diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9cf3f1ff..2eb8e9fe 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -283,6 +283,18 @@ env-start:
ca:
secretName: opendesk-root-cert-secret
EOF
+ after_script:
+ # Set credentials for openDesk Enterprise Registry
+ - |
+ if [[ -n "${OPENDESK_ENTERPRISE}" ]]; then
+ kubectl create secret
+ --namespace "${NAMESPACE}"
+ docker-registry enterprise-registry
+ --docker-server "registry.opencode.de"
+ --docker-username "${OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME}"
+ --docker-password "${OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD}"
+ --dry-run=client -o yaml | kubectl apply -f -
+ fi
stage: "env"
policies-deploy:
diff --git a/README-EE.md b/README-EE.md
new file mode 100644
index 00000000..0718aca4
--- /dev/null
+++ b/README-EE.md
@@ -0,0 +1,102 @@
+
+
+openDesk Enterprise Edition
+
+
+* [Components](#components)
+* [Enabling the Enterprise deployment](#enabling-the-enterprise-deployment)
+* [Configuring the oD EE deployment for self-hosted installations](#configuring-the-od-ee-deployment-for-self-hosted-installations)
+ * [Registry access](#registry-access)
+ * [License keys](#license-keys)
+
+
+openDesk Enterprise Edition is recommended for production use. It receives support and patches from ZenDiS and the suppliers of the components due to the included product subscriptions.
+
+The document refers to openDesk Community Edition as "oD CE" and for the openDesk Enterprise Edition it is "oD EE".
+
+Please contact [ZenDiS](mailto:opendesk@zendis.de) to get openDesk Enterprise, either as SaaS offering or for you on-premise installation.
+
+# Components
+
+The following components using the same codebase and artifacts for their Enterprise and Community offering:
+- Cryptpad
+- Jitsi
+- Nubus
+- OpenProject
+- XWiki
+
+The following components have - at least partially - Enterprise specific artifacts:
+
+- Collabora: Collabora Online image version `...3` will be used once available, at the same time the Collabora Development Edition image will be updated to `...2` for oD CE.
+- Element: Some artifacts providing additional functionality are only available in oD EE. For the shared artifacts we keep the ones in oD CE and oD EE in sync.
+- Nextcloud: Specific enterprise image based on the NC Enterprise package is build based on the same release version as used in oD CE.
+- OX AppSuite: oD CE and EE are using the same release version, in EE an enterprise-built container of the AppSuite's Core-Middleware is being integrated.
+- OX Dovecot Pro 3: Dovecot Pro provides support for S3 storage and this feature is used by default.
+
+# Enabling the Enterprise deployment
+
+To enable the oD EE deployment you must set the environment variable `OPENDESK_ENTERPRISE` to any value.
+
+```shell
+OPENDESK_ENTERPRISE=any_value
+```
+
+# Configuring the oD EE deployment for self-hosted installations
+
+## Registry access
+
+With openDesk EE you get access to the related artifact registry owned by ZenDiS.
+
+Three steps are required to access the registry - for step #1 and #2 you can set some variables. You can to define a `` freely, like `enterprise-secret`, as long as it consistent in step #1 and #3.
+
+```shell
+NAMESPACE=
+NAME_FOR_THE_SECRET=
+YOUR_ENTERPRISE_REGISTRY_USERNAME=
+YOUR_ENTERPRISE_REGISTRY_PASSWORD=
+```
+
+1. Add your registry credentials as secret to the namespace you want to deploy openDesk to. Do not forget to create the namespace if it does not exist yet (`kubectl create namespace ${NAMESPACE}`).
+
+```shell
+kubectl create secret --namespace "${NAMESPACE}" \
+ docker-registry "${NAME_FOR_THE_SECRET}" \
+ --docker-server "registry.opencode.de" \
+ --docker-username "${YOUR_ENTERPRISE_REGISTRY_USERNAME}" \
+ --docker-password "${YOUR_ENTERPRISE_REGISTRY_PASSWORD}" \
+ --dry-run=client -o yaml | kubectl apply -f -
+```
+
+2. Docker login to the registry to access Helm charts for local deployments:
+
+```shell
+docker login registry.opencode.de -u ${YOUR_ENTERPRISE_REGISTRY_USERNAME} -p ${YOUR_ENTERPRISE_REGISTRY_PASSWORD}
+```
+
+3. Reference the secret from step #1 in the deployment as well as the registry itself for `images` and `helm` charts:
+
+```yaml
+global:
+ imagePullSecrets:
+ - ""
+repositories:
+ image:
+ registryOpencodeDeEnterprise: "registry.opencode.de"
+ helm:
+ registryOpencodeDeEnterprise: "registry.opencode.de"
+```
+
+## License keys
+
+Some applications require license information for their Enterprise features to be enabled. With the aforementioned registry credentials you will also receive a file called `enterprise.yaml` containing the relevant license keys.
+
+Please place the file next your other `.yaml.gotmpl` file(s) that configure your deployment.
+
+Details regarding the scope/limitation of the component's licenses:
+
+- Nextcloud: Enterprise license to enable [Nextcloud Enterprise](https://nextcloud.com/de/enterprise/) specific features, can be used across multiple installations until the licensed number of users is reached.
+- OpenProject: Domain specific enterprise license to enable [OpenProject's Enterprise feature set](https://www.openproject.org/enterprise-edition/), domain matching can use regular expressions.
+- XWiki: Deployment specific enterprise license (key pair) to activate the [XWiki Pro](https://xwiki.com/en/offerings/products/xwiki-pro) apps.
diff --git a/README.md b/README.md
index 870d7ac1..fe6d1271 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,8 @@ SPDX-License-Identifier: Apache-2.0
openDesk is a Kubernetes based, open-source and cloud-native digital workplace suite provided by the
*Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH*.
+For production use the [openDesk Enterprise Edition](./README-EE.md) is required.
+
openDesk currently features the following functional main components:
| Function | Functional Component | Component
Version | Upstream Documentation |
diff --git a/helmfile/apps/collabora/helmfile-child.yaml.gotmpl b/helmfile/apps/collabora/helmfile-child.yaml.gotmpl
index 0ab6ab13..48cc73b3 100644
--- a/helmfile/apps/collabora/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/collabora/helmfile-child.yaml.gotmpl
@@ -28,17 +28,23 @@ releases:
version: "{{ .Values.charts.collabora.version }}"
values:
- "values.yaml.gotmpl"
- {{ range .Values.customization.release.collaboraOnline }}
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "values-enterprise.yaml.gotmpl"
+ {{- end }}
+ {{- range .Values.customization.release.collaboraOnline }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.collabora.enabled }}
- name: "collabora-controller"
chart: "collabora-controller-repo/{{ .Values.charts.collaboraController.name }}"
version: "{{ .Values.charts.collaboraController.version }}"
values:
- {{ range .Values.customization.release.collaboraController }}
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "values-coco-enterprise.yaml.gotmpl"
+ {{- end }}
+ {{- range .Values.customization.release.collaboraController }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.collaboraController.enabled }}
commonLabels:
diff --git a/helmfile/apps/collabora/helmfile.yaml.gotmpl b/helmfile/apps/collabora/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/collabora/helmfile.yaml.gotmpl
+++ b/helmfile/apps/collabora/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl b/helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl
new file mode 100644
index 00000000..1826ef0d
--- /dev/null
+++ b/helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl
@@ -0,0 +1,63 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+controller:
+ enableHashmapParallelization: true
+ ingressUrl: "https://{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
+ namespacedRole: true
+ # CoolController uses `app.kubernetes.io/name` label to find deployment resource
+ # openDesk uses `fullnameOverride` in Collabora Deployment that updates `metadata.name` not the `app.kubernetes.io/name`
+ # Therefore we use the default of `collabora-online` for the `resourceName`
+ resourceName: "collabora-online"
+ statsInterval: 2000
+ watchNamespace: {{ (.Values.collabora.namespace | default .Release.Namespace | quote) }}
+
+ documentMigrator:
+ enabled: true
+ coolMemoryUtilization: {{ .Values.enterpriseFeatures.collabora.autoscaling.targetMemoryUtilizationPercentage }}
+ coolMemoryLimit: {{ .Values.resources.collabora.limits.memory }}
+
+ leaderElection:
+ enabled: {{ if gt .Values.replicas.collaboraController 1 }}true{{ else }}false{{ end }}
+
+image:
+ repository: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.collaboraController.registry }}/{{ .Values.images.collaboraController.repository }}"
+ tag: {{ .Values.images.collaboraController.tag | quote }}
+imagePullSecrets:
+ {{- range .Values.global.imagePullSecrets }}
+ - name: {{ . | quote }}
+ {{- end }}
+
+ingress:
+ enabled: {{ .Values.ingress.enabled }}
+ className: {{ .Values.ingress.ingressClassName | quote }}
+ hosts:
+ - host: "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
+ paths:
+ - path: "/controller"
+ pathType: "Prefix"
+
+podAnnotations: {}
+
+securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsGroup: 2000
+ runAsUser: 1000
+ seccompProfile:
+ type: "RuntimeDefault"
+ seLinuxOptions:
+
+replicaCount: {{ .Values.replicas.collaboraController }}
+
+resources:
+ {{ .Values.resources.collaboraController | toYaml | nindent 2 }}
+
+...
diff --git a/helmfile/apps/collabora/values-enterprise.yaml.gotmpl b/helmfile/apps/collabora/values-enterprise.yaml.gotmpl
new file mode 100644
index 00000000..7e9e4a74
--- /dev/null
+++ b/helmfile/apps/collabora/values-enterprise.yaml.gotmpl
@@ -0,0 +1,15 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+image:
+ repository: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.collabora.registry }}/{{ .Values.images.collabora.repository }}"
+autoscaling:
+ enabled: {{ .Values.collaboraController.enabled }}
+ minReplicas: {{ .Values.enterpriseFeatures.collabora.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.enterpriseFeatures.collabora.autoscaling.maxReplicas }}
+ targetMemoryUtilizationPercentage: {{ .Values.enterpriseFeatures.collabora.autoscaling.targetMemoryUtilizationPercentage }}
+ targetCPUUtilizationPercentage: {{ .Values.enterpriseFeatures.collabora.autoscaling.targetCPUUtilizationPercentage }}
+ scaleDownDisabled: {{ .Values.enterpriseFeatures.collabora.autoscaling.scaleDownDisabled }}
+...
diff --git a/helmfile/apps/cryptpad/helmfile-child.yaml.gotmpl b/helmfile/apps/cryptpad/helmfile-child.yaml.gotmpl
index 746de7a3..2f5f5d06 100644
--- a/helmfile/apps/cryptpad/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/cryptpad/helmfile-child.yaml.gotmpl
@@ -18,9 +18,9 @@ releases:
version: "{{ .Values.charts.cryptpad.version }}"
values:
- "values.yaml.gotmpl"
- {{ range .Values.customization.release.cryptpad }}
+ {{- range .Values.customization.release.cryptpad }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.cryptpad.enabled }}
commonLabels:
diff --git a/helmfile/apps/cryptpad/helmfile.yaml.gotmpl b/helmfile/apps/cryptpad/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/cryptpad/helmfile.yaml.gotmpl
+++ b/helmfile/apps/cryptpad/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/element/helmfile-child.yaml.gotmpl b/helmfile/apps/element/helmfile-child.yaml.gotmpl
index 7f564e2f..789bb5d5 100644
--- a/helmfile/apps/element/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/element/helmfile-child.yaml.gotmpl
@@ -117,9 +117,9 @@ releases:
version: "{{ .Values.charts.element.version }}"
values:
- "values-element.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskElement }}
+ {{- range .Values.customization.release.opendeskElement }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -128,9 +128,9 @@ releases:
version: "{{ .Values.charts.elementWellKnown.version }}"
values:
- "values-well-known.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskWellKnown }}
+ {{- range .Values.customization.release.opendeskWellKnown }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -139,9 +139,9 @@ releases:
version: "{{ .Values.charts.synapseWeb.version }}"
values:
- "values-synapse-web.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskSynapseWeb }}
+ {{- range .Values.customization.release.opendeskSynapseWeb }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -150,9 +150,9 @@ releases:
version: "{{ .Values.charts.synapse.version }}"
values:
- "values-synapse.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskSynapse }}
+ {{- range .Values.customization.release.opendeskSynapse }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -217,9 +217,9 @@ releases:
chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}"
version: "{{ .Values.charts.synapseAdmin.version }}"
values:
- {{ range .Values.customization.release.opendeskSynapseAdmin }}
+ {{- range .Values.customization.release.opendeskSynapseAdmin }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -227,9 +227,9 @@ releases:
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
- {{ range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
+ {{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -237,9 +237,9 @@ releases:
chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
version: "{{ .Values.charts.synapsePipe.version }}"
values:
- {{ range .Values.customization.release.opendeskSynapseAdminbotPipe }}
+ {{- range .Values.customization.release.opendeskSynapseAdminbotPipe }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -247,9 +247,9 @@ releases:
chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}"
version: "{{ .Values.charts.synapseAdminbotWeb.version }}"
values:
- {{ range .Values.customization.release.opendeskSynapseAdminbotWeb }}
+ {{- range .Values.customization.release.opendeskSynapseAdminbotWeb }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -257,9 +257,9 @@ releases:
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
- {{ range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
+ {{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -267,9 +267,9 @@ releases:
chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
version: "{{ .Values.charts.synapsePipe.version }}"
values:
- {{ range .Values.customization.release.opendeskSynapseAuditbotPipe }}
+ {{- range .Values.customization.release.opendeskSynapseAuditbotPipe }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -277,9 +277,9 @@ releases:
chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}"
version: "{{ .Values.charts.synapseGroupsync.version }}"
values:
- {{ range .Values.customization.release.opendeskSynapseGroupsync }}
+ {{- range .Values.customization.release.opendeskSynapseGroupsync }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.elementGroupsync.enabled }}
timeout: 900
diff --git a/helmfile/apps/element/helmfile.yaml.gotmpl b/helmfile/apps/element/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/element/helmfile.yaml.gotmpl
+++ b/helmfile/apps/element/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/jitsi/helmfile-child.yaml.gotmpl b/helmfile/apps/jitsi/helmfile-child.yaml.gotmpl
index 47c9d452..017530f7 100644
--- a/helmfile/apps/jitsi/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/jitsi/helmfile-child.yaml.gotmpl
@@ -18,9 +18,9 @@ releases:
version: "{{ .Values.charts.jitsi.version }}"
values:
- "values-jitsi.yaml.gotmpl"
- {{ range .Values.customization.release.jitsi }}
+ {{- range .Values.customization.release.jitsi }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.jitsi.enabled }}
timeout: 900
diff --git a/helmfile/apps/jitsi/helmfile.yaml.gotmpl b/helmfile/apps/jitsi/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/jitsi/helmfile.yaml.gotmpl
+++ b/helmfile/apps/jitsi/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl b/helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl
index bebcbcff..4cfbca83 100644
--- a/helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl
@@ -25,9 +25,12 @@ releases:
version: "{{ .Values.charts.nextcloudManagement.version }}"
values:
- "values-nextcloud-mgmt.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskNextcloudManagement }}
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "values-nextcloud-mgmt-enterprise.yaml.gotmpl"
+ {{- end }}
+ {{- range .Values.customization.release.opendeskNextcloudManagement }}
- {{ . }}
- {{ end }}
+ {{- end }}
waitForJobs: true
wait: true
installed: {{ .Values.nextcloud.enabled }}
@@ -37,9 +40,12 @@ releases:
version: "{{ .Values.charts.nextcloud.version }}"
values:
- "values-nextcloud.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskNextcloud }}
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "values-nextcloud-enterprise.yaml.gotmpl"
+ {{- end }}
+ {{- range .Values.customization.release.opendeskNextcloud }}
- {{ . }}
- {{ end }}
+ {{- end }}
needs:
- "opendesk-nextcloud-management"
installed: {{ .Values.nextcloud.enabled }}
diff --git a/helmfile/apps/nextcloud/helmfile.yaml.gotmpl b/helmfile/apps/nextcloud/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/nextcloud/helmfile.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/nextcloud/values-nextcloud-enterprise.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-enterprise.yaml.gotmpl
new file mode 100644
index 00000000..09e2f44f
--- /dev/null
+++ b/helmfile/apps/nextcloud/values-nextcloud-enterprise.yaml.gotmpl
@@ -0,0 +1,9 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+aio:
+ image:
+ registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
+...
diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt-enterprise.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt-enterprise.yaml.gotmpl
new file mode 100644
index 00000000..24b87527
--- /dev/null
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt-enterprise.yaml.gotmpl
@@ -0,0 +1,12 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+image:
+ registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
+configuration:
+ enterprise:
+ subscriptionKey: {{ if .Values.enterpriseKeys.nextcloud.subscriptionKey }}{{ .Values.enterpriseKeys.nextcloud.subscriptionKey | quote }}{{ end }}
+ subscriptionData: {{ if .Values.enterpriseKeys.nextcloud.subscriptionData}}{{ .Values.enterpriseKeys.nextcloud.subscriptionData | quote }}{{ end }}
+...
diff --git a/helmfile/apps/notes/helmfile-child.yaml.gotmpl b/helmfile/apps/notes/helmfile-child.yaml.gotmpl
index 60a359fe..77974ca0 100644
--- a/helmfile/apps/notes/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/notes/helmfile-child.yaml.gotmpl
@@ -19,9 +19,9 @@ releases:
wait: true
values:
- "values.yaml.gotmpl"
- {{ range .Values.customization.release.notes }}
+ {{- range .Values.customization.release.notes }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.notes.enabled }}
timeout: 1800
diff --git a/helmfile/apps/notes/helmfile.yaml.gotmpl b/helmfile/apps/notes/helmfile.yaml.gotmpl
index 2021af07..4c93974d 100644
--- a/helmfile/apps/notes/helmfile.yaml.gotmpl
+++ b/helmfile/apps/notes/helmfile.yaml.gotmpl
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl
index 5d168c67..7bd479fa 100644
--- a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl
@@ -44,9 +44,9 @@ releases:
version: "{{ .Values.charts.nubus.version }}"
values:
- "values-nubus.yaml.gotmpl"
- {{ range .Values.customization.release.ums }}
+ {{- range .Values.customization.release.ums }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.nubus.enabled }}
timeout: 900
# Intercom-Service
@@ -55,9 +55,9 @@ releases:
version: "{{ .Values.charts.intercomService.version }}"
values:
- "values-intercom-service.yaml.gotmpl"
- {{ range .Values.customization.release.intercomService }}
+ {{- range .Values.customization.release.intercomService }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.nubus.enabled }}
# openDesk Keycloak Bootstrap Chart
@@ -66,9 +66,9 @@ releases:
version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}"
values:
- "values-opendesk-keycloak-bootstrap.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskKeycloakBootstrap }}
+ {{- range .Values.customization.release.opendeskKeycloakBootstrap }}
- {{ . }}
- {{ end }}
+ {{- end }}
needs:
- "ums"
installed: {{ .Values.nubus.enabled }}
@@ -80,9 +80,9 @@ releases:
version: "{{ .Values.charts.nginxS3Gateway.version }}"
values:
- "values-nginx-s3-gateway.yaml.gotmpl"
- {{ range .Values.customization.release.nginxS3Gateway }}
+ {{- range .Values.customization.release.nginxS3Gateway }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ not .Values.minio.enabled }}
timeout: 900
diff --git a/helmfile/apps/nubus/helmfile.yaml.gotmpl b/helmfile/apps/nubus/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/nubus/helmfile.yaml.gotmpl
+++ b/helmfile/apps/nubus/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
index c08e7172..09fc098f 100644
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -1151,7 +1151,7 @@ nubusStackDataUms:
portaltileGroupNotes:
- 'cn=managed-by-attribute-Notes,cn=groups,{{ .Values.ldap.baseDn }}'
systemInformation:
- releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
+ releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}{{ if (env "OPENDESK_ENTERPRISE") }}-ee{{ end }}"
{{- if .Values.functional.admin.portal.deploymentTimestamp.enabled }}
deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
{{- else }}
diff --git a/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl b/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl
index 9128a4b0..8e8247c6 100644
--- a/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl
@@ -45,9 +45,9 @@ releases:
version: "{{ .Values.charts.dovecot.version }}"
values:
- "values-dovecot.yaml.gotmpl"
- {{ range .Values.customization.release.dovecot }}
+ {{- range .Values.customization.release.dovecot }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.dovecot.enabled }}
timeout: 900
@@ -56,10 +56,13 @@ releases:
version: "{{ .Values.charts.oxAppSuite.version }}"
values:
- "values-openxchange.yaml.gotmpl"
- - "values-openxchange-enterprise-contact-picker.yaml.gotmpl"
- {{ range .Values.customization.release.openxchange }}
+ - "values-openxchange-contact-picker.yaml.gotmpl"
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "values-openxchange-enterprise.yaml.gotmpl"
+ {{- end }}
+ {{- range .Values.customization.release.openxchange }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.oxAppSuite.enabled }}
timeout: 900
@@ -68,9 +71,9 @@ releases:
version: "{{ .Values.charts.oxAppSuiteBootstrap.version }}"
values:
- "values-openxchange-bootstrap.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskOpenxchangeBootstrap }}
+ {{- range .Values.customization.release.opendeskOpenxchangeBootstrap }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.oxAppSuite.enabled }}
timeout: 900
@@ -79,9 +82,9 @@ releases:
version: "{{ .Values.charts.oxConnector.version }}"
values:
- "values-oxconnector.yaml.gotmpl"
- {{ range .Values.customization.release.oxConnector }}
+ {{- range .Values.customization.release.oxConnector }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.oxAppSuite.enabled }}
needs:
- "open-xchange"
diff --git a/helmfile/apps/open-xchange/helmfile.yaml.gotmpl b/helmfile/apps/open-xchange/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/open-xchange/helmfile.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
similarity index 100%
rename from helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl
rename to helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
diff --git a/helmfile/apps/open-xchange/values-openxchange-enterprise.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-enterprise.yaml.gotmpl
new file mode 100644
index 00000000..b2ac300c
--- /dev/null
+++ b/helmfile/apps/open-xchange/values-openxchange-enterprise.yaml.gotmpl
@@ -0,0 +1,19 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+appsuite:
+ plugins-ui:
+ enabled: false
+ core-mw:
+ global:
+ extras:
+ monitoring:
+ enabled: true
+ image:
+ registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.openxchangeCoreMW.registry | quote }}
+ update:
+ image:
+ registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.openxchangeCoreMW.registry | quote }}
+...
diff --git a/helmfile/apps/opendesk-migrations-post/helmfile-child.yaml.gotmpl b/helmfile/apps/opendesk-migrations-post/helmfile-child.yaml.gotmpl
index 896844c4..3669867b 100644
--- a/helmfile/apps/opendesk-migrations-post/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/opendesk-migrations-post/helmfile-child.yaml.gotmpl
@@ -21,9 +21,9 @@ releases:
values:
- "values.yaml.gotmpl"
- "../../shared/migrations.yaml.gotmpl"
- {{ range .Values.customization.release.migrationsPost }}
+ {{- range .Values.customization.release.migrationsPost }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.migrations.enabled }}
timeout: 900
diff --git a/helmfile/apps/opendesk-migrations-post/helmfile.yaml.gotmpl b/helmfile/apps/opendesk-migrations-post/helmfile.yaml.gotmpl
index 2021af07..4c93974d 100644
--- a/helmfile/apps/opendesk-migrations-post/helmfile.yaml.gotmpl
+++ b/helmfile/apps/opendesk-migrations-post/helmfile.yaml.gotmpl
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/opendesk-migrations-pre/helmfile-child.yaml.gotmpl b/helmfile/apps/opendesk-migrations-pre/helmfile-child.yaml.gotmpl
index b6b2e70a..fc470311 100644
--- a/helmfile/apps/opendesk-migrations-pre/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/opendesk-migrations-pre/helmfile-child.yaml.gotmpl
@@ -21,9 +21,9 @@ releases:
values:
- "values.yaml.gotmpl"
- "../../shared/migrations.yaml.gotmpl"
- {{ range .Values.customization.release.migrationsPre }}
+ {{- range .Values.customization.release.migrationsPre }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.migrations.enabled }}
timeout: 900
diff --git a/helmfile/apps/opendesk-migrations-pre/helmfile.yaml.gotmpl b/helmfile/apps/opendesk-migrations-pre/helmfile.yaml.gotmpl
index 2021af07..4c93974d 100644
--- a/helmfile/apps/opendesk-migrations-pre/helmfile.yaml.gotmpl
+++ b/helmfile/apps/opendesk-migrations-pre/helmfile.yaml.gotmpl
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/opendesk-openproject-bootstrap/helmfile-child.yaml.gotmpl b/helmfile/apps/opendesk-openproject-bootstrap/helmfile-child.yaml.gotmpl
index 62bac7a3..aac1d7c6 100644
--- a/helmfile/apps/opendesk-openproject-bootstrap/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/opendesk-openproject-bootstrap/helmfile-child.yaml.gotmpl
@@ -20,9 +20,9 @@ releases:
waitForJobs: true
values:
- "values.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskOpenprojectBootstrap }}
+ {{- range .Values.customization.release.opendeskOpenprojectBootstrap }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.openproject.enabled }}
timeout: 900
diff --git a/helmfile/apps/opendesk-openproject-bootstrap/helmfile.yaml.gotmpl b/helmfile/apps/opendesk-openproject-bootstrap/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/opendesk-openproject-bootstrap/helmfile.yaml.gotmpl
+++ b/helmfile/apps/opendesk-openproject-bootstrap/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl b/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
index a7f622a1..bedf8cba 100644
--- a/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
@@ -68,9 +68,9 @@ releases:
version: "{{ .Values.charts.otterize.version }}"
values:
- "values-otterize.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskOtterize }}
+ {{- range .Values.customization.release.opendeskOtterize }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.security.otterizeIntents.enabled }}
timeout: 900
@@ -79,9 +79,9 @@ releases:
version: "{{ .Values.charts.home.version }}"
values:
- "values-home.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskHome }}
+ {{- range .Values.customization.release.opendeskHome }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.home.enabled }}
- name: "opendesk-certificates"
@@ -89,9 +89,9 @@ releases:
version: "{{ .Values.charts.certificates.version }}"
values:
- "values-certificates.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskCertificates }}
+ {{- range .Values.customization.release.opendeskCertificates }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.certificates.enabled }}
timeout: 900
@@ -100,9 +100,9 @@ releases:
version: "{{ .Values.charts.opendeskAlerts.version }}"
values:
- "values-opendesk-alerts.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskAlerts}}
+ {{- range .Values.customization.release.opendeskAlerts }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
timeout: 900
@@ -111,7 +111,9 @@ releases:
version: "{{ .Values.charts.opendeskDashboards.version }}"
values:
- "values-opendesk-dashboards.yaml.gotmpl"
- - {{ .Values.customization.release.opendeskDashboards | default "additionalValues: false" }}
+ {{- range .Values.customization.release.opendeskDashboards }}
+ - {{ . }}
+ {{- end }}
installed: {{ .Values.monitoring.grafana.dashboards.enabled }}
timeout: 900
@@ -120,7 +122,9 @@ releases:
version: "{{ .Values.charts.opendeskStaticFiles.version }}"
values:
- "values-opendesk-static-files.yaml.gotmpl"
- - {{ .Values.customization.release.opendeskStaticFiles | default "additionalValues: false" }}
+ {{- range .Values.customization.release.opendeskStaticFiles }}
+ - {{ . }}
+ {{- end }}
installed: {{ .Values.staticFiles.enabled }}
timeout: 900
diff --git a/helmfile/apps/opendesk-services/helmfile.yaml.gotmpl b/helmfile/apps/opendesk-services/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/opendesk-services/helmfile.yaml.gotmpl
+++ b/helmfile/apps/opendesk-services/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/openproject/helmfile-child.yaml.gotmpl b/helmfile/apps/openproject/helmfile-child.yaml.gotmpl
index ab25fcb7..a5aa8a9f 100644
--- a/helmfile/apps/openproject/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/openproject/helmfile-child.yaml.gotmpl
@@ -20,9 +20,9 @@ releases:
waitForJobs: true
values:
- "values.yaml.gotmpl"
- {{ range .Values.customization.release.openproject }}
+ {{- range .Values.customization.release.openproject }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.openproject.enabled }}
timeout: 1800
diff --git a/helmfile/apps/openproject/helmfile.yaml.gotmpl b/helmfile/apps/openproject/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/openproject/helmfile.yaml.gotmpl
+++ b/helmfile/apps/openproject/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl
index 665a7047..ca7a0013 100644
--- a/helmfile/apps/openproject/values.yaml.gotmpl
+++ b/helmfile/apps/openproject/values.yaml.gotmpl
@@ -38,6 +38,9 @@ dbInit:
{{ .Values.resources.openprojectDbInit | toYaml | nindent 4 }}
environment:
+ {{- if and (env "OPENDESK_ENTERPRISE") .Values.enterpriseKeys.openproject.token }}
+ OPENPROJECT_ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
+ {{- end }}
# For more details and more options see
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
OPENPROJECT_APP__TITLE: "Projekte - {{ .Values.theme.texts.productName }}"
diff --git a/helmfile/apps/services-external/helmfile-child.yaml.gotmpl b/helmfile/apps/services-external/helmfile-child.yaml.gotmpl
index 397b68a3..6e116c29 100644
--- a/helmfile/apps/services-external/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/services-external/helmfile-child.yaml.gotmpl
@@ -100,9 +100,9 @@ releases:
version: "{{ .Values.charts.redis.version }}"
values:
- "values-redis.yaml.gotmpl"
- {{ range .Values.customization.release.redis }}
+ {{- range .Values.customization.release.redis }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.redis.enabled }}
timeout: 900
@@ -111,9 +111,9 @@ releases:
version: "{{ .Values.charts.memcached.version }}"
values:
- "values-memcached.yaml.gotmpl"
- {{ range .Values.customization.release.memcached }}
+ {{- range .Values.customization.release.memcached }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.memcached.enabled }}
timeout: 900
@@ -122,9 +122,9 @@ releases:
version: "{{ .Values.charts.postgresql.version }}"
values:
- "values-postgresql.yaml.gotmpl"
- {{ range .Values.customization.release.postgresql }}
+ {{- range .Values.customization.release.postgresql }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.postgresql.enabled }}
timeout: 900
@@ -133,9 +133,9 @@ releases:
version: "{{ .Values.charts.mariadb.version }}"
values:
- "values-mariadb.yaml.gotmpl"
- {{ range .Values.customization.release.mariadb }}
+ {{- range .Values.customization.release.mariadb }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.mariadb.enabled }}
timeout: 900
@@ -144,9 +144,9 @@ releases:
version: "{{ .Values.charts.postfix.version }}"
values:
- "values-postfix.yaml.gotmpl"
- {{ range .Values.customization.release.postfix }}
+ {{- range .Values.customization.release.postfix }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.postfix.enabled }}
timeout: 900
@@ -155,9 +155,9 @@ releases:
version: "{{ .Values.charts.dkimpy.version }}"
values:
- "values-dkimpy.yaml.gotmpl"
- {{ range .Values.customization.release.opendeskDkimpyMilter }}
+ {{- range .Values.customization.release.opendeskDkimpyMilter }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.dkimpy.enabled }}
timeout: 900
@@ -166,9 +166,9 @@ releases:
version: "{{ .Values.charts.clamav.version }}"
values:
- "values-clamav-distributed.yaml.gotmpl"
- {{ range .Values.customization.release.clamav }}
+ {{- range .Values.customization.release.clamav }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.clamavDistributed.enabled }}
timeout: 900
@@ -177,9 +177,9 @@ releases:
version: "{{ .Values.charts.clamavSimple.version }}"
values:
- "values-clamav-simple.yaml.gotmpl"
- {{ range .Values.customization.release.clamavSimple }}
+ {{- range .Values.customization.release.clamavSimple }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.clamavSimple.enabled }}
timeout: 900
@@ -188,9 +188,9 @@ releases:
version: "{{ .Values.charts.minio.version }}"
values:
- "values-minio.yaml.gotmpl"
- {{ range .Values.customization.release.minio }}
+ {{- range .Values.customization.release.minio }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.minio.enabled }}
timeout: 900
@@ -199,9 +199,10 @@ releases:
chart: "cassandra-repo/{{ .Values.charts.cassandra.name }}"
version: "{{ .Values.charts.cassandra.version }}"
values:
- {{ range .Values.customization.release.cassandra }}
+ - "values-cassandra.yaml.gotmpl"
+ {{- range .Values.customization.release.cassandra }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.cassandra.enabled }}
timeout: 900
diff --git a/helmfile/apps/services-external/helmfile.yaml.gotmpl b/helmfile/apps/services-external/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/services-external/helmfile.yaml.gotmpl
+++ b/helmfile/apps/services-external/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/services-external/values-cassandra.yaml.gotmpl b/helmfile/apps/services-external/values-cassandra.yaml.gotmpl
new file mode 100644
index 00000000..9e0d05fe
--- /dev/null
+++ b/helmfile/apps/services-external/values-cassandra.yaml.gotmpl
@@ -0,0 +1,98 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+containerSecurityContext:
+ enabled: true
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - "ALL"
+ privileged: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ seccompProfile:
+ type: "RuntimeDefault"
+ seLinuxOptions:
+ {{ .Values.seLinuxOptions.cassandra | toYaml | nindent 4 }}
+
+dbUser:
+ user: "root"
+ password: {{ .Values.secrets.cassandra.rootPassword | quote }}
+
+global:
+ imagePullSecrets:
+ {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+ registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.cassandra.registry | quote }}
+ repository: {{ .Values.images.cassandra.repository | quote }}
+ tag: {{ .Values.images.cassandra.tag | quote }}
+ pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+
+initDB:
+ initUserData.cql: >
+ CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecot.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
+ CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecot.username | quote }};
+ ALTER ROLE {{ .Values.databases.dovecot.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotUser "''" | squote }} AND LOGIN = true;
+ GRANT ALL ON KEYSPACE {{ .Values.databases.dovecot.name | quote }} TO {{ .Values.databases.dovecot.username | quote }};
+
+# Will print a warning if unset but is automatically calculated:
+jvm:
+ maxHeapSize: ""
+ newHeapSize: ""
+
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ timeoutSeconds: 30
+ successThreshold: 1
+ failureThreshold: 5
+
+metrics:
+ enabled: false
+ image:
+ registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.cassandraExporter.registry | quote }}
+ repository: {{ .Values.images.cassandraExporter.repository | quote }}
+ tag: {{ .Values.images.cassandraExporter.tag | quote }}
+ pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+
+persistence:
+ commitLogsize: {{ .Values.persistence.storages.cassandra.commitLogsize | quote }}
+ size: {{ .Values.persistence.storages.cassandra.size | quote }}
+ storageClass: {{ coalesce .Values.persistence.storages.cassandra.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
+
+podAnnotations: {}
+
+podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ fsGroupChangePolicy: "Always"
+ supplementalGroups: []
+ sysctls: []
+
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ timeoutSeconds: 30
+ successThreshold: 1
+ failureThreshold: 5
+
+replicaCount: {{ .Values.replicas.cassandra }}
+
+resources:
+ {{ .Values.resources.cassandra | toYaml | nindent 2 }}
+
+startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 60
+...
diff --git a/helmfile/apps/xwiki/helmfile-child.yaml.gotmpl b/helmfile/apps/xwiki/helmfile-child.yaml.gotmpl
index 57bbaea2..52741801 100644
--- a/helmfile/apps/xwiki/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/xwiki/helmfile-child.yaml.gotmpl
@@ -11,7 +11,7 @@ repositories:
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.xwiki.registry }}/{{ .Values.charts.xwiki.repository }}"
-
+
releases:
- name: "xwiki"
chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}"
@@ -19,9 +19,9 @@ releases:
wait: true
values:
- "values.yaml.gotmpl"
- {{ range .Values.customization.release.xwiki }}
+ {{- range .Values.customization.release.xwiki }}
- {{ . }}
- {{ end }}
+ {{- end }}
installed: {{ .Values.xwiki.enabled }}
timeout: 1800
diff --git a/helmfile/apps/xwiki/helmfile.yaml.gotmpl b/helmfile/apps/xwiki/helmfile.yaml.gotmpl
index 119da8a5..bf495635 100644
--- a/helmfile/apps/xwiki/helmfile.yaml.gotmpl
+++ b/helmfile/apps/xwiki/helmfile.yaml.gotmpl
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- - "../../bases/environments.yaml"
+ - "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"
diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl
index af4f0bc0..b48d7517 100644
--- a/helmfile/apps/xwiki/values.yaml.gotmpl
+++ b/helmfile/apps/xwiki/values.yaml.gotmpl
@@ -17,12 +17,15 @@ image:
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: {{ .Values.global.imagePullSecrets }}
-{{- if .Values.certificate.selfSigned }}
javaOpts:
+ {{- if and (env "OPENDESK_ENTERPRISE") .Values.enterprise.xwiki.opendeskEnterpriseLicense .Values.enterprise.xwiki.proApplicationslicense }}
+ - "-Dlicenses={{ .Values.enterpriseKeys.xwiki.opendeskEnterpriseLicense }},{{ .Values.enterpriseKeys.xwiki.proApplicationslicense }}"
+ {{- end }}
+ {{- if .Values.certificate.selfSigned }}
- "-Djavax.net.ssl.trustStore=/etc/ssl/certs/truststore.jks"
- "-Djavax.net.ssl.trustStoreType=jks"
- {{ printf "%s=%s" "-Djavax.net.ssl.trustStorePassword" .Values.secrets.certificates.password | quote }}
-{{- end }}
+ {{- end }}
externalDB:
{{- if eq .Values.databases.xwiki.type "mariadb" }}
@@ -83,6 +86,9 @@ customConfigs:
xwiki.authentication.ldap.fields_mapping: "last_name=sn,first_name=givenName,email=mailPrimaryAddress"
xwiki.properties:
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ distribution.defaultUI: "com.xwiki.projects.swp:xwiki-swp-flavor-enterprise-main"
+ {{- end }}
wikiInitializer.initialRequest.xwiki.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/distribution/"
wikiInitializer.initialRequest.xwiki.contextPath: "/"
wikiInitializer.initialRequest.xwiki.remoteAddress: "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
diff --git a/helmfile/bases/environments.yaml b/helmfile/bases/environments.yaml.gotmpl
similarity index 53%
rename from helmfile/bases/environments.yaml
rename to helmfile/bases/environments.yaml.gotmpl
index 31dc3333..4e5834b1 100644
--- a/helmfile/bases/environments.yaml
+++ b/helmfile/bases/environments.yaml.gotmpl
@@ -5,16 +5,28 @@ environments:
default:
values:
- "../../environments/default/*.yaml.gotmpl"
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
+ {{- end }}
dev:
values:
- "../../environments/default/*.yaml.gotmpl"
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
+ {{- end }}
- "../../environments/dev/*.yaml.gotmpl"
test:
values:
- "../../environments/default/*.yaml.gotmpl"
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
+ {{- end }}
- "../../environments/test/*.yaml.gotmpl"
prod:
values:
- "../../environments/default/*.yaml.gotmpl"
+ {{- if (env "OPENDESK_ENTERPRISE") }}
+ - "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
+ {{- end }}
- "../../environments/prod/*.yaml.gotmpl"
...
diff --git a/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl
new file mode 100644
index 00000000..2d619211
--- /dev/null
+++ b/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+charts:
+ oxAppSuite:
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
+ name: "appsuite-public-sector-pro-chart"
+ version: "1.10.114"
+ verify: false
+...
diff --git a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
new file mode 100644
index 00000000..87543f0f
--- /dev/null
+++ b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+images:
+ collabora:
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
+ tag: "24.04.9.4.2@sha256:7c38f2568855ec33c11296d65384766230ea3097a245a60b9e8b0b62cb9cc17f"
+ nextcloud:
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
+ tag: "1.0.5@sha256:a541b29dad10deb99dbae6c3a463e994a054ac5c7ffc0a5c524c7b0f65544748"
+ openxchangeCoreMW:
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/core-mw"
+ tag: "8.30.63@sha256:181fcb31f500f88573e6b735587b52df906199337fa62aeee1e64aacdc64f548"
+...
diff --git a/helmfile/environments/default-enterprise-overrides/resources.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/resources.yaml.gotmpl
new file mode 100644
index 00000000..8b12b4dd
--- /dev/null
+++ b/helmfile/environments/default-enterprise-overrides/resources.yaml.gotmpl
@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+resources:
+ collabora:
+ # When using CollaboraController for autoscaling, `targetMemoryUtilizationPercentage` and
+ # `targetCPUUtilizationPercentage` defined at `enterpriseFeatures.collabora.autoscaling`
+ # are checked against the values defined below under `requests`, so please ensure you set these
+ # appropriately to avoid unnecessary scaling.
+ requests:
+ cpu: 3
+ memory: "3Gi"
+...
diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl
index 8b4c3c42..e82c7aaf 100644
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -7,11 +7,14 @@
---
charts:
cassandra:
- # Component is required for openDesk Enterprise only.
- registry: ""
- repository: ""
- name: ""
- version: ""
+ # providerCategory: "Community"
+ # providerResponsible: "openDesk"
+ # upstreamRegistry: "https://registry-1.docker.io"
+ # upstreamRepository: "bitnamicharts/cassandra"
+ registry: "registry.opencode.de"
+ repository: "bmi/opendesk/components/external/charts/bitnami-charts"
+ name: "cassandra"
+ version: "12.0.4"
verify: true
certificates:
# providerCategory: "Platform"
@@ -56,12 +59,14 @@ charts:
version: "1.1.21"
verify: true
collaboraController:
- # Component is required for openDesk Enterprise only.
- registry: ""
- repository: ""
- name: ""
- version: ""
- verify: true
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Collabora"
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
+ name: "cool-controller"
+ version: "1.1.1"
+ verify: false
cryptpad:
# providerCategory: "Supplier"
# providerResponsible: "XWiki"
@@ -447,8 +452,8 @@ charts:
version: "18.6.1"
verify: true
synapse:
- # providerCategory: "Platform"
- # providerResponsible: "openDesk"
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
# upstreamRegistry: "https://registry.opencode.de"
# upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse"
registry: "registry.opencode.de"
@@ -457,18 +462,22 @@ charts:
version: "6.0.2"
verify: true
synapseAdmin:
- # Component is required for openDesk Enterprise only.
- registry: ""
- repository: ""
- name: ""
- version: ""
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
+ name: "opendesk-synapse-admin"
+ version: "5.0.1"
verify: true
synapseAdminbotWeb:
- # Component is required for openDesk Enterprise only.
- registry: ""
- repository: ""
- name: ""
- version: ""
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
+ name: "opendesk-synapse-adminbot-web"
+ version: "5.0.1"
verify: true
synapseCreateAccount:
# providerCategory: "Platform"
@@ -481,18 +490,22 @@ charts:
version: "6.0.2"
verify: true
synapseGroupsync:
- # Component is required for openDesk Enterprise only.
- registry: ""
- repository: ""
- name: ""
- version: ""
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
+ name: "opendesk-synapse-groupsync"
+ version: "5.0.1"
verify: true
synapsePipe:
- # Component is required for openDesk Enterprise only.
- registry: ""
- repository: ""
- name: ""
- version: ""
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
+ name: "opendesk-synapse-pipe"
+ version: "5.0.1"
verify: true
synapseWeb:
# providerCategory: "Platform"
diff --git a/helmfile/environments/default/database.yaml.gotmpl b/helmfile/environments/default/database.yaml.gotmpl
index f3f25365..a71c07fe 100644
--- a/helmfile/environments/default/database.yaml.gotmpl
+++ b/helmfile/environments/default/database.yaml.gotmpl
@@ -6,6 +6,14 @@
databases:
defaults:
userConnectionLimit: 100
+ dovecot:
+ type: "cassandra"
+ name: "dovecot"
+ host: "cassandra"
+ port: 9042
+ username: "dovecot_user"
+ password: ""
+ connectionLimit: ~
keycloak:
type: "postgresql"
name: "keycloak"
diff --git a/helmfile/environments/default/enterprise_features.yaml.gotmpl b/helmfile/environments/default/enterprise_features.yaml.gotmpl
new file mode 100644
index 00000000..f6334a8c
--- /dev/null
+++ b/helmfile/environments/default/enterprise_features.yaml.gotmpl
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+enterpriseFeatures:
+ collabora:
+ # Collabora autoscaling can be configured here. To enable autoscaling enable the Collabora
+ # Controller, see `opendesk_main.yaml.gotmpl` for reference.
+ autoscaling:
+ minReplicas: 1
+ maxReplicas: 4
+ scaleDownDisabled: false
+ targetMemoryUtilizationPercentage: 99
+ targetCPUUtilizationPercentage: 99
+
+...
diff --git a/helmfile/environments/default/enterprise_keys.yaml.gotmpl b/helmfile/environments/default/enterprise_keys.yaml.gotmpl
new file mode 100644
index 00000000..b1c5b2b3
--- /dev/null
+++ b/helmfile/environments/default/enterprise_keys.yaml.gotmpl
@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+# The variables set in this file are required to upgrade components to their "Enterprise" product variant.
+---
+enterpriseKeys:
+ openproject:
+ # Enterprise token must match the deployment's OpenProject host name.
+ token: ~
+ xwiki:
+ # Per instance their must be a unique set of keys.
+ opendeskEnterpriseLicense: ""
+ proApplicationslicense: ""
+ nextcloud:
+ # Subscription key can be used for all customer owned instances, the number of users
+ # from all instances and is limited by the number of users the key was bought for.
+ subscriptionKey: ""
+ # Subscription data is required for air gapped installations.
+ subscriptionData: ""
+
+...
diff --git a/helmfile/environments/default/global.yaml.gotmpl b/helmfile/environments/default/global.yaml.gotmpl
index a616017e..4ad0d04b 100644
--- a/helmfile/environments/default/global.yaml.gotmpl
+++ b/helmfile/environments/default/global.yaml.gotmpl
@@ -31,6 +31,7 @@ global:
# deployment.
#
hosts:
+ adminBot: "adminbot"
collabora: "office"
cryptpad: "pad"
element: "chat"
@@ -50,6 +51,7 @@ global:
openxchange: "webmail"
static: "static"
synapse: "matrix"
+ synapseAdmin: "synapse-admin"
synapseFederation: "matrix-federation"
whiteboard: "whiteboard"
xwiki: "wiki"
diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl
index 9706ef37..419c9fd7 100644
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
#
@@ -13,6 +13,22 @@ images:
registry: "registry-1.docker.io"
repository: "bitnami/os-shell"
tag: "12-debian-12-r34@sha256:41e0561b0f08011c24acc5e8ad4c0d09a36062cfab35d9ec7b3fdd4cfecc01e0"
+ cassandra:
+ # providerCategory: "Community"
+ # providerResponsible: "openDesk"
+ # upstreamRegistry: "https://registry-1.docker.io"
+ # upstreamRepository: "bitnami/cassandra"
+ registry: "registry-1.docker.io"
+ repository: "bitnami/cassandra"
+ tag: "5.0.2-debian-12-r1@sha256:9f5fd6fe3a24b7e5ea215a99a0e0d6a10d11a914d6eb8c511780271a9097f5ea"
+ cassandraExporter:
+ # providerCategory: "Community"
+ # providerResponsible: "openDesk"
+ # upstreamRegistry: "https://registry-1.docker.io"
+ # upstreamRepository: "bitnami/cassandra-exporter"
+ registry: "registry-1.docker.io"
+ repository: "bitnami/cassandra-exporter"
+ tag: "2.3.8-debian-12-r31@sha256:ae861f6c8712dd32c2304c680e4564802df689a62dc4aed2f4e7cfcbba8a8051"
clamd:
# providerCategory: "Community"
# providerResponsible: "openDesk"
@@ -29,6 +45,13 @@ images:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
tag: "24.04.9.2.1@sha256:749917bf9146d8507b3a63d422a30ebe4f499700421c30527e32f322a015c73d"
+ collaboraController:
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Collabora"
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
+ tag: "1.1.0@sha256:dfbbb6a9bfac94d39bd735eb143084803a774d2fc673a138bf08d4044e8d942a"
cryptpad:
# providerCategory: "Supplier"
# providerResponsible: "XWiki"
@@ -62,6 +85,48 @@ images:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
tag: "1.11.7@sha256:c5881cea86a721252e724000e4ed870cae66f9b3eabc45074e1f43b1818423bc"
+ elementAdminBot:
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/access_element_web"
+ tag: "v1.11.85@sha256:0e36121cbaab5a8146ef8561d8e77b38f711f855f1a353df3bb96a8d13303812"
+ elementGroupsync:
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/groupsync"
+ tag: "v0.14.0@sha256:a8cee92b9035d8cc80cc13194e4e0118c7dfbfcbc4c0ee5ac173582d0cd55846"
+ elementHaProxy:
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/haproxy"
+ tag: "3.0-alpine@sha256:c22c8710886104a48b920306f063401f0d11811858e3c6b9d87d88a7556b2e61"
+ elementPipe:
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/pipe"
+ tag: "6.3.1@sha256:7f487af25f220d31aa987665f9d1393b42e925c6b1a7e0458daaa91e8e7bf0c4"
+ elementSynapseAdmin:
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/synapse_admin"
+ tag: "v16.105.5-24.10@sha256:563979fc69162adf93f1286cf79dcbe58adf878a0e4e9332044e5ab6a7170350"
+ elementSyncAdmins:
+ # Enterprise Component
+ # providerCategory: "Supplier"
+ # providerResponsible: "Element"
+ registry: "registry.opencode.de"
+ repository: "bmi/opendesk/components/platform-development/images/opendesk-element-syncadmins"
+ tag: "1.0.3@sha256:1dea24d5f65a6f9ac63b402c772dd81dcd07a847d24845901c8a039461043097"
freshclam:
# providerCategory: "Community"
# providerResponsible: "openDesk"
diff --git a/helmfile/environments/default/opendesk_main.yaml.gotmpl b/helmfile/environments/default/opendesk_main.yaml.gotmpl
index f803af51..ba8003da 100644
--- a/helmfile/environments/default/opendesk_main.yaml.gotmpl
+++ b/helmfile/environments/default/opendesk_main.yaml.gotmpl
@@ -4,6 +4,9 @@
#
# Note: Currently only single namespace deployments are supported.
---
+cassandra:
+ enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
+ namespace: ~
certificates:
enabled: true
namespace: ~
@@ -16,6 +19,9 @@ clamavSimple:
collabora:
enabled: true
namespace: ~
+collaboraController:
+ enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
+ namespace: ~
cryptpad:
enabled: true
namespace: ~
@@ -28,6 +34,12 @@ dovecot:
element:
enabled: true
namespace: ~
+elementAdmin:
+ enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
+ namespace: ~
+elementGroupsync:
+ enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
+ namespace: ~
home:
enabled: true
namespace: ~
@@ -76,18 +88,4 @@ staticFiles:
xwiki:
enabled: true
namespace: ~
-
-# openDesk Enterprise Components
-cassandra:
- enabled: false
- namespace: ~
-elementAdmin:
- enabled: false
- namespace: ~
-elementGroupsync:
- enabled: false
- namespace: ~
-collaboraController:
- enabled: false
- namespace: ~
...
diff --git a/helmfile/environments/default/persistence.yaml.gotmpl b/helmfile/environments/default/persistence.yaml.gotmpl
index af3dba59..5a948e43 100644
--- a/helmfile/environments/default/persistence.yaml.gotmpl
+++ b/helmfile/environments/default/persistence.yaml.gotmpl
@@ -8,6 +8,10 @@ persistence:
RWO: ""
storages:
+ cassandra:
+ data: "1Gi"
+ commitLogsize: "256Mi"
+ storageClassName: ~
clamav:
size: "1Gi"
storageClassName: ~
diff --git a/helmfile/environments/default/replicas.yaml.gotmpl b/helmfile/environments/default/replicas.yaml.gotmpl
index 74136ad8..52cda218 100644
--- a/helmfile/environments/default/replicas.yaml.gotmpl
+++ b/helmfile/environments/default/replicas.yaml.gotmpl
@@ -5,6 +5,9 @@
# When adding new components in here, do not forget to add them as well to
# `../test/values.yaml.gotmpl` to ensure their linting coverage.
replicas:
+ # -- component: Cassandra
+ # -- scalable: tbd
+ cassandra: 1
# -- component: Antivirus (ClamAV)
# -- scalable: true
# -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
@@ -25,7 +28,13 @@ replicas:
# -- component: Weboffice (Collabora)
# -- scalable: true
+ # -- comment: If Collabora Controller is enabled, Collabora is autoscaling and the value below will be ignored.
+ # Please check `enterpriseFeatures.collabora.autoscaling` for autoscaling settings.
collabora: 1
+ # -- scalable: true
+ # -- comment: Load between Collabora Controller Pods is going to one Pod (the leader) only, therefore raise the number
+ # e.g. to `2` for high availability of the Collabora Controller.
+ collaboraController: 1
# -- component: Pad (CryptPad)
# -- scalable: false
@@ -190,6 +199,8 @@ replicas:
# -- scalable: tbd
openxchangeNextcloudIntegrationUI: 1
# -- scalable: tbd
+ openxchangePluginsUI: 1
+ # -- scalable: tbd
openxchangePublicSectorUI: 1
# -- component: Knowledge management (XWiki)
diff --git a/helmfile/environments/default/repositories.yaml.gotmpl b/helmfile/environments/default/repositories.yaml.gotmpl
index dd37c8df..0bacc09a 100644
--- a/helmfile/environments/default/repositories.yaml.gotmpl
+++ b/helmfile/environments/default/repositories.yaml.gotmpl
@@ -7,10 +7,12 @@ repositories:
image:
dockerHub: ""
registryOpencodeDe: ""
+ registryOpencodeDeEnterprise: "registry.opencode.de"
# Fine-granular registry settings, useful when you can't use virtual (Artifactory) or group (Nexus) repositories.
# Higher precedence than `global.imageRegistry`
helm:
registryOpencodeDe: ""
+ registryOpencodeDeEnterprise: "registry.opencode.de"
# ClamAV registry settings
clamav:
auth: {}
diff --git a/helmfile/environments/default/resources.yaml.gotmpl b/helmfile/environments/default/resources.yaml.gotmpl
index 219a1e41..7ad853dd 100644
--- a/helmfile/environments/default/resources.yaml.gotmpl
+++ b/helmfile/environments/default/resources.yaml.gotmpl
@@ -1,9 +1,17 @@
+# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
# Some charts do not support null or ~ values, because they use their default values.
# To not limit the CPU, we set all CPU limits to 99.
resources:
+ cassandra:
+ limits:
+ cpu: 99
+ memory: "4Gi"
+ requests:
+ cpu: 0.1
+ memory: "1Gi"
clamd:
limits:
cpu: 99
@@ -18,6 +26,13 @@ resources:
requests:
cpu: 0.5
memory: "512Mi"
+ collaboraController:
+ limits:
+ cpu: 99
+ memory: "128Mi"
+ requests:
+ cpu: 0.1
+ memory: "32Mi"
cryptpad:
limits:
cpu: 99
@@ -365,6 +380,13 @@ resources:
requests:
cpu: 0.01
memory: "32Mi"
+ openxchangePluginsUI:
+ limits:
+ cpu: 99
+ memory: "256Mi"
+ requests:
+ cpu: 0.05
+ memory: "32Mi"
openxchangePublicSectorUI:
limits:
cpu: 99
diff --git a/helmfile/environments/default/secrets.yaml.gotmpl b/helmfile/environments/default/secrets.yaml.gotmpl
index dcf49293..5e631c74 100644
--- a/helmfile/environments/default/secrets.yaml.gotmpl
+++ b/helmfile/environments/default/secrets.yaml.gotmpl
@@ -5,6 +5,10 @@ SPDX-License-Identifier: Apache-2.0
*/}}
---
secrets:
+ cassandra:
+ rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
+ dovecotUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_user" | sha1sum | quote }}
+
oxAppSuite:
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
@@ -26,6 +30,7 @@ secrets:
keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }}
nextcloud: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_nextcloud" | sha1sum | quote }}
dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_dovecot" | sha1sum | quote }}
+ element: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_element" | sha1sum | quote }}
ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_ox" | sha1sum | quote }}
openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_openproject" | sha1sum | quote }}
xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_xwiki" | sha1sum | quote }}
@@ -118,10 +123,22 @@ secrets:
intercom:
secret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "secret" | sha1sum | quote }}
synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "as_token" | sha1sum | quote }}
+ matrixAdminBot:
+ backupPassphrase: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-admin-bot" "backupPassphrase" | sha1sum | quote }}
+ password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-admin-bot" "password" | sha1sum | quote }}
+ synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-admin-bot" "as_token" | sha1sum | quote }}
+ matrixAuditBot:
+ backupPassphrase: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-auditbot-bot" "backupPassphrase" | sha1sum | quote }}
+ password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-auditbot-bot" "password" | sha1sum | quote }}
+ synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-audit-bot" "as_token" | sha1sum | quote }}
+ matrixGroupsync:
+ synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-groupsync" "as_token" | sha1sum | quote }}
matrixNeoDateFixBot:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-neodatefix-bot" "password" | sha1sum | quote }}
matrixUserVerificationService:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-user-verification-service" "password" | sha1sum | quote }}
+ synapse:
+ registrationSharedSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "synapse" "registrationSharedSecret" | sha1sum | quote }}
certificates:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "certificates" "password" | sha1sum | quote }}
notes:
diff --git a/helmfile/environments/default/selinux.yaml.gotmpl b/helmfile/environments/default/selinux.yaml.gotmpl
index 10d50867..2134c83d 100644
--- a/helmfile/environments/default/selinux.yaml.gotmpl
+++ b/helmfile/environments/default/selinux.yaml.gotmpl
@@ -6,10 +6,12 @@
# break the affected components with these settings.
---
seLinuxOptions:
+ cassandra: ~
clamavSimple: ~
clamav: ~
clamd: ~
collabora: ~
+ collaboraController: ~
cryptpad: ~
dkimpy: ~
dovecot: ~
@@ -56,6 +58,7 @@ seLinuxOptions:
openxchangeGuardUI: ~
openxchangeImageConverter: ~
openxchangeNextcloudIntegrationUI: ~
+ openxchangePluginsUI: ~
openxchangePublicSectorUI: ~
oxConnector: ~
postfix: ~