sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 08:21:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(nubus): Add templating support for Nubus

Browse Source 
Signed-off-by: Axel Lender <lender@b1-systems.de>
This commit is contained in:
Axel Lender
2025-08-21 08:02:54 +02:00
parent cac1e9850d
commit 1fd7cd7d34
5 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/external-secrets.md
View File

@@ -11,6 +11,7 @@ This document covers how to utilise external secrets and special requirements.
* [General](#general) * [General](#general)
* [Components](#components) * [Components](#components)
* [Cassandra](#cassandra) * [Cassandra](#cassandra)
* [Keycloak](#keycloak)
* [MinIO](#minio) * [MinIO](#minio)
* [XWiki](#xwiki) * [XWiki](#xwiki)
<!-- TOC --> <!-- TOC -->
@@ -45,6 +46,17 @@ Cassandra is pre-populated with information regarding Dovecot with a `cql` scrip
This has to be adapted into a secret that also holds a `cql` script and is named in `initDBSecret`. This has to be adapted into a secret that also holds a `cql` script and is named in `initDBSecret`.
## Keycloak
The Keycloak bootstrap chart exepcts a special format for the admin credentials. The following example shows the format with the openDesk default values:
```yaml
stringData:
admin.yaml: |
username: "kcadmin"
password: "{{ .Values.secrets.keycloak.adminPassword }}"
```
## MinIO ## MinIO
Like described in the [upstream `values.yaml`](https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml#L1595) credentials and information about a user in external secrets listed in `usersExistingSecrets` have to be formatted as follows: Like described in the [upstream `values.yaml`](https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml#L1595) credentials and information about a user in external secrets listed in `usersExistingSecrets` have to be formatted as follows:

20
helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
View File

@@ -53,6 +53,10 @@ global:
ics: ics:
session: session:
secret: {{ .Values.secrets.intercom.secret | quote }} secret: {{ .Values.secrets.intercom.secret | quote }}
existingSecret:
name: {{ .Values.externalSecrets.nubus.ics.session.name | quote }}
keyMapping:
secret: {{ .Values.externalSecrets.nubus.ics.session.key | quote }}
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
originRegex: "{{ .Values.global.domain }}" originRegex: "{{ .Values.global.domain }}"
enableSessionCookie: true enableSessionCookie: true
@@ -66,21 +70,37 @@ ics:
oidc: oidc:
id: "opendesk-intercom" id: "opendesk-intercom"
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }} clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
existingSecret:
name: {{ .Values.externalSecrets.keycloak.clientSecret.intercom.name | quote}}
keyMapping:
clientSecret: {{ .Values.externalSecrets.keycloak.clientSecret.intercom.key | quote }}
matrix: matrix:
subdomain: {{ .Values.global.hosts.synapse | quote }} subdomain: {{ .Values.global.hosts.synapse | quote }}
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
auth: auth:
applicationServiceSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }} applicationServiceSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
existingSecret:
name: {{ .Values.externalSecrets.nubus.ics.synapseAsToken.name | quote }}
keyMapping:
password: {{ .Values.externalSecrets.nubus.ics.synapseAsToken.key | quote }}
nordeck: nordeck:
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }} subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
portal: portal:
auth: auth:
sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }} sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
existingSecret:
name: {{ .Values.externalSecrets.centralnavigation.apiKey.name | quote }}
keyMapping:
password: {{ .Values.externalSecrets.centralnavigation.apiKey.key | quote }}
redis: redis:
host: {{ .Values.cache.intercomService.host | quote }} host: {{ .Values.cache.intercomService.host | quote }}
port: {{ .Values.cache.intercomService.port }} port: {{ .Values.cache.intercomService.port }}
auth: auth:
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }} password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
existingSecret:
name: {{ .Values.externalSecrets.redis.existingSecret | quote }}
keyMapping:
password: {{ .Values.externalSecrets.redis.existingSecretPasswordKey | quote }}
openxchange: openxchange:
oci: true oci: true
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"

6
helmfile/apps/nubus/values-nginx-s3-gateway.yaml.gotmpl
View File

@@ -38,8 +38,14 @@ configuration:
credentials: credentials:
accessKey: accessKey:
value: {{ .Values.objectstores.nubus.username | quote }} value: {{ .Values.objectstores.nubus.username | quote }}
existingSecret:
name: {{ .Values.externalSecrets.objectstores.nubus.accessKey.name | quote }}
key: {{ .Values.externalSecrets.objectstores.nubus.accessKey.key | quote }}
secretKey: secretKey:
value: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} value: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
existingSecret:
name: {{ .Values.externalSecrets.objectstores.nubus.secretKey.name | quote }}
key: {{ .Values.externalSecrets.objectstores.nubus.secretKey.key | quote }}
podAnnotations: podAnnotations:
{{ .Values.annotations.nubusNginxS3Gateway.pod | toYaml | nindent 2 }} {{ .Values.annotations.nubusNginxS3Gateway.pod | toYaml | nindent 2 }}

2
helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
View File

@@ -92,6 +92,8 @@ config:
values: values:
username: "kcadmin" username: "kcadmin"
password: {{ .Values.secrets.keycloak.adminPassword | quote }} password: {{ .Values.secrets.keycloak.adminPassword | quote }}
secret:
name: {{ .Values.externalSecrets.keycloak.adminSecret | quote }}
realm: {{ .Values.platform.realm | quote }} realm: {{ .Values.platform.realm | quote }}
intraCluster: intraCluster:
enabled: true enabled: true

23
helmfile/environments/default/external_secrets.yaml.gotmpl
View File

@@ -5,6 +5,10 @@ SPDX-License-Identifier: Apache-2.0
--- ---
externalSecrets: externalSecrets:
cache: cache:
intercom:
password:
name: ~
key: ~
nextcloudUsername: nextcloudUsername:
name: ~ name: ~
key: ~ key: ~
@@ -42,7 +46,12 @@ externalSecrets:
name: ~ name: ~
key: ~ key: ~
keycloak: keycloak:
adminSecret:
name: ~
clientSecret: clientSecret:
intercom:
name: ~
key: ~
xwiki: xwiki:
name: ~ name: ~
key: ~ key: ~
@@ -65,6 +74,13 @@ externalSecrets:
name: ~ name: ~
key: ~ key: ~
nubus: nubus:
ics:
session:
name: ~
key: ~
synapseAsToken:
name: ~
key: ~
ldapSearch: ldapSearch:
nextcloud: nextcloud:
name: ~ name: ~
@@ -79,6 +95,13 @@ externalSecrets:
nextcloudSecretKey: nextcloudSecretKey:
name: ~ name: ~
key: ~ key: ~
nubus:
accessKey:
name: ~
key: ~
secretKey:
name: ~
key: ~
openproject: openproject:
apiAdminPassword: apiAdminPassword:
name: ~ name: ~