Version 1.4.x

Version 1.4.x#

This page shows the changelog for Nubus for Kubernetes 1.4.x.

Important

Bundled dependencies using Bitnami images (PostgreSQL, MinIO, Memcached) require configuration changes, because Bitnami migrated their repositories from docker.io/bitnami to docker.io/bitnamilegacy. Deployments that use external dependencies aren’t affected. For more information, see Bitnami GitHub issue #35164.

If you deploy these dependencies with Nubus, override the image repositories in your custom_values.yaml as shown in the following listing.

Listing 18 Adjust image repositories for bundled dependencies#
postgresql:
  image:
    repository: bitnamilegacy/postgresql
  provisioning:
    image:
      repository: bitnamilegacy/postgresql
minio:
  image:
    repository: bitnamilegacy/minio
nubusUmcServer:
  memcached:
    image:
      repository: bitnamilegacy/memcached

Version 1.4.0 - 2024-12-02#

This is the second production release of Nubus for Kubernetes. The versions 1.1.0 to 1.3.0 have been technical releases, and weren’t intended for public use. This document includes and lists the changes for the versions 1.1.0 to 1.3.0.

Important

For existing deployments, read the Secret management migration section before you deploy this version and conduct the proper preparation.

Upgrade path

For the upgrade to version 1.4.0, your deployment must run on version 1.0.0. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].

Added#

Add support for encrypted connection to the PostgreSQL database in the Keycloak Extensions. The encrypted connection allows the use of custom certificate authority (CA) certificates.

Set these Helm values to configure an encrypted connection to the PostgreSQL database for Keycloak Extensions:

See also

Enable encrypted connection to database

in Univention Nubus for Kubernetes - Operation Manual [1] for how to configure an encrypted connection to the PostgreSQL database for the Keycloak Extensions.

Changed#

  • Change the UMC Server and the UMC Gateway in the Management UI to use RollingUpdate as default update strategy for these Kubernetes pods.

  • Change the default behavior for the following items related to the Management UI:

    Deactivate User template

    When creating a user object in the Management UI, the wizard used the Self Service Registration Template.

    The wizard now uses no template by default.

    Deactivate email invitation for created user objects

    When creating a user object in the Management UI, by default the wizard prompted the administrator for the user’s email address, and activated the checkbox for sending an email invitation.

    By default, the wizard now prompts for the initial user password and deactivates the email invitation checkbox. If you want to send an invitation email during the user creation process, you can activate the email invitation checkbox and the wizard prompts for the user’s email address.

    Activate the automatic search

    When opening the users module in the Management UI, the module didn’t show any users by default until the first search.

    When you open the users module in the Management UI, it now performs a first search by default and displays user objects.

  • After changing the theme and branding of the Portal Frontend the respective Kubernetes pods reload automatically.

  • Change the Secret management in Nubus. All components use a standardized Secret management across components with the existingSecret pattern in Listing 19.

    To adjust your existing values file, see Secret management migration.

    Listing 19 Configuration pattern for secrets using existingSecret#
    existingSecret:
  name: "<secret-name>"
  keyMapping:
    key1: "<value1>"

Removed#

  • Remove releaseNameOverride from the Helm Chart.

Secret management migration#

Nubus for Kubernetes version 1.4.0 changed the pattern for the configuration of existing secret objects. This section describes the needed actions to prepare your Nubus deployment before you deploy version 1.4.0.

Auto-generated secrets

You use auto-generated secrets if you haven’t configured any credentialSecret or existingSecret sections in your custom_values.yaml values file.

If your deployment falls into this category, you don’t need to change anything regarding secret management.

Existing secrets

You use existing secrets, if you have configured credentialSecret sections in your custom_values.yaml value file. Go through your values file and verify the values.

Tip

To keep the listing brief, the following lists show values like existingSecret.name. They refer to the whole pattern as outlined in Listing 19.

And for credentialSecret it also refers to its subsection credentialSecret.key.

This version adds the following values to the Helm Chart:

This version changes the following values in the Helm Chart:

See also

Secrets in Nubus for Kubernetes

in Univention Nubus for Kubernetes - Operation Manual [1] for information about the different options.

On this page