Prerequisites
Kubernetes or Openshift Cluster
TLS certificate chain and key
Credentials of and access to MID chart repository
Credentials of and access to MID Docker repository
Preparations
Secrets for the TLS
...
Certificate and
...
Credentials for the
...
Image Registry
Create a file named “tls-secret.yaml”, using this template:
Code Block |
---|
apiVersion: v1 data: tls.crt: <Complete TLS certificate chain, base64 encoded> tls.key: <TLS certificate key, base64 encoded> kind: Secret metadata: name: cdcm-certs type: kubernetes.io/tls |
Apply the secret:
Code Block |
---|
sudo kubectl apply -f tls-secret.yaml -n cdcm |
Create a file “regcred-secret.yaml”, using this template:
Code Block |
---|
apiVersion: v1 data: .dockerconfigjson: <Base64 encoded image registry credentials> kind: Secret metadata: name: regcred type: kubernetes.io/dockerconfigjson |
Apply the secret:
Code Block |
---|
sudo kubectl apply -f regcred-secret.yaml -n cdcm |
Add the chart repo
Code Block |
---|
sudo helm repo add cdcm https://repo.secure.mid.de/chartrepo/cdcm --username <user> --password <password> && sudo helm repo update |
Customize
...
Values File
Create a file “values.yaml”, using this template
Code Block | ||
---|---|---|
| ||
global: domain: "<your domain>" env: hosts: cdcm: subdomain: "<your subdomain>" port: "8080" mongoConnectionString: "mongodb+srv://USER:PASSWORD@<MongoDB Atlas cluster adress>/?retryWrites=true&w=majority&appName=Cluster0" oauth10a: active: true enabled: true outbound: details: - name: "mid-jts-outbound" protectedUrlRoots: "" #multiple entries, comma seperated consumerKey: "consumer-key" consumerSecret: "secret" rootServices: "https://elmdemo.smartfacts.com:9443/jts/rootservices" inbound: realm-name: "" spacesData: '[{"key": "name of database","title": "Space title"}]' authClientId: "cdcm" authClientSecret: "client_secret" authIssuerUri: "" authUri: "" authTokenUri: "" authUserInfoUri: "" authJwkSetUri: "" authUsePkce: false # Indicates whether Proof Key for Code Exchange (PKCE) is used authClientRolesAttribute: "roles" # Attribute name for client roles authUserIdAttribute: "sub" # Attribute name for user ID authUserNameAttribute: "name" # Attribute name for user name authFirstNameAttribute: "given_name" # Attribute name for user's first name authLastNameAttribute: "family_name" # Attribute name for user's last name authMailAttribute: "email" # Attribute name for user's email address jwtIssuerUri: "" oauth10a: active: true enabled: true outbound: details: - name: "mid-jts-outbound" protectedUrlRoots: "" #multiple entries, comma seperated consumerKey: "consumer-key" consumerSecret: "secret" rootServices: "" inbound: realm-name: "" |
Expand | ||||
---|---|---|---|---|
| ||||
|
...
|
...
|
...
OAuth10a Configuration
...
Parameter
...
Type
...
Required?
...
Description
...
oauth10a
.active
...
Boolean
...
Yes
...
If set to active the technical preconditions in order to process OAuth10a requests will be applied by the application
...
oauth10a
.enabled
...
Boolean
...
Yes
...
Enables or disables use of OAuth1.0a
...
oauth10a
.outbound
.details.name
...
String
...
Yes
...
The name of the OAuth10a connection. Serves as a unique identifier for this configuration.
...
oauth10a
.outbound
.details.protectedUrlRoots
...
String (List)
...
No
...
List of protected URL roots, separated by commas. Leave empty if not applicable.
...
oauth10a
.outbound
.details.consumerKey
...
String
...
Yes
...
The consumer key for OAuth10a authentication. Used to identify the application.
...
oauth10a
.outbound.details.consumerSecret
...
String
...
Yes
...
The consumer secret for OAuth10a authentication. Used to verify the application.
...
oauth10a
.outbound
.details.rootServices
...
String
...
No
...
Install CDCM
Code Block |
---|
helm upgrade --install --timeout 1m0s cdcm cdcm/cdcm -f values.yaml --version 1.0.6 -n cdcm --create-namespace --debug |
Watch Deployment (in a new Session)
Open a second session on the server and enter the following command:
...