From e6df31d4013e40b85d14384c112dac86faf24015 Mon Sep 17 00:00:00 2001 From: dbildungs-iam-server-gha Date: Wed, 20 Nov 2024 14:08:24 +0000 Subject: [PATCH] dbildungs-iam-server --- automation/dbildungs-iam-server/Chart.lock | 2 +- automation/dbildungs-iam-server/Chart.yaml | 4 +- .../dbildungs-iam-server/config/config.json | 166 +++++++++--------- .../templates/_dbildungs-iam-server-envs.tpl | 30 ++++ .../templates/configmap.yaml | 2 - .../templates/secret.yaml | 6 + automation/dbildungs-iam-server/values.yaml | 39 ++-- 7 files changed, 147 insertions(+), 102 deletions(-) diff --git a/automation/dbildungs-iam-server/Chart.lock b/automation/dbildungs-iam-server/Chart.lock index 0725d3653..c568e52b5 100644 --- a/automation/dbildungs-iam-server/Chart.lock +++ b/automation/dbildungs-iam-server/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 11.0.6 digest: sha256:790bafa04fe9c1cc9f772dc12fada16eb847c282f738fd23df09f665af93ec74 -generated: "2024-11-20T13:48:52.238887665Z" +generated: "2024-11-20T14:07:50.31141806Z" diff --git a/automation/dbildungs-iam-server/Chart.yaml b/automation/dbildungs-iam-server/Chart.yaml index 58ecc5d1d..123cecb90 100644 --- a/automation/dbildungs-iam-server/Chart.yaml +++ b/automation/dbildungs-iam-server/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: DBP-1081 +appVersion: SPSH-1137 dependencies: - condition: redis-cluster.enabled name: redis-cluster @@ -8,4 +8,4 @@ dependencies: description: dBildungs-IAM-server name: dbildungs-iam-server type: application -version: 0.0.0-dbp-1081-20241120-1348 +version: 0.0.0-spsh-1137-20241120-1407 diff --git a/automation/dbildungs-iam-server/config/config.json b/automation/dbildungs-iam-server/config/config.json index aaeb6b093..9f76771b7 100644 --- a/automation/dbildungs-iam-server/config/config.json +++ b/automation/dbildungs-iam-server/config/config.json @@ -1,81 +1,89 @@ { - "HOST": { - "PORT": 8080 - }, - "FRONTEND": { - "PORT": 8080, - "SECURE_COOKIE": true, - "SESSION_SECRET": "SessionSecretForDevelopment", - "SESSION_TTL_MS": 3600000, - "BACKEND_ADDRESS": "http://dbildungs-iam-server-backend:80", - "DEFAULT_AUTH_REDIRECT": "/", - "TRUST_PROXY": 1, - "ERROR_PAGE_REDIRECT": "/login-error" - }, - "DB": { - "USE_SSL": true - }, - "KEYCLOAK": { - "ADMIN_REALM_NAME": "SPSH", - "REALM_NAME": "SPSH", - "ADMIN_CLIENT_ID": "spsh-admin", - "CLIENT_ID": "spsh", - "TEST_CLIENT_ID": "spsh-test", - "SERVICE_CLIENT_ID": "spsh-service" - }, - "REDIS": { - "HOST": "dbildungs-iam-server-redis-cluster", - "PORT": 6379, - "USERNAME": "default", - "PASSWORD": "", - "USE_TLS": false, - "CLUSTERED": true - }, - "LDAP": { - "URL": "ldap://spsh-xxx.svc.cluster.local", - "BIND_DN": "cn=admin,dc=schule-sh,dc=de", - "ADMIN_PASSWORD": "password" - }, - "DATA": { - "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057" - }, - "LOGGING": { - "DEFAULT_LOG_LEVEL": "info", - "PERSON_MODULE_LOG_LEVEL": "debug", - "PERSON_API_MODULE_LOG_LEVEL": "debug", - "ORGANISATION_MODULE_LOG_LEVEL": "debug", - "ORGANISATION_API_MODULE_LOG_LEVEL": "debug", - "ROLLE_MODULE_LOG_LEVEL": "debug", - "ROLLE_API_MODULE_LOG_LEVEL": "debug", - "KEYCLOAK_ADMINISTRATION_MODULE_LOG_LEVEL": "debug", - "HEALTH_MODULE_LOG_LEVEL": "debug", - "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug" - }, - "ITSLEARNING": { - "ENABLED": "false", - "ENDPOINT": "https://itslearning.example.com", - "USERNAME": "username", - "PASSWORD": "password", - "ROOT": "sh", - "ROOT_OEFFENTLICH": "oeffentlich", - "ROOT_ERSATZ": "ersatz" - }, - "OX": { - "ENABLED": "false", - "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService", - "CONTEXT_ID": "1337", - "CONTEXT_NAME": "contextname", - "USERNAME": "username", - "PASSWORD": "password" - }, - "PRIVACYIDEA": { - "ENDPOINT": "http://localhost:5000", - "USERNAME": "admin", - "PASSWORD": "admin", - "USER_RESOLVER": "mariadb_resolver", - "REALM": "defrealm" - }, - "IMPORT": { - "IMPORT_FILE_MAXGROESSE_IN_MB": 10 - } + "HOST": { + "PORT": 8080 + }, + "FRONTEND": { + "PORT": 8080, + "SECURE_COOKIE": true, + "SESSION_SECRET": "SessionSecretForDevelopment", + "SESSION_TTL_MS": 3600000, + "BACKEND_ADDRESS": "http://dbildungs-iam-server-backend:80", + "DEFAULT_AUTH_REDIRECT": "/", + "TRUST_PROXY": 1, + "ERROR_PAGE_REDIRECT": "/login-error" + }, + "DB": { + "USE_SSL": true + }, + "KEYCLOAK": { + "ADMIN_REALM_NAME": "SPSH", + "REALM_NAME": "SPSH", + "ADMIN_CLIENT_ID": "spsh-admin", + "CLIENT_ID": "spsh", + "TEST_CLIENT_ID": "spsh-test", + "SERVICE_CLIENT_ID": "spsh-service" + }, + "REDIS": { + "HOST": "dbildungs-iam-server-redis-cluster", + "PORT": 6379, + "USERNAME": "default", + "PASSWORD": "", + "USE_TLS": false, + "CLUSTERED": true + }, + "LDAP": { + "URL": "ldap://spsh-xxx.svc.cluster.local", + "BIND_DN": "cn=admin,dc=schule-sh,dc=de", + "ADMIN_PASSWORD": "password" + }, + "DATA": { + "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057" + }, + "LOGGING": { + "DEFAULT_LOG_LEVEL": "info", + "PERSON_MODULE_LOG_LEVEL": "debug", + "PERSON_API_MODULE_LOG_LEVEL": "debug", + "ORGANISATION_MODULE_LOG_LEVEL": "debug", + "ORGANISATION_API_MODULE_LOG_LEVEL": "debug", + "ROLLE_MODULE_LOG_LEVEL": "debug", + "ROLLE_API_MODULE_LOG_LEVEL": "debug", + "KEYCLOAK_ADMINISTRATION_MODULE_LOG_LEVEL": "debug", + "HEALTH_MODULE_LOG_LEVEL": "debug", + "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug" + }, + "ITSLEARNING": { + "ENABLED": "false", + "ENDPOINT": "https://itslearning.example.com", + "USERNAME": "username", + "PASSWORD": "password", + "ROOT": "sh", + "ROOT_OEFFENTLICH": "oeffentlich", + "ROOT_ERSATZ": "ersatz" + }, + "OX": { + "ENABLED": "false", + "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService", + "CONTEXT_ID": "1337", + "CONTEXT_NAME": "contextname", + "USERNAME": "username", + "PASSWORD": "password" + }, + "PRIVACYIDEA": { + "ENDPOINT": "http://localhost:5000", + "USERNAME": "admin", + "PASSWORD": "admin", + "USER_RESOLVER": "mariadb_resolver", + "REALM": "defrealm" + }, + "VIDIS": { + "BASE_URL": "https://service-stage.vidis.schule", + "USERNAME": "", + "PASSWORD": "", + "REGION_NAME": "test-region", + "KEYCLOAK_GROUP": "VIDIS-service", + "KEYCLOAK_ROLE": "VIDIS-user" + }, + "IMPORT": { + "IMPORT_FILE_MAXGROESSE_IN_MB": 10 + } } diff --git a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl index e6b03a7fd..3628783f9 100644 --- a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl +++ b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl @@ -96,4 +96,34 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: redis-password + - name: VIDIS_BASE_URL + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: vidis-base-url + - name: VIDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: vidis-username + - name: VIDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: vidis-password + - name: VIDIS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: vidis-region-name + - name: VIDIS_KEYCLOAK_GROUP + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: vidis-keycloak-group + - name: VIDIS_KEYCLOAK_ROLE + valueFrom: + secretKeyRef: + name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} + key: vidis-keycloak-role {{- end}} diff --git a/automation/dbildungs-iam-server/templates/configmap.yaml b/automation/dbildungs-iam-server/templates/configmap.yaml index cca9f526a..6b8d8ac73 100644 --- a/automation/dbildungs-iam-server/templates/configmap.yaml +++ b/automation/dbildungs-iam-server/templates/configmap.yaml @@ -18,5 +18,3 @@ data: BACKEND_HOSTNAME: "{{ .Values.backendHostname }}" LDAP_URL: '{{ .Values.ldap.url | replace "spsh-xxx" .Release.Namespace }}' LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}" - LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}" - LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}" diff --git a/automation/dbildungs-iam-server/templates/secret.yaml b/automation/dbildungs-iam-server/templates/secret.yaml index 51e46f34b..1a2eec62a 100644 --- a/automation/dbildungs-iam-server/templates/secret.yaml +++ b/automation/dbildungs-iam-server/templates/secret.yaml @@ -25,4 +25,10 @@ data: pi-rename-waiting-time: {{ .Values.auth.pi_rename_waiting_time }} secrets-json: {{ .Values.auth.secrets_json }} redis-password: {{ .Values.auth.redis_password }} + vidis-base-url: {{ .Values.auth.vidis_base_url }} + vidis-username: {{ .Values.auth.vidis_username }} + vidis-password: {{ .Values.auth.vidis_password }} + vidis-region-name: {{ .Values.auth.vidis_region_name }} + vidis-keycloak-group: {{ .Values.auth.vidis_keycloak_group }} + vidis-keycloak-role: {{ .Values.auth.vidis_keycloak_role }} {{- end }} diff --git a/automation/dbildungs-iam-server/values.yaml b/automation/dbildungs-iam-server/values.yaml index 88a982952..69c4686f7 100644 --- a/automation/dbildungs-iam-server/values.yaml +++ b/automation/dbildungs-iam-server/values.yaml @@ -29,8 +29,6 @@ database: ldap: url: ldap://dbildungs-iam-ldap.spsh-xxx.svc.cluster.local bindDN: cn=admin,dc=schule-sh,dc=de - oeffentlicheSchulenDomain: schule-sh.de - ersatzschulenDomain: ersatzschule-sh.de auth: # existingSecret: Refers to a secret already present in the cluster, which is required. @@ -52,6 +50,12 @@ auth: pi_user_realm: '' pi_rename_waiting_time: '' redis_password: '' + vidis_base_url: '' + vidis_username: '' + vidis_password: '' + vidis_region_name: '' + vidis_keycloak_group: '' + vidis_keycloak_role: '' backend: replicaCount: 1 @@ -70,8 +74,8 @@ backend: memory: 200Mi startupProbe: enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 60 + periodSeconds: 60 failureThreshold: 5 httpGet: scheme: 'HTTP' @@ -126,11 +130,10 @@ backend: name: secret-volume extraVolumeMounts: [] - # Reference: https://github.com/bitnami/charts/tree/main/bitnami/redis-cluster redis-cluster: enabled: true - persistence: + persistence: enabled: false size: 4Gi image: @@ -139,14 +142,14 @@ redis-cluster: tag: 7.4 existingSecret: dbildungs-iam-server-redis cluster: - ## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica - ## nodes (as replica count is set to 1 by default, there will be 1 replica per master node). - ## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas - ## The number of master nodes should always be >= 3, otherwise cluster creation will fail - nodes: 6 - # for staging and prod this could get increased - ## @param cluster.replicas Number of replicas for every master in the cluster - replicas: 1 + ## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica + ## nodes (as replica count is set to 1 by default, there will be 1 replica per master node). + ## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas + ## The number of master nodes should always be >= 3, otherwise cluster creation will fail + nodes: 6 + # for staging and prod this could get increased + ## @param cluster.replicas Number of replicas for every master in the cluster + replicas: 1 networkPolicy: enabled: false pdb: @@ -157,9 +160,9 @@ redis-cluster: tls: enabled: false podLabels: - app.kubernetes.io/component: server-redis + app.kubernetes.io/component: server-redis commonLabels: - app.kubernetes.io/name: dbildungs-iam-server + app.kubernetes.io/name: dbildungs-iam-server resources: limits: cpu: 300m @@ -169,9 +172,9 @@ redis-cluster: memory: 128Mi metrics: enabled: true - + autoscaling: enabled: false minReplicas: 1 maxReplicas: 5 - targetCPUUtilizationPercentage: 60 \ No newline at end of file + targetCPUUtilizationPercentage: 60