diff --git a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl index 9ac01743..a16ba51e 100644 --- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl @@ -452,6 +452,37 @@ provisioning: - name: {{ . | quote }} {{- end }} credentialSecretName: "ums-provisioning-api-credentials" + udmTransformer: + image: + registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmTransformer.registry | quote }} + repository: {{ .Values.images.umsProvisioningUdmTransformer.repository }} + pullPolicy: {{ .Values.global.imagePullPolicy }} + tag: {{ .Values.images.umsProvisioningUdmTransformer.tag }} + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . | quote }} + {{- end }} + config: + LOG_LEVEL: "DEBUG" + # not actually used in the code but needed for startup + UDM_HOST: "foobar" + UDM_PORT: 80 + LDAP_TLS_MODE: "off" + api: + auth: + credentialSecretName: "ums-provisioning-udm-transformer-api-credentials" + nats: + auth: + credentialSecretName: "ums-provisioning-udm-transformer-credentials" + ldap: + baseDn: {{ .Values.ldap.baseDn | quote }} + auth: + bindDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} + credertialSecretName: "ums-provisioning-udm-transformer-ldap-credentials" + connection: + host: {{ .Values.ldap.host | quote }} + port: "389" + dispatcher: image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningDispatcher.registry | quote }} @@ -1006,12 +1037,25 @@ keycloak-bootstrap: cleanup: deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} + keycloak: + auth: + username: "kcadmin" + password: {{ .Values.secrets.keycloak.adminPassword | quote }} + realm: {{ .Values.platform.realm | quote }} + connection: + host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" + baseUrl: "http://ums-keycloak:8080" + ldap: + connection: + host: "ums-ldap-server" + port: 389 + baseDn: "dc=univention-organization,dc=intranet" + auth: + bindDn: "uid=ldapsearch_keycloak,cn=users,dc=univention-organization,dc=intranet" + password: "univention" config: keycloak: - adminUser: "kcadmin" - adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} - realm: {{ .Values.platform.realm | quote }} intraCluster: enabled: true internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" @@ -1069,10 +1113,12 @@ keycloak-bootstrap: keycloak-extensions: enabled: true keycloak: - host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" - adminUsername: "kcadmin" - adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} - adminRealm: "master" + connection: + host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" + auth: + username: "kcadmin" + password: {{ .Values.secrets.keycloak.adminPassword | quote }} + realm: "master" realm: {{ .Values.platform.realm | quote }} postgresql: connection: @@ -1530,7 +1576,9 @@ extraSecrets: ADMIN_PASSWORD: {{ .Values.provisioning.api.admin.password | default .Values.secrets.univentionManagementStack.provisioning.api.admin.password | quote }} PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }} PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }} + # UDM Transformer Username EVENTS_USERNAME_UDM: {{ .Values.provisioning.api.udmListener.username | quote }} + # UDM Transformer Password EVENTS_PASSWORD_UDM: {{ .Values.provisioning.api.udmListener.password | default .Values.secrets.univentionManagementStack.provisioning.api.udmListener.password | quote }} - name: ums-provisioning-dispatcher-credentials stringData: @@ -1546,6 +1594,19 @@ extraSecrets: UDM_PASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }} PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }} + - name: ums-provisioning-udm-transformer-api-credentials + stringData: + # UDM Transformer Username + EVENTS_USERNAME_UDM: {{ .Values.provisioning.api.udmListener.username | quote }} + # UDM Transformer Password + EVENTS_PASSWORD_UDM: {{ .Values.provisioning.api.udmListener.password | default .Values.secrets.univentionManagementStack.provisioning.api.udmListener.password | quote }} + - name: ums-provisioning-udm-transformer-credentials + stringData: + NATS_USER: {{ .Values.provisioning.udmTransformer.nats.username | quote }} + NATS_PASSWORD: {{ .Values.provisioning.udmTransformer.nats.password | default .Values.secrets.univentionManagementStack.provisioning.udmTransformer.nats.password | quote }} + - name: ums-provisioning-udm-transformer-ldap-credentials + stringData: + LDAP_BIND_PW: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - name: "ums-provisioning-udm-listener-credentials" stringData: NATS_USER: {{ .Values.provisioning.udmListener.nats.username | quote }} diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index b76fb5f4..dd04efd7 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -375,10 +375,10 @@ charts: # upstreamRepository: 'souvap/tooling/charts/univention/ums' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ['0', '0', '1'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/charts-mirror" + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/charts/univention" name: "ums" - version: "0.12.0" + version: "0.14.0-pre-jlohmer-split-provisioning-listener" verify: true umsKeycloakBootstrap: # providerCategory: 'Supplier' diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 80badc7e..a84111dc 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -668,9 +668,11 @@ images: # upstreamRepository: 'souvap/tooling/images/univention/provisioning-dispatcher' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ['0', '14', '0'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" - tag: "0.25.0@sha256:c6c9d1e4a46222105ded32c8e87cb2e9b19945592a9ada4e6c13e6942d721694" + # /univention/customers/dataport/upx/provisioning/provisioning-dispatcher@sha256:3e62ca53312ed3c24a72216b881c6859013286d43fde17923309f99c613f14ab + # /souvap/tooling/images/univention/provisioning-dispatcher:0.26.0 + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/images/univention/provisioning-dispatcher" + tag: "0.26.0" umsProvisioningEventsAndConsumerApi: # providerCategory: 'Supplier' # providerResponsible: 'Univention' @@ -678,9 +680,9 @@ images: # upstreamRepository: 'souvap/tooling/images/univention/provisioning-events-and-consumer-api' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ['0', '14', '0'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" - tag: "0.25.0@sha256:f0382154126421e4078beede3ce2579f61859da64c497cb5c93acc693bf71647" + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/images/univention/provisioning-events-and-consumer-api" + tag: "0.26.0" umsProvisioningPrefill: # providerCategory: 'Supplier' # providerResponsible: 'Univention' @@ -688,9 +690,19 @@ images: # upstreamRepository: 'souvap/tooling/images/univention/provisioning-prefill' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ['0', '14', '0'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" - tag: "0.25.0@sha256:a5beae74c2575fa20d305ae635bc0c2bba64a9b1173819f8ddd4cca3fb59f6a4" + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/images/univention/provisioning-prefill" + tag: "0.26.0" + umsProvisioningUdmTransformer: + # providerCategory: 'Supplier' + # providerResponsible: 'Univention' + # upstreamRegistry: 'registry.souvap-univention.de' + # upstreamRepository: 'souvap/tooling/images/univention/provisioning-udm-transformer' + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ['0', '14', '0'] + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/images/univention/provisioning-udm-transformer" + tag: "0.26.0" umsProvisioningUdmListener: # providerCategory: 'Supplier' # providerResponsible: 'Univention' @@ -698,9 +710,9 @@ images: # upstreamRepository: 'souvap/tooling/images/univention/provisioning-udm-listener' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ['0', '14', '0'] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" - tag: "0.25.0@sha256:b67e31d11461d02bc211117408ded3c0428d224b056f26734add7c024d5f710a" + registry: "registry.souvap-univention.de" + repository: "souvap/tooling/images/univention/provisioning-udm-listener" + tag: "0.26.0" umsSelfserviceInvitation: # providerCategory: 'Supplier' # providerResponsible: 'Univention' diff --git a/helmfile/environments/default/provisioning.yaml b/helmfile/environments/default/provisioning.yaml index 148d76a0..c5412ef1 100644 --- a/helmfile/environments/default/provisioning.yaml +++ b/helmfile/environments/default/provisioning.yaml @@ -22,6 +22,10 @@ provisioning: nats: username: "dispatcher" password: "" + udmTransformer: + nats: + username: "udmTransformer" + password: "" prefill: nats: username: "prefill" diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 292efd00..06981fe6 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -37,14 +37,17 @@ secrets: nats: password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "api" | b64enc | quote }} admin: - password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin" | b64enc | quote }} + password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin" | sha1sum | quote }} prefill: - password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "prefill" | b64enc | quote }} + password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "prefill" | sha1sum | quote }} udmListener: - password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "udmListener" | b64enc | quote }} + password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "udmListener" | sha1sum | quote }} dispatcher: nats: password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "dispatcher" | b64enc | quote }} + udmTransformer: + nats: + password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "udmTransformer" | b64enc | quote }} prefill: nats: password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "prefill" | b64enc | quote }}