wireapp · julialongtin · Jun 24, 2022 · Oct 7, 2021 · Oct 7, 2021 · Oct 7, 2021
@@ -0,0 +1 @@
+make the ldap-scim-bridge chart deployable once per team, and improve docs.
@@ -15,3 +15,72 @@ The kubernetes cronjob resource will spawn a new `ldap-scim-bridge-XXXXXX` pod e
 kubectl get pods -n wire
 kubectl logs ldap-scim-bridge-XXXXXX -n wire
 ```
+# with AD
+
+## Add Certificate
+add your certificate until it looks like the following:
+
+```
+ucc@s-admin-host:~/Wire-Server$ d kubectl describe configmap ca-ad-pemstore
+Name:         ca-ad-pemstore
+Namespace:    default
+Labels:       <none>
+Annotations:  <none>
+
+Data
+====
+ad-root.crt:
+----
+-----BEGIN CERTIFICATE-----
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+<CERTIFICATE DATA GOES HERE>
+-----END CERTIFICATE-----
+
+Events:  <none>
+```
+
+## use certificate
+
+add the following patch after deployment to use the AD certificate.
+kubectl patch cronjob ldap-scim-bridge-team-1 "$(cat add-ad-patch.patch)"
+```
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: ldap-scim-bridge
+            volumeMounts:
+            - name: ca-ad-pemstore
+	          mountPath: /etc/ssl/certs/ad-root.crt
+	          subPath: ad-root.crt
+	          readOnly: false
+	    volumes:
+	    - name: ca-ad-pemstore
+	      configMap:
+	        name: ca-ad-pemstore
+```
@@ -1,7 +1,7 @@
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
-  name: ldap-scim-bridge
+  name: {{ .Release.Name }}
   labels:
     app: ldap-scim-bridge
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@@ -26,7 +26,7 @@ spec:
           volumes:
             - name: "ldap-scim-bridge-config"
               secret:
-                secretName: "ldap-scim-bridge"
+                secretName: {{ .Release.Name }}
           containers:
             - name: ldap-scim-bridge
               image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: ldap-scim-bridge
+  name: {{ .Release.Name }}
   labels:
     app: ldap-scim-bridge
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"

@@ -1,42 +1,44 @@
 image:
   repository: quay.io/wire/ldap-scim-bridge
-  tag: 0.2
+  tag: 0.4
 resources:
   requests:
     memory: "256Mi"
     cpu: "100m"
   limits:
-    memory: "512Mi"
+    # based on observation - 20211004 - JEL
+    memory: "1750Mi"
     cpu: "500m"
 # https://v1-19.docs.kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule
-# schedule: "@hourly"
-schedule: "*/1 * * * *"
+# based on observation - 20211004 - JEL
+schedule: "*/5 * * * *"
 # https://github.com/wireapp/ldap-scim-bridge
-config:
-  logLevel: "Debug"  # one of Trace,Debug,Info,Warn,Error,Fatal; `Fatal` is least noisy, `Trace` most.
-  ldapSource:
-    tls: false
-    host: "openldap"
-    port: 389
-    dn: "cn=admin,dc=nodomain"
-    password: "admin"
-    search:
-      base: "ou=People,dc=nodomain"
-      objectClass: "account"
-    codec: "utf8"
-    deleteOnAttribute:  # optional, related to `delete-from-directory`.
-      key: "deleted"
-      value: "true"
-    deleteFromDirectory:  # optional; ok to use together with `delete-on-attribute` if you use both.
-      base: "ou=DeletedPeople,dc=nodomain"
-      objectClass: "account"
-  scimTarget:
-    tls: false
-    host: "spar"
-    port: 8080
-    path: "/scim/v2"
-    token: "Bearer U6DRfAcwsvCg9eBStJWtiHu/XqTB1iVDcvNcsuftvqk="
-  mapping:
-    userName: "uidNumber"
-    externalId: "uid"
-    email: "email"
+#config:
+#  logLevel: "Debug"  # one of Trace,Debug,Info,Warn,Error,Fatal; `Fatal` is least noisy, `Trace` most.
+#  ldapSource:
+#    tls: false
+#    host: "openldap"
+#    port: 389
+#    dn: "cn=admin,dc=nodomain"
+#    password: "admin"
+#    search:
+#      base: "ou=People,dc=nodomain"
+#      objectClass: "account"
+#    codec: "utf8"
+#    deleteOnAttribute:  # optional, related to `delete-from-directory`.
+#      key: "deleted"
+#      value: "true"
+#    deleteFromDirectory:  # optional; ok to use together with `delete-on-attribute` if you use both.
+#      base: "ou=DeletedPeople,dc=nodomain"
+#      objectClass: "account"
+#  scimTarget:
+#    tls: false
+#    host: "spar"
+#    port: 8080
+#    path: "/scim/v2"
+#    token: "Bearer U6DRfAcwsvCg9eBStJWtiHu/XqTB1iVDcvNcsuftvqk="
+#  mapping:
+#   displayName: "displayName"
+#    userName: "uidNumber"
+#    externalId: "uid"
+#    email: "email"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		make the ldap-scim-bridge chart deployable once per team, and improve docs.