Version 1.4.x#
This page shows the changelog for Nubus for Kubernetes 1.4.x.
Version 1.4.0 - 2024-12-02#
This is the second production release of Nubus for Kubernetes. The versions 1.1.0 to 1.3.0 have been technical releases, and weren’t intended for public use. This document includes and lists the changes for the versions 1.1.0 to 1.3.0.
Important
For existing deployments, read the Secret management migration section before you deploy this version and conduct the proper preparation.
Upgrade path
For the upgrade to version 1.4.0, your deployment must run on version 1.0.0. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].
Added#
Add support for encrypted connection to the PostgreSQL database in the Keycloak Extensions. The encrypted connection allows the use of custom certificate authority (CA) certificates.
Set these Helm values to configure an encrypted connection to the PostgreSQL database for Keycloak Extensions:
See also
- Enable encrypted connection to database
in Univention Nubus for Kubernetes - Operation Manual [1] for how to configure an encrypted connection to the PostgreSQL database for the Keycloak Extensions.
Changed#
Change the UMC Server and the UMC Gateway in the Management UI to use RollingUpdate as default update strategy for these Kubernetes pods.
Change the default behavior for the following items related to the Management UI:
- Deactivate User template
When creating a user object in the Management UI, the wizard used the Self Service Registration Template.
The wizard now uses no template by default.
- Deactivate email invitation for created user objects
When creating a user object in the Management UI, by default the wizard prompted the administrator for the user’s email address, and activated the checkbox for sending an email invitation.
By default, the wizard now prompts for the initial user password and deactivates the email invitation checkbox. If you want to send an invitation email during the user creation process, you can activate the email invitation checkbox and the wizard prompts for the user’s email address.
- Activate the automatic search
When opening the users module in the Management UI, the module didn’t show any users by default until the first search.
When you open the users module in the Management UI, it now performs a first search by default and displays user objects.
After changing the theme and branding of the Portal Frontend the respective Kubernetes pods reload automatically.
Change the Secret management in Nubus. All components use a standardized Secret management across components with the
existingSecretpattern in Listing 10.To adjust your existing values file, see Secret management migration.
existingSecret: name: "<secret-name>" keyMapping: key1: "<value1>"
Removed#
Remove
releaseNameOverridefrom the Helm Chart.
Secret management migration#
Nubus for Kubernetes version 1.4.0 changed the pattern for the configuration of existing secret objects.
This section describes the needed actions to prepare your Nubus deployment
before you deploy version 1.4.0.
- Auto-generated secrets
You use auto-generated secrets if you haven’t configured any
credentialSecretorexistingSecretsections in yourcustom_values.yamlvalues file.If your deployment falls into this category, you don’t need to change anything regarding secret management.
- Existing secrets
You use existing secrets, if you have configured
credentialSecretsections in yourcustom_values.yamlvalue file. Go through your values file and verify the values.Tip
To keep the listing brief, the following lists show values like
existingSecret.name. They refer to the whole pattern as outlined in Listing 10.And for
credentialSecretit also refers to its subsectioncredentialSecret.key.This version adds the following values to the Helm Chart:
global.ldap.auth.cnAdmin.existingSecret.namenubusProvisioning.ldap.auth.existingSecret.namenubusProvisioning.registerConsumers.createUsers.portalConsumer.existingSecret.namenubusProvisioning.registerConsumers.createUsers.selfserviceConsumer.existingSecret.namenubusProvisioning.udmTransformer.nats.auth.existingSecret.namenubusUmcServer.ldap.existingSecret.namenubusUmcServer.smtp.existingSecret.name
This version changes the following values in the Helm Chart:
keycloak.postgresql.auth.credentialSecrettokeycloak.postgresql.auth.existingSecret.namenubusNotificationsApi.postgresql.auth.credentialSecrettonubusNotificationsApi.postgresql.auth.existingSecret.namenubusProvisioning.dispatcher.nats.connection.password.secretKeyRef.keytonubusProvisioning.dispatcher.nats.auth.existingSecret.namenubusProvisioning.prefill.nats.connection.password.secretKeyRef.keytonubusProvisioning.prefill.nats.auth.existingSecret.namenubusUdmRestApi.ldap.connection.auth.credentialSecret.keytonubusUdmRestApi.udmRestApi.ldap.auth.existingSecret.namenubusUmcServer.postgresl.auth.credentialSecrettonubusUmcServer.postgresql.auth.existingSecret.namenubusUmcServer.memcached.auth.credentialSecrettonubusUmcServer.memcached.auth.existingSecret.namenubusKeycloakExtensions.smtp.auth.credentialSecrettonubusKeycloakExtensions.smtp.auth.existingSecret.namenubusKeycloakExtensions.keycloak.auth.credentialSecrettonubusKeycloakExtensions.keycloak.auth.existingSecret.namenubusKeycloakExtensions.postgresql.auth.credentialSecrettonubusKeycloakExtensions.postgresql.auth.existingSecret.name
See also
- Secrets in Nubus for Kubernetes
in Univention Nubus for Kubernetes - Operation Manual [1] for information about the different options.