Merge pull request #10 from pingidentity/master

AD-8971 - Update with head repository Jul'24

.github/workflows/docs.yaml

@@ -1,5 +1,6 @@
 name: Deploy Docs
 on:
+  workflow_dispatch:
   push:
     branches:
       - master

DISCLAIMER

@@ -1,5 +1,5 @@
 /***************************************************************************
- * Copyright (C) 2023 Ping Identity Corporation
+ * Copyright (C) 2024 Ping Identity Corporation
  * All rights reserved.
  *
  *      Ping Identity Corporation

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2023 Ping Identity Corp.
+   Copyright 2024 Ping Identity Corp.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -4,4 +4,4 @@ This repository contains the Ping Identity Helm charts used for deploying Ping I
 
 The complete collection of documentation for our Helm charts and other resources is located [here](https://helm.pingidentity.com).
 
-See [Ping Identity's DevOps Page](https://devops.pingidentity.com) for additional resources.
+See [Ping Identity's DevOps Page](https://devops.pingidentity.com) for additional resources.

charts/ping-devops/Chart.yaml

@@ -4,11 +4,11 @@
 apiVersion: v2
 name: ping-devops
 ########################################################################
-# 0.9.21 - Refer to http://helm.pingidentity.com/release-notes/currentRelease
+# 0.10.6 - Refer to http://helm.pingidentity.com/release-notes/currentRelease
 ########################################################################
-version: 0.9.21
-description: Ping Identity helm charts - 12/04/2023
+version: 0.10.6
+description: Ping Identity helm charts - 07/02/2024
 type: application
 home: https://helm.pingidentity.com/
 icon: https://helm.pingidentity.com/img/logos/ping.png
-appVersion: "2311"
+appVersion: "2406"

charts/ping-devops/templates/pinglib/_ingress.tpl

@@ -16,6 +16,9 @@ metadata:
   name: {{ include "pinglib.fullname" . }}
   annotations: {{ toYaml $v.ingress.annotations  | nindent 4 }}
 spec:
+  {{- if and $v.ingress.spec $v.ingress.spec.ingressClassName }}
+  ingressClassName: {{ $v.ingress.spec.ingressClassName }}
+  {{- end}}
   {{- if $v.ingress.tls }}
   tls:
   {{- range $v.ingress.tls }}

charts/ping-devops/templates/pinglib/_workload.tpl

@@ -215,6 +215,11 @@ spec:
         {{- if $v.utilitySidecar.volumes }}
           {{ toYaml $v.utilitySidecar.volumes | nindent 8 }}
         {{- end }}
+        # Environment variables for sidecar
+        {{- if $v.utilitySidecar.env }}
+        env:
+          {{ toYaml $v.utilitySidecar.env | nindent 10 }}
+        {{- end }}
       {{- end }}
 
       {{/*---------------- Security Context -------------*/}}
@@ -258,12 +263,13 @@ spec:
       {{/*--------------------- Volumes (defined in product.workload.volumes) ------------------*/}}
       {{- include "pinglib.workload.volumes" $v | nindent 6 }}
 
-  {{/*----------------- VolumeClameTemplates ------------------*/}}
+  {{/*----------------- VolumeClaimTemplates ------------------*/}}
   {{- if and (eq $v.workload.type "StatefulSet") $v.workload.statefulSet.persistentvolume.enabled }}
   volumeClaimTemplates:
   {{- range $volName, $val := $v.workload.statefulSet.persistentvolume.volumes }}
   - metadata:
       name: {{ $volName }}{{ if eq "none" $v.addReleaseNameToResource }}-{{ $top.Release.Name }}{{ end }}
+      annotations: {{ toYaml $v.annotations | nindent 8 }}
     spec:
       {{ toYaml $val.persistentVolumeClaim | nindent 6 }}
   {{- end }}

charts/ping-devops/values.yaml

@@ -69,16 +69,19 @@ global:
   #
   # @param    global.ingress.annotations
   # @default  {}
+  #
+  # @param    global.ingress.spec.ingressClassName
   ############################################################
   ingress:
     enabled: false
     addReleaseNameToHost: subdomain
     defaultDomain: example.com
     defaultTlsSecret:
     annotations: {}
-      # nginx example
-      # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-      # kubernetes.io/ingress.class: "nginx-public"
+#    nginx annotation example with spec classname
+#      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    spec: {}
+#      ingressClassName: nginx-public
 
   ############################################################
   # Internal Certificates
@@ -189,7 +192,7 @@ global:
   # By default the images uses will be indicated by these
   # variables.  An example might look like:
   #
-  #   pingidentity/pingdataconsole:2311 (November, 2023)
+  #   pingidentity/pingdataconsole:2406 (June, 2024)
   #
   # @param    global.image.repository Default image registry
   # @desc     is not the fully-qualified name of the image
@@ -205,7 +208,7 @@ global:
   # @desc     Example: image.name: pingfederate
   #
   # @param    global.image.tag Default image tag
-  # @default  2311
+  # @default  2406
   #
   # @param    global.image.pullPolicy Default image pull policy
   # @default  IfNotPresent
@@ -214,7 +217,7 @@ global:
     repository: pingidentity
     repositoryFqn:
     name:
-    tag: "2311"
+    tag: "2406"
     pullPolicy: IfNotPresent
 
   ############################################################
@@ -755,6 +758,8 @@ global:
   #
   # @param    global.utilitySidecar.resources Set k8s resources yaml for the sidecar spec
   # @default  1 CPU and 2g memory limit, 0 CPU and 128Mi memory request
+  #
+  # @param    global.utilitySidecar.env Environment variables for the sidecar
   utilitySidecar:
     enabled: false
     # CSD and other command line tools can require a lot of resources.
@@ -766,6 +771,10 @@ global:
       requests:
         cpu: "0"
         memory: "128Mi"
+    # Environment variables for the sidecar if needed
+    # env:
+    #   - name: LOG_LEVEL
+    #     value: "INFO"
 
   #############################################################
   # Includes for sidecars, initContainers and volumes
@@ -799,7 +808,7 @@ sidecars: {}
 # sidecars:
 #   logger:
 #     name: log-container
-#     image: pingidentity/pingtoolkit:2311
+#     image: pingidentity/pingtoolkit:2406
 #     volumeMounts:
 #       - mountPath: /tmp/logs/
 #         name: logger
@@ -816,7 +825,7 @@ initContainers: {}
 # initContainers:
 #   init-example:
 #     name: 01-init
-#     image: pingidentity/pingtoolkit:2311
+#     image: pingidentity/pingtoolkit:2406
 #     command: ['sh', '-c', 'echo "InitContainer 1"']
 
 #############################################################
@@ -865,7 +874,7 @@ ldap-sdk-tools:
     name: ldap-sdk-tools
     repository: pingidentity
     repositoryFqn:
-    tag: "2311"
+    tag: "2406"
     pullPolicy: IfNotPresent
 
   container:
@@ -1615,6 +1624,8 @@ pingintelligence:
   name: pingintelligence
   image:
     name: pingintelligence
+    # pingintelligence is not being built as of release 2406
+    tag: "2405"
   volumes:
     - name: dshm
       emptyDir:
@@ -1664,7 +1675,7 @@ pd-replication-timing:
     name: pingtoolkit
     repository: pingidentity
     repositoryFqn:
-    tag: "2311"
+    tag: "2406"
     pullPolicy: IfNotPresent
 
   envs:
@@ -1686,7 +1697,7 @@ pingtoolkit:
     name: pingtoolkit
     repository: pingidentity
     repositoryFqn:
-    tag: "2311"
+    tag: "2406"
     pullPolicy: IfNotPresent
 
 #############################################################

CONTRIBUTING.md → docs/CONTRIBUTING.md

@@ -1,15 +1,15 @@
 # Contributing to the Ping Identity DevOps Program
 
-Thanks for taking the time to contribute!
+Thanks for taking the time to help us improve our Helm chart!
 
 ## How can I contribute?
 
 ### Reporting bugs
 
 #### How do I submit a bug report?
 
-Bugs are tracked as [GitHub issues](https://guides.github.com/features/issues/). You can report a bug by submitting an issue in the project's issue tracker. 
-To help the maintainers understand and reproduce the problem, please try to provide information like the following:
+Bugs are tracked as [GitHub issues](https://github.com/pingidentity/helm-charts/issues/). You can report a bug by submitting an issue in the project's issue tracker.
+To help the maintainers understand and reproduce the problem, please try to provide information such as following:
 
 * A clear and descriptive title.
 * A description of what happened and a description of what you expected to happen.
@@ -19,9 +19,9 @@ Please understand that bug reports are reviewed and prioritized internally, and
 
 #### Suggesting enhancements
 
-As with bugs, requests are tracked as [GitHub issues](https://guides.github.com/features/issues/). You can suggest an enhancement by submitting an issue in the project's issue tracker.
+As with bugs, requests are tracked as [GitHub issues](https://github.com/pingidentity/helm-charts/issues/). You can suggest an enhancement by submitting an issue in the project's issue tracker.
 
-Please understand that enhancement requests are reviewed and prioritized internally, and we may not be able to address all requests or provide an estimated time for resolution.
+Please understand that enhancement requests are handled in the same way as bug reports, and we may not be able to address all enhancement requests or provide an estimated time for resolution.
 
 #### Alternate routes for submitting bugs and suggesting enhancements
 

docs/config/ingress.md

@@ -9,11 +9,12 @@ Default yaml defined in the global ingress section, followed by definitions for
 ```yaml
 global:
   ingress:
-    enabled: true
+    enabled: false
     addReleaseNameToHost: subdomain
     defaultDomain: example.com
     defaultTlsSecret:
     annotations: {}
+    spec: {}
 ```
 
 | Ingress Parameters   | Description                                                                                 | Options                                | Default Value |
@@ -23,12 +24,20 @@ global:
 | defaultDomain        | Default DNS domain to use.  Replaces the string "\_defaultDomain\_".                        |                                        | example.com   |
 | defaultTlsSecret     | Default TLS Secret to use.  Replaces the string "\_defaultTlsSecret\_".                     |                                        |               |
 | annotations          | Annotations are used to provide configuration details to specific ingress controller types. | * see option for nginx ingress         | {}            |
+| spec.ingressClassName   | This value is replacing the `kubernetes.io/ingress.class` annotation.  See [this page](https://kubernetes.github.io/ingress-nginx/user-guide/k8s-122-migration/#what-is-the-flag-watch-ingress-without-class) for details. | name of the IngressClass resource         | {}             |
+
 
 !!! note "Annotations example for nginx ingress"
     ```yaml
         annotations:
           nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-          kubernetes.io/ingress.class: "nginx-public"
+    ```
+
+!!! note "ingressClassName specification example for nginx ingress"
+    ```yaml
+        spec:
+          # Must match the name of the IngressClass resource
+          ingressClassName: nginx-public
     ```
 
 ## Product Section
@@ -74,9 +83,9 @@ Default yaml defined in the product ingress section, followed by definitions for
 
 ## Example Ingress Manifest
 
-Example product ingress for pingfederate-admin when deployed by helm with a release-name of acme.
-Includes an ingress for admin service (9999) using the default domain and tls secret, defined
-in the global section, if set.
+Example product ingress for `pingfederate-admin` when deployed by helm with a release-name of `acme`.
+Includes an ingress for the admin service (9999) using the default domain and tls secret, defined
+in the global section (if set).
 
 ```yaml
 kind: Ingress

docs/config/openshift.md

@@ -7,7 +7,7 @@ Openshift is designed to use a randomly generated user ID and group ID (UID/GID)
 
 By default, the security contexts in the chart use values corresponding to the user and group IDs under which the product runs. You can unset the `fsGroup` and `runAsUser` securityContext fields in your custom values, allowing OpenShift to set them as expected.
 
-## Unset fsGroup and runAsUser at the Pod level
+## Unset **fsGroup** and **runAsUser** at the pod level
 
 In the global section of the values.yaml file, add the following stanza:
 
@@ -21,7 +21,7 @@ global:
 
 This will unset `fsGroup` and `runAsUser` in the Pod-level security context. Pods that require initContainers will have to also unset `runAsUser` in the container-level security context.
 
-## initContainers: unset runAsUser at the container level
+## initContainers: unset **runAsUser** at the container level
 
 Some of the product deployments use initContainers for various operations, such as waiting for other services to be available or configuration actions.  These containers, while part of the workload, have the security context set at the container - not pod - level.  The values listed above apply only to the Pod-level security context.  To unset `runAsUser` for any pingtoolkit initContainers so Openshift can take over, also add the following stanza:
 ```shell