diff --git a/README.md b/README.md index ccd3ad9c..b6bdc976 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,8 @@ openDesk currently features the following functional main components: | Knowledge management | XWiki | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) | | Portal & IAM | Nubus | Product Preview[^1] | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html) | | Project management | OpenProject | [14.0.1](https://www.openproject.org/docs/release-notes/14-0-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) | -| Videoconferencing | Jitsi | [2.0.8922](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_8922) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) | -| Weboffice | Collabora | [23.05.9.4.1](https://www.collaboraoffice.com/collabora-online-23-05-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) | +| Videoconferencing | Jitsi | [2.0.9457](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9457) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) | +| Weboffice | Collabora | [23.05.10.1.1](https://www.collaboraoffice.com/collabora-online-23-05-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) | While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to align the applications with best practises regarding container design and operations. diff --git a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl index ba8574e4..da70548a 100644 --- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl @@ -1053,38 +1053,44 @@ keycloak-bootstrap: deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} - config: - keycloak: - adminUser: "kcadmin" - adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} + keycloak: + connection: + baseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" + auth: + username: "kcadmin" + password: {{ .Values.secrets.keycloak.adminPassword | quote }} realm: {{ .Values.platform.realm | quote }} - intraCluster: - enabled: true - internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" - loginLinks: - - link_number: 1 - language: "de" - description: "Passwort vergessen?" - href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" - - link_number: 1 - language: "en" - description: "Forgot password?" - href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" - ums: - ldap: - internalHostname: {{ .Values.ldap.host | quote }} - baseDN: {{ .Values.ldap.baseDn | quote }} - readUserDN: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal" - readUserPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }} - mappers: - - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin" - - ldapAndUserModelAttributeName: "oxContextIDNum" - saml: - serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ldap: + baseDn: {{ .Values.ldap.baseDn | quote }} + connection: + host: {{ .Values.ldap.host | quote }} + port: "389" + protocol: "ldap" + auth: + bindDn: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal" + password: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }} + + bootstrap: + ldapMappers: + - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin" + - ldapAndUserModelAttributeName: "oxContextIDNum" + loginLinks: + - link_number: 1 + language: "de" + description: "Passwort vergessen?" + href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" + - link_number: 1 + language: "en" + description: "Forgot password?" + href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" twoFactorAuthentication: enabled: true group: "2fa-users" + config: + saml: + serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + containerSecurityContext: enabled: true allowPrivilegeEscalation: false @@ -1115,11 +1121,13 @@ keycloak-bootstrap: keycloak-extensions: enabled: true keycloak: - host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" - adminUsername: "kcadmin" - adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} - adminRealm: "master" - realm: {{ .Values.platform.realm | quote }} + connection: + host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}" + auth: + username: "kcadmin" + password: {{ .Values.secrets.keycloak.adminPassword | quote }} + masterRealm: "master" + realm: {{ .Values.platform.realm | quote }} postgresql: connection: host: {{ .Values.databases.keycloakExtension.host | quote }} @@ -1128,6 +1136,13 @@ keycloak-extensions: database: {{ .Values.databases.keycloakExtension.name | quote }} username: {{ .Values.databases.keycloakExtension.username | quote }} password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} + smtp: + connection: + host: {{ .Values.smtp.host | quote }} + port: {{ .Values.smtp.port | quote }} + auth: + username: {{ .Values.smtp.username | quote }} + password: {{ .Values.smtp.password | quote }} handler: replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }} podAnnotations: @@ -1145,10 +1160,6 @@ keycloak-extensions: ipProtectionEnable: true logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }} newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account" - smtpPassword: {{ .Values.smtp.password | quote }} - smtpHost: {{ .Values.smtp.host | quote }} - smtpPort: {{ .Values.smtp.port | quote }} - smtpUsername: {{ .Values.smtp.username | quote }} mailFrom: "noreply@{{ .Values.global.domain }}" securityContext: allowPrivilegeEscalation: false diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index c1b399b1..b9e1a4dd 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -378,7 +378,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "ums" - version: "0.12.0" + version: "0.13.0" verify: true umsKeycloakBootstrap: # providerCategory: "Supplier" diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 67724645..eb371652 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -542,13 +542,13 @@ images: umsKeycloakBootstrap: # providerCategory: "Supplier" # providerResponsible: "Univention" - # upstreamRegistry: "https://registry.souvap-univention.de" - # upstreamRepository: "souvap/tooling/images/univention-keycloak-bootstrap" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/keycloak-bootstrap" # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["1", "0", "5"] + # upstreamMirrorStartFrom: ["0", "1", "0"] registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/univention-keycloak-bootstrap" - tag: "1.0.8@sha256:fef48cb1b2552977e8a4253516249b59ef6c42189dd13cd6d98269b8988b362a" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap" + tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2" umsKeycloakExtensionHandler: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -558,7 +558,7 @@ images: # upstreamMirrorStartFrom: ["0", "0", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler" - tag: "0.3.1@sha256:98871e8d5acfe6bfa6ea7d140197ae41585cfb06c71514ffcf6e98df8315b9ee" + tag: "0.4.0@sha256:7c2728d6fce0fa6e6cc2a3c196294fcb4fcce0dd246b95ad96bd96325776a004" umsKeycloakExtensionProxy: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -568,7 +568,7 @@ images: # upstreamMirrorStartFrom: ["0", "0", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy" - tag: "0.3.1@sha256:e6c2130310798e286cea84bf5226709021c12663fb9e8ca30f29515151741fa5" + tag: "0.4.0@sha256:d7369d8b9cb177fc19b08452266bf7440b683fd0a15c01baeb5c131db20081bf" umsLdapNotifier: # providerCategory: "Supplier" # providerResponsible: "Univention"