fix(nubus): Only use one LDAP Primary and make replica count of Secondary and Proxy others configurable

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -375,6 +375,11 @@ nubusKeycloakBootstrap:
     twoFactorAuthentication:
       enabled: true
       group: "2fa-users"
+  ldap:
+    auth:
+      bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }}
+      credentialSecret:
+        name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
 
 # Credential secrets for accessing customer supplied services
 extraSecrets:
@@ -408,6 +413,9 @@ extraSecrets:
   - name: "ums-keycloak-extensions-smtp-opendesk-credentials"
     stringData:
       umcKeycloakExtensionsSmtpPassword: ""
+  - name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
+    stringData:
+      password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
   - name: "ums-portal-server-minio-opendesk-credentials"
     stringData:
       access-key-id: {{ .Values.objectstores.nubus.username | quote }}

helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl

@@ -115,6 +115,10 @@ nubusLdapNotifier:
     {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }}
 
 nubusLdapServer:
+  highAvailabilityMode: false
+  replicaCountPrimary: 1
+  replicaCountSecondary: 0 # {{ .Values.replicas.umsLdapServerSecondary }}
+  replicaCountProxy: 0 # {{ .Values.replicas.umsLdapServerProxy }}
   additionalAnnotations:
     intents.otterize.com/service-name: "ums-ldap-server"
   serviceAccount:

helmfile/environments/default/functional.yaml

@@ -34,7 +34,8 @@ functional:
     quota:
       # Set the default quota for all users in GB
       default: 1
-    # Options related to file sharing, changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s).
+    # Options related to file sharing.
+    # Changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s).
     sharing:
       # External shares
       external:

helmfile/environments/default/images.yaml

@@ -421,9 +421,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    # TODO: Replace with released version once available
-    # See: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/merge_requests/7
-    tag: "1.2.1-jtorres-fixup-icon@sha256:aa10b93e6e9d68a52add2e39bee4ceecc86c9571754db0bc505f00543673b12d"
+    tag: "1.2.1@sha256:479f072d8dd9fe445caa5fea4d882bf3aba24af0d22fc378a9839990c6f3a907"
   nubusOpenPolicyAgent:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"

helmfile/environments/default/replicas.yaml

@@ -82,8 +82,13 @@ replicas:
   umsKeycloakExtensionsProxy: 1
   # -- scalable: tbd
   umsLdapNotifier: 1
-  # -- scalable: tbd
-  umsLdapServer: 1
+  # -- scalable: false
+  # -- comment: Experimental feature and not supported.
+  umsLdapServerPrimary: 1
+  # -- scalable: true
+  umsLdapServerSecondary: 1
+  # -- scalable: true
+  umsLdapServerProxy: 1
   # -- scalable: tbd
   umsNotificationsApi: 1
   # -- scalable: true
@@ -139,7 +144,9 @@ replicas:
   # -- scalable: true
   openprojectWeb: 1
   # -- scalable: true
-  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). See [upstream Helm chart documentation](https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/) for details, as e.g. dedicated workers to specific queues are in general possible with OpenProject as well.Share 
+  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). Check
+  # https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/ for details, as e.g.
+  # dedicated workers for specific queues are possible with OpenProject.
   openprojectWorker: 1
 
   # -- component: Groupware (OX Appsuite)