A Helm chart to load the initial data into the UMS Stack
- Version: 0.1.0
- Type: application
- Homepage: https://www.univention.de/
helm upgrade --install stack-data-udm oci://gitregistry.knut.univention.de/univention/customers/dataport/upx/stack-data/helm/stack-data-udmThe chart does install Kubernetes Jobs to load the initial data of the UMS Stack.
It depends on a functional UDM REST API being available and configured. The UDM REST API is used to load the data.
To install the chart with the release name stack-data-ums:
helm upgrade --install stack-data-udm oci://gitregistry.knut.univention.de/univention/customers/dataport/upx/stack-data/helm/stack-data-udmTo uninstall the chart with the release name stack-data-udm:
helm uninstall stack-data-udm| Repository | Name | Version |
|---|---|---|
| oci://artifacts.software-univention.de/nubus/charts | nubus-common | 0.28.0 |
| Key | Type | Default | Description |
|---|---|---|---|
| additionalAnnotations | object | {} |
Additional custom annotations to add to deployed objects. |
| affinity | object | {} |
|
| configMapUcr | string | "{{ include \"common.names.fullname\" . }}-ucr" |
|
| containerSecurityContext.allowPrivilegeEscalation | bool | false |
Enable container privileged escalation. |
| containerSecurityContext.capabilities | object | {
"drop": [
"ALL"
]
} |
Security capabilities for container. |
| containerSecurityContext.enabled | bool | true |
Enable security context. |
| containerSecurityContext.privileged | bool | false |
|
| containerSecurityContext.readOnlyRootFilesystem | bool | true |
Mounts the container's root filesystem as read-only. |
| containerSecurityContext.runAsGroup | int | 1000 |
Process group id. |
| containerSecurityContext.runAsNonRoot | bool | true |
Run container as a user. |
| containerSecurityContext.runAsUser | int | 1000 |
Process user id. |
| containerSecurityContext.seccompProfile.type | string | "RuntimeDefault" |
Disallow custom Seccomp profile by setting it to RuntimeDefault. |
| dataLoader.enabled | bool | true |
Allows to disable the data loader Job. |
| environment | object | {} |
|
| extensions | list | [] |
Extensions to load. This will override the configuration in `global.extensions`. |
| extraEnvVars | list | [] |
Array with extra environment variables to add to containers. extraEnvVars: - name: FOO value: "bar" |
| fullnameOverride | string | "" |
|
| global.configUcr | object | {} |
|
| global.extensions | list | [] |
Allows to configure extensions globally. |
| global.imagePullPolicy | string | null |
Define an ImagePullPolicy. Ref.: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy |
| global.imagePullSecrets | list | [] |
Credentials to fetch images from private registry. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: - "docker-registry" |
| global.imageRegistry | string | "artifacts.software-univention.de" |
Container registry address. |
| global.nubusDeployment | bool | false |
Indicates wether this chart is part of a Nubus deployment. |
| global.postgresql.connection.host | string | null |
|
| global.postgresql.connection.port | string | null |
|
| global.systemExtensions | list | [] |
Allows to configure system extensions globally. |
| global.udm.connection.url | string | null |
Global default for the URL via which the UDM REST API can be reached. See "udm.connection.url". |
| image | object | {
"pullPolicy": "",
"registry": "",
"repository": "nubus-dev/images/data-loader",
"sha256": null,
"tag": "latest"
} |
Container image configuration |
| image.sha256 | string | null |
Define image sha256 as an alternative to `tag` |
| mountSecrets | bool | true |
|
| nameOverride | string | "" |
|
| nodeSelector | object | {} |
|
| nubusUmcServer.host | string | "" |
Hostname of the UMC server used to disable self-service rate-limiting for requests from inside the cluster This does set the UCR variable `umc/self-service/rate-limit/trusted-hosts` |
| nubusUmcServer.memcached.auth.username | string | "" |
Username to use for memcached of the selfservice in UMC. This does set the UCR variable `umc/self-service/memcached/username`. UCR has no default. |
| nubusUmcServer.memcached.connection.host | string | "" |
Hostname to use for memcached of the selfservice in UMC. This does set the UCR variable `umc/self-service/memcached/socket`. |
| nubusUmcServer.postgresql.auth.database | string | "" |
|
| nubusUmcServer.postgresql.auth.username | string | "" |
Username to use for postgresql of the selfservice in UMC. This does set the UCR variable `umc/self-service/postgresql/username`. UCR default is `selfservice`. |
| nubusUmcServer.postgresql.connection.host | string | "" |
Hostname to use for postgresql of the selfservice in UMC. This does set the UCR variable `umc/self-service/postgresql/hostname`. UCR default is `localhost`. |
| nubusUmcServer.postgresql.connection.port | string | "" |
Port to use for postgresql of the selfservice in UMC. This does set the UCR variable `umc/self-service/postgresql/port`. UCR default is `5432`. |
| podAnnotations | object | {} |
|
| podSecurityContext | object | {} |
|
| resources | object | {} |
|
| serviceAccount.annotations | object | {} |
|
| serviceAccount.automountServiceAccountToken | bool | false |
|
| serviceAccount.create | bool | true |
|
| serviceAccount.labels | object | {} |
Additional custom labels for the ServiceAccount. |
| serviceAccount.name | string | "" |
|
| stackDataContext.domainname | string | "" |
Domain name of the instance. Chart defaults to `univention-organization.intranet` Example: `"example.org"` |
| stackDataContext.externalDomainName | string | "" |
Domain name of the instance. Chart defaults to `univention-organization.intranet` Example: `"example.org"` |
| stackDataContext.externalMailDomain | string | "" |
Interim. The external mail domain in use. Currently required to create the Administrator account. Chart defaults to `univention-organization.test`. |
| stackDataContext.hostname | string | "" |
Host name of the instance. Chart defaults to `portal`. Example: `"souvap"` |
| stackDataContext.idpFqdn | string | null |
The FQDN of the identity provider (w/o the protocol specification). Example: `"id.souvap.example.org"` |
| stackDataContext.idpOidcIssuerUrl | string | null |
OIDC Identity Provider issuer URL (as visible from the user/internet). Example: `"https://id.souvap.example.org/realms/ucs"` |
| stackDataContext.idpOidcIssuerUrlInternal | string | "" |
OIDC Identity Provider issuer URL (as visible from inside the container), optional. Example: `"http://keycloak:8080/realms/ucs"` |
| stackDataContext.ldapBase | string | "" |
Base DN of the LDAP directory. Chart defaults to `dc=univention-organization,dc=intranet`. Example: `"dc=example,dc=org"` |
| stackDataContext.ldapHost | string | "" |
Hostname of the LDAP server. Chart defaults to `ldap-server`. Example: `"ucs-1234.univention.intranet"` |
| stackDataContext.ldapHostDn | string | "" |
DN of the UMS instance. Chart defaults to `cn=admin,dc=univention-organization,dc=intranet`. Example: `"cn=ucs-1234,cn=dc,cn=computers,dc=example,dc=org"` |
| stackDataContext.ldapMasterHost | string | "" |
Hostname of the primary LDAP server. Chart defaults to `ldap-server`. Example: `"ucs-1234.univention.intranet"` |
| stackDataContext.ldapMasterPort | string | "" |
Port to connect to the primary LDAP server. Chart defaults to `389`. Example: `389` |
| stackDataContext.ldapPort | string | "" |
Port to connect to the LDAP server. Chart defaults to `389`. Example: `389` |
| stackDataContext.ldapSamlSpUrls | string | null |
List of SAML Service Provider URLs which the LDAP server should trust (comma-separated). Example: `"https://portal.souvap.example.org/univention/saml/metadata"` |
| stackDataContext.portalAuthMode | string | "oidc" |
The authentication method to use for the portal. Default is `oidc`. |
| stackDataContext.portalFqdn | string | "{{ include \"stack-data-ums.portalFqdn\" . }}" |
|
| stackDataContext.showUmc | bool | true |
Default portal show UMC modules |
| stackDataContext.smtpHost | string | "" |
Self-service emails: SMTP host |
| stackDataContext.smtpPort | int | 587 |
Self-service emails: SMTP port (default: `587`) |
| stackDataContext.smtpStartTls | bool | true |
Self-service emails: SMTP via TLS (default: `true`) |
| stackDataContext.smtpUser | string | "" |
Self-service emails: SMTP username |
| stackDataContext.umcHtmlTitle | string | "Univention Portal" |
UMC web page title. Chart supports templated values. |
| stackDataContext.umcSamlSpFqdn | string | null |
SAML Service Provider hostname (FQDN of the UMC, which is the service provider) Example: `"portal.souvap.example.org"` |
| stackDataUms.dependencyUdmApiWait | bool | true |
Wait for the udm-rest-api to be available |
| stackDataUms.extraDataFiles | string | null |
Allow to configure additional data files. This has to be a map from the desired filename to the content. The content has to be a valid YAML stream which the data loader is able to process. |
| stackDataUms.logContext | bool | false |
Enables logging of the template context used to render the template files. Be aware that this may log sensitive information. |
| stackDataUms.logTemplate | bool | false |
Enables logging of the rendered templates for troubleshooting. Be aware that this may log sensitive information. |
| stackDataUms.udmApiPort | string | "" |
The internal port on which the UDM REST API is listening in the Kubernetes Pod. Chart defaults to `9979`. |
| systemExtensions | list | [] |
Allows to configure the system extensions to load. This is intended for internal usage, prefer to use `extensions` for user configured extensions. This value will override the configuration in `global.systemExtensions`. |
| templateContext | object | {
"domainName": "{{ include \"stack-data-ums.domainName\" . }}",
"enableDefaultLogin": "{{ include \"stack-data-ums.enableDefaultLogin\" . }}",
"externalMailDomain": "{{ include \"stack-data-ums.externalMailDomain\" . }}",
"initialPasswordAdministrator": null,
"keycloakTwofaGroup": "2FA Users",
"ldapBaseDn": "{{ include \"stack-data-ums.ldapBaseDn\" . }}",
"readonlyUserPassword": null,
"showUmc": "{{ include \"stack-data-ums.showUmc\" . }}",
"subDomainsKeycloak": "{{ include \"stack-data-ums.subDomains.keycloak\" . }}",
"svcPortalServerUserPassword": null
} |
Context used to render the data file templates in the data loader. |
| templateContext.domainName | string | "{{ include \"stack-data-ums.domainName\" . }}" |
Domain name of the instance. Chart defaults to `univention-organization.intranet` Example: `"example.org"` |
| templateContext.enableDefaultLogin | string | "{{ include \"stack-data-ums.enableDefaultLogin\" . }}" |
Enable the plain UMC login. Enabling it will show the UMC login tile. This value is also controlled globally, which will cause the ingress to be disabled as well. Enabling it here will show the UMC login tile, but will not enable the ingress path. Example: `false` |
| templateContext.externalMailDomain | string | "{{ include \"stack-data-ums.externalMailDomain\" . }}" |
Interim. The external mail domain in use. Currently required to create the Administrator account. Chart defaults to `univention-organization.test`. |
| templateContext.initialPasswordAdministrator | string | null |
The initial password of the user "Administrator". A random password will be generated if unset. |
| templateContext.keycloakTwofaGroup | string | "2FA Users" |
Creates the group needed for enforcing configuration of a second factor in Keycloak. |
| templateContext.ldapBaseDn | string | "{{ include \"stack-data-ums.ldapBaseDn\" . }}" |
Base DN of the LDAP directory. Chart defaults to `dc=univention-organization,dc=intranet`. Example: `"dc=example,dc=org"` |
| templateContext.readonlyUserPassword | string | null |
The password for the Keycloak service readonly user A random password will be generated if unset. |
| templateContext.svcPortalServerUserPassword | string | null |
The password for the Portal service user A random password will be generated if unset. |
| tolerations | list | [] |
|
| udm.auth.existingSecret.keyMapping.password | string | null |
|
| udm.auth.existingSecret.name | string | null |
|
| udm.auth.password | string | null |
|
| udm.auth.username | string | "cn=admin" |
|
| udm.connection.url | string | null |
The URL by which the UDM REST API can be reached. Default `http://udm-rest-api/udm/`. |