sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(helmfile): Integrate oD EE

Browse Source
This commit is contained in:
Thorsten Roßner
2025-01-27 14:45:01 +01:00
parent 40aa9d0e63
commit 03ec70435c
60 changed files with 754 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.gitlab-ci.yml
View File

@@ -283,6 +283,18 @@ env-start:
ca:
secretName: opendesk-root-cert-secret
EOF
after_script:
# Set credentials for openDesk Enterprise Registry
- |
if [[ -n "${OPENDESK_ENTERPRISE}" ]]; then
kubectl create secret
--namespace "${NAMESPACE}"
docker-registry enterprise-registry
--docker-server "registry.opencode.de"
--docker-username "${OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME}"
--docker-password "${OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD}"
--dry-run=client -o yaml | kubectl apply -f -
fi
stage: "env"
policies-deploy:

102
README-EE.md Normal file
View File

@@ -0,0 +1,102 @@
<!--
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
-->
<h1>openDesk Enterprise Edition</h1>
<!-- TOC -->
* [Components](#components)
* [Enabling the Enterprise deployment](#enabling-the-enterprise-deployment)
* [Configuring the oD EE deployment for self-hosted installations](#configuring-the-od-ee-deployment-for-self-hosted-installations)
* [Registry access](#registry-access)
* [License keys](#license-keys)
<!-- TOC -->
openDesk Enterprise Edition is recommended for production use. It receives support and patches from ZenDiS and the suppliers of the components due to the included product subscriptions.
The document refers to openDesk Community Edition as "oD CE" and for the openDesk Enterprise Edition it is "oD EE".
Please contact [ZenDiS](mailto:opendesk@zendis.de) to get openDesk Enterprise, either as SaaS offering or for you on-premise installation.
# Components
The following components using the same codebase and artifacts for their Enterprise and Community offering:
- Cryptpad
- Jitsi
- Nubus
- OpenProject
- XWiki
The following components have - at least partially - Enterprise specific artifacts:
- Collabora: Collabora Online image version `<major>.<minor>.<patch>.3` will be used once available, at the same time the Collabora Development Edition image will be updated to `<major>.<minor>.<patch>.2` for oD CE.
- Element: Some artifacts providing additional functionality are only available in oD EE. For the shared artifacts we keep the ones in oD CE and oD EE in sync.
- Nextcloud: Specific enterprise image based on the NC Enterprise package is build based on the same release version as used in oD CE.
- OX AppSuite: oD CE and EE are using the same release version, in EE an enterprise-built container of the AppSuite's Core-Middleware is being integrated.
- OX Dovecot Pro 3: Dovecot Pro provides support for S3 storage and this feature is used by default.
# Enabling the Enterprise deployment
To enable the oD EE deployment you must set the environment variable `OPENDESK_ENTERPRISE` to any value.
```shell
OPENDESK_ENTERPRISE=any_value
```
# Configuring the oD EE deployment for self-hosted installations
## Registry access
With openDesk EE you get access to the related artifact registry owned by ZenDiS.
Three steps are required to access the registry - for step #1 and #2 you can set some variables. You can to define a `<your_name_for_the_secret>` freely, like `enterprise-secret`, as long as it consistent in step #1 and #3.
```shell
NAMESPACE=<your_namespace>
NAME_FOR_THE_SECRET=<your_name_for_the_secret>
YOUR_ENTERPRISE_REGISTRY_USERNAME=<your_registry_credential_username>
YOUR_ENTERPRISE_REGISTRY_PASSWORD=<your_registry_credential_password>
```
1. Add your registry credentials as secret to the namespace you want to deploy openDesk to. Do not forget to create the namespace if it does not exist yet (`kubectl create namespace ${NAMESPACE}`).
```shell
kubectl create secret --namespace "${NAMESPACE}" \
docker-registry "${NAME_FOR_THE_SECRET}" \
--docker-server "registry.opencode.de" \
--docker-username "${YOUR_ENTERPRISE_REGISTRY_USERNAME}" \
--docker-password "${YOUR_ENTERPRISE_REGISTRY_PASSWORD}" \
--dry-run=client -o yaml | kubectl apply -f -
```
2. Docker login to the registry to access Helm charts for local deployments:
```shell
docker login registry.opencode.de -u ${YOUR_ENTERPRISE_REGISTRY_USERNAME} -p ${YOUR_ENTERPRISE_REGISTRY_PASSWORD}
```
3. Reference the secret from step #1 in the deployment as well as the registry itself for `images` and `helm` charts:
```yaml
global:
imagePullSecrets:
- "<your_name_for_the_secret>"
repositories:
image:
registryOpencodeDeEnterprise: "registry.opencode.de"
helm:
registryOpencodeDeEnterprise: "registry.opencode.de"
```
## License keys
Some applications require license information for their Enterprise features to be enabled. With the aforementioned registry credentials you will also receive a file called `enterprise.yaml` containing the relevant license keys.
Please place the file next your other `.yaml.gotmpl` file(s) that configure your deployment.
Details regarding the scope/limitation of the component's licenses:
- Nextcloud: Enterprise license to enable [Nextcloud Enterprise](https://nextcloud.com/de/enterprise/) specific features, can be used across multiple installations until the licensed number of users is reached.
- OpenProject: Domain specific enterprise license to enable [OpenProject's Enterprise feature set](https://www.openproject.org/enterprise-edition/), domain matching can use regular expressions.
- XWiki: Deployment specific enterprise license (key pair) to activate the [XWiki Pro](https://xwiki.com/en/offerings/products/xwiki-pro) apps.

2
README.md
View File

@@ -27,6 +27,8 @@ SPDX-License-Identifier: Apache-2.0
openDesk is a Kubernetes based, open-source and cloud-native digital workplace suite provided by the
*Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH*.
For production use the [openDesk Enterprise Edition](./README-EE.md) is required.
openDesk currently features the following functional main components:
| Function | Functional Component | Component<br/>Version | Upstream Documentation |

14
helmfile/apps/collabora/helmfile-child.yaml.gotmpl
View File

@@ -28,17 +28,23 @@ releases:
version: "{{ .Values.charts.collabora.version }}"
values:
- "values.yaml.gotmpl"
{{ range .Values.customization.release.collaboraOnline }}
{{- if (env "OPENDESK_ENTERPRISE") }}
- "values-enterprise.yaml.gotmpl"
{{- end }}
{{- range .Values.customization.release.collaboraOnline }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.collabora.enabled }}
- name: "collabora-controller"
chart: "collabora-controller-repo/{{ .Values.charts.collaboraController.name }}"
version: "{{ .Values.charts.collaboraController.version }}"
values:
{{ range .Values.customization.release.collaboraController }}
{{- if (env "OPENDESK_ENTERPRISE") }}
- "values-coco-enterprise.yaml.gotmpl"
{{- end }}
{{- range .Values.customization.release.collaboraController }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.collaboraController.enabled }}
commonLabels:

2
helmfile/apps/collabora/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

63
helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl Normal file
View File

@@ -0,0 +1,63 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
controller:
enableHashmapParallelization: true
ingressUrl: "https://{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
namespacedRole: true
# CoolController uses `app.kubernetes.io/name` label to find deployment resource
# openDesk uses `fullnameOverride` in Collabora Deployment that updates `metadata.name` not the `app.kubernetes.io/name`
# Therefore we use the default of `collabora-online` for the `resourceName`
resourceName: "collabora-online"
statsInterval: 2000
watchNamespace: {{ (.Values.collabora.namespace | default .Release.Namespace | quote) }}
documentMigrator:
enabled: true
coolMemoryUtilization: {{ .Values.enterpriseFeatures.collabora.autoscaling.targetMemoryUtilizationPercentage }}
coolMemoryLimit: {{ .Values.resources.collabora.limits.memory }}
leaderElection:
enabled: {{ if gt .Values.replicas.collaboraController 1 }}true{{ else }}false{{ end }}
image:
repository: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.collaboraController.registry }}/{{ .Values.images.collaboraController.repository }}"
tag: {{ .Values.images.collaboraController.tag | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
ingress:
enabled: {{ .Values.ingress.enabled }}
className: {{ .Values.ingress.ingressClassName | quote }}
hosts:
- host: "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
paths:
- path: "/controller"
pathType: "Prefix"
podAnnotations: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsGroup: 2000
runAsUser: 1000
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
replicaCount: {{ .Values.replicas.collaboraController }}
resources:
{{ .Values.resources.collaboraController | toYaml | nindent 2 }}
...

15
helmfile/apps/collabora/values-enterprise.yaml.gotmpl Normal file
View File

@@ -0,0 +1,15 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
image:
repository: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.collabora.registry }}/{{ .Values.images.collabora.repository }}"
autoscaling:
enabled: {{ .Values.collaboraController.enabled }}
minReplicas: {{ .Values.enterpriseFeatures.collabora.autoscaling.minReplicas }}
maxReplicas: {{ .Values.enterpriseFeatures.collabora.autoscaling.maxReplicas }}
targetMemoryUtilizationPercentage: {{ .Values.enterpriseFeatures.collabora.autoscaling.targetMemoryUtilizationPercentage }}
targetCPUUtilizationPercentage: {{ .Values.enterpriseFeatures.collabora.autoscaling.targetCPUUtilizationPercentage }}
scaleDownDisabled: {{ .Values.enterpriseFeatures.collabora.autoscaling.scaleDownDisabled }}
...

4
helmfile/apps/cryptpad/helmfile-child.yaml.gotmpl
View File

@@ -18,9 +18,9 @@ releases:
version: "{{ .Values.charts.cryptpad.version }}"
values:
- "values.yaml.gotmpl"
{{ range .Values.customization.release.cryptpad }}
{{- range .Values.customization.release.cryptpad }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.cryptpad.enabled }}
commonLabels:

2
helmfile/apps/cryptpad/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

44
helmfile/apps/element/helmfile-child.yaml.gotmpl
View File

@@ -117,9 +117,9 @@ releases:
version: "{{ .Values.charts.element.version }}"
values:
- "values-element.yaml.gotmpl"
{{ range .Values.customization.release.opendeskElement }}
{{- range .Values.customization.release.opendeskElement }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -128,9 +128,9 @@ releases:
version: "{{ .Values.charts.elementWellKnown.version }}"
values:
- "values-well-known.yaml.gotmpl"
{{ range .Values.customization.release.opendeskWellKnown }}
{{- range .Values.customization.release.opendeskWellKnown }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -139,9 +139,9 @@ releases:
version: "{{ .Values.charts.synapseWeb.version }}"
values:
- "values-synapse-web.yaml.gotmpl"
{{ range .Values.customization.release.opendeskSynapseWeb }}
{{- range .Values.customization.release.opendeskSynapseWeb }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -150,9 +150,9 @@ releases:
version: "{{ .Values.charts.synapse.version }}"
values:
- "values-synapse.yaml.gotmpl"
{{ range .Values.customization.release.opendeskSynapse }}
{{- range .Values.customization.release.opendeskSynapse }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.element.enabled }}
timeout: 900
@@ -217,9 +217,9 @@ releases:
chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}"
version: "{{ .Values.charts.synapseAdmin.version }}"
values:
{{ range .Values.customization.release.opendeskSynapseAdmin }}
{{- range .Values.customization.release.opendeskSynapseAdmin }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -227,9 +227,9 @@ releases:
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
{{ range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
{{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -237,9 +237,9 @@ releases:
chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
version: "{{ .Values.charts.synapsePipe.version }}"
values:
{{ range .Values.customization.release.opendeskSynapseAdminbotPipe }}
{{- range .Values.customization.release.opendeskSynapseAdminbotPipe }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -247,9 +247,9 @@ releases:
chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}"
version: "{{ .Values.charts.synapseAdminbotWeb.version }}"
values:
{{ range .Values.customization.release.opendeskSynapseAdminbotWeb }}
{{- range .Values.customization.release.opendeskSynapseAdminbotWeb }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -257,9 +257,9 @@ releases:
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
{{ range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
{{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -267,9 +267,9 @@ releases:
chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
version: "{{ .Values.charts.synapsePipe.version }}"
values:
{{ range .Values.customization.release.opendeskSynapseAuditbotPipe }}
{{- range .Values.customization.release.opendeskSynapseAuditbotPipe }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.elementAdmin.enabled }}
timeout: 900
@@ -277,9 +277,9 @@ releases:
chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}"
version: "{{ .Values.charts.synapseGroupsync.version }}"
values:
{{ range .Values.customization.release.opendeskSynapseGroupsync }}
{{- range .Values.customization.release.opendeskSynapseGroupsync }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.elementGroupsync.enabled }}
timeout: 900

2
helmfile/apps/element/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

4
helmfile/apps/jitsi/helmfile-child.yaml.gotmpl
View File

@@ -18,9 +18,9 @@ releases:
version: "{{ .Values.charts.jitsi.version }}"
values:
- "values-jitsi.yaml.gotmpl"
{{ range .Values.customization.release.jitsi }}
{{- range .Values.customization.release.jitsi }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.jitsi.enabled }}
timeout: 900

2
helmfile/apps/jitsi/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

14
helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl
View File

@@ -25,9 +25,12 @@ releases:
version: "{{ .Values.charts.nextcloudManagement.version }}"
values:
- "values-nextcloud-mgmt.yaml.gotmpl"
{{ range .Values.customization.release.opendeskNextcloudManagement }}
{{- if (env "OPENDESK_ENTERPRISE") }}
- "values-nextcloud-mgmt-enterprise.yaml.gotmpl"
{{- end }}
{{- range .Values.customization.release.opendeskNextcloudManagement }}
- {{ . }}
{{ end }}
{{- end }}
waitForJobs: true
wait: true
installed: {{ .Values.nextcloud.enabled }}
@@ -37,9 +40,12 @@ releases:
version: "{{ .Values.charts.nextcloud.version }}"
values:
- "values-nextcloud.yaml.gotmpl"
{{ range .Values.customization.release.opendeskNextcloud }}
{{- if (env "OPENDESK_ENTERPRISE") }}
- "values-nextcloud-enterprise.yaml.gotmpl"
{{- end }}
{{- range .Values.customization.release.opendeskNextcloud }}
- {{ . }}
{{ end }}
{{- end }}
needs:
- "opendesk-nextcloud-management"
installed: {{ .Values.nextcloud.enabled }}

2
helmfile/apps/nextcloud/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

9
helmfile/apps/nextcloud/values-nextcloud-enterprise.yaml.gotmpl Normal file
View File

@@ -0,0 +1,9 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
aio:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
...

12
helmfile/apps/nextcloud/values-nextcloud-mgmt-enterprise.yaml.gotmpl Normal file
View File

@@ -0,0 +1,12 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
configuration:
enterprise:
subscriptionKey: {{ if .Values.enterpriseKeys.nextcloud.subscriptionKey }}{{ .Values.enterpriseKeys.nextcloud.subscriptionKey | quote }}{{ end }}
subscriptionData: {{ if .Values.enterpriseKeys.nextcloud.subscriptionData}}{{ .Values.enterpriseKeys.nextcloud.subscriptionData | quote }}{{ end }}
...

4
helmfile/apps/notes/helmfile-child.yaml.gotmpl
View File

@@ -19,9 +19,9 @@ releases:
wait: true
values:
- "values.yaml.gotmpl"
{{ range .Values.customization.release.notes }}
{{- range .Values.customization.release.notes }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.notes.enabled }}
timeout: 1800

2
helmfile/apps/notes/helmfile.yaml.gotmpl
View File

@@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

16
helmfile/apps/nubus/helmfile-child.yaml.gotmpl
View File

@@ -44,9 +44,9 @@ releases:
version: "{{ .Values.charts.nubus.version }}"
values:
- "values-nubus.yaml.gotmpl"
{{ range .Values.customization.release.ums }}
{{- range .Values.customization.release.ums }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.nubus.enabled }}
timeout: 900
# Intercom-Service
@@ -55,9 +55,9 @@ releases:
version: "{{ .Values.charts.intercomService.version }}"
values:
- "values-intercom-service.yaml.gotmpl"
{{ range .Values.customization.release.intercomService }}
{{- range .Values.customization.release.intercomService }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.nubus.enabled }}
# openDesk Keycloak Bootstrap Chart
@@ -66,9 +66,9 @@ releases:
version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}"
values:
- "values-opendesk-keycloak-bootstrap.yaml.gotmpl"
{{ range .Values.customization.release.opendeskKeycloakBootstrap }}
{{- range .Values.customization.release.opendeskKeycloakBootstrap }}
- {{ . }}
{{ end }}
{{- end }}
needs:
- "ums"
installed: {{ .Values.nubus.enabled }}
@@ -80,9 +80,9 @@ releases:
version: "{{ .Values.charts.nginxS3Gateway.version }}"
values:
- "values-nginx-s3-gateway.yaml.gotmpl"
{{ range .Values.customization.release.nginxS3Gateway }}
{{- range .Values.customization.release.nginxS3Gateway }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ not .Values.minio.enabled }}
timeout: 900

2
helmfile/apps/nubus/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

2
helmfile/apps/nubus/values-nubus.yaml.gotmpl
View File

@@ -1151,7 +1151,7 @@ nubusStackDataUms:
portaltileGroupNotes:
- 'cn=managed-by-attribute-Notes,cn=groups,{{ .Values.ldap.baseDn }}'
systemInformation:
releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}{{ if (env "OPENDESK_ENTERPRISE") }}-ee{{ end }}"
{{- if .Values.functional.admin.portal.deploymentTimestamp.enabled }}
deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
{{- else }}

21
helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl
View File

@@ -45,9 +45,9 @@ releases:
version: "{{ .Values.charts.dovecot.version }}"
values:
- "values-dovecot.yaml.gotmpl"
{{ range .Values.customization.release.dovecot }}
{{- range .Values.customization.release.dovecot }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.dovecot.enabled }}
timeout: 900
@@ -56,10 +56,13 @@ releases:
version: "{{ .Values.charts.oxAppSuite.version }}"
values:
- "values-openxchange.yaml.gotmpl"
- "values-openxchange-enterprise-contact-picker.yaml.gotmpl"
{{ range .Values.customization.release.openxchange }}
- "values-openxchange-contact-picker.yaml.gotmpl"
{{- if (env "OPENDESK_ENTERPRISE") }}
- "values-openxchange-enterprise.yaml.gotmpl"
{{- end }}
{{- range .Values.customization.release.openxchange }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.oxAppSuite.enabled }}
timeout: 900
@@ -68,9 +71,9 @@ releases:
version: "{{ .Values.charts.oxAppSuiteBootstrap.version }}"
values:
- "values-openxchange-bootstrap.yaml.gotmpl"
{{ range .Values.customization.release.opendeskOpenxchangeBootstrap }}
{{- range .Values.customization.release.opendeskOpenxchangeBootstrap }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.oxAppSuite.enabled }}
timeout: 900
@@ -79,9 +82,9 @@ releases:
version: "{{ .Values.charts.oxConnector.version }}"
values:
- "values-oxconnector.yaml.gotmpl"
{{ range .Values.customization.release.oxConnector }}
{{- range .Values.customization.release.oxConnector }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.oxAppSuite.enabled }}
needs:
- "open-xchange"

2
helmfile/apps/open-xchange/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

0
helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl → helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
View File

19
helmfile/apps/open-xchange/values-openxchange-enterprise.yaml.gotmpl Normal file
View File

@@ -0,0 +1,19 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
appsuite:
plugins-ui:
enabled: false
core-mw:
global:
extras:
monitoring:
enabled: true
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.openxchangeCoreMW.registry | quote }}
update:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.openxchangeCoreMW.registry | quote }}
...

4
helmfile/apps/opendesk-migrations-post/helmfile-child.yaml.gotmpl
View File

@@ -21,9 +21,9 @@ releases:
values:
- "values.yaml.gotmpl"
- "../../shared/migrations.yaml.gotmpl"
{{ range .Values.customization.release.migrationsPost }}
{{- range .Values.customization.release.migrationsPost }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.migrations.enabled }}
timeout: 900

2
helmfile/apps/opendesk-migrations-post/helmfile.yaml.gotmpl
View File

@@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

4
helmfile/apps/opendesk-migrations-pre/helmfile-child.yaml.gotmpl
View File

@@ -21,9 +21,9 @@ releases:
values:
- "values.yaml.gotmpl"
- "../../shared/migrations.yaml.gotmpl"
{{ range .Values.customization.release.migrationsPre }}
{{- range .Values.customization.release.migrationsPre }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.migrations.enabled }}
timeout: 900

2
helmfile/apps/opendesk-migrations-pre/helmfile.yaml.gotmpl
View File

@@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

4
helmfile/apps/opendesk-openproject-bootstrap/helmfile-child.yaml.gotmpl
View File

@@ -20,9 +20,9 @@ releases:
waitForJobs: true
values:
- "values.yaml.gotmpl"
{{ range .Values.customization.release.opendeskOpenprojectBootstrap }}
{{- range .Values.customization.release.opendeskOpenprojectBootstrap }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.openproject.enabled }}
timeout: 900

2
helmfile/apps/opendesk-openproject-bootstrap/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

24
helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl
View File

@@ -68,9 +68,9 @@ releases:
version: "{{ .Values.charts.otterize.version }}"
values:
- "values-otterize.yaml.gotmpl"
{{ range .Values.customization.release.opendeskOtterize }}
{{- range .Values.customization.release.opendeskOtterize }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.security.otterizeIntents.enabled }}
timeout: 900
@@ -79,9 +79,9 @@ releases:
version: "{{ .Values.charts.home.version }}"
values:
- "values-home.yaml.gotmpl"
{{ range .Values.customization.release.opendeskHome }}
{{- range .Values.customization.release.opendeskHome }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.home.enabled }}
- name: "opendesk-certificates"
@@ -89,9 +89,9 @@ releases:
version: "{{ .Values.charts.certificates.version }}"
values:
- "values-certificates.yaml.gotmpl"
{{ range .Values.customization.release.opendeskCertificates }}
{{- range .Values.customization.release.opendeskCertificates }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.certificates.enabled }}
timeout: 900
@@ -100,9 +100,9 @@ releases:
version: "{{ .Values.charts.opendeskAlerts.version }}"
values:
- "values-opendesk-alerts.yaml.gotmpl"
{{ range .Values.customization.release.opendeskAlerts}}
{{- range .Values.customization.release.opendeskAlerts }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
timeout: 900
@@ -111,7 +111,9 @@ releases:
version: "{{ .Values.charts.opendeskDashboards.version }}"
values:
- "values-opendesk-dashboards.yaml.gotmpl"
- {{ .Values.customization.release.opendeskDashboards | default "additionalValues: false" }}
{{- range .Values.customization.release.opendeskDashboards }}
- {{ . }}
{{- end }}
installed: {{ .Values.monitoring.grafana.dashboards.enabled }}
timeout: 900
@@ -120,7 +122,9 @@ releases:
version: "{{ .Values.charts.opendeskStaticFiles.version }}"
values:
- "values-opendesk-static-files.yaml.gotmpl"
- {{ .Values.customization.release.opendeskStaticFiles | default "additionalValues: false" }}
{{- range .Values.customization.release.opendeskStaticFiles }}
- {{ . }}
{{- end }}
installed: {{ .Values.staticFiles.enabled }}
timeout: 900

2
helmfile/apps/opendesk-services/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

4
helmfile/apps/openproject/helmfile-child.yaml.gotmpl
View File

@@ -20,9 +20,9 @@ releases:
waitForJobs: true
values:
- "values.yaml.gotmpl"
{{ range .Values.customization.release.openproject }}
{{- range .Values.customization.release.openproject }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.openproject.enabled }}
timeout: 1800

2
helmfile/apps/openproject/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

3
helmfile/apps/openproject/values.yaml.gotmpl
View File

@@ -38,6 +38,9 @@ dbInit:
{{ .Values.resources.openprojectDbInit | toYaml | nindent 4 }}
environment:
{{- if and (env "OPENDESK_ENTERPRISE") .Values.enterpriseKeys.openproject.token }}
OPENPROJECT_ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
{{- end }}
# For more details and more options see
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
OPENPROJECT_APP__TITLE: "Projekte - {{ .Values.theme.texts.productName }}"

41
helmfile/apps/services-external/helmfile-child.yaml.gotmpl
View File

@@ -100,9 +100,9 @@ releases:
version: "{{ .Values.charts.redis.version }}"
values:
- "values-redis.yaml.gotmpl"
{{ range .Values.customization.release.redis }}
{{- range .Values.customization.release.redis }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.redis.enabled }}
timeout: 900
@@ -111,9 +111,9 @@ releases:
version: "{{ .Values.charts.memcached.version }}"
values:
- "values-memcached.yaml.gotmpl"
{{ range .Values.customization.release.memcached }}
{{- range .Values.customization.release.memcached }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.memcached.enabled }}
timeout: 900
@@ -122,9 +122,9 @@ releases:
version: "{{ .Values.charts.postgresql.version }}"
values:
- "values-postgresql.yaml.gotmpl"
{{ range .Values.customization.release.postgresql }}
{{- range .Values.customization.release.postgresql }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.postgresql.enabled }}
timeout: 900
@@ -133,9 +133,9 @@ releases:
version: "{{ .Values.charts.mariadb.version }}"
values:
- "values-mariadb.yaml.gotmpl"
{{ range .Values.customization.release.mariadb }}
{{- range .Values.customization.release.mariadb }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.mariadb.enabled }}
timeout: 900
@@ -144,9 +144,9 @@ releases:
version: "{{ .Values.charts.postfix.version }}"
values:
- "values-postfix.yaml.gotmpl"
{{ range .Values.customization.release.postfix }}
{{- range .Values.customization.release.postfix }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.postfix.enabled }}
timeout: 900
@@ -155,9 +155,9 @@ releases:
version: "{{ .Values.charts.dkimpy.version }}"
values:
- "values-dkimpy.yaml.gotmpl"
{{ range .Values.customization.release.opendeskDkimpyMilter }}
{{- range .Values.customization.release.opendeskDkimpyMilter }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.dkimpy.enabled }}
timeout: 900
@@ -166,9 +166,9 @@ releases:
version: "{{ .Values.charts.clamav.version }}"
values:
- "values-clamav-distributed.yaml.gotmpl"
{{ range .Values.customization.release.clamav }}
{{- range .Values.customization.release.clamav }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.clamavDistributed.enabled }}
timeout: 900
@@ -177,9 +177,9 @@ releases:
version: "{{ .Values.charts.clamavSimple.version }}"
values:
- "values-clamav-simple.yaml.gotmpl"
{{ range .Values.customization.release.clamavSimple }}
{{- range .Values.customization.release.clamavSimple }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.clamavSimple.enabled }}
timeout: 900
@@ -188,9 +188,9 @@ releases:
version: "{{ .Values.charts.minio.version }}"
values:
- "values-minio.yaml.gotmpl"
{{ range .Values.customization.release.minio }}
{{- range .Values.customization.release.minio }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.minio.enabled }}
timeout: 900
@@ -199,9 +199,10 @@ releases:
chart: "cassandra-repo/{{ .Values.charts.cassandra.name }}"
version: "{{ .Values.charts.cassandra.version }}"
values:
{{ range .Values.customization.release.cassandra }}
- "values-cassandra.yaml.gotmpl"
{{- range .Values.customization.release.cassandra }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.cassandra.enabled }}
timeout: 900

2
helmfile/apps/services-external/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

98
helmfile/apps/services-external/values-cassandra.yaml.gotmpl Normal file
View File

@@ -0,0 +1,98 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.cassandra | toYaml | nindent 4 }}
dbUser:
user: "root"
password: {{ .Values.secrets.cassandra.rootPassword | quote }}
global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.cassandra.registry | quote }}
repository: {{ .Values.images.cassandra.repository | quote }}
tag: {{ .Values.images.cassandra.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
initDB:
initUserData.cql: >
CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecot.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecot.username | quote }};
ALTER ROLE {{ .Values.databases.dovecot.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotUser "''" | squote }} AND LOGIN = true;
GRANT ALL ON KEYSPACE {{ .Values.databases.dovecot.name | quote }} TO {{ .Values.databases.dovecot.username | quote }};
# Will print a warning if unset but is automatically calculated:
jvm:
maxHeapSize: ""
newHeapSize: ""
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 5
metrics:
enabled: false
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.cassandraExporter.registry | quote }}
repository: {{ .Values.images.cassandraExporter.repository | quote }}
tag: {{ .Values.images.cassandraExporter.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
persistence:
commitLogsize: {{ .Values.persistence.storages.cassandra.commitLogsize | quote }}
size: {{ .Values.persistence.storages.cassandra.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.cassandra.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroup: 1001
fsGroupChangePolicy: "Always"
supplementalGroups: []
sysctls: []
readinessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 5
replicaCount: {{ .Values.replicas.cassandra }}
resources:
{{ .Values.resources.cassandra | toYaml | nindent 2 }}
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 60
...

4
helmfile/apps/xwiki/helmfile-child.yaml.gotmpl
View File

@@ -19,9 +19,9 @@ releases:
wait: true
values:
- "values.yaml.gotmpl"
{{ range .Values.customization.release.xwiki }}
{{- range .Values.customization.release.xwiki }}
- {{ . }}
{{ end }}
{{- end }}
installed: {{ .Values.xwiki.enabled }}
timeout: 1800

2
helmfile/apps/xwiki/helmfile.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
- "../../bases/environments.yaml.gotmpl"
---
helmfiles:
- path: "./helmfile-child.yaml.gotmpl"

10
helmfile/apps/xwiki/values.yaml.gotmpl
View File

@@ -17,12 +17,15 @@ image:
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: {{ .Values.global.imagePullSecrets }}
{{- if .Values.certificate.selfSigned }}
javaOpts:
{{- if and (env "OPENDESK_ENTERPRISE") .Values.enterprise.xwiki.opendeskEnterpriseLicense .Values.enterprise.xwiki.proApplicationslicense }}
- "-Dlicenses={{ .Values.enterpriseKeys.xwiki.opendeskEnterpriseLicense }},{{ .Values.enterpriseKeys.xwiki.proApplicationslicense }}"
{{- end }}
{{- if .Values.certificate.selfSigned }}
- "-Djavax.net.ssl.trustStore=/etc/ssl/certs/truststore.jks"
- "-Djavax.net.ssl.trustStoreType=jks"
- {{ printf "%s=%s" "-Djavax.net.ssl.trustStorePassword" .Values.secrets.certificates.password | quote }}
{{- end }}
{{- end }}
externalDB:
{{- if eq .Values.databases.xwiki.type "mariadb" }}
@@ -83,6 +86,9 @@ customConfigs:
xwiki.authentication.ldap.fields_mapping: "last_name=sn,first_name=givenName,email=mailPrimaryAddress"
xwiki.properties:
{{- if (env "OPENDESK_ENTERPRISE") }}
distribution.defaultUI: "com.xwiki.projects.swp:xwiki-swp-flavor-enterprise-main"
{{- end }}
wikiInitializer.initialRequest.xwiki.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/distribution/"
wikiInitializer.initialRequest.xwiki.contextPath: "/"
wikiInitializer.initialRequest.xwiki.remoteAddress: "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"

12
helmfile/bases/environments.yaml → helmfile/bases/environments.yaml.gotmpl
View File

@@ -5,16 +5,28 @@ environments:
default:
values:
- "../../environments/default/*.yaml.gotmpl"
{{- if (env "OPENDESK_ENTERPRISE") }}
- "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
{{- end }}
dev:
values:
- "../../environments/default/*.yaml.gotmpl"
{{- if (env "OPENDESK_ENTERPRISE") }}
- "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
{{- end }}
- "../../environments/dev/*.yaml.gotmpl"
test:
values:
- "../../environments/default/*.yaml.gotmpl"
{{- if (env "OPENDESK_ENTERPRISE") }}
- "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
{{- end }}
- "../../environments/test/*.yaml.gotmpl"
prod:
values:
- "../../environments/default/*.yaml.gotmpl"
{{- if (env "OPENDESK_ENTERPRISE") }}
- "../../environments/default-enterprise-overrides/*.yaml.gotmpl"
{{- end }}
- "../../environments/prod/*.yaml.gotmpl"
...

11
helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl Normal file
View File

@@ -0,0 +1,11 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
charts:
oxAppSuite:
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
name: "appsuite-public-sector-pro-chart"
version: "1.10.114"
verify: false
...

17
helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl Normal file
View File

@@ -0,0 +1,17 @@
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
images:
collabora:
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
tag: "24.04.9.4.2@sha256:7c38f2568855ec33c11296d65384766230ea3097a245a60b9e8b0b62cb9cc17f"
nextcloud:
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
tag: "1.0.5@sha256:a541b29dad10deb99dbae6c3a463e994a054ac5c7ffc0a5c524c7b0f65544748"
openxchangeCoreMW:
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/core-mw"
tag: "8.30.63@sha256:181fcb31f500f88573e6b735587b52df906199337fa62aeee1e64aacdc64f548"
...

13
helmfile/environments/default-enterprise-overrides/resources.yaml.gotmpl Normal file
View File

@@ -0,0 +1,13 @@
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
resources:
collabora:
# When using CollaboraController for autoscaling, `targetMemoryUtilizationPercentage` and
# `targetCPUUtilizationPercentage` defined at `enterpriseFeatures.collabora.autoscaling`
# are checked against the values defined below under `requests`, so please ensure you set these
# appropriately to avoid unnecessary scaling.
requests:
cpu: 3
memory: "3Gi"
...

79
helmfile/environments/default/charts.yaml.gotmpl
View File

@@ -7,11 +7,14 @@
---
charts:
cassandra:
# Component is required for openDesk Enterprise only.
registry: ""
repository: ""
name: ""
version: ""
# providerCategory: "Community"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry-1.docker.io"
# upstreamRepository: "bitnamicharts/cassandra"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/external/charts/bitnami-charts"
name: "cassandra"
version: "12.0.4"
verify: true
certificates:
# providerCategory: "Platform"
@@ -56,12 +59,14 @@ charts:
version: "1.1.21"
verify: true
collaboraController:
# Component is required for openDesk Enterprise only.
registry: ""
repository: ""
name: ""
version: ""
verify: true
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Collabora"
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
name: "cool-controller"
version: "1.1.1"
verify: false
cryptpad:
# providerCategory: "Supplier"
# providerResponsible: "XWiki"
@@ -447,8 +452,8 @@ charts:
version: "18.6.1"
verify: true
synapse:
# providerCategory: "Platform"
# providerResponsible: "openDesk"
# providerCategory: "Supplier"
# providerResponsible: "Element"
# upstreamRegistry: "https://registry.opencode.de"
# upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse"
registry: "registry.opencode.de"
@@ -457,18 +462,22 @@ charts:
version: "6.0.2"
verify: true
synapseAdmin:
# Component is required for openDesk Enterprise only.
registry: ""
repository: ""
name: ""
version: ""
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
name: "opendesk-synapse-admin"
version: "5.0.1"
verify: true
synapseAdminbotWeb:
# Component is required for openDesk Enterprise only.
registry: ""
repository: ""
name: ""
version: ""
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
name: "opendesk-synapse-adminbot-web"
version: "5.0.1"
verify: true
synapseCreateAccount:
# providerCategory: "Platform"
@@ -481,18 +490,22 @@ charts:
version: "6.0.2"
verify: true
synapseGroupsync:
# Component is required for openDesk Enterprise only.
registry: ""
repository: ""
name: ""
version: ""
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
name: "opendesk-synapse-groupsync"
version: "5.0.1"
verify: true
synapsePipe:
# Component is required for openDesk Enterprise only.
registry: ""
repository: ""
name: ""
version: ""
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
name: "opendesk-synapse-pipe"
version: "5.0.1"
verify: true
synapseWeb:
# providerCategory: "Platform"

8
helmfile/environments/default/database.yaml.gotmpl
View File

@@ -6,6 +6,14 @@
databases:
defaults:
userConnectionLimit: 100
dovecot:
type: "cassandra"
name: "dovecot"
host: "cassandra"
port: 9042
username: "dovecot_user"
password: ""
connectionLimit: ~
keycloak:
type: "postgresql"
name: "keycloak"

15
helmfile/environments/default/enterprise_features.yaml.gotmpl Normal file
View File

@@ -0,0 +1,15 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
enterpriseFeatures:
collabora:
# Collabora autoscaling can be configured here. To enable autoscaling enable the Collabora
# Controller, see `opendesk_main.yaml.gotmpl` for reference.
autoscaling:
minReplicas: 1
maxReplicas: 4
scaleDownDisabled: false
targetMemoryUtilizationPercentage: 99
targetCPUUtilizationPercentage: 99
...

20
helmfile/environments/default/enterprise_keys.yaml.gotmpl Normal file
View File

@@ -0,0 +1,20 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
# The variables set in this file are required to upgrade components to their "Enterprise" product variant.
---
enterpriseKeys:
openproject:
# Enterprise token must match the deployment's OpenProject host name.
token: ~
xwiki:
# Per instance their must be a unique set of keys.
opendeskEnterpriseLicense: ""
proApplicationslicense: ""
nextcloud:
# Subscription key can be used for all customer owned instances, the number of users
# from all instances and is limited by the number of users the key was bought for.
subscriptionKey: ""
# Subscription data is required for air gapped installations.
subscriptionData: ""
...

2
helmfile/environments/default/global.yaml.gotmpl
View File

@@ -31,6 +31,7 @@ global:
# deployment.
#
hosts:
adminBot: "adminbot"
collabora: "office"
cryptpad: "pad"
element: "chat"
@@ -50,6 +51,7 @@ global:
openxchange: "webmail"
static: "static"
synapse: "matrix"
synapseAdmin: "synapse-admin"
synapseFederation: "matrix-federation"
whiteboard: "whiteboard"
xwiki: "wiki"

67
helmfile/environments/default/images.yaml.gotmpl
View File

@@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
#
@@ -13,6 +13,22 @@ images:
registry: "registry-1.docker.io"
repository: "bitnami/os-shell"
tag: "12-debian-12-r34@sha256:41e0561b0f08011c24acc5e8ad4c0d09a36062cfab35d9ec7b3fdd4cfecc01e0"
cassandra:
# providerCategory: "Community"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry-1.docker.io"
# upstreamRepository: "bitnami/cassandra"
registry: "registry-1.docker.io"
repository: "bitnami/cassandra"
tag: "5.0.2-debian-12-r1@sha256:9f5fd6fe3a24b7e5ea215a99a0e0d6a10d11a914d6eb8c511780271a9097f5ea"
cassandraExporter:
# providerCategory: "Community"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry-1.docker.io"
# upstreamRepository: "bitnami/cassandra-exporter"
registry: "registry-1.docker.io"
repository: "bitnami/cassandra-exporter"
tag: "2.3.8-debian-12-r31@sha256:ae861f6c8712dd32c2304c680e4564802df689a62dc4aed2f4e7cfcbba8a8051"
clamd:
# providerCategory: "Community"
# providerResponsible: "openDesk"
@@ -29,6 +45,13 @@ images:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
tag: "24.04.9.2.1@sha256:749917bf9146d8507b3a63d422a30ebe4f499700421c30527e32f322a015c73d"
collaboraController:
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Collabora"
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
tag: "1.1.0@sha256:dfbbb6a9bfac94d39bd735eb143084803a774d2fc673a138bf08d4044e8d942a"
cryptpad:
# providerCategory: "Supplier"
# providerResponsible: "XWiki"
@@ -62,6 +85,48 @@ images:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
tag: "1.11.7@sha256:c5881cea86a721252e724000e4ed870cae66f9b3eabc45074e1f43b1818423bc"
elementAdminBot:
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/access_element_web"
tag: "v1.11.85@sha256:0e36121cbaab5a8146ef8561d8e77b38f711f855f1a353df3bb96a8d13303812"
elementGroupsync:
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/groupsync"
tag: "v0.14.0@sha256:a8cee92b9035d8cc80cc13194e4e0118c7dfbfcbc4c0ee5ac173582d0cd55846"
elementHaProxy:
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/haproxy"
tag: "3.0-alpine@sha256:c22c8710886104a48b920306f063401f0d11811858e3c6b9d87d88a7556b2e61"
elementPipe:
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/pipe"
tag: "6.3.1@sha256:7f487af25f220d31aa987665f9d1393b42e925c6b1a7e0458daaa91e8e7bf0c4"
elementSynapseAdmin:
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/synapse_admin"
tag: "v16.105.5-24.10@sha256:563979fc69162adf93f1286cf79dcbe58adf878a0e4e9332044e5ab6a7170350"
elementSyncAdmins:
# Enterprise Component
# providerCategory: "Supplier"
# providerResponsible: "Element"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-element-syncadmins"
tag: "1.0.3@sha256:1dea24d5f65a6f9ac63b402c772dd81dcd07a847d24845901c8a039461043097"
freshclam:
# providerCategory: "Community"
# providerResponsible: "openDesk"

26
helmfile/environments/default/opendesk_main.yaml.gotmpl
View File

@@ -4,6 +4,9 @@
#
# Note: Currently only single namespace deployments are supported.
---
cassandra:
enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
namespace: ~
certificates:
enabled: true
namespace: ~
@@ -16,6 +19,9 @@ clamavSimple:
collabora:
enabled: true
namespace: ~
collaboraController:
enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
namespace: ~
cryptpad:
enabled: true
namespace: ~
@@ -28,6 +34,12 @@ dovecot:
element:
enabled: true
namespace: ~
elementAdmin:
enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
namespace: ~
elementGroupsync:
enabled: {{ if (env "OPENDESK_ENTERPRISE") }}true{{ else }}false{{ end }}
namespace: ~
home:
enabled: true
namespace: ~
@@ -76,18 +88,4 @@ staticFiles:
xwiki:
enabled: true
namespace: ~
# openDesk Enterprise Components
cassandra:
enabled: false
namespace: ~
elementAdmin:
enabled: false
namespace: ~
elementGroupsync:
enabled: false
namespace: ~
collaboraController:
enabled: false
namespace: ~
...

4
helmfile/environments/default/persistence.yaml.gotmpl
View File

@@ -8,6 +8,10 @@ persistence:
RWO: ""
storages:
cassandra:
data: "1Gi"
commitLogsize: "256Mi"
storageClassName: ~
clamav:
size: "1Gi"
storageClassName: ~

11
helmfile/environments/default/replicas.yaml.gotmpl
View File

@@ -5,6 +5,9 @@
# When adding new components in here, do not forget to add them as well to
# `../test/values.yaml.gotmpl` to ensure their linting coverage.
replicas:
# -- component: Cassandra
# -- scalable: tbd
cassandra: 1
# -- component: Antivirus (ClamAV)
# -- scalable: true
# -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
@@ -25,7 +28,13 @@ replicas:
# -- component: Weboffice (Collabora)
# -- scalable: true
# -- comment: If Collabora Controller is enabled, Collabora is autoscaling and the value below will be ignored.
# Please check `enterpriseFeatures.collabora.autoscaling` for autoscaling settings.
collabora: 1
# -- scalable: true
# -- comment: Load between Collabora Controller Pods is going to one Pod (the leader) only, therefore raise the number
# e.g. to `2` for high availability of the Collabora Controller.
collaboraController: 1
# -- component: Pad (CryptPad)
# -- scalable: false
@@ -190,6 +199,8 @@ replicas:
# -- scalable: tbd
openxchangeNextcloudIntegrationUI: 1
# -- scalable: tbd
openxchangePluginsUI: 1
# -- scalable: tbd
openxchangePublicSectorUI: 1
# -- component: Knowledge management (XWiki)

2
helmfile/environments/default/repositories.yaml.gotmpl
View File

@@ -7,10 +7,12 @@ repositories:
image:
dockerHub: ""
registryOpencodeDe: ""
registryOpencodeDeEnterprise: "registry.opencode.de"
# Fine-granular registry settings, useful when you can't use virtual (Artifactory) or group (Nexus) repositories.
# Higher precedence than `global.imageRegistry`
helm:
registryOpencodeDe: ""
registryOpencodeDeEnterprise: "registry.opencode.de"
# ClamAV registry settings
clamav:
auth: {}

22
helmfile/environments/default/resources.yaml.gotmpl
View File

@@ -1,9 +1,17 @@
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
# Some charts do not support null or ~ values, because they use their default values.
# To not limit the CPU, we set all CPU limits to 99.
resources:
cassandra:
limits:
cpu: 99
memory: "4Gi"
requests:
cpu: 0.1
memory: "1Gi"
clamd:
limits:
cpu: 99
@@ -18,6 +26,13 @@ resources:
requests:
cpu: 0.5
memory: "512Mi"
collaboraController:
limits:
cpu: 99
memory: "128Mi"
requests:
cpu: 0.1
memory: "32Mi"
cryptpad:
limits:
cpu: 99
@@ -365,6 +380,13 @@ resources:
requests:
cpu: 0.01
memory: "32Mi"
openxchangePluginsUI:
limits:
cpu: 99
memory: "256Mi"
requests:
cpu: 0.05
memory: "32Mi"
openxchangePublicSectorUI:
limits:
cpu: 99

17
helmfile/environments/default/secrets.yaml.gotmpl
View File

@@ -5,6 +5,10 @@ SPDX-License-Identifier: Apache-2.0
*/}}
---
secrets:
cassandra:
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
dovecotUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_user" | sha1sum | quote }}
oxAppSuite:
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
@@ -26,6 +30,7 @@ secrets:
keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }}
nextcloud: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_nextcloud" | sha1sum | quote }}
dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_dovecot" | sha1sum | quote }}
element: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_element" | sha1sum | quote }}
ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_ox" | sha1sum | quote }}
openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_openproject" | sha1sum | quote }}
xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_xwiki" | sha1sum | quote }}
@@ -118,10 +123,22 @@ secrets:
intercom:
secret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "secret" | sha1sum | quote }}
synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "as_token" | sha1sum | quote }}
matrixAdminBot:
backupPassphrase: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-admin-bot" "backupPassphrase" | sha1sum | quote }}
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-admin-bot" "password" | sha1sum | quote }}
synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-admin-bot" "as_token" | sha1sum | quote }}
matrixAuditBot:
backupPassphrase: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-auditbot-bot" "backupPassphrase" | sha1sum | quote }}
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-auditbot-bot" "password" | sha1sum | quote }}
synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-audit-bot" "as_token" | sha1sum | quote }}
matrixGroupsync:
synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-groupsync" "as_token" | sha1sum | quote }}
matrixNeoDateFixBot:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-neodatefix-bot" "password" | sha1sum | quote }}
matrixUserVerificationService:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-user-verification-service" "password" | sha1sum | quote }}
synapse:
registrationSharedSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "synapse" "registrationSharedSecret" | sha1sum | quote }}
certificates:
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "certificates" "password" | sha1sum | quote }}
notes:

3
helmfile/environments/default/selinux.yaml.gotmpl
View File

@@ -6,10 +6,12 @@
# break the affected components with these settings.
---
seLinuxOptions:
cassandra: ~
clamavSimple: ~
clamav: ~
clamd: ~
collabora: ~
collaboraController: ~
cryptpad: ~
dkimpy: ~
dovecot: ~
@@ -56,6 +58,7 @@ seLinuxOptions:
openxchangeGuardUI: ~
openxchangeImageConverter: ~
openxchangeNextcloudIntegrationUI: ~
openxchangePluginsUI: ~
openxchangePublicSectorUI: ~
oxConnector: ~
postfix: ~