fix(nubus): Keep provisioning and consumers behind a feature-flag for easier merging

This commit should be reverted once we are confident that provisioning and the consumers work as expected.
2025-12-06 07:21:36 +01:00 · 2024-08-27 11:27:06 +02:00
parent cd2e2cd712
commit 0d99ce9592
10 changed files with 58 additions and 15 deletions
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -203,10 +203,17 @@ nubusPortalFrontend:
      secretName: {{ .Values.ingress.tls.secretName | quote }}

 nubusPortalListener:
-  enabled: false
+  enabled: true
+  portalListener:
+    objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+    objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
+    objectStorageCredentialSecret:
+      name: "ums-portal-listener-minio-opendesk-credentials"
+      accessKeyKey: "access-key-id"
+      secretKeyKey: "secret-key-id"

 nubusPortalConsumer:
-  enabled: true
+  enabled: false
  portalConsumer:
    logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
    objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
@@ -244,14 +251,14 @@ nubusUdmRestApi:
      secretName: {{ .Values.ingress.tls.secretName | quote }}

 nubusProvisioning:
-  enabled: true
-nubusUdmListener:
-  enabled: true
-nubusSelfServiceListener:
  enabled: false
+nubusUdmListener:
+  enabled: false
+nubusSelfServiceListener:
+  enabled: true

 nubusSelfServiceConsumer:
-  enabled: true
+  enabled: false

 # Nubus services
 nubusStackDataUms:
@@ -434,6 +441,10 @@ extraSecrets:
    stringData:
      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
+  - name: "ums-portal-listener-minio-opendesk-credentials"
+    stringData:
+      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
+      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
  - name: "ums-portal-consumer-minio-opendesk-credentials"
    stringData:
      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -87,6 +87,16 @@ nubusKeycloakExtensions:
    resources:
      {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}

+nubusPortalListener:
+  podAnnotations:
+    intents.otterize.com/service-name: "ums-portal-listener"
+  replicaCount: {{ .Values.replicas.umsPortalListener }}
+  resources:
+    {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
+  persistence:
+    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+    size: {{ .Values.persistence.size.nubus.portalListener | quote }}
+
 nubusPortalConsumer:
  podAnnotations:
    intents.otterize.com/service-name: "ums-portal-consumer"
--- a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
@@ -51,13 +51,6 @@ nubusLdapServer:
      repository: {{ .Values.images.nubusWaitForDependency.repository }}
      tag: {{ .Values.images.nubusWaitForDependency.tag }}

-nubusPortalConsumer:
-  portalConsumer:
-    image:
-      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
-      repository: {{ .Values.images.nubusPortalConsumer.repository }}
-      tag: {{ .Values.images.nubusPortalConsumer.tag }}
-
 nubusNotificationsApi:
  image:
    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
@@ -70,6 +63,12 @@ nubusPortalFrontend:
    repository: {{ .Values.images.nubusPortalFrontend.repository }}
    tag: {{ .Values.images.nubusPortalFrontend.tag }}

+nubusPortalListener:
+  image:
+    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalListener.registry | quote }}
+    repository: {{ .Values.images.nubusPortalListener.repository }}
+    tag: {{ .Values.images.nubusPortalListener.tag }}
+
 nubusPortalConsumer:
  portalConsumer:
    image:
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -551,7 +551,9 @@ images:
    # upstreamMirrorStartFrom: ["0", "3", "2"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
-    tag: "0.7.1@sha256:45c246ba98494c3dc17a5ea1144e5ec292501f8b9833df7d4a5c590e772bc0a1"
+    # Image for the disabled selfservice-consumer, Will be activated in a future MR
+    # tag: "0.7.1@sha256:45c246ba98494c3dc17a5ea1144e5ec292501f8b9833df7d4a5c590e772bc0a1"
+    tag: "0.6.5@sha256:5630c9df3da4134789d2ebafad7de9062375d21547a2074827b680debd7a909e"
  nubusSelfserviceListener:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
--- a/helmfile/environments/default/persistence.yaml
+++ b/helmfile/environments/default/persistence.yaml
@@ -19,6 +19,7 @@ persistence:
    nubus:
      ldapServerData: "1Gi"
      ldapServerShared: "1Gi"
+      portalListener: "1Gi"
      portalConsumer: "1Gi"
      selfserviceListener: "1Gi"
    xwiki: "1Gi"
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -94,6 +94,8 @@ replicas:
  # -- scalable: true
  umsPortalFrontend: 1
  # -- scalable: tbd
+  umsPortalListener: 1
+  # -- scalable: tbd
  umsPortalConsumer: 1
  # -- scalable: true
  umsPortalServer: 1
--- a/helmfile/environments/default/resources.yaml
+++ b/helmfile/environments/default/resources.yaml
@@ -471,6 +471,20 @@ resources:
    requests:
      cpu: 0.1
      memory: "256Mi"
+  umsPortalListener:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+  umsPortalListenerDependencies:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
  umsPortalConsumer:
    limits:
      cpu: 99
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -36,6 +36,7 @@ secrets:
      sysIdpUserPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "sysIdpUser" | sha1sum | quote }}
    storeDavUsers:
      portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
+      portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
      portalConsumer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-consumer" "store-dav" | sha1sum | quote }}
    provisioning:
      apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
--- a/helmfile/environments/default/selinux.yaml
+++ b/helmfile/environments/default/selinux.yaml
@@ -77,6 +77,7 @@ seLinuxOptions:
  umsNotificationsApi: ~
  umsOpenPolicyAgent: ~
  umsPortalFrontend: ~
+  umsPortalListener: ~
  umsPortalConsumer: ~
  umsPortalServer: ~
  umsProvisioningDispatcher: ~
--- a/helmfile/environments/test/values.yaml.gotmpl
+++ b/helmfile/environments/test/values.yaml.gotmpl
@@ -21,6 +21,7 @@ persistence:
    nubus:
      ldapServerData: "42Gi"
      ldapServerShared: "42Gi"
+      portalListener: "42Gi"
      portalConsumer: "42Gi"
      selfserviceListener: "42Gi"
    postfix: "42Gi"
@@ -91,6 +92,7 @@ replicas:
  umsLdapServer: 42
  umsNotificationsApi: 42
  umsPortalFrontend: 42
+  umsPortalListener: 42
  umsPortalConsumer: 42
  umsPortalServer: 42
  umsSelfserviceListener: 42