Prerequisites
Kubernetes or Openshift Cluster
TLS certificate chain and key
Credentials of and access to MID chart repository
Credentials of and access to MID Docker repository
Preparations
Secrets for the TLS certificate and credentials for the image registry
Create a file named “tls-secret.yaml”, using this template:
apiVersion: v1 data: tls.crt: <Complete TLS certificate chain, base64 encoded> tls.key: <TLS certificate key, base64 encoded> kind: Secret metadata: name: cdcm-certs type: kubernetes.io/tls
Apply the secret:
sudo kubectl apply -f tls-secret.yaml -n cdcm
Create a file “regcred-secret.yaml”, using this template:
apiVersion: v1 data: .dockerconfigjson: <Base64 encoded image registry credentials> kind: Secret metadata: name: regcred type: kubernetes.io/dockerconfigjson
Apply the secret:
sudo kubectl apply -f regcred-secret.yaml -n cdcm
Add the chart repo
sudo helm repo add cdcm https://repo.secure.mid.de/chartrepo/cdcm --username <user> --password <password> && sudo helm repo update
Customize values file
Create a file “values.yaml”, using this template
global:
domain: "<your domain>"
env:
hosts:
cdcm:
subdomain: "<your subdomain>"
port: "8080"
mongoConnectionString: "mongodb+srv://USER:PASSWORD@<MongoDB Atlas cluster adress>/?retryWrites=true&w=majority&appName=Cluster0"
oauth10a:
active: true
enabled: true
outbound:
details:
- name: "mid-jts-outbound"
protectedUrlRoots: "" #multiple entries, comma seperated
consumerKey: "consumer-key"
consumerSecret: "secret"
rootServices: "https://elmdemo.smartfacts.com:9443/jts/rootservices"
inbound:
realm-name: ""
spacesData: '[{"key": "name of database","title": "Space title"}]'
authClientId: "cdcm"
authClientSecret: "client_secret"
authIssuerUri: ""
authUri: ""
authTokenUri: ""
authUserInfoUri: ""
authJwkSetUri: ""
authUsePkce: false # Indicates whether Proof Key for Code Exchange (PKCE) is used
authClientRolesAttribute: "roles" # Attribute name for client roles
authUserIdAttribute: "sub" # Attribute name for user ID
authUserNameAttribute: "name" # Attribute name for user name
authFirstNameAttribute: "given_name" # Attribute name for user's first name
authLastNameAttribute: "family_name" # Attribute name for user's last name
authMailAttribute: "email" # Attribute name for user's email address
jwtIssuerUri: ""
oauth10a:
active: true
enabled: true
outbound:
details:
- name: "mid-jts-outbound"
protectedUrlRoots: "" #multiple entries, comma seperated
consumerKey: "consumer-key"
consumerSecret: "secret"
rootServices: ""
inbound:
realm-name: ""
The environment variables for the authentication block are documented in Environment variables
OAuth10a Configuration
Parameter | Type | Required? | Description |
|---|---|---|---|
| Boolean | Yes | If set to active the technical preconditions in order to process OAuth10a requests will be applied by the application |
| Boolean | Yes | Enables or disables use of OAuth1.0a |
| String | Yes | The name of the OAuth10a connection. Serves as a unique identifier for this configuration. |
| String (List) | No | List of protected URL roots, separated by commas. Leave empty if not applicable. |
| String | Yes | The consumer key for OAuth10a authentication. Used to identify the application. |
| String | Yes | The consumer secret for OAuth10a authentication. Used to verify the application. |
| String | No | Base URLs or services to be accessed. Leave empty if not applicable. |
Install CDCM
helm upgrade --install --timeout 1m0s cdcm cdcm/cdcm -f values.yaml --version 1.0.6 -n cdcm --create-namespace --debug
Watch Deployment (in a new Session)
Open a second session on the server and enter the following command:
sudo watch kubectl get deployments -n cdcm
As soon as all deployments are available, the installation is ready.
0 Comments