Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Prerequisites

Preparations

Secrets for the TLS certificate and credentials for the image registry

Create a file named “tls-secret.yaml”, using this template:

apiVersion: v1
data:
  tls.crt: <Complete TLS certificate chain, base64 encoded>
  tls.key: <TLS certificate key, base64 encoded>
kind: Secret
metadata:
  name: cdcm-certs
type: kubernetes.io/tls

Apply the secret:

sudo kubectl apply -f tls-secret.yaml -n cdcm

Create a file “regcred-secret.yaml”, using this template:

apiVersion: v1
data:
  .dockerconfigjson: <Base64 encoded image registry credentials>
kind: Secret
metadata:
  name: regcred
type: kubernetes.io/dockerconfigjson

Apply the secret:

sudo kubectl apply -f regcred-secret.yaml -n cdcm

Add the chart repo

sudo helm repo add cdcm https://repo.secure.mid.de/chartrepo/cdcm --username <user> --password <password> && sudo helm repo update

Customize values file

Create a file “values.yaml”, using this template

global:
  domain: "<your domain>"
env:
  hosts:
  cdcm:
    subdomain: "<your subdomain>"
    port: "8080"
  mongoConnectionString: "mongodb+srv://USER:PASSWORD@<MongoDB Atlas cluster adress>/?retryWrites=true&w=majority&appName=Cluster0"
  oauth10a:
    active: true
    enabled: true
    outbound:
      details:
        - name: "mid-jts-outbound"
          protectedUrlRoots: "" #multiple entries, comma seperated
          consumerKey: "consumer-key"
          consumerSecret: "secret"
          rootServices: "https://elmdemo.smartfacts.com:9443/jts/rootservices"
    inbound:
      realm-name: ""
  spacesData: '[{"key": "name of database","title": "Space title"}]'
  authClientId: "cdcm"
  authClientSecret: "client_secret"
  authIssuerUri: ""
  authUri: ""
  authTokenUri: ""
  authUserInfoUri: ""
  authJwkSetUri: ""
  authUsePkce: false # Indicates whether Proof Key for Code Exchange (PKCE) is used
  authClientRolesAttribute: "roles" # Attribute name for client roles
  authUserIdAttribute: "sub" # Attribute name for user ID
  authUserNameAttribute: "name" # Attribute name for user name
  authFirstNameAttribute: "given_name" # Attribute name for user's first name
  authLastNameAttribute: "family_name" # Attribute name for user's last name
  authMailAttribute: "email" # Attribute name for user's email address
  jwtIssuerUri: ""
  oauth10a:
  active: true
  enabled: true
  outbound:
    details:
      - name: "mid-jts-outbound"
        protectedUrlRoots: "" #multiple entries, comma seperated
        consumerKey: "consumer-key"
        consumerSecret: "secret"
        rootServices: ""
  inbound:
    realm-name: ""

All Environment variables are documented on a separate page.

OAuth10a Configuration

Parameter

Type

Required?

Description

oauth10a.active

Boolean

Yes

If set to active the technical preconditions in order to process OAuth10a requests will be applied by the application

oauth10a.enabled

Boolean

Yes

Enables or disables use of OAuth1.0a

oauth10a.outbound.details.name

String

Yes

The name of the OAuth10a connection. Serves as a unique identifier for this configuration.

oauth10a.outbound.details.protectedUrlRoots

String (List)

No

List of protected URL roots, separated by commas. Leave empty if not applicable.

oauth10a.outbound.details.consumerKey

String

Yes

The consumer key for OAuth10a authentication. Used to identify the application.

oauth10a.outbound.details.consumerSecret

String

Yes

The consumer secret for OAuth10a authentication. Used to verify the application.

oauth10a.outbound.details.rootServices

String

No

Base URLs or services to be accessed. Leave empty if not applicable.

Install CDCM

helm upgrade --install --timeout 1m0s cdcm cdcm/cdcm -f values.yaml --version 1.0.6 -n cdcm --create-namespace --debug

Watch Deployment (in a new Session)

Open a second session on the server and enter the following command:

sudo watch kubectl get deployments -n cdcm

As soon as all deployments are available, the installation is ready.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.