|
|
|
|
@@ -183,20 +183,12 @@ keycloak:
|
|
|
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }}
|
|
|
|
|
repository: {{ .Values.images.nubusKeycloak.repository }}
|
|
|
|
|
tag: {{ .Values.images.nubusKeycloak.tag }}
|
|
|
|
|
# NOTE: The subchart "keycloak" does not yet support
|
|
|
|
|
# "global.imagePullPolicy". The local configuration can be removed once it
|
|
|
|
|
# does have this feature.
|
|
|
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
|
|
|
ingress:
|
|
|
|
|
enabled: false
|
|
|
|
|
keycloak:
|
|
|
|
|
auth:
|
|
|
|
|
username: "kcadmin"
|
|
|
|
|
# TODO: Pending secrets refactoring to be able to provide the value directly
|
|
|
|
|
existingSecret:
|
|
|
|
|
name: "ums-opendesk-keycloak-credentials"
|
|
|
|
|
keyMapping:
|
|
|
|
|
adminPassword: "admin_password"
|
|
|
|
|
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
|
|
|
|
login:
|
|
|
|
|
messages:
|
|
|
|
|
de:
|
|
|
|
|
@@ -444,12 +436,6 @@ nubusKeycloakExtensions:
|
|
|
|
|
keycloak:
|
|
|
|
|
auth:
|
|
|
|
|
username: "kcadmin"
|
|
|
|
|
# TODO: Pending secrets refactoring in component chart. This will refer to
|
|
|
|
|
# the secret generated by the keycloak subchart.
|
|
|
|
|
existingSecret:
|
|
|
|
|
name: "ums-opendesk-keycloak-credentials"
|
|
|
|
|
keyMapping:
|
|
|
|
|
adminPassword: "admin_password"
|
|
|
|
|
proxy:
|
|
|
|
|
additionalAnnotations:
|
|
|
|
|
{{ .Values.annotations.nubusKeycloakExtensions.proxyAdditional | toYaml | nindent 6 }}
|
|
|
|
|
@@ -457,13 +443,6 @@ nubusKeycloakExtensions:
|
|
|
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }}
|
|
|
|
|
repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }}
|
|
|
|
|
tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }}
|
|
|
|
|
# NOTE: The subchart "keycloak-extensions" does not yet support
|
|
|
|
|
# "global.imagePullPolicy".
|
|
|
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
|
|
|
# NOTE: Remove once the keycloak-extensions subchart respects
|
|
|
|
|
# "global.imagePullSecrets".
|
|
|
|
|
imagePullSecrets:
|
|
|
|
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
|
|
|
ingress:
|
|
|
|
|
annotations:
|
|
|
|
|
nginx.org/proxy-buffer-size: "8k"
|
|
|
|
|
@@ -559,13 +538,6 @@ nubusKeycloakExtensions:
|
|
|
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }}
|
|
|
|
|
repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
|
|
|
|
|
tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
|
|
|
|
|
# NOTE: The subchart "keycloak-extensions" does not yet support
|
|
|
|
|
# "global.imagePullPolicy".
|
|
|
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
|
|
|
# NOTE: Remove once the keycloak-extensions subchart respects
|
|
|
|
|
# "global.imagePullSecrets".
|
|
|
|
|
imagePullSecrets:
|
|
|
|
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
|
|
|
podAnnotations:
|
|
|
|
|
intents.otterize.com/service-name: "ums-keycloak-extensions-handler"
|
|
|
|
|
{{- with .Values.annotations.nubusKeycloakExtensions.handlerPod }}
|
|
|
|
|
@@ -1260,8 +1232,6 @@ nubusStackDataUms:
|
|
|
|
|
# the default username of `selfservice` is part of the customizing:
|
|
|
|
|
nubusUmcServer:
|
|
|
|
|
memcached:
|
|
|
|
|
auth:
|
|
|
|
|
username: ""
|
|
|
|
|
connection:
|
|
|
|
|
host: {{ .Values.cache.umsSelfservice.host | quote }}
|
|
|
|
|
postgresql:
|
|
|
|
|
@@ -1456,7 +1426,9 @@ nubusUmcServer:
|
|
|
|
|
bundled: false
|
|
|
|
|
server: {{ .Values.cache.umsSelfservice.host | quote }}
|
|
|
|
|
auth:
|
|
|
|
|
password: ""
|
|
|
|
|
# The memcached connection is not authenticated in openDesk but the umc-server pod needs a secret it can mount.
|
|
|
|
|
password: "stub-value"
|
|
|
|
|
existingSecret: null
|
|
|
|
|
podAnnotations:
|
|
|
|
|
{{ .Values.annotations.nubusUmcServer.pod | toYaml | nindent 4 }}
|
|
|
|
|
# Ref.: https://docs.software-univention.de/nubus-kubernetes-operation/1.x/en/reference.html#envvar-nubusUmcServer.podManagementPolicy
|
|
|
|
|
@@ -1596,15 +1568,9 @@ nubusKeycloakBootstrap:
|
|
|
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
|
|
|
|
repository: {{ .Values.images.nubusKeycloakBootstrap.repository }}
|
|
|
|
|
tag: {{ .Values.images.nubusKeycloakBootstrap.tag }}
|
|
|
|
|
# NOTE: The subchart does not yet fully support
|
|
|
|
|
# "global.imagePullPolicy". This can be removed once the subchart has
|
|
|
|
|
# been adjusted.
|
|
|
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
|
|
|
keycloak:
|
|
|
|
|
auth:
|
|
|
|
|
username: "kcadmin"
|
|
|
|
|
existingSecret:
|
|
|
|
|
name: "ums-opendesk-keycloak-credentials"
|
|
|
|
|
ldap:
|
|
|
|
|
auth:
|
|
|
|
|
bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }}
|
|
|
|
|
@@ -1639,9 +1605,6 @@ extraSecrets:
|
|
|
|
|
- name: "ums-opendesk-guardian-client-secret"
|
|
|
|
|
stringData:
|
|
|
|
|
managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
|
|
|
|
- name: "ums-opendesk-keycloak-credentials"
|
|
|
|
|
stringData:
|
|
|
|
|
admin_password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
|
|
|
|
- name: "ums-keycloak-postgresql-opendesk-credentials"
|
|
|
|
|
stringData:
|
|
|
|
|
keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
|
|
|
|
|
