fix(helmfile): Add configurable objectstore

docs/external-services.md

@@ -9,6 +9,7 @@ This document will cover the additional configuration to use external services l
 
 <!-- TOC -->
   * [Database](#database)
+  * [Objectstore](#objectstore)
   * [Cache](#cache)
 <!-- TOC -->
 
@@ -65,6 +66,23 @@ service.
 |             |                    |            | Username  | `databases.xwiki.username`             | `xwiki_user`               |
 |             |                    |            | Password  | `databases.xwiki.password`             |                            |
 
+## Objectstore
+
+When deploying this suite to production, you need to configure the applications to use your production grade objectstore
+service.
+
+| Component   | Name        | Parameter       | Key                                      | Default            |
+|-------------|-------------|-----------------|------------------------------------------|--------------------|
+| OpenProject | OpenProject |                 |                                          |                    |
+|             |             | Backend         | `objectstores.openproject.backend`       | `minio`            |
+|             |             | Bucket          | `objectstores.openproject.bucket`        | `openproject`      |
+|             |             | Endpoint        | `objectstores.openproject.endpoint`      |                    |
+|             |             | Provider        | `objectstores.openproject.provider`      | `AWS`              |
+|             |             | Region          | `objectstores.openproject.region`        |                    |
+|             |             | Secret          | `objectstores.openproject.secret`        |                    |
+|             |             | Username        | `objectstores.openproject.username`      | `openproject_user` |
+|             |             | Use IAM profile | `objectstores.openproject.useIAMProfile` |                    |
+
 ## Cache
 
 When deploying this suite to production, you need to configure the applications to use your production grade cache

helmfile/apps/openproject/values.gotmpl

@@ -77,9 +77,16 @@ environment:
   OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
   # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
   OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
-  OPENPROJECT_FOG_CREDENTIALS_HOST: "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
+  {{ if ne .Values.objectstores.openproject.backend "aws" }}
-  OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: "https://{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
+  OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: {{ .Values.objectstores.openproject.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
-  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.secrets.minio.openprojectUser | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
+  {{ end }}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: {{ .Values.objectstores.openproject.username | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.objectstores.openproject.secret | default .Values.secrets.minio.openprojectUser | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_PROVIDER: {{ .Values.objectstores.openproject.provider | default "AWS" | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_REGION: {{ .Values.objectstores.openproject.region | quote }}
+  OPENPROJECT_FOG_DIRECTORY: {{ .Values.objectstores.openproject.bucket | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE : {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}
 
 replicaCount: {{ .Values.replicas.openproject }}
 

helmfile/apps/openproject/values.yaml

@@ -75,10 +75,7 @@ environment:
   OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn"
   # Details: https://www.openproject.org/docs/installation-and-operations/configuration/#attachments-storage
   OPENPROJECT_ATTACHMENTS__STORAGE: "fog"
-  OPENPROJECT_FOG_DIRECTORY: "openproject"
-  OPENPROJECT_FOG_CREDENTIALS_PROVIDER: "AWS"
   OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
-  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: "openproject_user"
   # Define an admin mapping from the claim
   # The attribute mapping cannot currently be defined in the value
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_ADMIN: "openproject_admin"

helmfile/environments/default/objectstore.gotmpl

@@ -0,0 +1,16 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+objectstores:
+  openproject:
+    backend: "minio"
+    bucket: "openproject"
+    endpoint: ""
+    provider: "AWS"
+    region: ""
+    secret: ""
+    username: "openproject_user"
+    useIAMProfile: ""
+...