mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
fix(helmfile): Streamline prefixes for customizable defaults. UPGRADES: See ./docs/migrations.md for more details.
This commit is contained in:
Thorsten Roßner
@@ -37,10 +37,11 @@ If not used it is also set to `opendesk.domain.tld`.
|
||||
The following setting can disable federation:
|
||||
|
||||
```yaml
|
||||
externalServices:
|
||||
matrix:
|
||||
federation:
|
||||
enabled: false
|
||||
functional:
|
||||
externalServices:
|
||||
matrix:
|
||||
federation:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
## Separate Matrix domain
|
||||
|
||||
@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
* [Disclaimer](#disclaimer)
|
||||
* [From v0.8.1](#from-v081)
|
||||
* [Updated customizable template attributes](#updated-customizable-template-attributes)
|
||||
* [`migrations` S3 bucket](#migrations-s3-bucket)
|
||||
|
||||
# Disclaimer
|
||||
@@ -17,7 +18,16 @@ Though we try to ease the pain when it comes to 0.x upgrades. That is what this
|
||||
|
||||
# From v0.8.1
|
||||
|
||||
## Updated customizable template attributes
|
||||
|
||||
- Action: Please ensure you update you custom deployment values according with the updated default value structure.
|
||||
- References:
|
||||
- `functional.` prefix for `authentication.*`, `externalServices.*`, `admin.*` and `filestore.*`, see [functional.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/functional.yaml).
|
||||
- `debug.` prefix for `cleanup.*`, see [debug.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/debug.yaml).
|
||||
- `monitoring.` prefix for `prometheus.*` and `graphana.*`, see [monitoring.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/monitoring.yaml).
|
||||
- `smtp.` prefix for `localpartNoReply`, see [smtp.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/smtp.yaml).
|
||||
|
||||
## `migrations` S3 bucket
|
||||
|
||||
- Commit: [1e834fee](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/commit/1e834fee9db6bdb948f31c994d5ab309e6f86947)
|
||||
- Action: Please ensure you add a bucket `migrations` to your S3.
|
||||
- Action: For self managed/external S3/object storages, please ensure you add a bucket `migrations` to your S3.
|
||||
- Reference: `objectstores.migrations` in [objectstores.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/objectstores.yaml)
|
||||
|
||||
@@ -17,11 +17,11 @@ fullnameOverride: "collabora"
|
||||
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: {{ .Values.grafana.dashboards.enabled }}
|
||||
enabled: {{ .Values.monitoring.grafana.dashboards.enabled }}
|
||||
labels:
|
||||
{{ .Values.grafana.dashboards.labels | toYaml | nindent 6 }}
|
||||
{{ .Values.monitoring.grafana.dashboards.labels | toYaml | nindent 6 }}
|
||||
annotations:
|
||||
{{ .Values.grafana.dashboards.annotations | toYaml | nindent 6 }}
|
||||
{{ .Values.monitoring.grafana.dashboards.annotations | toYaml | nindent 6 }}
|
||||
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry | default .Values.images.collabora.registry }}/{{ .Values.images.collabora.repository }}"
|
||||
@@ -88,13 +88,13 @@ podSecurityContext:
|
||||
|
||||
prometheus:
|
||||
servicemonitor:
|
||||
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
|
||||
labels:
|
||||
{{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 6 }}
|
||||
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 6 }}
|
||||
rules:
|
||||
enabled: {{ .Values.prometheus.prometheusRules.enabled }}
|
||||
enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
|
||||
additionalLabels:
|
||||
{{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 6 }}
|
||||
{{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 6 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.collabora }}
|
||||
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
username: "meetings-bot"
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
username: "uvs"
|
||||
|
||||
@@ -42,7 +42,7 @@ configuration:
|
||||
sender_localpart: intercom-service
|
||||
|
||||
smtp:
|
||||
senderAddress: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
|
||||
senderAddress: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
|
||||
host: {{ .Values.smtp.host | quote }}
|
||||
port: {{ .Values.smtp.port }}
|
||||
username: {{ .Values.smtp.username | quote }}
|
||||
@@ -94,7 +94,7 @@ containerSecurityContext:
|
||||
{{ .Values.seLinuxOptions.synapse | toYaml | nindent 4 }}
|
||||
|
||||
federation:
|
||||
enabled: {{ .Values.externalServices.matrix.federation.enabled }}
|
||||
enabled: {{ .Values.functional.externalServices.matrix.federation.enabled }}
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.synapseFederation }}.{{ .Values.global.domain }}"
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
|
||||
@@ -27,7 +27,7 @@ containerSecurityContext:
|
||||
{{ .Values.seLinuxOptions.jitsiKeycloakAdapter | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
@@ -14,7 +14,7 @@ additionalAnnotations:
|
||||
intents.otterize.com/service-name: "opendesk-nextcloud-php"
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
|
||||
configuration:
|
||||
administrator:
|
||||
@@ -78,13 +78,13 @@ configuration:
|
||||
value: {{ .Values.smtp.password | quote }}
|
||||
host: {{ .Values.smtp.host | quote }}
|
||||
port: {{ .Values.smtp.port | quote }}
|
||||
fromAddress: {{ .Values.localpartNoReply | quote }}
|
||||
fromAddress: {{ .Values.smtp.localpartNoReply | quote }}
|
||||
mailDomain: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
quota:
|
||||
default: "{{ .Values.filestore.quota.default }} GB"
|
||||
default: "{{ .Values.functional.filestore.quota.default }} GB"
|
||||
retentionObligation:
|
||||
trashbin: {{ .Values.filestore.nextcloud.retentionObligation.trashbin | quote }}
|
||||
versions: {{ .Values.filestore.nextcloud.retentionObligation.versions | quote }}
|
||||
trashbin: {{ .Values.functional.filestore.nextcloud.retentionObligation.trashbin | quote }}
|
||||
versions: {{ .Values.functional.filestore.nextcloud.retentionObligation.versions | quote }}
|
||||
|
||||
serverinfo:
|
||||
token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||
|
||||
@@ -34,13 +34,13 @@ exporter:
|
||||
tag: {{ .Values.images.nextcloudExporter.tag | quote }}
|
||||
prometheus:
|
||||
serviceMonitor:
|
||||
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
|
||||
labels:
|
||||
{{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
|
||||
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
|
||||
prometheusRule:
|
||||
enabled: {{ .Values.prometheus.prometheusRules.enabled }}
|
||||
enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
|
||||
additionalLabels:
|
||||
{{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
|
||||
{{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
|
||||
replicaCount: {{ .Values.replicas.nextcloudExporter }}
|
||||
resources:
|
||||
{{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }}
|
||||
@@ -92,13 +92,13 @@ php:
|
||||
tag: {{ .Values.images.nextcloudPHP.tag | quote }}
|
||||
prometheus:
|
||||
serviceMonitor:
|
||||
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
|
||||
labels:
|
||||
{{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
|
||||
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
|
||||
prometheusRule:
|
||||
enabled: {{ .Values.prometheus.prometheusRules.enabled }}
|
||||
enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
|
||||
additionalLabels:
|
||||
{{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
|
||||
{{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
|
||||
replicaCount: {{ .Values.replicas.nextcloudPHP }}
|
||||
resources:
|
||||
{{ .Values.resources.nextcloudPHP | toYaml | nindent 4 }}
|
||||
|
||||
@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeBootstrap.registry | quote }}
|
||||
|
||||
@@ -11,8 +11,8 @@ global:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
openproject:
|
||||
|
||||
@@ -67,7 +67,7 @@ environment:
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
OPENPROJECT_MAIL__FROM: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
|
||||
@@ -12,7 +12,7 @@ issuerRef:
|
||||
name: {{ .Values.certificate.issuerRef.name | quote }}
|
||||
|
||||
cleanup:
|
||||
keepRessourceOnDelete: {{ .Values.cleanup.keepRessourceOnDelete }}
|
||||
keepRessourceOnDelete: {{ .Values.debug.cleanup.keepRessourceOnDelete }}
|
||||
|
||||
wildcard: {{ .Values.certificate.wildcard }}
|
||||
...
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -67,9 +67,9 @@ mode: {{ if gt .Values.replicas.minio 1 }}"distributed"{{ else }}"standalone"{{
|
||||
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
|
||||
additionalLabels:
|
||||
{{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 6 }}
|
||||
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 6 }}
|
||||
|
||||
networkPolicy:
|
||||
enabled: false
|
||||
|
||||
@@ -17,8 +17,8 @@ image:
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
keycloak:
|
||||
@@ -29,7 +29,7 @@ config:
|
||||
enabled: true
|
||||
internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
|
||||
twoFactorSettings:
|
||||
additionalGroups: {{ .Values.authentication.twoFactor.groups }}
|
||||
additionalGroups: {{ .Values.functional.authentication.twoFactor.groups }}
|
||||
custom:
|
||||
# We use client specific scopes as we bind them to Keycloak role membership which itself is linked
|
||||
# to LDAP group membership to ensure a user cannot access an application without the required
|
||||
|
||||
@@ -674,7 +674,7 @@ stack-data-swp:
|
||||
|
||||
stackDataSwp:
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
{{- if .Values.admin.portal.deploymentInformation.enabled }}
|
||||
{{- if .Values.functional.admin.portal.deploymentInformation.enabled }}
|
||||
systemInformation:
|
||||
deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
|
||||
releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
|
||||
@@ -1062,8 +1062,8 @@ keycloak-bootstrap:
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
keycloak:
|
||||
connection:
|
||||
@@ -1172,7 +1172,7 @@ keycloak-extensions:
|
||||
ipProtectionEnable: true
|
||||
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
|
||||
newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
|
||||
mailFrom: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
@@ -1319,7 +1319,7 @@ stack-gateway:
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
|
||||
|
||||
{{ if .Values.externalServices.nubus.udmRestApi.enabled }}
|
||||
{{ if .Values.functional.externalServices.nubus.udmRestApi.enabled }}
|
||||
## udm-rest-api
|
||||
location /univention/udm/ {
|
||||
# The UDM Rest API does return on some endpoints a lot of headers
|
||||
|
||||
@@ -137,7 +137,7 @@ properties:
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.server": "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443
|
||||
## SMTP settings
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ .Values.smtp.host | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": {{ .Values.smtp.port | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ .Values.smtp.username | quote }}
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cleanup:
|
||||
# Keep Pods/Job logs after successful run.
|
||||
deletePodsOnSuccess: true
|
||||
# When deletePodsOnSuccess is enabled, the pod will be deleted after configured seconds.
|
||||
deletePodsOnSuccessTimeout: 60
|
||||
# Keep persistence on deletion of this release.
|
||||
keepPVCOnDelete: false
|
||||
# Keep additional resources, like certificates on deletion of this release.
|
||||
keepRessourceOnDelete: true
|
||||
debug:
|
||||
cleanup:
|
||||
# Keep Pods/Job logs after successful run.
|
||||
deletePodsOnSuccess: true
|
||||
# When deletePodsOnSuccess is enabled, the pod will be deleted after configured seconds.
|
||||
deletePodsOnSuccessTimeout: 60
|
||||
# Keep persistence on deletion of this release.
|
||||
keepPVCOnDelete: false
|
||||
# Keep additional resources, like certificates on deletion of this release.
|
||||
keepRessourceOnDelete: true
|
||||
# should activate debug output in all components and even allow e.g. successfully executed jobs
|
||||
# to stay available. This is going to be implemented on a case by case basis when we actually
|
||||
# need debugging in a component.
|
||||
|
||||
@@ -1,43 +1,44 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
authentication:
|
||||
twoFactor:
|
||||
# Define a list of groups to enable 2FA for.
|
||||
# Note: Removing a group from the list will not disable 2FA for the removed group.
|
||||
groups:
|
||||
- "Domain Admins"
|
||||
functional:
|
||||
admin:
|
||||
portal:
|
||||
deploymentInformation:
|
||||
# Disable to not provide and update openDesk release version and deployment timestamp for admins in the portal.
|
||||
enabled: true
|
||||
|
||||
externalServices:
|
||||
nubus:
|
||||
udmRestApi:
|
||||
# Enable to make the UDM REST API from the Nubus stack externally available.
|
||||
enabled: false
|
||||
matrix:
|
||||
federation:
|
||||
# Disable to not support Matrix federation with your installation.
|
||||
enabled: true
|
||||
authentication:
|
||||
twoFactor:
|
||||
# Define a list of groups to enable 2FA for.
|
||||
# Note: Removing a group from the list will not disable 2FA for the removed group.
|
||||
groups:
|
||||
- "Domain Admins"
|
||||
|
||||
admin:
|
||||
portal:
|
||||
deploymentInformation:
|
||||
# Disable to not provide and update openDesk release version and deployment timestamp for admins in the portal.
|
||||
enabled: true
|
||||
externalServices:
|
||||
nubus:
|
||||
udmRestApi:
|
||||
# Enable to make the UDM REST API from the Nubus stack externally available.
|
||||
enabled: false
|
||||
matrix:
|
||||
federation:
|
||||
# Disable to not support Matrix federation with your installation.
|
||||
enabled: true
|
||||
|
||||
filestore:
|
||||
quota:
|
||||
# Set the default quota for all users in GB
|
||||
default: 1
|
||||
# Nextcloud specific configuration
|
||||
nextcloud:
|
||||
retentionObligation:
|
||||
# yamllint disable rule:line-length
|
||||
# Set Nextcloud's `trashbin_retention_obligation`
|
||||
# Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trashbin-retention-obligation
|
||||
trashbin: "auto"
|
||||
# Set Nextcloud's `versions_retention_obligation`
|
||||
# Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#versions-retention-obligation
|
||||
versions: "auto"
|
||||
# yamllint enable rule:line-length
|
||||
filestore:
|
||||
quota:
|
||||
# Set the default quota for all users in GB
|
||||
default: 1
|
||||
# Nextcloud specific configuration
|
||||
nextcloud:
|
||||
retentionObligation:
|
||||
# yamllint disable rule:line-length
|
||||
# Set Nextcloud's `trashbin_retention_obligation`
|
||||
# Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trashbin-retention-obligation
|
||||
trashbin: "auto"
|
||||
# Set Nextcloud's `versions_retention_obligation`
|
||||
# Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#versions-retention-obligation
|
||||
versions: "auto"
|
||||
# yamllint enable rule:line-length
|
||||
|
||||
...
|
||||
|
||||
@@ -23,4 +23,39 @@ global:
|
||||
#
|
||||
helmRegistry: {{ env "PRIVATE_HELM_REGISTRY_URL" | quote }}
|
||||
imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | quote }}
|
||||
|
||||
## Define ingress/virtualservice host.
|
||||
#
|
||||
hosts:
|
||||
collabora: "collabora"
|
||||
cryptpad: "cryptpad"
|
||||
element: "chat"
|
||||
intercomService: "ics"
|
||||
jitsi: "meet"
|
||||
keycloak: "id"
|
||||
matrixNeoBoardWidget: "matrix-neoboard-widget"
|
||||
matrixNeoChoiceWidget: "matrix-neochoice-widget"
|
||||
matrixNeoDateFixBot: "matrix-neodatefix-bot"
|
||||
matrixNeoDateFixWidget: "matrix-neodatefix-widget"
|
||||
minioApi: "minio"
|
||||
minioConsole: "minio-console"
|
||||
nextcloud: "fs"
|
||||
openproject: "project"
|
||||
openxchange: "webmail"
|
||||
synapse: "matrix"
|
||||
synapseFederation: "matrix-federation"
|
||||
univentionManagementStack: "portal"
|
||||
whiteboard: "whiteboard"
|
||||
xwiki: "wiki"
|
||||
|
||||
## Credentials to fetch images from private registry
|
||||
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
#
|
||||
imagePullSecrets:
|
||||
- "external-registry"
|
||||
|
||||
## Define the policy to pull container images.
|
||||
## Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
|
||||
#
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
...
|
||||
|
||||
@@ -1,42 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
## The global properties are used to configure multiple charts at once.
|
||||
#
|
||||
global:
|
||||
## Define ingress/virtualservice host.
|
||||
#
|
||||
hosts:
|
||||
collabora: "collabora"
|
||||
cryptpad: "cryptpad"
|
||||
element: "chat"
|
||||
intercomService: "ics"
|
||||
jitsi: "meet"
|
||||
keycloak: "id"
|
||||
matrixNeoBoardWidget: "matrix-neoboard-widget"
|
||||
matrixNeoChoiceWidget: "matrix-neochoice-widget"
|
||||
matrixNeoDateFixBot: "matrix-neodatefix-bot"
|
||||
matrixNeoDateFixWidget: "matrix-neodatefix-widget"
|
||||
minioApi: "minio"
|
||||
minioConsole: "minio-console"
|
||||
nextcloud: "fs"
|
||||
openproject: "project"
|
||||
openxchange: "webmail"
|
||||
synapse: "matrix"
|
||||
synapseFederation: "matrix-federation"
|
||||
univentionManagementStack: "portal"
|
||||
whiteboard: "whiteboard"
|
||||
xwiki: "wiki"
|
||||
|
||||
## Credentials to fetch images from private registry
|
||||
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
#
|
||||
imagePullSecrets:
|
||||
- "external-registry"
|
||||
|
||||
## Define the policy to pull container images.
|
||||
## Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
|
||||
#
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
...
|
||||
@@ -1,25 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
prometheus:
|
||||
serviceMonitors:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
podMonitors:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
prometheusRules:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
monitoring:
|
||||
prometheus:
|
||||
serviceMonitors:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
podMonitors:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
prometheusRules:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
|
||||
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: false
|
||||
labels:
|
||||
grafana_dashboard: "1"
|
||||
annotations:
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: false
|
||||
labels:
|
||||
grafana_dashboard: "1"
|
||||
annotations:
|
||||
...
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
objectstores:
|
||||
migrations:
|
||||
@@ -8,6 +8,5 @@ smtp:
|
||||
port: 587
|
||||
username: ""
|
||||
password: {{ env "SMTP_PASSWORD" | quote }}
|
||||
|
||||
localpartNoReply: "no-reply"
|
||||
localpartNoReply: "no-reply"
|
||||
...
|
||||
|
||||
@@ -11,8 +11,8 @@ global:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
migrations:
|
||||
runId: 1
|
||||
|
||||
Reference in New Issue
Block a user