DBP-799-openldap-image-helm-chart-add-rollout (#36)

DBP-799-openldap-image-helm-chart-add-rollout (#36)

.github/workflows/deploy-to-dev-manual.yml

@@ -56,7 +56,7 @@ jobs:
     needs:
       - check_namespace_input
       - create_branch_identifier
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@4
+    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5
     with:
       dbildungs_iam_server_branch: ${{ github.event.inputs.dbildungs_iam_server_branch }}
       schulportal_client_branch: ${{ github.event.inputs.dbildungs_iam_client_branch }}

.github/workflows/deploy.yml

@@ -26,6 +26,11 @@ on:
         description: "Has to be main or in format <project>-<ticketnumber>, e.g. spsh-130"
         default: main
         type: string
+      dbildungs_iam_ldap_branch:
+        required: true
+        description: "Has to be main or in format <project>-<ticketnumber>, e.g. spsh-130"
+        default: main
+        type: string
       dbseeding:
         required: false
         description: "Enable Seeding (true, false, chart_value)"
@@ -60,6 +65,13 @@ jobs:
       branch: ${{ inputs.dbildungs_iam_keycloak_branch }}
       chart_name: "dbildungs-iam-keycloak"
 
+  find_dbildungs_iam_ldap_helm_chart_tag:
+    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/find-helm-chart-by-ticket-or-main-in-registry.yml@2
+    with:
+      github_repository: "dBildungsplattform/helm-charts-registry"
+      branch: ${{ inputs.dbildungs_iam_ldap_branch }}
+      chart_name: "dbildungs-iam-ldap"
+
   create_ingress_prefix:
     uses: dBildungsplattform/spsh-app-deploy/.github/workflows/get-branch-meta.yml@2
 
@@ -103,6 +115,7 @@ jobs:
       - find_dbildungs_iam_server_helm_chart_tag
       - find_schulportal_client_helm_chart_tag
       - find_dbildungs_iam_keycloak_helm_chart_tag
+      - find_dbildungs_iam_ldap_helm_chart_tag
       - create_lowercase_ingress_prefix
       - create_dbildungs_iam_keycloak_db_name
       - create_dbildungs_iam_server_db_name
@@ -153,6 +166,11 @@ jobs:
           wget https://github.com/dBildungsplattform/helm-charts-registry/releases/download/${{ needs.find_dbildungs_iam_keycloak_helm_chart_tag.outputs.helm_chart_tagname }}/${{ needs.find_dbildungs_iam_keycloak_helm_chart_tag.outputs.helm_chart_tagname }}.tgz
           tar -zxvf ${{ needs.find_dbildungs_iam_keycloak_helm_chart_tag.outputs.helm_chart_tagname }}.tgz 
 
+      - name: Download dbildungs_iam_ldap Helm chart
+        run: |
+          wget https://github.com/dBildungsplattform/helm-charts-registry/releases/download/${{ needs.find_dbildungs_iam_ldap_helm_chart_tag.outputs.helm_chart_tagname }}/${{ needs.find_dbildungs_iam_ldap_helm_chart_tag.outputs.helm_chart_tagname }}.tgz
+          tar -zxvf ${{ needs.find_dbildungs_iam_ldap_helm_chart_tag.outputs.helm_chart_tagname }}.tgz 
+
       # On branches the ticket number is used as image tag. To ensure the pods are restarted
       # and pull the the latest image, we uninstall the helm release first. (Otherwise same tag -> no change)
       # We also need to uninstall all pods to savely recreate the database
@@ -182,6 +200,18 @@ jobs:
         run: |
           kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-keycloak-secret-dev.yaml
 
+      - name: Create dbildungs-iam-ldap secret
+        run: |
+          kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-ldap-secret-dev.yaml
+
+      - name: Create dbildungs-iam-ldap modify secret
+        run: |
+          kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-ldap-config-modify.yaml
+
+      - name: Create dbildungs-iam-ldap apply secret
+        run: |
+          kubectl --namespace=${{ inputs.namespace }} apply -f ./dbildungs-iam-ldap-config-apply.yaml
+
       - name: Create Database for dbildungs-iam-keycloak
         run: |
           # Generate timestamp for job name uniqueness
@@ -198,6 +228,17 @@ jobs:
             --set auth.existingSecret="psql-config-secret" \
             --set database.name=${{ needs.create_dbildungs_iam_keycloak_db_name.outputs.keycloak_db_name }}
 
+      # even though the initTLSSecret.secret value is set it has no effect if the initTLSSecret in not enabled (default: false) - only necessary for External IP
+      - name: Deploy dbildungs_iam_ldap Helm chart
+        run: |
+          helm upgrade --install \
+            dbildungs-iam-ldap \
+            dbildungs-iam-ldap \
+            --namespace ${{ inputs.namespace }} \
+            --set global.existingSecret="dbildungs-iam-ldap" \
+            --set initTLSSecret.secret="dbildungs-iam-ldap-tls" \
+            --wait
+
       - name: Create Database for dbildungs-iam-server
         run: |
           # Generate timestamp for job name uniqueness
@@ -213,7 +254,6 @@ jobs:
             --namespace ${{ inputs.namespace }} \
             --set auth.existingSecret="psql-config-secret" \
             --set database.name=${{ needs.create_dbildungs_iam_server_db_name.outputs.server_db_name }}
-  
 
       # Wait is needed, dbildungs_iam_server expects keycloak to be up!
       - name: Deploy dbildungs_iam_keycloak Helm chart
@@ -228,7 +268,7 @@ jobs:
             --set database.name=${{ needs.create_dbildungs_iam_keycloak_db_name.outputs.keycloak_db_name }} \
             --set database.username=spshdeveloper \
             --wait
-
+      
       - name: Deploy schulportal_client Helm chart
         run: |
           helm upgrade --install \

dbildungs-iam-ldap-config-apply.yaml

@@ -0,0 +1,6 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: dbildungs-iam-ldap-config-apply
+spec:
+  itemPath: "vaults/spsh-dev-schulportal/items/dbildungs-iam-ldap-config-apply"

dbildungs-iam-ldap-config-modify.yaml

@@ -0,0 +1,6 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: dbildungs-iam-ldap-config-modify
+spec:
+  itemPath: "vaults/spsh-dev-schulportal/items/dbildungs-iam-ldap-config-modify"

dbildungs-iam-ldap-secret-dev.yaml

@@ -0,0 +1,6 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: dbildungs-iam-ldap
+spec:
+  itemPath: "vaults/spsh-dev-schulportal/items/dbildungs-iam-ldap"