Skip to content

Commit

Permalink
dbildungs-iam-server
Browse files Browse the repository at this point in the history
  • Loading branch information
dbildungs-iam-server-gha committed Nov 20, 2024
1 parent 065dc11 commit 32972af
Show file tree
Hide file tree
Showing 7 changed files with 47 additions and 49 deletions.
2 changes: 1 addition & 1 deletion automation/dbildungs-iam-server/Chart.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
version: 11.0.6
digest: sha256:790bafa04fe9c1cc9f772dc12fada16eb847c282f738fd23df09f665af93ec74
generated: "2024-11-20T14:57:52.391578784Z"
generated: "2024-11-20T15:03:02.334662439Z"
4 changes: 2 additions & 2 deletions automation/dbildungs-iam-server/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: SPSH-1288
appVersion: DBP-1066
dependencies:
- condition: redis-cluster.enabled
name: redis-cluster
Expand All @@ -8,4 +8,4 @@ dependencies:
description: dBildungs-IAM-server
name: dbildungs-iam-server
type: application
version: 0.0.0-spsh-1288-20241120-1457
version: 0.0.0-dbp-1066-20241120-1502
33 changes: 4 additions & 29 deletions automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,6 @@
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: frontend-sessionSecret
- name: ITSLEARNING_ENABLED
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: itslearning-enabled
- name: ITSLEARNING_ENDPOINT
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: itslearning-endpoint
- name: ITSLEARNING_USERNAME
valueFrom:
secretKeyRef:
Expand All @@ -56,16 +46,16 @@
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: itslearning-password
- name: LDAP_ADMIN_PASSWORD
- name: LDAP_BIND_DN
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: ldap-admin-password
- name: PI_BASE_URL
key: ldap-bind-dn
- name: LDAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: pi-base-url
key: ldap-admin-password
- name: PI_ADMIN_USER
valueFrom:
secretKeyRef:
Expand All @@ -76,21 +66,6 @@
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: pi-admin-password
- name: PI_USER_RESOLVER
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: pi-user-resolver
- name: PI_REALM
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: pi-user-realm
- name: PI_RENAME_WAITING_TIME
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: pi-rename-waiting-time
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
Expand Down
12 changes: 8 additions & 4 deletions automation/dbildungs-iam-server/templates/backend-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,12 @@ spec:
spec:
automountServiceAccountToken: false
initContainers:
{{- if .Values.backend.dbmigration.enabled }}
- name: "{{ template "common.names.name" . }}-db-migration-apply"
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
command: {{ .Values.backend.dbmigration.command }}
env:
{{- include "dbildungs-iam-server-backend-envs" . | indent 12 }}
{{- if .Values.backend.extraEnvVars }}
Expand All @@ -38,11 +39,13 @@ spec:
volumeMounts:
{{- toYaml .Values.backend.volumeMounts | nindent 12 }}
resources: {{- toYaml .Values.backend.resources | nindent 12 }}
{{ end }}
{{- if .Values.backend.keycloakdatamigration.enabled }}
- name: "{{ template "common.names.name" . }}-keycloak-data-migration"
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
command: {{ .Values.backend.keycloakdatamigration.command }}
env:
{{- include "dbildungs-iam-server-backend-envs" . | indent 12 }}
{{- if .Values.backend.extraEnvVars }}
Expand All @@ -54,20 +57,21 @@ spec:
volumeMounts:
{{- toYaml .Values.backend.volumeMounts | nindent 12 }}
resources: {{- toYaml .Values.backend.resources | nindent 12 }}
{{ end }}
{{- if .Values.backend.dbseeding.enabled }}
- name: db-seeding
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{.Values.imagePullPolicy | default "Always"}}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
command: {{ .Values.backend.dbseeding.command }}
envFrom:
- configMapRef:
name: {{ template "common.names.name" . }}
env: {{- include "dbildungs-iam-server-backend-envs" . | indent 12}}
volumeMounts:
{{- toYaml .Values.backend.volumeMounts | nindent 12 }}
resources: {{- toYaml .Values.backend.resources | nindent 12 }}
{{end}}
{{ end }}
containers:
- name: "{{ template "common.names.name" . }}-backend"
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
Expand Down
10 changes: 10 additions & 0 deletions automation/dbildungs-iam-server/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ metadata:
data:
config-json: |-
{{ .Files.Get "config/config.json" | nindent 4 }}
# why is this node env
NODE_ENV: "prod"
DEPLOY_STAGE: {{ .Values.environment | quote }}
DB_NAME: {{ .Values.database.name | quote }}
Expand All @@ -18,3 +19,12 @@ data:
BACKEND_HOSTNAME: "{{ .Values.backendHostname }}"
LDAP_URL: '{{ .Values.ldap.url | replace "spsh-xxx" .Release.Namespace }}'
LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}"
LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
ITSLEARNING_ENABLED: "{{ .Values.itslearning.enabled }}"
ITSLEARNING_ENDPOINT: "{{ .Values.itslearning.endpoint }}"
PI_BASE_URL: "{{ .Values.privacyidea.url }}"
PI_RENAME_WAITING_TIME: "{{ .Values.privacyidea.renameWaitingTime }}"
PI_REALM: "{{ .Values.privacyidea.realm }}"
PI_USER_RESOLVER: "{{ .Values.privacyidea.userResolver }}"

7 changes: 1 addition & 6 deletions automation/dbildungs-iam-server/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,12 @@ data:
db-username: {{ .Values.database.username }}
keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }}
keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }}
ldap-bind-dn: {{ .Values.auth.ldap_bind_dn }}
ldap-admin-password: {{ .Values.auth.ldap_admin_password }}
itslearning-enabled: {{ .Values.auth.itslearning_enabled }}
itslearning-endpoint: {{ .Values.auth.itslearning_endpoint }}
itslearning-username: {{ .Values.auth.itslearning_username }}
itslearning-password: {{ .Values.auth.itslearning_password }}
pi-base-url: {{ .Values.auth.pi_base_url }}
pi-admin-user: {{ .Values.auth.pi_admin_user }}
pi-admin-password: {{ .Values.auth.pi_admin_password }}
pi-user-resolver: {{ .Values.auth.pi_user_resolver }}
pi-user-realm: {{ .Values.auth.pi_user_realm }}
pi-rename-waiting-time: {{ .Values.auth.pi_rename_waiting_time }}
secrets-json: {{ .Values.auth.secrets_json }}
redis-password: {{ .Values.auth.redis_password }}
{{- end }}
28 changes: 21 additions & 7 deletions automation/dbildungs-iam-server/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,26 +29,34 @@ database:
ldap:
url: ldap://dbildungs-iam-ldap.spsh-xxx.svc.cluster.local
bindDN: cn=admin,dc=schule-sh,dc=de
oeffentlicheSchulenDomain: schule-sh.de
ersatzschulenDomain: ersatzschule-sh.de

itslearning:
enabled: false
endpoint: https://enterprise.itslintegrations.com/WCFServiceLibrary/ImsEnterpriseServicesPort.svc

privacyidea:
url: https://privacyidea.dev.spsh.dbildungsplattform.de
renameWaitingTime: 5
realm: ucs_users
userResolver: ucs_users


auth:
# existingSecret: Refers to a secret already present in the cluster, which is required.
existingSecret: ''
secretName: dbildungs-iam-server
keycloak_adminSecret: ''
keycloak_clientSecret: ''
ldap_bind_dn: ''
ldap_admin_password: ''
secrets_json: ''
frontend_sessionSecret: ''
itslearning_enabled: ''
itslearning_endpoint: ''
itslearning_username: ''
itslearning_password: ''
pi_base_url: ''
pi_admin_user: ''
pi_admin_password: ''
pi_user_resolver: ''
pi_user_realm: ''
pi_rename_waiting_time: ''
redis_password: ''

backend:
Expand Down Expand Up @@ -91,7 +99,13 @@ backend:
path: '/health'
dbseeding:
enabled: true
command: ['node', 'dist/src/console/main.js', 'db', 'seed', 'dev', '']
command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
dbmigration:
enabled: true
command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
keycloakdatamigration:
enabled: true
command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
ingress:
enabled: true
ingressClassName: nginx
Expand Down

0 comments on commit 32972af

Please sign in to comment.