sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 16:28:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(univention-management-stack): add udm-transformer to provisioning helm values

Browse Source
This commit is contained in:
Johannes Lohmer
2024-05-16 13:17:23 +02:00
parent 62f0a4bef2
commit faba0b991d
5 changed files with 105 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
View File

@@ -452,6 +452,37 @@ provisioning:
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
credentialSecretName: "ums-provisioning-api-credentials" credentialSecretName: "ums-provisioning-api-credentials"
udmTransformer:
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmTransformer.registry | quote }}
repository: {{ .Values.images.umsProvisioningUdmTransformer.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.umsProvisioningUdmTransformer.tag }}
pullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
config:
LOG_LEVEL: "DEBUG"
# not actually used in the code but needed for startup
UDM_HOST: "foobar"
UDM_PORT: 80
LDAP_TLS_MODE: "off"
api:
auth:
credentialSecretName: "ums-provisioning-udm-transformer-api-credentials"
nats:
auth:
credentialSecretName: "ums-provisioning-udm-transformer-credentials"
ldap:
baseDn: {{ .Values.ldap.baseDn | quote }}
auth:
bindDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
credertialSecretName: "ums-provisioning-udm-transformer-ldap-credentials"
connection:
host: {{ .Values.ldap.host | quote }}
port: "389"
dispatcher: dispatcher:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningDispatcher.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningDispatcher.registry | quote }}
@@ -1006,12 +1037,25 @@ keycloak-bootstrap:
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
keycloak:
auth:
username: "kcadmin"
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
realm: {{ .Values.platform.realm | quote }}
connection:
host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
baseUrl: "http://ums-keycloak:8080"
ldap:
connection:
host: "ums-ldap-server"
port: 389
baseDn: "dc=univention-organization,dc=intranet"
auth:
bindDn: "uid=ldapsearch_keycloak,cn=users,dc=univention-organization,dc=intranet"
password: "univention"
config: config:
keycloak: keycloak:
adminUser: "kcadmin"
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
realm: {{ .Values.platform.realm | quote }}
intraCluster: intraCluster:
enabled: true enabled: true
internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
@@ -1069,10 +1113,12 @@ keycloak-bootstrap:
keycloak-extensions: keycloak-extensions:
enabled: true enabled: true
keycloak: keycloak:
connection:
host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
adminUsername: "kcadmin" auth:
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} username: "kcadmin"
adminRealm: "master" password: {{ .Values.secrets.keycloak.adminPassword | quote }}
realm: "master"
realm: {{ .Values.platform.realm | quote }} realm: {{ .Values.platform.realm | quote }}
postgresql: postgresql:
connection: connection:
@@ -1530,7 +1576,9 @@ extraSecrets:
ADMIN_PASSWORD: {{ .Values.provisioning.api.admin.password | default .Values.secrets.univentionManagementStack.provisioning.api.admin.password | quote }} ADMIN_PASSWORD: {{ .Values.provisioning.api.admin.password | default .Values.secrets.univentionManagementStack.provisioning.api.admin.password | quote }}
PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }} PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }}
PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }} PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }}
# UDM Transformer Username
EVENTS_USERNAME_UDM: {{ .Values.provisioning.api.udmListener.username | quote }} EVENTS_USERNAME_UDM: {{ .Values.provisioning.api.udmListener.username | quote }}
# UDM Transformer Password
EVENTS_PASSWORD_UDM: {{ .Values.provisioning.api.udmListener.password | default .Values.secrets.univentionManagementStack.provisioning.api.udmListener.password | quote }} EVENTS_PASSWORD_UDM: {{ .Values.provisioning.api.udmListener.password | default .Values.secrets.univentionManagementStack.provisioning.api.udmListener.password | quote }}
- name: ums-provisioning-dispatcher-credentials - name: ums-provisioning-dispatcher-credentials
stringData: stringData:
@@ -1546,6 +1594,19 @@ extraSecrets:
UDM_PASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} UDM_PASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }} PREFILL_USERNAME: {{ .Values.provisioning.api.prefill.username | quote }}
PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }} PREFILL_PASSWORD: {{ .Values.provisioning.api.prefill.password | default .Values.secrets.univentionManagementStack.provisioning.api.prefill.password | quote }}
- name: ums-provisioning-udm-transformer-api-credentials
stringData:
# UDM Transformer Username
EVENTS_USERNAME_UDM: {{ .Values.provisioning.api.udmListener.username | quote }}
# UDM Transformer Password
EVENTS_PASSWORD_UDM: {{ .Values.provisioning.api.udmListener.password | default .Values.secrets.univentionManagementStack.provisioning.api.udmListener.password | quote }}
- name: ums-provisioning-udm-transformer-credentials
stringData:
NATS_USER: {{ .Values.provisioning.udmTransformer.nats.username | quote }}
NATS_PASSWORD: {{ .Values.provisioning.udmTransformer.nats.password | default .Values.secrets.univentionManagementStack.provisioning.udmTransformer.nats.password | quote }}
- name: ums-provisioning-udm-transformer-ldap-credentials
stringData:
LDAP_BIND_PW: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
- name: "ums-provisioning-udm-listener-credentials" - name: "ums-provisioning-udm-listener-credentials"
stringData: stringData:
NATS_USER: {{ .Values.provisioning.udmListener.nats.username | quote }} NATS_USER: {{ .Values.provisioning.udmListener.nats.username | quote }}

6
helmfile/environments/default/charts.yaml
View File

@@ -375,10 +375,10 @@ charts:
# upstreamRepository: 'souvap/tooling/charts/univention/ums' # upstreamRepository: 'souvap/tooling/charts/univention/ums'
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ['0', '0', '1'] # upstreamMirrorStartFrom: ['0', '0', '1']
registry: "registry.opencode.de" registry: "registry.souvap-univention.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror" repository: "souvap/tooling/charts/univention"
name: "ums" name: "ums"
version: "0.12.0" version: "0.14.0-pre-jlohmer-split-provisioning-listener"
verify: true verify: true
umsKeycloakBootstrap: umsKeycloakBootstrap:
# providerCategory: 'Supplier' # providerCategory: 'Supplier'

36
helmfile/environments/default/images.yaml
View File

@@ -668,9 +668,11 @@ images:
# upstreamRepository: 'souvap/tooling/images/univention/provisioning-dispatcher' # upstreamRepository: 'souvap/tooling/images/univention/provisioning-dispatcher'
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ['0', '14', '0'] # upstreamMirrorStartFrom: ['0', '14', '0']
registry: "registry.opencode.de" # /univention/customers/dataport/upx/provisioning/provisioning-dispatcher@sha256:3e62ca53312ed3c24a72216b881c6859013286d43fde17923309f99c613f14ab
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" # /souvap/tooling/images/univention/provisioning-dispatcher:0.26.0
tag: "0.25.0@sha256:c6c9d1e4a46222105ded32c8e87cb2e9b19945592a9ada4e6c13e6942d721694" registry: "registry.souvap-univention.de"
repository: "souvap/tooling/images/univention/provisioning-dispatcher"
tag: "0.26.0"
umsProvisioningEventsAndConsumerApi: umsProvisioningEventsAndConsumerApi:
# providerCategory: 'Supplier' # providerCategory: 'Supplier'
# providerResponsible: 'Univention' # providerResponsible: 'Univention'
@@ -678,9 +680,9 @@ images:
# upstreamRepository: 'souvap/tooling/images/univention/provisioning-events-and-consumer-api' # upstreamRepository: 'souvap/tooling/images/univention/provisioning-events-and-consumer-api'
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ['0', '14', '0'] # upstreamMirrorStartFrom: ['0', '14', '0']
registry: "registry.opencode.de" registry: "registry.souvap-univention.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" repository: "souvap/tooling/images/univention/provisioning-events-and-consumer-api"
tag: "0.25.0@sha256:f0382154126421e4078beede3ce2579f61859da64c497cb5c93acc693bf71647" tag: "0.26.0"
umsProvisioningPrefill: umsProvisioningPrefill:
# providerCategory: 'Supplier' # providerCategory: 'Supplier'
# providerResponsible: 'Univention' # providerResponsible: 'Univention'
@@ -688,9 +690,19 @@ images:
# upstreamRepository: 'souvap/tooling/images/univention/provisioning-prefill' # upstreamRepository: 'souvap/tooling/images/univention/provisioning-prefill'
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ['0', '14', '0'] # upstreamMirrorStartFrom: ['0', '14', '0']
registry: "registry.opencode.de" registry: "registry.souvap-univention.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" repository: "souvap/tooling/images/univention/provisioning-prefill"
tag: "0.25.0@sha256:a5beae74c2575fa20d305ae635bc0c2bba64a9b1173819f8ddd4cca3fb59f6a4" tag: "0.26.0"
umsProvisioningUdmTransformer:
# providerCategory: 'Supplier'
# providerResponsible: 'Univention'
# upstreamRegistry: 'registry.souvap-univention.de'
# upstreamRepository: 'souvap/tooling/images/univention/provisioning-udm-transformer'
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ['0', '14', '0']
registry: "registry.souvap-univention.de"
repository: "souvap/tooling/images/univention/provisioning-udm-transformer"
tag: "0.26.0"
umsProvisioningUdmListener: umsProvisioningUdmListener:
# providerCategory: 'Supplier' # providerCategory: 'Supplier'
# providerResponsible: 'Univention' # providerResponsible: 'Univention'
@@ -698,9 +710,9 @@ images:
# upstreamRepository: 'souvap/tooling/images/univention/provisioning-udm-listener' # upstreamRepository: 'souvap/tooling/images/univention/provisioning-udm-listener'
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ['0', '14', '0'] # upstreamMirrorStartFrom: ['0', '14', '0']
registry: "registry.opencode.de" registry: "registry.souvap-univention.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" repository: "souvap/tooling/images/univention/provisioning-udm-listener"
tag: "0.25.0@sha256:b67e31d11461d02bc211117408ded3c0428d224b056f26734add7c024d5f710a" tag: "0.26.0"
umsSelfserviceInvitation: umsSelfserviceInvitation:
# providerCategory: 'Supplier' # providerCategory: 'Supplier'
# providerResponsible: 'Univention' # providerResponsible: 'Univention'

4
helmfile/environments/default/provisioning.yaml
View File

@@ -22,6 +22,10 @@ provisioning:
nats: nats:
username: "dispatcher" username: "dispatcher"
password: "" password: ""
udmTransformer:
nats:
username: "udmTransformer"
password: ""
prefill: prefill:
nats: nats:
username: "prefill" username: "prefill"

9
helmfile/environments/default/secrets.gotmpl
View File

@@ -37,14 +37,17 @@ secrets:
nats: nats:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "api" | b64enc | quote }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "api" | b64enc | quote }}
admin: admin:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin" | b64enc | quote }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin" | sha1sum | quote }}
prefill: prefill:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "prefill" | b64enc | quote }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "prefill" | sha1sum | quote }}
udmListener: udmListener:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "udmListener" | b64enc | quote }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "udmListener" | sha1sum | quote }}
dispatcher: dispatcher:
nats: nats:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "dispatcher" | b64enc | quote }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "dispatcher" | b64enc | quote }}
udmTransformer:
nats:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "udmTransformer" | b64enc | quote }}
prefill: prefill:
nats: nats:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "prefill" | b64enc | quote }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nats" "prefill" | b64enc | quote }}