it-at-m · klml · Jun 17, 2024 · May 15, 2024 · May 15, 2024 · May 24, 2024
@@ -0,0 +1,10 @@
+apiVersion: v2
+name: zammad-ldap-sync
+version: 0.1.0
+maintainers:
+  - name: klml
+    email: klml@muenchen.de
+home: https://github.com/it-at-m/helm-charts/tree/main/charts/zammad-ldap-sync
+icon: https://opensource.muenchen.de/assets/itm-logo-256.png
+sources:
+  - "https://github.com/it-at-m/helm-charts"
@@ -0,0 +1,26 @@
+# zammad-ldap-sync
+
+## Introduction
+
+This chart bootstraps an [zammad-ldap-sync](https://github.com/it-at-m/zammad-ldap-sync) cronjob deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+Install this chart using:
+
+```bash
+helm upgrade --install -f values.yaml zammad-ldap-sync charts/zammad-ldap-sync
+```
+
+The command deploys cronjob and additional configMap to start zammad-ldap-sync on kubernetes cluster. The [Configuration](#configuration) section lists the parameters that can be configured during installation. Use values.yaml ldapSync.configMap.yaml to configure zammad-ldap-sync application.yaml.
+A valid secret containing zammad token is not created and must be present.
+
+## Configuration
+
+| Key                                        | Type   | Default          | Description                                                                                                                                                                                                                                                |
+| ------------------------------------------ | ------ | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| ldapSync.cronjob.schedule                           | string | - | Valid crontab expression to start kubernetes cronjob                                                                                                                                                                                                                                 |
+| ldapSync.cronjob.secrets                   | Kubernetes secret   | -             | Kubernetes secret with key ZAMMAD_TOKEN                                                                                                                                                                                                                           |
+| ldapSync.configMap.name                    | Kubernetes configMap | - | Kubernetes configMap containing https://github.com/it-at-m/zammad-ldap-sync/blob/dev/src/main/resources/application.yaml.                                                                                                                                                                                                                                         |
+| ldapSync.configMap.yaml                                  | string | -             | application.yaml containing https://github.com/it-at-m/zammad-ldap-sync/blob/dev/src/main/resources/application.yaml.                                                                                                                                                                                                                                                 |
+
@@ -0,0 +1,9 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ .Values.ldapSync.configMap.name }}
+data:
+   {{- with .Values.ldapSync.configMap.yaml }}
+  application.yaml: |
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
@@ -0,0 +1,41 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: zammad-ldap-sync
+spec:
+  schedule: {{ .Values.ldapSync.cronjob.schedule | quote }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: zammad-ldap-sync
+            image: ghcr.io/it-at-m/zammad-ldap-sync:dev
+            imagePullPolicy: Always
+            envFrom:
+            - secretRef:
+                name: {{ .Values.ldapSync.cronjob.secret }}
+            volumeMounts:
+              ## truststore
+              - mountPath: /etc/pki/ca-trust/extracted/java
+                name: cacerts-lhm
+                readOnly: true
+              - name: properties-volume
+                subPath: application.yaml
+                mountPath: /deployments/application.yaml
+          volumes:
+            ## truststore
+            - name: cacerts-lhm
+              secret:
+                defaultMode: 420
+                secretName: cacerts-lhm
+                items:
+                  - key: cacerts-lhm
+                    path: cacerts
+            - name: properties-volume
+              configMap:
+                name: {{ .Values.ldapSync.configMap.name }}
+                items:
+                  - key: application.yaml
+                    path: application.yaml
+          restartPolicy: OnFailure
@@ -0,0 +1,40 @@
+ldapSync:
+  cronjob:
+    schedule: "0 2 * * *"
+  # Must be present.
+    secret: kubernetes-secret
+  configMap:
+  # Created by helm.
+    name: kubernets-configmap
+    yaml:
+      spring:
+        main:
+          web-application-type: none
+        profiles:
+      # Profile influences log output. May be you don't want to write ldap entries in your log files.
+          active: default,prod
+      ldap:
+        url: ldaps://...
+        user-search-base: ou=...
+        ou-search-base: o=...
+      sync:
+      # Every date-time-minus-day > 0 is converted to 'startDateTime - date-time-minus-day' to restrict ldap user search.
+        date-time-minus-day: 0
+      # List of LDAP distinguished name(s) to synchronize to zammad.
+        ou-bases:
+          - 'ou=...'
+      zammad:
+      # Zammad roles which must exist. Register role with correct role id.
+        assignment:
+          role:
+      # Default zammad role. Is created by zammad.
+            id-agent: 2
+      # Zammad role with permission ticket.agent. Must be created.
+            id-erstellen: 4
+      # Zammad role with permission ticket.agent. Must be created.
+            id-vollzugriff: 5
+        url:
+          base: http://zammad-nginx:8080/api/v1/
+          groups: groups
+          users: users
+          roles: roles