Skip to content

Commit

Permalink
Merge branch 'main' into SPSH-1393
Browse files Browse the repository at this point in the history
  • Loading branch information
@kristoff-kiefer
kristoff-kiefer authored Dec 16, 2024
2 parents 3243350 + eb0ae23 commit c700d0a
Show file tree
Hide file tree
Showing 82 changed files with 3,131 additions and 991 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/create-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,14 @@ jobs:
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-test-sonarcloud.yaml@5
with:
node_version: '18'
timeout_minutes: 15
timeout_minutes: 20
permissions:
contents: read
secrets: inherit

release_image:
name: "Publish image and scan with trivy"
needs:
needs:
- codeql_analyze
- nest_lint
- tests_and_sonarcloud
Expand All @@ -57,7 +57,7 @@ jobs:
container_registry: "ghcr.io"
fail_on_vulnerabilites: false
report_location: "Dockerfile"

# Helm Chart
scan_helm:
uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
Expand All @@ -70,8 +70,8 @@ jobs:
secrets: inherit
with:
chart_name: "dbildungs-iam-server"
helm_chart_version_generation: specified
image_tag_generation: specified
helm_chart_version_generation: specified
image_tag_generation: specified
helm_chart_version: "${{ github.ref_name }}"
image_tag: "${{ github.ref_name }}"
helm_repo_list: "bitnami,https://charts.bitnami.com/bitnami"
helm_repo_list: "bitnami,https://charts.bitnami.com/bitnami"
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,3 +144,4 @@ dist
.vscode/settings.json

mariadb/
test/secrets.test.json
7 changes: 1 addition & 6 deletions charts/dbildungs-iam-server/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,4 @@ name: dbildungs-iam-server
version: 0.2.0
description: dBildungs-IAM-server
type: application
appVersion: ""
dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 20.3.0
condition: redis.enabled
appVersion: ""
2 changes: 1 addition & 1 deletion charts/dbildungs-iam-server/config/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"SERVICE_CLIENT_ID": "spsh-service"
},
"REDIS": {
"HOST": "dbildungs-iam-server-redis",
"HOST": "dbildungs-iam-redis-master.spsh.svc.cluster.local",
"PORT": 6379,
"USERNAME": "default",
"PASSWORD": "",
Expand Down
2 changes: 1 addition & 1 deletion charts/dbildungs-iam-server/config/secrets.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@
"REDIS": {
"PASSWORD": "password"
}
}
}
15 changes: 0 additions & 15 deletions charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,21 +86,6 @@
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: pi-user-realm
- name: SYSTEM_RENAME_WAITING_TIME_IN_SECONDS
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: system-rename-waiting-time-in-seconds
- name: SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: system-step-up-timeout-in-seconds
- name: SYSTEM_STEP_UP_TIMEOUT_ENABLED
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: system-step-up-timeout-enabled
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
Expand Down
3 changes: 3 additions & 0 deletions charts/dbildungs-iam-server/templates/backend-ingress.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
tls:
- hosts:
- {{ .Values.backendHostname }}
ingressClassName: {{ .Values.backend.ingress.ingressClassName }}
rules:
- host: {{ .Values.backendHostname }}
Expand Down
30 changes: 30 additions & 0 deletions charts/dbildungs-iam-server/templates/backend-ingress2nd.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{{if .Values.backend.ingress.enabled2nd }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "common.names.name" . }}-backend2nd
namespace: {{ template "common.names.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
nginx.ingress.kubernetes.io/cors-allow-origin: "https://{{ .Values.keycloak2ndHostname }},https://{{ .Values.keycloakHostname }}"
nginx.ingress.kubernetes.io/enable-cors: "true"
{{- with .Values.backend.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.backend.ingress.ingressClassName }}
rules:
- host: {{ .Values.backend2ndHostname }}
http:
paths:
{{- range $path := .Values.backend.ingress.paths }}
- path: {{ $path }}
pathType: {{ $.Values.backend.ingress.pathType }}
backend:
service:
name: {{ template "common.names.name" $ }}-backend
port:
number: {{ $.Values.backend.service.ports.http }}
{{- end }}
{{ end }}
8 changes: 5 additions & 3 deletions charts/dbildungs-iam-server/templates/backend-servicemonitor.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{{if .Values.backend.serviceMonitor.enabled }}
{{ if .Values.backend.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.name" . }}-backend
name: {{ template "common.names.name" . }}
namespace: {{ template "common.names.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
Expand All @@ -13,9 +13,11 @@ spec:
- {{ include "common.names.namespace" . | quote }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "common.names.name" . }}-backend
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/component: server-backend
endpoints:
- port: {{ (index .Values.backend.serviceMonitor.endpoints 0).port }}
path: {{ .Values.backend.serviceMonitor.path }}
interval: {{ .Values.backend.serviceMonitor.interval }}
{{ end }}

10 changes: 8 additions & 2 deletions charts/dbildungs-iam-server/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,20 @@ data:
FRONTEND_DEFAULT_LOGIN_REDIRECT: "https://{{ .Values.backendHostname }}/"
FRONTEND_LOGOUT_REDIRECT: "https://{{ .Values.backendHostname }}/"
BACKEND_HOSTNAME: "{{ .Values.backendHostname }}"
ERROR_PAGE_REDIRECT: "https://{{ .Values.backendHostname }}/login-error"
LDAP_URL: '{{ .Values.ldap.url | replace "spsh-xxx" .Release.Namespace }}'
LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}"
LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
STATUS_REDIRECT_URL: "{{ .Values.status.url }}"

OX_ENABLED: "{{ .Values.ox.enabled }}"
OX_USERNAME: "{{ .Values.ox.username }}"
OX_ENDPOINT: "{{ .Values.ox.endpoint }}"
OX_CONTEXT_ID: "{{ .Values.ox.contextId }}"
OX_CONTEXT_NAME: "{{ .Values.ox.contextName }}"
OX_CONTEXT_NAME: "{{ .Values.ox.contextName }}"
SYSTEM_RENAME_WAITING_TIME_IN_SECONDS: "{{ .Values.backend.env.renameWaitingTimeInSeconds }}"
SYSTEM_STEP_UP_TIMEOUT_ENABLED: "{{ .Values.backend.env.stepUpTimeoutEnabled }}"
SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS: "{{ .Values.backend.env.stepUpTimeoutInSeconds }}"
ITSLEARNING_ROOT: '{{ .Values.itslearning.root }}'
ITSLEARNING_ROOT_OEFFENTLICH: '{{ .Values.itslearning.rootOeffentlich }}'
ITSLEARNING_ROOT_ERSATZ: '{{ .Values.itslearning.rootErsatz }}'
17 changes: 17 additions & 0 deletions charts/dbildungs-iam-server/templates/pdb.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{- if .Values.podDisruptionBudget.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "common.names.name" . }}-pdb
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
selector:
matchLabels:
app.kubernetes.io/name: dbildungs-iam-server
{{- end }}
3 changes: 0 additions & 3 deletions charts/dbildungs-iam-server/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,6 @@ data:
pi-admin-password: {{ .Values.auth.pi_admin_password }}
pi-user-resolver: {{ .Values.auth.pi_user_resolver }}
pi-user-realm: {{ .Values.auth.pi_user_realm }}
system-rename-waiting-time-in-seconds: {{ .Values.auth.system_rename_waiting_time_in_seconds }}
system-step-up-timeout-in-seconds: {{ .Values.auth.system_step_up_timeout_in_seconds }}
system-step-up-enabled: {{ .Values.auth.system_step_up_enabled }}
secrets-json: {{ .Values.auth.secrets_json }}
redis-password: {{ .Values.auth.redis_password }}
vidis-base-url: {{ .Values.auth.vidis_base_url }}
Expand Down
54 changes: 19 additions & 35 deletions charts/dbildungs-iam-server/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ namespaceOverride: ''

backendHostname: ''
keycloakHostname: ''
keycloak2ndHostname: ""
backend2ndHostname: ""

containerSecurityContext:
enabled: true
Expand Down Expand Up @@ -32,6 +34,11 @@ ldap:
oeffentlicheSchulenDomain: schule-sh.de
ersatzschulenDomain: ersatzschule-sh.de

itslearning:
root: sh
rootOeffentlich: oeffentlich
rootErsatz: ersatz

auth:
# existingSecret: Refers to a secret already present in the cluster, which is required.
existingSecret: ''
Expand All @@ -50,9 +57,6 @@ auth:
pi_admin_password: ''
pi_user_resolver: ''
pi_user_realm: ''
system_rename_waiting_time_in_seconds: ''
system_step_up_timeout_in_seconds: ''
system_step_up_timeout_enabled: ''
redis_password: ''
vidis_base_url: ''
vidis_username: ''
Expand Down Expand Up @@ -111,6 +115,8 @@ backend:
enabled: true
command: ['node', 'dist/src/console/main.js', 'db', 'seed', 'dev', '']
ingress:
# Only enable if 2nd host name is defined
enabled2nd: false
enabled: true
ingressClassName: nginx
pathType: Prefix
Expand All @@ -128,6 +134,8 @@ backend:
http: 80
serviceMonitor:
enabled: true
path: "/metrics"
interval: 30m
endpoints:
- port: 'web'
extraEnvVars: []
Expand All @@ -141,45 +149,21 @@ backend:
subPath: secrets-json
name: secret-volume
extraVolumeMounts: []

redis:
enabled: true
image:
registry: docker.io
repository: bitnami/redis
tag: 7.4.1-debian-12-r2
replica:
replicaCount: 1
sentinel:
enabled: true
pdb:
create: false
networkPolicy:
enabled: false
serviceAccount:
create: false
auth:
existingSecret: ''
podLabels:
app.kubernetes.io/component: server-redis
commonLabels:
app.kubernetes.io/name: dbildungs-iam-server
resources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 125m
memory: 128Mi
metrics:
enabled: true
env:
renameWaitingTimeInSeconds: 3
stepUpTimeoutInSeconds: 900
stepUpTimeoutEnabled: 'false'

autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 60

podDisruptionBudget:
enabled: true
minAvailable: "80%"

status:
url: 'https://status.dev.spsh.dbildungsplattform.de/'

Expand Down
4 changes: 2 additions & 2 deletions config/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
"BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
},
"ITSLEARNING": {
"ENABLED": "false",
"ENABLED": false,
"ENDPOINT": "https://itslearning-test.example.com",
"USERNAME": "username",
"PASSWORD": "password",
Expand All @@ -72,7 +72,7 @@
"ROOT_ERSATZ": "ersatz"
},
"OX": {
"ENABLED": "false",
"ENABLED": false,
"ENDPOINT": "http://ox.dev.spsh.dbildungsplattform.de/webservices/",
"CONTEXT_ID": "1337",
"CONTEXT_NAME": "contextname",
Expand Down
Loading

0 comments on commit c700d0a

Please sign in to comment.