mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
2 Commits
feat/nubus
...
acaceres/u
| Author | SHA1 | Date | |
|---|---|---|---|
|
f69de3cc33 | ||
|
|
5766d0fedd |
@@ -440,7 +440,7 @@ portal-server:
|
||||
{{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
|
||||
|
||||
provisioning:
|
||||
enabled: false
|
||||
enabled: true
|
||||
api:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningEventsAndConsumerApi.registry | quote }}
|
||||
@@ -451,6 +451,10 @@ provisioning:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
config:
|
||||
rootPath: "/univention/provisioning-api"
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningEventsAndConsumerApi | toYaml | nindent 4 }}
|
||||
credentialSecretName: "ums-provisioning-api-credentials"
|
||||
dispatcher:
|
||||
image:
|
||||
@@ -462,6 +466,10 @@ provisioning:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 4 }}
|
||||
config:
|
||||
UDM_HOST: "ums-udm-rest-api"
|
||||
credentialSecretName: "ums-provisioning-dispatcher-credentials"
|
||||
prefill:
|
||||
image:
|
||||
@@ -473,7 +481,26 @@ provisioning:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningPrefill | toYaml | nindent 4 }}
|
||||
config:
|
||||
UDM_HOST: "ums-udm-rest-api"
|
||||
credentialSecretName: "ums-provisioning-prefill-credentials"
|
||||
register_consumers:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.umsWaitForDependency.repository }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy }}
|
||||
tag: {{ .Values.images.umsWaitForDependency.tag }}
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningRegisterConsumer | toYaml | nindent 4 }}
|
||||
credentialSecretName: "ums-provisioning-register-consumers-credentials"
|
||||
jsonSecretName: "ums-provisioning-register-consumers-json-secrets"
|
||||
provisioningApiBaseUrl: "http://ums-provisioning-api/internal/admin/v1/subscriptions"
|
||||
nats:
|
||||
config:
|
||||
authorization:
|
||||
@@ -499,6 +526,17 @@ provisioning:
|
||||
permissions:
|
||||
publish: ">"
|
||||
subscribe: ">"
|
||||
- user: "$NATS_UDMLISTENER_USER"
|
||||
password: "$NATS_UDMLISTENER_PASSWORD"
|
||||
permissions:
|
||||
publish: ">"
|
||||
subscribe: ">"
|
||||
- user: "$NATS_ADMIN_USER"
|
||||
password: "$NATS_ADMIN_PASSWORD"
|
||||
permissions:
|
||||
publish: ">"
|
||||
subscribe: ">"
|
||||
|
||||
extraEnvVars:
|
||||
- name: NATS_USER
|
||||
value: "admin"
|
||||
@@ -537,6 +575,17 @@ provisioning:
|
||||
secretKeyRef:
|
||||
name: ums-provisioning-prefill-credentials
|
||||
key: NATS_PASSWORD
|
||||
- name: NATS_UDMLISTENER_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ums-provisioning-udm-listener-credentials
|
||||
key: NATS_USER
|
||||
- name: NATS_UDMLISTENER_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ums-provisioning-udm-listener-credentials
|
||||
key: NATS_PASSWORD
|
||||
|
||||
nats:
|
||||
nats:
|
||||
image:
|
||||
@@ -564,7 +613,7 @@ provisioning:
|
||||
enabled: false
|
||||
|
||||
udm-listener:
|
||||
enabled: false
|
||||
enabled: true
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmListener.registry | quote }}
|
||||
repository: {{ .Values.images.umsProvisioningUdmListener.repository | quote }}
|
||||
@@ -581,9 +630,17 @@ udm-listener:
|
||||
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
||||
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
ldapPort: "389"
|
||||
notifierServer: "ums-ldap-notifier"
|
||||
notifierServer: {{ .Values.ldap.notifierHost | quote }}
|
||||
tlsMode: "off"
|
||||
natsHost: "ums-provisioning-nats"
|
||||
natsUser: "udmlistener"
|
||||
natsPassword: {{ .Values.secrets.univentionManagementStack.provisioning.udmListenerNatsPassword }}
|
||||
eventsUsernameUdm: "udmproducer"
|
||||
eventsPasswordUdm: {{ .Values.secrets.univentionManagementStack.provisioning.udmProducerPassword }}
|
||||
internalApiHost: "ums-provisioning-api"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningUdmListener | toYaml | nindent 4 }}
|
||||
|
||||
stack-data-ums:
|
||||
enabled: true
|
||||
@@ -698,27 +755,19 @@ selfservice-listener:
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-selfservice-listener"
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }}
|
||||
repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }}
|
||||
tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
||||
selfserviceListener:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceListener.registry | quote }}
|
||||
repository: {{ .Values.images.umsSelfserviceListener.repository | quote }}
|
||||
tag: {{ .Values.images.umsSelfserviceListener.tag | quote }}
|
||||
|
||||
selfserviceInvitation:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }}
|
||||
repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }}
|
||||
tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }}
|
||||
|
||||
waitForDependency:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
|
||||
config:
|
||||
provisioningApiBaseUrl: "http://ums-provisioning-api"
|
||||
umcServerUrl: "http://ums-umc-server"
|
||||
credentialSecretName: "ums-selfservice-listener-credentials"
|
||||
|
||||
persistence:
|
||||
storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
@@ -727,24 +776,8 @@ selfservice-listener:
|
||||
resources:
|
||||
{{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }}
|
||||
|
||||
resourcesDependencyWaiter:
|
||||
{{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.umsSelfserviceListener }}
|
||||
|
||||
selfserviceListener:
|
||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||
ldapHost: {{ .Values.ldap.host | quote }}
|
||||
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
||||
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
notifierServer: {{ .Values.ldap.notifierHost | quote }}
|
||||
umcAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
|
||||
debugLevel: {{ if .Values.debug.enabled }}"4"{{ else }}"1"{{ end }}
|
||||
tlsMode: "off"
|
||||
umcServerUrl: "http://ums-umc-server"
|
||||
umcAdminUser: "default.admin"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
@@ -1550,20 +1583,47 @@ extraSecrets:
|
||||
- name: ums-provisioning-api-credentials
|
||||
stringData:
|
||||
NATS_USER: "api"
|
||||
NATS_PASSWORD: "password"
|
||||
NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiNatsPassword }}
|
||||
ADMIN_NATS_USER: "admin"
|
||||
ADMIN_NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminNatsPassword }}
|
||||
ADMIN_USERNAME: "admin"
|
||||
ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminPassword }}
|
||||
PREFILL_USERNAME: "prefill"
|
||||
PREFILL_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillPassword }}
|
||||
EVENTS_USERNAME_UDM: "udmproducer"
|
||||
EVENTS_PASSWORD_UDM: {{ .Values.secrets.univentionManagementStack.provisioning.udmProducerPassword }}
|
||||
- name: ums-provisioning-dispatcher-credentials
|
||||
stringData:
|
||||
UDM_USERNAME: "cn=admin"
|
||||
UDM_PASSWORD: "password"
|
||||
NATS_USER: "dispatcher"
|
||||
NATS_PASSWORD: "password"
|
||||
NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.dispatcherNatsPassword }}
|
||||
- name: ums-provisioning-prefill-credentials
|
||||
stringData:
|
||||
NATS_USER: "prefill"
|
||||
NATS_PASSWORD: "password"
|
||||
NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillNatsPassword }}
|
||||
UDM_USERNAME: "cn=admin"
|
||||
UDM_PASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
PREFILL_USERNAME: "prefill"
|
||||
PREFILL_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillPassword }}
|
||||
- name: ums-provisioning-udm-listener-credentials
|
||||
stringData:
|
||||
NATS_USER: "udmlistener"
|
||||
NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.udmListenerNatsPassword }}
|
||||
- name: ums-provisioning-nats-credentials
|
||||
stringData:
|
||||
admin_password: "nimda"
|
||||
- name: ums-provisioning-register-consumers-credentials
|
||||
stringData:
|
||||
ADMIN_USERNAME: "admin"
|
||||
ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminPassword }}
|
||||
- name: ums-provisioning-register-consumers-json-secrets
|
||||
stringData:
|
||||
selfservice-listener.json: |
|
||||
{
|
||||
"name": "selfservice-listener",
|
||||
"realms_topics": [["udm", "users/user"]],
|
||||
"request_prefill": true,
|
||||
"password": {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }}
|
||||
}
|
||||
- name: ums-udm-rest-api-credentials
|
||||
stringData:
|
||||
ldap.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
@@ -1578,4 +1638,10 @@ extraSecrets:
|
||||
stringData:
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
GUARDIAN_MANAGEMENT_API_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
||||
- name: "ums-selfservice-listener-credentials"
|
||||
stringData:
|
||||
UMC_ADMIN_USER: "default.admin"
|
||||
UMC_ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
|
||||
PROVISIONING_API_USERNAME: "selfservice-listener"
|
||||
PROVISIONING_API_PASSWORD: {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }}
|
||||
...
|
||||
|
||||
@@ -375,10 +375,16 @@ charts:
|
||||
# upstreamRepository: 'souvap/tooling/charts/univention/ums'
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ['0', '0', '1']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
# TODO: return back mirror registry and repository before merging
|
||||
# registry: "registry.opencode.de"
|
||||
# repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
registry: "registry.souvap-univention.de"
|
||||
repository: "souvap/tooling/charts/univention"
|
||||
name: "ums"
|
||||
version: "0.12.0"
|
||||
# TODO: Needs an update once the previous MR is merged
|
||||
# See: https://git.knut.univention.de/univention/customers/dataport/upx/ums-stack/-/merge_requests/32
|
||||
# version: "0.12.1"
|
||||
version: "0.12.1-pre-acaceres-update-dependencies"
|
||||
verify: true
|
||||
umsKeycloakBootstrap:
|
||||
# providerCategory: 'Supplier'
|
||||
|
||||
@@ -670,7 +670,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '14', '0']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
|
||||
tag: "0.21.3@sha256:29c5f216ab0f8d12c1e77969de6e82046c0d47e1111838fb0a2dcd9950c0175d"
|
||||
tag: "0.25.0@sha256:c6c9d1e4a46222105ded32c8e87cb2e9b19945592a9ada4e6c13e6942d721694"
|
||||
umsProvisioningEventsAndConsumerApi:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -680,7 +680,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '14', '0']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
|
||||
tag: "0.21.3@sha256:4cb498a64dd40c0963ca1ca382213ad5b8a4de5eb57650946d78ac44b359f43f"
|
||||
tag: "0.25.0@sha256:f0382154126421e4078beede3ce2579f61859da64c497cb5c93acc693bf71647"
|
||||
umsProvisioningPrefill:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -690,7 +690,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '14', '0']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
|
||||
tag: "0.21.3@sha256:944ff8558d12c59f3490cba68680281c3fa5468fd6fd011fd002befcb9956973"
|
||||
tag: "0.25.0@sha256:a5beae74c2575fa20d305ae635bc0c2bba64a9b1173819f8ddd4cca3fb59f6a4"
|
||||
umsProvisioningUdmListener:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -700,7 +700,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '14', '0']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
|
||||
tag: "0.21.3@sha256:e1cd42558e44bb72ed5c7798cef711db94df7d10d6895c993ca6412df1d25f02"
|
||||
tag: "0.25.0@sha256:b67e31d11461d02bc211117408ded3c0428d224b056f26734add7c024d5f710a"
|
||||
umsSelfserviceInvitation:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -708,19 +708,15 @@ images:
|
||||
# upstreamRepository: 'souvap/tooling/images/univention/selfservice-invitation'
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ['0', '3', '2']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
|
||||
tag: "0.4.0@sha256:bd252758576e1733076c78756f04225ebed73d9c48de22440975ef11dd087caf"
|
||||
umsSelfserviceListener:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
# upstreamRegistry: 'registry.souvap-univention.de'
|
||||
# upstreamRepository: 'souvap/tooling/images/univention/selfservice-listener'
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ['0', '3', '2']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener"
|
||||
tag: "0.4.0@sha256:0bc0235fd64a19a183f112da73109b54712c2d70fe7fa77c6405beefb7167588"
|
||||
# TODO: return back mirror registry and repository before merging
|
||||
# registry: "registry.opencode.de"
|
||||
# repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
|
||||
registry: "registry.souvap-univention.de"
|
||||
repository: "souvap/tooling/images/univention/selfservice-invitation"
|
||||
# TODO: Needs an update once the previous MR is merged
|
||||
# See: https://git.knut.univention.de/univention/customers/dataport/upx/selfservice-listener/-/merge_requests/16
|
||||
# version: "0.5.0"
|
||||
tag: "0.5.0-pre-acaceres-migrate-self-service-listener-to-provisioning-service@sha256:68b342badcaa0def19e6396bb23ffabf3e140ee2a3a39d37e7a5dc4cbba8362b"
|
||||
umsStackGateway:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
|
||||
@@ -466,6 +466,13 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsProvisioningRegisterConsumer:
|
||||
limits:
|
||||
cpu: 0.5
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.25
|
||||
memory: "128Mi"
|
||||
umsProvisioningNats:
|
||||
limits:
|
||||
cpu: 99
|
||||
@@ -480,13 +487,6 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsSelfserviceListenerDependencies:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsStackDataUms:
|
||||
limits:
|
||||
cpu: 99
|
||||
|
||||
@@ -34,14 +34,13 @@ secrets:
|
||||
apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
|
||||
apiAdminNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "apiAdmin" "nats" | sha1sum | quote }}
|
||||
apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }}
|
||||
dispatcherPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "dispatcher_service" | sha1sum | quote }}
|
||||
prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }}
|
||||
prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }}
|
||||
udmProducerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }}
|
||||
dispatcherNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "nats" | sha1sum | quote }}
|
||||
dispatcherUdmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
|
||||
udmListenerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmlistener" "nats" | sha1sum | quote }}
|
||||
udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
|
||||
selfserviceListener:
|
||||
provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "selfservice-listener" "selfservice-listener" | sha1sum | quote }}
|
||||
nats:
|
||||
natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user