diff --git a/automation/dbildungs-iam-server/Chart.yaml b/automation/dbildungs-iam-server/Chart.yaml index cd2d7251f..790653e26 100644 --- a/automation/dbildungs-iam-server/Chart.yaml +++ b/automation/dbildungs-iam-server/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: SPSH-1393 +appVersion: SPSH-1034 description: dBildungs-IAM-server name: dbildungs-iam-server type: application -version: 0.0.0-spsh-1393-20241217-1004 +version: 0.0.0-spsh-1034-20241217-1021 diff --git a/automation/dbildungs-iam-server/config/config.json b/automation/dbildungs-iam-server/config/config.json index 17cb5d368..c2fac1396 100644 --- a/automation/dbildungs-iam-server/config/config.json +++ b/automation/dbildungs-iam-server/config/config.json @@ -30,6 +30,11 @@ "PASSWORD": "", "USE_TLS": false }, + "LDAP": { + "URL": "ldap://spsh-xxx.svc.cluster.local", + "BIND_DN": "cn=admin,dc=schule-sh,dc=de", + "ADMIN_PASSWORD": "password" + }, "DATA": { "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057" }, @@ -46,10 +51,22 @@ "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug" }, "ITSLEARNING": { + "ENABLED": false, + "ENDPOINT": "https://itslearning.example.com", + "USERNAME": "username", + "PASSWORD": "password", "ROOT": "sh", "ROOT_OEFFENTLICH": "oeffentlich", "ROOT_ERSATZ": "ersatz" }, + "OX": { + "ENABLED": false, + "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService", + "CONTEXT_ID": "1337", + "CONTEXT_NAME": "contextname", + "USERNAME": "username", + "PASSWORD": "password" + }, "PRIVACYIDEA": { "ENDPOINT": "http://localhost:5000", "USERNAME": "admin", diff --git a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl index b911656c5..8ae0a3964 100644 --- a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl +++ b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl @@ -1,129 +1,94 @@ {{- define "dbildungs-iam-server-backend-envs" }} - - name: DB_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: db-password - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: db-username - - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: db-host - - name: KC_ADMIN_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-adminSecret - - name: DB_CLIENT_URL - value: "postgres://$(DB_HOST)/" - - name: KC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: keycloak-clientSecret - - name: KC_SERVICE_CLIENT_PRIVATE_JWKS - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: service-account-private-jwks - - name: FRONTEND_SESSION_SECRET - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: frontend-sessionSecret - - name: ITSLEARNING_ENABLED - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-enabled - - name: ITSLEARNING_ENDPOINT - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-endpoint - - name: ITSLEARNING_USERNAME - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-username - - name: ITSLEARNING_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-password - - name: LDAP_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: ldap-admin-password - - name: PI_BASE_URL - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-base-url - - name: PI_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-admin-user - - name: PI_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-admin-password - - name: PI_USER_RESOLVER - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-user-resolver - - name: PI_REALM - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-user-realm - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: redis-password - - name: VIDIS_BASE_URL - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: vidis-base-url - - name: VIDIS_USERNAME - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: vidis-username - - name: VIDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: vidis-password - - name: VIDIS_REGION_NAME - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: vidis-region-name - - name: VIDIS_KEYCLOAK_GROUP - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: vidis-keycloak-group - - name: VIDIS_KEYCLOAK_ROLE - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: vidis-keycloak-role - - name: OX_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: ox-password +- name: DB_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: db-password +- name: DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: db-username +- name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: db-host +- name: KC_ADMIN_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: keycloak-adminSecret +- name: DB_CLIENT_URL + value: "postgres://$(DB_HOST)/" +- name: KC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: keycloak-clientSecret +- name: KC_SERVICE_CLIENT_PRIVATE_JWKS + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: service-account-private-jwks +- name: FRONTEND_SESSION_SECRET + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: frontend-sessionSecret +- name: ITSLEARNING_ENABLED + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: itslearning-enabled +- name: ITSLEARNING_ENDPOINT + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: itslearning-endpoint +- name: ITSLEARNING_USERNAME + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: itslearning-username +- name: ITSLEARNING_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: itslearning-password +- name: LDAP_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: ldap-admin-password +- name: PI_BASE_URL + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: pi-base-url +- name: PI_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: pi-admin-user +- name: PI_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: pi-admin-password +- name: PI_USER_RESOLVER + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: pi-user-resolver +- name: PI_REALM + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: pi-user-realm +- name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: redis-password {{- end}} diff --git a/automation/dbildungs-iam-server/templates/backend-deployment.yaml b/automation/dbildungs-iam-server/templates/backend-deployment.yaml index b36630482..56a8aae53 100644 --- a/automation/dbildungs-iam-server/templates/backend-deployment.yaml +++ b/automation/dbildungs-iam-server/templates/backend-deployment.yaml @@ -44,10 +44,10 @@ spec: securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ] env: - {{- include "dbildungs-iam-server-backend-envs" . | indent 12 }} - {{- if .Values.backend.extraEnvVars }} - {{ toYaml .Values.backend.extraEnvVars | nindent 12 }} - {{- end }} + {{- include "dbildungs-iam-server-backend-envs" . | indent 12 }} + {{- if .Values.backend.extraEnvVars }} + {{ toYaml .Values.backend.extraEnvVars | nindent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ template "common.names.name" . }} diff --git a/automation/dbildungs-iam-server/templates/configmap.yaml b/automation/dbildungs-iam-server/templates/configmap.yaml index eb769795d..67068141c 100644 --- a/automation/dbildungs-iam-server/templates/configmap.yaml +++ b/automation/dbildungs-iam-server/templates/configmap.yaml @@ -22,14 +22,10 @@ data: LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}" LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}" STATUS_REDIRECT_URL: "{{ .Values.status.url }}" - OX_ENABLED: "{{ .Values.ox.enabled }}" - OX_USERNAME: "{{ .Values.ox.username }}" - OX_ENDPOINT: "{{ .Values.ox.endpoint }}" - OX_CONTEXT_ID: "{{ .Values.ox.contextId }}" - OX_CONTEXT_NAME: "{{ .Values.ox.contextName }}" SYSTEM_RENAME_WAITING_TIME_IN_SECONDS: "{{ .Values.backend.env.renameWaitingTimeInSeconds }}" SYSTEM_STEP_UP_TIMEOUT_ENABLED: "{{ .Values.backend.env.stepUpTimeoutEnabled }}" SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS: "{{ .Values.backend.env.stepUpTimeoutInSeconds }}" ITSLEARNING_ROOT: '{{ .Values.itslearning.root }}' ITSLEARNING_ROOT_OEFFENTLICH: '{{ .Values.itslearning.rootOeffentlich }}' ITSLEARNING_ROOT_ERSATZ: '{{ .Values.itslearning.rootErsatz }}' + NODE_OPTIONS: "--max-old-space-size={{ .Values.backend.env.maxOldSpaceSize }}" diff --git a/automation/dbildungs-iam-server/templates/secret.yaml b/automation/dbildungs-iam-server/templates/secret.yaml index 68a57d6f3..4b0c37d22 100644 --- a/automation/dbildungs-iam-server/templates/secret.yaml +++ b/automation/dbildungs-iam-server/templates/secret.yaml @@ -30,5 +30,4 @@ data: vidis-region-name: {{ .Values.auth.vidis_region_name }} vidis-keycloak-group: {{ .Values.auth.vidis_keycloak_group }} vidis-keycloak-role: {{ .Values.auth.vidis_keycloak_role }} - ox-password: {{ .Values.auth.ox_password }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/automation/dbildungs-iam-server/values.yaml b/automation/dbildungs-iam-server/values.yaml index 1c74fcde1..889ee89ba 100644 --- a/automation/dbildungs-iam-server/values.yaml +++ b/automation/dbildungs-iam-server/values.yaml @@ -64,14 +64,6 @@ auth: vidis_region_name: '' vidis_keycloak_group: '' vidis_keycloak_role: '' - ox_password: '' - -ox: - enabled: false - username: '' - endpoint: '' - contextId: '' - contextName: '' backend: replicaCount: 1 @@ -153,6 +145,7 @@ backend: renameWaitingTimeInSeconds: 3 stepUpTimeoutInSeconds: 900 stepUpTimeoutEnabled: 'false' + maxOldSpaceSize: 3584 autoscaling: enabled: false