diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index 3d390cfe..600efaac 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -375,6 +375,11 @@ nubusKeycloakBootstrap: twoFactorAuthentication: enabled: true group: "2fa-users" + ldap: + auth: + bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }} + credentialSecret: + name: "ums-keycloak-bootstrap-ldap-opendesk-credentials" # Credential secrets for accessing customer supplied services extraSecrets: @@ -408,6 +413,9 @@ extraSecrets: - name: "ums-keycloak-extensions-smtp-opendesk-credentials" stringData: umcKeycloakExtensionsSmtpPassword: "" + - name: "ums-keycloak-bootstrap-ldap-opendesk-credentials" + stringData: + password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }} - name: "ums-portal-server-minio-opendesk-credentials" stringData: access-key-id: {{ .Values.objectstores.nubus.username | quote }} diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl index bcacd8fd..1e3fc819 100644 --- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl @@ -115,6 +115,10 @@ nubusLdapNotifier: {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }} nubusLdapServer: + highAvailabilityMode: false + replicaCountPrimary: 1 + replicaCountSecondary: 0 # {{ .Values.replicas.umsLdapServerSecondary }} + replicaCountProxy: 0 # {{ .Values.replicas.umsLdapServerProxy }} additionalAnnotations: intents.otterize.com/service-name: "ums-ldap-server" serviceAccount: diff --git a/helmfile/environments/default/functional.yaml b/helmfile/environments/default/functional.yaml index fa04e3d7..de40c464 100644 --- a/helmfile/environments/default/functional.yaml +++ b/helmfile/environments/default/functional.yaml @@ -34,7 +34,8 @@ functional: quota: # Set the default quota for all users in GB default: 1 - # Options related to file sharing, changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s). + # Options related to file sharing. + # Changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s). sharing: # External shares external: diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index d4b964a8..37aa2604 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -421,9 +421,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" - # TODO: Replace with released version once available - # See: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/merge_requests/7 - tag: "1.2.1-jtorres-fixup-icon@sha256:aa10b93e6e9d68a52add2e39bee4ceecc86c9571754db0bc505f00543673b12d" + tag: "1.2.1@sha256:479f072d8dd9fe445caa5fea4d882bf3aba24af0d22fc378a9839990c6f3a907" nubusOpenPolicyAgent: # providerCategory: "Supplier" # providerResponsible: "Univention" diff --git a/helmfile/environments/default/replicas.yaml b/helmfile/environments/default/replicas.yaml index 8e7e141b..4d64ae63 100644 --- a/helmfile/environments/default/replicas.yaml +++ b/helmfile/environments/default/replicas.yaml @@ -82,8 +82,13 @@ replicas: umsKeycloakExtensionsProxy: 1 # -- scalable: tbd umsLdapNotifier: 1 - # -- scalable: tbd - umsLdapServer: 1 + # -- scalable: false + # -- comment: Experimental feature and not supported. + umsLdapServerPrimary: 1 + # -- scalable: true + umsLdapServerSecondary: 1 + # -- scalable: true + umsLdapServerProxy: 1 # -- scalable: tbd umsNotificationsApi: 1 # -- scalable: true @@ -139,7 +144,9 @@ replicas: # -- scalable: true openprojectWeb: 1 # -- scalable: true - # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). See [upstream Helm chart documentation](https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/) for details, as e.g. dedicated workers to specific queues are in general possible with OpenProject as well.Share + # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). Check + # https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/ for details, as e.g. + # dedicated workers for specific queues are possible with OpenProject. openprojectWorker: 1 # -- component: Groupware (OX Appsuite)