diff --git a/docs/enhanced-configuration/matrix-federation.md b/docs/enhanced-configuration/matrix-federation.md index 28fe39e7..dd797284 100644 --- a/docs/enhanced-configuration/matrix-federation.md +++ b/docs/enhanced-configuration/matrix-federation.md @@ -37,10 +37,11 @@ If not used it is also set to `opendesk.domain.tld`. The following setting can disable federation: ```yaml -externalServices: - matrix: - federation: - enabled: false +functional: + externalServices: + matrix: + federation: + enabled: false ``` ## Separate Matrix domain diff --git a/docs/migrations.md b/docs/migrations.md index e72576d4..5c947268 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0 * [Disclaimer](#disclaimer) * [From v0.8.1](#from-v081) + * [Updated customizable template attributes](#updated-customizable-template-attributes) * [`migrations` S3 bucket](#migrations-s3-bucket) # Disclaimer @@ -17,7 +18,16 @@ Though we try to ease the pain when it comes to 0.x upgrades. That is what this # From v0.8.1 +## Updated customizable template attributes + +- Action: Please ensure you update you custom deployment values according with the updated default value structure. +- References: + - `functional.` prefix for `authentication.*`, `externalServices.*`, `admin.*` and `filestore.*`, see [functional.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/functional.yaml). + - `debug.` prefix for `cleanup.*`, see [debug.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/debug.yaml). + - `monitoring.` prefix for `prometheus.*` and `graphana.*`, see [monitoring.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/monitoring.yaml). + - `smtp.` prefix for `localpartNoReply`, see [smtp.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/smtp.yaml). + ## `migrations` S3 bucket -- Commit: [1e834fee](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/commit/1e834fee9db6bdb948f31c994d5ab309e6f86947) -- Action: Please ensure you add a bucket `migrations` to your S3. +- Action: For self managed/external S3/object storages, please ensure you add a bucket `migrations` to your S3. +- Reference: `objectstores.migrations` in [objectstores.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/objectstores.yaml) diff --git a/helmfile/apps/collabora/values.yaml.gotmpl b/helmfile/apps/collabora/values.yaml.gotmpl index e28fd3d0..56e85720 100644 --- a/helmfile/apps/collabora/values.yaml.gotmpl +++ b/helmfile/apps/collabora/values.yaml.gotmpl @@ -17,11 +17,11 @@ fullnameOverride: "collabora" grafana: dashboards: - enabled: {{ .Values.grafana.dashboards.enabled }} + enabled: {{ .Values.monitoring.grafana.dashboards.enabled }} labels: - {{ .Values.grafana.dashboards.labels | toYaml | nindent 6 }} + {{ .Values.monitoring.grafana.dashboards.labels | toYaml | nindent 6 }} annotations: - {{ .Values.grafana.dashboards.annotations | toYaml | nindent 6 }} + {{ .Values.monitoring.grafana.dashboards.annotations | toYaml | nindent 6 }} image: repository: "{{ .Values.global.imageRegistry | default .Values.images.collabora.registry }}/{{ .Values.images.collabora.repository }}" @@ -88,13 +88,13 @@ podSecurityContext: prometheus: servicemonitor: - enabled: {{ .Values.prometheus.serviceMonitors.enabled }} + enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }} labels: - {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 6 }} + {{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 6 }} rules: - enabled: {{ .Values.prometheus.prometheusRules.enabled }} + enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }} additionalLabels: - {{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 6 }} + {{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 6 }} replicaCount: {{ .Values.replicas.collabora }} diff --git a/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl b/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl index 49b3f9ae..fc63c634 100644 --- a/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl @@ -2,8 +2,8 @@ # SPDX-License-Identifier: Apache-2.0 --- cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} - deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} configuration: username: "meetings-bot" diff --git a/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl b/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl index fbac759f..ac0a79b8 100644 --- a/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl @@ -2,8 +2,8 @@ # SPDX-License-Identifier: Apache-2.0 --- cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} - deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} configuration: username: "uvs" diff --git a/helmfile/apps/element/values-synapse.yaml.gotmpl b/helmfile/apps/element/values-synapse.yaml.gotmpl index d38c7c66..df902e71 100644 --- a/helmfile/apps/element/values-synapse.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse.yaml.gotmpl @@ -42,7 +42,7 @@ configuration: sender_localpart: intercom-service smtp: - senderAddress: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" + senderAddress: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" host: {{ .Values.smtp.host | quote }} port: {{ .Values.smtp.port }} username: {{ .Values.smtp.username | quote }} @@ -94,7 +94,7 @@ containerSecurityContext: {{ .Values.seLinuxOptions.synapse | toYaml | nindent 4 }} federation: - enabled: {{ .Values.externalServices.matrix.federation.enabled }} + enabled: {{ .Values.functional.externalServices.matrix.federation.enabled }} ingress: host: "{{ .Values.global.hosts.synapseFederation }}.{{ .Values.global.domain }}" enabled: {{ .Values.ingress.enabled }} diff --git a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl index 22fc9cb9..e7e1201a 100644 --- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl +++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl @@ -27,7 +27,7 @@ containerSecurityContext: {{ .Values.seLinuxOptions.jitsiKeycloakAdapter | toYaml | nindent 4 }} cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} image: imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index dae8cd12..380fde9f 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -14,7 +14,7 @@ additionalAnnotations: intents.otterize.com/service-name: "opendesk-nextcloud-php" cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} configuration: administrator: @@ -78,13 +78,13 @@ configuration: value: {{ .Values.smtp.password | quote }} host: {{ .Values.smtp.host | quote }} port: {{ .Values.smtp.port | quote }} - fromAddress: {{ .Values.localpartNoReply | quote }} + fromAddress: {{ .Values.smtp.localpartNoReply | quote }} mailDomain: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}" quota: - default: "{{ .Values.filestore.quota.default }} GB" + default: "{{ .Values.functional.filestore.quota.default }} GB" retentionObligation: - trashbin: {{ .Values.filestore.nextcloud.retentionObligation.trashbin | quote }} - versions: {{ .Values.filestore.nextcloud.retentionObligation.versions | quote }} + trashbin: {{ .Values.functional.filestore.nextcloud.retentionObligation.trashbin | quote }} + versions: {{ .Values.functional.filestore.nextcloud.retentionObligation.versions | quote }} serverinfo: token: {{ .Values.secrets.nextcloud.metricsToken | quote }} diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl index a978f8ca..587b7513 100644 --- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl @@ -34,13 +34,13 @@ exporter: tag: {{ .Values.images.nextcloudExporter.tag | quote }} prometheus: serviceMonitor: - enabled: {{ .Values.prometheus.serviceMonitors.enabled }} + enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }} labels: - {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} + {{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} prometheusRule: - enabled: {{ .Values.prometheus.prometheusRules.enabled }} + enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }} additionalLabels: - {{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 8 }} + {{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }} replicaCount: {{ .Values.replicas.nextcloudExporter }} resources: {{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }} @@ -92,13 +92,13 @@ php: tag: {{ .Values.images.nextcloudPHP.tag | quote }} prometheus: serviceMonitor: - enabled: {{ .Values.prometheus.serviceMonitors.enabled }} + enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }} labels: - {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} + {{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} prometheusRule: - enabled: {{ .Values.prometheus.prometheusRules.enabled }} + enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }} additionalLabels: - {{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 8 }} + {{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }} replicaCount: {{ .Values.replicas.nextcloudPHP }} resources: {{ .Values.resources.nextcloudPHP | toYaml | nindent 4 }} diff --git a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl index e80c9ae4..8a096159 100644 --- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl @@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0 */}} --- cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} - deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeBootstrap.registry | quote }} diff --git a/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl b/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl index 8570dc39..38ae746e 100644 --- a/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl +++ b/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl @@ -11,8 +11,8 @@ global: {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} - keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }} config: openproject: diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl index 2c34343e..fdd7627d 100644 --- a/helmfile/apps/openproject/values.yaml.gotmpl +++ b/helmfile/apps/openproject/values.yaml.gotmpl @@ -67,7 +67,7 @@ environment: OPENPROJECT_SMTP__AUTHENTICATION: "plain" OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true" OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer" - OPENPROJECT_MAIL__FROM: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}" + OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}" OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/" diff --git a/helmfile/apps/services/values-certificates.yaml.gotmpl b/helmfile/apps/services/values-certificates.yaml.gotmpl index 6d5778ce..e0d80ef6 100644 --- a/helmfile/apps/services/values-certificates.yaml.gotmpl +++ b/helmfile/apps/services/values-certificates.yaml.gotmpl @@ -12,7 +12,7 @@ issuerRef: name: {{ .Values.certificate.issuerRef.name | quote }} cleanup: - keepRessourceOnDelete: {{ .Values.cleanup.keepRessourceOnDelete }} + keepRessourceOnDelete: {{ .Values.debug.cleanup.keepRessourceOnDelete }} wildcard: {{ .Values.certificate.wildcard }} ... diff --git a/helmfile/apps/services/values-mariadb.yaml.gotmpl b/helmfile/apps/services/values-mariadb.yaml.gotmpl index ebcba547..fc5109b0 100644 --- a/helmfile/apps/services/values-mariadb.yaml.gotmpl +++ b/helmfile/apps/services/values-mariadb.yaml.gotmpl @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 --- cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} containerSecurityContext: allowPrivilegeEscalation: false diff --git a/helmfile/apps/services/values-minio.yaml.gotmpl b/helmfile/apps/services/values-minio.yaml.gotmpl index 175a3275..eca50f92 100644 --- a/helmfile/apps/services/values-minio.yaml.gotmpl +++ b/helmfile/apps/services/values-minio.yaml.gotmpl @@ -67,9 +67,9 @@ mode: {{ if gt .Values.replicas.minio 1 }}"distributed"{{ else }}"standalone"{{ metrics: serviceMonitor: - enabled: {{ .Values.prometheus.serviceMonitors.enabled }} + enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }} additionalLabels: - {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 6 }} + {{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 6 }} networkPolicy: enabled: false diff --git a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl index bf935deb..6ac20c7b 100644 --- a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl @@ -17,8 +17,8 @@ image: imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} - keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }} config: keycloak: @@ -29,7 +29,7 @@ config: enabled: true internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" twoFactorSettings: - additionalGroups: {{ .Values.authentication.twoFactor.groups }} + additionalGroups: {{ .Values.functional.authentication.twoFactor.groups }} custom: # We use client specific scopes as we bind them to Keycloak role membership which itself is linked # to LDAP group membership to ensure a user cannot access an application without the required diff --git a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl index 567bcfb7..89138423 100644 --- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl @@ -674,7 +674,7 @@ stack-data-swp: stackDataSwp: udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - {{- if .Values.admin.portal.deploymentInformation.enabled }} + {{- if .Values.functional.admin.portal.deploymentInformation.enabled }} systemInformation: deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}" releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}" @@ -1062,8 +1062,8 @@ keycloak-bootstrap: imagePullPolicy: {{ .Values.global.imagePullPolicy }} cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} - keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }} keycloak: connection: @@ -1172,7 +1172,7 @@ keycloak-extensions: ipProtectionEnable: true logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }} newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account" - mailFrom: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" + mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" securityContext: allowPrivilegeEscalation: false capabilities: @@ -1319,7 +1319,7 @@ stack-gateway: proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - {{ if .Values.externalServices.nubus.udmRestApi.enabled }} + {{ if .Values.functional.externalServices.nubus.udmRestApi.enabled }} ## udm-rest-api location /univention/udm/ { # The UDM Rest API does return on some endpoints a lot of headers diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl index 1fd32fe9..2a3d9337 100644 --- a/helmfile/apps/xwiki/values.yaml.gotmpl +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -137,7 +137,7 @@ properties: "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.server": "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443 ## SMTP settings - "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" + "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ .Values.smtp.host | quote }} "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": {{ .Values.smtp.port | quote }} "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ .Values.smtp.username | quote }} diff --git a/helmfile/environments/default/debug.yaml b/helmfile/environments/default/debug.yaml index 119ae62d..0192a988 100644 --- a/helmfile/environments/default/debug.yaml +++ b/helmfile/environments/default/debug.yaml @@ -1,16 +1,16 @@ # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- -cleanup: - # Keep Pods/Job logs after successful run. - deletePodsOnSuccess: true - # When deletePodsOnSuccess is enabled, the pod will be deleted after configured seconds. - deletePodsOnSuccessTimeout: 60 - # Keep persistence on deletion of this release. - keepPVCOnDelete: false - # Keep additional resources, like certificates on deletion of this release. - keepRessourceOnDelete: true debug: + cleanup: + # Keep Pods/Job logs after successful run. + deletePodsOnSuccess: true + # When deletePodsOnSuccess is enabled, the pod will be deleted after configured seconds. + deletePodsOnSuccessTimeout: 60 + # Keep persistence on deletion of this release. + keepPVCOnDelete: false + # Keep additional resources, like certificates on deletion of this release. + keepRessourceOnDelete: true # should activate debug output in all components and even allow e.g. successfully executed jobs # to stay available. This is going to be implemented on a case by case basis when we actually # need debugging in a component. diff --git a/helmfile/environments/default/functional.yaml b/helmfile/environments/default/functional.yaml index dc71aa13..4de7b31f 100644 --- a/helmfile/environments/default/functional.yaml +++ b/helmfile/environments/default/functional.yaml @@ -1,43 +1,44 @@ # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0 --- -authentication: - twoFactor: - # Define a list of groups to enable 2FA for. - # Note: Removing a group from the list will not disable 2FA for the removed group. - groups: - - "Domain Admins" +functional: + admin: + portal: + deploymentInformation: + # Disable to not provide and update openDesk release version and deployment timestamp for admins in the portal. + enabled: true -externalServices: - nubus: - udmRestApi: - # Enable to make the UDM REST API from the Nubus stack externally available. - enabled: false - matrix: - federation: - # Disable to not support Matrix federation with your installation. - enabled: true + authentication: + twoFactor: + # Define a list of groups to enable 2FA for. + # Note: Removing a group from the list will not disable 2FA for the removed group. + groups: + - "Domain Admins" -admin: - portal: - deploymentInformation: - # Disable to not provide and update openDesk release version and deployment timestamp for admins in the portal. - enabled: true + externalServices: + nubus: + udmRestApi: + # Enable to make the UDM REST API from the Nubus stack externally available. + enabled: false + matrix: + federation: + # Disable to not support Matrix federation with your installation. + enabled: true -filestore: - quota: - # Set the default quota for all users in GB - default: 1 - # Nextcloud specific configuration - nextcloud: - retentionObligation: - # yamllint disable rule:line-length - # Set Nextcloud's `trashbin_retention_obligation` - # Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trashbin-retention-obligation - trashbin: "auto" - # Set Nextcloud's `versions_retention_obligation` - # Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#versions-retention-obligation - versions: "auto" - # yamllint enable rule:line-length + filestore: + quota: + # Set the default quota for all users in GB + default: 1 + # Nextcloud specific configuration + nextcloud: + retentionObligation: + # yamllint disable rule:line-length + # Set Nextcloud's `trashbin_retention_obligation` + # Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trashbin-retention-obligation + trashbin: "auto" + # Set Nextcloud's `versions_retention_obligation` + # Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#versions-retention-obligation + versions: "auto" + # yamllint enable rule:line-length ... diff --git a/helmfile/environments/default/global.gotmpl b/helmfile/environments/default/global.gotmpl index 59603c4e..b126028d 100644 --- a/helmfile/environments/default/global.gotmpl +++ b/helmfile/environments/default/global.gotmpl @@ -23,4 +23,39 @@ global: # helmRegistry: {{ env "PRIVATE_HELM_REGISTRY_URL" | quote }} imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | quote }} + + ## Define ingress/virtualservice host. + # + hosts: + collabora: "collabora" + cryptpad: "cryptpad" + element: "chat" + intercomService: "ics" + jitsi: "meet" + keycloak: "id" + matrixNeoBoardWidget: "matrix-neoboard-widget" + matrixNeoChoiceWidget: "matrix-neochoice-widget" + matrixNeoDateFixBot: "matrix-neodatefix-bot" + matrixNeoDateFixWidget: "matrix-neodatefix-widget" + minioApi: "minio" + minioConsole: "minio-console" + nextcloud: "fs" + openproject: "project" + openxchange: "webmail" + synapse: "matrix" + synapseFederation: "matrix-federation" + univentionManagementStack: "portal" + whiteboard: "whiteboard" + xwiki: "wiki" + + ## Credentials to fetch images from private registry + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # + imagePullSecrets: + - "external-registry" + + ## Define the policy to pull container images. + ## Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + # + imagePullPolicy: "IfNotPresent" ... diff --git a/helmfile/environments/default/global.yaml b/helmfile/environments/default/global.yaml deleted file mode 100644 index 717827fe..00000000 --- a/helmfile/environments/default/global.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH -# SPDX-License-Identifier: Apache-2.0 ---- -## The global properties are used to configure multiple charts at once. -# -global: - ## Define ingress/virtualservice host. - # - hosts: - collabora: "collabora" - cryptpad: "cryptpad" - element: "chat" - intercomService: "ics" - jitsi: "meet" - keycloak: "id" - matrixNeoBoardWidget: "matrix-neoboard-widget" - matrixNeoChoiceWidget: "matrix-neochoice-widget" - matrixNeoDateFixBot: "matrix-neodatefix-bot" - matrixNeoDateFixWidget: "matrix-neodatefix-widget" - minioApi: "minio" - minioConsole: "minio-console" - nextcloud: "fs" - openproject: "project" - openxchange: "webmail" - synapse: "matrix" - synapseFederation: "matrix-federation" - univentionManagementStack: "portal" - whiteboard: "whiteboard" - xwiki: "wiki" - - ## Credentials to fetch images from private registry - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - # - imagePullSecrets: - - "external-registry" - - ## Define the policy to pull container images. - ## Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy - # - imagePullPolicy: "IfNotPresent" -... diff --git a/helmfile/environments/default/monitoring.yaml b/helmfile/environments/default/monitoring.yaml index 48c91333..131fe9db 100644 --- a/helmfile/environments/default/monitoring.yaml +++ b/helmfile/environments/default/monitoring.yaml @@ -1,25 +1,25 @@ # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- -prometheus: - serviceMonitors: - enabled: false - labels: - release: "kube-prometheus-stack" - podMonitors: - enabled: false - labels: - release: "kube-prometheus-stack" - prometheusRules: - enabled: false - labels: - release: "kube-prometheus-stack" +monitoring: + prometheus: + serviceMonitors: + enabled: false + labels: + release: "kube-prometheus-stack" + podMonitors: + enabled: false + labels: + release: "kube-prometheus-stack" + prometheusRules: + enabled: false + labels: + release: "kube-prometheus-stack" - -grafana: - dashboards: - enabled: false - labels: - grafana_dashboard: "1" - annotations: + grafana: + dashboards: + enabled: false + labels: + grafana_dashboard: "1" + annotations: ... diff --git a/helmfile/environments/default/objectstore.gotmpl b/helmfile/environments/default/objectstores.yaml similarity index 74% rename from helmfile/environments/default/objectstore.gotmpl rename to helmfile/environments/default/objectstores.yaml index e40dbdee..9b0d8ad4 100644 --- a/helmfile/environments/default/objectstore.gotmpl +++ b/helmfile/environments/default/objectstores.yaml @@ -1,7 +1,6 @@ -{{/* -SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -SPDX-License-Identifier: Apache-2.0 -*/}} +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 --- objectstores: migrations: diff --git a/helmfile/environments/default/workplace.gotmpl b/helmfile/environments/default/opendesk_main.gotmpl similarity index 100% rename from helmfile/environments/default/workplace.gotmpl rename to helmfile/environments/default/opendesk_main.gotmpl diff --git a/helmfile/environments/default/smtp.gotmpl b/helmfile/environments/default/smtp.gotmpl index 20158e3f..1a24a2aa 100644 --- a/helmfile/environments/default/smtp.gotmpl +++ b/helmfile/environments/default/smtp.gotmpl @@ -8,6 +8,5 @@ smtp: port: 587 username: "" password: {{ env "SMTP_PASSWORD" | quote }} - -localpartNoReply: "no-reply" + localpartNoReply: "no-reply" ... diff --git a/helmfile/shared/migrations.yaml.gotmpl b/helmfile/shared/migrations.yaml.gotmpl index 1c848cf3..4e758e58 100644 --- a/helmfile/shared/migrations.yaml.gotmpl +++ b/helmfile/shared/migrations.yaml.gotmpl @@ -11,8 +11,8 @@ global: {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} cleanup: - deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} - keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }} migrations: runId: 1