Version 1.6.x

This page shows the changelog for Nubus for Kubernetes 1.6.x.

Version 1.6.0 - 2025-01-21

This is the forth production release of Nubus for Kubernetes.

Before you run the upgrade, you need to prepare your values file:

1. If you explicitly configure ingress.enabled, replace it with the new variables.

2. If you configured an external, S3-compatible object storage, rename your Helm variables as described in change about the configuration setup for S3-compatible object storage, and remove global variables.

Upgrade path

For the upgrade to version 1.6.0, your deployment must run on version 1.5.1. For the general steps to upgrade an existing Nubus for Kubernetes deployment, see Upgrade in Univention Nubus for Kubernetes - Operation Manual [1].

Added

• Enable the Authorization Service with the Guardian and upgrade it to version 3.0.0. nubusGuardian.enabled is true by default. The Guardian 3.0.0 works with Keycloak >= 25.0.0.

• Add nubusStackDataUms.dataLoader.enabled to the Helm Chart values for Stack Data UMS.

Changed

• Change the UCS base image to the version from 2024-12-12.

• Change the keycloak-bootstrap Kubernetes pod to no longer use Helm hooks that caused issues with ArgoCD and similar deployment strategies. keycloak-bootstrap uses an initialization container instead to wait for the availability of the Keycloak API.

• Change the global ingress configuration and split ingress.enabled to ingress.favicon.enabled and ingress.minio.enabled.

  If you have ingress.enabled explicitly configured in your custom_values.yaml values file, you need to add the before mentioned values and remove ingress.enabled before you run the upgrade. If you use an external S3-compatible object storage, you need to set ingress.minio.enabled to false.

• Change the configuration setup for S3-compatible object storage in Portal Consumer, Portal Server, Stack Data UMS. The change now allows to connect to S3-compatible object storage that’s outside the Kubernetes cluster where Nubus runs.

  The endpoints refer to the complete URL to the object storage, for example https://external-storage.example.com:9000, and includes the protocol, host, and port.

  You may need to change the following Helm Chart values before you run the upgrade.

  Portal Consumer

  Rename nubusPortalConsumer.portalConsumer.objectStorageBucket to nubusPortalConsumer.objectStorage.bucketName.

  Rename nubusPortalConsumer.portalConsumer.objectStorageEndpoint to nubusPortalConsumer.objectStorage.endpoint.

  Add nubusPortalConsumer.portalConsumer.assetsBaseUrl. Define the complete base URL to the assets folder in your S3-compatible object storage, for example https://external-storage.example.com/assets-bucket/.

  Remove global Helm Chart values for S3-compatible object storage, because the structure was inconsistent and the implementation incomplete:

  • global.objectStorage.bucket

  • global.objectStorage.connection.endpoint

  • global.objectStorage.connection.host

  • global.objectStorage.connection.port

  • global.objectStorage.connection.protocol

  The consolidated dictionary is nubusPortalConsumer.objectStorage.*.

  Portal Server

  Rename nubusPortalServer.portalServer.objectStorageBucket to nubusPortalServer.objectStorage.bucketName.

  Rename nubusPortalServer.portalServer.objectStorageEndpoint to nubusPortalServer.objectStorage.endpoint.

  Stack Data UMS

  Rename nubusStackDataUms.nubusPortalConsumer.portalConsumer.objectStorageBucket to nubusStackDataUms.nubusPortalConsumer.objectStorage.bucketName.

  Rename nubusStackDataUms.nubusPortalServer.portalServer.objectStorageBucket to nubusStackDataUms.nubusPortalServer.objectStorage.bucketName.

  Add nubusStackDataUms.nubusPortalConsumer.objectStorage.endpoint.

  Add nubusStackDataUms.nubusPortalServer.objectStorage.endpoint.

  See also

  Use external S3-compatible object storage

  in Univention Nubus for Kubernetes - Operation Manual [1] for documentation about how to connect Nubus for Kubernetes to an external S3-compatible object storage.

Fixed

• Fix a scenario where primary LDAP server became unreachable after installing on top of an existing installation.

  The leader elector sidecar container in the LDAP server primary pods now enforces the right label selector on the LDAP primary Kubernetes Service every 15 seconds after renewing the Kubernetes Lease.

  This recovers from a possible invalid state after a Helm redeployment that may reset the Kubernetes service to its initial and invalid state in certain scenarios.

• Fix a regression in the Nubus 1.5.1 Helm Chart template that caused the nubusProvisioning.nats.config block to include an empty authorization block when using the bundled NATS installation.