Prerequisites
Kubernetes or Openshift Cluster
TLS certificate chain and key
Credentials of and access to MID chart repository
Credentials of and access to MID Docker repository
Preparations
Secrets for the TLS
...
Certificate and
...
Credentials for the
...
Image Registry
Create a file named “tls-secret.yaml”, using this template:
| Code Block |
|---|
apiVersion: v1 data: tls.crt: <Complete TLS certificate chain, base64 encoded> tls.key: <TLS certificate key, base64 encoded> kind: Secret metadata: name: cdcm-certs type: kubernetes.io/tls |
Apply the secret:
| Code Block |
|---|
sudo kubectl apply -f tls-secret.yaml -n cdcm |
Create a file “regcred-secret.yaml”, using this template:
| Code Block |
|---|
apiVersion: v1 data: .dockerconfigjson: <Base64 encoded image registry credentials> kind: Secret metadata: name: regcred type: kubernetes.io/dockerconfigjson |
Apply the secret:
| Code Block |
|---|
sudo kubectl apply -f regcred-secret.yaml -n cdcm |
Add the chart repo
| Code Block |
|---|
sudo helm repo add cdcm https://repo.secure.mid.de/chartrepo/cdcm --username <user> --password <password> && sudo helm repo update |
Customize
...
Values File
Create a file “values.yaml”, using this template
| Code Block |
|---|
global:
domain: "<your domain>"
env:
hosts:
cdcm:
subdomain: "<your subdomain>"
port: "8080"
mongoConnectionString: "mongodb+srv://USER:PASSWORD@<MongoDB Atlas cluster adress>/?retryWrites=true&w=majority&appName=Cluster0"
oauth10a:
active: true
enabled: true
outbound:
details:
- name: "mid-jts-outbound"
protectedUrlRoots: "" #multiple entries, comma seperated
consumerKey: "consumer-key"
consumerSecret: "secret"
rootServices: "https://elmdemo.smartfacts.com:9443/jts/rootservices"
inbound:
realm-name: ""
spacesData: '[{"key": "name of database","title": "Space title"}]'
authClientId: "cdcm"
authClientSecret: "client_secret"
authIssuerUri: ""
authUri: ""
authTokenUri: ""
authUserInfoUri: ""
authJwkSetUri: ""
authUsePkce: false # Indicates whether Proof Key for Code Exchange (PKCE) is used
authClientRolesAttribute: "roles" # Attribute name for client roles
authUserIdAttribute: "sub" # Attribute name for user ID
authUserNameAttribute: "name" # Attribute name for user name
authFirstNameAttribute: "given_name" # Attribute name for user's first name
authLastNameAttribute: "family_name" # Attribute name for user's last name
authMailAttribute: "email" # Attribute name for user's email address
jwtIssuerUri: ""
oauth10a:
active: true
enabled: true
outbound:
details:
- name: "mid-jts-outbound"
protectedUrlRoots: "" #multiple entries, comma seperated
consumerKey: "consumer-key"
consumerSecret: "secret"
rootServices: ""
inbound:
realm-name: "" |
| Expand | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
|
OAuth10a Configuration
...
Parameter
...
Type
...
Required?
...
Description
...
oauth10a.active
...
Boolean
...
Yes
...
If set to active the technical preconditions in order to process OAuth10a requests will be applied by the application
...
oauth10a.enabled
...
Boolean
...
Yes
...
Enables or disables use of OAuth1.0a
...
oauth10a.outbound.details.name
...
String
...
Yes
...
The name of the OAuth10a connection. Serves as a unique identifier for this configuration.
...
oauth10a.outbound.details.protectedUrlRoots
...
String (List)
...
No
...
List of protected URL roots, separated by commas. Leave empty if not applicable.
...
oauth10a.outbound.details.consumerKey
...
String
...
Yes
...
The consumer key for OAuth10a authentication. Used to identify the application.
...
oauth10a.outbound.details.consumerSecret
...
String
...
Yes
...
The consumer secret for OAuth10a authentication. Used to verify the application.
...
oauth10a.outbound.details.rootServices
...
String
...
No
...
Install CDCM
| Code Block |
|---|
helm upgrade --install --timeout 1m0s cdcm cdcm/cdcm -f values.yaml --version 1.0.6 -n cdcm --create-namespace --debug |
Watch Deployment (in a new Session)
Open a second session on the server and enter the following command:
...