feat: changes to deploy scalable, redundant ldap primaries, secondaries and proxies

2025-12-06 07:21:36 +01:00 · 2024-04-30 15:43:41 +02:00
parent 35b9fa36bd
commit 28cdd2e59e
3 changed files with 39 additions and 9 deletions
--- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
@@ -161,13 +161,22 @@ ldap-notifier:
      {{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }}
  volumes:
    claims:
-      shared-data: "shared-data-ums-ldap-server-0"
-      shared-run: "shared-run-ums-ldap-server-0"
+      shared-data: "shared-data-ums-ldap-server-primary-0"
+      shared-run: "shared-run-ums-ldap-server-primary-0"

 ldap-server:
  enabled: true
+  replicaCountPrimary: 2
+  replicaCountSecondary: 3
+  replicaCountProxy: 3
  additionalAnnotations:
    intents.otterize.com/service-name: "ums-ldap-server"
+  podAnnotationsPrimary:
+    intents.otterize.com/service-name: "ums-ldap-server-primary"
+  podAnnotationsSecondary:
+    intents.otterize.com/service-name: "ums-ldap-server-secondary"
+  podAnnotationsProxy:
+    intents.otterize.com/service-name: "ums-ldap-server"
  replicaCount: {{ .Values.replicas.umsLdapServer }}
  serviceAccount:
    annotations:
@@ -227,8 +236,12 @@ ldap-server:
    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
    size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}

-  resources:
-    {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
+  resourcesPrimary:
+    {{ .Values.resources.umsLdapServerPrimary | toYaml | nindent 4 }}
+  resourcesSecondary:
+    {{ .Values.resources.umsLdapServerSecondary | toYaml | nindent 4 }}
+  resourcesProxy:
+    {{ .Values.resources.umsLdapServerProxy | toYaml | nindent 4 }}

  initResources:
    {{ .Values.resources.umsLdapServerInit | toYaml | nindent 4 }}
@@ -343,7 +356,7 @@ portal-listener:
    ucsInternalPath: "portal-data"

    ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.host | quote }}
+    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
    ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
    ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
    machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
@@ -577,7 +590,7 @@ udm-listener:
  config:
    debugLevel: "4"
    ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.host | quote }}
+    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
    ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
    ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
    ldapPort: "389"
@@ -611,7 +624,8 @@ stack-data-ums:
    domainname: {{ .Values.global.domain | quote }}
    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
    hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
-    ldapHost: {{ .Values.ldap.host | quote }}
+    ldapMasterHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.hostSecondary | quote }}
    ldapBase: {{ .Values.ldap.baseDn | quote }}
    ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
    idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
@@ -734,7 +748,7 @@ selfservice-listener:

  selfserviceListener:
    ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.host | quote }}
+    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
    ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
    ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
    machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
--- a/helmfile/environments/default/_helper.yaml
+++ b/helmfile/environments/default/_helper.yaml
@@ -3,6 +3,8 @@
 ---
 ldap:
  host: "ums-ldap-server"
+  hostPrimary: "ums-ldap-server-primary"
+  hostSecondary: "ums-ldap-server-secondary"
  notifierHost: "ums-ldap-notifier"
  baseDn: "dc=swp-ldap,dc=internal"
 ## Define Keycloak realmname for openDesk
--- a/helmfile/environments/default/resources.yaml
+++ b/helmfile/environments/default/resources.yaml
@@ -391,7 +391,21 @@ resources:
    requests:
      cpu: 0.1
      memory: "256Mi"
-  umsLdapServer:
+  umsLdapServerPrimary:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+  umsLdapServerSecondary:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+  umsLdapServerProxy:
    limits:
      cpu: 99
      memory: "1Gi"