From ce38714a81ea3b0e1377e6ea2d640fb65f317396 Mon Sep 17 00:00:00 2001
From: merge-request-bot
 <group_5_bot_d4bd0fa5e9284e2bf0960baa95e7d11e@noreply.gitlab.souvap-univention.de>
Date: Tue, 12 Dec 2023 19:31:27 +0000
Subject: [PATCH] fix(univention-management-stack): Functional replacement for
 UCS container monolith, still optional.

---
 .../univention-management-stack/helmfile.yaml | 10 ++++
 .../values-selfservice-listener.gotmpl        | 48 +++++++++++++++++++
 .../values-selfservice-listener.yaml          | 11 +++++
 .../values-stack-data-swp.gotmpl              |  3 --
 .../values-ums-stack-gateway.yaml             | 20 +++++++-
 helmfile/environments/default/charts.yaml     | 35 +++++++++-----
 helmfile/environments/default/images.yaml     | 38 ++++++++++-----
 .../environments/default/persistence.yaml     |  1 +
 helmfile/environments/default/resources.yaml  | 15 ++++++
 9 files changed, 155 insertions(+), 26 deletions(-)
 create mode 100644 helmfile/apps/univention-management-stack/values-selfservice-listener.gotmpl
 create mode 100644 helmfile/apps/univention-management-stack/values-selfservice-listener.yaml

diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/univention-management-stack/helmfile.yaml
index 2ce2eb01..29ca4456 100644
--- a/helmfile/apps/univention-management-stack/helmfile.yaml
+++ b/helmfile/apps/univention-management-stack/helmfile.yaml
@@ -148,6 +148,16 @@ releases:
       - "values-umc-server.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
+  - name: "ums-selfservice-listener"
+    chart: "ums-repo/{{ .Values.charts.umsSelfserviceListener.name }}"
+    version: "{{ .Values.charts.umsSelfserviceListener.version }}"
+    values:
+      - "values-common.gotmpl"
+      - "values-common.yaml"
+      - "values-selfservice-listener.gotmpl"
+      - "values-selfservice-listener.yaml"
+    installed: {{ .Values.univentionManagementStack.enabled }}
+
 commonLabels:
   deploy-stage: "component-1"
   component: "univention-management-stack"
diff --git a/helmfile/apps/univention-management-stack/values-selfservice-listener.gotmpl b/helmfile/apps/univention-management-stack/values-selfservice-listener.gotmpl
new file mode 100644
index 00000000..ba0ba53c
--- /dev/null
+++ b/helmfile/apps/univention-management-stack/values-selfservice-listener.gotmpl
@@ -0,0 +1,48 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+selfserviceListener:
+
+  ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
+  ldapHost: {{ .Values.ldap.host | quote }}
+  ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
+  ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
+  machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
+  notifierServer: {{ .Values.ldap.notifierHost | quote }}
+  umcAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
+
+image:
+  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . | quote }}
+    {{- end }}
+
+  selfserviceListener:
+    registry: {{ .Values.global.imageRegistry | quote }}
+    repository: {{ .Values.images.umsSelfserviceListener.repository | quote }}
+    tag: {{ .Values.images.umsSelfserviceListener.tag | quote }}
+
+  selfserviceInvitation:
+    registry: {{ .Values.global.imageRegistry | quote }}
+    repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }}
+    tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }}
+
+  waitForDependency:
+    registry: {{ .Values.global.imageRegistry | quote }}
+    repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
+    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
+
+persistence:
+  storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  size: {{ .Values.persistence.size.univentionManagementStack.selfserviceListener | quote }}
+
+resources:
+  {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 2 }}
+
+resourcesDependencyWaiter:
+  {{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 2 }}
+...
diff --git a/helmfile/apps/univention-management-stack/values-selfservice-listener.yaml b/helmfile/apps/univention-management-stack/values-selfservice-listener.yaml
new file mode 100644
index 00000000..90974383
--- /dev/null
+++ b/helmfile/apps/univention-management-stack/values-selfservice-listener.yaml
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+
+selfserviceListener:
+  debugLevel: "4"
+  tlsMode: "off"
+  umcServerUrl: "http://ums-umc-server"
+  umcAdminUser: "default.admin"
+
+...
diff --git a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
index 77582417..9a376c2e 100644
--- a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
@@ -31,9 +31,6 @@ stackDataContext:
   userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }}
   adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
 
-  userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }}
-  adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
-
 image:
   registry: {{ .Values.global.imageRegistry | quote }}
   repository: {{ .Values.images.umsDataLoader.repository | quote }}
diff --git a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml
index b10d4546..e37a27bf 100644
--- a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml
+++ b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml
@@ -2,6 +2,11 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 ingress:
+  annotations:
+    # Ensure that the ingress controller can handle responses with plenty of
+    # headers. This is a requirement from the UDM Rest API.
+    nginx.org/proxy-buffer-size: "64k"
+    nginx.org/proxy-buffers: "4 128k"
   tls: false
 
 service:
@@ -16,6 +21,15 @@ serverBlock: |
   server {
     listen 8080;
 
+    proxy_http_version 1.1;
+
+    proxy_set_header Host $http_host;
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
+    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+
     ## portal-frontend
     # The frontend does not own "/univention/portal" nor
     # "/univention/selfservice", only these two bits
@@ -139,9 +153,13 @@ serverBlock: |
 
     ## udm-rest-api
     location /univention/udm/ {
+      # The UDM Rest API does return on some endpoints a lot of headers
+      proxy_busy_buffers_size 128k;
+      proxy_buffers 4 128k;
+      proxy_buffer_size 64k;
+
       rewrite ^/univention(/udm/.*)$ $1 break;
       proxy_pass http://ums-udm-rest-api:80;
-      proxy_set_header X-Forwarded-Host $host;
     }
 
 
diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml
index 940b4e1b..27096464 100644
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -426,7 +426,7 @@ charts:
     registry: "external-registry.souvap-univention.de"
     repository: "sovereign-workplace/souvap/tooling/charts/opendesk-otterize"
     name: "opendesk-otterize"
-    version: "1.1.3"
+    version: "1.1.5"
     verify: true
     username: ~
     password: ~
@@ -563,7 +563,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "notifications-api"
-    version: "0.6.1"
+    version: "0.9.1"
     username: ~
     password: ~
 
@@ -576,7 +576,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "portal-frontend"
-    version: "0.6.1"
+    version: "0.9.1"
     username: ~
     password: ~
 
@@ -589,7 +589,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "portal-listener"
-    version: "0.6.1"
+    version: "0.9.1"
     username: ~
     password: ~
 
@@ -602,7 +602,20 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "portal-server"
-    version: "0.6.1"
+    version: "0.9.1"
+    username: ~
+    password: ~
+
+  umsSelfserviceListener:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=umc-server
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "selfservice-listener"
+    version: "0.2.0"
     username: ~
     password: ~
 
@@ -615,7 +628,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "stack-data-swp"
-    version: "0.38.1"
+    version: "0.39.3"
     username: ~
     password: ~
 
@@ -628,7 +641,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "stack-data-ums"
-    version: "0.38.1"
+    version: "0.39.3"
     username: ~
     password: ~
 
@@ -641,7 +654,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "store-dav"
-    version: "0.7.0"
+    version: "0.9.1"
     username: ~
     password: ~
 
@@ -654,7 +667,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "udm-rest-api"
-    version: "0.3.5"
+    version: "0.4.1"
     username: ~
     password: ~
 
@@ -667,7 +680,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "umc-gateway"
-    version: "0.6.1"
+    version: "0.6.2"
     username: ~
     password: ~
 
@@ -680,7 +693,7 @@ charts:
     registry: "gitlab.souvap-univention.de"
     repository: "api/v4/projects/155/packages/helm/stable"
     name: "umc-server"
-    version: "0.6.1"
+    version: "0.6.2"
     username: ~
     password: ~
 
diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml
index ac61b8db..c2720a87 100644
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -395,7 +395,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/config-htpasswd"
-    tag: "0.7.0@sha256:8ffa8ce61fc55f67cdf740b3cd30e21d979506a1796028f5c6329da344b2e5db"
+    tag: "0.9.1@sha256:5694da729235371d93b1c7f14c00720657b34d6425f232426a1848b69f97ab15"
     # @supplier: "Univention"
   umsDataLoader:
     # renovate:
@@ -403,7 +403,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/data-loader"
-    tag: "0.38.1@sha256:cef20b0224571eeda29f19e78340ab7d943e46b02275f9b9497605357be70e61"
+    tag: "0.39.3@sha256:f2968f98cf4f7cb4fd44339422c2d06ee590c61780ea88728af685719b497a9f"
     # @supplier: "Univention"
   umsLdapNotifier:
     # renovate:
@@ -427,7 +427,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/notifications-api"
-    tag: "0.6.1@sha256:bdf0c5ba8b15c2e7f4daaf470254b13837bdc5fbaa98d9f441f33abd565acfc3"
+    tag: "0.9.1@sha256:86f86119292ccda53d77db010ceac9217a2552145fad8d20e876002f74c3a187"
     # @supplier: "Univention"
   umsPortalListener:
     # renovate:
@@ -435,7 +435,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/portal-listener"
-    tag: "0.6.1@sha256:c418be054dfb2c6fe0e2e8870553c3b27269ae77b88a59cd6d790201cf7c3d17"
+    tag: "0.9.1@sha256:615a587717934153179c138d3598841922e3a658e5e891347f21ecbe5c8387ae"
     # @supplier: "Univention"
   umsPortalFrontend:
     # renovate:
@@ -443,7 +443,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/portal-frontend"
-    tag: "0.6.1@sha256:0a4dc8ed47fd86eedd7bfd826b4538564194fe951000cff016eaa271382ed822"
+    tag: "0.9.1@sha256:c0984b246692d58b3fbecac487d3737e9b4f62181666f1abfa2401d1a3a72267"
     # @supplier: "Univention"
   umsPortalServer:
     # renovate:
@@ -451,7 +451,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/portal-server"
-    tag: "0.6.1@sha256:dd9431c8a82e6fca89ef871de90947db2f594a349d634f0b1aa9669d0b3d5715"
+    tag: "0.9.1@sha256:f608986d8b072a143260531b6e3fcb08d18c88bc444b968c0713737769fd1292"
     # @supplier: "Univention"
   umsWaitForDependency:
     # renovate:
@@ -459,7 +459,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/wait-for-dependency"
-    tag: "0.6.1@sha256:e83fe2d7535167d1d1effe443fca0be431aa551ab31f172a84073b7d9ffec54b"
+    tag: "0.9.1@sha256:22e57dca261dad12e046a827914bb888f49fd6bb61f50ad5023b53dade4eda33"
     # @supplier: "Univention"
   umsStoreDav:
     # renovate:
@@ -467,7 +467,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/store-dav"
-    tag: "0.7.0@sha256:732b0d2fdf320209de04403753d3bc80f9c73a46b237202a95305a332805f305"
+    tag: "0.9.1@sha256:82b6b5e7c20793b2a6000a1ceddd3e4b3d085bf75999e9ff9814e7224d1de629"
     # @supplier: "Univention"
   umsUdmRestApi:
     # renovate:
@@ -475,7 +475,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/udm-rest-api"
-    tag: "0.3.5@sha256:1a434f9d5e4d15217d011c13d9f1694e8a12291e09a6d0802c1158f7e2c5e035"
+    tag: "0.4.1@sha256:4b264251e9e1f2933be86051964d6113011379af107cc95dca53c1eff4c1e709"
     # @supplier: "Univention"
   umsUmcGateway:
     # renovate:
@@ -483,7 +483,7 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/umc-gateway"
-    tag: "0.6.1@sha256:e023c6b4a66eb80dc165310aff9b869cf35c102196514741676a9dba68cfae89"
+    tag: "0.6.2@sha256:326ced2ffd5cffa7591f23f5b0e2fe313a5aa0984d1537c3464df042d93b341c"
     # @supplier: "Univention"
   umsUmcServer:
     # renovate:
@@ -491,7 +491,23 @@ images:
     # dependencyType=vendor
     # This is a preview and not part of the standard deployment.
     repository: "souvap/tooling/images/univention/umc-server"
-    tag: "0.6.1@sha256:9fc3ad7c45c436698223fe3219c314420b4687c9c694f5d255612beb51df9347"
+    tag: "0.6.2@sha256:e2694fbc1b8f3027ae48f329e034431e06648028ca9c928b464db66a9fd080fb"
+    # @supplier: "Univention"
+  umsSelfserviceListener:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # dependencyType=vendor
+    # This is a preview and not part of the standard deployment.
+    repository: "souvap/tooling/images/univention/selfservice-listener"
+    tag: "0.3.0@sha256:919c4cbef3c4920fe661f5d69de7258135096b673a26370a0cbd98d244a20752"
+    # @supplier: "Univention"
+  umsSelfserviceInvitation:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # dependencyType=vendor
+    # This is a preview and not part of the standard deployment.
+    repository: "souvap/tooling/images/univention/selfservice-invitation"
+    tag: "0.3.0@sha256:225ce06e2859586d4c0fa1933d687df370d170b71b62cfd1e46992b44e880b08"
     # @supplier: "Univention"
   wellKnown:
     # renovate:
diff --git a/helmfile/environments/default/persistence.yaml b/helmfile/environments/default/persistence.yaml
index f355875a..4d0fafd4 100644
--- a/helmfile/environments/default/persistence.yaml
+++ b/helmfile/environments/default/persistence.yaml
@@ -24,6 +24,7 @@ persistence:
       ldapServerData: "1Gi"
       ldapServerShared: "1Gi"
       portalListener: "1Gi"
+      selfserviceListener: "1Gi"
       storeDav: "1Gi"
     xwiki: "1Gi"
 ...
diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml
index 1d9d05d9..80cc9cde 100644
--- a/helmfile/environments/default/resources.yaml
+++ b/helmfile/environments/default/resources.yaml
@@ -396,6 +396,21 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
+  umsSelfserviceListener:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+  umsSelfserviceListenerDependencies:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+
   umsStackDataUms:
     limits:
       cpu: 99