Über Open CoDE Software Wiki Diskussionen GitLab

Skip to content

feat(univention-management-stack): use umbrella helm chart

Andreas Niemann requested to merge feat/ums-use-umbrella-chart into develop

Replace individual UMS charts with umbrella chart.

Requires: https://git.knut.univention.de/univention/customers/dataport/upx/ums-stack/-/merge_requests/20

Work on this MR has resumed as of 24.03.2024.

!96 (closed) is jbornholds attempt on this.

Copied checklist from !96 (closed) Curly brackets -> my comments

Description

  • Adds ums-repo (ums-stack umbrella chart) and removes all individual components
  • Adds ums release and removes all individual components
  • Adequate configuration of services to their latest version with umbrella chart (and indents)
  • Secrets are correctly handled (from secrets.yaml)
  • Updates portal-server to bsi-compliant chart

To do

Strike through if skipped, mark x if done

  • Remove ums-notifications-api repositories and releases
  • Remove ums-provisioning repository and releases
  • Pin images via images.yaml (openssl) {current deployment does not use tls, as such the init container that uses alpine/openssl is never run, not too much effort, but maybe later feature/fix}
  • ldapServer config values deduplication {out of scope}
  • ldapServer samlMetadataUrlInternal {out of scope}
  • ldap-server working (listeners broke on last release)
  • notifier crashes when capabilities are dropped {out of scope}
  • udm-rest-api ldap uri and baseDN values {I assume I got this done}
  • memcached umc-server {currently falling back to bundled memcached until either umc-server ucs code is adjusted or opendesk memcached requires authentication}
  • The Guardian migration to umbrella chart {out of scope, feature for later}
  • openCode mirror for ums-stack chart {MR created, TR informed !103 (merged)}
  • values-common.yaml to be removed once all components which used it are migrated {out of scope, fix for later, global.postgresql and global.keycloak only used by keycloak-extensions}

QA (and self-review)

  • e2e-tests passing {see comment}
  • All components are there
  • Timeouts (900s) while deploying the umbrella helm chart are not surpassed {no timeout related errors}
  • Components become eventually stable and green {if opendesk-otterize is uninstalled}
  • Check aggregated logs for usual behavior {no unexpected errors, a second pair of eyes cant hurt}
  • Check all routing is working fine (ingresses) {only portal. and id. ingresses needed and deployed}

Aniemann Checklist

  • stack-gateway requires http://minio:9000, will not work with http://minio.fqdn:9000 (acceptable interim solution?)
  • need to use bundled memcached for umc-server until helmfile deployment memcached requires authentication (umc-server incompatible with unauthenticated memcached) (acceptable interim solution?)
  • test_user_can_switch_language_to_X failing, determine reason, fix if possible, create new MR if non-config issue
  • test deployment and end2end without uninstalling opendesk-otterize first, stack-data-swp and stack-data-ums job seemed to not pass init phase, verify, discuss, fix if possible
  • Thorsten R qa deployment and test
Edited by Thorsten Roßner

Merge request reports