fix: update keycloak-bootstrap

2025-12-06 07:21:36 +01:00 · 2024-05-09 12:59:03 +02:00
parent d82d9e7e24
commit 1c8fb171d2
3 changed files with 40 additions and 46 deletions
--- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
@@ -1053,38 +1053,44 @@ keycloak-bootstrap:
    deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
    keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}

-  config:
-    keycloak:
-      adminUser: "kcadmin"
-      adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
+  keycloak:
+    connection:
+      baseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
+    auth:
+      username: "kcadmin"
+      password: {{ .Values.secrets.keycloak.adminPassword | quote }}
      realm: {{ .Values.platform.realm | quote }}
-      intraCluster:
-        enabled: true
-        internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
-      loginLinks:
-        - link_number: 1
-          language: "de"
-          description: "Passwort vergessen?"
-          href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
-        - link_number: 1
-          language: "en"
-          description: "Forgot password?"
-          href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
-    ums:
-      ldap:
-        internalHostname: {{ .Values.ldap.host | quote }}
-        baseDN: {{ .Values.ldap.baseDn | quote }}
-        readUserDN: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal"
-        readUserPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }}
-        mappers:
-          - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin"
-          - ldapAndUserModelAttributeName: "oxContextIDNum"
-      saml:
-        serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ldap:
+    baseDn: {{ .Values.ldap.baseDn | quote }}
+    connection:
+      host: {{ .Values.ldap.host | quote }}
+      port: "389"
+      protocol: "ldap"
+    auth:
+      bindDn: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal"
+      password: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }}
+
+  bootstrap:
+    ldapMappers:
+      - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin"
+      - ldapAndUserModelAttributeName: "oxContextIDNum"
+    loginLinks:
+      - link_number: 1
+        language: "de"
+        description: "Passwort vergessen?"
+        href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
+      - link_number: 1
+        language: "en"
+        description: "Forgot password?"
+        href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
    twoFactorAuthentication:
      enabled: true
      group: "2fa-users"

+  config:
+    saml:
+      serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+
  containerSecurityContext:
    enabled: true
    allowPrivilegeEscalation: false
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -378,19 +378,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
    name: "ums"
-    version: "0.12.0"
-    verify: true
-  umsKeycloakBootstrap:
-    # providerCategory: 'Supplier'
-    # providerResponsible: 'Univention'
-    # upstreamRegistry: 'registry.souvap-univention.de'
-    # upstreamRepository: 'souvap/tooling/charts/univention-keycloak-bootstrap/ums-keycloak-bootstrap'
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ['1', '0', '1']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
-    name: "ums-keycloak-bootstrap"
-    version: "1.0.1"
+    version: "0.13.0"
    verify: true
  xwiki:
    # providerCategory: 'Supplier'
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -540,13 +540,13 @@ images:
  umsKeycloakBootstrap:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Univention'
-    # upstreamRegistry: 'registry.souvap-univention.de'
-    # upstreamRepository: 'souvap/tooling/images/univention-keycloak-bootstrap'
+    # upstreamRegistry: 'artifacts.software-univention.de'
+    # upstreamRepository: 'nubus/images/keycloak-bootstrap'
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ['1', '0', '5']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/univention-keycloak-bootstrap"
-    tag: "1.0.8@sha256:fef48cb1b2552977e8a4253516249b59ef6c42189dd13cd6d98269b8988b362a"
+    # upstreamMirrorStartFrom: ['0', '1', '0']
+    registry: "artifacts.software-univention.de"
+    repository: "nubus-dev/images/keycloak-bootstrap"
+    tag: "0.1.0-pre-feat-cleanup-redundant-values@sha256:3fd138b07f21979757eb4a6962e77ca734e15754e53f69df988607d0aa0947fa"
  umsKeycloakExtensionHandler:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Univention'