diff --git a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl index ba8574e4..4f8cc343 100644 --- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl @@ -698,27 +698,19 @@ selfservice-listener: podAnnotations: intents.otterize.com/service-name: "ums-selfservice-listener" image: + registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }} + repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }} + tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} - selfserviceListener: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceListener.registry | quote }} - repository: {{ .Values.images.umsSelfserviceListener.repository | quote }} - tag: {{ .Values.images.umsSelfserviceListener.tag | quote }} - - selfserviceInvitation: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }} - repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }} - tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }} - - waitForDependency: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} - repository: {{ .Values.images.umsWaitForDependency.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsWaitForDependency.tag | quote }} + config: + provisioningApiBaseUrl: "http://ums-provisioning-api" + umcServerUrl: "http://ums-umc-server" + credentialSecretName: "ums-selfservice-listener-credentials" persistence: storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }} @@ -727,24 +719,8 @@ selfservice-listener: resources: {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }} - resourcesDependencyWaiter: - {{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }} - replicaCount: {{ .Values.replicas.umsSelfserviceListener }} - selfserviceListener: - ldapBaseDn: {{ .Values.ldap.baseDn | quote }} - ldapHost: {{ .Values.ldap.host | quote }} - ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} - ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - notifierServer: {{ .Values.ldap.notifierHost | quote }} - umcAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }} - debugLevel: {{ if .Values.debug.enabled }}"4"{{ else }}"1"{{ end }} - tlsMode: "off" - umcServerUrl: "http://ums-umc-server" - umcAdminUser: "default.admin" - securityContext: allowPrivilegeEscalation: false capabilities: @@ -1578,4 +1554,10 @@ extraSecrets: stringData: KEYCLOAK_ADMIN_PASSWORD: {{ .Values.secrets.keycloak.adminPassword | quote }} GUARDIAN_MANAGEMENT_API_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} + - name: "ums-selfservice-listener-credentials" + stringData: + UMC_ADMIN_USER: "Administrator" + UMC_ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.selfserviceListener.umcAdminPassword | quote }} + PROVISIONING_API_USERNAME: "selfservice-listener" + PROVISIONING_API_PASSWORD: {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }} ... diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index f7222216..6af65193 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -375,10 +375,16 @@ charts: # upstreamRepository: 'souvap/tooling/charts/univention/ums' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ['0', '0', '1'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/charts-mirror" + # TODO: return back mirror registry and repository before merging + # registry: "registry.opencode.de" + # repository: "bmi/opendesk/components/supplier/univention/charts-mirror" + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/charts/univention" name: "ums" - version: "0.12.0" + # TODO: Needs an update once the previous MR is merged + # See: https://git.knut.univention.de/univention/customers/dataport/upx/ums-stack/-/merge_requests/32 + # version: "0.12.1" + version: "0.12.1-pre-acaceres-update-dependencies" verify: true umsKeycloakBootstrap: # providerCategory: 'Supplier' diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 608e6b2e..1b52a622 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -670,7 +670,7 @@ images: # upstreamMirrorStartFrom: ['0', '14', '0'] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" - tag: "0.21.3@sha256:29c5f216ab0f8d12c1e77969de6e82046c0d47e1111838fb0a2dcd9950c0175d" + tag: "0.25.0@sha256:c6c9d1e4a46222105ded32c8e87cb2e9b19945592a9ada4e6c13e6942d721694" umsProvisioningEventsAndConsumerApi: # providerCategory: 'Supplier' # providerResponsible: 'Univention' @@ -680,7 +680,7 @@ images: # upstreamMirrorStartFrom: ['0', '14', '0'] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" - tag: "0.21.3@sha256:4cb498a64dd40c0963ca1ca382213ad5b8a4de5eb57650946d78ac44b359f43f" + tag: "0.25.0@sha256:f0382154126421e4078beede3ce2579f61859da64c497cb5c93acc693bf71647" umsProvisioningPrefill: # providerCategory: 'Supplier' # providerResponsible: 'Univention' @@ -690,7 +690,7 @@ images: # upstreamMirrorStartFrom: ['0', '14', '0'] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" - tag: "0.21.3@sha256:944ff8558d12c59f3490cba68680281c3fa5468fd6fd011fd002befcb9956973" + tag: "0.25.0@sha256:a5beae74c2575fa20d305ae635bc0c2bba64a9b1173819f8ddd4cca3fb59f6a4" umsProvisioningUdmListener: # providerCategory: 'Supplier' # providerResponsible: 'Univention' @@ -700,7 +700,7 @@ images: # upstreamMirrorStartFrom: ['0', '14', '0'] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" - tag: "0.21.3@sha256:e1cd42558e44bb72ed5c7798cef711db94df7d10d6895c993ca6412df1d25f02" + tag: "0.25.0@sha256:b67e31d11461d02bc211117408ded3c0428d224b056f26734add7c024d5f710a" umsSelfserviceInvitation: # providerCategory: 'Supplier' # providerResponsible: 'Univention' @@ -708,19 +708,15 @@ images: # upstreamRepository: 'souvap/tooling/images/univention/selfservice-invitation' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ['0', '3', '2'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation" - tag: "0.4.0@sha256:bd252758576e1733076c78756f04225ebed73d9c48de22440975ef11dd087caf" - umsSelfserviceListener: - # providerCategory: 'Supplier' - # providerResponsible: 'Univention' - # upstreamRegistry: 'registry.souvap-univention.de' - # upstreamRepository: 'souvap/tooling/images/univention/selfservice-listener' - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ['0', '3', '2'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener" - tag: "0.4.0@sha256:0bc0235fd64a19a183f112da73109b54712c2d70fe7fa77c6405beefb7167588" + # TODO: return back mirror registry and repository before merging +# registry: "registry.opencode.de" +# repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation" + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/images/univention/selfservice-invitation" + # TODO: Needs an update once the previous MR is merged + # See: https://git.knut.univention.de/univention/customers/dataport/upx/selfservice-listener/-/merge_requests/16 + # version: "0.5.0" + tag: "0.5.0-pre-acaceres-migrate-self-service-listener-to-provisioning-service@sha256:68b342badcaa0def19e6396bb23ffabf3e140ee2a3a39d37e7a5dc4cbba8362b" umsStackGateway: # providerCategory: 'Community' # providerResponsible: 'Univention' diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml index 89993741..635f7f24 100644 --- a/helmfile/environments/default/resources.yaml +++ b/helmfile/environments/default/resources.yaml @@ -480,13 +480,6 @@ resources: requests: cpu: 0.1 memory: "256Mi" - umsSelfserviceListenerDependencies: - limits: - cpu: 99 - memory: "1Gi" - requests: - cpu: 0.1 - memory: "256Mi" umsStackDataUms: limits: cpu: 99 diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 203197cd..8d6f8aac 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -42,6 +42,9 @@ secrets: dispatcherUdmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }} udmListenerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmlistener" "nats" | sha1sum | quote }} udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }} + selfserviceListener: + umcAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "umc" | sha1sum | quote }} + provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "selfservice-listener" "selfservice-listener" | sha1sum | quote }} nats: natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }}