Skip to content
Snippets Groups Projects
Verified Commit 90d1d505 authored by Martin Weise's avatar Martin Weise
Browse files

Updated schema

parent 4756c73a
No related branches found
No related tags found
1 merge request!295Resolve "LDAP"
This commit is part of merge request !295. Comments created here will be created in the context of that merge request.
Show whitespace changes
Inline Side-by-side
helm/dbrepo/README.md
+ 45
45
View file @ 90d1d505
......@@ -55,13 +55,6 @@ The command removes all the Kubernetes components associated with the chart and
| `strategyType` | The image pull | `RollingUpdate` |
| `clusterDomain` | The cluster domain. | `cluster.local` |
### Internal Admin User
| Name | Description | Value |
| ---------------- | ---------------------------- | ------- |
| `admin.username` | The internal admin username. | `admin` |
| `admin.password` | The internal admin password. | `admin` |
### Metadata Database
| Name | Description | Value |
......@@ -122,7 +115,7 @@ The command removes all the Kubernetes components associated with the chart and
### Broker Service
| Name | Description | Value |
| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------ |
| ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| `brokerservice.enabled` | Enable the Broker Service. | `true` |
| `brokerservice.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `true` |
| `brokerservice.endpoint` | The management api endpoint for the microservices. | `http://broker-service:15672` |
......@@ -133,10 +126,12 @@ The command removes all the Kubernetes components associated with the chart and
| `brokerservice.exchangeName` | The default exchange name. | `dbrepo` |
| `brokerservice.routingKey` | The default routing key binding from the default queue to the default exchange. | `dbrepo.#` |
| `brokerservice.connectionTimeout` | The connection timeout in ms. | `60000` |
| `brokerservice.auth.username` | The initial administrator username. | `broker` |
| `brokerservice.auth.password` | The initial administrator user password. | `broker` |
| `brokerservice.auth.passwordHash` | The initial administrator user password has generated with [`generate-rabbitmq-pw.sh`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/blob/release-1.4.4/helm/dbrepo/hack/generate-rabbitmq-pw.sh). | `1gwjNNTBPKLgyzbsUykfR0JIFC6nNqbNJaxzZ14uPT8JGcTZ` |
| `brokerservice.extraPlugins` | The list of plugins to be activated. | `rabbitmq_prometheus rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl` |
| `brokerservice.ldap.binddn` | The domain name the broker service should bind to. In many cases this is the admin user from `identityservice.global.adminUser`. | `cn=admin,dc=dbrepo,dc=at` |
| `brokerservice.ldap.bindpw` | The password to bind on the identity service. In many cases this value is equal to `identityservice.global.adminPassword`. | `admin` |
| `brokerservice.ldap.uidField` | The field containing the user id. | `uid` |
| `brokerservice.ldap.basedn` | The base domain name containing the users. | `ou=users,dc=dbrepo,dc=at` |
| `brokerservice.ldap.userDnPattern` | The pattern to determine the user. | `${username}` |
| `brokerservice.extraPlugins` | The list of plugins to be activated. | `rabbitmq_prometheus rabbitmq_auth_backend_ldap rabbitmq_auth_mechanism_ssl` |
| `brokerservice.persistence.enabled` | If set to true, a PVC will be created. | `false` |
| `brokerservice.replicaCount` | The number of replicas. | `1` |
......@@ -175,7 +170,7 @@ The command removes all the Kubernetes components associated with the chart and
### Data Service
| Name | Description | Value |
| -------------------------------------------- | --------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------- |
| `dataservice.enabled` | Enable the Metadata Service. | `true` |
| `dataservice.endpoint` | The endpoint for the microservices. | `http://data-service` |
| `dataservice.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `false` |
......@@ -187,6 +182,8 @@ The command removes all the Kubernetes components associated with the chart and
| `dataservice.rabbitmq.consumerConcurrentMin` | The minimal number of RabbitMQ consumers. | `2` |
| `dataservice.rabbitmq.consumerConcurrentMax` | The maximal number of RabbitMQ consumers. | `6` |
| `dataservice.rabbitmq.requeueRejected` | If set to true, rejected tuples will be re-queued. | `false` |
| `dataservice.rabbitmq.consumer.username` | The username for the consumer to read tuples from the broker service. In many cases this value is equal to `identityservice.users`. | `admin` |
| `dataservice.rabbitmq.consumer.password` | The user password for the consumer to read tuples from the broker service. In many cases this value is equal to `identityservice.userPasswords`. | `admin` |
| `dataservice.s3.endpoint` | The S3-capable endpoint the microservice connects to. | `http://storageservice-s3:9000` |
| `dataservice.s3.auth.username` | The S3-capable endpoint username (or access key id). | `seaweedfsadmin` |
| `dataservice.s3.auth.password` | The S3-capable endpoint user password (or access key secret). | `seaweedfsadmin` |
......@@ -214,8 +211,11 @@ The command removes all the Kubernetes components associated with the chart and
| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | ----------------- |
| `identityservice.enabled` | Enable the Identity Service. | `true` |
| `identityservice.global.ldapDomain` | The LDAP domain name in domain "dbrepo.at" form or explicit in "dc=dbrepo,dc=at" form. | `dc=dbrepo,dc=at` |
| `identityservice.global.adminUser` | The admin username. | `admin` |
| `identityservice.global.adminPassword` | The admin user password. | `admin` |
| `identityservice.global.adminUser` | The admin username that is used to bind. | `admin` |
| `identityservice.global.adminPassword` | The admin user password that is used to bind. | `admin` |
| `identityservice.users` | The admin username for internal authentication. | `admin` |
| `identityservice.userPasswords` | The admin user password for internal authentication. | `admin` |
| `identityservice.group` | The group that contains the administrators for the broker service. | `system` |
| `identityservice.persistence.enabled` | If set to true, a PVC will be created. | `true` |
| `identityservice.replication.enabled` | If set to true, the pods required a cluster. Needs `replicaCount` to be `3` or higher (of 2n+1). | `false` |
| `identityservice.replicaCount` | The number of replicas. If `replicaCount` is set to more than 1, requires `replication.enabled` to be `true`. | `1` |
......
helm/dbrepo/values.schema.json
+ 61
48
View file @ 90d1d505
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"properties": {
"admin": {
"properties": {
"password": {
"type": "string"
},
"username": {
"type": "string"
}
},
"type": "object"
},
"analyseservice": {
"properties": {
"enabled": {
......@@ -185,17 +174,11 @@
},
"brokerservice": {
"properties": {
"advancedConfiguration": {
"advancedConfigurationExistingSecret": {
"type": "string"
},
"auth": {
"properties": {
"password": {
"type": "string"
},
"passwordHash": {
"type": "string"
},
"tls": {
"properties": {
"enabled": {
......@@ -212,9 +195,6 @@
}
},
"type": "object"
},
"username": {
"type": "string"
}
},
"type": "object"
......@@ -231,41 +211,54 @@
"exchangeName": {
"type": "string"
},
"extraConfiguration": {
"extraPlugins": {
"type": "string"
},
"extraPlugins": {
"fullnameOverride": {
"type": "string"
},
"extraVolumes": {
"items": {
"properties": {
"name": {
"host": {
"type": "string"
},
"secret": {
"image": {
"properties": {
"secretName": {
"type": "string"
"debug": {
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
"ldap": {
"properties": {
"authorisationEnabled": {
"type": "boolean"
},
"type": "array"
"basedn": {
"type": "string"
},
"fullnameOverride": {
"binddn": {
"type": "string"
},
"host": {
"bindpw": {
"type": "string"
},
"image": {
"properties": {
"debug": {
"enabled": {
"type": "boolean"
},
"port": {
"type": "integer"
},
"servers": {
"items": {
"type": "string"
},
"type": "array"
},
"uidField": {
"type": "string"
},
"userDnPattern": {
"type": "string"
}
},
"type": "object"
......@@ -633,6 +626,17 @@
},
"rabbitmq": {
"properties": {
"consumer": {
"properties": {
"password": {
"type": "string"
},
"username": {
"type": "string"
}
},
"type": "object"
},
"consumerConcurrentMax": {
"type": "integer"
},
......@@ -692,9 +696,6 @@
},
"identityservice": {
"properties": {
"customLdifCm": {
"type": "string"
},
"customSchemaFiles": {
"properties": {
"00-memberof.ldif": {
......@@ -717,8 +718,8 @@
"adminUser": {
"type": "string"
},
"existingSecret": {
"type": "string"
"configUserEnabled": {
"type": "boolean"
},
"ldapDomain": {
"type": "string"
......@@ -726,6 +727,9 @@
},
"type": "object"
},
"group": {
"type": "string"
},
"ltb-passwd": {
"properties": {
"ingress": {
......@@ -765,6 +769,12 @@
}
},
"type": "object"
},
"userPasswords": {
"type": "string"
},
"users": {
"type": "string"
}
},
"type": "object"
......@@ -1038,6 +1048,9 @@
"adminPassword": {
"type": "string"
},
"adminUsername": {
"type": "string"
},
"enabled": {
"type": "boolean"
}
......
helm/dbrepo/values.yaml
+ 9
10
View file @ 90d1d505
......@@ -279,35 +279,33 @@ brokerservice:
## @param brokerservice.connectionTimeout The connection timeout in ms.
connectionTimeout: 60000
ldap:
## @skip brokerservice.ldap.enabled
enabled: true
## @skip brokerservice.ldap.authorisationEnabled
authorisationEnabled: true
## @skip brokerservice.ldap.servers
servers:
- identity-service
## @skip brokerservice.ldap.port
port: 389
## @param brokerservice.ldap.binddn The domain name the broker service should bind to. In many cases this is the admin user from `identityservice.global.adminUser`.
binddn: cn=admin,dc=dbrepo,dc=at
## @param brokerservice.ldap.bindpw The password to bind on the identity service. In many cases this value is equal to `identityservice.global.adminPassword`.
bindpw: admin
## @param brokerservice.ldap.uidField The field containing the user id.
uidField: uid
## @param brokerservice.ldap.basedn The base domain name containing the users.
basedn: ou=users,dc=dbrepo,dc=at
## @param brokerservice.ldap.userDnPattern The pattern to determine the user.
userDnPattern: ${username}
auth:
username: broker
## @skip brokerservice.auth.tls
tls:
enabled: false
sslOptionsVerify: true
failIfNoPeerCert: true
existingSecret: ingress-cert
extraConfiguration: |
log.console = true
log.console.level = debug
default_vhost = dbrepo
default_user_tags.administrator = false
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*
## @skip brokerservice.advancedConfiguration
## @skip brokerservice.advancedConfigurationExistingSecret
advancedConfigurationExistingSecret: broker-service-secret
## @skip brokerservice.loadDefinition
loadDefinition:
......@@ -540,6 +538,7 @@ identityservice:
users: admin
## @param identityservice.userPasswords The admin user password for internal authentication.
userPasswords: admin
## @param identityservice.group The group that contains the administrators for the broker service.
group: system
## @skip identityservice.ltb-passwd
ltb-passwd:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment