From 32972af3c98172e646e3859e160fae742198e64f Mon Sep 17 00:00:00 2001 From: dbildungs-iam-server-gha Date: Wed, 20 Nov 2024 15:03:38 +0000 Subject: [PATCH] dbildungs-iam-server --- automation/dbildungs-iam-server/Chart.lock | 2 +- automation/dbildungs-iam-server/Chart.yaml | 4 +-- .../templates/_dbildungs-iam-server-envs.tpl | 33 +++---------------- .../templates/backend-deployment.yaml | 12 ++++--- .../templates/configmap.yaml | 10 ++++++ .../templates/secret.yaml | 7 +--- automation/dbildungs-iam-server/values.yaml | 28 ++++++++++++---- 7 files changed, 47 insertions(+), 49 deletions(-) diff --git a/automation/dbildungs-iam-server/Chart.lock b/automation/dbildungs-iam-server/Chart.lock index 58a5ec7d0..5db4713cc 100644 --- a/automation/dbildungs-iam-server/Chart.lock +++ b/automation/dbildungs-iam-server/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 11.0.6 digest: sha256:790bafa04fe9c1cc9f772dc12fada16eb847c282f738fd23df09f665af93ec74 -generated: "2024-11-20T14:57:52.391578784Z" +generated: "2024-11-20T15:03:02.334662439Z" diff --git a/automation/dbildungs-iam-server/Chart.yaml b/automation/dbildungs-iam-server/Chart.yaml index b19756914..e98fe1215 100644 --- a/automation/dbildungs-iam-server/Chart.yaml +++ b/automation/dbildungs-iam-server/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: SPSH-1288 +appVersion: DBP-1066 dependencies: - condition: redis-cluster.enabled name: redis-cluster @@ -8,4 +8,4 @@ dependencies: description: dBildungs-IAM-server name: dbildungs-iam-server type: application -version: 0.0.0-spsh-1288-20241120-1457 +version: 0.0.0-dbp-1066-20241120-1502 diff --git a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl index e6b03a7fd..995dc13fd 100644 --- a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl +++ b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl @@ -36,16 +36,6 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: frontend-sessionSecret - - name: ITSLEARNING_ENABLED - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-enabled - - name: ITSLEARNING_ENDPOINT - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-endpoint - name: ITSLEARNING_USERNAME valueFrom: secretKeyRef: @@ -56,16 +46,16 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: itslearning-password - - name: LDAP_ADMIN_PASSWORD + - name: LDAP_BIND_DN valueFrom: secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: ldap-admin-password - - name: PI_BASE_URL + key: ldap-bind-dn + - name: LDAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-base-url + key: ldap-admin-password - name: PI_ADMIN_USER valueFrom: secretKeyRef: @@ -76,21 +66,6 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: pi-admin-password - - name: PI_USER_RESOLVER - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-user-resolver - - name: PI_REALM - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-user-realm - - name: PI_RENAME_WAITING_TIME - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-rename-waiting-time - name: REDIS_PASSWORD valueFrom: secretKeyRef: diff --git a/automation/dbildungs-iam-server/templates/backend-deployment.yaml b/automation/dbildungs-iam-server/templates/backend-deployment.yaml index 0c5b14b06..7d5405891 100644 --- a/automation/dbildungs-iam-server/templates/backend-deployment.yaml +++ b/automation/dbildungs-iam-server/templates/backend-deployment.yaml @@ -22,11 +22,12 @@ spec: spec: automountServiceAccountToken: false initContainers: + {{- if .Values.backend.dbmigration.enabled }} - name: "{{ template "common.names.name" . }}-db-migration-apply" image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ] + command: {{ .Values.backend.dbmigration.command }} env: {{- include "dbildungs-iam-server-backend-envs" . | indent 12 }} {{- if .Values.backend.extraEnvVars }} @@ -38,11 +39,13 @@ spec: volumeMounts: {{- toYaml .Values.backend.volumeMounts | nindent 12 }} resources: {{- toYaml .Values.backend.resources | nindent 12 }} + {{ end }} + {{- if .Values.backend.keycloakdatamigration.enabled }} - name: "{{ template "common.names.name" . }}-keycloak-data-migration" image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ] + command: {{ .Values.backend.keycloakdatamigration.command }} env: {{- include "dbildungs-iam-server-backend-envs" . | indent 12 }} {{- if .Values.backend.extraEnvVars }} @@ -54,12 +57,13 @@ spec: volumeMounts: {{- toYaml .Values.backend.volumeMounts | nindent 12 }} resources: {{- toYaml .Values.backend.resources | nindent 12 }} + {{ end }} {{- if .Values.backend.dbseeding.enabled }} - name: db-seeding image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{.Values.imagePullPolicy | default "Always"}} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ] + command: {{ .Values.backend.dbseeding.command }} envFrom: - configMapRef: name: {{ template "common.names.name" . }} @@ -67,7 +71,7 @@ spec: volumeMounts: {{- toYaml .Values.backend.volumeMounts | nindent 12 }} resources: {{- toYaml .Values.backend.resources | nindent 12 }} - {{end}} + {{ end }} containers: - name: "{{ template "common.names.name" . }}-backend" image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" diff --git a/automation/dbildungs-iam-server/templates/configmap.yaml b/automation/dbildungs-iam-server/templates/configmap.yaml index 6b8d8ac73..8a2abcfd3 100644 --- a/automation/dbildungs-iam-server/templates/configmap.yaml +++ b/automation/dbildungs-iam-server/templates/configmap.yaml @@ -8,6 +8,7 @@ metadata: data: config-json: |- {{ .Files.Get "config/config.json" | nindent 4 }} + # why is this node env NODE_ENV: "prod" DEPLOY_STAGE: {{ .Values.environment | quote }} DB_NAME: {{ .Values.database.name | quote }} @@ -18,3 +19,12 @@ data: BACKEND_HOSTNAME: "{{ .Values.backendHostname }}" LDAP_URL: '{{ .Values.ldap.url | replace "spsh-xxx" .Release.Namespace }}' LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}" + LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}" + LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}" + ITSLEARNING_ENABLED: "{{ .Values.itslearning.enabled }}" + ITSLEARNING_ENDPOINT: "{{ .Values.itslearning.endpoint }}" + PI_BASE_URL: "{{ .Values.privacyidea.url }}" + PI_RENAME_WAITING_TIME: "{{ .Values.privacyidea.renameWaitingTime }}" + PI_REALM: "{{ .Values.privacyidea.realm }}" + PI_USER_RESOLVER: "{{ .Values.privacyidea.userResolver }}" + diff --git a/automation/dbildungs-iam-server/templates/secret.yaml b/automation/dbildungs-iam-server/templates/secret.yaml index 51e46f34b..677d8f793 100644 --- a/automation/dbildungs-iam-server/templates/secret.yaml +++ b/automation/dbildungs-iam-server/templates/secret.yaml @@ -12,17 +12,12 @@ data: db-username: {{ .Values.database.username }} keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }} keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }} + ldap-bind-dn: {{ .Values.auth.ldap_bind_dn }} ldap-admin-password: {{ .Values.auth.ldap_admin_password }} - itslearning-enabled: {{ .Values.auth.itslearning_enabled }} - itslearning-endpoint: {{ .Values.auth.itslearning_endpoint }} itslearning-username: {{ .Values.auth.itslearning_username }} itslearning-password: {{ .Values.auth.itslearning_password }} - pi-base-url: {{ .Values.auth.pi_base_url }} pi-admin-user: {{ .Values.auth.pi_admin_user }} pi-admin-password: {{ .Values.auth.pi_admin_password }} - pi-user-resolver: {{ .Values.auth.pi_user_resolver }} - pi-user-realm: {{ .Values.auth.pi_user_realm }} - pi-rename-waiting-time: {{ .Values.auth.pi_rename_waiting_time }} secrets-json: {{ .Values.auth.secrets_json }} redis-password: {{ .Values.auth.redis_password }} {{- end }} diff --git a/automation/dbildungs-iam-server/values.yaml b/automation/dbildungs-iam-server/values.yaml index 32331b899..3b297197a 100644 --- a/automation/dbildungs-iam-server/values.yaml +++ b/automation/dbildungs-iam-server/values.yaml @@ -29,6 +29,19 @@ database: ldap: url: ldap://dbildungs-iam-ldap.spsh-xxx.svc.cluster.local bindDN: cn=admin,dc=schule-sh,dc=de + oeffentlicheSchulenDomain: schule-sh.de + ersatzschulenDomain: ersatzschule-sh.de + +itslearning: + enabled: false + endpoint: https://enterprise.itslintegrations.com/WCFServiceLibrary/ImsEnterpriseServicesPort.svc + +privacyidea: + url: https://privacyidea.dev.spsh.dbildungsplattform.de + renameWaitingTime: 5 + realm: ucs_users + userResolver: ucs_users + auth: # existingSecret: Refers to a secret already present in the cluster, which is required. @@ -36,19 +49,14 @@ auth: secretName: dbildungs-iam-server keycloak_adminSecret: '' keycloak_clientSecret: '' + ldap_bind_dn: '' ldap_admin_password: '' secrets_json: '' frontend_sessionSecret: '' - itslearning_enabled: '' - itslearning_endpoint: '' itslearning_username: '' itslearning_password: '' - pi_base_url: '' pi_admin_user: '' pi_admin_password: '' - pi_user_resolver: '' - pi_user_realm: '' - pi_rename_waiting_time: '' redis_password: '' backend: @@ -91,7 +99,13 @@ backend: path: '/health' dbseeding: enabled: true - command: ['node', 'dist/src/console/main.js', 'db', 'seed', 'dev', ''] + command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ] + dbmigration: + enabled: true + command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ] + keycloakdatamigration: + enabled: true + command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ] ingress: enabled: true ingressClassName: nginx