diff --git a/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl index e22a1bd7e..995dc13fd 100644 --- a/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl +++ b/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl @@ -36,16 +36,6 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: frontend-sessionSecret - - name: ITSLEARNING_ENABLED - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-enabled - - name: ITSLEARNING_ENDPOINT - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: itslearning-endpoint - name: ITSLEARNING_USERNAME valueFrom: secretKeyRef: @@ -56,16 +46,16 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: itslearning-password - - name: LDAP_ADMIN_PASSWORD + - name: LDAP_BIND_DN valueFrom: secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: ldap-admin-password - - name: PI_BASE_URL + key: ldap-bind-dn + - name: LDAP_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-base-url + key: ldap-admin-password - name: PI_ADMIN_USER valueFrom: secretKeyRef: @@ -76,31 +66,6 @@ secretKeyRef: name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} key: pi-admin-password - - name: PI_USER_RESOLVER - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-user-resolver - - name: PI_REALM - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: pi-user-realm - - name: SYSTEM_RENAME_WAITING_TIME_IN_SECONDS - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: system-rename-waiting-time-in-seconds - - name: SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: system-step-up-timeout-in-seconds - - name: SYSTEM_STEP_UP_TIMEOUT_ENABLED - valueFrom: - secretKeyRef: - name: {{ default .Values.auth.existingSecret .Values.auth.secretName }} - key: system-step-up-timeout-enabled - name: REDIS_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/dbildungs-iam-server/templates/backend-deployment.yaml b/charts/dbildungs-iam-server/templates/backend-deployment.yaml index 0c5b14b06..2a945a1c0 100644 --- a/charts/dbildungs-iam-server/templates/backend-deployment.yaml +++ b/charts/dbildungs-iam-server/templates/backend-deployment.yaml @@ -22,11 +22,12 @@ spec: spec: automountServiceAccountToken: false initContainers: + {{- if .Values.backend.dbmigration.enabled }} - name: "{{ template "common.names.name" . }}-db-migration-apply" image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ] + command: {{ .Values.backend.dbmigration.command | toJson }} env: {{- include "dbildungs-iam-server-backend-envs" . | indent 12 }} {{- if .Values.backend.extraEnvVars }} @@ -38,11 +39,13 @@ spec: volumeMounts: {{- toYaml .Values.backend.volumeMounts | nindent 12 }} resources: {{- toYaml .Values.backend.resources | nindent 12 }} + {{ end }} + {{- if .Values.backend.keycloakdatamigration.enabled }} - name: "{{ template "common.names.name" . }}-keycloak-data-migration" image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ] + command: {{ .Values.backend.keycloakdatamigration.command | toJson }} env: {{- include "dbildungs-iam-server-backend-envs" . | indent 12 }} {{- if .Values.backend.extraEnvVars }} @@ -54,12 +57,13 @@ spec: volumeMounts: {{- toYaml .Values.backend.volumeMounts | nindent 12 }} resources: {{- toYaml .Values.backend.resources | nindent 12 }} + {{ end }} {{- if .Values.backend.dbseeding.enabled }} - name: db-seeding image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{.Values.imagePullPolicy | default "Always"}} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ] + command: {{ .Values.backend.dbseeding.command | toJson }} envFrom: - configMapRef: name: {{ template "common.names.name" . }} @@ -67,7 +71,7 @@ spec: volumeMounts: {{- toYaml .Values.backend.volumeMounts | nindent 12 }} resources: {{- toYaml .Values.backend.resources | nindent 12 }} - {{end}} + {{ end }} containers: - name: "{{ template "common.names.name" . }}-backend" image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}" diff --git a/charts/dbildungs-iam-server/templates/configmap.yaml b/charts/dbildungs-iam-server/templates/configmap.yaml index 26ed48bdc..b402509f1 100644 --- a/charts/dbildungs-iam-server/templates/configmap.yaml +++ b/charts/dbildungs-iam-server/templates/configmap.yaml @@ -20,7 +20,16 @@ data: LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}" LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}" LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}" - STATUS_REDIRECT_URL: "{{ .Values.status.url }}" + ITSLEARNING_ENABLED: "{{ .Values.itslearning.enabled }}" + ITSLEARNING_ENDPOINT: "{{ .Values.itslearning.endpoint }}" ITSLEARNING_ROOT: '{{ .Values.itslearning.root }}' ITSLEARNING_ROOT_OEFFENTLICH: '{{ .Values.itslearning.rootOeffentlich }}' ITSLEARNING_ROOT_ERSATZ: '{{ .Values.itslearning.rootErsatz }}' + PI_BASE_URL: "{{ .Values.privacyidea.url }}" + PI_RENAME_WAITING_TIME: "{{ .Values.privacyidea.renameWaitingTime }}" + PI_REALM: "{{ .Values.privacyidea.realm }}" + PI_USER_RESOLVER: "{{ .Values.privacyidea.userResolver }}" + STATUS_REDIRECT_URL: "{{ .Values.status.url }}" + SYSTEM_RENAME_WAITING_TIME_IN_SECONDS: '{{ .Values.system.rename_waiting_time_in_seconds }}' + SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS: '{{ .Values.system.step_up_timeout_in_seconds }}' + SYSTEM_STEP_UP_TIMEOUT_ENABLED: '{{ .Values.system.step_up_timeout_enabled }}' diff --git a/charts/dbildungs-iam-server/templates/secret.yaml b/charts/dbildungs-iam-server/templates/secret.yaml index d87bfe75d..677d8f793 100644 --- a/charts/dbildungs-iam-server/templates/secret.yaml +++ b/charts/dbildungs-iam-server/templates/secret.yaml @@ -12,19 +12,12 @@ data: db-username: {{ .Values.database.username }} keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }} keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }} + ldap-bind-dn: {{ .Values.auth.ldap_bind_dn }} ldap-admin-password: {{ .Values.auth.ldap_admin_password }} - itslearning-enabled: {{ .Values.auth.itslearning_enabled }} - itslearning-endpoint: {{ .Values.auth.itslearning_endpoint }} itslearning-username: {{ .Values.auth.itslearning_username }} itslearning-password: {{ .Values.auth.itslearning_password }} - pi-base-url: {{ .Values.auth.pi_base_url }} pi-admin-user: {{ .Values.auth.pi_admin_user }} pi-admin-password: {{ .Values.auth.pi_admin_password }} - pi-user-resolver: {{ .Values.auth.pi_user_resolver }} - pi-user-realm: {{ .Values.auth.pi_user_realm }} - system-rename-waiting-time-in-seconds: {{ .Values.auth.system_rename_waiting_time_in_seconds }} - system-step-up-timeout-in-seconds: {{ .Values.auth.system_step_up_timeout_in_seconds }} - system-step-up-enabled: {{ .Values.auth.system_step_up_enabled }} secrets-json: {{ .Values.auth.secrets_json }} redis-password: {{ .Values.auth.redis_password }} {{- end }} diff --git a/charts/dbildungs-iam-server/values.yaml b/charts/dbildungs-iam-server/values.yaml index b5763a9fc..3b5bde7f2 100644 --- a/charts/dbildungs-iam-server/values.yaml +++ b/charts/dbildungs-iam-server/values.yaml @@ -33,31 +33,37 @@ ldap: ersatzschulenDomain: ersatzschule-sh.de itslearning: + enabled: false + endpoint: https://enterprise.itslintegrations.com/WCFServiceLibrary/ImsEnterpriseServicesPort.svc root: sh rootOeffentlich: oeffentlich rootErsatz: ersatz +privacyidea: + url: https://privacyidea.dev.spsh.dbildungsplattform.de + renameWaitingTime: 5 + realm: ucs_users + userResolver: ucs_users + +system: + rename_waiting_time_in_seconds: 2 + step_up_timeout_in_seconds: 900 + step_up_timeout_enabled: false + auth: # existingSecret: Refers to a secret already present in the cluster, which is required. existingSecret: '' secretName: dbildungs-iam-server keycloak_adminSecret: '' keycloak_clientSecret: '' + ldap_bind_dn: '' ldap_admin_password: '' secrets_json: '' frontend_sessionSecret: '' - itslearning_enabled: '' - itslearning_endpoint: '' itslearning_username: '' itslearning_password: '' - pi_base_url: '' pi_admin_user: '' pi_admin_password: '' - pi_user_resolver: '' - pi_user_realm: '' - system_rename_waiting_time_in_seconds: '' - system_step_up_timeout_in_seconds: '' - system_step_up_timeout_enabled: '' redis_password: '' backend: @@ -100,7 +106,13 @@ backend: path: '/health' dbseeding: enabled: true - command: ['node', 'dist/src/console/main.js', 'db', 'seed', 'dev', ''] + command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ] + dbmigration: + enabled: true + command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ] + keycloakdatamigration: + enabled: true + command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ] ingress: enabled: true ingressClassName: nginx