diff --git a/README.md b/README.md index 66d9572f..1e6736b8 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ openDesk currently features the following functional main components: | File management | Nextcloud | AGPL-3.0-or-later | [31.0.7](https://nextcloud.com/de/changelog/#31-0-7) | [Nextcloud 31](https://docs.nextcloud.com/) | | Groupware | OX App Suite | GPL-2.0-only (backend), AGPL-3.0-or-later (frontend) | [8.41](https://documentation.open-xchange.com/appsuite/releases/8.41/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) | | Knowledge management | XWiki | LGPL-2.1-or-later | [17.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/17.4.4/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) | -| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.14.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.14.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) | +| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.15.2](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.15.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) | | Project management | OpenProject | GPL-3.0-only | [16.6.0](https://www.openproject.org/docs/release-notes/16-6-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) | | Videoconferencing | Jitsi | Apache-2.0 | [2.0.10431](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_10431) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) | | Weboffice | Collabora | MPL-2.0 | [25.04.6](https://www.collaboraoffice.com/code-25-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) | diff --git a/docs/migrations.md b/docs/migrations.md index 4f9494c9..7e617b79 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -14,6 +14,9 @@ SPDX-License-Identifier: Apache-2.0 * [Pre-upgrade to versions ≥ v1.9.0](#pre-upgrade-to-versions--v190) * [Helmfile fix: Cassandra passwords read from `databases.*`](#helmfile-fix-cassandra-passwords-read-from-databases) * [Helmfile new feature: `functional.groupware.externalClients.*`](#helmfile-new-feature-functionalgroupwareexternalclients) + * [Versions ≥ v1.10.0](#versions--v1100) + * [Pre-upgrade to versions ≥ v1.10.0](#pre-upgrade-to-versions--v1100) + * [New Helmfile default: Nubus provisioning debug container no longer deployed](#new-helmfile-default-nubus-provisioning-debug-container-no-longer-deployed) * [Versions ≥ v1.8.0](#versions--v180) * [Pre-upgrade to versions ≥ v1.8.0](#pre-upgrade-to-versions--v180) * [New application default: Default group for two-factor authentication is now "2FA Users"](#new-application-default-default-group-for-two-factor-authentication-is-now-2fa-users) @@ -143,19 +146,20 @@ matching that constraint, though our links always point to the newest patch rele > 1. Upgrade to v1.7.1 → post steps for v1.6.0 to v1.7.1 -| Version | Mandatory | Pre-Upgrade | Post-Upgrade | Minimum Required Previous Version | -|-----------------------------------------------------------------------------------------|-----------|-----------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|----------------------------------------------| -| [v1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.9.0) | -- | [Pre](#pre-upgrade-to-versions--v190) | -- | ⬇ Install ≥ v1.5.0 first | -| [v1.8.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.8.0) | -- | [Pre](#pre-upgrade-to-versions--v180) | -- | ⬇ Install ≥ v1.5.0 first | -| [v1.7.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.7.1) | -- | [Pre](#pre-upgrade-to-versions--v170) | [Post](#post-upgrade-to-versions--v170) | ⬇ Install ≥ v1.5.0 first | -| [v1.6.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.6.0) | -- | [Pre](#pre-upgrade-to-versions--v160) | [Post](#post-upgrade-to-versions--v160) | [⚠ Install v1.5.0 first](#versions--v160-automated) | -| [v1.5.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.5.0) | **yes** | -- | -- | ⬇ Install ≥ v1.1.x first | -| [v1.4.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.4.1) | -- | [Pre](#pre-upgrade-to-versions--v140) | -- | ⬇ Install ≥ v1.1.x first | -| [v1.3.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.3.2) | -- | [Pre](#pre-upgrade-to-versions--v130) | -- | ⬇ Install ≥ v1.1.x first | -| [v1.2.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.2.1) | -- | [Pre](#pre-upgrade-to-versions--v120) | -- | [⚠ Install v1.1.x first](#versions--v120-automated) | -| [v1.1.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.1.2) | **yes** | [Pre .0](#pre-upgrade-to-versions--v110) → [Pre .1](#pre-upgrade-to-versions--v111) → [Pre .2](#pre-upgrade-to-versions--v112) | [Post](#post-upgrade-to-versions--v110) | [⚠ Install v1.0.0 first](#versions--v110-automated) | -| [v1.0.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.0.0) | **yes** | [Pre](#pre-upgrade-to-versions--v100) | [Post](#post-upgrade-to-versions--v100) | [⚠ Install v0.9.0 first](#versions--v100-automated) | -| [v0.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v0.9.0) | **yes** | -- | -- | -- | +| Version | Mandatory | Pre-Upgrade | Post-Upgrade | Minimum Required Previous Version | +| ---------------------------------------------------------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------- | ---------------------------------------------------- | +| [v1.10.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.9.0) | -- | [Pre](#pre-upgrade-to-versions--v1100) | -- | ⬇ Install ≥ v1.5.0 first | +| [v1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.9.0) | -- | [Pre](#pre-upgrade-to-versions--v190) | -- | ⬇ Install ≥ v1.5.0 first | +| [v1.8.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.8.0) | -- | [Pre](#pre-upgrade-to-versions--v180) | -- | ⬇ Install ≥ v1.5.0 first | +| [v1.7.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.7.1) | -- | [Pre](#pre-upgrade-to-versions--v170) | [Post](#post-upgrade-to-versions--v170) | ⬇ Install ≥ v1.5.0 first | +| [v1.6.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.6.0) | -- | [Pre](#pre-upgrade-to-versions--v160) | [Post](#post-upgrade-to-versions--v160) | [⚠ Install v1.5.0 first](#versions--v160-automated) | +| [v1.5.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.5.0) | **yes** | -- | -- | ⬇ Install ≥ v1.1.x first | +| [v1.4.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.4.1) | -- | [Pre](#pre-upgrade-to-versions--v140) | -- | ⬇ Install ≥ v1.1.x first | +| [v1.3.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.3.2) | -- | [Pre](#pre-upgrade-to-versions--v130) | -- | ⬇ Install ≥ v1.1.x first | +| [v1.2.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.2.1) | -- | [Pre](#pre-upgrade-to-versions--v120) | -- | [⚠ Install v1.1.x first](#versions--v120-automated) | +| [v1.1.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.1.2) | **yes** | [Pre .0](#pre-upgrade-to-versions--v110) → [Pre .1](#pre-upgrade-to-versions--v111) → [Pre .2](#pre-upgrade-to-versions--v112) | [Post](#post-upgrade-to-versions--v110) | [⚠ Install v1.0.0 first](#versions--v110-automated) | +| [v1.0.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.0.0) | **yes** | [Pre](#pre-upgrade-to-versions--v100) | [Post](#post-upgrade-to-versions--v100) | [⚠ Install v0.9.0 first](#versions--v100-automated) | +| [v0.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v0.9.0) | **yes** | -- | -- | -- | > [!warning] > Be sure to check out the table in the release version you are going to install, and not the currently installed version. @@ -211,6 +215,25 @@ Additionally, it is now possible to explicitly define the hostnames shown in the If these values are not explicitly set, openDesk will use `.Values.global.domain` as in previous releases. +## Versions ≥ v1.10.0 + +### Pre-upgrade to versions ≥ v1.10.0 + +### New Helmfile default: Nubus provisioning debug container no longer deployed + +**Target group:** All deployments that make use of the debugging container for Nubus' provisioning stack called "nats-box", + +The [nats-box](https://github.com/nats-io/nats-box), a handy tool when it comes to debugging the Nubus provisioning stack, is no longer enabled in openDesk by default. + +To re-enable the nats-box for your deployment you have to set: +``` +technical.nubus.provisioning.nats.natsBox.enabled: true +``` + +> [!note] +> The nats-box also gets enabled when setting `debug.enabled: true`, but that should only be used in non-production scenarios and enabled debug +> accross the whole deployment. + ## Versions ≥ v1.8.0 ### Pre-upgrade to versions ≥ v1.8.0 diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index f6f81890..fcbd6dfc 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -183,20 +183,12 @@ keycloak: registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }} repository: {{ .Values.images.nubusKeycloak.repository }} tag: {{ .Values.images.nubusKeycloak.tag }} - # NOTE: The subchart "keycloak" does not yet support - # "global.imagePullPolicy". The local configuration can be removed once it - # does have this feature. - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} ingress: enabled: false keycloak: auth: username: "kcadmin" - # TODO: Pending secrets refactoring to be able to provide the value directly - existingSecret: - name: "ums-opendesk-keycloak-credentials" - keyMapping: - adminPassword: "admin_password" + password: {{ .Values.secrets.keycloak.adminPassword | quote }} login: messages: de: @@ -448,12 +440,6 @@ nubusKeycloakExtensions: keycloak: auth: username: "kcadmin" - # TODO: Pending secrets refactoring in component chart. This will refer to - # the secret generated by the keycloak subchart. - existingSecret: - name: "ums-opendesk-keycloak-credentials" - keyMapping: - adminPassword: "admin_password" proxy: additionalAnnotations: {{ .Values.annotations.nubusKeycloakExtensions.proxyAdditional | toYaml | nindent 6 }} @@ -461,13 +447,6 @@ nubusKeycloakExtensions: registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }} repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }} tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }} - # NOTE: The subchart "keycloak-extensions" does not yet support - # "global.imagePullPolicy". - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - # NOTE: Remove once the keycloak-extensions subchart respects - # "global.imagePullSecrets". - imagePullSecrets: - {{ .Values.global.imagePullSecrets | toYaml | nindent 6 }} ingress: annotations: nginx.org/proxy-buffer-size: "8k" @@ -563,13 +542,6 @@ nubusKeycloakExtensions: registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }} repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }} tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }} - # NOTE: The subchart "keycloak-extensions" does not yet support - # "global.imagePullPolicy". - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - # NOTE: Remove once the keycloak-extensions subchart respects - # "global.imagePullSecrets". - imagePullSecrets: - {{ .Values.global.imagePullSecrets | toYaml | nindent 6 }} podAnnotations: intents.otterize.com/service-name: "ums-keycloak-extensions-handler" {{- with .Values.annotations.nubusKeycloakExtensions.handlerPod }} @@ -622,7 +594,7 @@ nubusPortalConsumer: replicaCount: {{ .Values.replicas.umsPortalConsumer }} resources: {{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }} - resourcesWaitForDependency: + initResources: {{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }} containerSecurityContext: seccompProfile: @@ -1021,11 +993,13 @@ nubusProvisioning: {{- with .Values.annotations.nubusProvisioning.natsAdditional }} {{ . | toYaml | nindent 6 }} {{- end }} - auth: - adminPassword: {{ .Values.secrets.nats.natsAdminPassword | quote }} config: cluster: replicas: {{ .Values.replicas.umsProvisioningNats }} + createUsers: + adminUser: + auth: + password: {{ .Values.secrets.nats.natsAdminPassword | quote }} containerSecurityContext: allowPrivilegeEscalation: false capabilities: @@ -1045,19 +1019,12 @@ nubusProvisioning: registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNats.registry | quote }} repository: {{ .Values.images.nubusNats.repository }} tag: {{ .Values.images.nubusNats.tag }} - # NOTE: The subchart does not yet fully support - # "global.imagePullPolicy". This can be removed once the subchart has - # been adjusted. - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} natsBox: + enabled: {{ or .Values.technical.nubus.provisioning.nats.natsBox.enabled .Values.debug.enabled }} image: registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsBox.registry | quote }} repository: {{ .Values.images.nubusNatsBox.repository }} tag: {{ .Values.images.nubusNatsBox.tag }} - # NOTE: The subchart does not yet fully support - # "global.imagePullPolicy". This can be removed once the subchart has - # been adjusted. - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} persistence: size: {{ .Values.persistence.storages.nubusProvisioningNats.size }} # storageClassName: -- coalesce .Values.persistence.storages.nubusProvisioningNats.storageClassName .Values.persistence.storageClassNames.RWO | quote -- @@ -1219,6 +1186,8 @@ nubusSelfServiceConsumer: registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfServiceConsumer.registry | quote }} repository: {{ .Values.images.nubusSelfServiceConsumer.repository }} tag: {{ .Values.images.nubusSelfServiceConsumer.tag }} + initResources: + {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }} podAnnotations: intents.otterize.com/service-name: "ums-selfservice-listener" {{- with .Values.annotations.nubusSelfserviceConsumer.pod }} @@ -1229,8 +1198,6 @@ nubusSelfServiceConsumer: password: {{ .Values.secrets.nubus.selfserviceConsumer.provisioningApiPassword | quote}} resources: {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }} - resourcesWaitForDependency: - {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }} replicaCount: {{ .Values.replicas.umsSelfserviceConsumer }} serviceAccount: annotations: @@ -1291,6 +1258,7 @@ nubusStackDataUms: host: {{ .Values.cache.umsSelfservice.host | quote }} postgresql: auth: + database: {{ .Values.databases.umsSelfservice.name | quote }} username: {{ .Values.databases.umsSelfservice.username | quote }} connection: host: {{ .Values.databases.umsSelfservice.host | quote }} @@ -1485,7 +1453,9 @@ nubusUmcServer: bundled: false server: {{ .Values.cache.umsSelfservice.host | quote }} auth: - password: "" + # The memcached connection is not authenticated in openDesk but the umc-server pod needs a secret it can mount. + password: "stub-value" + existingSecret: null podAnnotations: intents.otterize.com/service-name: "ums-umc-server" {{- with .Values.annotations.nubusUmcServer.pod }} @@ -1631,15 +1601,9 @@ nubusKeycloakBootstrap: registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }} repository: {{ .Values.images.nubusKeycloakBootstrap.repository }} tag: {{ .Values.images.nubusKeycloakBootstrap.tag }} - # NOTE: The subchart does not yet fully support - # "global.imagePullPolicy". This can be removed once the subchart has - # been adjusted. - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} keycloak: auth: username: "kcadmin" - existingSecret: - name: "ums-opendesk-keycloak-credentials" ldap: auth: bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }} @@ -1674,9 +1638,6 @@ extraSecrets: - name: "ums-opendesk-guardian-client-secret" stringData: managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} - - name: "ums-opendesk-keycloak-credentials" - stringData: - admin_password: {{ .Values.secrets.keycloak.adminPassword | quote }} - name: "ums-keycloak-postgresql-opendesk-credentials" stringData: keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }} diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 78b3c29e..1253dd8f 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -321,7 +321,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "nubus" - version: "1.14.0" + version: "1.15.2" verify: true opendeskAlerts: # providerCategory: "Platform" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index ccaaf401..231626c6 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -380,7 +380,7 @@ images: # upstreamMirrorStartFrom: ["0", "34", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/blocklist-cleanup" - tag: "0.40.0@sha256:1b4d388196b144327bc55376225675b1df8d23fdaffc85bb9e350c3c94fa0eb5" + tag: "0.41.4@sha256:6313e41aaebb6904ca461896ac9633eb05b33bf30b87d83d81852935e8cf0302" nubusDataLoader: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -390,7 +390,7 @@ images: # upstreamMirrorStartFrom: ["0", "41", "5"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader" - tag: "0.99.0@sha256:52ef05c1e682e6c706f70632206be1b427a1a346a32ae3bff1566386f75e68af" + tag: "0.99.20@sha256:37af6f2a8ed7b5156e01f126c83797c70485353673d92b60d904af97bd309b0c" nubusGuardianAuthorizationApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -400,7 +400,7 @@ images: # upstreamMirrorStartFrom: ["1", "0", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-authorization-api" - tag: "2.0.0@sha256:5f194f9385aea5a279e25a57352f7b88a6cc4fa90b3bf04c2c97b9ff2bad70a5" + tag: "3.0.0@sha256:d2849b25ddd0322e1bef6c1e7b16f59fb63f35b0924f99f200bc22de834d9a2d" nubusGuardianManagementApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -410,7 +410,7 @@ images: # upstreamMirrorStartFrom: ["1", "0", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-api-management-api" - tag: "2.0.0@sha256:61a1ab84efebe2a87d358e8624f8b39073a6071683e7cd77b740a97d464753a2" + tag: "3.0.0@sha256:f3c9af13d50632a7e2232f675408b5559fb9ca314b7babf367cf4db80b62ebea" nubusGuardianManagementUi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -420,7 +420,7 @@ images: # upstreamMirrorStartFrom: ["1", "0", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-ui-management-ui" - tag: "2.0.0@sha256:57e2503a4772f0ff656e792a98fadef4d41c248218e6c368f76ce82a892478cf" + tag: "3.0.0@sha256:b90d496a323353c71e29938a6b1980655fb3aefe53bab455da865e3202b7f0f8" nubusGuardianProvisioning: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -440,7 +440,7 @@ images: # upstreamMirrorStartFrom: ["0", "0", "1"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak" - tag: "0.2.5@sha256:499006904d262bdd334b54583c359c7e34b521697d5fda32ea977d856bfa93d2" + tag: "0.4.1@sha256:482f3108ce775bb028cefa763a21d7af71b3d55e2e1800724ab9cabcd60ba2c6" nubusKeycloakBootstrap: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -450,7 +450,7 @@ images: # upstreamMirrorStartFrom: ["0", "1", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap" - tag: "0.17.5@sha256:08e2aa0bc0eb7b4bb80498e71ae21ee3de74eb985b46e7c3dd1502e96312d080" + tag: "0.19.10@sha256:29dbac967a71c11f2f2920a1a4c109b473fe5edf542a2f5b9dc843a4c0c29fe6" nubusKeycloakExtensionHandler: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -460,7 +460,7 @@ images: # upstreamMirrorStartFrom: ["0", "0", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler" - tag: "0.20.0@sha256:227c7cba4eee15c626abbc77ca06b8b61a9dece04c986a9fa2e97b13d0458fe0" + tag: "0.23.2@sha256:2a67c9ace51a610397776c17f3542231c9fbce411cfa56d9346b47f66478e416" nubusKeycloakExtensionProxy: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -470,7 +470,7 @@ images: # upstreamMirrorStartFrom: ["0", "0", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy" - tag: "0.20.0@sha256:bd075d33c16926ab4c123ac3a8673209664647f35324dfdebd95c6662ee05b2c" + tag: "0.23.2@sha256:03a05abd9b759ddf2fa537d61e09a54f1a772121f391e136000eeed44a254189" nubusLdapNotifier: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -480,7 +480,7 @@ images: # upstreamMirrorStartFrom: ["0", "8", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier" - tag: "0.47.0@sha256:1d00e0bb1575defce42c84eb5139b5b4f7d0942111b339044c2bdf58ed0b025e" + tag: "0.47.5@sha256:cc8edd9dfa3cf552396bc1ada9a8a18e2db33b53ab1705bfc392c4a423cfeb96" nubusLdapServer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -490,7 +490,7 @@ images: # upstreamMirrorStartFrom: ["0", "8", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server" - tag: "0.47.0@sha256:3be012680b2da2db4ac468ae948d8514622a245b4e3e00385bbf778e836720b1" + tag: "0.47.5@sha256:1a81ef8431aa6a7b021032ce57e5907e27c69dc6603b455793911a7d581889e8" nubusLdapServerDhInitContainer: # providerCategory: 'Community' # providerResponsible: 'Univention' @@ -498,7 +498,7 @@ images: # upstreamRepository: 'natsio/nats-box' registry: "registry-1.docker.io" repository: "natsio/nats-box" - tag: "0.16.0-nonroot@sha256:f486ca86dfc9b72a2310ea720994a94ce55e447ad01daccd2fb33d61f322dc51" + tag: "0.18.1-nonroot@sha256:ec2f58b953916b4804d6636bf6a625bab7894d1b71319bc7865b3e70ab5e3f6f" nubusLdapServerLeaderElector: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -508,7 +508,7 @@ images: # upstreamMirrorStartFrom: ["0", "29", "1"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector" - tag: "0.47.0@sha256:9b6754e7213f1fa13a12cb593bfe718643f6945ad111bbe1d5f71d7ce5729225" + tag: "0.47.5@sha256:abf2e9af9c8d22dde23144cb6344b5e9b0e39d778d28e70d97b0f1b82dd28a5d" nubusLdapUpdateUniventionObjectIdentifier: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -518,7 +518,7 @@ images: # upstreamMirrorStartFrom: ["0", "34", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-update-univention-object-identifier" - tag: "0.40.0@sha256:1ad952c039140ef1985712201f7bae7cbe9eba66086e0d3f475759e1c181b843" + tag: "0.41.4@sha256:c27e4d4cf5a15607c249c8d917e57f698d4d5388967c1ff6151185957eacb779" nubusNats: # providerCategory: 'Community' # providerResponsible: 'Univention' @@ -526,7 +526,7 @@ images: # upstreamRepository: 'library/nats' registry: "registry-1.docker.io" repository: "library/nats" - tag: "2.10.26@sha256:736d575e60135ce1d50fc206675d48d0e57dcaa0704f696f0cb4b5f6dadd49d7" + tag: "2.11.9@sha256:4e97bea2e69ffe4449cdc9b4c7fa707984aa9a4c090bf2faf5441cb6c97c99a4" nubusNatsBox: # providerCategory: 'Community' # providerResponsible: 'Univention' @@ -534,7 +534,7 @@ images: # upstreamRepository: 'natsio/nats-box' registry: "registry-1.docker.io" repository: "natsio/nats-box" - tag: "0.16.0-nonroot@sha256:f486ca86dfc9b72a2310ea720994a94ce55e447ad01daccd2fb33d61f322dc51" + tag: "0.18.1-nonroot@sha256:ec2f58b953916b4804d6636bf6a625bab7894d1b71319bc7865b3e70ab5e3f6f" nubusNatsReloader: # providerCategory: 'Community' # providerResponsible: 'Univention' @@ -542,7 +542,7 @@ images: # upstreamRepository: 'natsio/nats-server-config-reloader' registry: "registry-1.docker.io" repository: "natsio/nats-server-config-reloader" - tag: "0.17.1@sha256:f364bb8330d3430666ca09f17c6a43bfaefde32f0f3e79d4a41c588c29936e99" + tag: "0.18.3@sha256:41271dc1b9e1027867ee0e63aa2866c89ca8272a4f88991f6ebec34eb12dee3b" nubusNotificationsApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -552,7 +552,7 @@ images: # upstreamMirrorStartFrom: ["0", "9", "4"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api" - tag: "0.80.2@sha256:94b18841018cb7353a95a9c4ef2d5460f82a9ceb0bba97275b8064806e3e8a1c" + tag: "0.86.0@sha256:522c4d0a42d2c0b37219f5af4fba7fceb60d070719970ef2754a00ca916f67be" nubusOpendeskExtension: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -578,7 +578,7 @@ images: # upstreamMirrorStartFrom: ["1", "0", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-opa" - tag: "2.0.0@sha256:56a92a08da5addb951a2b2df09974889295ddde8526e93ad40dd973de1052ad4" + tag: "3.0.0@sha256:85539fb7854fac6ba1b874d639188ee0a33743dc16dad0113c54763f2984fc9d" nubusOxExtension: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -598,7 +598,7 @@ images: # upstreamMirrorStartFrom: ["0", "27", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer" - tag: "0.80.2@sha256:c719ada025e0ad629516017ed26803c15cee50572f45896b41a6b066b1fe593e" + tag: "0.86.0@sha256:80ed7c8300365a3dc4c504d4f0f4f8f1c3f9cfc883508a8ea794d63629a9b086" nubusPortalExtension: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -608,7 +608,7 @@ images: # upstreamMirrorStartFrom: ["0", "28", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension" - tag: "0.80.2@sha256:cde5547ef1c2d5da55fb41bdae7248ba8514ab4f200822709ca9a99f483a1cc8" + tag: "0.86.0@sha256:1799413fe8cbc6d9cb97656be95a99786a382a3558a7720b7fe62a38c84bdd22" nubusPortalFrontend: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -618,7 +618,7 @@ images: # upstreamMirrorStartFrom: ["0", "67", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend" - tag: "0.80.2@sha256:8b40acc66459058dc0cade33793aba2737cdc20ef75968ca2b21d9aa569c9ecc" + tag: "0.86.0@sha256:d4e34b42662dbd433dd5d647c6fcfa8f2a0d71fe65c0c6efeebe80d4f13b226d" nubusPortalServer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -628,7 +628,7 @@ images: # upstreamMirrorStartFrom: ["0", "9", "4"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server" - tag: "0.80.2@sha256:9a8f6950e7bf1086075d1c36ea0ad914a61e1198883e8d4926d688c88b8e67cc" + tag: "0.86.0@sha256:33a3a7d44fa084d74449dc8f7d5f5d2551b02abee16fe4ec6d4972e134c56906" nubusProvisioningDispatcher: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -638,7 +638,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" - tag: "0.60.10@sha256:6307e9e1ddad0e6f3285ca11b758902f8c377a5d3de6a59b3437accb8475848f" + tag: "0.63.0@sha256:3773333a12b786db6cea5fc0ecd5e74ba3f276ca084cd1ae8b6665bda86b72c1" nubusProvisioningEventsAndConsumerApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -648,7 +648,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" - tag: "0.60.10@sha256:9d5f4e4a2668605349fa6cd6973c7a6acbc2ef95a37e72834c6525ac9e464740" + tag: "0.63.0@sha256:c1687ff385d5bd30e0590472f02de85a3f182b75dc4edd5cf9d063e1db488b4d" nubusProvisioningPrefill: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -658,7 +658,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" - tag: "0.60.10@sha256:8ea46658e66fb5be81968dcf00397b741f61d4fd84c8210b9761412e67109cd0" + tag: "0.63.0@sha256:b93400fecc19bba79ae0f0498b07d18bf9ffb0fc03b9ed25a18f3b6d3be9cc9d" nubusProvisioningUdmListener: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -668,7 +668,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" - tag: "0.60.10@sha256:fb0d96fa7b382b7d8eec9e262711e1291a0991ade185b39ee604400d4bd5fa9b" + tag: "0.63.0@sha256:6dcb696920137973b24f90bb8f6045c2dffd8bc201b0cc62aed43e1a01e5aa0e" nubusProvisioningUdmTransformer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -678,7 +678,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer" - tag: "0.60.10@sha256:62b98f3e2c19de298878f5679577bfcbddacec742015d6f20b998a549318e810" + tag: "0.63.0@sha256:da5486cf5d6a30e7d95270db8a6735c82813805e7bce882ff51a2f47faad086f" nubusSelfServiceConsumer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -688,7 +688,7 @@ images: # upstreamMirrorStartFrom: ["0", "3", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation" - tag: "0.19.4@sha256:ca9865114fd35fcc1dbe1a5660a3b69d04a8f568cf15286069342e45f0c7ea91" + tag: "0.19.31@sha256:b6d1a145e8a3f43b54be1d7d737da1527347e93c9894943c17469cd153f77ccf" nubusUdmRestApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -698,7 +698,7 @@ images: # upstreamMirrorStartFrom: ["0", "9", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api" - tag: "0.40.0@sha256:7d39c0defda20fc58da19389216d9a80f479a731dca682d834dd8bd00b80e20f" + tag: "0.41.4@sha256:d3476100f4174d991faa43ce20630175a1fc33011258887dd52bafad1e779189" nubusUmcGateway: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -708,7 +708,7 @@ images: # upstreamMirrorStartFrom: ["0", "7", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway" - tag: "0.51.2@sha256:c76860852133b9bbc91eb6d81a6592a5f451be9234376933ddb4d827e0f08515" + tag: "0.53.5@sha256:7044228155c8fcb939684855d5b405dd1b066d91c8a5df75676518d88e140ab3" nubusUmcServer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -718,7 +718,7 @@ images: # upstreamMirrorStartFrom: ["0", "7", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server" - tag: "0.51.3@sha256:00f8cc2e7ee98d3988b1db924ca67783e9a645204ae2c388c7afadc50f22bb12" + tag: "0.53.5@sha256:1ec839c07492b2f1d6897643b71c284aa2d507cd05f1a0f1696dfdff1885eb20" nubusUmcServerProxy: # providerCategory: "Supplier" # providerResponsible: "Univention" diff --git a/helmfile/environments/default/persistence.yaml.gotmpl b/helmfile/environments/default/persistence.yaml.gotmpl index 4cf3fb2f..8ca43cb1 100644 --- a/helmfile/environments/default/persistence.yaml.gotmpl +++ b/helmfile/environments/default/persistence.yaml.gotmpl @@ -34,6 +34,7 @@ persistence: size: "1Gi" storageClassName: ~ nubusProvisioningNats: + # For production and load test environments "10Gi" is recommended. size: "1Gi" storageClassName: ~ # This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string diff --git a/helmfile/environments/default/technical.yaml.gotmpl b/helmfile/environments/default/technical.yaml.gotmpl index 832ef73f..0c200e7d 100644 --- a/helmfile/environments/default/technical.yaml.gotmpl +++ b/helmfile/environments/default/technical.yaml.gotmpl @@ -2,10 +2,27 @@ # SPDX-License-Identifier: Apache-2.0 --- technical: + # Collabora related technical settings collabora: # Defines the value for the start parameter `-o:num_prespawn_children` numPrespawnChildren: 4 + + # Nubus related settings + nubus: + # Nubus provisioning framework that is being used to actively provision data internally within + # Nubus e.g. for the portal or self service as well as externally, e.g. to OX App Suite. + provisioning: + # NATS including NATS JetStream is the queueing used by Nubus' provisioning. + # Ref.: https://nats.io/about/ + nats: + # The NATS Box is a container for debugging NATS messages using a CLI tool. + # Ref.: https://github.com/nats-io/nats-box + natsBox: + # Enable the NATS Box container for the deployment. Will also be enabled in case of + # `.Values.debug.enabled: true` + enabled: false + # Groupware related technical settings oxAppSuite: provisioning: