feat(open-xchange): Bump to 8.23 and remove Istio prerequisite

2025-12-06 23:41:43 +01:00 · 2024-04-09 07:16:34 +02:00
parent 10ecb44aa6
commit 3be3564ec7
17 changed files with 44 additions and 126 deletions
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ openDesk currently features the following functional main components:
 | Chat & collaboration | Element ft. Nordeck widgets | [1.11.59](https://github.com/element-hq/element-desktop/releases/tag/v1.11.59)                                 | [For the most recent release](https://element.io/user-guide)                                                                                 |
 | Diagram editor       | Cryptpad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                                               | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
 | File management      | Nextcloud                   | [28.0.4](https://nextcloud.com/de/changelog/#28-0-4)                                                           | [Nextcloud 28](https://docs.nextcloud.com/)                                                                                                  |
-| Groupware            | OX Appsuite                 | [8.22](https://documentation.open-xchange.com/appsuite/releases/8.22/)                                         | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
+| Groupware            | OX App Suite                | [8.23](https://documentation.open-xchange.com/appsuite/releases/8.23/)                                         | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
 | Knowledge management | XWiki                       | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released)                                        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                                            | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
 | Project management   | OpenProject                 | [13.4.1](https://www.openproject.org/docs/release-notes/13-4-1/)                                               | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
--- a/docs/ci.md
+++ b/docs/ci.md
@@ -19,7 +19,6 @@ The project includes a `.gitlab-ci.yml` that allows you to execute the deploymen
 When starting the pipeline through the Gitlab UI, you will be queried for some variables plus the following ones:
 - `DOMAIN` = The domain to deploy to.
 - `ISTIO_DOMAIN` = istio.`DOMAIN`
 - `NAMESPACE`: Defines into which namespace of your K8s cluster the SWP will be installed
 - `MASTER_PASSWORD_WEB_VAR`: Overwrites value of `MASTER_PASSWORD`
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -69,26 +69,12 @@ The domain have to be set either via `dev` environment
 ```yaml
 global:
  domain: "my.open.desk"
 istio:
  domain: "istio.my.open.desk"
 ```
 or via environment variable
 ```shell
 export DOMAIN=my.open.desk
 export ISTIO_DOMAIN=istio.my.open.desk
 ```
 When you configure each subdomain individually, you can set `global.domain` and `istio.domain` to the same value.
 Istio is only used for Open-Xchange Appsuite 8, when you don't want to install it, you can disable Istio:
 ```yaml
 istio:
  enabled: false
 oxAppsuite:
  enabled: false
 ```
 ### Apps
--- a/docs/requirements.md
+++ b/docs/requirements.md
@@ -28,7 +28,6 @@ openDesk is a Kubernetes only solution and requires an existing Kubernetes (K8s)
 - [HelmDiff](https://github.com/databus23/helm-diff) >= 3.6.0
 - Volume provisioner supporting RWO (read-write-once)
 - Certificate handling with [cert-manager](https://cert-manager.io/)
 - [Istio](https://istio.io/) is currently required to deploy and operate OX AppSuite8
 # Hardware
@@ -56,12 +55,8 @@ configured ingress controller deployed.
 **Maintained controllers:**
 - [NGINX Ingress Controller](https://github.com/nginxinc/kubernetes-ingress)
 - [HAProxy Kubernetes Ingress Controller](https://github.com/haproxytech/kubernetes-ingress)
 **Community Supported:**
 - [Ingress NGINX Controller](https://github.com/kubernetes/ingress-nginx)
-
+- [HAProxy Kubernetes Ingress Controller](https://github.com/haproxytech/kubernetes-ingress)
 When you want to use Open-Xchange Appsuite 8, you need to deploy and configure additionally [Istio](https://istio.io/)
 # Volume provisioner
--- a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
@@ -12,7 +12,7 @@ configuration:
  bot:
    username: "meetings-bot"
    displayname: "Terminplaner Bot"
-  openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+  openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
  strings:
    breakoutSessionWidgetName: "Breakoutsessions"
    calendarRoomName: "Terminplaner"
--- a/helmfile/apps/intercom-service/values.yaml.gotmpl
+++ b/helmfile/apps/intercom-service/values.yaml.gotmpl
@@ -27,7 +27,7 @@ global:
 ics:
  secret: {{ .Values.secrets.intercom.secret | quote }}
  issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
-  originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}"
+  originRegex: "{{ .Values.global.domain }}"
  keycloak:
    realm: {{ .Values.platform.realm | quote }}
  default:
@@ -49,7 +49,7 @@ ics:
    password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
  openxchange:
    oci: true
-    url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+    url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
    audience: "opendesk-oxappsuite"
  nextcloud:
    audience: "opendesk-nextcloud"
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
@@ -9,7 +9,6 @@ global:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
  istioDomain: {{ .Values.istio.domain }}
 additionalAnnotations:
  intents.otterize.com/service-name: "opendesk-nextcloud-php"
--- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 global:
-  hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+  hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
  mysql:
    host: {{ .Values.databases.oxAppsuite.host | quote }}
    database: {{ .Values.databases.oxAppsuite.name | quote }}
@@ -13,9 +13,6 @@ global:
      password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
      rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
 istio:
  enabled: {{ .Values.istio.enabled }}
 nextcloud-integration-ui:
  image:
    registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }}
@@ -77,18 +74,22 @@ appsuite:
  switchboard:
    enabled: false
  istio:
-    enabled: {{ .Values.istio.enabled }}
+    enabled: false
-    ingressGateway:
+  ingress:
-      name: "opendesk-gateway-istio-gateway"
+    enabled: {{ .Values.ingress.enabled }}
    ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
    tls:
      enabled: true
      existingSecret: {{ .Values.ingress.tls.secretName | quote }}
    appsuite:
      hosts:
-        - "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+        - "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
-    virtualServices:
+    dav:
-      appsuite:
+      hosts:
-        hosts:
+        - "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
-          - "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+    routes:
-      dav:
+      trailslash:
-        hosts:
+        enabled: false
          - "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
  core-mw:
    enabled: true
    asConfig:
@@ -99,7 +100,7 @@ appsuite:
        oidcPath: "/oidc"
    masterAdmin: "admin"
    masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
-    hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+    hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
    serviceAccount:
      create: true
    features:
@@ -168,9 +169,9 @@ appsuite:
      com.openexchange.oidc.opJwkSetEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
      com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
      com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
-      com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/auth"
+      com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/auth"
      com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
-      com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/logout"
+      com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/logout"
      com.openexchange.oidc.ssoLogout: "true"
      com.openexchange.oidc.startDefaultBackend: "true"
      com.openexchange.oidc.userLookupClaim: "opendesk_username"
@@ -366,7 +367,7 @@ appsuite:
    enabled: true
    ingress:
      hosts:
-        - host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+        - host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
      enabled: false
    imagePullSecrets:
    {{- range .Values.global.imagePullSecrets }}
@@ -385,6 +386,8 @@ appsuite:
      auth:
        enabled: true
        password: {{ .Values.secrets.redis.password | quote }}
        # Workaround for a bug in 8.23
        ca: ""
    resources:
      {{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
      updater:
--- a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl
@@ -33,7 +33,7 @@ oxConnector:
  oxMasterAdmin: "admin"
  oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
  oxSmtpServer: "smtp://127.0.0.1:587"
-  oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+  oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
 resources:
  {{ .Values.resources.oxConnector | toYaml | nindent 2 }}
--- a/helmfile/apps/services/helmfile.yaml
+++ b/helmfile/apps/services/helmfile.yaml
@@ -60,17 +60,6 @@ repositories:
    url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/\
      {{ .Values.charts.postfix.repository }}"
  # openDesk Istio Resources
  # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-istio-resources
  - name: "istio-resources-repo"
    keyring: "../../files/gpg-pubkeys/opencode.gpg"
    verify: {{ .Values.charts.istioResources.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.istioResources.registry }}/\
      {{ .Values.charts.istioResources.repository }}"
  # openDesk ClamAV
  # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-clamav
  - name: "clamav-repo"
@@ -190,14 +179,6 @@ releases:
    installed: {{ .Values.clamavSimple.enabled }}
    timeout: 900
  - name: "opendesk-gateway"
    chart: "istio-resources-repo/{{ .Values.charts.istioResources.name }}"
    version: "{{ .Values.charts.istioResources.version }}"
    values:
      - "values-istio-gateway.yaml.gotmpl"
    installed: {{ .Values.istio.enabled }}
    timeout: 900
  - name: "minio"
    chart: "minio-repo/{{ .Values.charts.minio.name }}"
    version: "{{ .Values.charts.minio.version }}"
--- a/helmfile/apps/services/values-certificates.yaml.gotmpl
+++ b/helmfile/apps/services/values-certificates.yaml.gotmpl
@@ -11,14 +11,6 @@ global:
 issuerRef:
  name: {{ .Values.certificate.issuerRef.name | quote }}
 {{- if .Values.istio.enabled }}
 istio:
  enabled: {{ .Values.istio.enabled }}
  domain: {{ .Values.istio.domain | quote }}
  issuerRef:
    name: {{ .Values.istio.issuerRef.name | quote }}
 {{- end }}
 cleanup:
  keepRessourceOnDelete: {{ .Values.cleanup.keepRessourceOnDelete }}
--- a/helmfile/apps/services/values-istio-gateway.yaml.gotmpl
+++ b/helmfile/apps/services/values-istio-gateway.yaml.gotmpl
@@ -1,12 +0,0 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
 global:
  domain: {{ .Values.istio.domain | quote }}
  hosts:
    openxchange: {{ .Values.global.hosts.openxchange | quote }}
 tls:
  httpsRedirect: false
  secretName: "{{ .Values.istio.domain }}-tls"
 ...
--- a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl
@@ -253,7 +253,7 @@ config:
        clientAuthenticatorType: "client-secret"
        secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
        redirectUris:
-          - "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/*"
+          - "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*"
          - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
        consentRequired: false
        frontchannelLogout: false
@@ -261,8 +261,8 @@ config:
        authorizationServicesEnabled: false
        attributes:
          backchannel.logout.session.required: true
-          backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/ajax/oidc/backchannel_logout"
+          backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout"
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
        protocolMappers:
          - name: "context"
            protocol: "openid-connect"
--- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
@@ -630,7 +630,7 @@ stack-data-swp:
    externalDomainName: {{ .Values.global.domain | quote }}
    externalMailDomain: {{ .Values.global.domain | quote }}
-    portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.istio.domain | quote }}
+    portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain | quote }}
    portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }}
    portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain | quote }}
    portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain | quote }}
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -14,7 +14,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-certificates"
    name: "opendesk-certificates"
-    version: "2.1.1"
+    version: "2.1.3"
    verify: true
  clamav:
    # providerCategory: 'Platform'
@@ -102,16 +102,6 @@ charts:
    name: "intercom-service"
    version: "2.0.1"
    verify: true
  istioResources:
    # providerCategory: 'Platform'
    # providerResponsible: 'openDesk'
    # upstreamRegistry: 'registry.opencode.de'
    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-istio-resources/istio-gateway'
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-istio-resources"
    name: "istio-gateway"
    version: "2.0.1"
    verify: true
  jitsi:
    # providerCategory: 'Platform'
    # providerResponsible: 'openDesk'
@@ -210,7 +200,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud"
-    version: "1.5.0"
+    version: "1.5.1"
    verify: true
  nextcloudManagement:
    # providerCategory: 'Platform'
@@ -220,7 +210,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud-management"
-    version: "1.5.0"
+    version: "1.5.1"
    verify: true
  nginx:
    # providerCategory: 'Community'
@@ -274,7 +264,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
    name: "appsuite-public-sector"
-    version: "2.4.49"
+    version: "2.5.3"
    verify: false
  openXchangeAppSuiteBootstrap:
    # providerCategory: 'Platform'
@@ -294,7 +284,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
    name: "opendesk-otterize"
-    version: "2.0.0"
+    version: "2.0.1"
    verify: true
  oxConnector:
    # providerCategory: 'Supplier'
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -306,7 +306,7 @@ images:
    # upstreamMirrorStartFrom: ['8', '20', '51']
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
-    tag: "8.22.52@sha256:dab45b0e308b8d5c6c5cb5ec5be9d711f55e7aa87375c4b08ab178287bb7b769"
+    tag: "8.23.47@sha256:b721bf41d7f06b328e9235a0561436cb678bc2a1a67202f0fa6e1f55956cc0cc"
  openxchangeCoreUI:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Open-Xchange'
@@ -316,7 +316,7 @@ images:
    # upstreamMirrorStartFrom: ['8', '20', '1']
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
-    tag: "8.22.1@sha256:4b581d8fb3761156a5dd81a2cebc1c7a0382652d01ba6ee933527f9899b41768"
+    tag: "8.23.2@sha256:0cc07053cbb9d7062a17ef807c6a6942a912748243a6f0c63a892d5cb2953351"
  openxchangeCoreUIMiddleware:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Open-Xchange'
@@ -326,7 +326,7 @@ images:
    # upstreamMirrorStartFrom: ['2', '0', '0']
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui-middleware"
-    tag: "2.0.2@sha256:eafcc0242b3fd93a777077c136b9e87fe03b163988731c15f0d3cd2ba39a2165"
+    tag: "2.0.3@sha256:56fe8afe841105f0725674e36afc6f10f22751e3c21a301a6322834383f2d786"
  openxchangeCoreUserGuide:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Open-Xchange'
@@ -336,7 +336,7 @@ images:
    # upstreamMirrorStartFrom: ['8', '20', '799279']
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
-    tag: "8.22.909960@sha256:dbd3f3a37c2d0a2885234cee53d79bf69015392c1381433c008694b4b99ddf30"
+    tag: "8.23.941932@sha256:231b13cb795241513d2f54ee4bc628843ae737b5ecceab758aba3658f03de1bd"
  openxchangeDocumentConverter:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Open-Xchange'
@@ -346,7 +346,7 @@ images:
    # upstreamMirrorStartFrom: ['8', '20', '50']
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
-    tag: "8.22.49@sha256:21ab0b52fa54fb5be969c4c689e4b7724b7bf9ee79b1bf166ab27d8c67e3a6b6"
+    tag: "8.23.43@sha256:aa9bbce833ae018573997fb07dcaf32bb7c5c4c6a7d6331f3d3156fd5b8d53b3"
  openxchangeGotenberg:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Open-Xchange'
@@ -366,7 +366,7 @@ images:
    # upstreamMirrorStartFrom: ['4', '2', '2']
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/guard-ui"
-    tag: "8.22.0@sha256:89c18129a2bdffe24587494e96ad12e95c01c25cd7a6a7b177afc75fec70415c"
+    tag: "8.23.0@sha256:0510458017fa028582515ce18c0b12f91ac9e23f0e94e99ac34fd49b07146c01"
  openxchangeImageConverter:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Open-Xchange'
@@ -376,7 +376,7 @@ images:
    # upstreamMirrorStartFrom: ['8', '20', '50']
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
-    tag: "8.22.49@sha256:42841719c515b21f5d6e18296116fe690ac63f82f5acfa877652c2639911f127"
+    tag: "8.23.43@sha256:ecc77a569f60e1b14f0d77ec93d891200b89d11eb9d7c26f59fa7696343e20e3"
  openxchangeNextcloudIntegrationUI:
    # providerCategory: 'Supplier'
    # providerResponsible: 'Open-Xchange'
--- a/helmfile/environments/default/istio.gotmpl
+++ b/helmfile/environments/default/istio.gotmpl
@@ -1,15 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 istio:
  enabled: true
  domain: {{ env "ISTIO_DOMAIN" | default "souvap.cloud" | quote }}
  virtualService:
    enabled: false
  gateway:
    enabled: true
  issuerRef:
    name: "letsencrypt-istio-prod"
 ...