf "%s" .Values.fqdn -}} -{{- else -}} -{{- printf "%s.%s.%s" .Release.Namespace .Values.subdomain .Values.domain -}} -{{- end -}} -{{- end -}} diff --git a/helm/amster/templates/amster.yaml b/helm/amster/templates/amster.yaml deleted file mode 100644 index ad7109c6ba..0000000000 --- a/helm/amster/templates/amster.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. All rights reserved. -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: amster - labels: - name: amster - app: {{ template "fullname" . }} - vendor: forgerock - component: amster - release: {{ .Release.Name }} - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} -spec: - replicas: 1 - template: - metadata: - labels: - app: {{ template "fullname" . }} - component: {{ .Values.component }} - spec: - terminationGracePeriodSeconds: 5 - {{- with .Values.serviceAccountName }} - serviceAccountName: {{ . }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: -{{ toYaml . | trim | indent 8 }} - {{- end }} - {{ if eq .Values.config.strategy "git" -}} - initContainers: - - name: git-init - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - args: ["init"] - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - {{- end }} - containers: - - name: amster - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: amster-{{ .Release.Name }} - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - - secretRef: - name: {{ default "frconfig" .Values.config.name }}-platform - env: - - name: OPENAM_INSTANCE - value: {{ .Values.serverBase }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: IDREPO_STORES - value: userstore-0:1389 - volumeMounts: - {{ if eq .Values.config.strategy "git" -}} - - name: git - mountPath: /git - {{- end }} - # The ssh key for Amster authN - - name: amster-secrets - mountPath: /var/run/secrets/amster - readOnly: true - # The Amster scripts - not configuration. - - name: scripts - mountPath: /opt/amster/scripts - args: ["configure", "sync"] - resources: -{{ toYaml .Values.resources | indent 12 }} - {{ if eq .Values.config.strategy "git" -}} - - name: git - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: [ "pause"] - {{ end }} - volumes: - - name: amster-secrets - secret: - secretName: amster-secrets - - name: scripts - configMap: - name: amster-config - # the amster and git pods share access to this volume - {{ if eq .Values.config.strategy "git" -}} - - name: git - emptyDir: {} - - name: git-secret - secret: - secretName: {{ default "frconfig" .Values.config.name }} - {{- end }} diff --git a/helm/amster/templates/config-map.yaml b/helm/amster/templates/config-map.yaml deleted file mode 100644 index 69729ff318..0000000000 --- a/helm/amster/templates/config-map.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: amster-config -data: - 00_install.amster: | - install-openam \ - --serverUrl {{ .Values.serverBase }}/am \ - --authorizedKey /var/run/secrets/amster/authorized_keys \ - --cookieDomain {{.Values.domain }} \ - --adminPwd {{ if .Values.amadminPassword }}{{ .Values.amadminPassword }}{{ else }}{{ randAlphaNum 10 | quote }}{{end}} \ - --cfgStore {{ .Values.configStore.type }} \ - {{ if eq .Values.configStore.type "dirServer" -}} - --cfgStoreHost {{.Values.configStore.host }} \ - --cfgStoreDirMgr {{.Values.configStore.dirManager }} \ - --cfgStoreDirMgrPwd {{.Values.configStore.password }} \ - --cfgStorePort {{.Values.configStore.port }} \ - --cfgStoreRootSuffix {{ .Values.configStore.suffix }} \ - --userStoreDirMgr "{{ .Values.userStore.dirManager }}" \ - --userStoreDirMgrPwd {{ .Values.userStore.password }} \ - --userStoreHost {{ .Values.userStore.host }} \ - --userStorePort {{ .Values.userStore.port }} \ - --userStoreRootSuffix {{ .Values.userStore.suffix }} \ - --userStoreType {{ .Values.userStore.storeType }} \ - {{ end -}} - --policyAgentPwd {{ if .Values.policyAgentPassword }}{{ .Values.policyAgentPassword }}{{ else }}{{ randAlphaNum 10 | quote }}{{end}} \ - --pwdEncKey {{ if .Values.encryptionKey}}{{ .Values.encryptionKey }}{{ else }}{{ randAlphaNum 10 | quote }}{{end}} \ - --acceptLicense \ - --lbSiteName site1 \ - --lbPrimaryUrl https://{{ .Release.Namespace }}.{{ .Values.subdomain }}.{{ .Values.domain }}/am \ - --cfgDir /home/forgerock/openam - :exit - 01_import.amster: | - connect {{ .Values.serverBase }}/am -k /var/run/secrets/amster/id_rsa -{{- range $name, $value := .Values.variables }} - {{ $name }} = {{ $value | quote }} -{{- end}} - import-config --path {{ .Values.config.importPath }} --clean {{.Values.amsterClean }} - :exit -{{- range $name, $script := .Values.scripts }} - {{ $name }}: |- -{{ $script | indent 4 }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: amster-{{ .Release.Name }} -data: - EXPORT_PATH: {{ default .Values.config.importPath .Values.config.exportPath }} - CONFIG_PATH: "{{ .Values.config.importPath }}" - CTS_STORES: {{ default "ctsstore-0.ctsstore:1389" .Values.ctsStores }} - CTS_PASSWORD: {{ default "password" .Values.ctsPassword }} - FQDN: {{ template "fqdn" . }} - PROMETHEUS_PASSWORD: "{{ .Values.prometheusPassword }}" - AMADMIN_PASSWORD_HASHED: "{{ .Values.amadminPasswordHashed }}" - DOMAIN: {{ .Values.domain }} - COOKIE_DOMAIN: {{ trimPrefix "." .Values.domain }} diff --git a/helm/amster/templates/secrets.yaml b/helm/amster/templates/secrets.yaml deleted file mode 100644 index 25873548ac..0000000000 --- a/helm/amster/templates/secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Secrets for OpenAM stack deployment. -# Note that secret vals are base64-encoded. -# The base64-encoded value of 'password' is 'cGFzc3dvcmQ='. -# Watch for trailing \n when you encode! -apiVersion: v1 -kind: Secret -metadata: - name: amster-secrets -type: Opaque -data: -{{ (.Files.Glob "secrets/*").AsSecrets| indent 2 }} diff --git a/helm/amster/values.yaml b/helm/amster/values.yaml deleted file mode 100644 index 9a6e81f0eb..0000000000 --- a/helm/amster/values.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright (c) 2016-2019 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file - - -component: amster - -# Server base URL *within* the Kubernetes cluster - not the external LB URL. -# No /openam appended here. -serverBase: http://openam:80 - - -# The top level domain. This excludes the openam component. -domain: example.com -subdomain: iam - -# Default install passwords. -# If these are not set (example: helm install --set amadminPassword=foo amster) a random password -# will be generated. The password can viewed using: -# kubectl get configmaps amster-config -o yaml -# You may wish to delete this configmap once you have saved the passwords. -apiVersion: v1 -# amadminPassword: password -# encryptionKey: "123456789012" -# policyAgentPassword: Passw0rd -prometheusPassword: prometheus - - -config: - # Name of the configMap that holds the configuration repository URL and of - # the secret required to access it. - name: frconfig - # The path where we import the configuration from. Your git repo will usually be mounted on /git/config. - importPath: /git/config/6.5/default/am/empty-import - # Where we perform export to. If not set, this defaults to the importPath - #exportPath: /tmp/amster - # strategy defines how products get their configuration . - # Using the git strategy, each helm chart pulls the configuration from git using an init container. - # If strategy is set to anything other than git (e.g. file), it is assumed some other process will make - # files available to the container (baked in to the docker image, or provided by skaffold, etc.) - strategy: git - -image: - repository: gcr.io/forgerock-io/amster/pit1 - tag: 7.0.0-09d8c60c905dfc6b3fa46acef2785ccf91311865 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -gitImage: - repository: gcr.io/forgerock-io/git - tag: 6.5.1 - pullPolicy: Always - -configStore: - # type can be dirServer or embedded. Only dirServer is supported - type: dirServer - # If type is set to embedded, the attributes below are ignored. - #suffix: "dc=openam,dc=forgerock,dc=org" - suffix: "ou=am-config" - # This is the first StatefulSet name of the configstore: - host: configstore-0.configstore - port: 1389 - dirManager: "uid=am-config,ou=admins,ou=am-config" - adminPort: 4444 - password: password - -# By default, userstore points to configstore - which is default -# place for users when empty-import config is used. -userStore: - suffix: "ou=identities" - host: userstore-0.userstore - port: 1389 - dirManager: "uid=admin" - password: "password" - storeType: "LDAPv3ForOpenDS" - -# determines if '--clean true' is used for the import-config. -# suggest this is 'true' if importing a complete configuration -# and set to 'false' if importing partial/incremental configurations -amsterClean: false - -# For production set CPU limits to help Kube Schedule the pods. -resources: - limits: - memory: 1080Mi - requests: - memory: 1080Mi - -# Optional value overrides - -# fqdn - the openam server external fqdn. -# If this is *not* set, it defaults to {namespace}{subdomain}{domain} -#fqdn: login.acme.com - -# ctsStores - is a csv separated list of avaiable cts servers. This is referenced in the amster configuration as &{ctsStores} on -# import. -#ctsStores: ctsstore-0.ctsstore:1389 - -# ctsPassword - defaults to "password" -#ctsPassword: password - - -istio: - enabled: false - -# Amster scripts -# -# You can set your own amster scripts here. They will be run in alphabetical order when the Amster pod detects an unconfigured AM. -# You can list amster commands or invoke other scripts - it is good practice to keep your Amster scripts in version control: -# e.g.: -# -# scripts: -# 02_my_script: |- -# delete LdapModule --realm / --id LDAP -# delete HotpModule --realm / --id HOTP -# 03_invoke_other_scripts: |- -# :load /git/config/scripts/do_stuff.amster - -scripts: {} - -# Amster variables -# -# If there are extra variables you need to pass to amster to be used as property expressions, you can add them here. -# As with ForgeRock common expression syntax, values should be expressed in the form `myPropertyName` and will then -# be available in Amster import files using the expression `&{my.property.name}`. - -variables: {} - -# serviceAccountName: my-amster-serviceaccount diff --git a/helm/ds-empty/.helmignore b/helm/ds-empty/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/ds-empty/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/ds-empty/Chart.yaml b/helm/ds-empty/Chart.yaml deleted file mode 100755 index 1e0f7325af..0000000000 --- a/helm/ds-empty/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Deploy a DS server -name: ds -version: 7.0.0 diff --git a/helm/ds-empty/README.md b/helm/ds-empty/README.md deleted file mode 100644 index 2c6e79d6b2..0000000000 --- a/helm/ds-empty/README.md +++ /dev/null @@ -1,78 +0,0 @@ -# ForgeRock Directory Services Helm chart - -Deploy one or more ForgeRock Directory Server instances using Persistent disk claims -and StatefulSets. - -## Sample Usage - -To deploy to a Kubernetes cluster: - -`helm install --set "instance=userstore" ds` - -This will install a sample DS userstore. - -The instance will be available in the cluster as userstore-0. - -If you wish to connect an ldap browser on your local machine to this instance, you can use: - -`kubectl port-forward userstore-0 1389:1389` - -And open up a connection to ldap://localhost:1389 - -The default password is "password". - -## Persistent Disks - -The statefulset uses a Persistent volume claim template to allocate storage for each directory server pod. Persistent volume claims are not deleted when the statefulset is deleted. In other words, performing a `helm delete ds-release` will *not* delete the underlying storage. If you want to reclaim the storage, delete the PVC: - -```bash -kubectl get pvc -kubectl delete pvc userstore-0 -``` - -## Values.yaml - -Please refer to values.yaml. There are a number of variables you can set on the helm command line, or -in your own custom.yaml to control the behavior of the deployment. The features described below -are all controlled by variables in values.yaml. - -## Diagnostics and Troubleshooting - -Use kubectl exec to get a shell into the running container. For example: - -`kubectl exec userstore-0 -it bash` - -There are a number of utility scripts found under `/opt/opendj/scripts`, as well as the -directory server commands in `/opt/opendj/bin`. - -use kubectl logs to see the pod logs. - -`kubectl logs userstore-0 -f` - -## Scaling and replication - -To scale a deployment set the number of replicas in values.yaml. See values.yaml -for the various options. Each node in the statefulset is a combined directory and replication server. Note that the topology of the set can not be changed after installation by scaling the statefulset. You can not add or remove ds nodes without reinitializing the cluster from scratch or from a backup. The desired number of ds/rs instances should be planned in advance. - - -## Backup - -If backup is enabled, each pod in the statefulset mounts a shared backup - volume claim (PVC) on bak/. This PVC holds the contents of the backups. You must size this PVC according -to the amount of backup data you wish to retain. Old backups must be purged manually. The backup pvc must -be an ReadWriteMany volume type (like NFS, for example). - -A backup can be initiated manually by execing into the image and running the scripts/backup.sh command. For example: - -`kubectl exec userstore-0 -it bash` -`./scripts/backup.sh` - -The backups can be listed using `scripts/list-backup.sh` - -## Restore - -The chart can restore the state of the directory from a previous backup. Set the value restore.enabled=true on deployment. The restore process will not overwrite a data/ pvc that contains data. - -## Benchmarking - -If you are benchmarking on a cloud provider make sure you use an SSD storage class as the directory is very sensitive to disk performance. diff --git a/helm/ds-empty/cfssl.sh b/helm/ds-empty/cfssl.sh deleted file mode 100755 index 4e69baa9d8..0000000000 --- a/helm/ds-empty/cfssl.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/env bash -# Sample script to create a self signed CA using cfssl, and create -# server certs for DS that are signed by this CA. -# Used cfssl https://github.com/cloudflare/cfssl -# On Mac OS you can install using brew install cfssl. - - -# Where we store the CA certificates. If you retain this CA you can generate -# future DS certs signed by the same CA. -CA_HOME=~/etc/ca - -SSL_CERT_ALIAS=opendj-ssl - - -SECRETS_DIR=./secrets - -# Where to store intermediate files -TMPDIR=./out - -# Clean up any old files... -rm -fr ${TMPDIR} - -mkdir -p ${TMPDIR} - -KEYSTORE_PIN=`cat ${SECRETS_DIR}/keystore.pin` - -# First create a CA if it does not already exist. -if [ ! -f "$CA_HOME"/ca.pem ]; -then - echo "CA cert not found, creating it in ${CA_HOME}" - mkdir -p ${CA_HOME} - - # Edit this template for your own needs - cat > ${TMPDIR}/csr_ca.json <${TMPDIR}/csr_opendj.json < opendj-all.pem ) - -# Create a pkcs12 file -openssl pkcs12 -export -in ${TMPDIR}/opendj-all.pem -out ${SECRETS_DIR}/keystore.pkcs12 -password "pass:${KEYSTORE_PIN}" - - -rm -fr out - - -cd $SECRETS_DIR - - -# The pkcs12 keystore does not have an alias they Java needs. keytool sets it. -echo "Setting the alias with keytool" -keytool -changealias -alias 1 -destalias $SSL_CERT_ALIAS -storepass `cat keystore.pin` -keystore ./keystore.pkcs12 -v -storetype pkcs12 - -keytool -list -keystore keystore.pkcs12 -storepass `cat keystore.pin` -storetype pkcs12 diff --git a/helm/ds-empty/ds.sh b/helm/ds-empty/ds.sh deleted file mode 100755 index 54e50cb663..0000000000 --- a/helm/ds-empty/ds.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -# Utility script to check for the backup pvc, and pass it to helm if present. - -ARG="" -kubectl get pvc ds-backup && ARG="--set backup.pvcClaimName=ds-backup" - - -helm install $ARG $* ds \ No newline at end of file diff --git a/helm/ds-empty/secrets/README.md b/helm/ds-empty/secrets/README.md deleted file mode 100644 index 556cbed4d7..0000000000 --- a/helm/ds-empty/secrets/README.md +++ /dev/null @@ -1,6 +0,0 @@ -Important: If you update the directory manager password *DO NOT* include the newline character. - -This works: - -echo -n my_password > dirmanager.pw - diff --git a/helm/ds-empty/secrets/ca-cert.p12 b/helm/ds-empty/secrets/ca-cert.p12 deleted file mode 100644 index bd81a0f0426545ed72f0473230b970c4fd5c83bb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1026 zcmV+d1pWIkf&=~n0Ru3C1GfeVDuzgg_YDCD0ic2ds04xoq%eX5pfG|1oCXOhhDe6@ z4FLxRpn?O9FoFY#0s#Opf&+pE2`Yw2hW8Bt2LUiC1_~;MNQUx1C^t1(L^9ilVc@2rW~fXM2`v-kcvhr>7tUI zsD_cG+i3a%MCvsdHM(DwvT&c9lYpc`&4_{8J;WZ!Q|z%NL!v)i$YKax_`-|zn|9Tf zF@H`m*klc8-9p6AD(1fv9^y>P60h4OP0Mu?QQabZ$A~;wsbs^4XWCF->C|1r0?5W0 zIu!fQZFGxr0=9`VZTpx`XiIOqfkef=Vc9?=~gG?Qz|DS^7B9_?BWRV{U*#$1gjE_z; zdDQ9Jh?;YY&u}KfF0Ww%O~qa=MvRv6Tx_^Ixi0XX7M}uM(Y{P1`9yDr_I52AooU(@ zs=7|~y>c&WrmCREnBSo+W8^RD1|t6venl<91al}+$;l*CDOE^V_^82?7pU>`I1Nic zs839LL5sV>pL(M9C8z1=S8E}A~;5K)KUe2z*JKnUZq)g=BnRKSub*nuUFG#ux@CAjUW9EpC*5zeDIAhft3E? zA;&EfIQ1v@1-9YdK8a0kCssrMuLC8QcTMj^)S1T8NmX~KpjId`72NTbaQP3i17MSR zkb@qVZ|sQKvDAjz7!4a#$3^83PfGyu-8#)!DX5Y!@|@`MG37GSoySxCQH4G9<7o!cb!*c~J^RcWXyf^#= zk3Z<zR%&4>$z2+xWGM+LUAmWDk&=>-l#Zp5 z1qA*eN{GJRJNLf#z8}tk}~Ws3*ZW>oxT)PX6xn?o@p(RCm}szRh}rfJZ1;zf^m3epkb+CE)!YPay)G(S zP2AR3`(0L?2mOZ73Q36Rk3wmNSyH|f8RSNuIDy$r55p_ zT@cEI)n=mGcD6)g0Swv4FakmazIWR+4<%mv)a@k!vxh24!fBpB7--HaQ@$_b;Z0X? zY4$m?L2H+aXOkwF5!&=mC7N97hSLbDFh$~svgZ;NRd~$PNAGNl1Hr+jDyBLwUaREp zmi|d6HEwVaz%N(HKmIDD8bv6}LdUxOv$2c0d6L*gr$4J^CsnW!;a|K3I*HOdK72_t z%!$z2^V!bpbk>m@dSlYFV@C;lp?6nwnJJ$MmSCDd)Ccv^8%kK@b}-6hBs3L-KrVtF z*Mf{>n7^auv=}Vznr}?Nk>%pIL!#w^68hiQ+cE~29bj#q(AV9q{V7U=o+x6Fov>t; zIpN!cvt%oKCkL0h54|3<>J1I*CfHr7as*BAXE03xXpaMz-3tigM(S-XMr;t-j|fY) zEHaJ6CJP$w_#X=SwvDIY^O&Px1(Z@{(pLHz+fT^-1^KHIX*(Zn-To8&Fl*OV1qZ&X zJ!fd@mWp3Dl;Z(eSs+UWbF^3o_eWAM|6*%h@4y{p8=lzG2mBb>RjBg&S{QfGw{%#` zBW}bH!|?l&hE)7hC%b!Q2XVI#jKTzZE2-#{o0f7l!p<4L(L_)&T|NFPiIWd{CrmG* zH)Dt{0qf6u15xgcTCkF3iO3o#M6z}Ro-%D+{a8mlW8swk~e?S6+Fnl z^)W9}QVf4#o_=9^B|v=IH@)~}lSEqD>LtugQ2C=-squTEhm9R{?Z56jRB^DPx5Lle{<(0y z=fj1mnc{6<+O&nNu^xI_=Gmond0jpj68}?ILEe8d&>1o4Q6C(1D!Lw{c@RNO`(6&0 z(PU2DGtSfxrg{B#@otFE$+kaqWlQ*XrmX*#h{N1H^&Pjw(cJD(+H~S@Jr!(BKR(@A z^bVtmcebWXyRhx#0V-8TNh!X(^xl}O0m{;%jpsA2qpSZ=ItJd!UU6r9=oqSCHM5>5 zjyiI-Q;R9aDSohR#bt}7J>+npc(e+{d_fdP;F?7Q6ucC)gzCtaNMPU7RxLD_^IbD# z>fEU&+O#(Cl5#BuS|#lx8(9?*!xiQ9?|wCyvm49tp;p(G&D(gD#c{ zlOP$qQkP3#cAe!^~T#Ijb0Tbcjc|JyNTkZGseu>V8mPXg4{tYMdb~Ov_7XZiJ#rB zUbYW>$@}`4nu&`4SKH4|j&$WTT{`5qH%>C;C3c_2@*8{CLYHurU@f0g_j{Vy zT?=lhDXnEY`YKrF^4f5khwTGtNmzEqN z_|?-Iz>L2kwl)Ny-CHP)$?;tF((Rach1G1jFB)|(wuNP6t3QP>shvBnyYNV9B?rH| zIDD~p7zMnx3I+Bw;v#-GbD1+|Y2D9MdYTOJ>p5*fey7bH05~>96yG9RElU#M65;p0 z2_|e&LN-vUBcK|`s$c&R6v80 zVfsO)UE|U*$(>WY;%ar42&vf>-0}nGV|dYsKF#V8>r&)<>)rd!=N(b8>?{|Z%{(#^ z6#1{ile)HrJ+YR^?z7ly3qE3r*(~TxdR-Yz2|6Op@Ix~VWwCXm&kSGFrkeSNUhdh|k4^^b*&r-@Oq?&4i5;rL3Ye4V_WRM!&3j;XOwCoxB!aq{~J)v4$H|(~4J#mzPB)`?G38 zNZQH$xUS0BB+Yv#p7*wNlbXCOmG=}Uqk1_9eh|{w z$$(qT`Z?~tBr#nc8<0nmPwg{GaZC1Yc|p!}HYRR(;ap3%zdRCdLeKMVIN!#JzcFpa zmk8ie@fbOWba8u5@@$Rb;VJOZCmun#wM{=kyC#~H^Q9`)L#!+F)yi5h`}z4&N`-@X z|0qSGc9F=lk`BAK=@8m1-{=-k-1y3PWrH!0nKs5-sI?qX8GnG^ql7sI*aSmlvs5YE zJj~9E;F86&&U+8HD4_%7=5mIACjF{C7^H6w`@GIe7uxBv7fKd>ueR^zu!(F)mmL3A zu&i{HN^2a+AXR9xnX0xY2g_TJm$zNYgjCt} zf@1Ba7N=!(LHz%YYLv{f%sfm0Uw|LL4d4TC1wa8(02hGM{~x(6%M4_C=;`goCkvKS z1cAX|1zA}|FbGN7@oyh;vJxa|-CtBiOa%Db%KlFw`j4DP_Fp-V?vRW)`-l0-L1LAK zeqCDW+M!zOf9JetB&o-eZO8a;MndmA)q8T<^H15H!hY+K$CsV@cRAyH!h3x2^w!12#c^;vY#yKUAvr_`D!}# zPL4y`&O|cGEGl%sey-a_=h^$D^rtEB+=#WP1Z6h zr5Carus0mF!OG2h!DI47hCnsiZF^9Z8{q_~>sj$QY@cO~*?;kR>=`!9&{XGZZ+wb; zfP(;Z^~7+rdy2Ka&aa{ZjPQ9FH zB1{#xR)R${$Ri`e%15wd`j}4FYSgQI9$Q(eaJjW--K?35Ii#DcoURbR1!Nq0S=FZ+ zpB;vr*Kh{u@dwcq&N8}H4DE7AfK(QAxGEa@%Eg3)|6ZTYh6Z@~*<-rl#j1rYS4g3Y zt(dkti!Xig+ZJIe>fp+Y6)JX^V2*?l+ZQbQ>9ZkD^%Ry{UfUF(o`XkPGPjtBN`udj z8Zww6$+y>fi8#Nb^XYIcvBoUmOKQ17kkzxwif-7vvDf1&_E~!5+{?N(AM=R)>1K1j z13=DrtdFykKQX#+FB9F+VcZt%o|`D+`J+IX(dbEL7j_B-oyoH#3jBi)+}rtVc{o!y z(uD2=4*bYk*|BcPffg#C#gU*h`-6tsQ&!^mfM=Qa=>reA%TCme@IaZcU#}zHS_T5M z+x`1a0<)JXwedcWt-_;lh{>!YS%bXt))P=fS*BoV!7C5qJZSS=WGSNq=YuGtyV5E; zW8h7ix+{TqZyk-96ccbt-Jvwa{1TP^lmXx>y%sj<%Rvpj@%VAo?AbLsXtd*bTQ-8C z-rojuU86a}loepO*7{(`hZ94#%~t=lr1mUeOr(xLuy#0IoHd?4#WWh+tEqFDyRG&n zLv9h3u99Hbxv`oUSaXrB6?~H*RNZ#IMHg*MNa{9A3+x&NH6|; zh-3*R#V4uQxxhECxr5W1M(6==>{<0UBA3^yg@c z{Z^@PH=aJ4(QgzJU}|M4+?&TscVZ_xA7K^7$HH_qA(9uicC>;IP`;ba`o! z9fyP@K?u|pL3gRK*8GJ#PmwUY|LQVktC~bDa=6XA2CD|%ncW^Pl5Mlsq({subs}%*4gL3>s{kCQ^Nics z?150eY1EVZqZzslqTgB?k$WQMWNDR zr(=^IqA6)GZ6G#aNE-)%Ge)N^4Lk0QQq(|aq#r6Fy%oer!Ukd{c0v<1-rNCm3M;9! zxHh^3oy)t_e9zr9n`%zXUuB*XC@zhFYj55AxPzBid)LxsZ{;KjTW#gA(T| zg}Y*rzjg^U;r1j)Eg!}4c7wmXlbh67=&twr5=m83!3=g-_ARvZH@y)}CJ@(hjf~Pb zzYQWZrEm3eARocskeyy9aSr}Rw7_|yQ83QZO=qdUu(-93bG55axOlK?3RJ=qHBoi@ zf_3UK2Olku--i7VF~~EcCQa#gd!*lQ?~TQ+-I>OUKs11uIU3h$A`O1j=>?GP@i*vY z9ETJw;Jmaj%lNt@1+%O%3q#^Bdb5E|{hM4XzVkT`?kwpdDFJ$mysxpHmh05n^=){^ zb-$7`m2dN|!E991ZzJ!#^Ef`xgG{xEj)*hlD{N!iN`q-KBMLAv+uhNVwYi(7&}z@k zfwK+}+v3n#zlXgD73cb^jr|g_O?}!MQggmC#(Vv4HK@SnDqfft|7_d7o8yS~Qv(Y- zfLMkT!uNyv;>r#%1pn>hMt(L9Sxa-|x;P^=M#ojlBBK+ujT~l8Ee*O8ts5qiL ze4s7x zk`oQra6pgvn&rqBcawP7ij0SSVp47|{jhT_@OG>CS$gL+L>CvpDvy~<8Ya5D>ZxmJ zBD+f}VZeH{Xwa6Q%j`h$rcFFc`%-P;bOMoi5Jt^xJVzVg8BFk)1LMv4D}s&NB=_{R zWV+#ehc?JNei28JH{XT2Q?lWC_f*-we-3Fz5>iN&HRY_KpR6s`XtN=HM&`WuAPWp* zq)R?cQ#Ga?PCzlFDm)R8`t5EdIH+^*=#$gf7nqb(`FK$VC3ODu?&S)@OV=Bj?V+XX ze7Sn95>LXV7jOx`R}$z}kK^D-^>te5qvT;WZ5BvLs-?M%0QVG{^8RjUUXM)9%06+L zsOjmHdeU-gYL}+2-Hsb1J$Kf34LD4e*LO}&hS+xAjwxGWYoOP1He%%@d`gW7R$}DG zUxv-x%*Wx2?@>J8=h!q&igdOLVK(WsiZ4{{44jb>#zmzZ_q-Fl&w0JOxAtdR`k#l& zj{uF{t{I9}U!mtSJa4N}+Gt2e+<^%+-k-qg`AG_d`Hf>WmhNbON%tr}TiYvY0vw6Z zKr=5`4r@(0r4X(~LFJXquN#55W;!t(Wlem$8GKd^Q{)S2yJTw_e=8<3fjhxrl)% zVfm`5-Y@n207%i$8D|nLrzV6eP@zqERccoMkzK>IAX_u@2S*$+>EzQXTq^3|^xSAC zhPfRE7dGt=wb5@*AWpiS`SlNXS;t2#Y2krzn*^@9bo_bT6ya&AEo8liee9rWf$ha5 zw^$JO;c(3WcfE@^FET-rp3Q|r|l}B^&;qA`AcFa9AeC`I+ z>YB$7X)oi0cBD0ImWIl0lkdEF=oTEkM_76a-YE|@v z4_>OAAOFFO99+bWLZ`yvmI(ri@m@+ipahh(?ud^eDVlPlTQRnuY`1 z3UX)zUGzC(JYOwEhDDE!)|{vivt+!d>B$R6|jimcV3S_QaIAjh7=AajUT8$;KV7f$fO2Px$n9)9t2f!v~MQK{MO zo5XF6e3hyCI@V5hGjz{Z`3HOS7TgCPnvEj4a!x%bMZfEK$kScRr7@7=@N9`&#EkG!Mo3tBmb97{R##%Eu@E?Ko2 z-|+Q66){w!z}84+l#!Ai^?p5@VGXN&ZY})L)&fmA-fIO(c`ardPAv)+h7v0rIQ~Wt>o}j|F~q1?dk7HnLd# zv$iLaIK^O!5Z{D%El`#Q6&(IP!f;b_QwW(VVZ5M?MMesqF6Y~rei8jR;p3ke7ms*~ zl1wXseoObJ>{}7Sv? zNtU0PHIqA=zc`qUk4|N>?LL`Li(P6ycyzvt-2z>Jq&<*LQlflAA0oeqqWZ_rrZCqO z2t_c2u{d$l1Zum>6FIIdN<(RV!{U~0wfN0I+Oaw>RPJrwF96RJ!O)Uc^Zd|4~23*&X5EHJ}GO^58#>P_#N;%HbSRBI(yN zIx8;YDxcpr>eB&}hUu?UJSJE;EtQFn*N`E{{Pyi2%| z6D>bR4)?+SjQmQo;-Xj}+NmlhGmv$KbB2K1`0LH7yqKN`UK(g4$&H_UIurxoUlCR_9Ib3nr1FOR}sc3MkL=KjWuy-DCYt1oL1REn*TIm; zQGGYX{yE|Tu73{nnE0rpE7*A1Cr zJJi=r0af?A>$CR~gA)0b%5-85=`xIYzVgepGCC@40-1pymr_+-4@%$`wTHAv3I)fZ zEa~)hDy6&#POla^^?ALa=K{ZOP36`5KTRB(qhZ~!c1jpWil|sa$u*6QtVTuY!Z#Rc zvNE|2akG(?pr+owjUt4|l}$ShvK~i{KM0r5|D!b}Yf=)`dm24vgxeCDiNQoS0lG}; zW4k|Ay5`*xK{!|9ip^^9DyYgY+3;#6Pl8H5+fh-s@&Y645#I8OcJl7Bhi^Wra#vQ1 z=ZKma_|3QET1({cZGpcIMQ7CHyEU^#gYM3w-ATncbe!+$?3f3Hdt!c$vEn*?ZDy*Z zb0L3$d%ub)ATlh3=snv%VJim9iA&#&7ZO6P6i9%t8jaJT4;ldtvF_UxusWAIq7v`X ztmy*v(ehZPmTvF${U=^E4@%VE97VxuQ5oqA)6#N%g`$x*k_}m^->HYbDUQ#V%_T?H zaD4eb7tcV~?J%zAU-fpha5<3+48-zht0yMMCo1|C|N6_6~hwm+t{LTBcVHrxaaA~SEp_UoGN3vJT%b%KE zGopX|xwib@eUi)Eu)vkcB16X|jF$`}vxnDxNQ<;HcSumF z$lxu%o+!@hUKZxZb}+Nj_ObA0!r--{JOlc~^+l|7@q}9!)+tV)%1Sey?(cx_yt4ga z{n4*2tZTkx(up|}YXjyJR`wM(9b7-1IQ^{a&i2a4;YU!(fWcen($aOvn)j6m5F0D1=wA`G BgD3z1 diff --git a/helm/ds-empty/templates/_helpers.tpl b/helm/ds-empty/templates/_helpers.tpl deleted file mode 100644 index c3309e16f1..0000000000 --- a/helm/ds-empty/templates/_helpers.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{define "name"}}{{default "opendj" .Values.nameOverride | trunc 63 }}{{end}} -{{define "fullname"}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{end}} - -{{/* work in progress. TODO reduce dj image boilerplate */}} -{{define "dscontainer"}} -image: {{ .Values.image.repository }}:{{ .Values.image.tag }} -imagePullPolicy: {{ .Values.image.pullPolicy }} -volumeMounts: -- name: dj-secrets - mountPath: /var/run/secrets/opendj -- name: db - mountPath: /opt/opendj/data -envFrom: -- configMapRef: - name: {{ .Values.instance }} -env: -- name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{end}} \ No newline at end of file diff --git a/helm/ds-empty/templates/configmap.yaml b/helm/ds-empty/templates/configmap.yaml deleted file mode 100644 index 5b9e80522d..0000000000 --- a/helm/ds-empty/templates/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.instance }} -data: - BASE_DN: {{ .Values.baseDN }} - # example: configstore, cts, userstore. The instance is used to construct the FQDN of DS. - DJ_INSTANCE: "{{ .Values.instance }}" - DS_SET_SIZE: "{{ .Values.replicas }}" - OPENDJ_JAVA_ARGS: "{{ .Values.opendjJavaArgs }}" - BACKUP_CLUSTER_NAME: {{ default "default" .Values.backup.clusterName }} - DS_BOOTSTRAP_REPLICATION_SERVERS: {{ .Values.replicationServers }} diff --git a/helm/ds-empty/templates/ds.yaml b/helm/ds-empty/templates/ds.yaml deleted file mode 100644 index ac9d561605..0000000000 --- a/helm/ds-empty/templates/ds.yaml +++ /dev/null @@ -1,178 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. All Rights Reserved. -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ .Values.instance }} - labels: - instance: {{ .Values.instance }} - app: {{ template "fullname" . }} - vendor: forgerock - component: {{ .Values.component }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.instance }} - replicas: {{default 1 .Values.replicas }} - updateStrategy: - type: RollingUpdate - {{- if .Values.persistence }} - volumeClaimTemplates: - - metadata: - name: db - annotations: - pv.beta.kubernetes.io/gid: "11111" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ default "5Gi" .Values.storageSize }} - {{- if .Values.storageClass }} - {{- if eq .Values.storageClass "-" }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.storageClass }}" - {{- end }} - {{- end }} - {{- end }} - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" -{{- with .Values.extraAnnotations }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - labels: - instance: {{ .Values.instance }} - app: {{ template "fullname" . }} - vendor: forgerock - release: {{ .Release.Name }} - component: {{ .Values.component }} - spec: - {{- with .Values.serviceAccountName }} - serviceAccountName: {{ . }} - {{- end }} - affinity: - podAntiAffinity: - {{- if eq .Values.podAntiAffinity "hard" }} - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.topologyKey }} - labelSelector: - matchExpressions: - - key: instance - operator: In - values: - - {{ .Values.instance }} - {{- else if eq .Values.podAntiAffinity "soft" }} - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: instance - operator: In - values: - - {{ .Values.instance }} - topologyKey: {{ .Values.topologyKey }} - {{- end }} - terminationGracePeriodSeconds: 30 - {{- with .Values.securityContext }} - securityContext: -{{ toYaml . | trim | indent 8 }} - {{- end }} - initContainers: - - name: initialize - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: db - mountPath: /opt/opendj/data - - name: backup - mountPath: /opt/opendj/bak - - name: dj-secrets - mountPath: /var/run/secrets/opendj - envFrom: - - configMapRef: - name: {{ .Values.instance }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: [ "initialize-only" ] -{{- with .Values.extraInitContainers }} -{{ tpl . $ | trim | indent 6 }} -{{- end }} - containers: - - name: ds - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - #terminationGracePeriodSeconds: 10 - resources: -{{ toYaml .Values.resources | indent 12 }} - envFrom: - - configMapRef: - name: {{ .Values.instance }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 1389 - name: ldap - - containerPort: 4444 - name: admin - - containerPort: 8989 - name: replication - - containerPort: 8080 - name: metrics - volumeMounts: - - name: dj-secrets - mountPath: /var/run/secrets/opendj - - name: backup - mountPath: /opt/opendj/bak - - name: logs - mountPath: /opt/opendj/logs - - name: db - mountPath: /opt/opendj/data - args: [ "start-ds" ] - # Due to cost, we don't want to do a full scrape of the metrics http endpoint - so we create a tcp connection - # todo: revisit when https://bugster.forgerock.org/jira/browse/OPENDJ-4728 is resolved. - # TODO: Uncomment when we get ds to start faster. Seletively disable replication - # readinessProbe: - # tcpSocket: - # port: metrics - # periodSeconds: 10 - livenessProbe: - tcpSocket: - port: metrics - initialDelaySeconds: 60 - periodSeconds: 120 -{{- with .Values.extraContainers }} -{{ tpl . $ | trim | indent 6 }} -{{- end }} - volumes: - - name: dj-secrets - secret: - secretName: {{ .Values.instance }} - - name: logs - emptyDir: {} - {{- if .Values.backup.pvcClaimName }} - - name: backup - persistentVolumeClaim: - claimName: {{ .Values.backup.pvcClaimName }} - {{ else }} - - name: backup - emptyDir: {} - {{ end }} - {{- if not .Values.persistence }} - - name: db - emptyDir: {} - {{ end }} - {{ if eq .Values.taints.enabled true }} - tolerations: - - key: "type" - operator: "Equal" - value: {{ .Values.instance | quote }} - effect: "NoSchedule" - {{end}} diff --git a/helm/ds-empty/templates/secrets.yaml b/helm/ds-empty/templates/secrets.yaml deleted file mode 100644 index 2ad0ea69af..0000000000 --- a/helm/ds-empty/templates/secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Secrets for OpenAM stack deployment. This will be mounted on all containers so they can get their -# passwords, etc. -{{ if .Values.useDefaultSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.instance }} -type: Opaque -data: -{{ (.Files.Glob "secrets/*").AsSecrets| indent 2 }} -{{ end }} \ No newline at end of file diff --git a/helm/ds-empty/templates/service.yaml b/helm/ds-empty/templates/service.yaml deleted file mode 100644 index 763d701b66..0000000000 --- a/helm/ds-empty/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2016-2019 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.instance }} - labels: - app: {{ .Values.instance }} - component: {{ .Values.component }} - vendor: forgerock - heritage: {{ .Release.Service }} -spec: - clusterIP: None - ports: - - port: 1389 - name: ldap - targetPort: 1389 - - port: 4444 - name: djadmin - targetPort: 4444 - - port: 8080 - protocol: TCP - name: metrics - selector: - app: {{ template "fullname" . }} - release: {{ .Release.Name }} diff --git a/helm/ds-empty/values.yaml b/helm/ds-empty/values.yaml deleted file mode 100644 index e06fd6d37d..0000000000 --- a/helm/ds-empty/values.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright (c) 2016-2019 ForgeRock AS. - - -# If useDefaultSecrets is set to true (the default), the secret values in ../secrets will -# be used to create a secret map with the same name as the instance ($instance). -# If you set useDefaultSecrets to false, you must create this secret map yourself before the DS -# instances will be provisioned. This allows you to inject your own secrets rather -# than use the default ones bundled in the chart. An alternate strategy is to fork this chart. -# and replace the secrets in ./secrets with your own. -useDefaultSecrets: true - -# The default DS baseDN for the user store. Note the ds image creates several backends that are hard coded and this -# setting will have no impact on those backends. This setting will be removed in the future. -baseDN: "ou=identities" - -# The default instance name. This will create a stateful set that can be resolved at -# $instance-0.$instance. You can also use the service name $instance - which will get (randomly) -# load balanced to an instance (not recommended ) -instance: ds - -component: ds - -image: - repository: gcr.io/forgerock-io/ds-empty/pit1 - tag: 7.0.0-b0222b47da54d2a1f79763af965ac1c240e63fb4 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -# The number of instances in the StatefulSet. Each instance is a combined DS/RS pair. -# You can not change this after installation. -replicas: 1 - -# Size for DS database storage. Note GKE IOPS scale based on the size of the volume. -storageSize: "10Gi" - -# Set storageClass only on clusters that support it (GCP / AWS). -#storageClass: fast - - -backup: - # This is an optional parameter that will mount the named PVC volume (most likely an NFS share) - # on the bak/ directory. If this is not specified, an emptyDir will be mounted instead. - # The pvc is usually created by the dsadmin/ chart. - #pvcClaimName: ds-backup - - # This configures the top level directory under bak/ - # The backup folder is set to $clusterName/$instance-$namespace. This - # forces each instance backup to go to a different folder on the shared PVC drive. Without this - # you will get collisions on backup / restore. - # If you have many clusters backing up same shared NFS volume, change the default here. For example, - # set it to "production" - clusterName: "default" - - -# You need to be on JDK 8u131 or higher to enable these options. -# todo: find JDK 11 args -#opendjJavaArgs: "-server -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:+UseCompressedOops -XX:+UseG1GC -XX:MaxGCPauseMillis=100 -XX:MaxRAMFraction=2" - -# These defaults work for a small test instance -opendjJavaArgs: "-Xmx512m" - -# Resource limits. -# These help for pod placement in a larger cluster to ensure the DS instance gets sufficient resources. -# The default values are artificially low. -# For production, you will want to increase them. -resources: - requests: - memory: 512Mi - limits: - memory: 768Mi - -# DS persistence switch. Setting this to false disables volume claims - all data is stored inside the docker image. -# Used in testing environments without pv providers. When the pod is terminated, the DS data will be deleted! -persistence: true - -# Pod Anti Affinity switch. For production this should be set to "hard", otherwise use "soft". -# The hard setting will force ds pods to be spread out over multiple hosts/zones. soft is best effort -# but pods will still be scheduled together if sufficient resources are not available. -podAntiAffinity: "soft" - -# This is the exact value for TopologyKey. The other possible value is "failure-domain.beta.kubernetes.io/zone" -# which will ensure that pod is scheduled on nodes in different zones thus allowing for HA across zones. -# Note you want to leave this value as is if you are deploying a single zone cluster and change the values only -# if you have a multi-zone cluster. -topologyKey: "kubernetes.io/hostname" - -# Restore parameters. -restore: - # If true, runs the init containers that restores the directory from a backup folder in the bak/ folder. - # The backup data must be present in the bak/ folder. - # Restore will not overwrite existing DS data. - # A backup folder contains a full backup and a number of incrementals. The most up to date incremental - # is used to recover. - enabled: false - -# This will make sure the mounted PVCs are writable by the forgerock user with gid 111111. -securityContext: - runAsUser: 11111 - fsGroup: 11111 - supplementalGroups: [ 0 ] - -# if taints enabled, then pod will be deployed on node with tainting type=INSTANCE_NAME (eg type=userstore) -taints: - enabled: false diff --git a/helm/ds/.helmignore b/helm/ds/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/ds/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/ds/Chart.yaml b/helm/ds/Chart.yaml deleted file mode 100755 index a33dabc655..0000000000 --- a/helm/ds/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Deploy a pair of DS servers replicated -name: ds -version: 7.0.0 diff --git a/helm/ds/README.md b/helm/ds/README.md deleted file mode 100644 index 2c6e79d6b2..0000000000 --- a/helm/ds/README.md +++ /dev/null @@ -1,78 +0,0 @@ -# ForgeRock Directory Services Helm chart - -Deploy one or more ForgeRock Directory Server instances using Persistent disk claims -and StatefulSets. - -## Sample Usage - -To deploy to a Kubernetes cluster: - -`helm install --set "instance=userstore" ds` - -This will install a sample DS userstore. - -The instance will be available in the cluster as userstore-0. - -If you wish to connect an ldap browser on your local machine to this instance, you can use: - -`kubectl port-forward userstore-0 1389:1389` - -And open up a connection to ldap://localhost:1389 - -The default password is "password". - -## Persistent Disks - -The statefulset uses a Persistent volume claim template to allocate storage for each directory server pod. Persistent volume claims are not deleted when the statefulset is deleted. In other words, performing a `helm delete ds-release` will *not* delete the underlying storage. If you want to reclaim the storage, delete the PVC: - -```bash -kubectl get pvc -kubectl delete pvc userstore-0 -``` - -## Values.yaml - -Please refer to values.yaml. There are a number of variables you can set on the helm command line, or -in your own custom.yaml to control the behavior of the deployment. The features described below -are all controlled by variables in values.yaml. - -## Diagnostics and Troubleshooting - -Use kubectl exec to get a shell into the running container. For example: - -`kubectl exec userstore-0 -it bash` - -There are a number of utility scripts found under `/opt/opendj/scripts`, as well as the -directory server commands in `/opt/opendj/bin`. - -use kubectl logs to see the pod logs. - -`kubectl logs userstore-0 -f` - -## Scaling and replication - -To scale a deployment set the number of replicas in values.yaml. See values.yaml -for the various options. Each node in the statefulset is a combined directory and replication server. Note that the topology of the set can not be changed after installation by scaling the statefulset. You can not add or remove ds nodes without reinitializing the cluster from scratch or from a backup. The desired number of ds/rs instances should be planned in advance. - - -## Backup - -If backup is enabled, each pod in the statefulset mounts a shared backup - volume claim (PVC) on bak/. This PVC holds the contents of the backups. You must size this PVC according -to the amount of backup data you wish to retain. Old backups must be purged manually. The backup pvc must -be an ReadWriteMany volume type (like NFS, for example). - -A backup can be initiated manually by execing into the image and running the scripts/backup.sh command. For example: - -`kubectl exec userstore-0 -it bash` -`./scripts/backup.sh` - -The backups can be listed using `scripts/list-backup.sh` - -## Restore - -The chart can restore the state of the directory from a previous backup. Set the value restore.enabled=true on deployment. The restore process will not overwrite a data/ pvc that contains data. - -## Benchmarking - -If you are benchmarking on a cloud provider make sure you use an SSD storage class as the directory is very sensitive to disk performance. diff --git a/helm/ds/cfssl.sh b/helm/ds/cfssl.sh deleted file mode 100755 index 4e69baa9d8..0000000000 --- a/helm/ds/cfssl.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/env bash -# Sample script to create a self signed CA using cfssl, and create -# server certs for DS that are signed by this CA. -# Used cfssl https://github.com/cloudflare/cfssl -# On Mac OS you can install using brew install cfssl. - - -# Where we store the CA certificates. If you retain this CA you can generate -# future DS certs signed by the same CA. -CA_HOME=~/etc/ca - -SSL_CERT_ALIAS=opendj-ssl - - -SECRETS_DIR=./secrets - -# Where to store intermediate files -TMPDIR=./out - -# Clean up any old files... -rm -fr ${TMPDIR} - -mkdir -p ${TMPDIR} - -KEYSTORE_PIN=`cat ${SECRETS_DIR}/keystore.pin` - -# First create a CA if it does not already exist. -if [ ! -f "$CA_HOME"/ca.pem ]; -then - echo "CA cert not found, creating it in ${CA_HOME}" - mkdir -p ${CA_HOME} - - # Edit this template for your own needs - cat > ${TMPDIR}/csr_ca.json <${TMPDIR}/csr_opendj.json < opendj-all.pem ) - -# Create a pkcs12 file -openssl pkcs12 -export -in ${TMPDIR}/opendj-all.pem -out ${SECRETS_DIR}/keystore.pkcs12 -password "pass:${KEYSTORE_PIN}" - - -rm -fr out - - -cd $SECRETS_DIR - - -# The pkcs12 keystore does not have an alias they Java needs. keytool sets it. -echo "Setting the alias with keytool" -keytool -changealias -alias 1 -destalias $SSL_CERT_ALIAS -storepass `cat keystore.pin` -keystore ./keystore.pkcs12 -v -storetype pkcs12 - -keytool -list -keystore keystore.pkcs12 -storepass `cat keystore.pin` -storetype pkcs12 diff --git a/helm/ds/ds.sh b/helm/ds/ds.sh deleted file mode 100755 index 54e50cb663..0000000000 --- a/helm/ds/ds.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -# Utility script to check for the backup pvc, and pass it to helm if present. - -ARG="" -kubectl get pvc ds-backup && ARG="--set backup.pvcClaimName=ds-backup" - - -helm install $ARG $* ds \ No newline at end of file diff --git a/helm/ds/secrets/README.md b/helm/ds/secrets/README.md deleted file mode 100644 index 556cbed4d7..0000000000 --- a/helm/ds/secrets/README.md +++ /dev/null @@ -1,6 +0,0 @@ -Important: If you update the directory manager password *DO NOT* include the newline character. - -This works: - -echo -n my_password > dirmanager.pw - diff --git a/helm/ds/secrets/ca-cert.p12 b/helm/ds/secrets/ca-cert.p12 deleted file mode 100644 index bd81a0f0426545ed72f0473230b970c4fd5c83bb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1026 zcmV+d1pWIkf&=~n0Ru3C1GfeVDuzgg_YDCD0ic2ds04xoq%eX5pfG|1oCXOhhDe6@ z4FLxRpn?O9FoFY#0s#Opf&+pE2`Yw2hW8Bt2LUiC1_~;MNQUx1C^t1(L^9ilVc@2rW~fXM2`v-kcvhr>7tUI zsD_cG+i3a%MCvsdHM(DwvT&c9lYpc`&4_{8J;WZ!Q|z%NL!v)i$YKax_`-|zn|9Tf zF@H`m*klc8-9p6AD(1fv9^y>P60h4OP0Mu?QQabZ$A~;wsbs^4XWCF->C|1r0?5W0 zIu!fQZFGxr0=9`VZTpx`XiIOqfkef=Vc9?=~gG?Qz|DS^7B9_?BWRV{U*#$1gjE_z; zdDQ9Jh?;YY&u}KfF0Ww%O~qa=MvRv6Tx_^Ixi0XX7M}uM(Y{P1`9yDr_I52AooU(@ zs=7|~y>c&WrmCREnBSo+W8^RD1|t6venl<91al}+$;l*CDOE^V_^82?7pU>`I1Nic zs839LL5sV>pL(M9C8z1=S8E}A~;5K)KUe2z*JKnUZq)g=BnRKSub*nuUFG#ux@CAjUW9EpC*5zeDIAhft3E? zA;&EfIQ1v@1-9YdK8a0kCssrMuLC8QcTMj^)S1T8NmX~KpjId`72NTbaQP3i17MSR zkb@qVZ|sQKvDAjz7!4a#$3^83PfGyu-8#)!DX5Y!@|@`MG37GSoySxCQH4G9<7o!cb!*c~J^RcWXyf^#= zk3Z<zR%&4>$z2+xWGM+LUAmWDk&=>-l#Zp5 z1qA*eN{GJRJNLf#z8}tk}~Ws3*ZW>oxT)PX6xn?o@p(RCm}szRh}rfJZ1;zf^m3epkb+CE)!YPay)G(S zP2AR3`(0L?2mOZ73Q36Rk3wmNSyH|f8RSNuIDy$r55p_ zT@cEI)n=mGcD6)g0Swv4FakmazIWR+4<%mv)a@k!vxh24!fBpB7--HaQ@$_b;Z0X? zY4$m?L2H+aXOkwF5!&=mC7N97hSLbDFh$~svgZ;NRd~$PNAGNl1Hr+jDyBLwUaREp zmi|d6HEwVaz%N(HKmIDD8bv6}LdUxOv$2c0d6L*gr$4J^CsnW!;a|K3I*HOdK72_t z%!$z2^V!bpbk>m@dSlYFV@C;lp?6nwnJJ$MmSCDd)Ccv^8%kK@b}-6hBs3L-KrVtF z*Mf{>n7^auv=}Vznr}?Nk>%pIL!#w^68hiQ+cE~29bj#q(AV9q{V7U=o+x6Fov>t; zIpN!cvt%oKCkL0h54|3<>J1I*CfHr7as*BAXE03xXpaMz-3tigM(S-XMr;t-j|fY) zEHaJ6CJP$w_#X=SwvDIY^O&Px1(Z@{(pLHz+fT^-1^KHIX*(Zn-To8&Fl*OV1qZ&X zJ!fd@mWp3Dl;Z(eSs+UWbF^3o_eWAM|6*%h@4y{p8=lzG2mBb>RjBg&S{QfGw{%#` zBW}bH!|?l&hE)7hC%b!Q2XVI#jKTzZE2-#{o0f7l!p<4L(L_)&T|NFPiIWd{CrmG* zH)Dt{0qf6u15xgcTCkF3iO3o#M6z}Ro-%D+{a8mlW8swk~e?S6+Fnl z^)W9}QVf4#o_=9^B|v=IH@)~}lSEqD>LtugQ2C=-squTEhm9R{?Z56jRB^DPx5Lle{<(0y z=fj1mnc{6<+O&nNu^xI_=Gmond0jpj68}?ILEe8d&>1o4Q6C(1D!Lw{c@RNO`(6&0 z(PU2DGtSfxrg{B#@otFE$+kaqWlQ*XrmX*#h{N1H^&Pjw(cJD(+H~S@Jr!(BKR(@A z^bVtmcebWXyRhx#0V-8TNh!X(^xl}O0m{;%jpsA2qpSZ=ItJd!UU6r9=oqSCHM5>5 zjyiI-Q;R9aDSohR#bt}7J>+npc(e+{d_fdP;F?7Q6ucC)gzCtaNMPU7RxLD_^IbD# z>fEU&+O#(Cl5#BuS|#lx8(9?*!xiQ9?|wCyvm49tp;p(G&D(gD#c{ zlOP$qQkP3#cAe!^~T#Ijb0Tbcjc|JyNTkZGseu>V8mPXg4{tYMdb~Ov_7XZiJ#rB zUbYW>$@}`4nu&`4SKH4|j&$WTT{`5qH%>C;C3c_2@*8{CLYHurU@f0g_j{Vy zT?=lhDXnEY`YKrF^4f5khwTGtNmzEqN z_|?-Iz>L2kwl)Ny-CHP)$?;tF((Rach1G1jFB)|(wuNP6t3QP>shvBnyYNV9B?rH| zIDD~p7zMnx3I+Bw;v#-GbD1+|Y2D9MdYTOJ>p5*fey7bH05~>96yG9RElU#M65;p0 z2_|e&LN-vUBcK|`s$c&R6v80 zVfsO)UE|U*$(>WY;%ar42&vf>-0}nGV|dYsKF#V8>r&)<>)rd!=N(b8>?{|Z%{(#^ z6#1{ile)HrJ+YR^?z7ly3qE3r*(~TxdR-Yz2|6Op@Ix~VWwCXm&kSGFrkeSNUhdh|k4^^b*&r-@Oq?&4i5;rL3Ye4V_WRM!&3j;XOwCoxB!aq{~J)v4$H|(~4J#mzPB)`?G38 zNZQH$xUS0BB+Yv#p7*wNlbXCOmG=}Uqk1_9eh|{w z$$(qT`Z?~tBr#nc8<0nmPwg{GaZC1Yc|p!}HYRR(;ap3%zdRCdLeKMVIN!#JzcFpa zmk8ie@fbOWba8u5@@$Rb;VJOZCmun#wM{=kyC#~H^Q9`)L#!+F)yi5h`}z4&N`-@X z|0qSGc9F=lk`BAK=@8m1-{=-k-1y3PWrH!0nKs5-sI?qX8GnG^ql7sI*aSmlvs5YE zJj~9E;F86&&U+8HD4_%7=5mIACjF{C7^H6w`@GIe7uxBv7fKd>ueR^zu!(F)mmL3A zu&i{HN^2a+AXR9xnX0xY2g_TJm$zNYgjCt} zf@1Ba7N=!(LHz%YYLv{f%sfm0Uw|LL4d4TC1wa8(02hGM{~x(6%M4_C=;`goCkvKS z1cAX|1zA}|FbGN7@oyh;vJxa|-CtBiOa%Db%KlFw`j4DP_Fp-V?vRW)`-l0-L1LAK zeqCDW+M!zOf9JetB&o-eZO8a;MndmA)q8T<^H15H!hY+K$CsV@cRAyH!h3x2^w!12#c^;vY#yKUAvr_`D!}# zPL4y`&O|cGEGl%sey-a_=h^$D^rtEB+=#WP1Z6h zr5Carus0mF!OG2h!DI47hCnsiZF^9Z8{q_~>sj$QY@cO~*?;kR>=`!9&{XGZZ+wb; zfP(;Z^~7+rdy2Ka&aa{ZjPQ9FH zB1{#xR)R${$Ri`e%15wd`j}4FYSgQI9$Q(eaJjW--K?35Ii#DcoURbR1!Nq0S=FZ+ zpB;vr*Kh{u@dwcq&N8}H4DE7AfK(QAxGEa@%Eg3)|6ZTYh6Z@~*<-rl#j1rYS4g3Y zt(dkti!Xig+ZJIe>fp+Y6)JX^V2*?l+ZQbQ>9ZkD^%Ry{UfUF(o`XkPGPjtBN`udj z8Zww6$+y>fi8#Nb^XYIcvBoUmOKQ17kkzxwif-7vvDf1&_E~!5+{?N(AM=R)>1K1j z13=DrtdFykKQX#+FB9F+VcZt%o|`D+`J+IX(dbEL7j_B-oyoH#3jBi)+}rtVc{o!y z(uD2=4*bYk*|BcPffg#C#gU*h`-6tsQ&!^mfM=Qa=>reA%TCme@IaZcU#}zHS_T5M z+x`1a0<)JXwedcWt-_;lh{>!YS%bXt))P=fS*BoV!7C5qJZSS=WGSNq=YuGtyV5E; zW8h7ix+{TqZyk-96ccbt-Jvwa{1TP^lmXx>y%sj<%Rvpj@%VAo?AbLsXtd*bTQ-8C z-rojuU86a}loepO*7{(`hZ94#%~t=lr1mUeOr(xLuy#0IoHd?4#WWh+tEqFDyRG&n zLv9h3u99Hbxv`oUSaXrB6?~H*RNZ#IMHg*MNa{9A3+x&NH6|; zh-3*R#V4uQxxhECxr5W1M(6==>{<0UBA3^yg@c z{Z^@PH=aJ4(QgzJU}|M4+?&TscVZ_xA7K^7$HH_qA(9uicC>;IP`;ba`o! z9fyP@K?u|pL3gRK*8GJ#PmwUY|LQVktC~bDa=6XA2CD|%ncW^Pl5Mlsq({subs}%*4gL3>s{kCQ^Nics z?150eY1EVZqZzslqTgB?k$WQMWNDR zr(=^IqA6)GZ6G#aNE-)%Ge)N^4Lk0QQq(|aq#r6Fy%oer!Ukd{c0v<1-rNCm3M;9! zxHh^3oy)t_e9zr9n`%zXUuB*XC@zhFYj55AxPzBid)LxsZ{;KjTW#gA(T| zg}Y*rzjg^U;r1j)Eg!}4c7wmXlbh67=&twr5=m83!3=g-_ARvZH@y)}CJ@(hjf~Pb zzYQWZrEm3eARocskeyy9aSr}Rw7_|yQ83QZO=qdUu(-93bG55axOlK?3RJ=qHBoi@ zf_3UK2Olku--i7VF~~EcCQa#gd!*lQ?~TQ+-I>OUKs11uIU3h$A`O1j=>?GP@i*vY z9ETJw;Jmaj%lNt@1+%O%3q#^Bdb5E|{hM4XzVkT`?kwpdDFJ$mysxpHmh05n^=){^ zb-$7`m2dN|!E991ZzJ!#^Ef`xgG{xEj)*hlD{N!iN`q-KBMLAv+uhNVwYi(7&}z@k zfwK+}+v3n#zlXgD73cb^jr|g_O?}!MQggmC#(Vv4HK@SnDqfft|7_d7o8yS~Qv(Y- zfLMkT!uNyv;>r#%1pn>hMt(L9Sxa-|x;P^=M#ojlBBK+ujT~l8Ee*O8ts5qiL ze4s7x zk`oQra6pgvn&rqBcawP7ij0SSVp47|{jhT_@OG>CS$gL+L>CvpDvy~<8Ya5D>ZxmJ zBD+f}VZeH{Xwa6Q%j`h$rcFFc`%-P;bOMoi5Jt^xJVzVg8BFk)1LMv4D}s&NB=_{R zWV+#ehc?JNei28JH{XT2Q?lWC_f*-we-3Fz5>iN&HRY_KpR6s`XtN=HM&`WuAPWp* zq)R?cQ#Ga?PCzlFDm)R8`t5EdIH+^*=#$gf7nqb(`FK$VC3ODu?&S)@OV=Bj?V+XX ze7Sn95>LXV7jOx`R}$z}kK^D-^>te5qvT;WZ5BvLs-?M%0QVG{^8RjUUXM)9%06+L zsOjmHdeU-gYL}+2-Hsb1J$Kf34LD4e*LO}&hS+xAjwxGWYoOP1He%%@d`gW7R$}DG zUxv-x%*Wx2?@>J8=h!q&igdOLVK(WsiZ4{{44jb>#zmzZ_q-Fl&w0JOxAtdR`k#l& zj{uF{t{I9}U!mtSJa4N}+Gt2e+<^%+-k-qg`AG_d`Hf>WmhNbON%tr}TiYvY0vw6Z zKr=5`4r@(0r4X(~LFJXquN#55W;!t(Wlem$8GKd^Q{)S2yJTw_e=8<3fjhxrl)% zVfm`5-Y@n207%i$8D|nLrzV6eP@zqERccoMkzK>IAX_u@2S*$+>EzQXTq^3|^xSAC zhPfRE7dGt=wb5@*AWpiS`SlNXS;t2#Y2krzn*^@9bo_bT6ya&AEo8liee9rWf$ha5 zw^$JO;c(3WcfE@^FET-rp3Q|r|l}B^&;qA`AcFa9AeC`I+ z>YB$7X)oi0cBD0ImWIl0lkdEF=oTEkM_76a-YE|@v z4_>OAAOFFO99+bWLZ`yvmI(ri@m@+ipahh(?ud^eDVlPlTQRnuY`1 z3UX)zUGzC(JYOwEhDDE!)|{vivt+!d>B$R6|jimcV3S_QaIAjh7=AajUT8$;KV7f$fO2Px$n9)9t2f!v~MQK{MO zo5XF6e3hyCI@V5hGjz{Z`3HOS7TgCPnvEj4a!x%bMZfEK$kScRr7@7=@N9`&#EkG!Mo3tBmb97{R##%Eu@E?Ko2 z-|+Q66){w!z}84+l#!Ai^?p5@VGXN&ZY})L)&fmA-fIO(c`ardPAv)+h7v0rIQ~Wt>o}j|F~q1?dk7HnLd# zv$iLaIK^O!5Z{D%El`#Q6&(IP!f;b_QwW(VVZ5M?MMesqF6Y~rei8jR;p3ke7ms*~ zl1wXseoObJ>{}7Sv? zNtU0PHIqA=zc`qUk4|N>?LL`Li(P6ycyzvt-2z>Jq&<*LQlflAA0oeqqWZ_rrZCqO z2t_c2u{d$l1Zum>6FIIdN<(RV!{U~0wfN0I+Oaw>RPJrwF96RJ!O)Uc^Zd|4~23*&X5EHJ}GO^58#>P_#N;%HbSRBI(yN zIx8;YDxcpr>eB&}hUu?UJSJE;EtQFn*N`E{{Pyi2%| z6D>bR4)?+SjQmQo;-Xj}+NmlhGmv$KbB2K1`0LH7yqKN`UK(g4$&H_UIurxoUlCR_9Ib3nr1FOR}sc3MkL=KjWuy-DCYt1oL1REn*TIm; zQGGYX{yE|Tu73{nnE0rpE7*A1Cr zJJi=r0af?A>$CR~gA)0b%5-85=`xIYzVgepGCC@40-1pymr_+-4@%$`wTHAv3I)fZ zEa~)hDy6&#POla^^?ALa=K{ZOP36`5KTRB(qhZ~!c1jpWil|sa$u*6QtVTuY!Z#Rc zvNE|2akG(?pr+owjUt4|l}$ShvK~i{KM0r5|D!b}Yf=)`dm24vgxeCDiNQoS0lG}; zW4k|Ay5`*xK{!|9ip^^9DyYgY+3;#6Pl8H5+fh-s@&Y645#I8OcJl7Bhi^Wra#vQ1 z=ZKma_|3QET1({cZGpcIMQ7CHyEU^#gYM3w-ATncbe!+$?3f3Hdt!c$vEn*?ZDy*Z zb0L3$d%ub)ATlh3=snv%VJim9iA&#&7ZO6P6i9%t8jaJT4;ldtvF_UxusWAIq7v`X ztmy*v(ehZPmTvF${U=^E4@%VE97VxuQ5oqA)6#N%g`$x*k_}m^->HYbDUQ#V%_T?H zaD4eb7tcV~?J%zAU-fpha5<3+48-zht0yMMCo1|C|N6_6~hwm+t{LTBcVHrxaaA~SEp_UoGN3vJT%b%KE zGopX|xwib@eUi)Eu)vkcB16X|jF$`}vxnDxNQ<;HcSumF z$lxu%o+!@hUKZxZb}+Nj_ObA0!r--{JOlc~^+l|7@q}9!)+tV)%1Sey?(cx_yt4ga z{n4*2tZTkx(up|}YXjyJR`wM(9b7-1IQ^{a&i2a4;YU!(fWcen($aOvn)j6m5F0D1=wA`G BgD3z1 diff --git a/helm/ds/templates/_helpers.tpl b/helm/ds/templates/_helpers.tpl deleted file mode 100644 index c3309e16f1..0000000000 --- a/helm/ds/templates/_helpers.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{define "name"}}{{default "opendj" .Values.nameOverride | trunc 63 }}{{end}} -{{define "fullname"}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{end}} - -{{/* work in progress. TODO reduce dj image boilerplate */}} -{{define "dscontainer"}} -image: {{ .Values.image.repository }}:{{ .Values.image.tag }} -imagePullPolicy: {{ .Values.image.pullPolicy }} -volumeMounts: -- name: dj-secrets - mountPath: /var/run/secrets/opendj -- name: db - mountPath: /opt/opendj/data -envFrom: -- configMapRef: - name: {{ .Values.instance }} -env: -- name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{end}} \ No newline at end of file diff --git a/helm/ds/templates/configmap.yaml b/helm/ds/templates/configmap.yaml deleted file mode 100644 index 588c45a55d..0000000000 --- a/helm/ds/templates/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.instance }} -data: - BASE_DN: {{ .Values.baseDN }} - # example: configstore, cts, userstore. The instance is used to construct the FQDN of DS. - DJ_INSTANCE: "{{ .Values.instance }}" - DS_SET_SIZE: "{{ .Values.replicas }}" - OPENDJ_JAVA_ARGS: "{{ .Values.opendjJavaArgs }}" - DS_ENABLE_CTS: "{{ .Values.cts.enabled }}" - DS_ENABLE_USERSTORE: "{{ .Values.userstore.enabled }}" - DS_ENABLE_CONFIGSTORE: "{{ .Values.configstore.enabled }}" - DS_ENABLE_IDMREPO: "{{ .Values.idmRepo.enabled }}" - BACKUP_CLUSTER_NAME: {{ default "default" .Values.backup.clusterName }} \ No newline at end of file diff --git a/helm/ds/templates/ds.yaml b/helm/ds/templates/ds.yaml deleted file mode 100644 index f7d74e8e6e..0000000000 --- a/helm/ds/templates/ds.yaml +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. All Rights Reserved. -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ .Values.instance }} - labels: - instance: {{ .Values.instance }} - app: {{ template "fullname" . }} - vendor: forgerock - component: {{ .Values.component }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.instance }} - replicas: {{default 1 .Values.replicas }} - updateStrategy: - type: RollingUpdate - {{- if .Values.persistence }} - volumeClaimTemplates: - - metadata: - name: db - annotations: - pv.beta.kubernetes.io/gid: "11111" - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ default "5Gi" .Values.storageSize }} - {{- if .Values.storageClass }} - {{- if eq .Values.storageClass "-" }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.storageClass }}" - {{- end }} - {{- end }} - {{- end }} - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" -{{- with .Values.extraAnnotations }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - labels: - instance: {{ .Values.instance }} - app: {{ template "fullname" . }} - vendor: forgerock - release: {{ .Release.Name }} - component: {{ .Values.component }} - spec: - {{- with .Values.serviceAccountName }} - serviceAccountName: {{ . }} - {{- end }} - affinity: - podAntiAffinity: - {{- if eq .Values.podAntiAffinity "hard" }} - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.topologyKey }} - labelSelector: - matchExpressions: - - key: instance - operator: In - values: - - {{ .Values.instance }} - {{- else if eq .Values.podAntiAffinity "soft" }} - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: instance - operator: In - values: - - {{ .Values.instance }} - topologyKey: {{ .Values.topologyKey }} - {{- end }} - terminationGracePeriodSeconds: 30 - {{- with .Values.securityContext }} - securityContext: -{{ toYaml . | trim | indent 8 }} - {{- end }} - {{ if .Values.restore.enabled }} - initContainers: - - name: restore - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: db - mountPath: /opt/opendj/data - - name: backup - mountPath: /opt/opendj/bak - - name: dj-secrets - mountPath: /var/run/secrets/opendj - envFrom: - - configMapRef: - name: {{ .Values.instance }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: [ "restore" ] - {{- end }} - containers: - - name: ds - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - #terminationGracePeriodSeconds: 10 - {{- if eq .Values.instance "ctsstore" }} - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "/opt/opendj/scripts/cts-poststart.sh"] - {{ end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - envFrom: - - configMapRef: - name: {{ .Values.instance }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 1389 - name: ldap - - containerPort: 4444 - name: admin - - containerPort: 8989 - name: replication - - containerPort: 8080 - name: metrics - volumeMounts: - - name: dj-secrets - mountPath: /var/run/secrets/opendj - - name: backup - mountPath: /opt/opendj/bak - - name: logs - mountPath: /opt/opendj/logs - - name: db - mountPath: /opt/opendj/data - args: [ "start" ] - # Due to cost, we don't want to do a full scrape of the metrics http endpoint - so we create a tcp connection - # todo: revisit when https://bugster.forgerock.org/jira/browse/OPENDJ-4728 is resolved. - # TODO: Uncomment when we get ds to start faster. Seletively disable replication - # readinessProbe: - # tcpSocket: - # port: metrics - # periodSeconds: 10 - livenessProbe: - tcpSocket: - port: metrics - initialDelaySeconds: 60 - periodSeconds: 120 -{{- with .Values.extraContainers }} -{{ tpl . $ | trim | indent 6 }} -{{- end }} - volumes: - - name: dj-secrets - secret: - secretName: {{ .Values.instance }} - - name: logs - emptyDir: {} - {{- if .Values.backup.pvcClaimName }} - - name: backup - persistentVolumeClaim: - claimName: {{ .Values.backup.pvcClaimName }} - {{ else }} - - name: backup - emptyDir: {} - {{ end }} - {{- if not .Values.persistence }} - - name: db - emptyDir: {} - {{ end }} - {{ if eq .Values.taints.enabled true }} - tolerations: - - key: "type" - operator: "Equal" - value: {{ .Values.instance | quote }} - effect: "NoSchedule" - {{end}} diff --git a/helm/ds/templates/secrets.yaml b/helm/ds/templates/secrets.yaml deleted file mode 100644 index 89d7c4d99d..0000000000 --- a/helm/ds/templates/secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Secrets for OpenAM stack deployment. This will be mounted on all containers so they can get their -# passwords, etc. -{{ if .Values.useDefaultSecrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.instance }} -type: Opaque -data: -{{ (.Files.Glob "secrets/*").AsSecrets| indent 2 }} -{{ end }} \ No newline at end of file diff --git a/helm/ds/templates/service.yaml b/helm/ds/templates/service.yaml deleted file mode 100644 index 763d701b66..0000000000 --- a/helm/ds/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2016-2019 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.instance }} - labels: - app: {{ .Values.instance }} - component: {{ .Values.component }} - vendor: forgerock - heritage: {{ .Release.Service }} -spec: - clusterIP: None - ports: - - port: 1389 - name: ldap - targetPort: 1389 - - port: 4444 - name: djadmin - targetPort: 4444 - - port: 8080 - protocol: TCP - name: metrics - selector: - app: {{ template "fullname" . }} - release: {{ .Release.Name }} diff --git a/helm/ds/values.yaml b/helm/ds/values.yaml deleted file mode 100644 index d9f0413fef..0000000000 --- a/helm/ds/values.yaml +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. - - -# If useDefaultSecrets is set to true (the default), the secret values in ../secrets will -# be used to create a secret map with the same name as the instance ($instance). -# If you set useDefaultSecrets to false, you must create this secret map yourself before the DS -# instances will be provisioned. This allows you to inject your own secrets rather -# than use the default ones bundled in the chart. An alternate strategy is to fork this chart. -# and replace the secrets in ./secrets with your own. -useDefaultSecrets: true - -# The default DS baseDN for the user store. Note the ds image creates several backends that are hard coded and this -# setting will have no impact on those backends. This setting will be removed in the future. -baseDN: "ou=identities" - -# The default instance name. This will create a stateful set that can be resolved at -# $instance-0.$instance. You can also use the service name $instance - which will get (randomly) -# load balanced to an instance (not recommended ) -instance: ds - -component: ds - -# If you want to disable the userstore backend, set this to false -userstore: - enabled: true - -# If you want to disable specific backends, set to false: -cts: - enabled: true - -configstore: - enabled: true - -idmRepo: - enabled: true - -image: - repository: gcr.io/forgerock-io/ds/pit1 - tag: 7.0.0-7ef42d9a34b5b829d10ca251e6a17d6eff93d678 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -# The number of instances in the StatefulSet. Each instance is a combined DS/RS pair. -# You can not change this after installation. -replicas: 1 - -# Size for DS database storage. Note GKE IOPS scale based on the size of the volume. -storageSize: "10Gi" - -# Set storageClass only on clusters that support it (GCP / AWS). -#storageClass: fast - - -backup: - # This is an optional parameter that will mount the named PVC volume (most likely an NFS share) - # on the bak/ directory. If this is not specified, an emptyDir will be mounted instead. - # The pvc is usually created by the dsadmin/ chart. - #pvcClaimName: ds-backup - - # This configures the top level directory under bak/ - # The backup folder is set to $clusterName/$instance-$namespace. This - # forces each instance backup to go to a different folder on the shared PVC drive. Without this - # you will get collisions on backup / restore. - # If you have many clusters backing up same shared NFS volume, change the default here. For example, - # set it to "production" - clusterName: "default" - - -# You need to be on JDK 8u131 or higher to enable these options. -# todo: find JDK 11 args -#opendjJavaArgs: "-server -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:+UseCompressedOops -XX:+UseG1GC -XX:MaxGCPauseMillis=100 -XX:MaxRAMFraction=2" - -# These defaults work for a small test instance -opendjJavaArgs: "-Xmx512m" - -# Resource limits. -# These help for pod placement in a larger cluster to ensure the DS instance gets sufficient resources. -# The default values are artificially low. -# For production, you will want to increase them. -resources: - requests: - memory: 512Mi - limits: - memory: 768Mi - -# DS persistence switch. Setting this to false disables volume claims - all data is stored inside the docker image. -# Used in testing environments without pv providers. When the pod is terminated, the DS data will be deleted! -persistence: true - -# Pod Anti Affinity switch. For production this should be set to "hard", otherwise use "soft". -# The hard setting will force ds pods to be spread out over multiple hosts/zones. soft is best effort -# but pods will still be scheduled together if sufficient resources are not available. -podAntiAffinity: "soft" - -# This is the exact value for TopologyKey. The other possible value is "failure-domain.beta.kubernetes.io/zone" -# which will ensure that pod is scheduled on nodes in different zones thus allowing for HA across zones. -# Note you want to leave this value as is if you are deploying a single zone cluster and change the values only -# if you have a multi-zone cluster. -topologyKey: "kubernetes.io/hostname" - -# Restore parameters. -restore: - # If true, runs the init containers that restores the directory from a backup folder in the bak/ folder. - # The backup data must be present in the bak/ folder. - # Restore will not overwrite existing DS data. - # A backup folder contains a full backup and a number of incrementals. The most up to date incremental - # is used to recover. - enabled: false - -# This will make sure the mounted PVCs are writable by the forgerock user with gid 111111. -securityContext: - runAsUser: 11111 - fsGroup: 11111 - supplementalGroups: [ 0 ] - -# if taints enabled, then pod will be deployed on node with tainting type=INSTANCE_NAME (eg type=userstore) -taints: - enabled: false diff --git a/helm/dsadmin/.helmignore b/helm/dsadmin/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/dsadmin/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/dsadmin/Chart.yaml b/helm/dsadmin/Chart.yaml deleted file mode 100644 index 99a358badf..0000000000 --- a/helm/dsadmin/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: dsadmin - chart to manage directory service instances -name: dsadmin -version: 7.0.0 diff --git a/helm/dsadmin/README.md b/helm/dsadmin/README.md deleted file mode 100644 index 31bf66b782..0000000000 --- a/helm/dsadmin/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# dsadmin - Directory Service Administration Chart - -At present this chart is optional and has limited functionality. In the future it may be extended with -additional capabilities to manage a number of directory server instances. - - -## Functions - -* Creates a dsadmin deployment. This runs a pod with the directory server tools installed. The pod sleeps, waiting for you to exec into the it to run various commands (ldap-modify, etc.). -* Optionally creates a Persistent Volume (PV) and Persistent Volume claim (PVC) for an NFS server where backups will be stored. The ds/ helm chart can mount this volume for backup and restore. -* Optionally creates an archive process to send backup data to an AWS S3 or GCP GS bucket. - - -You need only a single instance of this chart, even if you many directory server deployments. - - -## PV / PVC creation - -This chart creates a PVC claim for the backup volume that is backed by an NFS PV. Helm's delete policy has been set to keep the PV and PVC when the dsadmin release is deleted. On subsequent installs of dsadmin, you should set the option: - -`--set createPVC=false` - -To avoid trying to re-creaate the PVC that already exists. See the values.yaml file. - -## GCS / S3 archival - -By default archival to S3 or GCS is disabled. See values.yaml for the possible values settings. If enabled, -this chart creates a sync cron job that periodically copies the contents of the bak/ shared PVC to a bucket. -This is provided as a sample. You will need to adjust this to suit your environment. diff --git a/helm/dsadmin/dsadmin.sh b/helm/dsadmin/dsadmin.sh deleted file mode 100755 index 9f5908dc6d..0000000000 --- a/helm/dsadmin/dsadmin.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -# Test to see if the pv exists, if it does, launch with the option to skip creation. - -ARG="" - -kubectl get pv ds-backup && ARG="--set createPVC=false" - -set -x -helm delete --purge dsadmin - -helm install --name dsadmin $ARG dsadmin - diff --git a/helm/dsadmin/templates/_helpers.tpl b/helm/dsadmin/templates/_helpers.tpl deleted file mode 100644 index 1160bed44a..0000000000 --- a/helm/dsadmin/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "dsadmin.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "dsadmin.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "dsadmin.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/helm/dsadmin/templates/backup-pv.yaml b/helm/dsadmin/templates/backup-pv.yaml deleted file mode 100644 index 4d0404d2fd..0000000000 --- a/helm/dsadmin/templates/backup-pv.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.createPVC }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: ds-backup - annotations: - # We tell helm to not delete the backup PV for safety - "helm.sh/resource-policy": keep - labels: - bucket: backup -spec: - capacity: - storage: 1Ti - storageClassName: nfs - persistentVolumeReclaimPolicy: Retain - accessModes: [ ReadWriteMany ] - nfs: - server: "{{ .Values.nfs.server }}" - path: "{{ .Values.nfs.path }}" - readOnly: false -{{ end }} \ No newline at end of file diff --git a/helm/dsadmin/templates/backup-pvc.yaml b/helm/dsadmin/templates/backup-pvc.yaml deleted file mode 100644 index 28762ec3d3..0000000000 --- a/helm/dsadmin/templates/backup-pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{ if .Values.createPVC }} -# pvc for the shared backup volume -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ .Values.backup.pvcName }} - annotations: - #We tell helm to not delete the backup PVC for safety - "helm.sh/resource-policy": keep -spec: - accessModes: - - ReadWriteMany - storageClassName: nfs - selector: - matchLabels: - bucket: backup - resources: - requests: - storage: {{ .Values.backup.storageSize }} - storageClassName: nfs -{{ end }} \ No newline at end of file diff --git a/helm/dsadmin/templates/dsadmin.yaml b/helm/dsadmin/templates/dsadmin.yaml deleted file mode 100644 index 2147a56bf1..0000000000 --- a/helm/dsadmin/templates/dsadmin.yaml +++ /dev/null @@ -1,65 +0,0 @@ -# This is a small "admin" pod that just pauses and waits for -# someone to exec into the image. Used for debugging, kicking off remote tasks, etc.. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dsadmin - labels: - app: dsadmin -spec: - replicas: 1 - selector: - matchLabels: - app: dsadmin - template: - metadata: - labels: - app: dsadmin - spec: - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - initContainers: - # When the NFS share has just been created it is owned by root. We need to run as root, create - # a top level folder for backups, and chown the permissions to the forgerock user. - - name: chmod - image: busybox - command: ['sh', '-c', 'chown 11111 /bak/; chmod 775 /bak/*'] - volumeMounts: - - name: backup - mountPath: /bak - containers: - - name: opendj - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - # envFrom: - # - configMapRef: - # name: {{ .Values.instance }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPENDJ_JAVA_ARGS - value: "-Xmx256m" - volumeMounts: - - name: backup - mountPath: /opt/opendj/bak - # volumeMounts: - # - name: dj-secrets - # mountPath: /var/run/secrets/opendj - args: [ "pause" ] - resources: - requests: - memory: 300Mi - limits: - memory: 350Mi - volumes: - - name: backup - persistentVolumeClaim: - claimName: "{{ .Values.backup.pvcName }}" - # There is a single dsadmin instance for all ds servers - so we don't mount any secret for the - # directory manager password. TOOD: We can revist this. - # volumes: - # - name: dj-secrets - # secret: - # secretName: {{ .Values.instance }} diff --git a/helm/dsadmin/templates/gcs-sync.yaml b/helm/dsadmin/templates/gcs-sync.yaml deleted file mode 100644 index ea86869661..0000000000 --- a/helm/dsadmin/templates/gcs-sync.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.gcs.enabled }} -# This is an optional cron job to sync the contents of the backup shared PVC to gcs for offline storage. -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: gcs-sync - labels: - app: gcs-sync - vendor: forgerock -spec: - # Hours are UTC. 5:15 AM UTC is approx. 1 AM EST - schedule: "15 5 * * *" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: Never - containers: - # This runs the gsutil command to rsync the contents of the bucket to the /backup folder - - name: gcs - image: gcr.io/cloud-builders/gcloud:latest - imagePullPolicy: IfNotPresent - # rsync in both directions. First we sync our pvc backup to gcs. Then we sync back again - which will pick up - # Any new files added to gcs. If you don't want this bidirectional behaviour, take out the second gcs command. - # Note the use of the -d (delete) option on the second rsync. - # This triggers deletion of files on /backup that do not - # exist on gcs. You may wish to disable this option for safety. If you do, to delete files you must ensure they are - # deleted from both the backup filesystem AND the gcs bucket. Another option is to send gcs backups to yet another bucket - # likely using offline or nearline storage. - command: [ "/bin/sh", "-c", - "gsutil -m rsync -r /backup {{ .Values.gcs.bucket }} && gsutil -m rsync -r {{ .Values.gcs.bucket }} /backup; chmod -R g+rw /backup"] - volumeMounts: - - name: backup - mountPath: /backup - volumes: - - name: backup - persistentVolumeClaim: - claimName: {{ .Values.backup.pvcName }} -{{ end }} diff --git a/helm/dsadmin/templates/s3-sync.yaml b/helm/dsadmin/templates/s3-sync.yaml deleted file mode 100644 index a47fbf02ac..0000000000 --- a/helm/dsadmin/templates/s3-sync.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.s3.enabled }} -# This is an optional cron job to sync the contents of the backup shared PVC to s3 for offline storage. -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: s3-sync - labels: - app: s3-sync - vendor: forgerock -spec: - # Hours are UTC. 5:15 AM UTC is approx. 1 AM EST - schedule: "15 5 * * *" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - restartPolicy: Never - containers: - # This runs the s3 sync command to sync the contents of the bucket to the /backup folder - - name: s3 - image: amazonlinux:2.0.20180827 - imagePullPolicy: IfNotPresent - # sync in both directions. First we sync our pvc backup to s3. Then we sync back again - which will pick up - # Any new files added to s3. If you don't want this bidirectional behaviour, take out the second s3 command. - # Note the use of the --delete (delete) option on the second sync. - # This triggers deletion of files on /backup that do not - # exist on s3. You may wish to disable this option for safety. If you do, to delete files you must ensure they are - # deleted from both the backup filesystem AND the s3 bucket. Another option is to send s3 backups to yet another bucket - # likely using offline or nearline storage. - command: [ "/bin/sh", "-c", - "yum install -y awscli; aws s3 sync /backup {{ .Values.s3.bucket }}; aws s3 sync {{ .Values.s3.bucket }} /backup --delete; chmod -R g+rw /backup"] - volumeMounts: - - name: backup - mountPath: /backup - volumes: - - name: backup - persistentVolumeClaim: - claimName: {{ .Values.backup.pvcName }} -{{ end }} diff --git a/helm/dsadmin/templates/verify-job.yaml b/helm/dsadmin/templates/verify-job.yaml deleted file mode 100644 index 73708a0e74..0000000000 --- a/helm/dsadmin/templates/verify-job.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{ if .Values.backup.verify }} -# This is a WIP. -# TODO: This needs to be refactored to support verification across many ds instance backups -# It previously had a 1-1 relationship between the instance and the backup, now it is 1-N -# -# This is an optional cron job that restores from a backup and verifies the integrity of the data. -# To create an ad hoc job you can use: -# kubectl create job verify --from=cronjob/ds-verify -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: {{ .Values.instance }}-verify - labels: - instance: {{ .Values.instance }} - app: {{ template "fullname" . }} - vendor: forgerock - component: opendj -spec: - # Hours are UTC. This is approx. 1 AM EST - schedule: "15 5 * * *" - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - # This will make sure the mounted PVCs are writable by the forgerock user with gid 111111. - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - restartPolicy: Never - containers: - - name: opendj - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ .Values.instance }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # Todo: We need to pass in list of backend paths to verify - args: ["verify"] - volumeMounts: - # - name: dj-secrets - # mountPath: /var/run/secrets/opendj - - name: backup - mountPath: /opt/opendj/bak - - name: db - mountPath: /opt/opendj/data - volumes: - # - name: dj-secrets - # secret: - # secretName: {{ .Values.instance }} - - name: backup - persistentVolumeClaim: - claimName: {{ .Values.backup.pvcName }} - - name: db - persistentVolumeClaim: - claimName: dsadmin-verify ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: dsadmin-verify - annotations: - pv.beta.kubernetes.io/gid: "11111" -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ default "5Gi" .Values.storageSize }} - {{- if .Values.storageClass }} - storageClassName: {{ .Values.storageClass }} - {{- end }} -{{end}} \ No newline at end of file diff --git a/helm/dsadmin/values.yaml b/helm/dsadmin/values.yaml deleted file mode 100644 index 1258b55ef1..0000000000 --- a/helm/dsadmin/values.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# Default values for dsadmin. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -component: ds - -image: - repository: gcr.io/forgerock-io/ds - tag: 6.5.1 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -gcs: - enabled: false - # GCS Bucket destination. You need the right scopes in container engine to write to this bucket. - #add --scopes storage-full when you create the cluster. - bucket: gs://forgeops/ds-backups - -s3: - enabled: false - # S3 Bucket destination - bucket: s3://forgeops/dj-backup - -storage: {} - -# If the pvc / pv already exists, use --set createPVC=false -createPVC: true - -backup: - # The name of the PVC to create to hold backups from all ds instances. - pvcName: ds-backup - # The size of the resource request to the PV - storageSize: "20Gi" - # Do not uncomment. Place holder for future work - # verify: false - -# For creating the PV, we need to specify the server and the path to the export -nfs: - server: 10.191.193.66 - path: /export - -# An optional slack webhook url. It can be used by the backup and verification processes to post notifications to slack. -# If you don't have slack, set this to "undefined" -slackUrl: undefined - -securityContext: - fsGroup: 11111 diff --git a/helm/end-user-ui/.helmignore b/helm/end-user-ui/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/end-user-ui/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/end-user-ui/Chart.yaml b/helm/end-user-ui/Chart.yaml deleted file mode 100644 index 90cb700019..0000000000 --- a/helm/end-user-ui/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: Used to run the ForgeRock End User UI as a stand-alone service -name: end-user-ui -version: 0.1.0 diff --git a/helm/end-user-ui/templates/_helpers.tpl b/helm/end-user-ui/templates/_helpers.tpl deleted file mode 100644 index df0383fedf..0000000000 --- a/helm/end-user-ui/templates/_helpers.tpl +++ /dev/null @@ -1,41 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "end-user-ui.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "end-user-ui.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "end-user-ui.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/helm/end-user-ui/templates/deployment.yaml b/helm/end-user-ui/templates/deployment.yaml deleted file mode 100644 index 25288e2a5a..0000000000 --- a/helm/end-user-ui/templates/deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: {{ include "end-user-ui.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "end-user-ui.name" . }} - helm.sh/chart: {{ include "end-user-ui.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "end-user-ui.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "end-user-ui.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.internalPort }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: -{{ toYaml .Values.resources | indent 12 }} diff --git a/helm/end-user-ui/templates/ingress.yaml b/helm/end-user-ui/templates/ingress.yaml deleted file mode 100644 index 857ff500ea..0000000000 --- a/helm/end-user-ui/templates/ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (c) 2019 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Ingress definition to configure external routes. -{{- if .Values.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ .Values.component }} - labels: - app: {{ template "fullname" . }} - vendor: forgerock - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$1 - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - tls: - - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - secretName: '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - rules: - - host: "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - http: - paths: - - path: /enduser/?(.*) - backend: - serviceName: {{ include "end-user-ui.fullname" . }} - servicePort: {{ .Values.service.externalPort }} -{{- end }} diff --git a/helm/end-user-ui/templates/service.yaml b/helm/end-user-ui/templates/service.yaml deleted file mode 100644 index cfb60c2ed8..0000000000 --- a/helm/end-user-ui/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "end-user-ui.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "end-user-ui.name" . }} - helm.sh/chart: {{ include "end-user-ui.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "end-user-ui.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/helm/end-user-ui/values.yaml b/helm/end-user-ui/values.yaml deleted file mode 100644 index 88087b8809..0000000000 --- a/helm/end-user-ui/values.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Default values for end-user-ui. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -# Top level domain. Used to create the ingress -domain: example.com -subdomain: iam - -# These are both used to form the FQDN for the load balancer. See _helpers.tpl -component: end-user-ui - -image: - repository: gcr.io/forgerock-io/end-user-ui - tag: 6.5.0 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -service: - name: end-user-ui - type: ClusterIP - externalPort: 80 - internalPort: 8080 - - -ingress: - enabled: true - annotations: {} diff --git a/helm/forgerock-metrics/.helmignore b/helm/forgerock-metrics/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/forgerock-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/forgerock-metrics/Chart.yaml b/helm/forgerock-metrics/Chart.yaml deleted file mode 100644 index dcf3d0633c..0000000000 --- a/helm/forgerock-metrics/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: forgerock-metrics -version: 1.0.0 diff --git a/helm/forgerock-metrics/README.md b/helm/forgerock-metrics/README.md deleted file mode 100644 index e7dac54f91..0000000000 --- a/helm/forgerock-metrics/README.md +++ /dev/null @@ -1,257 +0,0 @@ -# Prometheus and Grafana deployment - -The deployment uses the [CoreOS Prometheus Operator](https://github.com/helm/charts/tree/master/stable/prometheus-operator). - -Alertmanager overview: [here](https://prometheus.io/docs/alerting/overview/). - -Alertmanager configuration: [here](https://prometheus.io/docs/alerting/configuration/). - - -**Prometheus solution comprises of the following artifacts:** - -Helm charts: -* ***prometheus-operator*** deploys the Prometheus, Grafana and Alertmanager products along with the relevant metrics exporters. -Creates custom resources which make the Prometheus deployment native to Kubernetes and configuration. -* ***forgerock-metrics*** provides configurable ServiceMonitors, alerting rules and a job to automatically -import Grafana dashboards for ForgeRock products. ServiceMonitors define the ForgeRock Identity Platform -component endpoints that are monitored by Prometheus. - -Scripts: -* **bin/deploy-prometheus.sh**: deploys the Helm charts mentioned above: -* **bin/remove-prometheus.sh**: removes all deployed Helm charts described above. -* **bin/connect-prometheus.sh**: wrapper script for port-forwarding to Prometheus and Grafana endpoints. -* **bin/format-grafana-dashboards.sh**: script to format Grafana dashboards to be included in the deployment. - -Values files: -* ***etc/prometheus-values/prometheus-operator.yaml***: override values for Prometheus Operator. Here you -can configure Prometheus, Alertmanager and Grafana as well as define which services you would like monitored. -Default values are used in ```bin/deploy-prometheus.yaml```. -* ***samples/config/prometheus-values/\.yaml***: additional values used to define cluster -specific configuration. Use ```bin/deploy-prometheus.yaml -k .yaml```. - -
- -# How Prometheus Operator works - -Prometheus Operator creates, configures, and manages Prometheus monitoring instances. The Prometheus Operator -works by watching for ServiceMonitor CRDs (CRDs are Kubernetes Custom Resource Definitions). These are first -class Kubernetes types that you can manage with kubectl (kubectl create/delete/patch, etc.). The ServiceMonitor -CRDs define the target to be scraped. - -Prometheus Operator also defines alerting rules CRDs which allow for easy deployment of alerting rule files. - -
- -# How Prometheus works - -The Prometheus scrape configuration is generated and updated automatically by the Prometheus Operater as described above. -Prometheus uses its own config watcher to look for updated configurations. - -
- -# How Grafana works - -The Grafana Helm chart is deployed as part of the prometheus-operator Helm chart. Grafana automatically connects -to Prometheus and syncs all the metrics which are visible through graphs. - -Dashboards for ForgeRock products are added to the helm/forgerock-metrics/dashboards folder. Any new dashboards -must be formatted using the script ```bin/format-grafana-dashboards.sh```. The dashboards are automatically added -to a configmap and imported into Grafana. For more info, see 'Import Custom Grafana Dashboards' in the 'How Tos' -section below. - -
- -# How Alertmanager works -Alertmanager is used to redirect specific alerts from Prometheus to configured receivers. -To configure Alertmanager, there is an Alertmanager configuration section in ```etc/prometheus-values/prometheus-operator.yaml```. -Details about how to configure Alertmanager can be found in the link at the top of the page. -In summary: -* global section defines attributes that apply to all alerts. -* route section defines a tree topology of alert filters to direct particular alerts to a specific receiver. -Currently we're sending all alerts to a Slack receiver. -* receivers section defines named configurations of notification integrations. - -Prometheus alerts are configured, by product, in the ```helm/forgerock-metrics/fr-alerts.yaml``` file. -A PrometheusRules CRD has been included in the Helm chart which includes the fr-alerts.yaml file and syncs the -rules with Prometheus using labels. - -# Deployment instructions -### Pre-requisites -* Deployed ForgeRock application in Google Cloud cluster. -* Authenticated to cluster. - -### Prepare for deployment -* cd to the bin folder in your forgeops repo clone. - -* Running the deployment without any overrides will use the default values file which deploys to 'monitoring' -namespace and scrapes metrics from all ForgeRock product endpoints, across all namespaces, based on configured labels. - -* To override these values, create a new custom.yaml file, add your override configuration using -```helm/forgerock-metrics/values.yaml``` as a guide, and run ```deploy-prometheus.sh -f \```. - -* To provide custom Prometheus, Alertmanager or Grafana configuration, see the -**Overriding Prometheus and Alertmanager configuration values** 'How To' below. - -### Deploy - -Run the deploy script ```./deploy-prometheus.sh``` with the OPTIONAL flags: -* -n *namespace* \[optional\] : to deploy Prometheus into. Default = monitoring. -* -f *values file* \[optional\] : absolute path to yaml file to override ```helm/forgerock-metrics/values.yaml```. -* -k *values file* \[optional\] : absolute path to yaml file to override ```etc/prometheus-values/prometheus-operator.yaml```. -* -h / no flags : view help - -### View Prometheus/Grafana/Alertmanager - -The following script uses kubectl port forwarding to access the Prometheus and Grafana UIs. -Run ```./connect-prometheus.sh``` with the following flags: -* -G (Grafana) or -P (Prometheus). -* -n *namespace* \[optional\] : where Grafana/Prometheus/Alertmanager is deployed. Default = monitoring. -* -p *port* \[optional\] : Grafana uses local port 3000, Prometheus 9090 and Alertmanager 9093. If you want to use different -ports, or need to access multiple instance of Grafana/Prometheus/Alertmanager, use the -p flag. -* -h / no flags : view help - -View Prometheus: -* In browser: localhost:9090 (unless altered in the above script). -* Status/targets: to view whether targets are up or down and last scrape time. -* Status/configuration: to view the Prometheus scrape configs made up of all the configuration -provided by the Service Monitors - -View Grafana: -* In browser: localhost:3000 (unless altered in the above script). -* Login for Grafana: admin/admin. -* View dashboards clicking top left icon then select dashboards. - -View Alertmanager: -* In browser: localhost:9093 (unless altered in the above script). -* Status: view Alertmanager configuration. -* Alerts: current alerts. - -
- -# How Tos. - -### Configure new endpoints to be scraped by Prometheus. - -If you want Prometheus to scrape metrics from a different product, you need to create a new ServiceMonitor in the -exporter-forgerock Helm chart. Please follow these steps: -* Copy the am.yaml ServiceMonitor file and rename file to \.yaml. -* Change the following fields: - * change 'port: openam' to either port: \ or targetPort: \ - * find and replace 'am' with 'product-name'. - * If you don't require authentication to scrape the endpoint, then remove the basicAuth section. -* In values.yaml, copy the below am section and create a new section as described by the comments: - ``` - : - component: am # product name to define the ServiceMonitor - enabled: false # overriden in custom.yaml - path: /json/metrics/prometheus # metrics path - labelSelectorComponent: openam # kubernetes service label name - secretUser: cHJvbWV0aGV1cw== # username in base64 encode if required - secretPassword: cHJvbWV0aGV1cw== # password in base64 encode if required - ``` -* The default scope for Prometheus is to scrape all namespaces configured in values.yaml like this: - ``` - namespaceSelectorStrategy: any - ``` - If you want to limit this scope, you can define a list of namespace, for example: - ``` - namespaceSelectorStrategy: selection - namespaceSelector: - - production - - staging - - test - ``` -* Update Prometheus with new ServiceMonitor - ``` - ./deploy-prometheus.sh [-n ] - ``` - -### Overriding Prometheus, Alertmanager and Grafana configuration values. -The default deployment uses configuration values in ```etc/prometheus-values/prometheus-operator.yaml```. This file is just -a override of the prometheus-operator Helm chart default values file. This file contains configuration values for Prometheus and -Alertmanager and flags to toggle different metric gathering services(exporters). You can also override Grafana values -by adding a Grafana section to your override file as discussed below. - -You can provide your own custom configuration by customizing a copy of ```prometheus-operator.yaml``` and deploying as follows: -``` - ./deploy-prometheus.sh -k -``` - -The main uses of this custom file will be to: -* customize the Alertmanager configuration which determines whether to send alert notifications to a particular receiver -(Slack for example). -* customize the Prometheus configuration to include new endpoints to monitor as described in the -**Configure new endpoints to be scraped by Prometheus** 'How To' (e.g. an additional service that's running alongside -FR products). -* customize the Grafana configuration. - -Documentation links are embedded in the values files for guidance. -Sample configuration files can be found in the samples/prometheus-values/ folder. - -**```IMPORTANT:```** If using a Slack receiver to direct alerts to Slack, please do not add the config.global.slack_api_url -value into your custom values file as it contains an api key. Please use one of the following options: -* If using the deploy-prometheus.sh script, use the -s flag followed by the Slack webhook url. -* If deploying the Helm charts separately, add the following arg '--set alertmanager.config.global.slack_api_url=' to the prometheus-operator Helm chart. - -### Configure alerting rules. -To add new alerting rules, add additional rules to ```fr-alerts.yaml```. fr-alerts.yaml is split into groups with a -group for each product and a separate group for cluster rules. - -See [Prometheus alerting](https://prometheus.io/docs/practices/alerting/) for details on configuring alerts. - -### Configure alert notifications. -The default Alertmanager configuration in ```etc/prometheus-values/prometheus-operator.yaml``` is not configured to send any alert -notifications. This can be customized by following the steps in the previous 'How To' **Overriding Prometheus, Alertmanager and -Grafana configuration values.** and configuring the sections described below. - -* Alert grouping and filtering can be configured in the alertmanager.config.route section -* Notifications are configured in the alertmanager.config.receivers section where you can also define a template for the alert -output text. The output text also incorporates labels so the info can be dynamically imported from the original alert definition -(see the **Configuring alerting rules** 'How To'). - -See [Alertmanager configuration](https://prometheus.io/docs/alerting/configuration/) and [Alertmanger notifications](https://prometheus.io/docs/alerting/notifications/) for more details. - -### Import Custom Grafana Dashboards. -Grafana comes with a set of predefined Grafana dashboards for viewing Kubernetes and cluster metrics. Further custom -dashboards can be added to the deployment. - -### Expose Prometheus and Grafana externally. -To expose monitoring endpoints externally, add the following ingress section under Prometheus, Grafana and Alertmanager values sections in you override configuration as described in an earlier 'How To'. Here's an example for the Grafana section: - -``` -grafana: - ingress: - enabled: true - - annotations: - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: "true" - - labels: - group: monitoring-ingress - product: grafana - - hosts: - - grafana.monitoring.example.com - - tls: - - secretName: wildcard.monitoring.example.com - hosts: - - grafana.monitoring.example.com -``` - -The labels are optional and the hostname and secret name align with the current deployment of forgeops with cert-manager. - - - - - - - - - - - - - - diff --git a/helm/forgerock-metrics/dashboards/am-cts-dashboard.json b/helm/forgerock-metrics/dashboards/am-cts-dashboard.json deleted file mode 100644 index 735d57e514..0000000000 --- a/helm/forgerock-metrics/dashboards/am-cts-dashboard.json +++ /dev/null @@ -1,1327 +0,0 @@ -{ - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "Prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1525082796295, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "title": "CTS Cluster Overview", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 0, - "y": 1 - }, - "id": 49, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_cts_task_queue_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Tasks Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 6, - "y": 1 - }, - "id": 34, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(am_cts_task_queue_size{job=~\"$instance\"})", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Tasks Waiting in Queues", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 12, - "y": 1 - }, - "id": 35, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate(am_cts_task_queue_seconds_total{job=~\"$instance\"}[$aggregation_window])) / sum (rate(am_cts_task_queue_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Overall Average Task Queueing Time [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 18, - "y": 1 - }, - "id": 42, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate(am_cts_task_seconds_total{job=~\"$instance\"}[$aggregation_window])) / sum (rate(am_cts_task_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Overall Average Task Service Time [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_cts_task_queue_count{job=~\"$instance\"}[90s])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Task Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 19, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_cts_task_queue_size{job=~\"$instance\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Tasks Waiting in Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job) (irate(am_cts_task_queue_seconds_total{job=~\"$instance\"}[1m])) / sum by (job) (irate(am_cts_task_queue_count{job=~\"$instance\"}[1m]))", - "format": "time_series", - "hide": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - }, - { - "expr": "sum by (job) (rate(am_cts_task_queue_seconds_total{job=~\"$instance\"}[90s])) / sum by (job) (rate(am_cts_task_queue_count{job=~\"$instance\"}[90s]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Task Queueing Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job) (irate(am_cts_task_seconds_total{job=~\"$instance\"}[1m])) / sum by (job) (irate(am_cts_task_count{job=~\"$instance\"}[1m]))", - "format": "time_series", - "hide": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - }, - { - "expr": "sum by (job) (rate(am_cts_task_seconds_total{job=~\"$instance\"}[90s])) / sum by (job) (rate(am_cts_task_count{job=~\"$instance\"}[90s]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Task Service Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 9 - }, - "id": 58, - "panels": [], - "repeat": "operation", - "title": "$operation Tasks", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 10 - }, - "id": 63, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(am_cts_task_count{job=~\"$instance\",token_type=~\"$token_type\",operation=~\"$operation\",outcome=~\"$outcome\"}[5m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{token_type}} {{outcome}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "$operation Task Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 10 - }, - "id": 53, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_cts_task_seconds{job=~\"$instance\",token_type=~\"$token_type\",operation=~\"$operation\",quantile=~\"$quantile\",outcome=~\"$outcome\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{token_type}} {{outcome}} p{{quantile}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "$operation Task Service Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 16 - }, - "id": 71, - "panels": [], - "title": "Connections", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 17 - }, - "id": 75, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_cts_connection_count{job=~\"$instance\",outcome=~\"$outcome\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{outcome}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Connections Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 17 - }, - "id": 79, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_cts_connection_seconds{job=~\"$instance\",quantile=~\"$quantile\",outcome=~\"$outcome\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{outcome}} p{{quantile}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Connections Service Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [ - "AM", - "6.0.0", - "Prometheus" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Instance", - "multi": true, - "name": "instance", - "options": [], - "query": "label_values(am_cts_task_seconds,job)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "tags": [], - "text": "1m", - "value": "1m" - }, - "hide": 0, - "includeAll": false, - "label": "Aggregation Window", - "multi": false, - "name": "aggregation_window", - "options": [ - { - "selected": true, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "15m", - "value": "15m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - } - ], - "query": "1m,5m,15m,1h,1d", - "type": "custom" - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Token Type", - "multi": true, - "name": "token_type", - "options": [], - "query": "label_values(am_cts_task_seconds, token_type)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Operation", - "multi": true, - "name": "operation", - "options": [], - "query": "label_values(am_cts_task_seconds, operation)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": false, - "label": "Percentile", - "multi": false, - "name": "quantile", - "options": [], - "query": "label_values(am_cts_task_seconds, quantile)", - "refresh": 2, - "regex": "", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": [ - "$__all" - ] - }, - "hide": 0, - "includeAll": true, - "label": "Outcome", - "multi": true, - "name": "outcome", - "options": [ - { - "selected": true, - "text": "All", - "value": "$__all" - }, - { - "selected": false, - "text": "success", - "value": "success" - }, - { - "selected": false, - "text": "failure", - "value": "failure" - } - ], - "query": "success,failure", - "type": "custom" - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "AM 6.0.0 CTS", - "uid": "cWG6ysiiz", - "version": 34 -} diff --git a/helm/forgerock-metrics/dashboards/am-cts-token-reaper-dashboard.json b/helm/forgerock-metrics/dashboards/am-cts-token-reaper-dashboard.json deleted file mode 100644 index e5c2cc4200..0000000000 --- a/helm/forgerock-metrics/dashboards/am-cts-token-reaper-dashboard.json +++ /dev/null @@ -1,992 +0,0 @@ -{ - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "Prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 1, - "id": null, - "iteration": 1525083068004, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 8, - "panels": [], - "repeat": null, - "title": "Expired Token Identification", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 1, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_cts_reaper_cache_size", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A", - "target": "aliasByNode($host.$instance.cts.reaper.cache.size, 5)", - "textEditor": true - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Reaper Cache Size", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 12, - "y": 1 - }, - "id": 13, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_cts_reaper_search_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Searches [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 18, - "y": 1 - }, - "id": 14, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate(am_cts_reaper_search_seconds_total{job=~\"$instance\"}[$aggregation_window])) / sum (rate(am_cts_reaper_search_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Overall Average Search Service Time [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "idelta(am_cts_reaper_search_count{job=~\"$instance\",outcome=~\"$outcome\"}[10m])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{outcome}}", - "refId": "A", - "target": "aliasByNode(perSecond($host.$instance.cts.reaper.search.$outcome.count), 4)", - "textEditor": true - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Search Throughput", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_cts_reaper_search_seconds{outcome=~\"$outcome\",quantile=~\"$quantile\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{outcome}} p{{quantile}}", - "refId": "A", - "target": "aliasByNode($host.$instance.cts.reaper.search.$outcome.$timing, 5)", - "textEditor": true - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Search Service Time", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 10, - "panels": [], - "repeat": null, - "title": "Token Deletions", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 15, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_cts_reaper_deletion_total{reaper_type=~\"cache\",outcome=~\"$outcome\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Cache-based Deletions [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 16, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_cts_reaper_deletion_total{reaper_type=~\"search\",outcome=~\"$outcome\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Search-based Deletions [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 13 - }, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_cts_reaper_deletion_total{reaper_type=~\"cache\",outcome=~\"$outcome\"}[1m])", - "format": "time_series", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{token_type}} {{outcome}}", - "refId": "A", - "target": "aliasByNode(perSecond($host.$instance.cts.reaper.cache.*.deletion.$outcome.count), 5)", - "textEditor": true - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Cache-based Deletion Throughput", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "p/sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 13 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_cts_reaper_deletion_total{reaper_type=~\"search\",outcome=~\"$outcome\"}[1m])", - "format": "time_series", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} {{token_type}} {{outcome}}", - "refId": "A", - "target": "aliasByNode(perSecond($host.$instance.cts.reaper.cache.*.deletion.$outcome.count), 5)", - "textEditor": true - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Search-based Deletion Throughput", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "p/sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [ - "AM", - "6.0.0", - "Prometheus" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Instance", - "multi": true, - "name": "instance", - "options": [], - "query": "label_values(am_cts_reaper_deletion_total,job)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "tags": [], - "text": "1m", - "value": "1m" - }, - "hide": 0, - "includeAll": false, - "label": "Aggregation Window", - "multi": false, - "name": "aggregation_window", - "options": [ - { - "selected": true, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "15m", - "value": "15m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - } - ], - "query": "1m,5m,15m,1h,1d", - "type": "custom" - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Percentile", - "multi": true, - "name": "quantile", - "options": [], - "query": "label_values(am_cts_reaper_search_seconds,quantile)", - "refresh": 2, - "regex": "", - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "All", - "value": [ - "$__all" - ] - }, - "hide": 0, - "includeAll": true, - "label": "Outcome", - "multi": true, - "name": "outcome", - "options": [ - { - "selected": true, - "text": "All", - "value": "$__all" - }, - { - "selected": false, - "text": "success", - "value": "success" - }, - { - "selected": false, - "text": "failure", - "value": "failure" - } - ], - "query": "success,failure", - "type": "custom" - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "AM 6.0. CTS Token Reaper", - "uid": "MP3-8vMiz", - "version": 27 -} diff --git a/helm/forgerock-metrics/dashboards/am-overview-dashboard.json b/helm/forgerock-metrics/dashboards/am-overview-dashboard.json deleted file mode 100644 index ce789196eb..0000000000 --- a/helm/forgerock-metrics/dashboards/am-overview-dashboard.json +++ /dev/null @@ -1,3303 +0,0 @@ -{ - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "Prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1526583768559, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 57, - "panels": [], - "title": "Authentications", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "description": "", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 0, - "y": 1 - }, - "id": 68, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_session_count{job=~\"$instance\",session_type=~\"authentication-.*\",operation=\"create\",outcome=\"success\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Started AuthN Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 6, - "y": 1 - }, - "id": 66, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_authentication_count{job=~\"$instance\",outcome=\"success\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Successful AuthN Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 12, - "y": 1 - }, - "id": 67, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_authentication_count{job=~\"$instance\",outcome=\"failure\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Failed AuthN Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "description": "", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 18, - "y": 1 - }, - "id": 69, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_session_count{job=~\"$instance\",session_type=~\"authentication-.*\",operation=\"max-timeout\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Timed-out AuthN Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 3 - }, - "id": 65, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(am_session_count{job=~\"$instance\",session_type=~\"authentication-.*\",operation=\"create\",outcome=\"success\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Started AuthN Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 3 - }, - "id": 80, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_authentication_count{job=~\"$instance\",outcome=\"success\"}[1m])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Successful AuthN Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 3 - }, - "id": 81, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_authentication_count{job=~\"$instance\",outcome=\"failure\"}[1m])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Failed AuthN Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 3 - }, - "id": 82, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(am_session_count{job=~\"$instance\",session_type=~\"authentication-.*\",operation=\"max-timeout\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Timed-out AuthN Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 9 - }, - "id": 72, - "panels": [], - "title": "Sessions", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 8, - "x": 0, - "y": 10 - }, - "id": 105, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_session_count{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\",outcome=\"success\",operation=~\"create\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Session Creation Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 8, - "x": 8, - "y": 10 - }, - "id": 104, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_session_count{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\",outcome=\"success\",operation=~\"logout|destroy|idle-timeout|max-timeout\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Session Termination Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 8, - "x": 16, - "y": 10 - }, - "id": 109, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate(am_session_lifetime_seconds_total{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\"}[$aggregation_window])) / sum (rate(am_session_lifetime_count{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Overall Average Session Lifetime [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 12 - }, - "id": 93, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(am_session_count{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\",outcome=\"success\",operation=~\"create\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Session Creation Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 12 - }, - "id": 70, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(am_session_count{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\",outcome=\"success\",operation=~\"logout|destroy|idle-timeout|max-timeout\"}[1m])) by (job)", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Session Termination Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 12 - }, - "id": 99, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job) (rate(am_session_lifetime_seconds_total{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\"}[90s])) / sum by (job) (rate(am_session_lifetime_count{job=~\"$instance\",session_type!~\"authentication-client-based|authentication-cts-based|authentication-in-memory\"}[90s]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Session Lifetime", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 18 - }, - "id": 8, - "panels": [], - "title": "CTS", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 0, - "y": 19 - }, - "id": 27, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeat": null, - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_cts_task_queue_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Task Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 6, - "y": 19 - }, - "id": 34, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(am_cts_task_queue_size{job=~\"$instance\"})", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Tasks Waiting in Queues", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 12, - "y": 19 - }, - "id": 35, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate(am_cts_task_queue_seconds_total{job=~\"$instance\"}[$aggregation_window])) / sum (rate(am_cts_task_queue_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Overall Average Task Queueing Time [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 18, - "y": 19 - }, - "id": 42, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate(am_cts_task_seconds_total{job=~\"$instance\"}[$aggregation_window])) / sum (rate(am_cts_task_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Overall Average Task Service Time [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 21 - }, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_cts_task_queue_count{job=~\"$instance\"}[90s])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Task Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "transparent": false, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 21 - }, - "id": 19, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_cts_task_queue_size{job=~\"$instance\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Tasks Waiting in Queue", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 21 - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job) (rate(am_cts_task_queue_seconds_total{job=~\"$instance\"}[90s])) / sum by (job) (rate(am_cts_task_queue_count{job=~\"$instance\"}[90s]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Task Queueing Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "decimals": 2, - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 21 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - { - "dashUri": "db/am-6-0-0-cts", - "dashboard": "AM 6.0.0 CTS", - "includeVars": true, - "keepTime": true, - "targetBlank": true, - "title": "AM 6.0.0 CTS", - "type": "dashboard" - } - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job) (rate(am_cts_task_seconds_total{job=~\"$instance\"}[90s])) / sum by (job) (rate(am_cts_task_count{job=~\"$instance\"}[90s]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Task Service Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "s", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 84, - "panels": [], - "title": "OAuth2", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 0, - "y": 28 - }, - "id": 88, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_oauth2_grant_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "title": "OAuth2 Grants Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 6, - "y": 28 - }, - "id": 90, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_oauth2_grant_revoke_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "title": "OAuth2 Grant Revokes Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 12, - "y": 28 - }, - "id": 92, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_oauth2_token_issue_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "title": "OAuth2 Token Issuance Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 6, - "x": 18, - "y": 28 - }, - "id": 107, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_oauth2_token_revoke_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "title": "OAuth2 Token Revocation Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 0, - "y": 30 - }, - "id": 86, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_oauth2_grant_count{job=~\"$instance\"}[90s]) ", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{job}} - {{grant_type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "OAuth2 Grant Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 6, - "y": 30 - }, - "id": 114, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_oauth2_grant_count{job=~\"$instance\"}[90s]) ", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{job}} - {{grant_type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "OAuth2 Grant Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 12, - "y": 30 - }, - "id": 91, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_oauth2_token_issue_count{job=~\"$instance\"}[90s]) ", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{job}} - {{token_type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "OAuth2 Token Issuance Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 6, - "w": 6, - "x": 18, - "y": 30 - }, - "id": 108, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(am_oauth2_token_revoke_count{job=~\"$instance\"}[90s]) ", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{job}} - {{token_type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "OAuth2 Token Revocation Throughput", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 36 - }, - "id": 95, - "panels": [], - "title": "Policy / Authorization", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 12, - "x": 0, - "y": 37 - }, - "id": 106, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(increase(am_authorization_policy_set_evaluate_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Total Policy Evaluation Throughput [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "decimals": null, - "format": "s", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 2, - "w": 12, - "x": 12, - "y": 37 - }, - "id": 110, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum (rate(am_authorization_policy_set_evaluate_seconds_total{job=~\"$instance\"}[$aggregation_window])) / sum (rate(am_authorization_policy_set_evaluate_count{job=~\"$instance\"}[$aggregation_window]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Overall Average Policy Evaluation Service Time [$aggregation_window]", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 39 - }, - "id": 98, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(am_authorization_policy_set_evaluate_count{job=~\"$instance\"}[1m])) by (job)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Policy Evaluation Outcomes", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 39 - }, - "id": 97, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job) (rate(am_authorization_policy_set_evaluate_seconds_total{job=~\"$instance\"}[90s])) / sum by (job) (rate(am_authorization_policy_set_evaluate_count{job=~\"$instance\"}[90s]))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{job}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Policy Evaluation Service Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 45 - }, - "id": 2, - "panels": [], - "repeat": "instance", - "title": "JVM ($instance)", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 46 - }, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "am_jvm_free_used_memory_bytes{job=~\"$instance\"}", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}} JVM Free Memory", - "refId": "C", - "target": "*.ds.jvm-memory-usage.memory-usage.total.used" - }, - { - "expr": "am_jvm_used_memory_bytes{job=~\"$instance\"}", - "format": "time_series", - "instant": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{job}} JVM Used Memory", - "refId": "A", - "target": "*.ds.jvm-memory-usage.memory-usage.total.used" - }, - { - "expr": "am_jvm_max_memory_bytes{job=~\"$instance\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{job}} JVM Max Memory", - "refId": "B", - "target": "*.ds.jvm-memory-usage.memory-usage.total.used" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 46 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(am_jvm_garbage_collector_ps_marksweep_count{job=~\"$instance\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} GC PS MarkSweep m1_rate", - "refId": "A", - "target": "perSecond(*.ds.jvm-memory-usage.garbage-collector.*.count)" - }, - { - "expr": "rate(am_jvm_garbage_collector_ps_scavenge_count{job=~\"$instance\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} GC PS Scavenge m1_rate", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Garbage Collections", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [ - "AM", - "6.0.0", - "Prometheus" - ], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": "Instance", - "multi": true, - "name": "instance", - "options": [], - "query": "label_values(am_authentication_count, job)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": "1m", - "value": "1m" - }, - "hide": 0, - "includeAll": false, - "label": "Aggregation Window", - "multi": false, - "name": "aggregation_window", - "options": [ - { - "selected": true, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "15m", - "value": "15m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "1d", - "value": "1d" - } - ], - "query": "1m,5m,15m,1h,1d", - "type": "custom" - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "AM 6.0.0 Overview", - "uid": "nO8AiJmmz", - "version": 46 -} diff --git a/helm/forgerock-metrics/dashboards/idm-sample-dashboard.json b/helm/forgerock-metrics/dashboards/idm-sample-dashboard.json deleted file mode 100644 index 9b3d76be71..0000000000 --- a/helm/forgerock-metrics/dashboards/idm-sample-dashboard.json +++ /dev/null @@ -1,1640 +0,0 @@ -{ - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.4" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1523906829809, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 26, - "panels": [], - "title": "Self-Service Metrics", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "prometheus", - "format": "short", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 0, - "y": 1 - }, - "id": 8, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(idm_user_login_total)", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Self-Service User Login Total", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "prometheus", - "format": "short", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 8, - "y": 1 - }, - "id": 11, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(idm_selfservice_user_registration_count)", - "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Self-Service Registration Total", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "prometheus", - "format": "short", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 8, - "x": 16, - "y": 1 - }, - "hideTimeOverride": false, - "id": 16, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(idm_selfservice_user_password_reset_count)", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Self-Service Password Reset Total", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 0, - "y": 5 - }, - "id": 2, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(idm_user_login_count[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "m1_rate ", - "refId": "A" - }, - { - "expr": "sum(rate(idm_user_login_count[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "m5_rate", - "refId": "B" - }, - { - "expr": "sum(rate(idm_user_login_count[15m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "m15_rate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Login Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 8, - "y": 5 - }, - "id": 20, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(idm_selfservice_user_registration_count[1m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "m1_rate ", - "refId": "A" - }, - { - "expr": "sum(rate(idm_selfservice_user_registration_count[5m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "m5_rate ", - "refId": "B" - }, - { - "expr": "sum(rate(idm_selfservice_user_registration_count[15m]))", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "m15_rate ", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Registration Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 8, - "x": 16, - "y": 5 - }, - "id": 21, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(idm_selfservice_user_password_reset_count[1m])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "m1_rate ", - "refId": "A" - }, - { - "expr": "rate(idm_selfservice_user_password_reset_count[5m])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "m5_rate ", - "refId": "B" - }, - { - "expr": "rate(idm_selfservice_user_password_reset_count[15m])", - "format": "time_series", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "m15_rate ", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "User Password Rest Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 13 - }, - "id": 32, - "panels": [], - "title": "Managed Object Metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 13, - "w": 12, - "x": 0, - "y": 14 - }, - "id": 9, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "idm_managed_seconds{managed_object=\"user\",quantile=\"0.5\"}", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{operation}} ", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Managed User Median", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 13, - "w": 12, - "x": 12, - "y": 14 - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "idm_managed_seconds{managed_object=\"role\",quantile=\"0.5\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{operation}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Managed Role Median", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "description": "", - "fill": 1, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 27 - }, - "id": 19, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(idm_managed_seconds{managed_object=\"user\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "user m1_rate", - "refId": "A" - }, - { - "expr": "sum(rate(idm_managed_seconds{managed_object=\"user\"}[15m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "user m15_rate", - "refId": "B" - }, - { - "expr": "sum(rate(idm_managed_seconds{managed_object=\"role\"}[1m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "role m1_rate", - "refId": "C" - }, - { - "expr": "sum(rate(idm_managed_seconds{managed_object=\"role\"}[15m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "role m15_rate", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Managed Object Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 40 - }, - "id": 30, - "panels": [], - "title": "Sync Metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 41 - }, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "idm_sync_objectmapping_seconds{quantile=\"0.5\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{mapping_name}} ", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Sync Object Mapping Median", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 41 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(idm_sync_objectmapping_count[1m]))", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 2, - "legendFormat": "sync m1_rate", - "refId": "A" - }, - { - "expr": "sum(rate(idm_sync_objectmapping_count[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "sync m5_rate", - "refId": "B" - }, - { - "expr": "sum(rate(idm_sync_objectmapping_count[15m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "sync m15_rate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Sync Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": "calls/sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 51 - }, - "id": 28, - "panels": [], - "title": "Recon Metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "decimals": null, - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 52 - }, - "id": 5, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(idm_recon_seconds_total[1m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "m1_rate", - "refId": "A" - }, - { - "expr": "rate(idm_recon_seconds_total[5m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "m5_rate", - "refId": "B" - }, - { - "expr": "rate(idm_recon_seconds_total[15m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "m15_rate", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Recon Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 60 - }, - "id": 24, - "panels": [], - "title": "Repo Metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 12, - "w": 12, - "x": 0, - "y": 61 - }, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(idm_repo_seconds{quantile=\"0.5\", operation=\"create\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "create ", - "refId": "A" - }, - { - "expr": "sum(idm_repo_seconds{quantile=\"0.5\", operation=\"read\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "read", - "refId": "B" - }, - { - "expr": "sum(idm_repo_seconds{quantile=\"0.5\", operation=\"update\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "update", - "refId": "C" - }, - { - "expr": "sum(idm_repo_seconds{quantile=\"0.5\", operation=\"delete\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "delete", - "refId": "D" - }, - { - "expr": "sum(idm_repo_seconds{quantile=\"0.5\", operation=\"patch\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "patch", - "refId": "E" - }, - { - "expr": "sum(idm_repo_seconds{quantile=\"0.5\", operation=\"action\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "action", - "refId": "F" - }, - { - "expr": "sum(idm_repo_seconds{quantile=\"0.5\", operation=\"query\"})", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "query", - "refId": "G" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Repo Median", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "ms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 12, - "w": 12, - "x": 12, - "y": 61 - }, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(idm_repo_seconds{quantile=\"0.5\", operation=\"create\"}[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "create m5_rate", - "refId": "A" - }, - { - "expr": "sum(rate(idm_repo_seconds{quantile=\"0.5\", operation=\"read\"}[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "read m5_rate", - "refId": "B" - }, - { - "expr": "sum(rate(idm_repo_seconds{quantile=\"0.5\", operation=\"update\"}[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "update m5_rate", - "refId": "C" - }, - { - "expr": "sum(rate(idm_repo_seconds{quantile=\"0.5\", operation=\"delete\"}[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "delete m5_rate", - "refId": "D" - }, - { - "expr": "sum(rate(idm_repo_seconds{quantile=\"0.5\", operation=\"patch\"}[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "patch m5_rate", - "refId": "E" - }, - { - "expr": "sum(rate(idm_repo_seconds{quantile=\"0.5\", operation=\"action\"}[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "action m5_rate", - "refId": "F" - }, - { - "expr": "sum(rate(idm_repo_seconds{quantile=\"0.5\", operation=\"query\"}[5m]))", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "query m5_rate", - "refId": "G" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Repo Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "ops", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 73 - }, - "id": 34, - "panels": [], - "title": "Audit Metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "prometheus", - "fill": 1, - "gridPos": { - "h": 11, - "w": 24, - "x": 0, - "y": 74 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(idm_audit_count[5m])", - "format": "time_series", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{audit_topic}} m5_rate", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Audit Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "ops", - "label": "events/sec", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "instance", - "options": [], - "query": "label_values(job)", - "refresh": 2, - "regex": ".*openidm.*", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "IDM Sample Dashboard", - "uid": "000000011", - "version": 34 -} diff --git a/helm/forgerock-metrics/dashboards/ig-sample-dashboard.json b/helm/forgerock-metrics/dashboards/ig-sample-dashboard.json deleted file mode 100644 index 65d2d183a6..0000000000 --- a/helm/forgerock-metrics/dashboards/ig-sample-dashboard.json +++ /dev/null @@ -1,448 +0,0 @@ -{ - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.1" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "Prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1523016673652, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 6, - "w": 6, - "x": 8, - "y": 0 - }, - "id": 2, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "ig_router_deployed_routes{heap=\"gateway\",name=\"_router\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Deployed Routes", - "type": "singlestat", - "valueFontSize": "200%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 4, - "panels": [], - "repeat": "route", - "title": "Route $route", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 17, - "x": 0, - "y": 7 - }, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(ig_route_request_total{router=\"gateway._router\", route=\"$route\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "1 min", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Requests / second", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 9, - "w": 7, - "x": 17, - "y": 7 - }, - "id": 8, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "ig_route_request_active{route=\"$route\",router=\"gateway._router\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Active requests", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": { - "successful": "#1f78c1" - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 16 - }, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (family) (irate(ig_route_response_status_total{route=\"$route\",router=\"gateway._router\"}[1m]))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{family}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Status family repartition", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "route", - "options": [], - "query": "label_values(route)", - "refresh": 1, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "IG sample", - "uid": "lt1Coqzmk", - "version": 7 -} diff --git a/helm/forgerock-metrics/dashboards/topology-dashboard.json b/helm/forgerock-metrics/dashboards/topology-dashboard.json deleted file mode 100644 index bea3523a80..0000000000 --- a/helm/forgerock-metrics/dashboards/topology-dashboard.json +++ /dev/null @@ -1,1637 +0,0 @@ -{ - "__requires": [ - { - "type": "grafana", - "id": "grafana", - "name": "Grafana", - "version": "5.0.3" - }, - { - "type": "panel", - "id": "graph", - "name": "Graph", - "version": "5.0.0" - }, - { - "type": "datasource", - "id": "Prometheus", - "name": "Prometheus", - "version": "5.0.0" - }, - { - "type": "panel", - "id": "singlestat", - "name": "Singlestat", - "version": "5.0.0" - } - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "iteration": 1523630247830, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 10, - "panels": [], - "repeat": null, - "title": "Overall Metrics", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "description": "This is the global average number of requests performed by the directory service.", - "editable": true, - "error": false, - "format": "ops", - "gauge": { - "maxValue": 100000, - "minValue": 0, - "show": true, - "thresholdLabels": true, - "thresholdMarkers": true - }, - "gridPos": { - "h": 6, - "w": 4, - "x": 0, - "y": 1 - }, - "id": 1, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "20%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(ds_connection_handlers_ldap_requests_count[30s]))", - "format": "time_series", - "hide": false, - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "target": "sumSeries(*.ds.connection-handlers.ldap.requests.m1_rate)" - } - ], - "thresholds": "10000,30000", - "title": "Overall Load", - "transparent": true, - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "description": "Number of requests in queue waiting to be processed", - "format": "none", - "gauge": { - "maxValue": 200, - "minValue": 0, - "show": true, - "thresholdLabels": true, - "thresholdMarkers": true - }, - "gridPos": { - "h": 6, - "w": 4, - "x": 4, - "y": 1 - }, - "id": 26, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(ds_work_queue_requests_in_queue)", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "20, 100", - "title": "Requests in Queue", - "transparent": true, - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "description": "The recent average of errors occurring in the service. These errors could be tied to client applications, invalid data, authentication failures...", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 1000, - "minValue": 0, - "show": true, - "thresholdLabels": true, - "thresholdMarkers": true - }, - "gridPos": { - "h": 6, - "w": 4, - "x": 8, - "y": 1 - }, - "id": 9, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "20%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(ds_connection_handlers_ldap_requests_failure_count[30s]))", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "target": "sumSeries(*.ds.connection-handlers.ldap.requests.failures.m1_rate)" - } - ], - "thresholds": "50,100", - "title": "Errors", - "transparent": true, - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "description": "The total number of client connections opened against the whole directory service.", - "format": "none", - "gauge": { - "maxValue": 4000, - "minValue": 0, - "show": true, - "thresholdLabels": true, - "thresholdMarkers": true - }, - "gridPos": { - "h": 6, - "w": 4, - "x": 12, - "y": 1 - }, - "id": 29, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeat": null, - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(ds_current_connections)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "1000, 3000", - "title": "Connections", - "transparent": true, - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "description": "This value represents the highest replication latency across all replicas, at each instant.", - "format": "s", - "gauge": { - "maxValue": 30, - "minValue": 0, - "show": true, - "thresholdLabels": true, - "thresholdMarkers": true - }, - "gridPos": { - "h": 6, - "w": 4, - "x": 16, - "y": 1 - }, - "id": 40, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "max(ds_replication_replica_remote_replicas_current_delay_seconds)", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "1, 5", - "title": "Max Replication Latency", - "transparent": true, - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - }, - { - "op": "=", - "text": "", - "value": "" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 16, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "idelta(ds_connection_handlers_ldap_requests_failure_count[30s])", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} - {{ldap_handler}} {{type}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Errors", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 15 - }, - "id": 11, - "panels": [], - "repeat": null, - "title": "Access Metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 16 - }, - "id": 2, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job, ldap_handler) (rate(ds_connection_handlers_ldap_requests_count{job=~\"$ds_instance\",ldap_handler=~\"$ldap_handler\"}[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} {{ldap_handler}} m1_rate", - "refId": "A", - "target": "*.ds.connection-handlers.ldap.requests.m1_rate" - }, - { - "expr": "sum by (job, ldap_handler) (rate(ds_connection_handlers_ldap_requests_count{job=~\"$ds_instance\",ldap_handler=~\"$ldap_handler\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} {{ldap_handler}} m5_rate", - "refId": "B", - "target": "*.ds.connection-handlers.ldap.requests.m5_rate" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Load Averages", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 16 - }, - "id": 23, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job, ldap_handler, type) (irate(ds_connection_handlers_ldap_requests_seconds_total{job=~\"$ds_instance\",ldap_handler=~\"$ldap_handler\"}[1m])) / sum by (job, ldap_handler, type) (irate(ds_connection_handlers_ldap_requests_count{job=~\"$ds_instance\",ldap_handler=~\"$ldap_handler\"}[1m]))", - "format": "time_series", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{job}} - {{ldap_handler}} - {{type}}", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Current response time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 25 - }, - "id": 13, - "panels": [], - "repeat": null, - "title": "Replication", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(ds_replication_replica_remote_replicas_replayed_updates_count{job=~\"$ds_instance\"}[30s])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} {{domain_name}} last 30s", - "refId": "A" - }, - { - "expr": "rate(ds_replication_replica_remote_replicas_replayed_updates_count{job=~\"$ds_instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} {{domain_name}} last 5m", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Replayed updates", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 26 - }, - "id": 7, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "ds_replication_replica_remote_replicas_current_delay_seconds", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "DS({{remote_server_id}}) → DS({{server_id}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Current delay", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 18, - "panels": [], - "repeat": "public_basedn", - "title": "Backend: $public_basedn", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "Prometheus", - "format": "none", - "gauge": { - "maxValue": 100000000, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 8, - "x": 0, - "y": 35 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": null, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeat": "ds_instance", - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "ds_backend_entry_count{base_dn=~\"$public_basedn\", job=~\"$ds_instance\"}", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "$ds_instance", - "type": "singlestat", - "valueFontSize": "100%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 38 - }, - "id": 33, - "panels": [], - "repeat": "disk", - "title": "Disk free: ${disk}", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "#d44a3a", - "rgba(237, 129, 40, 0.89)", - "#299c46" - ], - "datasource": "Prometheus", - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 8, - "x": 0, - "y": 39 - }, - "id": 36, - "interval": null, - "links": [], - "mappingType": 2, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [], - "repeat": "ds_instance", - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "ds_disk_free_space_bytes{job=~\"$ds_instance\", disk=~\"$disk\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "51000000000,55000000000", - "title": "${ds_instance}", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "", - "value": "ds_disk_free_space_low_threshold_bytes" - } - ], - "valueName": "current" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 42 - }, - "id": 12, - "panels": [], - "repeat": null, - "title": "Health Metrics", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 43 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "ds_jvm_memory_used_bytes{job=~\"$ds_instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} JVM Total Memory Usage", - "refId": "A", - "target": "*.ds.jvm-memory-usage.memory-usage.total.used" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 43 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(ds_jvm_garbage_collector_ps_marksweep_count{job=~\"$ds_instance\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} GC PS MarkSweep m1_rate", - "refId": "A", - "target": "perSecond(*.ds.jvm-memory-usage.garbage-collector.*.count)" - }, - { - "expr": "rate(ds_jvm_garbage_collector_ps_scavenge_count{job=~\"$ds_instance\"}[1m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} GC PS Scavenge m1_rate", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Garbage Collections", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 50 - }, - "id": 14, - "panels": [], - "repeat": null, - "title": "Security", - "type": "row" - }, - { - "alert": { - "conditions": [ - { - "evaluator": { - "params": [ - -5 - ], - "type": "gt" - }, - "operator": { - "type": "and" - }, - "query": { - "params": [ - "A", - "5m", - "now" - ] - }, - "reducer": { - "params": [], - "type": "count" - }, - "type": "query" - } - ], - "executionErrorState": "alerting", - "frequency": "1h", - "handler": 1, - "name": "Certificates about to expire", - "noDataState": "no_data", - "notifications": [] - }, - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fill": 1, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 51 - }, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "ds_certificates_certificate_expires_at_seconds", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{job}} \"{{key_manager}}\", {{alias}}", - "refId": "A" - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": -5 - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Certificate expiry in", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "s", - "label": "", - "logBase": 2, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "schemaVersion": 16, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "ldap_handler", - "options": [], - "query": "label_values(ldap_handler)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "basedn", - "options": [], - "query": "label_values(base_dn)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "public_basedn", - "options": [], - "query": "label_values(ds_backend_entry_count{type=\"db\"}, base_dn)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "ds_instance", - "options": [], - "query": "label_values(ds_start_time_seconds, job)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "disk", - "options": [], - "query": "label_values(ds_disk_free_space_bytes, disk)", - "refresh": 1, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "Prometheus", - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "domain", - "options": [], - "query": "label_values(ds_replication_replica_remote_replicas_replayed_updates_count, domain_name)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "Directory Services Dashboard", - "uid": "wqyXwDkik", - "version": 4 -} diff --git a/helm/forgerock-metrics/templates/_helpers.tpl b/helm/forgerock-metrics/templates/_helpers.tpl deleted file mode 100644 index ce4480c6b5..0000000000 --- a/helm/forgerock-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "exporter-forgerock.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "exporter-forgerock.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/helm/forgerock-metrics/templates/am.yaml b/helm/forgerock-metrics/templates/am.yaml deleted file mode 100644 index 581fe7bd3b..0000000000 --- a/helm/forgerock-metrics/templates/am.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# For schema see https://coreos.com/operators/prometheus/docs/latest/api.html#endpoint -# This defines a prometheus operator spec for a service to scrape. -{{- if .Values.am.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-apps: kube-prometheus - # This label targets the prometheus operator instance - # You could in theory have many operators running in a cluster (one for dev, qa, etc.) - # This targets the instance that the helm chart coreos/kube-prometheus creates. - # Note that this ServiceMonitor needs to be in the same namespace as the operator - # The monitored targets can be in different namespaces. - prometheus: prometheus-operator - app: {{ .Values.am.component }} - name: {{ .Values.am.component }} -spec: - # Tells prometheus which endpoint / port to scrape - # The service definition should name the port so we can use the symbolic name below. - endpoints: - # If you use port -this targets the *service* port (not the pod port) - # It looks like it wants a string name for the port - so match this to the service port name - - port: openam - path: {{ .Values.am.path }} - basicAuth: - password: - name: prometheus-am - key: password - username: - name: prometheus-am - key: user - # This targets the service using a label. - selector: - matchLabels: - component: {{ .Values.am.labelSelectorComponent }} - namespaceSelector: - {{ if eq .Values.namespaceSelectorStrategy "any" }} - any: true - {{ else }} - matchNames: - {{- range .Values.namespaceSelector }} - - {{ . }} - {{- end }} - {{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: prometheus-am -data: - user: {{ .Values.am.secretUser | b64enc }} - password: {{ .Values.am.secretPassword | b64enc }} -type: Opaque -{{- end -}} \ No newline at end of file diff --git a/helm/forgerock-metrics/templates/config-map.yaml b/helm/forgerock-metrics/templates/config-map.yaml deleted file mode 100644 index 77b73797ac..0000000000 --- a/helm/forgerock-metrics/templates/config-map.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: forgerock-dashboards - labels: - grafana_dashboard: "1" -data: -{{ (.Files.Glob "dashboards/*.json").AsConfig | indent 2 }} diff --git a/helm/forgerock-metrics/templates/ds.yaml b/helm/forgerock-metrics/templates/ds.yaml deleted file mode 100644 index a19bd26b83..0000000000 --- a/helm/forgerock-metrics/templates/ds.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# For schema see https://coreos.com/operators/prometheus/docs/latest/api.html#endpoint -# This defines a prometheus operator spec for a service to scrape. -{{- if .Values.ds.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-apps: kube-prometheus - # This label targets the prometheus operator instance - # You could in theory have many operators running in a cluster (one for dev, qa, etc.) - # This targets the instance that the helm chart coreos/kube-prometheus creates. - # Note that this ServiceMonitor needs to be in the same namespace as the operator - # The monitored targets can be in different namespaces. - prometheus: prometheus-operator - app: {{ .Values.ds.component }} - name: {{ .Values.ds.component }} -spec: - # Tells prometheus which endpoint / port to scrape - # The service definition should name the port so we can use the symbolic name below. - endpoints: - # If you use port -this targets the *service* port (not the pod port) - # It looks like it wants a string name for the port - so match this to the service port name - - targetPort: 8080 - path: {{ .Values.ds.path }} - basicAuth: - username: - name: prometheus-ds - key: user - password: - name: prometheus-ds - key: password - # This targets the service using a label. - selector: - matchLabels: - component: {{ .Values.ds.labelSelectorComponent }} - namespaceSelector: - {{ if eq .Values.namespaceSelectorStrategy "any" }} - any: true - {{ else }} - matchNames: - {{- range .Values.namespaceSelector }} - - {{ . }} - {{- end }} - {{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: prometheus-ds -data: - user: {{ .Values.ds.secretUser | b64enc }} - password: {{ .Values.ds.secretPassword | b64enc }} -type: Opaque -{{- end -}} \ No newline at end of file diff --git a/helm/forgerock-metrics/templates/fr-alerts.yaml b/helm/forgerock-metrics/templates/fr-alerts.yaml deleted file mode 100644 index d4bf106261..0000000000 --- a/helm/forgerock-metrics/templates/fr-alerts.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{ define "fr.rules.yaml.tpl" }} -groups: -- name: cluster.rules - rules: - - alert: node_memory_MemFree - expr: node_memory_MemFree < 100000000 - for: 5m - labels: - severity: warning - annotations: - description: "Node memory running low" - - alert: up - expr: up == 0 - for: 1m - labels: - severity: critical - annotations: - description: "Service is down for more than 1 minute" - - alert: instance:node_cpu:rate:sum - expr: instance:node_cpu:rate:sum > 80 - for: 5m - labels: - severity: warning - annotations: - description: "Instance cpu above 80% for over 5 mins" - - alert: node_disk_io_time_ms - expr: rate(node_disk_io_time_ms[5m]) > 200 - for: 5m - labels: - severity: warning - annotations: - description: "Disk IO time over 300ms for 5 mins" -- name: am.rules - rules: - - alert: am_cts_task_seconds_total - expr: sum by (job) (rate(am_cts_task_seconds_total{job=~"$instance"}[90s])) / sum by (job) (rate(am_cts_task_count{job=~"$instance"}[90s])) > 0.1 - for: 3m - labels: - severity: warning - annotations: - description: "Average Task Service Time" - - alert: am_cts_reaper_search_second - expr: am_cts_reaper_search_second > 0.25 - labels: - severity: warning - annotations: - description: "CTS Overall Average search service time" - - alert: am_cts_reaper_deletion_total - expr: irate(am_cts_reaper_deletion_total{reaper_type=~"search",outcome=~"$outcome"}[1m]) > 0 - labels: - severity: warning - annotations: - description: "CTS Search based Deletion Throughput" - - alert: am_cts_task_count - expr: rate(am_cts_task_count{job=~"$instance",token_type=~"$token_type",operation=~"$operation",outcome=~"failure"}[5m]) > 0 - labels: - severity: warning - annotations: - description: "CTS Delete task throughput failure" -- name: ds.rules - rules: - - alert: ds_disk_free_space_bytes - expr: ds_disk_free_space_bytes < 5000000000 - for: 5m - labels: - severity: warning - annotations: - description: "Free disk space below 5GB, please free up some space now" - summary: "Free disk space running low" - - alert: ds_replication_replica_remote_replicas_current_delay_seconds - expr: max(ds_replication_replica_remote_replicas_current_delay_seconds) > 0.5 - for: 5m - labels: - severity: warning - annotations: - description: "DS Max replication latency" - - alert: ds_connection_handlers_ldap_requests_seconds_total - expr: sum by (job, ldap_handler, type) (irate(ds_connection_handlers_ldap_requests_seconds_total{job=~"$ds_instance",ldap_handler=~"$ldap_handler"}[1m])) / sum by (job, ldap_handler, type) (irate(ds_connection_handlers_ldap_requests_count{job=~"$ds_instance",ldap_handler=~"$ldap_handler"}[1m])) - for: 5m - labels: - severity: warning - annotations: - description: "DS Current response times" -- name: ig.rules - rules: - - alert: ig_route_response_time_seconds - expr: ig_route_response_time_seconds{route="default",name="default",router="gateway._router"} > 0.4 - for: 5m - labels: - severity: warning - annotations: - description: "Rate (calls/seconds) of responses with their associated times in milliseconds" - - alert: ig_route_response_error_total - expr: ig_route_response_error_total{route="default",name="default",router="gateway._router"} > 0 - for: 5m - labels: - severity: warning - annotations: - description: "count of all responses which generated an exception" -- name: idm.rules - rules: - - alert: idm_repo_seconds - expr: idm_repo_seconds{operation="read",repo_type="jdbc",resource_mapping="cluster_states"} > 0.1 - for: 3m - labels: - severity: warning - annotations: - description: "read operation to a JDBC datasource" - - alert: idm_repo_seconds_2 - expr: idm_repo_seconds{operation="read",repo_type="jdbc",resource_mapping="reconprogressstate"} > 0.1 - for: 3m - labels: - severity: warning - annotations: - description: "read operation to a JDBC datasource, recon progress" - - alert: idm_repo_seconds_3 - expr: idm_repo_seconds{operation="update",repo_type="jdbc",resource_mapping="cluster_states"} > 0.1 - for: 3m - labels: - severity: warning - annotations: - description: "update operation to a JDBC datasource" - - alert: idm_repo_seconds_4 - expr: idm_repo_seconds{operation="update",repo_type="jdbc",resource_mapping="reconprogressstate"} > 0.1 - for: 3m - labels: - severity: warning - annotations: - description: "update operation to a JDBC datasource, recon progress" - - alert: idm_repo_get_connection_seconds - expr: idm_repo_get_connection_seconds{repo_type="jdbc"} > 0.005 - for: 3m - labels: - severity: warning - annotations: - description: "Rate of successful/unsuccessful retrieval of a repo connection" -{{ end }} - \ No newline at end of file diff --git a/helm/forgerock-metrics/templates/idm.yaml b/helm/forgerock-metrics/templates/idm.yaml deleted file mode 100644 index 741409eabd..0000000000 --- a/helm/forgerock-metrics/templates/idm.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# For schema see https://coreos.com/operators/prometheus/docs/latest/api.html#endpoint -{{- if .Values.idm.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-apps: kube-prometheus - # This label targets the prometheus operator instance - # You could in theory have many operators running in a cluster (one for dev, qa, etc.) - # This targets the instance that the helm chart coreos/kube-prometheus creates. - # Note that this ServiceMonitor needs to be in the same namespace as the operator - # The monitored targets can be in different namespaces. - prometheus: prometheus-operator - app: {{ .Values.idm.component }} - name: {{ .Values.idm.component }} -spec: - # Tells prometheus which endpoint / port to scrape - endpoints: - # If you use targetPort it looks like it wants an integer here. - # targetPort is the pod port *NOT* the service port - - port: openidm - path: {{ .Values.idm.path }} - basicAuth: - username: - name: prometheus-idm - key: user - password: - name: prometheus-idm - key: password - # This targets the service using a label. - selector: - matchLabels: - component: {{ .Values.idm.labelSelectorComponent }} - namespaceSelector: - {{ if eq .Values.namespaceSelectorStrategy "any" }} - any: true - {{ else }} - matchNames: - {{- range .Values.namespaceSelector }} - - {{ . }} - {{- end }} - {{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: prometheus-idm -data: - user: {{ .Values.idm.secretUser | b64enc }} - password: {{ .Values.idm.secretPassword | b64enc }} -type: Opaque -{{- end -}} \ No newline at end of file diff --git a/helm/forgerock-metrics/templates/ig.yaml b/helm/forgerock-metrics/templates/ig.yaml deleted file mode 100644 index 6d74dfd1ff..0000000000 --- a/helm/forgerock-metrics/templates/ig.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# For schema see https://coreos.com/operators/prometheus/docs/latest/api.html#endpoint -# This defines a prometheus operator spec for a service to scrape. -{{- if .Values.ig.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-apps: kube-prometheus - # This label targets the prometheus operator instance - # You could in theory have many operators running in a cluster (one for dev, qa, etc.) - # This targets the instance that the helm chart coreos/kube-prometheus creates. - # Note that this ServiceMonitor needs to be in the same namespace as the operator - # The monitored targets can be in different namespaces. - prometheus: prometheus-operator - app: {{ .Values.ig.component }} - name: {{ .Values.ig.component }} -spec: - # Tells prometheus which endpoint / port to scrape - # The service definition should name the port so we can use the symbolic name below. - endpoints: - # If you use targetPort it looks like it wants an integer here. - # targetPort is the pod port *NOT* the service port - - targetPort: 8080 - path: {{ .Values.ig.path }} - basicAuth: - password: - name: prometheus-ig - key: password - username: - name: prometheus-ig - key: user - # This targets the service using a label. - selector: - matchLabels: - component: {{ .Values.ig.labelSelectorComponent }} - namespaceSelector: - {{ if eq .Values.namespaceSelectorStrategy "any" }} - any: true - {{ else }} - matchNames: - {{- range .Values.namespaceSelector }} - - {{ . }} - {{- end }} - {{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: prometheus-ig -data: - user: {{ .Values.ig.secretUser | b64enc }} - password: {{ .Values.ig.secretPassword | b64enc }} -type: Opaque -{{- end -}} \ No newline at end of file diff --git a/helm/forgerock-metrics/templates/locust.yaml b/helm/forgerock-metrics/templates/locust.yaml deleted file mode 100644 index fe1adb5ad4..0000000000 --- a/helm/forgerock-metrics/templates/locust.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# For schema see https://coreos.com/operators/prometheus/docs/latest/api.html#endpoint -# This defines a prometheus operator spec for a service to scrape. -{{- if .Values.ds.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-apps: kube-prometheus - # This label targets the prometheus operator instance - # You could in theory have many operators running in a cluster (one for dev, qa, etc.) - # This targets the instance that the helm chart coreos/kube-prometheus creates. - # Note that this ServiceMonitor needs to be in the same namespace as the operator - # The monitored targets can be in different namespaces. - prometheus: prometheus-operator - app: {{ .Values.locust.component }} - name: {{ .Values.locust.component }} -spec: - # Tells prometheus which endpoint / port to scrape - # The service definition should name the port so we can use the symbolic name below. - endpoints: - # If you use port -this targets the *service* port (not the pod port) - # It looks like it wants a string name for the port - so match this to the service port name - - targetPort: 8089 - path: {{ .Values.locust.path }} -# basicAuth: -# username: -# name: prometheus-locust -# key: user -# password: -# name: prometheus-locust -# key: password - # This targets the service using a label. - selector: - matchLabels: - component: {{ .Values.locust.labelSelectorComponent }} - namespaceSelector: - {{ if eq .Values.namespaceSelectorStrategy "any" }} - any: true - {{ else }} - matchNames: - {{- range .Values.namespaceSelector }} - - {{ . }} - {{- end }} - {{ end }} -#--- -#apiVersion: v1 -#kind: Secret -#metadata: -# name: prometheus-locust -##data: -## user: {{ .Values.ds.secretUser | b64enc }} -## password: {{ .Values.ds.secretPassword | b64enc }} -#type: Opaque -{{- end -}} \ No newline at end of file diff --git a/helm/forgerock-metrics/templates/prometheusrule.yaml b/helm/forgerock-metrics/templates/prometheusrule.yaml deleted file mode 100644 index 2002ecb702..0000000000 --- a/helm/forgerock-metrics/templates/prometheusrule.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - labels: - app: "prometheus-operator" - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.additionalRulesLabels }} -{{ toYaml .Values.additionalRulesLabels | indent 4 }} - {{- end }} - name: {{ .Release.Name }}-fr.rules -spec: -{{- if .Values.prometheusRules }} - groups: -{{ toYaml .Values.prometheusRules | indent 4 }} -{{ else }} -{{ include "fr.rules.yaml.tpl" . | indent 2 }} -{{ end }} \ No newline at end of file diff --git a/helm/forgerock-metrics/values.yaml b/helm/forgerock-metrics/values.yaml deleted file mode 100644 index 04d5909b60..0000000000 --- a/helm/forgerock-metrics/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Default values for exporter-forgerock. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Select namespace strategy. -# any = scrape all namespaces[default]. -# selection = user defined array of namespaces to scrape. -namespaceSelectorStrategy: any -# if namespaceSelectorStrategy: selected, then replace the namespace array below -# with the namespaces to be scraped by Prometheus. -#namespaceSelector: -# - production -# - staging -# - test - -am: - component: am - enabled: true - path: /am/json/metrics/prometheus - labelSelectorComponent: openam - secretUser: prometheus - secretPassword: prometheus - -ds: - component: ds - enabled: true - path: /metrics/prometheus - labelSelectorComponent: ds - secretUser: monitor - secretPassword: password - -idm: - component: idm - enabled: true - path: /openidm/metrics/prometheus - labelSelectorComponent: openidm - secretUser: prometheus - secretPassword: prometheus - -ig: - component: ig - enabled: true - path: /openig/metrics/prometheus - labelSelectorComponent: openig - secretUser: metric - secretPassword: password - -locust: - component: locust - enabled: true - path: /metrics/prometheus - labelSelectorComponent: master - -additionalRulesLabels: - prometheus: prometheus-operator - role: alert-rules - - - - - diff --git a/helm/frconfig/.helmignore b/helm/frconfig/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/frconfig/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/frconfig/Chart.yaml b/helm/frconfig/Chart.yaml deleted file mode 100644 index 8e95656f69..0000000000 --- a/helm/frconfig/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "7.0.0" -description: A helm chart to manage configuration for the ForgeRock platform -name: frconfig -version: 7.0.0 diff --git a/helm/frconfig/README.md b/helm/frconfig/README.md deleted file mode 100644 index 0b9b011277..0000000000 --- a/helm/frconfig/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# frconfig - Manage configuration for the ForgeRock platform components - -This chart creates Kubernetes config maps and secrets needed to clone platform configurations -from a git repository. It also optionally creates certificate requests for SSL. - -This is a prerequisite chart that must be deployed before other charts such as openam, openig, amster, and openidm. - -## values.yaml - -The defaults in values.yaml clones the public (read only) [forgeops-init](https://github.com/ForgeRock/forgeops-init) repository. This -is a bare bones starter repository with a minimal platform configuration. - -To use a different git repository, you must create a custom values.yaml with your git details. -Note that private git reposities must use a git url of the form `git@github.com....`. -Git https urls can only be cloned if they are public. - -A sample custom.yaml is shown below: - -```yaml -git: - # git repo to clone. - repo: "git@github.com:Acme/cloud-deployment-config.git" - branch: mybranch -# Usually you do not need to change config.name. See the comments below for more information. -# config: -# name: frconfig -``` - -## git secret - -A dummy ssh secret `id_rsa` is stored in the `frconfig` secret. If you need ssh access to your git repository -you must replace this secret with a real ssh key. There are two ways to do this: You can replace the contents of the file `secrets/id_rsa` with your ssh key, or alternatively you can use kubectl commands to replace the dummy secret with the -real value. For example: - - -```shell -# Generate your own id_rsa and id_rsa.pub keypair, according to the instructions on github or stash, -# then run the following commands: -kubectl delete secret frconfig -kubectl create secret generic frconfig --from-file=id_rsa -``` - -Note the secret file name (the key in the secret map) *must* be id_rsa. This is the private key that has permissions to clone and/or update your repository (the public part of this key is uploaded to your github or stash repository). - -The id_rsa file must be kept private. Do not check this file into source control. - -## Configuration per product - -This project uses a single git repository that contains configuration for all products. If you want to use a strategy of a configuration repository per product, you can deploy multiple instances of this chart, each with a different name for `config.name`. - -The value for `config.name` is significant, as other -charts reference this value. Products default `config.name` to "frconfig", but this can be overridden by helm. - -As an example, to create a custom configuration for openig, use the following procedure: - -* Create an appropriate values.yaml with `git` settings for your repository. Set config.name to "my-ig-config" -* Deploy this chart `helm install -f values.yaml frconfig` -* Replace the dummy ssh secret with your id_rsa value. See the section above. Note the secret name is now `my-ig-config` -* Deploy the openig chart, overriding the configuration name: `helm install --set config.name=my-ig-config openig` - -## Certificates - -cert-manager is used to provision a wildcard SSL certificate of the form `wildcard.$namespace.$domain`. The default in values.yaml -configures cert-manager to issue self signed certificates (the CA issuer). You can configure cert-manager to issue certificates -using Let's Encrypt. Please refer to the [cert-manager](https://github.com/jetstack/cert-manager) project. diff --git a/helm/frconfig/secrets/ca.crt b/helm/frconfig/secrets/ca.crt deleted file mode 100644 index 49f4e99a56..0000000000 --- a/helm/frconfig/secrets/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDLzCCAhegAwIBAgIJAJ+ux3EWq4iDMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV -BAMMDWZvcmdlcm9jay5jb20wHhcNMTgxMDA0MTYxMDIxWhcNMjEwNzI0MTYxMDIx -WjAYMRYwFAYDVQQDDA1mb3JnZXJvY2suY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAxeLf5AvLE4Lm8d8y4F6rFA6zZMX7S+ywc2nzAdN/C3ctxnOk -mDCs1L6MXOXltpBgP7hzOBUMhOEjy9HxGd08bQe5wFTqRtnsd7v2TXmmlw/a9SDC -sGJZbi/lW2kxND08Yn2H3lrjwkWlqouRAJ7nFK5Cl8/KCrsNHUcjoXV2m5ys+p1h -Q+92ksMUCGlTv5p253CykhVBcz6LUY0dydPDcZZggYLZmTYCPfLWA4E304l/74rL -sb8NVJGkDQ0ppCc6/EjHRhWLlie/hSXuYQ4gfjnsxaejx1PBCkXlseInmePhInFA -g9vut8ElLFNSp3bvt7mqcR4Arc73UhFraZuX5QIDAQABo3wwejAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBQLSRRElCe5lC64slw1egImjWTM9DBIBgNVHSMEQTA/ -gBQLSRRElCe5lC64slw1egImjWTM9KEcpBowGDEWMBQGA1UEAwwNZm9yZ2Vyb2Nr -LmNvbYIJAJ+ux3EWq4iDMA0GCSqGSIb3DQEBCwUAA4IBAQDFLVPPntOhP/IRSEQU -1AInNxpPgzhd9M5ydjQk7XwEskVu0Ezm/dWM6BZk6ntAvsDf1NA8jLLlDa7++BnF -Gn4FEfMPbZNUVtzpvAD20+hn7H4KW/h6iRt/tQRqcUnt/edzBPegj2k2rXAD3ffC -mtJ85ZpNbRfr8xDbK0rXwHzjD4+uSXg+At32D23lgn9PComM42ocP5qyq2OxFYXX -eijflATSlwPDf82dwoWDmws94K3o4wbwLNpZ+//9hNKaAs47ECzjKRh/1llt2sSC -Q+wnKjnya7T2L4nTDZT5f9Au1/RKnErfr0Mjg6AIlI5HQvu+U2B0oL9/7LV9uLos -IvkP ------END CERTIFICATE----- diff --git a/helm/frconfig/secrets/ca.key b/helm/frconfig/secrets/ca.key deleted file mode 100644 index 853de8002d..0000000000 --- a/helm/frconfig/secrets/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEoQIBAAKCAQEAxeLf5AvLE4Lm8d8y4F6rFA6zZMX7S+ywc2nzAdN/C3ctxnOk -mDCs1L6MXOXltpBgP7hzOBUMhOEjy9HxGd08bQe5wFTqRtnsd7v2TXmmlw/a9SDC -sGJZbi/lW2kxND08Yn2H3lrjwkWlqouRAJ7nFK5Cl8/KCrsNHUcjoXV2m5ys+p1h -Q+92ksMUCGlTv5p253CykhVBcz6LUY0dydPDcZZggYLZmTYCPfLWA4E304l/74rL -sb8NVJGkDQ0ppCc6/EjHRhWLlie/hSXuYQ4gfjnsxaejx1PBCkXlseInmePhInFA -g9vut8ElLFNSp3bvt7mqcR4Arc73UhFraZuX5QIDAQABAoIBAHYD+Ty639DyF6OW -VnRDYUoj/k8SV+2O6ijavgePx8vhttYM79On69sxDOr2XMpFTnGSIn0G6KFy1/Nd -cKnZLIlluxz+R34bx5Ac9CZ+b6DV3uKkOBgTf3xcai/bC3I5NwMSFG7Cy+R3vvZ4 -J/Ez02KdDrAVR0yhA5A7df9721Gv0ObBfUn4fQjTNr57LUhkK+nMbeEWbGY8U5El -DtBwmS5UxMUfXLGur7pLbMAG6cf9ugv2zzIuv1k6J5EijuxQdIo+atT8xYKl8F7H -XHStvKfYmMX3zCLLrQAEQnPTA3gHSh2LopUcP9cY/pPsyLBfthJ/BunaVSR+6/vg -gXvkiCECgYEA77CGT2YhmpOJSXA197G7Vf1DL2pCuKazp8tE54oth61EEjFSCLQX -LkVx52gY8JBd13uI7nABsMiSKitozC6p1Mo33CcaSVSkjBPE5x3bF4QElA7i6dT0 -q59l8vavOmMXC1jWHeMdzD2KxSrKK/wHFsJohltFkA0daZMPyHkpZrkCgYEA01of -HNjzwbKGkJJVHnMH3CX4CqlbOeA0+CxNkedV1+bxuLPq4M3ivLm6phqj0viILJCw -noJuxfC3yHUyHAiXBeiVd4A1r8J9H2HzCsk6KmdkcTnrIJd+aa7aj6bGBU3WY+7W -O8fpapABOAAL678TxGCaO/40nZ6d6gcn9Qg8JI0CgYA0xmtsRBKWFHIgB2L6nNmg -v1jxsbXrLllUUr9jM9t+ijn4v39Oh0irWYMQ7qy/GypubbbiuSrGIAN+4Xv7qTKf -tb7C7KEvEEICzb+HG93HubvAVd7Ema0dtMUf0A0ZEARc7TyH7B/9fnd1nkxRjvaI -nlmha6tPYnPdcRIClBr3kQJ/EIL560cHxBouaR0FiVtzQb+1oR+aAOuDN+A+Lyfj -jPp95/AmaWmsTRI1gsSSB+liuhiTs8582Pn1YbPGNmp1YgDJrIxXpWOMYudEFZOi -960cK7xaojEzrw36BT8COWfbV/NQyVrU4X5emgFm7QQAh1cEtasmcSnzLFViycHa -8QKBgQChsKBDgkRBhFAKEX2jpaYBZxUYjxsFO6Z2K6hVBjEBCOwFtYL5qz6OgpZj -+SpZMBUjjPQcUhLSM+CXMH+T4BsfmLUByBwiqu9Ykx7DgEU6w1lkXMK5fBnfExVF -r1nt0/hfbLIsuliKtk9XcH3nwkEc1UC0mwaxwSN9I9I0iQaurQ== ------END RSA PRIVATE KEY----- diff --git a/helm/frconfig/secrets/cm.sh b/helm/frconfig/secrets/cm.sh deleted file mode 100755 index 0635edc9b1..0000000000 --- a/helm/frconfig/secrets/cm.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash -# Script to generate a CA cert used by cert manager to issue more certificates. -# The generated ca.key and ca.crt files will get slurped up by helm and used to create a secret for cert-manager. - -COMMON_NAME="forgerock.com" - -openssl genrsa -out ca.key 2048 -# The openssl-with-ca is needed on MacOS to provide the CA cert extension. If you are running on Linux openssl does not need it. -openssl req -x509 -new -nodes -key ca.key -sha256 -subj "/CN=${COMMON_NAME}" -days 1024 -out ca.crt -extensions v3_ca -config openssl-with-ca.cnf - diff --git a/helm/frconfig/secrets/id_rsa b/helm/frconfig/secrets/id_rsa deleted file mode 100644 index 4b0fbba63e..0000000000 --- a/helm/frconfig/secrets/id_rsa +++ /dev/null @@ -1,3 +0,0 @@ -This is a dummy secret for git ssh access. If you are using a private git repo -that requires an ssh key, replace this file with your generated id_rsa key, -See the README. diff --git a/helm/frconfig/secrets/openssl-with-ca.cnf b/helm/frconfig/secrets/openssl-with-ca.cnf deleted file mode 100644 index a87204d963..0000000000 --- a/helm/frconfig/secrets/openssl-with-ca.cnf +++ /dev/null @@ -1,29 +0,0 @@ -[ req ] -#default_bits = 2048 -#default_md = sha256 -#default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_min = 2 -countryName_max = 2 -stateOrProvinceName = State or Province Name (full name) -localityName = Locality Name (eg, city) -0.organizationName = Organization Name (eg, company) -organizationalUnitName = Organizational Unit Name (eg, section) -commonName = Common Name (eg, fully qualified host name) -commonName_max = 64 -emailAddress = Email Address -emailAddress_max = 64 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -[ v3_ca ] -basicConstraints = critical,CA:TRUE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always diff --git a/helm/frconfig/templates/_helpers.tpl b/helm/frconfig/templates/_helpers.tpl deleted file mode 100644 index 99073256d5..0000000000 --- a/helm/frconfig/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "frconfig.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "frconfig.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "frconfig.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/helm/frconfig/templates/cert-manager.yaml b/helm/frconfig/templates/cert-manager.yaml deleted file mode 100644 index 246416de66..0000000000 --- a/helm/frconfig/templates/cert-manager.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{ if .Values.certmanager.enabled }} -# Create a namespaced issuer that uses cert managers built in CA issuer -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Issuer -metadata: - name: ca-issuer -spec: - ca: - secretName: certmanager-ca-secret ---- -# The CA certificate secret used by cert manager to issue certs. -apiVersion: v1 -kind: Secret -metadata: - name: certmanager-ca-secret -type: kubernetes.io/tls -data: - tls.crt: {{ .Files.Get "secrets/ca.crt" | b64enc }} - tls.key: {{ .Files.Get "secrets/ca.key" | b64enc }} ---- -# Requests cert manager create a certificate based on the Issuer (CA, lets encrypt, etc.) -# A secret containing the cert will be created if the request is succesful. Ingress controllers -# Should reference the secret by name in their tls spec. -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' -spec: - secretName: '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - issuerRef: - name: {{ .Values.certmanager.issuer }} - kind: {{ default "Issuer" .Values.certmanager.issuerKind }} - # If commonName is not provided, the first value in dnsNames is used. - #commonName: "" - dnsNames: - - '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - {{ if .Values.certmanager.acme -}} - # This is used by Acme / Let's encrypt, and is ommited for CA certs. - acme: - config: - - dns01: - provider: prod-dns - domains: - - '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - {{ end }} - {{ end }} diff --git a/helm/frconfig/templates/config-map.yaml b/helm/frconfig/templates/config-map.yaml deleted file mode 100644 index ebea4ef81c..0000000000 --- a/helm/frconfig/templates/config-map.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.config.name }} - # annotations: - # "helm.sh/resource-policy": keep -data: - GIT_REPO: "{{ .Values.git.repo }}" - GIT_AUTOSAVE_BRANCH: autosave-{{ .Release.Namespace }} - GIT_CHECKOUT_BRANCH: "{{ .Values.git.branch }}" - - # NAMESPACE: {{ .Release.Namespace }} -- defined as downward API - DOMAIN: {{ default ".forgeops.com" .Values.domain }} diff --git a/helm/frconfig/templates/gateway.yaml b/helm/frconfig/templates/gateway.yaml deleted file mode 100644 index 281923b736..0000000000 --- a/helm/frconfig/templates/gateway.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if .Values.istio.enabled }} -# Defines an istio gateway for all IAM services running in this namespace. This handles *all* traffic -# destined for $namespace.iam.forgeops.com. Each virtual service in the namespace routes through this gateway -# based on a path expression (/ -> AM, /ig -> openig, etc.) -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: iam-gateway -spec: - selector: - istio: ingressgateway # use istio default controller - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "{{ .Release.Namespace}}.{{ .Values.subdomain }}.{{.Values.domain}}" - tls: - httpsRedirect: true - - port: - number: 443 - name: https - protocol: HTTPS - hosts: - - "{{ .Release.Namespace}}.{{ .Values.subdomain }}.{{.Values.domain}}" - tls: - mode: SIMPLE - privateKey: /etc/istio/ingressgateway-certs/tls.key - serverCertificate: /etc/istio/ingressgateway-certs/tls.crt - {{ end }} \ No newline at end of file diff --git a/helm/frconfig/templates/secret-platform.yaml b/helm/frconfig/templates/secret-platform.yaml deleted file mode 100644 index 60191a394b..0000000000 --- a/helm/frconfig/templates/secret-platform.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# The ssh secret for cloning or pushing to a private git repo using ssh: -# See the README -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.config.name }}-platform -type: Opaque -data: -{{ if .Values.secret.env }} -{{- range $key, $value := .Values.secret.env }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{ else }} - {} -{{ end }} diff --git a/helm/frconfig/templates/secret.yaml b/helm/frconfig/templates/secret.yaml deleted file mode 100644 index 7b3e03c52f..0000000000 --- a/helm/frconfig/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# The ssh secret for cloning or pushing to a private git repo using ssh: -# See the README -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.config.name }} - # annotations: - # "helm.sh/resource-policy": keep -type: Opaque -data: - # Replace the dummy id_rsa file - id_rsa: - {{ .Files.Get "secrets/id_rsa" | b64enc }} diff --git a/helm/frconfig/values.yaml b/helm/frconfig/values.yaml deleted file mode 100644 index d6cf03442c..0000000000 --- a/helm/frconfig/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Default values for frconfig. -# This is a YAML-formatted file. - -# Top level domain, including the leading dot. This is used to form the wild-card cert request for cert-manager. -domain: example.com -subdomain: iam - -config: - # The default name that products use when looking for the configmap and secret is `frconfig`. - # To create per-product configurations, you can deploy multiple instances of this chart - # using a different name. The corresponding product chart also need to override config.name. - # See README.md for more information. - name: frconfig - -secret: - env: - {} - -git: - # git repo to clone. The value below is a public git repo that does not require authentication. - repo: "https://github.com/ForgeRock/forgeops-init.git" - branch: 7c077d2c3ffcd69d5b0f22b63f8a4b741e7e6c3a - -# Cert manager defaults -certmanager: - enabled: false - # The default issuer is to use the CA certs issuer. - issuer: ca-issuer - # And a local to namespace issuer - issuerKind: Issuer - # For lets encrypt use this: - #acme: true - #issuer: letsencrypt-prod - #issuerKind: ClusterIssuer - -istio: - enabled: false diff --git a/helm/gatling-benchmark/.helmignore b/helm/gatling-benchmark/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/gatling-benchmark/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/gatling-benchmark/Chart.yaml b/helm/gatling-benchmark/Chart.yaml deleted file mode 100644 index 221fa32b6a..0000000000 --- a/helm/gatling-benchmark/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Forgeops benchmark Gatling helm chart -name: gatling-benchmark -version: 6.0.0 diff --git a/helm/gatling-benchmark/README.md b/helm/gatling-benchmark/README.md deleted file mode 100644 index 606ad4dade..0000000000 --- a/helm/gatling-benchmark/README.md +++ /dev/null @@ -1,87 +0,0 @@ -# Helm Chart for Gatling benchmark - -This helm chart has two purposes: The first one is to run actual tests, the second -to expose results that can be viewed/downloaded - -## Setup - -### Prerequisites - -This helm chart expects product deployment to be running and configured. - -### Gatling benchmark image - -You can either get gatling benchmark image from gcr.io/forgerock-io forgerock repository -or build it by yourself. Docker image dockerfile can be found in `forgeops/docker/gatling`. -To add custom benchmarks, you need to add them to `forgeops/docker/gatling/simulations` folder. - -If you are building docker image by yourself, don't forget to change docker image -name in values.yaml to match your image. - -### Benchmark configuration - -Benchmark configuration can be found in values.yaml file. -You can configure all necessary test related variables there. - -## Run benchmark automatically - -Go to Gatling release folder - -`cd /path/to/forgeops/helm/gatling-benchmark` - -To run the benchmark automatically after deployment, run following - -`helm install --name benchmark gatling-benchmark` - -Now you can list pods in your namespace. Output should be as this: - -``` -kubectl get pods -NAME READY STATUS RESTARTS AGE -amster-7f58b78755-5bxn4 2/2 Running 0 7m -configstore-0 1/1 Running 0 7m -ctsstore-0 1/1 Running 0 7m -forgeops-benchmark-8566b4cf98-4j78b 0/1 Init:0/1 0 3m -openam-pyforge-openam-6c7575b4f5-5cxxh 1/1 Running 0 7m -userstore-0 1/1 Running 0 7m -``` - -The benchmark pod will be in Init:0/1 state until tests are finished. - -To see gatling progress output, run `./get-logs.sh`. - -## Run benchmark manually - -To manually trigger a benchmark after deployment, you need to follow the following 2 steps: -* Set ```runAfterDeployment: false``` in gatling-benchmark values.yaml under benchmark section. -* When you want to run the test, add a ready file at the root of the forgeops-benchmark-gatling container e.g. ```kubectl exe -c forgeops-benchmark-gatling touch /ready``` - -The presence of the above ready file will trigger the gatling job and start the simulation. - -## Access benchmark results - -Once tests are finished, you need to make sure you have ingress address with -fqdn in your /etc/hosts file. - - -``` -kubectl get ingress -NAME HOSTS ADDRESS PORTS AGE -gatling gatling.pyforge.forgeops.com 35.227.42.137 80 3m -openam login.pyforge.forgeops.com 35.227.42.137 80 7m -``` -Then you can simply access results by going to : -`http://gatling.[NAMESPACE].[DOMAIN]/` e.g. `http://gatling.pyforge.forgeops.com` - -Accessing this URL will show following: - -``` -Index of / -../ -restlogin-1523282212519/ 09-Apr-2018 14:59 - -restlogin-1523282212519.tar.gz 09-Apr-2018 15:00 33988974 -``` - -This folder contains an HTML report which can be directly opened and inspected. -Archive .tar.gz can be downloaded and kept for future usage. Once the helm chart with -benchmark is deleted, you can no longer access these files, so download it if you need to archive results. diff --git a/helm/gatling-benchmark/get-logs.sh b/helm/gatling-benchmark/get-logs.sh deleted file mode 100755 index 669cfb8fd3..0000000000 --- a/helm/gatling-benchmark/get-logs.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -# Utility to see logs from gatling init container when tests are running -POD_NAME=$(kubectl get pod --selector=app=forgeops-benchmark \ - -o jsonpath='{.items[*].metadata.name}') -CONTAINER_NAME=forgeops-benchmark-gatling -kubectl logs -f $POD_NAME -c $CONTAINER_NAME diff --git a/helm/gatling-benchmark/templates/_helpers.tpl b/helm/gatling-benchmark/templates/_helpers.tpl deleted file mode 100644 index 016a4b26c4..0000000000 --- a/helm/gatling-benchmark/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* expands to the fqdn using the component name. Note domain has a leading . */}} -{{- define "externalFQDN" -}} -{{- if .Values.ingress.hostname }}{{- printf "%s" .Values.ingress.hostname -}} -{{- else -}} -{{- printf "%s.%s.%s" .Release.Namespace .Values.subdomain .Values.domain -}} -{{- end -}} -{{- end -}} diff --git a/helm/gatling-benchmark/templates/config-map.yaml b/helm/gatling-benchmark/templates/config-map.yaml deleted file mode 100644 index b7b5ea8707..0000000000 --- a/helm/gatling-benchmark/templates/config-map.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# ConfigMap for Nginx webserver we are using to publish reports -# -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf -data: - default.conf: | - server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/log/host.access.log main; - - location / { - root /usr/share/nginx/html; - autoindex on; - } - - #error_page 404 /404.html; - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } ---- diff --git a/helm/gatling-benchmark/templates/gatling.yaml b/helm/gatling-benchmark/templates/gatling.yaml deleted file mode 100644 index 9151523d6f..0000000000 --- a/helm/gatling-benchmark/templates/gatling.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# Gatling template for forgeops benchmark suite -# This is a YAML-formatted file. - -kind: Job -apiVersion: batch/v1 -metadata: - name: forgeops-benchmark-{{ .Release.Namespace }} - labels: - vendor: forgerock -spec: - template: - metadata: - labels: - app: forgeops-benchmark - spec: - initContainers: - {{ if eq .Values.config.strategy "git" }} - - name: git-init - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - args: ["init"] - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - {{ end }} - containers: - - name: forgeops-benchmark-gatling - image: {{ .Values.image.repository }} - imagePullPolicy: Always - env: - - name: TESTS - value: {{ .Values.benchmark.testname }} - command: - - /bin/bash - - -c - - cp -r /git/config/6.5/benchmarks/gatling-simulation-files/ /opt/gatling/user-files/simulations/ && - {{ if .Values.benchmark.runAfterDeployment }}touch /ready && {{ end }} - /custom-gatling.sh -j ' - -Dam_host={{ .Values.benchmark.openam.host }} - -Dam_port={{ .Values.benchmark.openam.port }} - -Dam_protocol={{ .Values.benchmark.openam.proto }} - -Didm_host={{ .Values.benchmark.openidm.host }} - -Didm_port={{ .Values.benchmark.openidm.port }} - -Didm_protocol={{ .Values.benchmark.openidm.proto }} - -Dig_host={{ .Values.benchmark.openig.host }} - -Dig_port={{ .Values.benchmark.openig.port }} - -Dig_protocol={{ .Values.benchmark.openig.proto }} - -DlogoutPercent={{ .Values.benchmark.logoutpercent }} - -Dusers={{ .Values.benchmark.users }} - -Dconcurrency={{ .Values.benchmark.concurrency }} - -Dduration={{ .Values.benchmark.duration }} - -Dwarmup={{ .Values.benchmark.warmup }} - -Dissue_token_info={{ .Values.benchmark.get_token_info }} - -Doauth2_client_id={{ .Values.benchmark.oauth2_client_id }} - -Doauth2_client_pw={{ .Values.benchmark.oauth2_client_pw }} - ' - -g '-m -s TESTNAME -rd TESTNAME' && - export FN=$(ls -t /opt/gatling/results | head -1) && tar -czvf /opt/gatling/results/$FN.tar.gz - /opt/gatling/results/$FN - volumeMounts: - - name: gatling-results - mountPath: "/opt/gatling/results" - {{ if eq .Values.config.strategy "git" }} - - name: git - mountPath: /git - {{ end }} - imagePullSecrets: - - name: forgerock-engkube-pull-secret - volumes: - - name: nginx-conf-vol - configMap: - name: nginx-conf - - name: gatling-results - persistentVolumeClaim: - claimName: forgeops-benchmark-pvc - {{ if eq .Values.config.strategy "git" }} - - name: git - emptyDir: {} - - name: git-secret - secret: - secretName: {{ default "frconfig" .Values.config.name }} - {{ end }} - {{ if eq .Values.taints.enabled true }} - tolerations: - - key: {{ .Values.taints.key | quote }} - operator: "Equal" - value: {{ .Values.taints.value | quote }} - effect: "NoSchedule" - nodeSelector: - {{ .Values.taints.key }} : {{ .Values.taints.value }} - {{end}} - restartPolicy: Never diff --git a/helm/gatling-benchmark/templates/ingress.yaml b/helm/gatling-benchmark/templates/ingress.yaml deleted file mode 100644 index da0cdb72bf..0000000000 --- a/helm/gatling-benchmark/templates/ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ .Values.component }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - tls: - - hosts: - - {{ template "externalFQDN" . }} - secretName: '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - rules: - - host: {{ template "externalFQDN" . }} - http: - paths: - - path: /gatling - backend: - serviceName: {{ template "fullname" . }} - servicePort: {{ .Values.service.externalPort }} \ No newline at end of file diff --git a/helm/gatling-benchmark/templates/results-pv.yaml b/helm/gatling-benchmark/templates/results-pv.yaml deleted file mode 100644 index 7511893cfe..0000000000 --- a/helm/gatling-benchmark/templates/results-pv.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: gatling-results-{{ .Release.Namespace }} - annotations: - labels: - bucket: results -spec: - capacity: - storage: 30Gi - storageClassName: nfs - persistentVolumeReclaimPolicy: Retain - accessModes: [ ReadWriteMany ] - nfs: - server: "{{ .Values.nfs.server }}" - path: "{{ .Values.nfs.path }}" - readOnly: false diff --git a/helm/gatling-benchmark/templates/results-pvc.yaml b/helm/gatling-benchmark/templates/results-pvc.yaml deleted file mode 100644 index d2fbaa0a34..0000000000 --- a/helm/gatling-benchmark/templates/results-pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: forgeops-benchmark-pvc -spec: - accessModes: - - ReadWriteMany - selector: - matchLabels: - bucket: results - resources: - requests: - storage: 20Gi - storageClassName: nfs diff --git a/helm/gatling-benchmark/templates/results-web.yaml b/helm/gatling-benchmark/templates/results-web.yaml deleted file mode 100644 index 03d1ed0bbd..0000000000 --- a/helm/gatling-benchmark/templates/results-web.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: gatling-results-web-{{ .Release.Namespace }} - labels: - app: forgeops-benchmark-web -spec: - selector: - matchLabels: - app: forgeops-benchmark-web - template: - metadata: - labels: - app: forgeops-benchmark-web - spec: - initContainers: - {{ if eq .Values.config.strategy "git" }} - - name: git-init - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - args: ["init"] - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - {{ end }} - containers: - - name: forgeops-benchmark-results - image: nginx:1.11.0 - imagePullPolicy: IfNotPresent - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - mountPath: /usr/share/nginx/html - name: gatling-results - - mountPath: /etc/nginx/conf.d - name: nginx-conf-vol - resources: - imagePullSecrets: - - name: forgerock-engkube-pull-secret - volumes: - - name: nginx-conf-vol - configMap: - name: nginx-conf - - name: gatling-results - persistentVolumeClaim: - claimName: forgeops-benchmark-pvc - {{ if eq .Values.config.strategy "git" }} - - name: git - emptyDir: {} - - name: git-secret - secret: - secretName: {{ default "frconfig" .Values.config.name }} - {{ end }} diff --git a/helm/gatling-benchmark/templates/service.yaml b/helm/gatling-benchmark/templates/service.yaml deleted file mode 100644 index e830450af7..0000000000 --- a/helm/gatling-benchmark/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "fullname" . }} - labels: - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - component: {{ .Values.component }} - vendor: forgerock -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: forgeops-benchmark-web diff --git a/helm/gatling-benchmark/values.yaml b/helm/gatling-benchmark/values.yaml deleted file mode 100644 index 841254c12c..0000000000 --- a/helm/gatling-benchmark/values.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# ForgeOps gatling helm chart -# This is a YAML-formatted file. - -# Domain on which reports will be available -domain: forgeops.com -subdomain: iam - -# Gatling image with tests. -# Dockerfile for this image can be found in forgeops/docker/gatling -image: - repository: gcr.io/forgerock-io/gatling:6.5.1 - pullPolicy: Always - -gitImage: - repository: gcr.io/forgerock-io/git - tag: 6.5.1 - pullPolicy: Always - -config: - # Name of the configMap that holds the configuration repository URL and of - # the secret required to access it. - name: frconfig - # strategy defines how products get their configuration . - # Using the git strategy, each helm chart pulls the configuration from git using an init container. - strategy: git - -taints: - # Taint checking. Turned off by default. - enabled: false - -benchmark: - # Name of scala test name to run - # This benchmark supports following testnames - # - am.AMRestAuthNSim - # - am.AMAccessTokenSim - # - # For IDM it is: - # ( Always run Create test first to have users present for other tests) - # - idm.IDMCreateManagedUsers - # - idm.IDMReadManagedUsers - # - idm.IDMUpdateManagedUsers - # - idm.IDMDeleteManagedUsers - # - # For IG it is: - # - ig.IGReverseProxyWebSim - # - ig.IGAccessTokensSim - # - ig.IGAccessTokensNoCacheSim - # - ig.IGGenerateTokensSim - # - # To run multiple tests, syntax is as following: - # testname: "am.AMAccessTokenSim am.AMRestAuthNSim" - - testname: am.AMAccessTokenSim - - # By default, simulation will be run automatically after deployment. - # Change to false force Gatling to wait for trigger. - # To trigger simulation if false, add ready file to gatling init-container: - # kubectl exec -c forgeops-benchmark-gatling touch /ready - runAfterDeployment: true - - - # How many users we want to use for benchmark - users: "1000" - # How many user threads we want to use for benchmark - concurrency: 5 - # Duration of test in seconds - duration: 60 - # Logout percent in authn testnames(0 disables logout) - logoutpercent: 0 - # Warmup duration - warmup: 1 - # Token info - enables getting tokeninfo in AMAccessTokenSim tests - get_token_info: "false" - # Oauth2 client ID - Change to name of your OAuth2 client - oauth2_client_id: "clientOIDC_0" - oauth2_client_pw: "password" - - # Root context variables allow for any future changes to the root context. - # The values below are currently default. - # - # am_context: "/am" - # idm_context: "" - # ig_context: "" - - # Product specific values that are passed into gatling. - # Will likely to expand in future to cover all 4 products. - # In case you are running gatling in different namespace - # you need to specify host as a full fqdn. e.g login.pyforge.forgeops.com - # and change proto to https - openam: - host: openam - port: 80 - proto: http - openidm: - host: openidm - port: 80 - proto: http - openig: - host: openig - port: 80 - proto: http - -# For creating the PV, we need to specify the server and the path to the export -nfs: - server: 10.191.193.66 - path: /export - -# Reporting related values. -component: gatling -service: - name: forgeops-benchmark - type: ClusterIP - externalPort: 80 - internalPort: 80 -ingress: - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/rewrite-target: "/" diff --git a/helm/openam/.helmignore b/helm/openam/.helmignore deleted file mode 100644 index 435b756d88..0000000000 --- a/helm/openam/.helmignore +++ /dev/null @@ -1,5 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -.git diff --git a/helm/openam/Chart.yaml b/helm/openam/Chart.yaml deleted file mode 100755 index 0945e2bdfc..0000000000 --- a/helm/openam/Chart.yaml +++ /dev/null @@ -1,3 +0,0 @@ -description: OpenAM runtime image - this does not do installation -name: openam -version: 7.0.0 diff --git a/helm/openam/README.md b/helm/openam/README.md deleted file mode 100644 index 3e262f2d63..0000000000 --- a/helm/openam/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# Helm Chart for OpenAM - -# Quick Start - -`helm install --set domain=.acme.com openam` - -This chart depends on a having a ds configstore instance deployed and an instance of `frconfig` - that holds -the information needed to clone configutation from git. - - -# Implementation Notes - -These are subject to change! - -## Boot process - -* An init container is used to copy in the files needed to boot AM into the home directory ~/openam. This includes the boot.json - and the keystore files. -* AM needs a writable home directory (see https://bugster.forgerock.org/jira/browse/OPENAM-13841). It wants to - rewrite the bootstrap file. For this reason, we can not mount the keystore.jceks and other files directly under ~/openam. This is why we use the init containers to copy in the template files. We will revisit this in 7.0. - - ## Keystores - -Not all components in AM have been converted to use the new secrets API. The session service (for example) assumes - the default keystore.jceks is used. - - There are in effect three different keystores in play: - -* The keystore configured in boot.json. This keystore must be capable of being opened using a clear text storepass. This - needs to be located in ~/openam/. This keystore just needs the boot passwords for dsamesuser and the config store. -* The legacy keystore.jceks for the session and other legacy services. Can be the same keystore as above, but this is not a requirement. -* The new keystore supporting the new secrets API. This keystore is opened with the password secret provider configured in global settings. By default, the storepass is encrypted with the AM instance key. Therefore this keystore can only be opened once AM has booted. We change the default configuration to allow this keystore to be opened with a clear text storepass/entrypass. - -The current approach is to copy in a prototype keystore from a k8s secret mounted at /var/run/secrets. The three keystore providers above -are all configured to point to this keystore. The global password secret provider must be changed to use clear text passwords to open the -keystore. This is found in the forgeops-init configuration that is imported by amster. - -### Using custom keystores - -You can override the default keystores in this chart by setting `existingSecrets.openamKeys` and `existingSecrets.openamKeystorePasswords` and providing your own secrets separately. This makes it easier to replace the default secrets without modifying this chart. Make sure to provide all required keys in these secrets. diff --git a/helm/openam/secrets/.keypass b/helm/openam/secrets/.keypass deleted file mode 100644 index 5bbaf87581..0000000000 --- a/helm/openam/secrets/.keypass +++ /dev/null @@ -1 +0,0 @@ -changeit \ No newline at end of file diff --git a/helm/openam/secrets/.storepass b/helm/openam/secrets/.storepass deleted file mode 100644 index 41fd6e222c..0000000000 --- a/helm/openam/secrets/.storepass +++ /dev/null @@ -1 +0,0 @@ -07U+ZDyDqBSYy00A+HtUmw8eSHvIjwIE \ No newline at end of file diff --git a/helm/openam/secrets/authorized_keys b/helm/openam/secrets/authorized_keys deleted file mode 100644 index d14bd9eae2..0000000000 --- a/helm/openam/secrets/authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdlgJZRDOHJLXooSGU8G9phJFR4otJQO+3QY7LGNydxwjzcxvz48okUUbSnMa92xwbZIhj4gSOHrEVSSQOQRsKYYq06FQsJUsiGVew0/OqOnPm8jcMsQdWkzUdgyGk6Mcy5sI16KDVPROd+lLwuna1wpDwy6t/JFWHPOjM7zAPD7+iy9XksMgY2cToTH6aeRsArTfjtwNdcPG/jZJceXMPJ4EdEj3rS2umhhFSpYOSbkeIXwz8jizayk40pgTDdhiIwavtziREgbz0cYHMZkW69XtIaVGv/Gi1N8zcfSKHC//0zVHViREUbM+8kt0B+FP6KfNaz3CrWXYgA1u/H4JkUG6tZJOVQ+KmCF9dI07n8MtpDpgCGcQWqBOeUU+jdStxq+cV73aZ2Asw8+4M8zhomPhQj6LdUtH93YQ6JoKeHJoPX/5PDUM7KNK94LANloGkoW3FiE+h0/TiFONomfrP+FkDLjdQZM0JzyytLgUrxvqUW9Y7ZYm/Vjg9HaKnRnLSfT+9Vy2wAwSXLieQ3PRNupUdS5PIEdSSMUyhjsnoRFJLwYA/S1gTlSM49qrHj8NexXzLTkd1XutVL11DFVOD8p8G/oDJZXiM9DpFfZkJmVpFS+GNzYkNFAGJlH1ydL7iNLXEY3H47Q2Ji10kdJXyAguhGPd7xfHMoXjya9ZhFw== openam-install@example.com diff --git a/helm/openam/secrets/keypass b/helm/openam/secrets/keypass deleted file mode 100644 index 5bbaf87581..0000000000 --- a/helm/openam/secrets/keypass +++ /dev/null @@ -1 +0,0 @@ -changeit \ No newline at end of file diff --git a/helm/openam/secrets/keystore.jceks b/helm/openam/secrets/keystore.jceks deleted file mode 100644 index 4ceb98ce81b45aa2ef9e8a04d88a3ec782827972..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14914 zcmd^`WmKHW)~K7Nad(#xf(2jSf1rvd<#E)mSD4fEzqop zzRmm5OieAc&m+`KU36GCs-=$gHA&QwVPpOF^NB>hWW5|kO<}QvLifBjC+bnK0}Wqp2+`1{m!}843=(qLaCUh&=1>jbL&9tp+eT0U9eem<`Mh=4Iz$=g=WQ zV*|57rQgMWv@h<^m-uZEfH3fIPXj;zDp(T$C@CAe)$x`FrwUo9RbYI^RhTE=&sBmx zaL#Ny@(BVEZ}ZECBv<*wyKjBzoz5TbQuHq;Zl|r(`{a;Ap2oj%Fc)R>rUMN1UEo=d zS-h(5O0!aAjR$Q{axqs?P5Bi?N&YhQuvP%DIS|Zf`P3_XD&W0;rK`;DC!o6o1_}>I zX|2QIu4{n9KPPJcNv@^waaPIWPo&s{4B@&!R>0N5;j1i%DE;OdIuv+(o^NB9;+g)*A2vR-DiA&U%+{vFa0vlp(X8|#Hakn-#H+L}oeO;(Vq|(>} z0H6bKAZYhL76zHQR3V>IKKRGN2n6+;omb&}e>NGWr_aDvE*ay$Twu7kB)6m$6*7%| zDL!vsvBJZ9(ARzr$IaC7Uf;E?|6p+TbB$R6uesWxLk;qfTT;EnL{B2Pg_@KGNPfXsM{&&X3*zHd}c`;dVY*_9bt- z=FTwDI||rOsc0$DX&vb->!lJQOAFn_AZ87fzI{c!TUNK)MRg@iiD*);>ZEuhYPOVl zRV49ELOOg&H)S3qz!+zE70WH9stLdUA?SlrjG1XAnR?13!-%s7@|O^5gElvj&B!JqNRW!-91&++im)b)4nFCMh1I85j7pVV+-t{^z7 zG{Xu#+cu#>ej(xwN&1Rr;d25z-n##M+k=cqt!k-bXpKFOI$ggc5Hc3XIoAaAN(6f; zFqO#d_D)e9UWO=XvaVfBB6`dyS7X}I-RP;?$zZd1(FLqFC^#(^O&5F_?w&X9BA;P` zi_(^V`&oz_6&c;i-7jXVNSRIIX{kk^G={whC5<8)7Y@ZR-%a|t-#y9kLU|gD_ZrE;853(vcO7;C<*q?BzcKGl+@bGB|`!$J@5UVG6GB`vwCRc&lTaTJ_& z+F(O@!e(=JOvOOM2HUdMHCNOKpLlkgHToHm>;80iFJQ1q0DOQmRI*ExR~;#Y-kR{{F852XlksvsSM>U zZm+Ac;i*eQ;%l~YN9Ayj`b2e!!hqr%w#dV}#r2pno`FU~TJtx$%uF;#z^h|6Tx&p1 zZi*j);rcD&2m<|3i64sa7`2!3`l*vSS{Yd1jlKqJQF=N|QbC5W= zj9K?BkoVyr%z}_YCG=3RD4pIzcA_35Nu@Kq{)v8#o(tR^`L|%%-I-CJl5mK)(wLq9 zWwLz={kF%NJ;FSp;zx6w;Dj*_)f7bYdYPhzXRWUnzuKLwUvx+_DR_s>M;X3e&U(9*N>4Wo@l2!0Jfb4V zZ(gUpU3p&NDOt@|(Bt`zgkbv9D_)j~_LJ5CNhDCFX;);Dst$5Qm8IEg`zs6SjjaWj zcxH2Ezva%;kLLxay=v9gXD{XR$*%S6j8jVwWLkKTyoyVE&VpUX99A4=-$eKsO)?g{ z_QQXNNeCJis9;@VBE1VkqVj#mb#SVVt+o)tjhikaMn1kJC@k1N=Z(U7Mg43+H8n$? z#N<3CFWE)q5fL(u(v{+h;BvfC2+49{SbCpLQE)Ea4F>3esJ@_w?X!TDO0MldJp{E5 z_jXY2aiNwDwcm?Tbc`ND_)t~n1e~)1VAjRrMq`pK-cSbhO&yN2$o8@EM=Ehv()kUw z5m=@pG)sLP_V!1J45L0Q$cn-HFweR`(y;B0W~iSA8J}`5DJdC-tLfR@%v;T7Jm`oh z*Y`l4o#g)MgoL#R2f|u|1A)rL zejJ;yIG`W<@y`R23(U^S!^+CZ%?kc;K>iT9ei#3#ZUn+m{W<_JZ~)jq7z_Z^ia-Vi z!oUF9sN)2$E1q$yqs{bv4^Pdj1A2H5uRf`~*s^Ldcec}oh#|%iFO&m(ZW^c^j&f?u zzEw32lAW>9eE3?t4ngj%47^Teynxu>|q|I*8C&1RX>eKy1ex zzZhoDhta2LaD^Gh67M)~%kB3H;@Un4!w{&&rnzNzw-6)~1gP{Wka04}>rs(iR@j&= z2v&Iy;muv^#E3;`>g?gQ%!-EPWqbpQ!bQ#ec)cy=^R)rFPrwf3{#@OB1^N;WU z`ZYl=fzs{H;vKg+Kn++)T{T!PVTs)fwOm z0LlT7oPM?vv9ojqV9WjZ0~R}D2TK-JR~KssOFlUO0tDJUX!Vcwu%1qCE3{Cj%#4IaFXo?E5pF>C>cpU&mb%oHPp;$9^1T#WxNVsH>{Q?@|QE zE_iq7PdZuIb5l37GUJa3I8iIONgR|eyAtApT{iA#D$8j6t5&~!;?_Ff#(`+S?D@Y# z*Rj}TVzkn1lACP8@%B27xWbY()uM`a1>h@*N@!ZUTFHxZia405xmY{dnTt!P{%yri z{i2#djP1?cpw_07huIJM;)#*S`Y%u|l!8Er+i!>l$X_J0K#k^qDK>nog;yxA51IS@ zjAM;^@?^;=7L&isHsWjpn%tX>d4begIOb5xArvI^P-Z*XV}?8F2=FCIBpjWJ<2*M$ z7Tfo2(;DYQiFXCU%QF~x@m!3gG%L3-$PT^Fa-H|Te-v*aDW>QTs->*`q6IG{F(uoNewdj6m@mp{}^?x8k zqagJwoy4a5pDZ1Zi0W}-_e^l+ZE-1QYv|e`fp~bkitMAl>@A793*xQdMr%S#b#X1% zv?5{3{K_1@3V}4SWC+2u8mrZt1{u;0(_7leJnFM6{n z`sd61!NxFs&=ai-`dCBRxMs;N4vwRc!V4Q!m zG2%~80W1sxtSA7)UB|@x-tfv;S`nVb)WT6-?Wzji`mkyieQD}p+UdZ*8OLHUl2kBK zD=dN&mzHPtX@t4XqdqOUB9|n}6jdRQUq%;J3ILV>Qd;2detchs)NWRp#71@v9QLMY z7Ev!NwBs{1pF>_p@&P^qd?1Dk+TrPXu7WQmqJka^Yk`c3=N=!Qg01{k+a$de>fV9Q zP)rwyv5ki-#M;sUx)=X;qNr^=>_WHIzkyp%e7RHJfKv0{;a1PM?3-@kAbwXYLCmES znag((%!K$W76w!*%m7SgOBt1;{MQ_D8eA}y!Kp91!*XU<4FtLyz}?g&3s_;e9-$uh zs_dL_naaX;q6i!p+-B*r*i3#s=K- zd+QEP?jVoPVy8m=)UWJxlQ9p}F*@H3&M=qlv!%;_ck7nJQA%yZnz)Rztq*~LQj6FwVxez4PNRVttHD0Gf zx9T0v^w|?(cfn!4Q&*h|#aimuQ>MdmA?7NhF^LJSNu*KZOq>Y36v&{#THzj6S$(I& zPCELxNu~oFV~<`MxaiAPRoLZ}FTFRn)Z8~v!K4sEn0fCfJ*WTvO-l*YN-N|M94n*7tYY{dhvpz~5A`Vs zSGJQ^^E8)pa(qjt{*dM|f47@n1iDSckTZTd#iV?aCfDRVLS}#3>WLK|_nBT?#TdR) zFrJNb{@P@T7bvU zCB&5Cq=F5o;wf!#ds!!?)*H}17e+EaG(GZd)aLkHOTB{(~z zolbxes|GLuvknP1MrWyhjHooSKqU-&6?5qS24y&?nQvn9tvVQd#TJ z+T(rmD6L3c-tW958$Y=rtuuE2(-8;j1%+D=DBK$U4!5!%S$BWI67au#yzn>(>JGLJ zjvfwwczvOM;J=hW{lI@ILH>^tl>aD!{a4BFjLXT!!O9N(aR0`*oNR2ri~n$M{x{T} zl?oNhc=2cSoN>q;s5|CdF%67g%h2RZU((Q`zM|vlA{=POJdy^!1hqA6@^DlGiC+dEpI48SQir2-TbfEo^e5J@pen}9=J%c2f zQeIm3fgLa!9zr;qv5YAn*?_|&ecqLb_5c`nBYJV|;O?wLZtIMHk4=!G&-$Em{jHD6 zu=MtKIwAj*u-sMBO7QjbNJ10v9tSACP4?kP$vmE|<2A-uRmVzPRZ^@DLxKlUkw&zc z2Ig%xv0VIQ7jPlASDDk7RbPgb!vP+7Mf?%{>p{Y8=QOV~B#1H+qtfTMZ0I8Lwv}?L z?AvkQc=EA8W2K_0q?uNY4^hmu32}BC#u}aIS8*qABwK3jat?&=d2*sRYmu=NnS^AG z^y15hru%8~;o69qM>sB@&wQaDIR`(3u0&V>hLyds>F-v_@Ak6=+6Nbo{{kBN3A$(H zi65){dv^W|x*bNxWm+(2t1~HP+#&Sh;hyW+bk_1!o_c^74^7wp2u0yd4DTJM68fyL z@#Id~JF3ev73yGxD}(K8A{W?I)wjHfB|!oylHfsEvFXPjbM4YY{gnIxU$nwiNS<(f zvVB5Kt$pi*?*BfLv5!q9+0ktp$YCTruo@BZ_w*B*5$j4dwywa(hUmHdUDt$VaYhXf$ zUczV@b*Ipp(n%1+IlXmDP!l@rZDWtl56{$cG?|e2qZb z-hDj98SMp4`ux3XL&%PeGHA(@b$?t`^>SSYQBnm~9P1Kf;lfZLA^ z;17D{iJ?XQFVOf;U&!aK*^OhBwcJ1XLSW>~O{N>n#L*THg=xCK8f!%reDs5<s@?sGK>NSt`MMQbsc8On$=wlH;R_PqLH>7wl?a zZP44rqA*@{6yHa;6GIy$yY=~YbrzZWNU4?HbvqF?$ZE0fM0qu&Ess@+YIZ%cEdY5O z;9AVaB=xuI``e12w$)EpJrp@rBU1dk{+2Fr)aC0WA|D?8PM6e-T--9>cS6q0KTO}e zwYLaGqWId?XKrUy z#~!^?iVkPw9y0(#vHU6tldEK{NuO5ki`u(BCyU;$p+!Y2PL+2bBrXBzBXu@jEJl|k zQiBAXAG0jfTR1Hre}S!5W2=J@+!*rHa;INYq7xXIpMqvci# zew{z2d#0}@CJiC*r&o@xIF05$6|*RcW_yISz6}<}#bxu$EOG}13XA)GmI%Q08|u*l?T~vz{yrG%bhZz zmv*16@YDM&%gW`sE8o!Cj|Ys|;>{6}4zhI|Tb zfp7t{63!*E?$Z8%F~x+iSf|n@f}Dk53aP9LRLvrh2mi)^uoC_~2=#2TiT~6)vBAve zb5F70g=iAsxoeXjvFLy3@6T#M+eRwTdxrjOp{eE)n*+s*x@{$mA=Zc!pZ$|I`?ag= zr*|!6LvF%VwXw#NAD&o*l$u76ny8@N5xdz1c#F|Silf=tFlg=xbrD~%DGdpgave7| zJ_hHv1TF2J-sq>KitS(W*Qjjj^9}cDk2{B9URU~-@oZCeZxqm$EpWg}37}OD4%>1# zB)rp6-y(!zI*^c0@IrS&S@OwX>ENrRn*$L=Bbm)d5eD4* zWjqmWsyTI5DD$rB+YyY5H39StKis}BfIl3luy#qIg47ZCWTLY6;L zi~fk5aH*L&7DBn9F9*6Vs%Iapu@;=H(ALAIm92=2CA-FD> z{K(e{PI17TkJJtVi+Ci*unzKL#6(J@DW5_vZ7SbV%4cKWI?nOHIio6hkaQ;LJ4;~$fKi?g;#-;S5 zg02;QEF1=kxap0w=%hV~!)jO*ek2np;sXCGk&HJ^1cR=X^F)BnFt7Hzqu?kllGqiB z#W+89`2F%SUBJ^m=D~pf2`9Y`VVZ6Q&@}_biZm(wiP%5qreyqO7X8FYB2bt6)qSD+ zJ>(s;e}$LGhMZ8g^GQ8kZ`UV(?q)203MM9pRgAufO;@Gr9M=OvPG%&UhIQ?})Vwm` z_RPJiE;Wmt(Tj_n~5x@*q~Ag+~e!>CIaY_D$gww2JbrY;Q)6n8XU?JlD%waIisL7j1yW z-P=tg{A_fQCnLezP4v8I)deRlqAOrlUty`XRK0$__NaSvMjgZzPM|az!B#QZFG};t zDHgH)saXcm@rcG2BT?vvDmSOcOouY|7@T!}ZsJh0X&g+Z1VeX$z)zzR-PF;+!rBs= zndf5u@7P-Qe~UetJ54IZ)aa1*Cwo$U%lJ!91unkwi@RZBZ;M#mb-eC=@1%~Jj&>r` z>k`RxZdAvITnRJhqQ0fc8(%VG0%74dAQX`xO_w=r2i_FZry+z&Z#zTLuM{xJOP4Lo^@Z?p!M-jno5Tb;(J5 z7iH=(6AK2e+1VG2QP{CFL2-fFe(GCUp<#1 z2=Tv#>1y2FsZ*>~mM8T%+hir0e85bO`C{;PLPVVU?ST@`$P52TW=T9Jti8w<`v=C) zv&6KM&)SNVnha;OT`DmmJLw6YED&E16%Ed!osMsYhq=D$@Zksz%XGzhh z2&C&O&cn|sr;datm*Dp6b?_alFJsm`=3UmO z_`fv{WRI=OQJslhRmO8=mIaX4=bYv)Oel{=o_g-P?cqmc82u%|RUUf&NJB@f0vg2o z9#*4qH*{+MOPJ{&37q||zh8rR9AFOKUxIi)#ecLf0a^c%;rbXhAQS)sc&O9YiBZtE zu|0XT*Oytax>cWtp|_Gh%ZALttAq47Lue$DzL?Pu$sSNPT#e>_>E?WA&2&yCJ(KAM z;BF=VbO<9;ApVN51-%4Yg+Nrm!mu74f;{ zIQuIXBqzl8KW%5a&nEIDS0ID5y~o1MRnirx&R zvdK-Oi`ZPNL+`QQdOcwaa@o);C0(Oi*)9sy@q|%b22Z}i?>v|^D*1NR&v=n>_z_{@ zKVR=CLMY(k8L4qdQrRQia>`-F`P$%n@Lmww4tDSfQY;0^_Kog z$Uel)0u94{N@LIY=$u;>iq7nYS#IV|0yj1SOD^tLwf@f3`&;bIHKMpP zTgiP1hSki3vf=%})nl0&hN05HzU`<_<_keNyZA2TGPgduIF))iZ^Sm3B@q=r`man= zKT2*stWWSTp}SwH7EvQ~xTzD~JzJ`+nf9_atDj@=SH zpE}pQakXJ}SMD~;)K#m%n7}w)o05?yja2;AsSe#W&~OF)AQB7=o!@#G_?jG?bv7jN zm}W|0vz>o|NQ}aVzRZJisDF94lTPS8#``I=LDHT!1G|ms@9$ z*wsSdlYJaZl%j=wthH7rwm=blBKo=%>Wl2Y{ef!gZ(O)?9u3|%-Mr?Z@3`aPCt3?K zX-i}9?$JTz%{>boRhn{x_Wv zV1~u#E4*R>&){C9>6I3r55I-bg1pNm4v?X-PT|tRzyg6q$T{2H@8HeE-%8w>x^M?4g>lr z(NK2xbdXU+47b)ie~9Ofiq(p&2W@O0D>d1t6aptLyfh@eO>*2N8Xb=FPgv7+@~_ay zuJRG_%G0tt-tk1;oLNfc9jq*623Fm8J4d8hbk9bl(A8_`a0soDCWuZ2vB>L3%SmFV zH$^5YV#}u6wlkG6c=jvL^#{M-{9e7vCF}Z5yctucWdi)cxz_huqwmJTtPyS!SqVA9 zszQ3;o9x`Jr!<=Avkv6cs=YuT@rrKsgyrvOIY9rGMOv?Kb?K02R-{WX(!I#htX$6F z4R<@yAvCuFT0J^$eFq+8!)=A_d8w9~TfAP|>H55kkBotkjoB z6ewqWbE}iA5%^vUhABuocfdY>`~8(ojntwH9pG5Ltx?XW@xU%Afta6Zu({Jbff1$g zi`TIQ>AqT5`)4XgeEjv4!VQwnM!q2j{wXs<`df<{V10>fN82}!)F>wifv4f?;%WS^ zx@|4npn6DB421v4ui62HK)N;|L{jj4_>8QfV3(Qe#&q4U6xh%k^fCGUP&Y$&QV2~& z?OCCJmjh)`vc^MZW!Sg|c(jIg-`4z^EC!zonxXIBuTu4#AHAjhD@?2^>`jaJYA+)E zWH;6zVQbDL-AfhhH3R(_uOnZ5sjn|Rr!`L^z@HVRJNuI?7CVWGLG9alma`oEylxYC z(QpIYub%fMZj;*iflf+4R`?z_D-@3RL}ed)iQ>;-NIUDbnx-ldaH3I{pd07SUpE=q z)p6n84iQu{#n~LCe6z4}L0Gcj@)zoyMSAn-VdtLQ3;jB>GtC>krT!HU_uH9Se|pro z9f<8<-aSp-n85SelZ~)!xGJ;^uh6lcrt7=kN;Zg%kdrU0nj;qRHBoG*{Ga>;pakgc zk{GC+_VxEDG>NL&?q3iO?D0#AwWR1T0qFm`i%7U&?B6aTp-4DbT05AV|47YbB?c4z zmS>IiuPaNGO3=j4Ka#F_q4$tDSh+ZOIa#4b8!PXROG>|s|NlA`2vhj$ApMqx9rq&* zI})0P9RLW8916rNjTK1%5SJb$8qzpBOt}>*>#9b zvbeAmQE@_~e4(_p73l3Wqq--hwgBs5i&5CX%^U$a{Hl?Uw*7t-?qzlXZ!6t9M7UD# z`QBn|rlF6-y$NnNgBo*|60VknA~?|*3k@OC!eb_R+dAsG>%!cv@##u)(RE8Oa1nqs ziq_Ou^c)cni(RVv9Gh4AByZ?6OCdalm6=Ct(bBlpPV$l${8Ivu@cE5#f@;&;TRhb} zqrhi$M-gh+aIgyaH$;Ip{VO2P(ixdByOn3{kL>+4jIzH0y_Lq>I~i`gHt`@9F0o8L zs)Q<7cG)s`yRScsj}9p;Ir^waY;hGXrOIE`u<)kOAtru5ChP?DzNq?q5@6H&=B*3< znow3ko8W9=Qnv4`1TmikC1(6oxV>k1-bYD&55^}*njUZ9?mV zm`IZ|ii`q~oWFd0CCn5t`f|d34qgk7isPC7^8e(_cpxZYK0BvaCEX86Zs1|6@QvgA z_Nx+qO9Kx85JI}Qqi@XIK7D_yP2a0HOqv}|C^3We7y?^y*86hDofdGm8mcwjuh;7L z6s#V@slA7xI&GVhiS~qHmpO7uvM_SX5I0CfevxObO#|%}ZGxKiV=eK!Q(q&q%CGzI zYE1(7@|O6A#5MR*>fzlr@%(Teiu!~TwUtKsnqsQmP8?l4f_4yC2+{3L-?oHCo!^(@ zrVqF7$|TtS0sGL*`BHa)Ud6az(FVZIsz|AYzX|*m<;$4V>kmVr8B{`z`ich~U?wiSXMKxk CC^roN diff --git a/helm/openam/secrets/storepass b/helm/openam/secrets/storepass deleted file mode 100644 index 41fd6e222c..0000000000 --- a/helm/openam/secrets/storepass +++ /dev/null @@ -1 +0,0 @@ -07U+ZDyDqBSYy00A+HtUmw8eSHvIjwIE \ No newline at end of file diff --git a/helm/openam/templates/_helpers.tpl b/helm/openam/templates/_helpers.tpl deleted file mode 100644 index 071b67b9e0..0000000000 --- a/helm/openam/templates/_helpers.tpl +++ /dev/null @@ -1,44 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. - -We truncate at 24 chars because some Kubernetes name fields are limited to this -(by the DNS naming spec). -*/}} -{{define "fullname"}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 -}} -{{- end -}} - - -{{/* expands to the fqdn using the component name. Note domain has a leading . */}} -{{- define "externalFQDN2" -}} -{{- printf "login.%s.%s" .Release.Namespace .Values.domain -}} -{{- end -}} - - - -{{/* expands to the fqdn using the component name. Note domain has a leading . */}} -{{- define "externalFQDN" -}} -{{- if .Values.ingress.hostname }}{{- printf "%s" .Values.ingress.hostname -}} -{{- else -}} -{{- printf "%s.%s.%s" .Release.Namespace .Values.subdomain .Values.domain -}} -{{- end -}} -{{- end -}} - - -{{- define "openam.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "openam.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/helm/openam/templates/config-map.yaml b/helm/openam/templates/config-map.yaml deleted file mode 100644 index e27f0b2a97..0000000000 --- a/helm/openam/templates/config-map.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2016-2019 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Config map holds the boot.json for this instance. -# This is now *DEPRECATED*. The boot.json file is now created by the init container. This is here for -# sample purposes, and will be removed in the future. -{{- if (not .Values.existingConfigMaps.bootJson) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: boot-json -data: - boot.json: | - { - "instance" : "{{ .Values.am.instance }}", - "dsameUser" : "cn=dsameuser,ou=DSAME Users,{{ .Values.rootSuffix }}", - "keystores" : { - "default" : { - "keyStorePasswordFile" : "{{ .Values.am.secretsDir }}/.storepass", - "keyPasswordFile" : "{{ .Values.am.secretsDir }}/.keypass", - "keyStoreType" : "JCEKS", - "keyStoreFile" : "{{ .Values.am.keystoresDir }}/keystore.jceks" - } - }, - "configStoreList" : [ { - "baseDN" : "{{.Values.rootSuffix }}", - "dirManagerDN" : "uid=am-config,ou=admins,ou=am-config", - "ldapHost" : "{{ default "opendj-configstore-0.opendj-configstore" .Values.configLdapHost }}", - "ldapPort" : {{ default 1389 .Values.configLdapPort }}, - "ldapProtocol" : "ldap" - } ] - } - ---- -{{- end }} -{{- if (not .Values.existingConfigMaps.amConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: am-configmap -data: - CATALINA_OPTS: "{{ .Values.catalinaOpts }}" - AM_CONFIG_MODE: "{{ .Values.configMode }}" - FBC_ENABLED: "{{ .Values.fbcEnabled }}" - {{ if .Values.amCustomizationScriptPath -}} - CUSTOMIZE_AM: "{{ .Values.amCustomizationScriptPath }}" - {{- end }} -{{- end }} diff --git a/helm/openam/templates/ingress.yaml b/helm/openam/templates/ingress.yaml deleted file mode 100644 index 1e09158eba..0000000000 --- a/helm/openam/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Ingress definition to configure external routes. -{{- if .Values.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ .Values.component }} - labels: - app: {{ template "fullname" . }} - vendor: forgerock - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - tls: - - hosts: - - {{ template "externalFQDN" . }} - secretName: '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - rules: - - host: {{ template "externalFQDN" . }} - http: - paths: - - path: /am - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} -{{- end -}} diff --git a/helm/openam/templates/istio.yaml b/helm/openam/templates/istio.yaml deleted file mode 100644 index 071d4bd1b8..0000000000 --- a/helm/openam/templates/istio.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if .Values.istio.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: "{{ .Values.component }}" -spec: - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - gateways: [ "iam-gateway" ] - http: [{ - match: [ - { uri: { prefix: "/am" }} - ], - route: [{ - destination: { - host: "{{ .Values.service.name }}", - port: { number: {{ .Values.service.externalPort }} } - } - }] - }] ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "{{ .Values.component }}" -spec: - host: "{{ .Values.service.name }}" - trafficPolicy: - loadBalancer: - consistentHash: - httpCookie: - name: istiolb - ttl: 0s -{{ end }} \ No newline at end of file diff --git a/helm/openam/templates/openam-deployment.yaml b/helm/openam/templates/openam-deployment.yaml deleted file mode 100644 index 82d27cb7b0..0000000000 --- a/helm/openam/templates/openam-deployment.yaml +++ /dev/null @@ -1,203 +0,0 @@ -# Copyright (c) 2016-2019 ForgeRock AS. All rights reserved -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: {{ template "openam.fullname" . }} - labels: - app: {{ template "openam.name" . }} -spec: - replicas: {{default 1 .Values.openamReplicaCount }} - template: - metadata: - labels: - app: {{ template "openam.name" . }} - component: {{ .Values.component }} - vendor: forgerock - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - sidecar.istio.io/inject: "{{ .Values.istio.enabled }}" -{{- with .Values.extraAnnotations }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - spec: - {{- with .Values.serviceAccountName }} - serviceAccountName: {{ . }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: -{{ toYaml . | trim | indent 8 }} - {{- end }} - terminationGracePeriodSeconds: 10 - {{- if eq .Values.podAntiAffinity "hard" }} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.topologyKey }} - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - {{ .Values.component }} - {{- else if eq .Values.podAntiAffinity "soft" }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: component - operator: In - values: - - {{ .Values.component }} - topologyKey: {{ .Values.topologyKey }} - {{- end }} - initContainers: - {{ if eq .Values.config.strategy "git" }} - - name: git-init - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - args: ["init"] - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - {{ end }} - # The init containers below should be removed once file based configuration is in place. - - name: wait-for-configstore - image: {{ .Values.utilImage.repository }}:{{ .Values.utilImage.tag }} - imagePullPolicy: {{ .Values.utilImage.pullPolicy }} - args: [ "wait", "{{ .Values.configLdapHost }}", "{{ .Values.configLdapPort }}" ] - {{ if not .Values.fbcEnabled }} - - name: bootstrap - image: {{ .Values.utilImage.repository }}:{{ .Values.utilImage.tag }} - imagePullPolicy: {{ .Values.utilImage.pullPolicy }} - env: - - name: BASE_DN - value: {{ .Values.rootSuffix }} - - name: CONFIGURATION_LDAP - value: {{ .Values.configLdapHost }}:{{ .Values.configLdapPort }} - - name: FBC_ENABLED - value: "{{ .Values.fbcEnabled }}" - volumeMounts: - - name: openam-security - mountPath: /home/forgerock/openam/security - - name: openam-config - mountPath: /home/forgerock/openam/config - - name: openam-keys - mountPath: /var/run/secrets/openam - - name: openam-boot - mountPath: /var/run/openam - - name: configstore-secret - mountPath: /var/run/secrets/configstore - args: ["bootstrap"] - {{ end }} - containers: - - name: openam - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: 8080 - name: http - volumeMounts: - {{ if not .Values.fbcEnabled }} - - name: openam-config - mountPath: /home/forgerock/openam/config - - name: openam-security - mountPath: /home/forgerock/openam/security - {{ end }} - - name: configstore-secret - mountPath: /var/run/secrets/configstore - - name: openam-keys - mountPath: /var/run/secrets/openam/keystore - - name: openam-keystore-passwords - mountPath: /var/run/secrets/openam/password - {{ if eq .Values.config.strategy "git" }} - - name: git - mountPath: /git - {{ end }} - {{ if .Values.useConfigMapWebxml }} - - mountPath: /usr/local/tomcat/webapps/am/WEB-INF/web.xml - name: webxml - subPath: webxml - {{ end }} - envFrom: - - configMapRef: - name: {{ default "am-configmap" .Values.existingConfigMaps.amConfigMap }} - {{ if eq .Values.config.strategy "git" }} - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - {{ end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{ if .Values.environment }} -{{ toYaml .Values.environment | indent 8 }} -{{ end }} - resources: -{{ toYaml .Values.resources | indent 10 }} - # For slow environments like Minikube you need to give OpenAM time to come up. - readinessProbe: - httpGet: - path: /am/isAlive.jsp - port: 8080 - initialDelaySeconds: 30 - timeoutSeconds: 5 - periodSeconds: 20 - livenessProbe: - httpGet: - path: /am/isAlive.jsp - port: 8080 - initialDelaySeconds: 30 - timeoutSeconds: {{ .Values.livenessTimeout }} - periodSeconds: {{ .Values.livenessPeriod }} -{{- with .Values.extraContainers }} -{{ tpl . $ | trim | indent 6 }} -{{- end }} - volumes: - {{ if .Values.useConfigMapWebxml }} - - configMap: - defaultMode: 420 - name: webxml - name: webxml - {{ end }} - {{ if not .Values.fbcEnabled }} - # /home/forgerock/openam/security directory accessible by all containers within pod - # this shared directory exists so that the bootstrap init container can copy files provided - # as Kubernetes secrets to the location where the openam container will look for them - - name: openam-security - emptyDir: {} - # /home/forgerock/openam/config directory accessible by all containers within pod - # this shared directory exists so that the bootstrap init container can copy the boot.json file - # from the boot-json Kubernetes ConfigMap to the location where the openam container will look for it - - name: openam-config - emptyDir: {} - {{ end }} - - name: openam-keys - secret: - secretName: {{ default "openam-keys" .Values.existingSecrets.openamKeys }} - - name: openam-keystore-passwords - secret: - secretName: {{ default "openam-keystore-passwords" .Values.existingSecrets.openamKeystorePasswords }} - - name: openam-boot - configMap: - name: {{ default "boot-json" .Values.existingConfigMaps.bootJson }} - - name: configstore-secret - secret: - secretName: {{ default "configstore" .Values.configSecretName }} - #defaultMode: 256 - {{ if eq .Values.config.strategy "git" }} - - name: git - emptyDir: {} - - name: git-secret - secret: - secretName: {{ default "frconfig" .Values.config.name }} - {{ end }} diff --git a/helm/openam/templates/secrets.yaml b/helm/openam/templates/secrets.yaml deleted file mode 100644 index afdaf1744c..0000000000 --- a/helm/openam/templates/secrets.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. -# Secrets for AM stack deployment. This is mounted on all containers so they can get their -# passwords, etc. -# Note that secret values are base64-encoded. -# The base64-encoded value of 'password' is 'cGFzc3dvcmQ=' -# Watch for trailing \n when you encode! -{{- if (not .Values.existingSecrets.openamKeys) }} -apiVersion: v1 -kind: Secret -metadata: - name: "openam-keys" -type: Opaque -data: -{{ (.Files.Glob "secrets/*").AsSecrets| indent 2 }} ---- -{{- end }} -{{- if (not .Values.existingSecrets.openamKeystorePasswords) }} -apiVersion: v1 -kind: Secret -metadata: - name: "openam-keystore-passwords" -type: Opaque -data: -{{ (.Files.Glob "secrets/*pass").AsSecrets| indent 2 }} -{{- end }} diff --git a/helm/openam/templates/service.yaml b/helm/openam/templates/service.yaml deleted file mode 100644 index faf0d45364..0000000000 --- a/helm/openam/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - component: {{ .Values.component }} - vendor: forgerock -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ template "openam.name" . }} - release: {{ .Release.Name }} diff --git a/helm/openam/values.yaml b/helm/openam/values.yaml deleted file mode 100644 index 05f776c30c..0000000000 --- a/helm/openam/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Default values for openam runtime chart -# This is a YAML-formatted file. -# Declare name/value pairs to be passed into the templates. - -component: openam - -image: - repository: gcr.io/forgerock-io/am/pit1 - tag: 7.0.0-09d8c60c905dfc6b3fa46acef2785ccf91311865 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -gitImage: - repository: gcr.io/forgerock-io/git - tag: 6.5.1 - pullPolicy: Always - -utilImage: - repository: gcr.io/forgerock-io/util - tag: 7.0.0-5135331287b8056 - pullPolicy: Always - -domain: example.com -subdomain: iam - -config: - name: frconfig - strategy: git - -openamReplicaCount: 1 - -configLdapPort: 1389 -configLdapHost: configstore-0.configstore - - -# This option: -# -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true \ -# is disabled to avoid http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 -# This may impact amster imports for some configurations (SAML entities) -# If you need to renable this for amster, it should be disabled after the import is complete - -catalinaOpts: > - -server - -Dcom.sun.identity.configuration.directory=/home/forgerock/openam - -Dcom.iplanet.services.stats.state=off - -# For visualVM debug, you can add this to the above: -#-Dcom.sun.management.jmxremote.port= -#-Dcom.sun.management.jmxremote.authenticate=false -#-Dcom.sun.management.jmxremote.ssl=false -#-Dcom.sun.management.jmxremote.rmi.port= -#-Djava.rmi.server.hostname=$HOST_HOSTNAME - - -# To use a tomcat web.xml from a k8s config map instead of the one built into the container, set the following to true. -useConfigMapWebxml: false - -# Suffix for DS config store. -rootSuffix: "ou=am-config" - -am: - home: /home/forgerock/openam - context: am - secretsDir: /home/forgerock/openam/security/secrets/default - keystoresDir: /home/forgerock/openam/security/keystores - instance: http://openam:80/am - -# Controls the config type and method for installation and configuring the AM image. -# Once completion of the move to use FBC these values can be removed. -fbcEnabled: false -configMode: UNCONFIGURED - - -# Valid logger types: fluent-bit, none -# For audit logs it is suggested you configure AM to send directly to ElasticSearch. -logDriver: none - -# The defaults below are small and OK for testing. -# For production you wil want to set CPU limits to help Kube Schedule the pods. -resources: - limits: - memory: 1300Mi - requests: - memory: 1200Mi - -# Set to true to create a boot.json file to bootstrap AM. If set to false, AM will come up to the configurator page. -createBootstrap: true - -# This is an optional path to a script to execute before AM starts up. It can copy in images, update the web.xml, etc. -# If you change set it to the full path to your cloned configuration. Example: /git/config/default/6.5/my-openam/custom.sh -amCustomizationScriptPath: "customize-am.sh" - -# Liveness probe tuning - time in seconds -livenessPeriod: 60 -livenessTimeout: 15 - -# Set the names below to provide custom secrets mounted in the AM pods (keystore, etc.). You must provide all secrets. -# See templates/secrets.yaml and secrets/... for details -existingSecrets: {} -# existingSecrets: -# openamKeys: openam-keys -# openamKeystorePasswords: openam-keystore-passwords - -# Set the names below to provide custom config maps. You must provide all config maps. -# See templates/config-map.yaml for details -existingConfigMaps: {} -#existingConfigMaps: -# bootJson: boot-json -# amConfigMap: am-configmap - -service: - name: openam - #type: NodePort - type: ClusterIP - externalPort: 80 - internalPort: 8080 - -ingress: - class: nginx - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - # nginx.ingress.kubernetes.io/enable-cors: "true" - # nginx.ingress.kubernetes.io/cors-allow-methods: "PUT,GET,POST,HEAD,PATCH,DELETE" - # nginx.ingress.kubernetes.io/cors-allow-headers: "authorization,x-requested-with" - # nginx.ingress.kubernetes.io/cors-allow-credentials: "false" - -istio: - enabled: false - -# Pod Anti Affinity switch. For production this should be set to "hard", otherwise use "soft" or leave empty. -# The hard setting will force openam pods to be spread out over multiple hosts/zones. soft is best effort -# but pods will still be scheduled together if sufficient resources are not available. Setting "none" or any other -# value will result in no affinity settings. -podAntiAffinity: "none" - -# This is the exact value for TopologyKey. The other possible value is "failure-domain.beta.kubernetes.io/zone" -# which will ensure that pod is scheduled on nodes in different zones thus allowing for HA across zones. -# Note you want to leave this value as is if you are deploying a single zone cluster and change the values only -# if you have a multi-zone cluster. -topologyKey: "kubernetes.io/hostname" - -# Add extra environment variables to the AM container. -environment: {} diff --git a/helm/openidm/.helmignore b/helm/openidm/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/openidm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/openidm/Chart.yaml b/helm/openidm/Chart.yaml deleted file mode 100644 index 45f5f49b80..0000000000 --- a/helm/openidm/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes -name: openidm -version: 7.0.0 diff --git a/helm/openidm/README.md b/helm/openidm/README.md deleted file mode 100644 index 06c541972a..0000000000 --- a/helm/openidm/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# Sample Helm chart to deploy OpenIDM - -This chart depends on the postgresql chart for the OpenIDM repository database. The -postgresql chart has been kept separate so that OpenIDM can be started / stopped -independent of the database. - -## Design - -The chart assumes that the OpenIDM configuration files (/conf/*.json, scripts/* , etc.) are -mounted on the OpenIDM container as a volume at runtime. - - -## Configuration settings - -See [frconfig] (../frconfig/README.md) for instructions on how to install a configuration repository. - -The IDM configuration is cloned from git and made available to IDM at startup. - -The `config.path` variable in values.yaml -should point to the absolute path of the idm project. The git repo is checked out under a top level path -of /git/config. So if for example, your git repository contains an idm project at `test/my-great-project` you will -set `config.path: /git/config/test/my-great-project`. - -Please see [values.yaml](values.yaml) for additional settings. - -## Development Example - -Create a custom.yaml file that overrides any required values found in the chart openidm/values.yaml. Please -see the comments in values.yaml to understand what you can override. - -Deploy PostgreSQL and OpenIDM to Minikube: - -```shell -helm install --name postgresql postgresql -sleep 30 -helm install --name openidm -f custom-openidm.yaml openidm - -``` - -You can access OpenIDM at the ingress defined path: https://openidm.default.example.com diff --git a/helm/openidm/secrets/keystore.jceks b/helm/openidm/secrets/keystore.jceks deleted file mode 100644 index f221c5819a214c59ea1274e30e5c824aec842a3a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8109 zcmd_uXHZjJ+bH0KUIpnLrArM+6{PpxdkYXClq3+U^xlywRRrl(0WneqqzOpxMXJ)J zh;;Fw@AG`)^Pc0pGw1yH&dm2?XXegYJ8R9lv+sSaH8eCd1ONcgZZ52w3mrfTM?hdu zJ69g0uPcuo#2)PF;sF2vt#wsQ4XXA4m`HcPeOtIIFVYjnYwPZd@PP9o+~HnOJBT~4 z9t7+HvD30~g4lW}!rj#%zS{0^kDCDQ{=ul;?Au`~Kf=lN5ef z@(!hsKm%Zy0SF;5Teuy>P8;kFc13ys(9C4b0K_+6{u~!#CkKalKwutjfItA6Isg~( ztCx(6g9m^_{pSFDE?}4gpPq+16y_kV4!}mdpcd4`3fzx;Dv zh?@l<0uf^1sHLTjSa=PSpaID|fA+?_X-KNd5aG&N#jWb8r+Q5Clz$`lzP7u-$P)(4 z(K>+eU`c0ruoNLlW}k3wRxkh9bCuxO^FHy?mmcFuv3KaNHe7R4*Xp7+UvEt9wYpTe zeC7ZX$R!Y37GUP;28V4Gk}c27B;iw@mBm=Y4cZVWeAo2=&e{A@bUz)%3>*Vc$ zgdmYnILy%%Y|G;e@%<~!?*CKL49_avq~kG^z-JNM&!;Up*7t@ zNo$9 z$8gqeRdltvDy}Y20%~-qh?K9$7mp3dCzU6uqJu=w^9I$*^*+m*u?Cz9{xQpcY`953 z5P*+_xY#2h?p{z^$iMP!aT@@@*ad}RY=UU8aJjI67(h-mQsB?$z}AJ+BZv$`q@|Ev*E{_!a9{yPirN~3TgY>ClsKeyx*bgSNb($9LfmlkVPgIMm` zJi7yj8T2W&ZbbOUGN*G;mxNt@h{{Q_Vo9(m2u_u{9eEdxYHbYOxp!3PSB5SX2imsX zDYdsvU^1;S(m)2f^~DtRs-7M_*Rl2pdWg~xjK;IL_6+P8FMWr;AogO)dg=9rx#luv zI!CJ7Zdze1E)&7<;?(;mNfI>787ePvzrd7Yo1^`;)sp1~#hVNg+3pfl_|!R8*T&Wt zesRceW*>k1=AIY*b-w@CTecYvmBpIxS6WtTUr$I)XOe};u_sC4a~Vf_cbB72g<@1# zSLLekIqOKecFmzHvQ?eMVJZS5BL}>NmAp(;B8AQf0yVXiRmvY5;7!(yB)+XKPr7I< zLz&I{pq80Ezh4cxN<6`-YIS||c-AdHA+mSg@3^%2P~muI=K}Y=!D@p>&ucb~fUTT6 zUc40z^z%%lL@7_cLtgM$`V(%u-RE#*&}};u6$z0W1lbgD))vKFGm0f}eF@x>iZ=UN z0jNzO9$^LdPevl64LR5hpWsbA8t&Qcp2I<(P?9H3YYhI{XUM>QAF0fLf%K+-tyy!h z3d>Xem>(Y*L;E9?B!jmaR>LUzl~C+E)hv8xHTY!mYWH}cP{g2}dqtyS%hwpN!*#4- zo5h+rtM}CRiGk<(_|=+wo;8Enh)>TTwLhW)O#iZPtFEhQ;rMta4VO#0N@{U%xKGE# zx%eyHR`|*+eDG7axXAtwg#?KYb3b11I!EwaUg)_E?s4Dh&2PBiwC=x@fV+G_PNK)X z_^7))?3)77BesYGc$SEPrGu52KXD)K9$|f8zkILmbTA(bl)g1^Xj+qDD|`uYkic`N zGm7!~l%yUZbnEj`hRKKi41zjpiVtmDI~unLs%;`%f-Q*O%U&dlVQt8Bm#gsXm_{y3 zn$Rrc27C9Oh3hVwYI~|8Ebkg@;h$)fP!Qa%SfQD3kdyLm6pp-qS`vDUS63K?J_oX$ z=8 z5YE&do>y^uv*|36b%~czTdzQ*3yEYN&*T6TxRx=dD#4mud?S^MY0$V}@2wayq=q}- zs^3gfWI)hp=jl3g(W_Zy1liwIqylit0fzlkK#s zvRdg`zLK00_iZQV`WYRmYK*5FUDJK&rN=ER>N)6=p&X-`$T!x?%}Fggyy9ELhun?e z?xj|GwPQ05r0`O@-LpE|W5teEXZRr$Z{qNC%x#{H%lR1@0YMLP)#1kVv+lRXCE4x% z`|Y{$ou1LCNTu4I!nm%q3p#KGVl8E<`8;_{CiAQa=^t&`8ex)ynIQgtT5|r9##x!J zRo4c*5Q|f$iqgmxhSB=Q1&23EEV;t{pu2?KPP(pQvx04Tp5t3z7yw$K8r_00fO6#4vTM7%Oo_@vQM*_*C9k?v|o3A!0AVW zuiD*XPh4goaQ2(1+nY%Ofb-`01;)HNTea%5?4hk=iTvlnRZeUPl~6ti;s+9Q>VR%+E5;LbW0`LLn@3lt3< z2)KEp{^KuovqC_CN`k*M*>hz+WV#{F|h|+2l8mI{r`b=u~yZ#Kzrn$KO4glmb^ABt|SU(!0;ornN1# zP_#r_nWvbpVaLuHob@(hxaNgSiX|r>jO?`LZ-|oypD1f&OTJgAl=APjNzuN#r;>=t zZlO`n+u9>8GwIuC<1!2soY8z{j~;ydQcr=>$=G>uAJ6^DdYlSBBM)lHp4%%f?odGV znPB`D(`VB9%eSSRG#)nlLK+O!_em5L$p6U8KQ{a-x3~Y!u?yT5?BWQ&+0FghRDzBE zs85aQ@7rT7<{5wK6G22gkS3Gsv0)^sdZ9%F;;<5QK*-uSL0t%STNBHPQnOCm^&&!b zyG6fu^YY-DX$-=8BIqe5TZ0Ugbh^{yH%4X0qvd0)QNd>j@fboBb}08pl4nxW55tS| zFjjn(v>xdZqe4JBO4emEcFd<%Jy0~>V153mC^ioOWl(2|vp(5%ou zAkJ(6oaHBSYA-~~B`FE4^rX*pe&Dwgkm3~mZf6WdDiy0UHHlKV=~534^gp$YbjO znv^2gI$S(G2eCQwxW2KE3L9HLTL(2Tylt%A&iA@cnPD-fE)cNXV32J4!t}d@5AyZ! zfeXt?v2y@o+RzA*f`3wpszXF;UB&Lit1;0ovg}HQo3Y(*-0eR4e5$$dMAIW>a|l&{ z-7PfvfOQcEjg+;O$aN(A6{LU4Pvd1-Iy zVmE?guf7HYsvoH`x2Sa4fiaKSie(Axy zmnp}|-Np+gFA~L+4J*=(!x^R10G51j~rIjW2StAsS11a!(WBzD0aV7MpU0_ z&{qTv80F#gkJE6jJ4Jho#3i&8+ep=#Jk%oVCAS}A!Mj{!JD>hOyC@xQt;ikogoFP<_NoT`n*zwK++g{oKHeqG zk7}H{sxUO%R+Ih<5s@X@7syKNiau!B(M);Bik=Ft!Pl<#C4lIT!LlPAU&;*C2*U^A z>2^l)Y3j6bEP!~q%po;~{M3G1R=<2K^Gujtk#}I|LRHt=%~vR#nV)MR{ery~eyDTE zuBn`>Va$onAk%f*6*IP^m9EMplwNXLq}u`Gs~6J!IZKu9%5;5i z9hmcNSxW*Ho_*YvJ?N$~YO5A~zh@cujbf`ov$(-*1cf~hUTawyZ3vjTGVImDbT7ES z{6cz?$X7mTs~P^#`3Y+jL%+(wRGd$ud}qnX7|(3;P&+QjyCywGvd7|Cc*#HY8GWPA z@Ed)){H9N^=D$$^6cYNkH~+8r$pK>f7e5()=O>RI)By&u`-eVhKve(I=l@=>|IMJH z|1_wm>Hi;-{7({1=DRz-DvYv0f6 z;o{Mhkgw*#G5D*lM>PGx9BH%{I*R7wDw2<5g(j*W1`}s=>{U(EuCFws7Gu^`k5>lc z=akK$A4Kd#qap^qg!-d$7+x}eVY1+QO_Id33JAktZhnSw-6p2`PFTA1HF&dnKP@5F zLt&M&N)X=>43wUKc^Gf`SnKQrZ5w-!l#X>8Q zVd=w!4LK8RHKMZ0iLnez#rBe04iF4S>U}riHd-|~r8YiHF7NeA(E>8h@0iT93if?Jkb9+YTcR(gDGnmA2v?DrjbVw;l+z}DU8263T^vF`#btuDA-gMjalQkrO{R1$((eUNG?TrLx{xT zvt*iipr+~cr~p>;8m%X)>d8F`-Vdac<*<6A4jFUFK?7^{c`2P=9)q|MW09HDsXAcP zR4eGj7UJ9)2i@qv zW4*7}6y0cw$YdHni7axNso@;5yDo*^UE9{Pj=WSdU)bR|%%MS%j-W{rJnO`O3uJ2> zm1Eu})BO@7;T~d;stU!46?~FEpxlFtP1j9b)ucm@hS;zT@nCy#%;kN60N4cYP`6qM z4_NymY(Kdw4jX`~iW_3OS485Gq$^S(H3$o1c-~0#N-#NSj*-Hh;jL4U6WKo5BkY=8 z&IFqcyGvY|zFLbUlN!oxjah$d$=ME&yHjwj3PL_Z%4%q}w_U|_M2G`AT{@a_Cpoob z2t*H?U+;@XPxuDqo3$fmcZx5jc2q^#sO8zwK49G%VDN7fmulT}tJBff_gyxkWcKZ<5I5 zxX`Rv_z_J6iGOZv;9`Yj8AcavN=&rsuG_JhtZDpa`TW8!LS#_ex+*2fq$OzVaG`v7 z5(U;5g4A=ek63M>D72*fU*`GCQ_Cv zk#V~R|NHu2um;uk-scdz+g~rP%cgKsCO_1B17Pmb+)(%@(fr#DFV)S&nM6F~I>f zC)k&b>uR=G?@a4t5j5B`YLeMu?$KyCz1}2uoq3%|RiV_>KlrKcTlGOG#4ESYr>vy7 z?3}!{cQ3`0aanE(>S9v1brx!QguCPhoYJ&&P2@sEW4h(DpVLHAgsS9B$i#jh?Wh6% z&<=u+Pit2xh}8#aoI+q6u{(3LLbt!QYZoE=jJBbtaL)CDEIeu!D28c+KsyqHDR6(N zFO#w@>0-5Po+T#G_MJ&I{t@0VS%Wmw!bcOS*M4r}nYxG!fk9&2C>w)WPQoF{m|lAF z2FV2q9$q^1smX$Q%!mlt63wz#q|j3bo@TOjon>s9~>(-Yhxa4PW_ zt9(J~3*`_#^#w+P9~>`cPl=UtJis71`@3${N8K zeex}<$>`aR+DH9DQ^$LJ!iiD*3IunHOE-i>@S<@-HRgC~U^TPjk6Oa-ForKaSI53| zoSbT`94m%m5-j#x5xpM%h~n$Q4PpBN;COhRvpg&jI=}@PMc50fnvbpz;`v)dTeTNs z7fjIbi$JX-spuC5DXCKe$NuS)o0Bngj~kzu|K<~mrGNK{-~SU&*g>rS;t9h~p2(~I zIvo2y>E!pbvHz;m|IsD?t&{st9@!%I$ise5{9-eKgMAa&h6`+{WkG>9|cuEN5qE-^i8%_xr7~1U@u+C z$&$mMUF}C(k?mkU`-3#j%t^z(Ar*xQ@)Q26RHB3aKHKtX6+w>A!=JKx{OjuH_upyo zBCNIm)yq<0v&Qw~dNO`2`x_OfI}Tg{lIf+a&aV<(9L_6<;`8{JSMXMtOJw<>!oJSA zwrSDnpK^C5l94kRxKsuzGLVlEPz@MnU~mr>hNfme}1wajby#x85YrrqG7bAbvHJ)&)Uv z#^f+f*Uo#JsphWZB=g%#wMdc2%*kzsff?*;-q_o1-b5{dWhoxFD34a2G@L6Xex5dm z8I4KuOZ#AyWxa3JI|!TMoyc5Ql(~>~y(T?NTFMxUm;>*RX<=X!RHH5HK diff --git a/helm/openidm/secrets/realm.properties b/helm/openidm/secrets/realm.properties deleted file mode 100644 index be0a8db49e..0000000000 --- a/helm/openidm/secrets/realm.properties +++ /dev/null @@ -1,2 +0,0 @@ -#username: password[,rolename ...] -admin: admin,internal/role/openidm-authorized,user,manager-gui,manager-script,manager-jmx,manager-status diff --git a/helm/openidm/templates/NOTES.txt b/helm/openidm/templates/NOTES.txt deleted file mode 100644 index 948d876d56..0000000000 --- a/helm/openidm/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -OpenIDM should be available soon at the ingress address of https://{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}/admin - - -It can take a few minutes for the ingress to become ready. diff --git a/helm/openidm/templates/_helpers.tpl b/helm/openidm/templates/_helpers.tpl deleted file mode 100644 index 047319dcfc..0000000000 --- a/helm/openidm/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* expands to the fqdn using the component name. Note domain has a leading . */}} -{{- define "idmFQDN" -}} -{{- if .Values.ingress.hostname }}{{- printf "%s" .Values.ingress.hostname -}} -{{- else -}} -{{- printf "%s.%s%s" .Values.component .Release.Namespace .Values.domain -}} -{{- end -}} -{{- end -}} - - -{{/* Inject the TLS spec into the ingress if tls is globally enabled */}} -{{- define "tls-spec" -}} -{{ if or (eq .Values.tlsStrategy "https") (eq .Values.tlsStrategy "https-cert-manager") -}} -tls: -- hosts: - - {{ template "externalFQDN" . }} - secretName: {{ printf "wildcard.%s%s" .Release.Namespace .Values.domain }} -{{- end -}} -{{- end -}} - -{{- define "git-init" -}} -{{ if eq .Values.config.strategy "git" }} -- name: git-init - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - args: ["init"] - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} -{{- else -}} - {} -{{ end }} -{{- end -}} - - -{{- define "git-sync" -}} -{{ if eq .Values.config.strategy "git" }} -- name: git - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{ end }} -{{- end -}} \ No newline at end of file diff --git a/helm/openidm/templates/configmap.yaml b/helm/openidm/templates/configmap.yaml deleted file mode 100644 index 4a2650047d..0000000000 --- a/helm/openidm/templates/configmap.yaml +++ /dev/null @@ -1,261 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. All rights reserved. -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "fullname" . }} -data: - PROJECT_HOME: "{{ .Values.config.path }}" - LOGGING_PROPERTIES: "/var/run/openidm/logging/logging.properties" - IDM_ENVCONFIG_DIRS: "/var/run/openidm/commons" - JAVA_OPTS: {{ default "-Xmx1024m -server -XX:+UseG1GC" .Values.javaOpts }} - OPENIDM_CLUSTER_REMOVE_OFFLINE_NODE_STATE: "true" - OPENIDM_CONFIG_REPO_ENABLED: "false" - OPENIDM_ANONYMOUS_PASSWORD: "anonymous" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: idm-boot-properties -data: - # todo: These need to be reviewed for 6.0.0 - boot.properties: | - openidm.repo.host={{.Values.openidm.repo.host}} - openidm.repo.port={{.Values.openidm.repo.port}} - openidm.repo.user={{.Values.openidm.repo.user}} - openidm.repo.password={{.Values.openidm.repo.password}} - openidm.repo.databaseName={{.Values.openidm.repo.databaseName}} - openidm.repo.schema={{.Values.openidm.repo.schema}} - - # This is here to suppress IDM crypting the password and writing out authentication.json - openidm.anonymous.password=anonymous - - # Client password for IDM/AM integration - openidm.idpconfig.clientsecret={{ .Values.openidm.idpconfig.clientsecret }} - - # These are for the (ldap) provisioner i.e. used for synchronization - userstore.host={{.Values.userstore.host}} - userstore.password={{.Values.userstore.password}} - userstore.port={{default "1389" .Values.userstore.port}} - userstore.basecontext={{default "ou=identities" .Values.userstore.basecontext}} - - # Ports openidm should listen on locally - openidm.port.http=8080 - openidm.port.https=8443 - openidm.port.mutualauth=8444 - openidm.host={{ printf "%s.%s.%s" .Release.Namespace .Values.subdomain .Values.domain }} - - # Define external load balancer ports. - openidm.lb.port.http=80 - openidm.ln.port.https=443 - openidm.auth.clientauthonlyports=8444 - - openidm.https.keystore.cert.alias=openidm-localhost - - openidm.keystore.type=JCEKS - openidm.truststore.type=JKS - openidm.keystore.provider=SunJCE - openidm.truststore.provider=SUN - openidm.keystore.location=security/keystore.jceks - openidm.truststore.location=security/truststore - - # Keystore password, adjust to match your keystore and protect this file - openidm.keystore.password=changeit - openidm.truststore.password=changeit - - {{ if .Values.openidm.staticUser }} - # Optional static credentials for custom authentication.json use cases - openidm.staticUser.username={{ .Values.openidm.staticUser.username }} - openidm.staticUser.password={{ .Values.openidm.staticUser.password }} - {{ end }} - - # Prometheus endpoint authentication - openidm.prometheus.username={{ .Values.openidm.prometheus.username }} - openidm.prometheus.password={{ .Values.openidm.prometheus.password }} - openidm.prometheus.role=openidm-prometheus - - # Optionally use the crypto bundle to obfuscate the password and set one of these: - #openidm.keystore.password=OBF: - #openidm.keystore.password=CRYPT: - - # PKCS#11 configuration file - #openidm.security.pkcs11.config= - - openidm.servlet.alias=/openidm - openidm.servlet.upload.alias=/upload - openidm.servlet.export.alias=/export - - # key in keystore to handle config encryption - openidm.config.crypto.alias=openidm-sym-default - openidm.script.javascript.debug=transport=socket,suspend=y,address=9888,trace=true - #openidm.script.javascript.sources=/Eclipse/workspace/External JavaScript Source/ - - # key in keystore to handle selfservice sharedkey - openidm.config.crypto.selfservice.sharedkey.alias=openidm-selfservice-key - - # key in keystore to handle jwtsession hmac signing key - openidm.config.crypto.jwtsession.hmackey.alias=openidm-jwtsessionhmac-key - - # key/cert in keystore/truststore to handle embedded opendj ssl - openidm.config.crypto.opendj.localhost.cert=server-cert - - # optionally map a hostname to a specific client key alias - openidm.ssl.host.aliases=localhost= - - # policy enforcement enable/disable - openidm.policy.enforcement.enabled=true - - # node id if clustered; each node in a cluster must have a unique node id - #openidm.node.id=node1 - - # enables the execution of persistent schedulers - openidm.scheduler.execute.persistent.schedules=true - - # enables the statistics MBean for BoneCP. Enabling this will have a performance impact on BoneCP. - openidm.bonecp.statistics.enabled=false - - # determines whether javascript exceptions will include debug information - e.g. file name, line number - javascript.exception.debug.info=false - - # determines the TLS version used by the http client in the external rest service to connect to TLS-protected resources - # valid values: SSLv3, TLSv1, TLSv1.1, TLSv1.2 - # defaults to TLSv1.2 if not specified - #openidm.external.rest.tls.version=TLSv1.1 - - # set external REST service's HTTP client hostname verification policy for HTTPS endpoints - # valid values: ALLOW_ALL, STRICT - # defaults to STRICT if not specified - openidm.external.rest.hostnameVerifier=ALLOW_ALL - - # Indicates whether the IDM deployment is automated by a cluster management tool such as Kubernetes, which - # deploys containers in Pods whose identities are transient. Pod shutdown will mean that the corresponding cluster - # node identity will never re-appear in the cluster, and thus IDM's record of this cluster node should be deleted - # upon cluster node shutdown or failure. Defaults to false if not specified. - openidm.cluster.remove.offline.node.state=true - - # enables API Descriptor generation, which if set to 'false', renders the API Explorer non-functional - openidm.apidescriptor.enabled=false - - # enables workflow - openidm.workflow.enabled=true - - # To disable the persisted configuration store set this property to false. - # This will store the configurations only in memory. - # See https://ea.forgerock.com/docs/idm/integrators-guide/index.html#chap-configuration - openidm.config.repo.enabled={{ not .Values.config.immutable }} - - # To stop writes to configuration files, set this property to false; suitable for read-only installations. - felix.fileinstall.enableConfigSave={{ not .Values.config.immutable }} - - # This needs to be true to boot from json files. - openidm.fileinstall.enabled=true - - # Filtered headers in audit.json that may be customized - com.iplanet.am.cookie.name=iPlanetDirectoryPro - com.sun.identity.auth.cookieName=AMAuthCookie ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: idm-logging-properties -data: - logging.properties: | - # Properties file that configures the operation of the JDK - # logging facility. - # The system will look for this configuration file, first using - # a System property specified at startup: - # - # >java -Djava.util.logging.config.file=myLoggingConfigFilePath - # - # If this property is not specified, then the configuration file is - # retrieved from its default location at: - # - # JDK_HOME/jre/lib/logging.properties - ############################################################ - # Global properties - ############################################################ - # ------------------------------------------ - # The set of handlers to be loaded upon startup. - # Comma-separated list of class names. - # (? LogManager docs say no comma here, but JDK example has comma.) - # StreamHandler: A simple handler for writing formatted records to an OutputStream. - # ConsoleHandler: A simple handler for writing formatted records to System.err - # FileHandler: A handler that writes formatted log records either to a single file, or to a set of rotating log files. - # SocketHandler: A handler that writes formatted log records to remote TCP ports. - # MemoryHandler: A handler that buffers log records in memory. - # handlers=java.util.logging.ConsoleHandler - # handlers=java.util.logging.FileHandler, java.util.logging.ConsoleHandler - # For Docker, write everything to the console - handlers=java.util.logging.ConsoleHandler - # Default global logging level. - # This specifies which kinds of events are logged across - # all loggers. For any given facility this global level - # can be overriden by a facility specific level - # Note that the ConsoleHandler also has a separate level - # setting to limit messages printed to the console. - # Loggers and Handlers may override this level - .level={{ default "INFO" .Values.logLevel }} - # Loggers - # ------------------------------------------ - # Loggers are usually attached to packages. - # Here, the level for each package is specified. - # The global level is used by default, so levels - # specified here simply act as an override. - # The levels in descending order are: - # SEVERE (highest value) - # WARNING - # INFO - # CONFIG - # FINE - # FINER - # FINEST (lowest value) - ############################################################ - # Facility specific properties. - # Provides extra control for each logger. - ############################################################ - #org.forgerock.openidm.provisioner.level = FINER - #org.forgerock.openidm.repo.level = FINER - #org.forgerock.openidm.recon.level = FINER - # OpenICF is noisy at INFO level - org.forgerock.openicf.level=WARNING - # Logs the output from OSGi logging - org.forgerock.openidm.Framework.level=WARNING - # On restart the BarURLHandler can create warning noise - org.activiti.osgi.BarURLHandler.level=SEVERE - # Suppress warnings of failed connector loading - org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.level=SEVERE - ############################################################ - # Handler specific properties. - # Describes specific configuration info for Handlers. - ############################################################ - # --- ConsoleHandler --- - # Default: java.util.logging.ConsoleHandler.level = INFO - # Override of global logging level - #java.util.logging.ConsoleHandler.level = WARNING - # For Docker - java.util.logging.ConsoleHandler.level = {{ .Values.logLevel }} - java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter - # specifies the name of the filter class to be associated with this handler, - # defaults to {@code null} if this property is not found or has an invalid value. - java.util.logging.ConsoleHandler.filter=org.forgerock.openidm.logging.util.LogFilter - # --- FileHandler --- - # Override of global logging level - java.util.logging.FileHandler.level = ALL - # Naming style for the output file: - # (The output file is placed in the directory - # defined by the "user.home" System property.) - # java.util.logging.FileHandler.pattern = %h/java%u.log - java.util.logging.FileHandler.pattern = logs/openidm%u.log - # Limiting size of output file in bytes: - java.util.logging.FileHandler.limit = 5242880 - # Number of output files to cycle through, by appending an - # integer to the base file name: - java.util.logging.FileHandler.count = 5 - # Style of output (Simple or XML): - # Writes brief "human-readable" summaries of log records. - java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter - # Writes detailed XML-structured information. - # java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter - # specifies the character set encoding name. - # defaults to the default platform encoding - java.util.logging.FileHandler.encoding = UTF-8 diff --git a/helm/openidm/templates/idm.yaml b/helm/openidm/templates/idm.yaml deleted file mode 100644 index 1ab85c6b27..0000000000 --- a/helm/openidm/templates/idm.yaml +++ /dev/null @@ -1,173 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. All rights reserved. -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - component: {{ .Values.component }} - vendor: forgerock - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - updateStrategy: - type: RollingUpdate - serviceName: idm - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - component: {{ .Values.component }} - vendor: forgerock - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8080" - sidecar.istio.io/inject: "{{ .Values.istio.enabled }}" -{{- with .Values.extraAnnotations }} -{{ toYaml . | trim | indent 8 }} -{{- end }} - spec: - {{- with .Values.serviceAccountName }} - serviceAccountName: {{ . }} - {{- end }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ template "name" . }} - topologyKey: {{ .Values.topologyKey }} - {{- with .Values.securityContext }} - securityContext: -{{ toYaml . | trim | indent 8 }} - {{- end }} - {{ if eq .Values.config.strategy "git" }} - initContainers: - - name: git-init - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - args: ["init"] - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - {{ if .Values.sedFilter }} - env: - - name: SED_FILTER - value: {{ .Values.sedFilter }} - {{ end }} - {{ end }} - containers: - - name: openidm - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ template "fullname" . }} - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - - secretRef: - name: {{ default "frconfig" .Values.config.name }}-platform - - secretRef: - name: {{ default "openidm-secrets-env" .Values.secret.name }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /openidm/info/ping - port: 8080 - httpHeaders: - - name: X-OpenIDM-Username - value: anonymous - - name: X-OpenIDM-Password - value: anonymous - - name: X-OpenIDM-NoSession - value: "true" - initialDelaySeconds: 120 - timeoutSeconds: 5 - periodSeconds: 30 - resources: -{{ toYaml .Values.resources | indent 12 }} - volumeMounts: - - name: openidm-secrets - mountPath: /opt/openidm/secrets - - name: logs - mountPath: /opt/openidm/logs - - name: audit-logs - mountPath: /opt/openidm/audit - {{ if eq .Values.config.strategy "git" }} - - name: git - mountPath: /git - {{ end }} - - name: boot-properties - mountPath: /var/run/openidm/commons - - name: logging-properties - mountPath: /var/run/openidm/logging - {{ if eq .Values.config.strategy "git" }} - - name: git - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: [ "pause"] - {{ end }} - {{- range .Values.auditLogs }} - # audit logging containers - - name: {{ .name }} - image: busybox - env: - - name: LOGFILE - value: {{ .path }} - args: [bin/sh, -c, 'while true; do if [ -e $LOGFILE ]; then tail -n+1 -f $LOGFILE; fi; sleep 5; done' ] - volumeMounts: - - name: audit-logs - mountPath: /opt/openidm/audit - {{- end }} -{{- with .Values.extraContainers }} -{{ tpl . $ | trim | indent 6 }} -{{- end }} - volumes: - - name: openidm-secrets - secret: - secretName: openidm-secrets - - name: logs - emptyDir: {} - - name: audit-logs - emptyDir: {} - - name: boot-properties - configMap: - name: idm-boot-properties - - name: logging-properties - configMap: - name: idm-logging-properties - {{- if eq .Values.config.strategy "git" }} - - name: git - emptyDir: {} - - name: git-secret - secret: - secretName: {{ default "frconfig" .Values.config.name }} - {{ end }} diff --git a/helm/openidm/templates/ingress.yaml b/helm/openidm/templates/ingress.yaml deleted file mode 100644 index c8f6269402..0000000000 --- a/helm/openidm/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Ingress definition to configure external routes. -{{- if .Values.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ .Values.component }} - labels: - app: {{ template "fullname" . }} - vendor: forgerock - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - tls: - - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - secretName: '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - rules: - - host: "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - http: - paths: - - path: /idm - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} - - path: /api - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} - - path: /openidm - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} - - path: /upload - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} - - path: /export - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} - - path: /oauthReturn - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} - - path: /admin - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} -{{- end -}} diff --git a/helm/openidm/templates/openidm-secrets-env.yaml b/helm/openidm/templates/openidm-secrets-env.yaml deleted file mode 100644 index 2da61d91dc..0000000000 --- a/helm/openidm/templates/openidm-secrets-env.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Secrets for OpenIDM stack deployment. -# Note that secret values are base64-encoded. -apiVersion: v1 -kind: Secret -metadata: - name: "openidm-secrets-env" -type: Opaque -data: - OPENIDM_ADMIN_PASSWORD: {{ default "openidm-admin" .Values.secret.openidmAdminPassword | b64enc }} diff --git a/helm/openidm/templates/secrets.yaml b/helm/openidm/templates/secrets.yaml deleted file mode 100644 index e2ab2add51..0000000000 --- a/helm/openidm/templates/secrets.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Secrets for OpenIDM stack deployment. -# Note that secret values are base64-encoded. -apiVersion: v1 -kind: Secret -metadata: - name: "openidm-secrets" -type: Opaque -data: -{{ (.Files.Glob "secrets/*").AsSecrets| indent 2 }} diff --git a/helm/openidm/templates/service.yaml b/helm/openidm/templates/service.yaml deleted file mode 100644 index 616c00f518..0000000000 --- a/helm/openidm/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - component: {{ .Values.component }} - vendor: forgerock -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ template "name" . }} - release: {{ .Release.Name }} - diff --git a/helm/openidm/templates/virtual-service.yaml b/helm/openidm/templates/virtual-service.yaml deleted file mode 100644 index 0d99a42ccb..0000000000 --- a/helm/openidm/templates/virtual-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{ if .Values.istio.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: "{{ .Values.component }}" -spec: - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - gateways: [ "iam-gateway" ] - http: [{ - match: [ - { uri: { prefix: "/idm" }}, - { uri: { prefix: "/api" }}, - { uri: { prefix: "/openidm" }}, - { uri: { prefix: "/upload" }}, - { uri: { prefix: "/export" }}, - { uri: { prefix: "/oauthReturn" }}, - { uri: { prefix: "/admin" }} - ], - route: [{ - destination: { - host: "{{ .Values.service.name }}", - port: { number: {{ .Values.service.externalPort }} } - } - }] - }] ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: "{{ .Values.component }}" -spec: - host: "{{ .Values.service.name }}" - trafficPolicy: - loadBalancer: - consistentHash: - httpCookie: - name: istiolb - ttl: 0s - -{{ end }} \ No newline at end of file diff --git a/helm/openidm/values.yaml b/helm/openidm/values.yaml deleted file mode 100644 index 691ab77667..0000000000 --- a/helm/openidm/values.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# Default values for openidm. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -# Top level domain. Used to create the ingress -domain: example.com -subdomain: iam - -# Configuration parameters. Common to all charts that require configuration from a -# source. Currently the only source is a git repo. -config: - # Name of the configMap that holds the configuration repository URL and of - # the secret required to access it. - name: frconfig - # Path to our project - # path: /git/config/samples/idm/idm-am-ds-integration - path: /git/config/7.0/default/idm/sync-with-ldap-bidirectional - # - # strategy defines how products get their configuration . - # Using the git strategy, each helm chart pulls the configuration from git using an init container. - strategy: git - # If immutable is true, IDM will not persist any configuration changes made in the admin UI (or via admin REST calls) - # back out to the file system. If you are developing and want to IDM to write configuration changes back out - # so they can saved and committed to git, set this to false. - immutable: true - -secret: - name: openidm-secrets-env - -# Used to form the FQDN - see _helpers.tpl -component: openidm - -image: - repository: gcr.io/forgerock-io/idm/pit1 - tag: 7.0.0-25e070cabb7a5977076e316f8bae31387aeef8b9 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -gitImage: - repository: gcr.io/forgerock-io/git - tag: 6.5.1 - pullPolicy: Always - -# override Java JVM options. -# For JDK 11 add -XX:+IgnoreUnrecognizedVMOptions --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED -javaOpts: "-Xmx1024m -server -XX:+UseG1GC" - -# Specific values -openidm: - repo: - # DS external repo - # host: userstore-0.userstore - # port: 1389 - # user: "uid=admin" - # password: password - # postgres values - host: postgresql - port: 5432 - user: openidm - password: openidm - schema: openidm - databaseName: openidm - # Optional client secret for AM/IDM integration: - idpconfig: - clientsecret: password - prometheus: - username: prometheus - password: prometheus - -# Optional - if there is a DS userstore configured for synchornization or explict mapping when DS is used as repo -userstore: - host: userstore-0.userstore - password: password - port: 1389 - basecontext: "ou=identities" - -service: - name: openidm - # default to ClusterIP - #type: NodePort - externalPort: 80 - internalPort: 8080 - -resources: - limits: - cpu: 1000m - memory: 1200Mi - requests: - cpu: 300m - memory: 1024Mi - -# Default log level. See templates/configmap/logging.properties. For example, you can use FINE here to -# see fine grained logging output using kubectl logs. -logLevel: INFO - -ingress: - class: nginx - enabled: true - annotations: - # Nginx specific annotations - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/body-size: "64m" - nginx.ingress.kubernetes.io/send-timeout: "600" - nginx.ingress.kubernetes.io/proxy-body-size: "64m" - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - -istio: - enabled: false - -# This is the exact value for TopologyKey. The other possible value is "failure-domain.beta.kubernetes.io/zone" -# which will ensure that pod is scheduled on nodes in different zones thus allowing for HA across zones. -# Note you want to leave this value as is if you are deploying a single zone cluster and change the values only -# if you have a multi-zone cluster. -topologyKey: "kubernetes.io/hostname" - -# Audit log details for log streaming sidecar containers -# IDM can now stream logs to stdout. This setting will be deprecated in the future. -auditLogs: [] -# auditLogs: -# - name: access-logs -# path: "/opt/openidm/audit/access.audit.json" -# - name: activity-logs -# path: "/opt/openidm/audit/activity.audit.json" -# - name: authentication-logs -# path: "/opt/openidm/audit/authentication.audit.json" -# - name: config-logs -# path: "/opt/openidm/audit/config.audit.json" -# - name: recon-logs -# path: "/opt/openidm/audit/recon.audit.json" -# - name: sync-logs -# path: "/opt/openidm/audit/sync.audit.json" - -# Optional sed filter script that does search / replace after the configuration has been checked out -# This is a work around until OPENIDM-11529 is fixed -# example - search for qa and replace with prod: -# sedFilter: "s/login.qa.acme.com/login.prod.acme.com/g diff --git a/helm/openig/.helmignore b/helm/openig/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/openig/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/openig/Chart.yaml b/helm/openig/Chart.yaml deleted file mode 100755 index fc588d1307..0000000000 --- a/helm/openig/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: A Helm chart for ForgeRock Identity Gateway -name: openig -version: 7.0.0 diff --git a/helm/openig/templates/NOTES.txt b/helm/openig/templates/NOTES.txt deleted file mode 100644 index 584b492c6d..0000000000 --- a/helm/openig/templates/NOTES.txt +++ /dev/null @@ -1,19 +0,0 @@ -1. Get the application URL by running these commands: -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/login -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} - - -If you have an ingress controller, you can also access IG at -https://{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}/ig \ No newline at end of file diff --git a/helm/openig/templates/_helpers.tpl b/helm/openig/templates/_helpers.tpl deleted file mode 100644 index ca56438aa1..0000000000 --- a/helm/openig/templates/_helpers.tpl +++ /dev/null @@ -1,35 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* expands to the fqdn using the component name. Note domain has a leading . */}} -{{- define "igFQDN" -}} -{{- if .Values.ingress.hostname }}{{- printf "%s" .Values.ingress.hostname -}} -{{- else -}} -{{- printf "%s.%s%s" .Values.component .Release.Namespace .Values.domain -}} -{{- end -}} -{{- end -}} - -{{/* Inject the TLS spec into the ingress if tls is globally enabled */}} -{{- define "tls-spec" -}} -{{ if or (eq .Values.tlsStrategy "https") (eq .Values.tlsStrategy "https-cert-manager") -}} -tls: -- hosts: - - {{ template "externalFQDN" . }} - secretName: {{ printf "wildcard.%s%s" .Release.Namespace .Values.domain }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/helm/openig/templates/deployment.yaml b/helm/openig/templates/deployment.yaml deleted file mode 100644 index 91e83ac4da..0000000000 --- a/helm/openig/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -kind: Deployment -apiVersion: apps/v1beta1 -metadata: - # If you want to run more than one IG deployment in the same namespace, change the deployment name - # below to the {{ template "fullname" . }} to make the name unique. - name: {{ template "fullname" . }} - labels: - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - vendor: forgerock - component: {{ .Values.component }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - component: {{ .Values.component }} - vendor: forgerock - annotations: - sidecar.istio.io/inject: "{{ .Values.istio.enabled }}" - spec: - {{- with .Values.serviceAccountName }} - serviceAccountName: {{ . }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: -{{ toYaml . | trim | indent 8 }} - {{- end }} - {{ if eq .Values.config.strategy "git" }} - initContainers: - - name: git-init - image: {{ .Values.gitImage.repository }}:{{ .Values.gitImage.tag }} - imagePullPolicy: {{ .Values.gitImage.pullPolicy }} - volumeMounts: - - name: git - mountPath: /git - - name: git-secret - mountPath: /etc/git-secret - args: ["init"] - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - {{ end }} - containers: - - name: {{ .Chart.Name }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ default "frconfig" .Values.config.name }} - - secretRef: - name: {{ default "frconfig" .Values.config.name }}-platform - - secretRef: - name: {{ default "openig-secrets-env" .Values.secret.name }} - env: - - name: OPENIG_BASE - value: "{{ .Values.config.path }}" - - name: CATALINA_OPTS - value: "{{ .Values.catalinaOpts }}" - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - ports: - - containerPort: {{ .Values.service.internalPort }} - volumeMounts: - {{ if eq .Values.config.strategy "git" }} - - name: git - mountPath: /git - {{ end }} - livenessProbe: - httpGet: - path: {{ .Values.healthURI }} - port: {{ .Values.service.internalPort }} - timeoutSeconds: 10 - periodSeconds: 30 - readinessProbe: - httpGet: - path: {{ .Values.readinessURI }} - port: {{ .Values.service.internalPort }} - initialDelaySeconds: 5 - resources: -{{ toYaml .Values.resources | indent 12 }} - # audit logging containers - {{- range .Values.auditLogs }} - - name: {{ .name }} - image: busybox - env: - - name: LOGFILE - value: {{ .path }} - args: [bin/sh, -c, 'while true; do if [ -e $LOGFILE ]; then tail -n+1 -f $LOGFILE; fi; sleep 5; done' ] - volumeMounts: - - name: logs - mountPath: /tmp/logs - {{- end }} - volumes: - - name: logs - emptyDir: {} - {{ if eq .Values.config.strategy "git" }} - - name: git - emptyDir: {} - - name: git-secret - secret: - secretName: {{ default "frconfig" .Values.config.name }} - {{ end }} diff --git a/helm/openig/templates/ingress.yaml b/helm/openig/templates/ingress.yaml deleted file mode 100644 index 845c3bd583..0000000000 --- a/helm/openig/templates/ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# Ingress definition to configure external routes. -{{- if .Values.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ .Values.component }} - labels: - app: {{ template "fullname" . }} - vendor: forgerock - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - tls: - - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - secretName: '{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}' - rules: - - host: "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - http: - paths: - - path: /ig - backend: - serviceName: {{ .Values.service.name }} - servicePort: {{ .Values.service.externalPort }} -{{- end -}} diff --git a/helm/openig/templates/openig-secrets-env.yaml b/helm/openig/templates/openig-secrets-env.yaml deleted file mode 100644 index adacaab64b..0000000000 --- a/helm/openig/templates/openig-secrets-env.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file - -apiVersion: v1 -kind: Secret -metadata: - name: "openig-secrets-env" -type: Opaque -data: {} diff --git a/helm/openig/templates/service.yaml b/helm/openig/templates/service.yaml deleted file mode 100644 index 8c6bf6683a..0000000000 --- a/helm/openig/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - component: {{ .Values.component }} - vendor: forgerock -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - protocol: TCP - name: {{ .Values.service.name }} - selector: - app: {{ template "name" . }} - release: {{ .Release.Name }} diff --git a/helm/openig/templates/virtual-service.yaml b/helm/openig/templates/virtual-service.yaml deleted file mode 100644 index 30c0161aa6..0000000000 --- a/helm/openig/templates/virtual-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{ if .Values.istio.enabled }} -# Istio virtual service for ig. We route /ig/* to OpenIG -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ .Values.component }} -spec: - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - # The gateway referenced here is defined in the frconfig/ chart. - gateways: - - iam-gateway - http: - - match: - - uri: - prefix: /ig - route: - - destination: - host: {{ .Values.service.name }} - port: - number: {{ .Values.service.externalPort }} -{{ end }} \ No newline at end of file diff --git a/helm/openig/values.yaml b/helm/openig/values.yaml deleted file mode 100644 index a69c18f272..0000000000 --- a/helm/openig/values.yaml +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright (c) 2016-2018 ForgeRock AS. Use of this source code is subject to the -# Common Development and Distribution License (CDDL) that can be found in the LICENSE file -# -# Default values for OpenIG. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -replicaCount: 1 - -domain: example.com -subdomain: iam - -# Configuration parameters. Common to all charts that require configuration from a -# source. Currently the only source is a git repo. -config: - # Name of the configMap that holds the configuration repository URL and of - # the secret required to access it. - name: frconfig - # Path to our project - path: /git/config/6.5/default/ig/basic-sample - # strategy defines how products get their configuration . - # Using the git strategy, each helm chart pulls the configuration from git using an init container. - strategy: git - -secret: - name: openig-secrets-env - -# Tomcat JVM options. -catalinaOpts: "-Xmx512m" - -image: - repository: gcr.io/forgerock-io/ig/pit1 - tag: 7.0.0-67d6c890093bbc057fb1b3dd7f1b4a1110b6ee54 - # Switch to IfNotPresent once we have milestone builds - pullPolicy: Always - -gitImage: - repository: gcr.io/forgerock-io/git - tag: 6.5.1 - pullPolicy: Always - -resources: -# limits: -# cpu: 1000m -# memory: 1024Mi - requests: - cpu: 200m - memory: 512Mi - -# These are both used to form the FQDN for the load balancer. See _helpers.tpl -component: openig - -service: - name: openig - type: ClusterIP - externalPort: 80 - internalPort: 8080 - -ingress: - class: nginx - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/rewrite-target: "/" - -# Audit log details for log streaming sidecar containers - -auditLogs: [] -# auditLogs: -# - name: access-logs -# path: "/tmp/logs/access.audit.json" -# - name: debug-logs -# path: "/tmp/logs/route-system.log" - -istio: - enabled: false - -# healthURI: / -# readinessURI: / - -# These values are for the smoke test. TODO: Normalize all IG configs -healthURI: /kube/liveness -readinessURI: /kube/readiness diff --git a/helm/postgres-openidm/Chart.yaml b/helm/postgres-openidm/Chart.yaml deleted file mode 100644 index b711d91477..0000000000 --- a/helm/postgres-openidm/Chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -name: postgres-openidm -version: 7.0.0 -description: Chart for PostgreSQL for OpenIDM -keywords: -- postgresql -- postgres -- database -- sql -home: https://www.postgresql.org/ diff --git a/helm/postgres-openidm/README.md b/helm/postgres-openidm/README.md deleted file mode 100644 index 21ea2feea4..0000000000 --- a/helm/postgres-openidm/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# PostgreSQL for OpenIDM - -This chart creates a Postgresql instance for OpenIDM's repository. - - - - diff --git a/helm/postgres-openidm/sql/01_openidm.sql b/helm/postgres-openidm/sql/01_openidm.sql deleted file mode 100644 index 47939b5d67..0000000000 --- a/helm/postgres-openidm/sql/01_openidm.sql +++ /dev/null @@ -1,371 +0,0 @@ -DROP SCHEMA IF EXISTS openidm CASCADE; -CREATE SCHEMA openidm AUTHORIZATION openidm; - --- ----------------------------------------------------- --- Table openidm.objecttypes --- ----------------------------------------------------- - -CREATE TABLE openidm.objecttypes ( - id BIGSERIAL NOT NULL, - objecttype VARCHAR(255) NOT NULL, - PRIMARY KEY (id), - CONSTRAINT idx_objecttypes_objecttype UNIQUE (objecttype) -); - - - --- ----------------------------------------------------- --- Table openidm.genericobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.genericobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_genericobjects_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT idx_genericobjects_object UNIQUE (objecttypes_id, objectid) -); -CREATE INDEX idx_genericobjects_reconid on openidm.genericobjects (json_extract_path_text(fullobject, 'reconId'), objecttypes_id); - - --- ----------------------------------------------------- --- Table openidm.managedobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.managedobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_managedobjects_objectypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_managedobjects_object ON openidm.managedobjects (objecttypes_id,objectid); --- Note that the next two indices apply only to role objects, as only role objects have a condition or temporalConstraints -CREATE INDEX idx_json_managedobjects_roleCondition ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'condition') ); -CREATE INDEX idx_json_managedobjects_roleTemporalConstraints ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'temporalConstraints') ); - - --- ----------------------------------------------------- --- Table openidm.configobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.configobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_configobjects_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_configobjects_object ON openidm.configobjects (objecttypes_id,objectid); -CREATE INDEX fk_configobjects_objecttypes ON openidm.configobjects (objecttypes_id); - --- ----------------------------------------------------- --- Table openidm.notificationobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.notificationobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_notificationobjects_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_notificationobjects_object ON openidm.notificationobjects (objecttypes_id,objectid); -CREATE INDEX fk_notificationobjects_objecttypes ON openidm.notificationobjects (objecttypes_id); - - --- ----------------------------------------------------- --- Table openidm.relationships --- ----------------------------------------------------- - -CREATE TABLE openidm.relationships ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - firstresourcecollection VARCHAR(255), - firstresourceid VARCHAR(56), - firstpropertyname VARCHAR(100), - secondresourcecollection VARCHAR(255), - secondresourceid VARCHAR(56), - secondpropertyname VARCHAR(100), - properties JSON, - PRIMARY KEY (id), - CONSTRAINT fk_relationships_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT idx_relationships_object UNIQUE (objecttypes_id, objectid) -); -CREATE INDEX idx_relationships_first_object ON openidm.relationships ( firstresourcecollection, firstresourceid, firstpropertyname ); -CREATE INDEX idx_relationships_second_object ON openidm.relationships ( secondresourcecollection, secondresourceid, secondpropertyname ); -CREATE INDEX idx_relationships_originfirst ON openidm.relationships (firstresourceid , firstresourcecollection , firstpropertyname , secondresourceid , secondresourcecollection ); -CREATE INDEX idx_relationships_originsecond ON openidm.relationships (secondresourceid , secondresourcecollection , secondpropertyname , firstresourceid , firstresourcecollection ); - --- ----------------------------------------------------- --- Table openidm.links --- ----------------------------------------------------- - -CREATE TABLE openidm.links ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - linktype VARCHAR(50) NOT NULL, - linkqualifier VARCHAR(50) NOT NULL, - firstid VARCHAR(255) NOT NULL, - secondid VARCHAR(255) NOT NULL, - PRIMARY KEY (objectid) -); - -CREATE UNIQUE INDEX idx_links_first ON openidm.links (linktype, linkqualifier, firstid); -CREATE UNIQUE INDEX idx_links_second ON openidm.links (linktype, linkqualifier, secondid); - - --- ----------------------------------------------------- --- Table openidm.internaluser --- ----------------------------------------------------- - -CREATE TABLE openidm.internaluser ( - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - pwd VARCHAR(510) DEFAULT NULL, - PRIMARY KEY (objectid) -); - - --- ----------------------------------------------------- --- Table openidm.internalrole --- ----------------------------------------------------- - -CREATE TABLE openidm.internalrole ( - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - name VARCHAR(64) DEFAULT NULL, - description VARCHAR(510) DEFAULT NULL, - temporalConstraints VARCHAR(1024) DEFAULT NULL, - condition VARCHAR(1024) DEFAULT NULL, - PRIMARY KEY (objectid) -); - - --- ----------------------------------------------------- --- Table openidm.internalprivilege --- ----------------------------------------------------- - -CREATE TABLE openidm.internalprivilege ( - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - name VARCHAR(64) DEFAULT NULL, - description VARCHAR(510) DEFAULT NULL, - path VARCHAR(1024) NOT NULL, - permissions VARCHAR(1024) NOT NULL, - actions VARCHAR(1024) DEFAULT NULL, - filter VARCHAR(1024) DEFAULT NULL, - accessflags TEXT DEFAULT NULL, - PRIMARY KEY (objectid) -); - - --- ----------------------------------------------------- --- Table openidm.schedulerobjects --- ----------------------------------------------------- -CREATE TABLE openidm.schedulerobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_schedulerobjects_objectypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_schedulerobjects_object ON openidm.schedulerobjects (objecttypes_id,objectid); -CREATE INDEX fk_schedulerobjects_objectypes ON openidm.schedulerobjects (objecttypes_id); - - --- ----------------------------------------------------- --- Table openidm.uinotification --- ----------------------------------------------------- -CREATE TABLE openidm.uinotification ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - notificationType VARCHAR(255) NOT NULL, - createDate VARCHAR(38) NOT NULL, - message TEXT NOT NULL, - requester VARCHAR(255) NULL, - receiverId VARCHAR(255) NOT NULL, - requesterId VARCHAR(255) NULL, - notificationSubtype VARCHAR(255) NULL, - PRIMARY KEY (objectid) -); -CREATE INDEX idx_uinotification_receiverId ON openidm.uinotification (receiverId); - - --- ----------------------------------------------------- --- Table openidm.clusterobjects --- ----------------------------------------------------- -CREATE TABLE openidm.clusterobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_clusterobjects_objectypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION -); - -CREATE UNIQUE INDEX idx_clusterobjects_object ON openidm.clusterobjects (objecttypes_id,objectid); -CREATE INDEX fk_clusterobjects_objectypes ON openidm.clusterobjects (objecttypes_id); - -CREATE INDEX idx_json_clusterobjects_timestamp ON openidm.clusterobjects ( json_extract_path_text(fullobject, 'timestamp') ); -CREATE INDEX idx_json_clusterobjects_state ON openidm.clusterobjects ( json_extract_path_text(fullobject, 'state') ); -CREATE INDEX idx_json_clusterobjects_event_instanceid ON openidm.clusterobjects ( json_extract_path_text(fullobject, 'type'), json_extract_path_text(fullobject, 'instanceId') ); - --- ----------------------------------------------------- --- Table openidm.clusteredrecontargetids --- ----------------------------------------------------- - -CREATE TABLE openidm.clusteredrecontargetids ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - reconid VARCHAR(255) NOT NULL, - targetids JSON NOT NULL, - PRIMARY KEY (objectid) -); - -CREATE INDEX idx_clusteredrecontargetids_reconid ON openidm.clusteredrecontargetids (reconid); - --- ----------------------------------------------------- --- Table openidm.updateobjects --- ----------------------------------------------------- - -CREATE TABLE openidm.updateobjects ( - id BIGSERIAL NOT NULL, - objecttypes_id BIGINT NOT NULL, - objectid VARCHAR(255) NOT NULL, - rev VARCHAR(38) NOT NULL, - fullobject JSON, - PRIMARY KEY (id), - CONSTRAINT fk_updateobjects_objecttypes FOREIGN KEY (objecttypes_id) REFERENCES openidm.objecttypes (id) ON DELETE CASCADE ON UPDATE NO ACTION, - CONSTRAINT idx_updateobjects_object UNIQUE (objecttypes_id, objectid) -); - - - --- ----------------------------------------------------- --- Table openidm.syncqueue --- ----------------------------------------------------- -CREATE TABLE openidm.syncqueue ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - syncAction VARCHAR(38) NOT NULL, - resourceCollection VARCHAR(38) NOT NULL, - resourceId VARCHAR(255) NOT NULL, - mapping VARCHAR(255) NOT NULL, - objectRev VARCHAR(38) DEFAULT NULL, - oldObject JSON, - newObject JSON, - context JSON, - state VARCHAR(38) NOT NULL, - nodeId VARCHAR(255) DEFAULT NULL, - remainingRetries VARCHAR(38) NOT NULL, - createDate VARCHAR(38) NOT NULL, - PRIMARY KEY (objectid) -); -CREATE INDEX indx_syncqueue_mapping_state_createdate ON openidm.syncqueue (mapping, state, createDate); -CREATE INDEX indx_syncqueue_mapping_retries ON openidm.syncqueue (mapping, remainingRetries); - - --- ----------------------------------------------------- --- Table openidm.locks --- ----------------------------------------------------- - -CREATE TABLE openidm.locks ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - nodeid VARCHAR(255), - PRIMARY KEY (objectid) -); - -CREATE INDEX idx_locks_nodeid ON openidm.locks (nodeid); - - --- ----------------------------------------------------- --- Table openidm.files --- ----------------------------------------------------- - -CREATE TABLE openidm.files ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - content TEXT, - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.relationshipresources --- ----------------------------------------------------- -CREATE TABLE IF NOT EXISTS openidm.relationshipresources ( - originresourcecollection VARCHAR(255) NOT NULL, - originproperty VARCHAR(100) NOT NULL, - refresourcecollection VARCHAR(255) NOT NULL, - originfirst BOOL NOT NULL, - reverseproperty VARCHAR(100), - PRIMARY KEY ( originresourcecollection, originproperty, refresourcecollection, originfirst )); - -create or replace -function fn_relationshiprefs() returns trigger as -' -BEGIN - IF ( NEW.firstpropertyname IS NOT NULL ) THEN - INSERT INTO openidm.relationshipresources - ( originresourcecollection, - originproperty, - refresourcecollection, - originfirst, - reverseproperty) - VALUES ( NEW.firstresourcecollection, - NEW.firstpropertyname, - NEW.secondresourcecollection, - true, - NEW.secondpropertyname) - ON CONFLICT ( originresourcecollection, - originproperty, - refresourcecollection, - originfirst) DO NOTHING; - END IF; - IF ( NEW.secondpropertyname IS NOT NULL ) THEN - INSERT INTO openidm.relationshipresources - ( originresourcecollection, - originproperty, - refresourcecollection, - originfirst, - reverseproperty) - VALUES ( NEW.secondresourcecollection, - NEW.secondpropertyname, - NEW.firstresourcecollection, - false, - NEW.firstpropertyname) - ON CONFLICT ( originresourcecollection, - originproperty, - refresourcecollection, - originfirst) DO NOTHING; - END IF; - - RETURN NEW; -END; -' LANGUAGE plpgsql VOLATILE; - -CREATE TRIGGER trig_relationshiprefs BEFORE INSERT -ON openidm.relationships FOR EACH ROW -EXECUTE PROCEDURE fn_relationshiprefs(); diff --git a/helm/postgres-openidm/sql/02_default_schema_optimization.sql b/helm/postgres-openidm/sql/02_default_schema_optimization.sql deleted file mode 100644 index 70c40cfffa..0000000000 --- a/helm/postgres-openidm/sql/02_default_schema_optimization.sql +++ /dev/null @@ -1,46 +0,0 @@ --- This script is optional; run it after you have executed the 'createuser' and 'openidm' scripts. It is designed --- to optimize the performance of the queries used in the default repo.jdbc.json file for PostgreSQL and the default --- schema, along with the default UI. - --- This file has to be executed by a user with SUPERUSER privileges, so that the extension can be created. --- By default this is the 'postgres' user. For example: - --- psql -U postgres openidm < default_schema_optimization.sql - - --- These btree indexes are great for sorting and exact matches. -CREATE UNIQUE INDEX idx_json_managedobjects_userName ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'userName'), objecttypes_id ); -CREATE INDEX idx_json_managedobjects_givenName ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'givenName') ); -CREATE INDEX idx_json_managedobjects_sn ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'sn') ); -CREATE INDEX idx_json_managedobjects_mail ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'mail') ); -CREATE INDEX idx_json_managedobjects_accountStatus ON openidm.managedobjects - ( json_extract_path_text(fullobject, 'accountStatus') ); - --- The PosgreSQL contrib extension 'pg_trgm' is needed to perform fast LIKE queries. Be sure you have installed --- the 'postgresql-contrib' packages necessary to support it. - --- More info here http://www.depesz.com/2011/02/19/waiting-for-9-1-faster-likeilike/ - -create extension pg_trgm; - --- These "gin" indexes are great for performing LIKE operations. Use if you plan on doing --- a lot of these types of queries. Below are some examples you might create if you are --- using the default project schema with the default OpenIDM UI. Only enable these if you --- need to perform the LIKE queries, otherwise you will incur a cost on creation with no --- associated benefit. - -CREATE INDEX idx_json_managedobjects_userName_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'userName') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_givenName_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'givenName') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_sn_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'sn') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_mail_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'mail') gin_trgm_ops); -CREATE INDEX idx_json_managedobjects_accountStatus_gin ON openidm.managedobjects - USING gin (json_extract_path_text(fullobject, 'accountStatus') gin_trgm_ops); - diff --git a/helm/postgres-openidm/sql/03_audit.sql b/helm/postgres-openidm/sql/03_audit.sql deleted file mode 100644 index 39e67651c8..0000000000 --- a/helm/postgres-openidm/sql/03_audit.sql +++ /dev/null @@ -1,155 +0,0 @@ --- ----------------------------------------------------- --- Table openidm.auditauthentication --- ----------------------------------------------------- -CREATE TABLE openidm.auditauthentication ( - objectid VARCHAR(56) NOT NULL, - transactionid VARCHAR(255) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - eventname VARCHAR(50) DEFAULT NULL, - provider VARCHAR(255) DEFAULT NULL, - method VARCHAR(25) DEFAULT NULL, - result VARCHAR(255) DEFAULT NULL, - principals TEXT, - context TEXT, - entries TEXT, - trackingids TEXT, - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditaccess --- ----------------------------------------------------- - -CREATE TABLE openidm.auditaccess ( - objectid VARCHAR(56) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(255), - transactionid VARCHAR(255) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - server_ip VARCHAR(40), - server_port VARCHAR(5), - client_ip VARCHAR(40), - client_port VARCHAR(5), - request_protocol VARCHAR(255) NULL , - request_operation VARCHAR(255) NULL , - request_detail TEXT NULL , - http_request_secure VARCHAR(255) NULL , - http_request_method VARCHAR(255) NULL , - http_request_path VARCHAR(255) NULL , - http_request_queryparameters TEXT NULL , - http_request_headers TEXT NULL , - http_request_cookies TEXT NULL , - http_response_headers TEXT NULL , - response_status VARCHAR(255) NULL , - response_statuscode VARCHAR(255) NULL , - response_elapsedtime VARCHAR(255) NULL , - response_elapsedtimeunits VARCHAR(255) NULL , - response_detail TEXT NULL , - roles TEXT NULL , - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditconfig --- ----------------------------------------------------- - -CREATE TABLE openidm.auditconfig ( - objectid VARCHAR(56) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(255) DEFAULT NULL, - transactionid VARCHAR(255) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - runas VARCHAR(255) DEFAULT NULL, - configobjectid VARCHAR(255) NULL , - operation VARCHAR(255) NULL , - beforeObject TEXT, - afterObject TEXT, - changedfields TEXT DEFAULT NULL, - rev VARCHAR(255) DEFAULT NULL, - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditactivity --- ----------------------------------------------------- - -CREATE TABLE openidm.auditactivity ( - objectid VARCHAR(56) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(255) DEFAULT NULL, - transactionid VARCHAR(255) NOT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - runas VARCHAR(255) DEFAULT NULL, - activityobjectid VARCHAR(255) NULL , - operation VARCHAR(255) NULL , - subjectbefore TEXT, - subjectafter TEXT, - changedfields TEXT DEFAULT NULL, - subjectrev VARCHAR(255) DEFAULT NULL, - passwordchanged VARCHAR(5) DEFAULT NULL, - message TEXT, - provider VARCHAR(255) DEFAULT NULL, - context VARCHAR(25) DEFAULT NULL, - status VARCHAR(20), - PRIMARY KEY (objectid) -); - --- ----------------------------------------------------- --- Table openidm.auditrecon --- ----------------------------------------------------- - -CREATE TABLE openidm.auditrecon ( - objectid VARCHAR(56) NOT NULL, - transactionid VARCHAR(255) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(50) DEFAULT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - activity VARCHAR(24) DEFAULT NULL, - exceptiondetail TEXT, - linkqualifier VARCHAR(255) DEFAULT NULL, - mapping VARCHAR(511) DEFAULT NULL, - message TEXT, - messagedetail TEXT, - situation VARCHAR(24) DEFAULT NULL, - sourceobjectid VARCHAR(511) DEFAULT NULL, - status VARCHAR(20) DEFAULT NULL, - targetobjectid VARCHAR(511) DEFAULT NULL, - reconciling VARCHAR(12) DEFAULT NULL, - ambiguoustargetobjectids TEXT, - reconaction VARCHAR(36) DEFAULT NULL, - entrytype VARCHAR(7) DEFAULT NULL, - reconid VARCHAR(56) DEFAULT NULL, - PRIMARY KEY (objectid) -); - -CREATE INDEX idx_auditrecon_reconid ON openidm.auditrecon (reconid); -CREATE INDEX idx_auditrecon_entrytype ON openidm.auditrecon (entrytype); - --- ----------------------------------------------------- --- Table openidm.auditsync --- ----------------------------------------------------- - -CREATE TABLE openidm.auditsync ( - objectid VARCHAR(56) NOT NULL, - transactionid VARCHAR(255) NOT NULL, - activitydate VARCHAR(29) NOT NULL, - eventname VARCHAR(50) DEFAULT NULL, - userid VARCHAR(255) DEFAULT NULL, - trackingids TEXT, - activity VARCHAR(24) DEFAULT NULL, - exceptiondetail TEXT, - linkqualifier VARCHAR(255) DEFAULT NULL, - mapping VARCHAR(511) DEFAULT NULL, - message TEXT, - messagedetail TEXT, - situation VARCHAR(24) DEFAULT NULL, - sourceobjectid VARCHAR(511) DEFAULT NULL, - status VARCHAR(20) DEFAULT NULL, - targetobjectid VARCHAR(511) DEFAULT NULL, - PRIMARY KEY (objectid) -); \ No newline at end of file diff --git a/helm/postgres-openidm/sql/activiti.postgres.create.engine.sql b/helm/postgres-openidm/sql/activiti.postgres.create.engine.sql deleted file mode 100644 index 43529a3dfb..0000000000 --- a/helm/postgres-openidm/sql/activiti.postgres.create.engine.sql +++ /dev/null @@ -1,299 +0,0 @@ -create table ACT_GE_PROPERTY ( - NAME_ varchar(64), - VALUE_ varchar(300), - REV_ integer, - primary key (NAME_) -); - -insert into ACT_GE_PROPERTY -values ('schema.version', '5.15', 1); - -insert into ACT_GE_PROPERTY -values ('schema.history', 'create(5.15)', 1); - -insert into ACT_GE_PROPERTY -values ('next.dbid', '1', 1); - -create table ACT_GE_BYTEARRAY ( - ID_ varchar(64), - REV_ integer, - NAME_ varchar(255), - DEPLOYMENT_ID_ varchar(64), - BYTES_ bytea, - GENERATED_ boolean, - primary key (ID_) -); - -create table ACT_RE_DEPLOYMENT ( - ID_ varchar(64), - NAME_ varchar(255), - CATEGORY_ varchar(255), - TENANT_ID_ varchar(255) default '', - DEPLOY_TIME_ timestamp, - primary key (ID_) -); - -create table ACT_RE_MODEL ( - ID_ varchar(64) not null, - REV_ integer, - NAME_ varchar(255), - KEY_ varchar(255), - CATEGORY_ varchar(255), - CREATE_TIME_ timestamp, - LAST_UPDATE_TIME_ timestamp, - VERSION_ integer, - META_INFO_ varchar(4000), - DEPLOYMENT_ID_ varchar(64), - EDITOR_SOURCE_VALUE_ID_ varchar(64), - EDITOR_SOURCE_EXTRA_VALUE_ID_ varchar(64), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_EXECUTION ( - ID_ varchar(64), - REV_ integer, - PROC_INST_ID_ varchar(64), - BUSINESS_KEY_ varchar(255), - PARENT_ID_ varchar(64), - PROC_DEF_ID_ varchar(64), - SUPER_EXEC_ varchar(64), - ACT_ID_ varchar(255), - IS_ACTIVE_ boolean, - IS_CONCURRENT_ boolean, - IS_SCOPE_ boolean, - IS_EVENT_SCOPE_ boolean, - SUSPENSION_STATE_ integer, - CACHED_ENT_STATE_ integer, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_JOB ( - ID_ varchar(64) NOT NULL, - REV_ integer, - TYPE_ varchar(255) NOT NULL, - LOCK_EXP_TIME_ timestamp, - LOCK_OWNER_ varchar(255), - EXCLUSIVE_ boolean, - EXECUTION_ID_ varchar(64), - PROCESS_INSTANCE_ID_ varchar(64), - PROC_DEF_ID_ varchar(64), - RETRIES_ integer, - EXCEPTION_STACK_ID_ varchar(64), - EXCEPTION_MSG_ varchar(4000), - DUEDATE_ timestamp, - REPEAT_ varchar(255), - HANDLER_TYPE_ varchar(255), - HANDLER_CFG_ varchar(4000), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RE_PROCDEF ( - ID_ varchar(64) NOT NULL, - REV_ integer, - CATEGORY_ varchar(255), - NAME_ varchar(255), - KEY_ varchar(255) NOT NULL, - VERSION_ integer NOT NULL, - DEPLOYMENT_ID_ varchar(64), - RESOURCE_NAME_ varchar(4000), - DGRM_RESOURCE_NAME_ varchar(4000), - DESCRIPTION_ varchar(4000), - HAS_START_FORM_KEY_ boolean, - SUSPENSION_STATE_ integer, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_TASK ( - ID_ varchar(64), - REV_ integer, - EXECUTION_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - PROC_DEF_ID_ varchar(64), - NAME_ varchar(255), - PARENT_TASK_ID_ varchar(64), - DESCRIPTION_ varchar(4000), - TASK_DEF_KEY_ varchar(255), - OWNER_ varchar(255), - ASSIGNEE_ varchar(255), - DELEGATION_ varchar(64), - PRIORITY_ integer, - CREATE_TIME_ timestamp, - DUE_DATE_ timestamp, - CATEGORY_ varchar(255), - SUSPENSION_STATE_ integer, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_RU_IDENTITYLINK ( - ID_ varchar(64), - REV_ integer, - GROUP_ID_ varchar(255), - TYPE_ varchar(255), - USER_ID_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - PROC_DEF_ID_ varchar (64), - primary key (ID_) -); - -create table ACT_RU_VARIABLE ( - ID_ varchar(64) not null, - REV_ integer, - TYPE_ varchar(255) not null, - NAME_ varchar(255) not null, - EXECUTION_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - TASK_ID_ varchar(64), - BYTEARRAY_ID_ varchar(64), - DOUBLE_ double precision, - LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), - primary key (ID_) -); - -create table ACT_RU_EVENT_SUBSCR ( - ID_ varchar(64) not null, - REV_ integer, - EVENT_TYPE_ varchar(255) not null, - EVENT_NAME_ varchar(255), - EXECUTION_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - ACTIVITY_ID_ varchar(64), - CONFIGURATION_ varchar(255), - CREATED_ timestamp not null, - PROC_DEF_ID_ varchar(64), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create index ACT_IDX_EXEC_BUSKEY on ACT_RU_EXECUTION(BUSINESS_KEY_); -create index ACT_IDX_TASK_CREATE on ACT_RU_TASK(CREATE_TIME_); -create index ACT_IDX_IDENT_LNK_USER on ACT_RU_IDENTITYLINK(USER_ID_); -create index ACT_IDX_IDENT_LNK_GROUP on ACT_RU_IDENTITYLINK(GROUP_ID_); -create index ACT_IDX_EVENT_SUBSCR_CONFIG_ on ACT_RU_EVENT_SUBSCR(CONFIGURATION_); -create index ACT_IDX_VARIABLE_TASK_ID on ACT_RU_VARIABLE(TASK_ID_); - -create index ACT_IDX_BYTEAR_DEPL on ACT_GE_BYTEARRAY(DEPLOYMENT_ID_); -alter table ACT_GE_BYTEARRAY - add constraint ACT_FK_BYTEARR_DEPL - foreign key (DEPLOYMENT_ID_) - references ACT_RE_DEPLOYMENT (ID_); - -alter table ACT_RE_PROCDEF - add constraint ACT_UNIQ_PROCDEF - unique (KEY_,VERSION_, TENANT_ID_); - -create index ACT_IDX_EXE_PROCINST on ACT_RU_EXECUTION(PROC_INST_ID_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_EXE_PARENT on ACT_RU_EXECUTION(PARENT_ID_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_PARENT - foreign key (PARENT_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_EXE_SUPER on ACT_RU_EXECUTION(SUPER_EXEC_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_SUPER - foreign key (SUPER_EXEC_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_EXE_PROCDEF on ACT_RU_EXECUTION(PROC_DEF_ID_); -alter table ACT_RU_EXECUTION - add constraint ACT_FK_EXE_PROCDEF - foreign key (PROC_DEF_ID_) - references ACT_RE_PROCDEF (ID_); - - -create index ACT_IDX_TSKASS_TASK on ACT_RU_IDENTITYLINK(TASK_ID_); -alter table ACT_RU_IDENTITYLINK - add constraint ACT_FK_TSKASS_TASK - foreign key (TASK_ID_) - references ACT_RU_TASK (ID_); - -create index ACT_IDX_ATHRZ_PROCEDEF on ACT_RU_IDENTITYLINK(PROC_DEF_ID_); -alter table ACT_RU_IDENTITYLINK - add constraint ACT_FK_ATHRZ_PROCEDEF - foreign key (PROC_DEF_ID_) - references ACT_RE_PROCDEF (ID_); - -create index ACT_IDX_IDL_PROCINST on ACT_RU_IDENTITYLINK(PROC_INST_ID_); -alter table ACT_RU_IDENTITYLINK - add constraint ACT_FK_IDL_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_TASK_EXEC on ACT_RU_TASK(EXECUTION_ID_); -alter table ACT_RU_TASK - add constraint ACT_FK_TASK_EXE - foreign key (EXECUTION_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_TASK_PROCINST on ACT_RU_TASK(PROC_INST_ID_); -alter table ACT_RU_TASK - add constraint ACT_FK_TASK_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_TASK_PROCDEF on ACT_RU_TASK(PROC_DEF_ID_); -alter table ACT_RU_TASK - add constraint ACT_FK_TASK_PROCDEF - foreign key (PROC_DEF_ID_) - references ACT_RE_PROCDEF (ID_); - -create index ACT_IDX_VAR_EXE on ACT_RU_VARIABLE(EXECUTION_ID_); -alter table ACT_RU_VARIABLE - add constraint ACT_FK_VAR_EXE - foreign key (EXECUTION_ID_) - references ACT_RU_EXECUTION (ID_); - -create index ACT_IDX_VAR_PROCINST on ACT_RU_VARIABLE(PROC_INST_ID_); -alter table ACT_RU_VARIABLE - add constraint ACT_FK_VAR_PROCINST - foreign key (PROC_INST_ID_) - references ACT_RU_EXECUTION(ID_); - -create index ACT_IDX_VAR_BYTEARRAY on ACT_RU_VARIABLE(BYTEARRAY_ID_); -alter table ACT_RU_VARIABLE - add constraint ACT_FK_VAR_BYTEARRAY - foreign key (BYTEARRAY_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_JOB_EXCEPTION on ACT_RU_JOB(EXCEPTION_STACK_ID_); -alter table ACT_RU_JOB - add constraint ACT_FK_JOB_EXCEPTION - foreign key (EXCEPTION_STACK_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_EVENT_SUBSCR on ACT_RU_EVENT_SUBSCR(EXECUTION_ID_); -alter table ACT_RU_EVENT_SUBSCR - add constraint ACT_FK_EVENT_EXEC - foreign key (EXECUTION_ID_) - references ACT_RU_EXECUTION(ID_); - -create index ACT_IDX_MODEL_SOURCE on ACT_RE_MODEL(EDITOR_SOURCE_VALUE_ID_); -alter table ACT_RE_MODEL - add constraint ACT_FK_MODEL_SOURCE - foreign key (EDITOR_SOURCE_VALUE_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_MODEL_SOURCE_EXTRA on ACT_RE_MODEL(EDITOR_SOURCE_EXTRA_VALUE_ID_); -alter table ACT_RE_MODEL - add constraint ACT_FK_MODEL_SOURCE_EXTRA - foreign key (EDITOR_SOURCE_EXTRA_VALUE_ID_) - references ACT_GE_BYTEARRAY (ID_); - -create index ACT_IDX_MODEL_DEPLOYMENT on ACT_RE_MODEL(DEPLOYMENT_ID_); -alter table ACT_RE_MODEL - add constraint ACT_FK_MODEL_DEPLOYMENT - foreign key (DEPLOYMENT_ID_) - references ACT_RE_DEPLOYMENT (ID_); diff --git a/helm/postgres-openidm/sql/activiti.postgres.create.history.sql b/helm/postgres-openidm/sql/activiti.postgres.create.history.sql deleted file mode 100644 index b9a458db53..0000000000 --- a/helm/postgres-openidm/sql/activiti.postgres.create.history.sql +++ /dev/null @@ -1,151 +0,0 @@ -create table ACT_HI_PROCINST ( - ID_ varchar(64) not null, - PROC_INST_ID_ varchar(64) not null, - BUSINESS_KEY_ varchar(255), - PROC_DEF_ID_ varchar(64) not null, - START_TIME_ timestamp not null, - END_TIME_ timestamp, - DURATION_ bigint, - START_USER_ID_ varchar(255), - START_ACT_ID_ varchar(255), - END_ACT_ID_ varchar(255), - SUPER_PROCESS_INSTANCE_ID_ varchar(64), - DELETE_REASON_ varchar(4000), - TENANT_ID_ varchar(255) default '', - primary key (ID_), - unique (PROC_INST_ID_) -); - -create table ACT_HI_ACTINST ( - ID_ varchar(64) not null, - PROC_DEF_ID_ varchar(64) not null, - PROC_INST_ID_ varchar(64) not null, - EXECUTION_ID_ varchar(64) not null, - ACT_ID_ varchar(255) not null, - TASK_ID_ varchar(64), - CALL_PROC_INST_ID_ varchar(64), - ACT_NAME_ varchar(255), - ACT_TYPE_ varchar(255) not null, - ASSIGNEE_ varchar(255), - START_TIME_ timestamp not null, - END_TIME_ timestamp, - DURATION_ bigint, - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_HI_TASKINST ( - ID_ varchar(64) not null, - PROC_DEF_ID_ varchar(64), - TASK_DEF_KEY_ varchar(255), - PROC_INST_ID_ varchar(64), - EXECUTION_ID_ varchar(64), - NAME_ varchar(255), - PARENT_TASK_ID_ varchar(64), - DESCRIPTION_ varchar(4000), - OWNER_ varchar(255), - ASSIGNEE_ varchar(255), - START_TIME_ timestamp not null, - CLAIM_TIME_ timestamp, - END_TIME_ timestamp, - DURATION_ bigint, - DELETE_REASON_ varchar(4000), - PRIORITY_ integer, - DUE_DATE_ timestamp, - FORM_KEY_ varchar(255), - CATEGORY_ varchar(255), - TENANT_ID_ varchar(255) default '', - primary key (ID_) -); - -create table ACT_HI_VARINST ( - ID_ varchar(64) not null, - PROC_INST_ID_ varchar(64), - EXECUTION_ID_ varchar(64), - TASK_ID_ varchar(64), - NAME_ varchar(255) not null, - VAR_TYPE_ varchar(100), - REV_ integer, - BYTEARRAY_ID_ varchar(64), - DOUBLE_ double precision, - LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), - CREATE_TIME_ timestamp, - LAST_UPDATED_TIME_ timestamp, - primary key (ID_) -); - -create table ACT_HI_DETAIL ( - ID_ varchar(64) not null, - TYPE_ varchar(255) not null, - PROC_INST_ID_ varchar(64), - EXECUTION_ID_ varchar(64), - TASK_ID_ varchar(64), - ACT_INST_ID_ varchar(64), - NAME_ varchar(255) not null, - VAR_TYPE_ varchar(64), - REV_ integer, - TIME_ timestamp not null, - BYTEARRAY_ID_ varchar(64), - DOUBLE_ double precision, - LONG_ bigint, - TEXT_ varchar(4000), - TEXT2_ varchar(4000), - primary key (ID_) -); - -create table ACT_HI_COMMENT ( - ID_ varchar(64) not null, - TYPE_ varchar(255), - TIME_ timestamp not null, - USER_ID_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - ACTION_ varchar(255), - MESSAGE_ varchar(4000), - FULL_MSG_ bytea, - primary key (ID_) -); - -create table ACT_HI_ATTACHMENT ( - ID_ varchar(64) not null, - REV_ integer, - USER_ID_ varchar(255), - NAME_ varchar(255), - DESCRIPTION_ varchar(4000), - TYPE_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - URL_ varchar(4000), - CONTENT_ID_ varchar(64), - primary key (ID_) -); - -create table ACT_HI_IDENTITYLINK ( - ID_ varchar(64), - GROUP_ID_ varchar(255), - TYPE_ varchar(255), - USER_ID_ varchar(255), - TASK_ID_ varchar(64), - PROC_INST_ID_ varchar(64), - primary key (ID_) -); - - -create index ACT_IDX_HI_PRO_INST_END on ACT_HI_PROCINST(END_TIME_); -create index ACT_IDX_HI_PRO_I_BUSKEY on ACT_HI_PROCINST(BUSINESS_KEY_); -create index ACT_IDX_HI_ACT_INST_START on ACT_HI_ACTINST(START_TIME_); -create index ACT_IDX_HI_ACT_INST_END on ACT_HI_ACTINST(END_TIME_); -create index ACT_IDX_HI_DETAIL_PROC_INST on ACT_HI_DETAIL(PROC_INST_ID_); -create index ACT_IDX_HI_DETAIL_ACT_INST on ACT_HI_DETAIL(ACT_INST_ID_); -create index ACT_IDX_HI_DETAIL_TIME on ACT_HI_DETAIL(TIME_); -create index ACT_IDX_HI_DETAIL_NAME on ACT_HI_DETAIL(NAME_); -create index ACT_IDX_HI_DETAIL_TASK_ID on ACT_HI_DETAIL(TASK_ID_); -create index ACT_IDX_HI_PROCVAR_PROC_INST on ACT_HI_VARINST(PROC_INST_ID_); -create index ACT_IDX_HI_PROCVAR_NAME_TYPE on ACT_HI_VARINST(NAME_, VAR_TYPE_); -create index ACT_IDX_HI_ACT_INST_PROCINST on ACT_HI_ACTINST(PROC_INST_ID_, ACT_ID_); -create index ACT_IDX_HI_ACT_INST_EXEC on ACT_HI_ACTINST(EXECUTION_ID_, ACT_ID_); -create index ACT_IDX_HI_IDENT_LNK_USER on ACT_HI_IDENTITYLINK(USER_ID_); -create index ACT_IDX_HI_IDENT_LNK_TASK on ACT_HI_IDENTITYLINK(TASK_ID_); -create index ACT_IDX_HI_IDENT_LNK_PROCINST on ACT_HI_IDENTITYLINK(PROC_INST_ID_); \ No newline at end of file diff --git a/helm/postgres-openidm/sql/activiti.postgres.create.identity.sql b/helm/postgres-openidm/sql/activiti.postgres.create.identity.sql deleted file mode 100644 index a007e23e72..0000000000 --- a/helm/postgres-openidm/sql/activiti.postgres.create.identity.sql +++ /dev/null @@ -1,48 +0,0 @@ -create table ACT_ID_GROUP ( - ID_ varchar(64), - REV_ integer, - NAME_ varchar(255), - TYPE_ varchar(255), - primary key (ID_) -); - -create table ACT_ID_MEMBERSHIP ( - USER_ID_ varchar(64), - GROUP_ID_ varchar(64), - primary key (USER_ID_, GROUP_ID_) -); - -create table ACT_ID_USER ( - ID_ varchar(64), - REV_ integer, - FIRST_ varchar(255), - LAST_ varchar(255), - EMAIL_ varchar(255), - PWD_ varchar(255), - PICTURE_ID_ varchar(64), - primary key (ID_) -); - -create table ACT_ID_INFO ( - ID_ varchar(64), - REV_ integer, - USER_ID_ varchar(64), - TYPE_ varchar(64), - KEY_ varchar(255), - VALUE_ varchar(255), - PASSWORD_ bytea, - PARENT_ID_ varchar(255), - primary key (ID_) -); - -create index ACT_IDX_MEMB_GROUP on ACT_ID_MEMBERSHIP(GROUP_ID_); -alter table ACT_ID_MEMBERSHIP - add constraint ACT_FK_MEMB_GROUP - foreign key (GROUP_ID_) - references ACT_ID_GROUP (ID_); - -create index ACT_IDX_MEMB_USER on ACT_ID_MEMBERSHIP(USER_ID_); -alter table ACT_ID_MEMBERSHIP - add constraint ACT_FK_MEMB_USER - foreign key (USER_ID_) - references ACT_ID_USER (ID_); diff --git a/helm/postgres-openidm/sql/sample-explicit-managed-user.sql b/helm/postgres-openidm/sql/sample-explicit-managed-user.sql deleted file mode 100644 index 983fcb5601..0000000000 --- a/helm/postgres-openidm/sql/sample-explicit-managed-user.sql +++ /dev/null @@ -1,33 +0,0 @@ -DROP TABLE IF EXISTS openidm.managed_user; - -CREATE TABLE openidm.managed_user ( - objectid VARCHAR(38) NOT NULL, - rev VARCHAR(38) NOT NULL, - username VARCHAR(255), - password VARCHAR(511), - accountstatus VARCHAR(255), - postalcode VARCHAR(255), - stateprovince VARCHAR(255), - postaladdress VARCHAR(255), - address2 VARCHAR(255), - country VARCHAR(255), - city VARCHAR(255), - givenname VARCHAR(255), - description VARCHAR(255), - sn VARCHAR(255), - telephonenumber VARCHAR(255), - mail VARCHAR(255), - kbainfo TEXT, - lastsync TEXT, - preferences TEXT, - consentedmappings TEXT, - effectiveassignments TEXT, - effectiveroles TEXT, - effectiveauthzroles TEXT, - PRIMARY KEY (objectid)); - -CREATE UNIQUE INDEX idx_managed_user_userName ON openidm.managed_user (username ASC); -CREATE INDEX idx_managed_user_givenName ON openidm.managed_user (givenname ASC); -CREATE INDEX idx_managed_user_sn ON openidm.managed_user (sn ASC); -CREATE INDEX idx_managed_user_mail ON openidm.managed_user (mail ASC); -CREATE INDEX idx_managed_user_accountStatus ON openidm.managed_user (accountstatus ASC); \ No newline at end of file diff --git a/helm/postgres-openidm/templates/NOTES.txt b/helm/postgres-openidm/templates/NOTES.txt deleted file mode 100644 index 30960e6ef9..0000000000 --- a/helm/postgres-openidm/templates/NOTES.txt +++ /dev/null @@ -1,14 +0,0 @@ -PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster: -{{ template "fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To get your user password run: - - PGPASSWORD=$(printf $(printf '\%o' `kubectl get secret --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath="{.data.postgres-password[*]}"`);echo) - -To connect to your database run the following command (using the env variable from above): - - kubectl run {{ template "fullname" . }}-client --rm --tty -i --image postgres \ - --env "PGPASSWORD=$PGPASSWORD" \ - --command -- psql -U {{ default "postgres" .Values.postgresUser }} \ - -h {{ template "fullname" . }} {{ default "postgres" .Values.postgresDatabase }} - diff --git a/helm/postgres-openidm/templates/_helpers.tpl b/helm/postgres-openidm/templates/_helpers.tpl deleted file mode 100644 index b5e6c62ccf..0000000000 --- a/helm/postgres-openidm/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} \ No newline at end of file diff --git a/helm/postgres-openidm/templates/config-map.yaml b/helm/postgres-openidm/templates/config-map.yaml deleted file mode 100644 index bda114fcd8..0000000000 --- a/helm/postgres-openidm/templates/config-map.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: openidm-sql -data: -{{ (.Files.Glob "sql/*").AsConfig | indent 2 }} \ No newline at end of file diff --git a/helm/postgres-openidm/templates/deployment.yaml b/helm/postgres-openidm/templates/deployment.yaml deleted file mode 100644 index 86daacdf39..0000000000 --- a/helm/postgres-openidm/templates/deployment.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: postgres-openidm - labels: - app: postgres-openidm - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - template: - metadata: - labels: - app: postgres-openidm - spec: - initContainers: - # This cleans up the lost+found at the root of pgdata. Postgres will not start if this directory is present. - - name: init - image: "busybox:1.25.0" - imagePullPolicy: IfNotPresent - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data/pgdata - command: ["rm", "-fr", "/var/lib/postgresql/data/pgdata/lost+found"] - containers: - - name: postgres - image: "{{.Values.postgres.image}}:{{ .Values.postgres.tag }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.imagePullPolicy | quote }} - env: - - name: POSTGRES_USER - value: {{ default "postgres" .Values.postgresUser | quote }} - # Required for pg_isready in the health probes. - - name: PGUSER - value: {{ default "postgres" .Values.postgresUser | quote }} - - name: POSTGRES_DB - value: {{ default "" .Values.postgresDatabase | quote }} - - name: PGDATA - value: /var/lib/postgresql/data/pgdata - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "name" . }} - key: postgres-password - # Adding the default values here just to provide a place to tune further - args: ['-c','shared_buffers=128MB','-c','max_connections=100'] - ports: - - name: postgresql - containerPort: 5432 - livenessProbe: - exec: - command: - - pg_isready - initialDelaySeconds: 30 - timeoutSeconds: 3 - readinessProbe: - exec: - command: - - pg_isready - initialDelaySeconds: 30 - timeoutSeconds: 3 - resources: -{{ toYaml .Values.resources | indent 10 }} - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data/pgdata - - name: sql - mountPath: /docker-entrypoint-initdb.d -{{- if .Values.metrics.enabled }} - - name: metrics - image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}" - imagePullPolicy: {{ default "" .Values.metrics.imagePullPolicy | quote }} - env: - - name: DATA_SOURCE_NAME - value: postgresql://postgres@localhost:5432?sslmode=disable - ports: - - name: metrics - containerPort: 9187 - resources: -{{ toYaml .Values.metrics.resources | indent 10 }} -{{- end }} - volumes: - - name: sql - configMap: - name: openidm-sql - - name: data - {{- if .Values.persistence }} - persistentVolumeClaim: - # If you want to run multiple instances in the same namespace, uncomment below: - #claimName: {{ template "fullname" . }} - claimName: postgres-openidm - {{- else }} - emptyDir: {} - {{- end -}} \ No newline at end of file diff --git a/helm/postgres-openidm/templates/pvc.yaml b/helm/postgres-openidm/templates/pvc.yaml deleted file mode 100644 index 586a1a8784..0000000000 --- a/helm/postgres-openidm/templates/pvc.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.persistence }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - # If you want multiple openidm repos per namespace, you must use a unique generated name below: - # name: {{ template "fullname" . }} - name: postgres-openidm - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - accessModes: - - {{ .Values.accessMode | quote }} - {{- if .Values.storageClass }} - storageClassName: {{ .Values.storageClass }} - {{ end }} - resources: - requests: - storage: {{ .Values.storageSize | quote }} -{{- end }} diff --git a/helm/postgres-openidm/templates/secrets.yaml b/helm/postgres-openidm/templates/secrets.yaml deleted file mode 100644 index b881e2981f..0000000000 --- a/helm/postgres-openidm/templates/secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - {{ if .Values.postgresPassword }} - postgres-password: {{ .Values.postgresPassword | b64enc | quote }} - {{ else }} - postgres-password: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} \ No newline at end of file diff --git a/helm/postgres-openidm/templates/svc.yaml b/helm/postgres-openidm/templates/svc.yaml deleted file mode 100644 index c51ed82adb..0000000000 --- a/helm/postgres-openidm/templates/svc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: postgresql - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.metrics.enabled }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" -{{- end }} -spec: - ports: - - name: postgresql - port: 5432 - targetPort: postgresql - selector: - app: postgres-openidm \ No newline at end of file diff --git a/helm/postgres-openidm/values.yaml b/helm/postgres-openidm/values.yaml deleted file mode 100644 index 5568372b21..0000000000 --- a/helm/postgres-openidm/values.yaml +++ /dev/null @@ -1,53 +0,0 @@ - - -## Specify a imagePullPolicy. -## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'. -## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images. -## -# imagePullPolicy: - -## Create a database user. -## Default: postgres -# postgresUser: -## Default: random 10 character string -# postgresPassword: - -## Create a database -## Default: the postgres user -# postgresDatabase: - -# For postgres we use the standard vanilla image on the Docker hub. -postgres: - image: postgres - tag: 10.5-alpine - -postgresUser: openidm -postgresPassword: openidm - -## Persist data -persistence: true - -accessMode: ReadWriteOnce -#storageClass: standard -storageSize: 8Gi - - -# The metrics configuration has been taken from the master Helm postgres chart -# This has not been tested. -metrics: - enabled: false - image: wrouesnel/postgres_exporter - imageTag: v0.1.1 - imagePullPolicy: IfNotPresent - resources: - requests: - memory: 256Mi - cpu: 100m - -## Configure resource requests and limits. -## ref: http://kubernetes.io/docs/user-guide/compute-resources/. -## -resources: - requests: - memory: 256Mi - cpu: 100m diff --git a/helm/web/.helmignore b/helm/web/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/helm/web/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/helm/web/Chart.yaml b/helm/web/Chart.yaml deleted file mode 100644 index 248428bb6d..0000000000 --- a/helm/web/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: Simple Landing Page for ForgeOps -name: web -version: 7.0.0 - diff --git a/helm/web/README.md b/helm/web/README.md deleted file mode 100644 index 692e4e3df4..0000000000 --- a/helm/web/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Web chart - -A super simple landing page for ForgeOps. - -Deploys by default to http://{{ namespace }}{{ domain }} \ No newline at end of file diff --git a/helm/web/templates/NOTES.txt b/helm/web/templates/NOTES.txt deleted file mode 100644 index eafa0bf944..0000000000 --- a/helm/web/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ - - -Open https://{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}/web diff --git a/helm/web/templates/_helpers.tpl b/helm/web/templates/_helpers.tpl deleted file mode 100644 index b2edb44c0b..0000000000 --- a/helm/web/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "web.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "web.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "web.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/helm/web/templates/configmap.yaml b/helm/web/templates/configmap.yaml deleted file mode 100644 index 69403567dd..0000000000 --- a/helm/web/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "web.fullname" . }} -data: - index.html: | - - -

ForgeOps Deployment

-

Deployment Information

- - - -
Namespace: {{ .Release.Namespace }}
Helm Release: {{ .Release.Name }}
- -

Links

- - \ No newline at end of file diff --git a/helm/web/templates/deployment.yaml b/helm/web/templates/deployment.yaml deleted file mode 100644 index 2db871cba0..0000000000 --- a/helm/web/templates/deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: {{ template "web.fullname" . }} - labels: - app: {{ template "web.name" . }} - chart: {{ template "web.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "web.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "web.name" . }} - release: {{ .Release.Name }} - spec: - volumes: - - name: html - configMap: - name: {{ template "web.fullname" . }} - containers: - - name: {{ .Chart.Name }} - image: nginx:latest - imagePullPolicy: IfNotPresent - ports: - - name: http - containerPort: 80 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - volumeMounts: - - name: html - mountPath: /usr/share/nginx/html - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/helm/web/templates/ingress.yaml b/helm/web/templates/ingress.yaml deleted file mode 100644 index 61ea4b89af..0000000000 --- a/helm/web/templates/ingress.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "web.fullname" . -}} -{{- $ingressPath := .Values.ingress.path -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app: {{ template "web.name" . }} - chart: {{ template "web.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{ end }} - -spec: - tls: - - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - #secretName: {{ printf "wildcard.%s%s" .Release.Namespace .Values.domain }} - rules: - - host: "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - http: - paths: - - path: {{ .Values.ingress.path }} - backend: - serviceName: {{ template "web.name" . }} - servicePort: {{ .Values.service.port }} -{{- end }} diff --git a/helm/web/templates/service.yaml b/helm/web/templates/service.yaml deleted file mode 100644 index fb3a8cbbe1..0000000000 --- a/helm/web/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - app: {{ template "web.name" . }} - chart: {{ template "web.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app: {{ template "web.name" . }} - release: {{ .Release.Name }} diff --git a/helm/web/templates/virtual-service.yaml b/helm/web/templates/virtual-service.yaml deleted file mode 100644 index ebade34c6c..0000000000 --- a/helm/web/templates/virtual-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ if .Values.istio.enabled }} -# Istio virtual service for ig. We route /ig/* to OpenIG -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ .Values.component }} -spec: - hosts: - - "{{ .Release.Namespace }}.{{.Values.subdomain }}.{{ .Values.domain }}" - # The gateway referenced here is defined in the frconfig/ chart. - gateways: - - iam-gateway - http: - - match: - - uri: - prefix: /web - rewrite: - uri: / - route: - - destination: - host: {{ .Values.service.name }} - port: - number: {{ .Values.service.port }} -{{ end }} \ No newline at end of file diff --git a/helm/web/values.yaml b/helm/web/values.yaml deleted file mode 100644 index 32c967fe5d..0000000000 --- a/helm/web/values.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Default values for web. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -domain: example.com -subdomain: iam - -component: web - -service: - name: web - type: ClusterIP - port: 80 - -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/rewrite-target: "/" - path: /web - #rewritePath: /path - - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -istio: - enabled: false \ No newline at end of file diff --git a/kustomize/README.md b/kustomize/README.md index ede69d87ad..a66bda90db 100644 --- a/kustomize/README.md +++ b/kustomize/README.md @@ -1,21 +1,17 @@ -# Kustomize +# Kustomize This folder provides [Kustomize](https://kubectl.docs.kubernetes.io/pages/app_customization/introduction.html) artifacts for deploying the ForgeRock platform. -[ship](https://www.replicated.com/ship/) was used to generate the kustomize from our exiting helm charts. - -The organization is experimental - feedback welcome. - If you are not familiar with Kustomize, please read the document link above - the explanation below will make a lot more sense. TL;DR; - Kustomize is based on patching (json patch and strategic merge patch) and overlays. -You create base assets (K8S yaml files), and patch those. Those in turn can be used as a new base, and so on. You can nest these to any +You create base assets (K8S yaml files), and patch those. Those in turn can be used as a new base, and so on. You can nest these to any arbitrary depth. ## Organization -The base directory folder includes the products (am, idm, ig, ds) and the "overlay" folder includes the environments. +The base directory folder includes the products (am, idm, ig, ds) and the "overlay" folder includes the environments. Environments pull together the products into a kustomize deployment. See `./overlay/{version}/all` for an example. ## Viewing the Kustomize output @@ -36,7 +32,7 @@ specific to a registry ( `gcr.io/forgerock-io/am:7.0.1` ). We can not directly deploy these generic images, because we need a docker image that has the configuration "baked in". This is where skaffold comes in to the picture. -Skaffold will build new docker images that include configuration, and will +Skaffold will build new docker images that include configuration, and will "fix up" the docker image tags in kustomize, replacing the generic names (`am`) with a specific image name, tagged with a sha hash (dev mode) or a git hash (prod).