From 0aa4cfb46f793369a472a736b28eea834a545439 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Thu, 14 Mar 2024 12:14:40 +0100
Subject: [PATCH] fix(helmfile): Fix OpenAPI validations for Kubernetes v1.28

---
 .gitlab-ci.yml                                                | 3 ++-
 helmfile/apps/jitsi/values-jitsi.yaml.gotmpl                  | 4 ----
 .../values-ldap-server.yaml.gotmpl                            | 4 ++++
 .../univention-management-stack/values-umc-server.yaml.gotmpl | 3 +++
 helmfile/environments/default/charts.yaml                     | 4 ++--
 helmfile/environments/default/selinux.yaml                    | 1 +
 6 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9a2b8712..13928225 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,6 +11,7 @@ include:
   - local: "/.gitlab/generate/generate-docs.yml"
   - project: "${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}"
     file: "gitlab/environments.yaml"
+    ref: "main"
   - local: "/.gitlab/lint/lint-opendesk.yml"
     rules:
       - if: "$JOB_OPENDESK_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'"
@@ -18,7 +19,7 @@ include:
       - when: "always"
   - local: "/.gitlab/lint/lint-kyverno.yml"
     rules:
-      - if: "$JOB_KYVERNO_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'"
+      - if: "$JOB_KYVERNO_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|triggers'"
         when: "never"
       - when: "always"
 
diff --git a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
index 2c303d89..22fc9cb9 100644
--- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
+++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
@@ -68,7 +68,6 @@ jitsi:
     securityContext:
       allowPrivilegeEscalation: false
       capabilities: {}
-      enabled: true
       privileged: false
       readOnlyRootFilesystem: false
       runAsGroup: 0
@@ -117,7 +116,6 @@ jitsi:
     securityContext:
       allowPrivilegeEscalation: false
       capabilities: {}
-      enabled: true
       privileged: false
       readOnlyRootFilesystem: false
       runAsGroup: 0
@@ -140,7 +138,6 @@ jitsi:
     securityContext:
       allowPrivilegeEscalation: false
       capabilities: {}
-      enabled: true
       privileged: false
       readOnlyRootFilesystem: false
       runAsGroup: 0
@@ -164,7 +161,6 @@ jitsi:
     securityContext:
       allowPrivilegeEscalation: false
       capabilities: {}
-      enabled: true
       privileged: false
       readOnlyRootFilesystem: false
       runAsGroup: 0
diff --git a/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl
index 08fb9962..30d7f2fa 100644
--- a/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl
@@ -40,6 +40,10 @@ image:
     tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
 
 ldapServer:
+  caCert: "Cg=="
+  certPem: "Cg=="
+  privateKey: "Cg=="
+  dhParam: "Cg=="
   waitForSamlMetadata: true
   ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
   ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
diff --git a/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl
index 67ee1d80..6af71597 100644
--- a/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl
@@ -99,6 +99,9 @@ securityContext:
 
 umcServer:
   certPemFile: "/var/secrets/ssl/tls.crt"
+  caCert: "Cg=="
+  certPem: "Cg=="
+  privateKey: "Cg=="
   # TODO: Secret should be entered without b64enc
   ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
   # TODO: Secret should be entered without b64enc
diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml
index 7e407391..0ba19605 100644
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -22,7 +22,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-clamav"
     name: "opendesk-clamav"
-    version: "4.0.1"
+    version: "4.0.5"
     verify: true
   clamavSimple:
     # providerCategory: 'Platform'
@@ -32,7 +32,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-clamav"
     name: "clamav-simple"
-    version: "4.0.1"
+    version: "4.0.5"
     verify: true
   collabora:
     # providerCategory: 'Supplier'
diff --git a/helmfile/environments/default/selinux.yaml b/helmfile/environments/default/selinux.yaml
index ea6f36c2..78e966a2 100644
--- a/helmfile/environments/default/selinux.yaml
+++ b/helmfile/environments/default/selinux.yaml
@@ -7,6 +7,7 @@
 ---
 seLinuxOptions:
   clamavSimple: ~
+  clamav: ~
   clamd: ~
   collabora: ~
   cryptpad: ~