sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-07 07:51:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: enable and set up provisioning

Browse Source
This commit is contained in:
Anton Caceres
2024-05-14 11:01:43 +02:00
parent 5766d0fedd
commit f69de3cc33
3 changed files with 101 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
View File

@@ -440,7 +440,7 @@ portal-server:
{{ .Values.resources.umsPortalServer | toYaml | nindent 4 }} {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
provisioning: provisioning:
enabled: false enabled: true
api: api:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningEventsAndConsumerApi.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningEventsAndConsumerApi.registry | quote }}
@@ -451,6 +451,10 @@ provisioning:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
config:
rootPath: "/univention/provisioning-api"
resources:
{{ .Values.resources.umsProvisioningEventsAndConsumerApi | toYaml | nindent 4 }}
credentialSecretName: "ums-provisioning-api-credentials" credentialSecretName: "ums-provisioning-api-credentials"
dispatcher: dispatcher:
image: image:
@@ -462,6 +466,10 @@ provisioning:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources:
{{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 4 }}
config:
UDM_HOST: "ums-udm-rest-api"
credentialSecretName: "ums-provisioning-dispatcher-credentials" credentialSecretName: "ums-provisioning-dispatcher-credentials"
prefill: prefill:
image: image:
@@ -473,7 +481,26 @@ provisioning:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources:
{{ .Values.resources.umsProvisioningPrefill | toYaml | nindent 4 }}
config:
UDM_HOST: "ums-udm-rest-api"
credentialSecretName: "ums-provisioning-prefill-credentials" credentialSecretName: "ums-provisioning-prefill-credentials"
register_consumers:
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
repository: {{ .Values.images.umsWaitForDependency.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.umsWaitForDependency.tag }}
pullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
resources:
{{ .Values.resources.umsProvisioningRegisterConsumer | toYaml | nindent 4 }}
credentialSecretName: "ums-provisioning-register-consumers-credentials"
jsonSecretName: "ums-provisioning-register-consumers-json-secrets"
provisioningApiBaseUrl: "http://ums-provisioning-api/internal/admin/v1/subscriptions"
nats: nats:
config: config:
authorization: authorization:
@@ -499,6 +526,17 @@ provisioning:
permissions: permissions:
publish: ">" publish: ">"
subscribe: ">" subscribe: ">"
- user: "$NATS_UDMLISTENER_USER"
password: "$NATS_UDMLISTENER_PASSWORD"
permissions:
publish: ">"
subscribe: ">"
- user: "$NATS_ADMIN_USER"
password: "$NATS_ADMIN_PASSWORD"
permissions:
publish: ">"
subscribe: ">"
extraEnvVars: extraEnvVars:
- name: NATS_USER - name: NATS_USER
value: "admin" value: "admin"
@@ -537,6 +575,17 @@ provisioning:
secretKeyRef: secretKeyRef:
name: ums-provisioning-prefill-credentials name: ums-provisioning-prefill-credentials
key: NATS_PASSWORD key: NATS_PASSWORD
- name: NATS_UDMLISTENER_USER
valueFrom:
secretKeyRef:
name: ums-provisioning-udm-listener-credentials
key: NATS_USER
- name: NATS_UDMLISTENER_PASSWORD
valueFrom:
secretKeyRef:
name: ums-provisioning-udm-listener-credentials
key: NATS_PASSWORD
nats: nats:
nats: nats:
image: image:
@@ -564,7 +613,7 @@ provisioning:
enabled: false enabled: false
udm-listener: udm-listener:
enabled: false enabled: true
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmListener.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmListener.registry | quote }}
repository: {{ .Values.images.umsProvisioningUdmListener.repository | quote }} repository: {{ .Values.images.umsProvisioningUdmListener.repository | quote }}
@@ -581,9 +630,17 @@ udm-listener:
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
ldapPort: "389" ldapPort: "389"
notifierServer: "ums-ldap-notifier" notifierServer: {{ .Values.ldap.notifierHost | quote }}
tlsMode: "off" tlsMode: "off"
natsHost: "ums-provisioning-nats" natsHost: "ums-provisioning-nats"
natsUser: "udmlistener"
natsPassword: {{ .Values.secrets.univentionManagementStack.provisioning.udmListenerNatsPassword }}
eventsUsernameUdm: "udmproducer"
eventsPasswordUdm: {{ .Values.secrets.univentionManagementStack.provisioning.udmProducerPassword }}
internalApiHost: "ums-provisioning-api"
resources:
{{ .Values.resources.umsProvisioningUdmListener | toYaml | nindent 4 }}
stack-data-ums: stack-data-ums:
enabled: true enabled: true
@@ -1526,20 +1583,47 @@ extraSecrets:
- name: ums-provisioning-api-credentials - name: ums-provisioning-api-credentials
stringData: stringData:
NATS_USER: "api" NATS_USER: "api"
NATS_PASSWORD: "password" NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiNatsPassword }}
ADMIN_NATS_USER: "admin"
ADMIN_NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminNatsPassword }}
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminPassword }}
PREFILL_USERNAME: "prefill"
PREFILL_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillPassword }}
EVENTS_USERNAME_UDM: "udmproducer"
EVENTS_PASSWORD_UDM: {{ .Values.secrets.univentionManagementStack.provisioning.udmProducerPassword }}
- name: ums-provisioning-dispatcher-credentials - name: ums-provisioning-dispatcher-credentials
stringData: stringData:
UDM_USERNAME: "cn=admin"
UDM_PASSWORD: "password"
NATS_USER: "dispatcher" NATS_USER: "dispatcher"
NATS_PASSWORD: "password" NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.dispatcherNatsPassword }}
- name: ums-provisioning-prefill-credentials - name: ums-provisioning-prefill-credentials
stringData: stringData:
NATS_USER: "prefill" NATS_USER: "prefill"
NATS_PASSWORD: "password" NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillNatsPassword }}
UDM_USERNAME: "cn=admin"
UDM_PASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
PREFILL_USERNAME: "prefill"
PREFILL_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillPassword }}
- name: ums-provisioning-udm-listener-credentials
stringData:
NATS_USER: "udmlistener"
NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.udmListenerNatsPassword }}
- name: ums-provisioning-nats-credentials - name: ums-provisioning-nats-credentials
stringData: stringData:
admin_password: "nimda" admin_password: "nimda"
- name: ums-provisioning-register-consumers-credentials
stringData:
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminPassword }}
- name: ums-provisioning-register-consumers-json-secrets
stringData:
selfservice-listener.json: |
{
"name": "selfservice-listener",
"realms_topics": [["udm", "users/user"]],
"request_prefill": true,
"password": {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }}
}
- name: ums-udm-rest-api-credentials - name: ums-udm-rest-api-credentials
stringData: stringData:
ldap.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} ldap.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
@@ -1556,8 +1640,8 @@ extraSecrets:
GUARDIAN_MANAGEMENT_API_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} GUARDIAN_MANAGEMENT_API_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
- name: "ums-selfservice-listener-credentials" - name: "ums-selfservice-listener-credentials"
stringData: stringData:
UMC_ADMIN_USER: "Administrator" UMC_ADMIN_USER: "default.admin"
UMC_ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.selfserviceListener.umcAdminPassword | quote }} UMC_ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
PROVISIONING_API_USERNAME: "selfservice-listener" PROVISIONING_API_USERNAME: "selfservice-listener"
PROVISIONING_API_PASSWORD: {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }} PROVISIONING_API_PASSWORD: {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }}
... ...

7
helmfile/environments/default/resources.yaml
View File

@@ -466,6 +466,13 @@ resources:
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "256Mi" memory: "256Mi"
umsProvisioningRegisterConsumer:
limits:
cpu: 0.5
memory: "256Mi"
requests:
cpu: 0.25
memory: "128Mi"
umsProvisioningNats: umsProvisioningNats:
limits: limits:
cpu: 99 cpu: 99

4
helmfile/environments/default/secrets.gotmpl
View File

@@ -34,16 +34,12 @@ secrets:
apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }} apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
apiAdminNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "apiAdmin" "nats" | sha1sum | quote }} apiAdminNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "apiAdmin" "nats" | sha1sum | quote }}
apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }} apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }}
dispatcherPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "dispatcher_service" | sha1sum | quote }}
prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }} prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }}
prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }} prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }}
udmProducerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }} udmProducerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }}
dispatcherNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "nats" | sha1sum | quote }} dispatcherNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "nats" | sha1sum | quote }}
dispatcherUdmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
udmListenerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmlistener" "nats" | sha1sum | quote }} udmListenerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmlistener" "nats" | sha1sum | quote }}
udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
selfserviceListener: selfserviceListener:
umcAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "umc" | sha1sum | quote }}
provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "selfservice-listener" "selfservice-listener" | sha1sum | quote }} provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "selfservice-listener" "selfservice-listener" | sha1sum | quote }}
nats: nats:
natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }} natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }}