diff --git a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl index ba8574e4..568d439d 100644 --- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl @@ -1053,38 +1053,44 @@ keycloak-bootstrap: deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} - config: - keycloak: - adminUser: "kcadmin" - adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} + keycloak: + connection: + baseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" + auth: + username: "kcadmin" + password: {{ .Values.secrets.keycloak.adminPassword | quote }} realm: {{ .Values.platform.realm | quote }} - intraCluster: - enabled: true - internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" - loginLinks: - - link_number: 1 - language: "de" - description: "Passwort vergessen?" - href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" - - link_number: 1 - language: "en" - description: "Forgot password?" - href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" - ums: - ldap: - internalHostname: {{ .Values.ldap.host | quote }} - baseDN: {{ .Values.ldap.baseDn | quote }} - readUserDN: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal" - readUserPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }} - mappers: - - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin" - - ldapAndUserModelAttributeName: "oxContextIDNum" - saml: - serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ldap: + baseDn: {{ .Values.ldap.baseDn | quote }} + connection: + host: {{ .Values.ldap.host | quote }} + port: "389" + protocol: "ldap" + auth: + bindDn: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal" + password: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }} + + bootstrap: + ldapMappers: + - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin" + - ldapAndUserModelAttributeName: "oxContextIDNum" + loginLinks: + - link_number: 1 + language: "de" + description: "Passwort vergessen?" + href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" + - link_number: 1 + language: "en" + description: "Forgot password?" + href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" twoFactorAuthentication: enabled: true group: "2fa-users" + config: + saml: + serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + containerSecurityContext: enabled: true allowPrivilegeEscalation: false diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index f7222216..0cce93fc 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -378,19 +378,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "ums" - version: "0.12.0" - verify: true - umsKeycloakBootstrap: - # providerCategory: 'Supplier' - # providerResponsible: 'Univention' - # upstreamRegistry: 'registry.souvap-univention.de' - # upstreamRepository: 'souvap/tooling/charts/univention-keycloak-bootstrap/ums-keycloak-bootstrap' - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ['1', '0', '1'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/charts-mirror" - name: "ums-keycloak-bootstrap" - version: "1.0.1" + version: "0.13.0" verify: true xwiki: # providerCategory: 'Supplier' diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 608e6b2e..31b33adf 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -540,13 +540,13 @@ images: umsKeycloakBootstrap: # providerCategory: 'Supplier' # providerResponsible: 'Univention' - # upstreamRegistry: 'registry.souvap-univention.de' - # upstreamRepository: 'souvap/tooling/images/univention-keycloak-bootstrap' + # upstreamRegistry: 'artifacts.software-univention.de' + # upstreamRepository: 'nubus/images/keycloak-bootstrap' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ['1', '0', '5'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/univention-keycloak-bootstrap" - tag: "1.0.8@sha256:fef48cb1b2552977e8a4253516249b59ef6c42189dd13cd6d98269b8988b362a" + # upstreamMirrorStartFrom: ['0', '1', '0'] + registry: "artifacts.software-univention.de" + repository: "nubus-dev/images/keycloak-bootstrap" + tag: "0.1.0-pre-feat-cleanup-redundant-values@sha256:3fd138b07f21979757eb4a6962e77ca734e15754e53f69df988607d0aa0947fa" umsKeycloakExtensionHandler: # providerCategory: 'Supplier' # providerResponsible: 'Univention'