dbildungs-iam-server

dBildungsplattform · Dec 17, 2024 · c76285b · c76285b
1 parent 67ffc6d
commit c76285b
Show file tree

Hide file tree

Showing 7 changed files with 118 additions and 148 deletions.
diff --git a/automation/dbildungs-iam-server/Chart.yaml b/automation/dbildungs-iam-server/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: SPSH-1393
+appVersion: SPSH-1034
 description: dBildungs-IAM-server
 name: dbildungs-iam-server
 type: application
-version: 0.0.0-spsh-1393-20241217-1004
+version: 0.0.0-spsh-1034-20241217-1021
diff --git a/automation/dbildungs-iam-server/config/config.json b/automation/dbildungs-iam-server/config/config.json
@@ -30,6 +30,11 @@
     "PASSWORD": "",
     "USE_TLS": false
   },
+  "LDAP": {
+    "URL": "ldap://spsh-xxx.svc.cluster.local",
+    "BIND_DN": "cn=admin,dc=schule-sh,dc=de",
+    "ADMIN_PASSWORD": "password"
+  },
   "DATA": {
     "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057"
   },
@@ -46,10 +51,22 @@
     "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
   },
   "ITSLEARNING": {
+    "ENABLED": false,
+    "ENDPOINT": "https://itslearning.example.com",
+    "USERNAME": "username",
+    "PASSWORD": "password",
     "ROOT": "sh",
     "ROOT_OEFFENTLICH": "oeffentlich",
     "ROOT_ERSATZ": "ersatz"
   },
+  "OX": {
+    "ENABLED": false,
+    "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService",
+    "CONTEXT_ID": "1337",
+    "CONTEXT_NAME": "contextname",
+    "USERNAME": "username",
+    "PASSWORD": "password"
+  },
   "PRIVACYIDEA": {
     "ENDPOINT": "http://localhost:5000",
     "USERNAME": "admin",

diff --git a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
@@ -1,129 +1,94 @@
 {{- define "dbildungs-iam-server-backend-envs" }}
-          - name: DB_SECRET
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: db-password
-          - name: DB_USERNAME
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: db-username
-          - name: DB_HOST
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: db-host
-          - name: KC_ADMIN_SECRET
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: keycloak-adminSecret
-          - name: DB_CLIENT_URL
-            value: "postgres://$(DB_HOST)/"
-          - name: KC_CLIENT_SECRET
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: keycloak-clientSecret
-          - name: KC_SERVICE_CLIENT_PRIVATE_JWKS
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: service-account-private-jwks
-          - name: FRONTEND_SESSION_SECRET
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: frontend-sessionSecret
-          - name: ITSLEARNING_ENABLED
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: itslearning-enabled
-          - name: ITSLEARNING_ENDPOINT
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: itslearning-endpoint
-          - name: ITSLEARNING_USERNAME
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: itslearning-username
-          - name: ITSLEARNING_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: itslearning-password
-          - name: LDAP_ADMIN_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: ldap-admin-password
-          - name: PI_BASE_URL
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-base-url
-          - name: PI_ADMIN_USER
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-admin-user
-          - name: PI_ADMIN_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-admin-password
-          - name: PI_USER_RESOLVER
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-user-resolver
-          - name: PI_REALM
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-user-realm
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: redis-password
-          - name: VIDIS_BASE_URL
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: vidis-base-url
-          - name: VIDIS_USERNAME
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: vidis-username
-          - name: VIDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: vidis-password
-          - name: VIDIS_REGION_NAME
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: vidis-region-name
-          - name: VIDIS_KEYCLOAK_GROUP
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: vidis-keycloak-group
-          - name: VIDIS_KEYCLOAK_ROLE
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: vidis-keycloak-role
-          - name: OX_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: ox-password
+- name: DB_SECRET
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: db-password
+- name: DB_USERNAME
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: db-username
+- name: DB_HOST
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: db-host
+- name: KC_ADMIN_SECRET
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: keycloak-adminSecret
+- name: DB_CLIENT_URL
+  value: "postgres://$(DB_HOST)/"
+- name: KC_CLIENT_SECRET
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: keycloak-clientSecret
+- name: KC_SERVICE_CLIENT_PRIVATE_JWKS
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: service-account-private-jwks
+- name: FRONTEND_SESSION_SECRET
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: frontend-sessionSecret
+- name: ITSLEARNING_ENABLED
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: itslearning-enabled
+- name: ITSLEARNING_ENDPOINT
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: itslearning-endpoint
+- name: ITSLEARNING_USERNAME
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: itslearning-username
+- name: ITSLEARNING_PASSWORD
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: itslearning-password
+- name: LDAP_ADMIN_PASSWORD
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: ldap-admin-password
+- name: PI_BASE_URL
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: pi-base-url
+- name: PI_ADMIN_USER
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: pi-admin-user
+- name: PI_ADMIN_PASSWORD
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: pi-admin-password
+- name: PI_USER_RESOLVER
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: pi-user-resolver
+- name: PI_REALM
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: pi-user-realm
+- name: REDIS_PASSWORD
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: redis-password
 {{- end}}
diff --git a/automation/dbildungs-iam-server/templates/backend-deployment.yaml b/automation/dbildungs-iam-server/templates/backend-deployment.yaml
@@ -44,10 +44,10 @@ spec:
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
           env:
-              {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
-              {{- if .Values.backend.extraEnvVars }}
-              {{ toYaml .Values.backend.extraEnvVars | nindent 12 }}
-              {{- end }}
+            {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
+            {{- if .Values.backend.extraEnvVars }}
+            {{ toYaml .Values.backend.extraEnvVars | nindent 12 }}
+            {{- end }}
           envFrom:
             - configMapRef:
                 name: {{ template "common.names.name" . }}

diff --git a/automation/dbildungs-iam-server/templates/configmap.yaml b/automation/dbildungs-iam-server/templates/configmap.yaml
@@ -22,14 +22,10 @@ data:
   LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
   LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
   STATUS_REDIRECT_URL: "{{ .Values.status.url }}"
-  OX_ENABLED: "{{ .Values.ox.enabled }}"
-  OX_USERNAME: "{{ .Values.ox.username }}"
-  OX_ENDPOINT: "{{ .Values.ox.endpoint }}"
-  OX_CONTEXT_ID: "{{ .Values.ox.contextId }}"
-  OX_CONTEXT_NAME: "{{ .Values.ox.contextName }}"
   SYSTEM_RENAME_WAITING_TIME_IN_SECONDS: "{{ .Values.backend.env.renameWaitingTimeInSeconds }}"
   SYSTEM_STEP_UP_TIMEOUT_ENABLED: "{{ .Values.backend.env.stepUpTimeoutEnabled }}"
   SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS: "{{ .Values.backend.env.stepUpTimeoutInSeconds }}"
   ITSLEARNING_ROOT: '{{ .Values.itslearning.root }}'
   ITSLEARNING_ROOT_OEFFENTLICH: '{{ .Values.itslearning.rootOeffentlich }}'
   ITSLEARNING_ROOT_ERSATZ: '{{ .Values.itslearning.rootErsatz }}'
+  NODE_OPTIONS: "--max-old-space-size={{ .Values.backend.env.maxOldSpaceSize }}"
diff --git a/automation/dbildungs-iam-server/templates/secret.yaml b/automation/dbildungs-iam-server/templates/secret.yaml
@@ -30,5 +30,4 @@ data:
   vidis-region-name: {{ .Values.auth.vidis_region_name }}
   vidis-keycloak-group: {{ .Values.auth.vidis_keycloak_group }}
   vidis-keycloak-role: {{ .Values.auth.vidis_keycloak_role }}
-  ox-password: {{ .Values.auth.ox_password }}
-{{- end }}
+{{- end }}
diff --git a/automation/dbildungs-iam-server/values.yaml b/automation/dbildungs-iam-server/values.yaml
@@ -64,14 +64,6 @@ auth:
   vidis_region_name: ''
   vidis_keycloak_group: ''
   vidis_keycloak_role: ''
-  ox_password: ''
-
-ox:
-  enabled: false
-  username: ''
-  endpoint: ''
-  contextId: ''
-  contextName: ''
 
 backend:
   replicaCount: 1
@@ -153,6 +145,7 @@ backend:
     renameWaitingTimeInSeconds: 3
     stepUpTimeoutInSeconds: 900
     stepUpTimeoutEnabled: 'false'
+    maxOldSpaceSize: 3584
 
 autoscaling:
   enabled: false