Prerequisites

Kubernetes or Openshift Cluster
TLS certificate chain and key
Credentials of and access to MID chart repository
Credentials of and access to MID Docker repository

Preparations

Secrets for the TLS certificate and credentials for the image registry

Create a file named “tls-secret.yaml”, using this template:

apiVersion: v1
data:
  tls.crt: <Complete TLS certificate chain, base64 encoded>
  tls.key: <TLS certificate key, base64 encoded>
kind: Secret
metadata:
  name: cdcm-certs
type: kubernetes.io/tls

Apply the secret:

sudo kubectl apply -f tls-secret.yaml -n cdcm

Create a file “regcred-secret.yaml”, using this template:

apiVersion: v1
data:
  .dockerconfigjson: <Base64 encoded image registry credentials>
kind: Secret
metadata:
  name: regcred
type: kubernetes.io/dockerconfigjson

Apply the secret:

sudo kubectl apply -f regcred-secret.yaml -n cdcm

Add the chart repo

sudo helm repo add cdcm https://repo.secure.mid.de/chartrepo/cdcm --username <user> --password <password> && sudo helm repo update

Customize values file

Create a file “values.yaml”, using this template

global:
  domain: "<your domain>"
env:
  hosts:
  cdcm:
    subdomain: "<your subdomain>"
    port: "8080"
  mongoConnectionString: "mongodb+srv://USER:PASSWORD@<MongoDB Atlas cluster adress>/?retryWrites=true&w=majority&appName=Cluster0"
  oauth10a:
    active: true
    enabled: true
    outbound:
      details:
        - name: "mid-jts-outbound"
          protectedUrlRoots: "" #multiple entries, comma seperated
          consumerKey: "consumer-key"
          consumerSecret: "secret"
          rootServices: "https://elmdemo.smartfacts.com:9443/jts/rootservices"
    inbound:
      realm-name: ""
  spacesData: '[{"key": "name of database","title": "Space title"}]'
  authClientId: "cdcm"
  authClientSecret: "client_secret"
  authIssuerUri: ""
  authUri: ""
  authTokenUri: ""
  authUserInfoUri: ""
  authJwkSetUri: ""
  authUsePkce: false # Indicates whether Proof Key for Code Exchange (PKCE) is used
  authClientRolesAttribute: "roles" # Attribute name for client roles
  authUserIdAttribute: "sub" # Attribute name for user ID
  authUserNameAttribute: "name" # Attribute name for user name
  authFirstNameAttribute: "given_name" # Attribute name for user's first name
  authLastNameAttribute: "family_name" # Attribute name for user's last name
  authMailAttribute: "email" # Attribute name for user's email address
  jwtIssuerUri: ""
  oauth10a:
  active: true
  enabled: true
  outbound:
    details:
      - name: "mid-jts-outbound"
        protectedUrlRoots: "" #multiple entries, comma seperated
        consumerKey: "consumer-key"
        consumerSecret: "secret"
        rootServices: ""
  inbound:
    realm-name: ""

The environment variables for the authentication block are documented in Environment variables

Install CDCM

helm upgrade --install --timeout 1m0s cdcm cdcm/cdcm -f values.yaml --version 1.0.6 -n cdcm --create-namespace --debug

Watch Deployment (in a new Session)

Open a second session on the server and enter the following command:

sudo watch kubectl get deployments -n cdcm

As soon as all deployments are available, the installation is ready.

Deploy the CDCM Software