Dbp 1066 helm charts improvements

charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl

@@ -36,16 +36,6 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: frontend-sessionSecret
-          - name: ITSLEARNING_ENABLED
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: itslearning-enabled
-          - name: ITSLEARNING_ENDPOINT
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: itslearning-endpoint
           - name: ITSLEARNING_USERNAME
             valueFrom:
               secretKeyRef:
@@ -56,16 +46,16 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: itslearning-password
-          - name: LDAP_ADMIN_PASSWORD
+          - name: LDAP_BIND_DN
             valueFrom:
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: ldap-admin-password
-          - name: PI_BASE_URL
+                  key: ldap-bind-dn
+          - name: LDAP_ADMIN_PASSWORD
             valueFrom:
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-base-url
+                  key: ldap-admin-password
           - name: PI_ADMIN_USER
             valueFrom:
               secretKeyRef:
@@ -76,21 +66,6 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: pi-admin-password
-          - name: PI_USER_RESOLVER
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-user-resolver
-          - name: PI_REALM
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-user-realm
-          - name: PI_RENAME_WAITING_TIME
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: pi-rename-waiting-time
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:

charts/dbildungs-iam-server/templates/backend-deployment.yaml

@@ -21,12 +21,13 @@
         app.kubernetes.io/component: server-backend
     spec:
       automountServiceAccountToken: false
       initContainers:
+        {{- if .Values.backend.dbmigration.enabled }}
         - name: "{{ template "common.names.name" . }}-db-migration-apply"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
+          command: {{ .Values.backend.dbmigration.command | toJson }}
           env:
             {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
               {{- if .Values.backend.extraEnvVars }}
@@ -38,11 +39,13 @@
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
+        {{ end }}
+        {{- if .Values.backend.keycloakdatamigration.enabled }}
         - name: "{{ template "common.names.name" . }}-keycloak-data-migration"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
+          command: {{ .Values.backend.keycloakdatamigration.command | toJson }}
           env:
             {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
               {{- if .Values.backend.extraEnvVars }}
@@ -54,21 +57,22 @@
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
+        {{ end }}
         {{- if .Values.backend.dbseeding.enabled }}
         - name: db-seeding
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{.Values.imagePullPolicy | default "Always"}}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
+          command: {{ .Values.backend.dbseeding.command | toJson }}
           envFrom:
             - configMapRef:
                 name: {{ template "common.names.name" . }}
           env: {{- include "dbildungs-iam-server-backend-envs" . | indent  12}}
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
-        {{end}}
+        {{ end }}
       containers:
         - name: "{{ template "common.names.name" . }}-backend"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always"}}
@@ -90,7 +94,7 @@
             {{- with .Values.backend.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
           startupProbe: {{- omit .Values.backend.startupProbe "enabled" | toYaml | nindent 12 }}
           livenessProbe: {{- omit .Values.backend.livenessProbe "enabled" | toYaml | nindent 12 }}
           readinessProbe: {{- omit .Values.backend.readinessProbe "enabled" | toYaml | nindent 12 }}

charts/dbildungs-iam-server/templates/configmap.yaml

@@ -20,3 +20,9 @@ data:
   LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}"
   LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
   LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
+  ITSLEARNING_ENABLED: "{{ .Values.itslearning.enabled }}"
+  ITSLEARNING_ENDPOINT: "{{ .Values.itslearning.endpoint }}"
+  PI_BASE_URL:  "{{ .Values.privacyidea.url }}"
+  PI_RENAME_WAITING_TIME:  "{{ .Values.privacyidea.renameWaitingTime }}"
+  PI_REALM: "{{ .Values.privacyidea.realm }}"
+  PI_USER_RESOLVER: "{{ .Values.privacyidea.userResolver }}"

charts/dbildungs-iam-server/templates/secret.yaml

@@ -12,17 +12,12 @@ data:
   db-username: {{ .Values.database.username }}
   keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }}
   keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }}
+  ldap-bind-dn: {{ .Values.auth.ldap_bind_dn }}
   ldap-admin-password: {{ .Values.auth.ldap_admin_password }}
-  itslearning-enabled: {{ .Values.auth.itslearning_enabled }}
-  itslearning-endpoint: {{ .Values.auth.itslearning_endpoint }}
   itslearning-username: {{ .Values.auth.itslearning_username }}
   itslearning-password: {{ .Values.auth.itslearning_password }}
-  pi-base-url: {{ .Values.auth.pi_base_url }}
   pi-admin-user: {{ .Values.auth.pi_admin_user }}
   pi-admin-password: {{ .Values.auth.pi_admin_password }}
-  pi-user-resolver: {{ .Values.auth.pi_user_resolver }}
-  pi-user-realm: {{ .Values.auth.pi_user_realm }}
-  pi-rename-waiting-time: {{ .Values.auth.pi_rename_waiting_time }}
   secrets-json: {{ .Values.auth.secrets_json }}
   redis-password: {{ .Values.auth.redis_password }}
 {{- end }}

charts/dbildungs-iam-server/values.yaml

@@ -32,25 +32,31 @@ ldap:
   oeffentlicheSchulenDomain: schule-sh.de
   ersatzschulenDomain: ersatzschule-sh.de
 
+itslearning:
+  enabled: false
+  endpoint: https://enterprise.itslintegrations.com/WCFServiceLibrary/ImsEnterpriseServicesPort.svc
+
+privacyidea:
+  url: https://privacyidea.dev.spsh.dbildungsplattform.de
+  renameWaitingTime: 5
+  realm: ucs_users
+  userResolver: ucs_users
+
+
 auth:
   # existingSecret: Refers to a secret already present in the cluster, which is required.
   existingSecret: ''
   secretName: dbildungs-iam-server
   keycloak_adminSecret: ''
   keycloak_clientSecret: ''
+  ldap_bind_dn: ''
   ldap_admin_password: ''
   secrets_json: ''
   frontend_sessionSecret: ''
-  itslearning_enabled: ''
-  itslearning_endpoint: ''
   itslearning_username: ''
   itslearning_password: ''
-  pi_base_url: ''
   pi_admin_user: ''
   pi_admin_password: ''
-  pi_user_resolver: ''
-  pi_user_realm: ''
-  pi_rename_waiting_time: ''
   redis_password: ''
 
 backend:
@@ -93,7 +99,13 @@ backend:
       path: '/health'
   dbseeding:
     enabled: true
-    command: ['node', 'dist/src/console/main.js', 'db', 'seed', 'dev', '']
+    command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
+  dbmigration:
+    enabled: true
+    command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
+  keycloakdatamigration: 
+    enabled: true
+    command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
   ingress:
     enabled: true
     ingressClassName: nginx