feat(univention-management-stack): add udm-transformer to provisioning helm values

2025-12-06 07:21:36 +01:00 · 2024-05-16 13:17:23 +02:00
parent 62f0a4bef2
commit faba0b991d
5 changed files with 105 additions and 25 deletions
--- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
@@ -452,6 +452,37 @@ provisioning:
        - name: {{ . | quote }}
        {{- end }}
    credentialSecretName: "ums-provisioning-api-credentials"
+  udmTransformer:
+    image:
+      registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmTransformer.registry | quote }}
+      repository: {{ .Values.images.umsProvisioningUdmTransformer.repository }}
+      pullPolicy: {{ .Values.global.imagePullPolicy }}
+      tag: {{ .Values.images.umsProvisioningUdmTransformer.tag }}
+      pullSecrets:
+        {{- range .Values.global.imagePullSecrets }}
+        - name: {{ . | quote }}
+        {{- end }}
+    config:
+      LOG_LEVEL: "DEBUG"
+      # not actually used in the code but needed for startup
+      UDM_HOST: "foobar"
+      UDM_PORT: 80
+      LDAP_TLS_MODE: "off"
+    api:
+      auth:
+        credentialSecretName: "ums-provisioning-udm-transformer-api-credentials"
+    nats:
+      auth:
+        credentialSecretName: "ums-provisioning-udm-transformer-credentials"
+    ldap:
+      baseDn: {{ .Values.ldap.baseDn | quote }}
+      auth:
+        bindDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
+        credertialSecretName: "ums-provisioning-udm-transformer-ldap-credentials"
+      connection:
+        host: {{ .Values.ldap.host | quote }}
+        port: "389"
+
  dispatcher:
    image:
      registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningDispatcher.registry | quote }}
@@ -1006,12 +1037,25 @@ keycloak-bootstrap:
  cleanup:
    deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
    keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
+  keycloak:
+    auth:
+      username: "kcadmin"
+      password: {{ .Values.secrets.keycloak.adminPassword | quote }}
+      realm: {{ .Values.platform.realm | quote }}
+    connection:
+      host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
+      baseUrl: "http://ums-keycloak:8080"
+  ldap:
+    connection:
+      host: "ums-ldap-server"
+      port: 389
+    baseDn: "dc=univention-organization,dc=intranet"
+    auth:
+      bindDn: "uid=ldapsearch_keycloak,cn=users,dc=univention-organization,dc=intranet"
+      password: "univention"

  config:
    keycloak:
-      adminUser: "kcadmin"
-      adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
-      realm: {{ .Values.platform.realm | quote }}
      intraCluster:
        enabled: true
        internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
@@ -1069,10 +1113,12 @@ keycloak-bootstrap:
 keycloak-extensions:
  enabled: true
  keycloak:
-    host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
-    adminUsername: "kcadmin"
-    adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
-    adminRealm: "master"
+    connection:
+      host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
+    auth:
+      username: "kcadmin"
+      password: {{ .Values.secrets.keycloak.adminPassword | quote }}
+      realm: "master"
    realm: {{ .Values.platform.realm | quote }}
  postgresql:
    connection:
@@ -1530,7 +1576,9 @@ extraSecrets:
      ADMIN_PASSWORD: {{ .Values.provisioning.api.admin.password | default .Values.secrets.univentionManagementStack.provisioning.api.admin.password | quote }}
      PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }}
      PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }}
+      # UDM Transformer Username
      EVENTS_USERNAME_UDM: {{ .Values.provisioning.api.udmListener.username | quote }}
+      # UDM Transformer Password
      EVENTS_PASSWORD_UDM: {{ .Values.provisioning.api.udmListener.password | default .Values.secrets.univentionManagementStack.provisioning.api.udmListener.password | quote }}
  - name: ums-provisioning-dispatcher-credentials
    stringData:
@@ -1546,6 +1594,19 @@ extraSecrets:
      UDM_PASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
      PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }}
      PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }}
+  - name: ums-provisioning-udm-transformer-api-credentials
+    stringData:
+      # UDM Transformer Username
+      EVENTS_USERNAME_UDM: {{ .Values.provisioning.api.udmListener.username | quote }}
+      # UDM Transformer Password
+      EVENTS_PASSWORD_UDM: {{ .Values.provisioning.api.udmListener.password | default .Values.secrets.univentionManagementStack.provisioning.api.udmListener.password | quote }}
+  - name: ums-provisioning-udm-transformer-credentials
+    stringData:
+      NATS_USER: {{ .Values.provisioning.udmTransformer.nats.username | quote }}
+      NATS_PASSWORD: {{ .Values.provisioning.udmTransformer.nats.password | default .Values.secrets.univentionManagementStack.provisioning.udmTransformer.nats.password | quote }}
+  - name: ums-provisioning-udm-transformer-ldap-credentials
+    stringData:
+      LDAP_BIND_PW: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
  - name: "ums-provisioning-udm-listener-credentials"
    stringData:
      NATS_USER: {{ .Values.provisioning.udmListener.nats.username | quote }}
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -375,10 +375,10 @@ charts:
    # upstreamRepository: 'souvap/tooling/charts/univention/ums'
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ['0', '0', '1']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    registry: "registry.souvap-univention.de"
+    repository: "souvap/tooling/charts/univention"
    name: "ums"
-    version: "0.12.0"
+    version: "0.14.0-pre-jlohmer-split-provisioning-listener"
    verify: true
  umsKeycloakBootstrap:
    # providerCategory: 'Supplier'
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -668,9 +668,11 @@ images:
    # upstreamRepository: 'souvap/tooling/images/univention/provisioning-dispatcher'
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ['0', '14', '0']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
-    tag: "0.25.0@sha256:c6c9d1e4a46222105ded32c8e87cb2e9b19945592a9ada4e6c13e6942d721694"
+    # /univention/customers/dataport/upx/provisioning/provisioning-dispatcher@sha256:3e62ca53312ed3c24a72216b881c6859013286d43fde17923309f99c613f14ab
+    # /souvap/tooling/images/univention/provisioning-dispatcher:0.26.0
+    registry: "registry.souvap-univention.de"
+    repository: "souvap/tooling/images/univention/provisioning-dispatcher"
+    tag: "0.26.0"
  umsProvisioningEventsAndConsumerApi:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Univention'
@@ -678,9 +680,9 @@ images:
    # upstreamRepository: 'souvap/tooling/images/univention/provisioning-events-and-consumer-api'
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ['0', '14', '0']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
-    tag: "0.25.0@sha256:f0382154126421e4078beede3ce2579f61859da64c497cb5c93acc693bf71647"
+    registry: "registry.souvap-univention.de"
+    repository: "souvap/tooling/images/univention/provisioning-events-and-consumer-api"
+    tag: "0.26.0"
  umsProvisioningPrefill:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Univention'
@@ -688,9 +690,19 @@ images:
    # upstreamRepository: 'souvap/tooling/images/univention/provisioning-prefill'
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ['0', '14', '0']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
-    tag: "0.25.0@sha256:a5beae74c2575fa20d305ae635bc0c2bba64a9b1173819f8ddd4cca3fb59f6a4"
+    registry: "registry.souvap-univention.de"
+    repository: "souvap/tooling/images/univention/provisioning-prefill"
+    tag: "0.26.0"
+  umsProvisioningUdmTransformer:
+    # providerCategory: 'Supplier'
+    # providerResponsible: 'Univention'
+    # upstreamRegistry: 'registry.souvap-univention.de'
+    # upstreamRepository: 'souvap/tooling/images/univention/provisioning-udm-transformer'
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ['0', '14', '0']
+    registry: "registry.souvap-univention.de"
+    repository: "souvap/tooling/images/univention/provisioning-udm-transformer"
+    tag: "0.26.0"
  umsProvisioningUdmListener:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Univention'
@@ -698,9 +710,9 @@ images:
    # upstreamRepository: 'souvap/tooling/images/univention/provisioning-udm-listener'
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ['0', '14', '0']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
-    tag: "0.25.0@sha256:b67e31d11461d02bc211117408ded3c0428d224b056f26734add7c024d5f710a"
+    registry: "registry.souvap-univention.de"
+    repository: "souvap/tooling/images/univention/provisioning-udm-listener"
+    tag: "0.26.0"
  umsSelfserviceInvitation:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Univention'
--- a/helmfile/environments/default/provisioning.yaml
+++ b/helmfile/environments/default/provisioning.yaml
@@ -22,6 +22,10 @@ provisioning:
    nats:
      username: "dispatcher"
      password: ""
+  udmTransformer:
+    nats:
+      username: "udmTransformer"
+      password: ""
  prefill:
    nats:
      username: "prefill"
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -37,14 +37,17 @@ secrets:
        nats:
          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "api" | b64enc | quote }}
        admin:
-          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin" | b64enc | quote }}
+          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin" | sha1sum | quote }}
        prefill:
-          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "prefill" | b64enc | quote }}
+          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "prefill" | sha1sum | quote }}
        udmListener:
-          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "udmListener" | b64enc | quote }}
+          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "udmListener" | sha1sum | quote }}
      dispatcher:
        nats:
          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "dispatcher" | b64enc | quote }}
+      udmTransformer:
+        nats:
+          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "udmTransformer" | b64enc | quote }}
      prefill:
        nats:
          password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "prefill" | b64enc | quote }}