mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
feat: changes to deploy scalable, redundant ldap primaries, secondaries and proxies
This commit is contained in:
Andreas Niemann
@@ -161,13 +161,22 @@ ldap-notifier:
|
|||||||
{{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }}
|
{{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }}
|
||||||
volumes:
|
volumes:
|
||||||
claims:
|
claims:
|
||||||
shared-data: "shared-data-ums-ldap-server-0"
|
shared-data: "shared-data-ums-ldap-server-primary-0"
|
||||||
shared-run: "shared-run-ums-ldap-server-0"
|
shared-run: "shared-run-ums-ldap-server-primary-0"
|
||||||
|
|
||||||
ldap-server:
|
ldap-server:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
replicaCountPrimary: 2
|
||||||
|
replicaCountSecondary: 3
|
||||||
|
replicaCountProxy: 3
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-ldap-server"
|
intents.otterize.com/service-name: "ums-ldap-server"
|
||||||
|
podAnnotationsPrimary:
|
||||||
|
intents.otterize.com/service-name: "ums-ldap-server-primary"
|
||||||
|
podAnnotationsSecondary:
|
||||||
|
intents.otterize.com/service-name: "ums-ldap-server-secondary"
|
||||||
|
podAnnotationsProxy:
|
||||||
|
intents.otterize.com/service-name: "ums-ldap-server"
|
||||||
replicaCount: {{ .Values.replicas.umsLdapServer }}
|
replicaCount: {{ .Values.replicas.umsLdapServer }}
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
annotations:
|
annotations:
|
||||||
@@ -227,8 +236,12 @@ ldap-server:
|
|||||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||||
size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
|
size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
|
||||||
|
|
||||||
resources:
|
resourcesPrimary:
|
||||||
{{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
{{ .Values.resources.umsLdapServerPrimary | toYaml | nindent 4 }}
|
||||||
|
resourcesSecondary:
|
||||||
|
{{ .Values.resources.umsLdapServerSecondary | toYaml | nindent 4 }}
|
||||||
|
resourcesProxy:
|
||||||
|
{{ .Values.resources.umsLdapServerProxy | toYaml | nindent 4 }}
|
||||||
|
|
||||||
initResources:
|
initResources:
|
||||||
{{ .Values.resources.umsLdapServerInit | toYaml | nindent 4 }}
|
{{ .Values.resources.umsLdapServerInit | toYaml | nindent 4 }}
|
||||||
@@ -343,7 +356,7 @@ portal-listener:
|
|||||||
ucsInternalPath: "portal-data"
|
ucsInternalPath: "portal-data"
|
||||||
|
|
||||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||||
ldapHost: {{ .Values.ldap.host | quote }}
|
ldapHost: {{ .Values.ldap.hostPrimary | quote }}
|
||||||
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
||||||
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
@@ -577,7 +590,7 @@ udm-listener:
|
|||||||
config:
|
config:
|
||||||
debugLevel: "4"
|
debugLevel: "4"
|
||||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||||
ldapHost: {{ .Values.ldap.host | quote }}
|
ldapHost: {{ .Values.ldap.hostPrimary | quote }}
|
||||||
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
||||||
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
ldapPort: "389"
|
ldapPort: "389"
|
||||||
@@ -611,7 +624,8 @@ stack-data-ums:
|
|||||||
domainname: {{ .Values.global.domain | quote }}
|
domainname: {{ .Values.global.domain | quote }}
|
||||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||||
hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
|
hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
|
||||||
ldapHost: {{ .Values.ldap.host | quote }}
|
ldapMasterHost: {{ .Values.ldap.hostPrimary | quote }}
|
||||||
|
ldapHost: {{ .Values.ldap.hostSecondary | quote }}
|
||||||
ldapBase: {{ .Values.ldap.baseDn | quote }}
|
ldapBase: {{ .Values.ldap.baseDn | quote }}
|
||||||
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
||||||
idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
|
idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
|
||||||
@@ -734,7 +748,7 @@ selfservice-listener:
|
|||||||
|
|
||||||
selfserviceListener:
|
selfserviceListener:
|
||||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||||
ldapHost: {{ .Values.ldap.host | quote }}
|
ldapHost: {{ .Values.ldap.hostPrimary | quote }}
|
||||||
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
||||||
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
|
|||||||
@@ -3,6 +3,8 @@
|
|||||||
---
|
---
|
||||||
ldap:
|
ldap:
|
||||||
host: "ums-ldap-server"
|
host: "ums-ldap-server"
|
||||||
|
hostPrimary: "ums-ldap-server-primary"
|
||||||
|
hostSecondary: "ums-ldap-server-secondary"
|
||||||
notifierHost: "ums-ldap-notifier"
|
notifierHost: "ums-ldap-notifier"
|
||||||
baseDn: "dc=swp-ldap,dc=internal"
|
baseDn: "dc=swp-ldap,dc=internal"
|
||||||
## Define Keycloak realmname for openDesk
|
## Define Keycloak realmname for openDesk
|
||||||
|
|||||||
@@ -391,7 +391,21 @@ resources:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "256Mi"
|
memory: "256Mi"
|
||||||
umsLdapServer:
|
umsLdapServerPrimary:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "1Gi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "256Mi"
|
||||||
|
umsLdapServerSecondary:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "1Gi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "256Mi"
|
||||||
|
umsLdapServerProxy:
|
||||||
limits:
|
limits:
|
||||||
cpu: 99
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
|
|||||||
Reference in New Issue
Block a user