feat(univention-management-stack): use umbrella helm chart
Replace individual UMS charts with umbrella chart.
Requires: https://git.knut.univention.de/univention/customers/dataport/upx/ums-stack/-/merge_requests/20
Work on this MR has resumed as of 24.03.2024.
!96 (closed) is jbornholds attempt on this.
Copied checklist from !96 (closed) Curly brackets -> my comments
Description
-
Adds ums-repo (ums-stack umbrella chart) and removes all individual components -
Adds ums release and removes all individual components -
Adequate configuration of services to their latest version with umbrella chart (and indents) -
Secrets are correctly handled (from secrets.yaml) -
Updates portal-server to bsi-compliant chart
To do
Strike through if skipped, mark
x
if done
-
Remove ums-notifications-api repositories and releases -
Remove ums-provisioning repository and releases -
Pin images via images.yaml (openssl) {current deployment does not use tls, as such the init container that uses alpine/openssl is never run, not too much effort, but maybe later feature/fix} -
ldapServer config values deduplication {out of scope} -
ldapServer samlMetadataUrlInternal {out of scope} -
ldap-server working (listeners broke on last release) -
notifier crashes when capabilities are dropped {out of scope} -
udm-rest-api ldap uri and baseDN values {I assume I got this done} -
memcached umc-server {currently falling back to bundled memcached until either umc-server ucs code is adjusted or opendesk memcached requires authentication} -
The Guardian migration to umbrella chart {out of scope, feature for later} -
openCode mirror for ums-stack chart {MR created, TR informed !103 (merged)} -
values-common.yaml to be removed once all components which used it are migrated {out of scope, fix for later, global.postgresql and global.keycloak only used by keycloak-extensions}
QA (and self-review)
-
e2e-tests passing {see comment} -
All components are there -
Timeouts (900s) while deploying the umbrella helm chart are not surpassed {no timeout related errors} -
Components become eventually stable and green {if opendesk-otterize is uninstalled} -
Check aggregated logs for usual behavior {no unexpected errors, a second pair of eyes cant hurt} -
Check all routing is working fine (ingresses) {only portal. and id. ingresses needed and deployed}
Aniemann Checklist
-
stack-gateway requires http://minio:9000
, will not work withhttp://minio.fqdn:9000
(acceptable interim solution?) -
need to use bundled memcached for umc-server
until helmfile deploymentmemcached
requires authentication (umc-server
incompatible with unauthenticatedmemcached
) (acceptable interim solution?) -
test_user_can_switch_language_to_X failing, determine reason, fix if possible, create new MR if non-config issue -
test deployment and end2end without uninstalling opendesk-otterize
first,stack-data-swp
andstack-data-ums
job seemed to not pass init phase, verify, discuss, fix if possible -
Thorsten R qa deployment and test
Edited by Thorsten Roßner