From abe8fddc443f64374f1063f4f1c17395990446d3 Mon Sep 17 00:00:00 2001 From: Amro Misbah Date: Mon, 13 Jan 2025 11:02:18 +0200 Subject: [PATCH] docs: fix typos Signed-off-by: Amro Misbah --- charts/janssen/values.yaml | 14 +++--- .../kubernetes/config-secret-keys.md | 48 +++++++++++-------- 2 files changed, 36 insertions(+), 26 deletions(-) diff --git a/charts/janssen/values.yaml b/charts/janssen/values.yaml index b30851ddcac..718a347eff1 100644 --- a/charts/janssen/values.yaml +++ b/charts/janssen/values.yaml @@ -249,9 +249,9 @@ config: cnVaultAddr: http://localhost:8200 # -- Verify connection to Vault. cnVaultVerify: false - # -- Path to file contains Vault AppRole role ID. + # -- Path to the file that contains Vault AppRole role ID. cnVaultRoleIdFile: /etc/certs/vault_role_id - # -- Path to file contains Vault AppRole secret ID. + # -- Path to the file that contains Vault AppRole secret ID. cnVaultSecretIdFile: /etc/certs/vault_secret_id # -- Vault namespace used to access the secrets. cnVaultNamespace: "" @@ -259,7 +259,7 @@ config: cnVaultKvPath: secret # -- Base prefix name used to access secrets. cnVaultPrefix: jans - # -- Path to Vault AppRole. + # -- Path to the Vault AppRole. cnVaultAppRolePath: approle # [vault_envs] END # -- Value passed to Java option -XX:MaxRAMPercentage @@ -1190,14 +1190,14 @@ global: samlAdditionalAnnotations: { } # -- passing custom java options to saml. DO NOT PASS JAVA_OPTIONS in envs. cnCustomJavaOptions: "" - # -- Path to SQL password file + # -- Path to the SQL password file cnSqlPasswordFile: /etc/jans/conf/sql_password kc-scheduler: # -- Boolean flag to enable/disable the kc-scheduler cronjob chart. enabled: false - # -- Path to configuration schema file + # -- Path to the configuration schema file cnConfiguratorConfigurationFile: /etc/jans/conf/configuration.json - # -- Path to dumped configuration schema file + # -- Path to the dumped configuration schema file cnConfiguratorDumpFile: /etc/jans/conf/configuration.out.json # -- Use custom configuration schema in existing secrets. Note, the secrets has to contain the key configuration.json or any basename as specified in cnConfiguratorConfigurationFile. cnConfiguratorCustomSchema: @@ -1205,7 +1205,7 @@ global: secretName: "" # -- Key to encrypt/decrypt configuration schema file using AES-256 CBC mode. Set the value to empty string to disable encryption/decryption, or 32 alphanumeric characters to enable it. cnConfiguratorKey: "" - # -- Path to file contains key to encrypt/decrypt configuration schema file. + # -- Path to the file that contains the key to encrypt/decrypt the configuration schema file. cnConfiguratorKeyFile: /etc/jans/conf/configuration.key # -- Nginx ingress definitions chart diff --git a/docs/janssen-server/reference/kubernetes/config-secret-keys.md b/docs/janssen-server/reference/kubernetes/config-secret-keys.md index 6af593bc3bf..28111193adf 100644 --- a/docs/janssen-server/reference/kubernetes/config-secret-keys.md +++ b/docs/janssen-server/reference/kubernetes/config-secret-keys.md @@ -9,7 +9,10 @@ tags: ## Overview -The `config` job creates a set of configuration (contains `secrets` and `configmaps`) used by all Janssen services. +The `config` job creates a set of configurations (contains `secrets` and `configmaps`) used by all Janssen services. + +!!! Note + We assume Janssen is installed in a namespace called `jans` ## Configmaps @@ -27,7 +30,7 @@ Note that each key in configmaps is based on the schema below: { "city": { "type": "string", - "description": "Locality name (.e.g city)", + "description": "Locality name (e.g. city)", "example": "Austin" }, "country_code": { @@ -502,10 +505,8 @@ Note that each key in secrets is based on the schema below: ## Example decoding secrets ### Opening `base64-decoded` secrets -!!! Note - We assume Jans is installed in a namespace called `jans` -1. Get the `tls-certificate` from backend secret +1. Get the `tls-certificate` from the backend secret ```bash kubectl get secret tls-certificate -n jans -o yaml @@ -525,17 +526,22 @@ Note that each key in secrets is based on the schema below: ## Using Configuration Schema -As mentioned earlier, the `config` job creates configuration. Behind the scene, a Kubernetes' Secret object is created during the deployment to pre-populate `secrets` and `configmaps`. +As mentioned earlier, the `config` job creates a set of configurations. -### Default configuration +This happens by using a Kubernetes secret named `-configuration-file` that gets created during the helm chart installation. -By default, the configuration only contains necessary `secrets` and `configmaps` to install Jans services. +It contains a JSON schema with the necessary `secrets` and `configmaps` to install Janssen services. + +This secret is then mounted by the `config` job. + + +### Default configuration ```yaml apiVersion: v1 kind: Secret metadata: - name: jans-configuration-file + name: janssen-configuration-file namespace: jans labels: APP_NAME: configurator @@ -563,7 +569,7 @@ stringData: } ``` -Note that `_secret` may contain other keys depending on persistence, secrets/configmaps backend, etc. See examples below: +Note that `_secret` may contain other keys depending on the persistence used, the backend of the secrets/configmaps, etc. For example: 1. Secrets/configmaps backend is set to `google`: @@ -594,15 +600,14 @@ Note that `_secret` may contain other keys depending on persistence, secrets/con ### Custom configuration -The default configuration is sufficient for most of the time. If there's a requirement to use custom or reusing existing configuration, user may create a custom Kubernetes object. +The default configuration schema is sufficient for most of the time. However, if there's a requirement to use a custom configuration or reusing an existing configuration, you can create a Kubernetes secret with the custom configuration schema. !!! Warning The custom configuration schema is a BETA feature. -1. Prepare YAML file: +1. Prepare the YAML file containing the custom configuration schema. We will name it `custom-configuration-schema.yaml`: ```yaml - # custom-configuration-schema.yaml apiVersion: v1 kind: Secret metadata: @@ -628,7 +633,7 @@ The default configuration is sufficient for most of the time. If there's a requi } ``` -1. Create Kubernetes secrets: +1. Create the Kubernetes secret: ```bash kubectl -n jans apply -f custom-configuration-schema.yaml @@ -642,12 +647,15 @@ The default configuration is sufficient for most of the time. If there's a requi secretName: custom-configuration-schema ``` -1. Install the Jans charts. +1. Install the Janssen helm chart. ## Encrypting Configuration Schema -The configuration schema can be encrypted by specifying 32 alphanumeric characters to `cnConfiguratorKey` attribute (default value is an empty string). -The encryption is using [Helm-specific](https://helm.sh/docs/chart_template_guide/function_list/#encryptaes) implementation of AES-256 CBC mode. +The encryption uses [Helm-specific](https://helm.sh/docs/chart_template_guide/function_list/#encryptaes) implementation of AES-256 CBC mode. + +### Default configuration + +The [default configuration](#default-configuration) schema can be encrypted by specifying 32 alphanumeric characters to `cnConfiguratorKey` attribute (the default value is an empty string). ```yaml global: @@ -660,14 +668,16 @@ The following example is what an encrypted default configuration looks like: apiVersion: v1 kind: Secret metadata: - name: jans-configuration-file + name: janssen-configuration-file namespace: jans stringData: configuration.json: |- sxySo+redacted+generated+by+helm/TNpE5PoUR2+JxXiHiLq8X5ibexJcfjAN0fKlqRvU= ``` -If using custom configuration, user will need to generate the string using [sprig-aes](https://pypi.org/project/sprig-aes/) CLI and paste into a YAML manifest. +### Custom configuration + +If you are using a [custom configuration](#custom-configuration) schema, you will need to generate the string using [sprig-aes](https://pypi.org/project/sprig-aes/) CLI and paste it into a YAML manifest. ```yaml # custom-configuration-schema.yaml