feat(open-xchange): Bump to 8.23 and remove Istio prerequisite

helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl

@@ -12,7 +12,7 @@ configuration:
   bot:
     username: "meetings-bot"
     displayname: "Terminplaner Bot"
-  openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+  openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
   strings:
     breakoutSessionWidgetName: "Breakoutsessions"
     calendarRoomName: "Terminplaner"

helmfile/apps/intercom-service/values.yaml.gotmpl

@@ -27,7 +27,7 @@ global:
 ics:
   secret: {{ .Values.secrets.intercom.secret | quote }}
   issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
-  originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}"
+  originRegex: "{{ .Values.global.domain }}"
   keycloak:
     realm: {{ .Values.platform.realm | quote }}
   default:
@@ -49,7 +49,7 @@ ics:
     password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
   openxchange:
     oci: true
-    url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+    url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
     audience: "opendesk-oxappsuite"
   nextcloud:
     audience: "opendesk-nextcloud"

helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl

@@ -9,7 +9,6 @@ global:
     {{ .Values.global.hosts | toYaml | nindent 4 }}
   imagePullSecrets:
     {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
-  istioDomain: {{ .Values.istio.domain }}
 
 additionalAnnotations:
   intents.otterize.com/service-name: "opendesk-nextcloud-php"

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 global:
-  hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+  hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
   mysql:
     host: {{ .Values.databases.oxAppsuite.host | quote }}
     database: {{ .Values.databases.oxAppsuite.name | quote }}
@@ -13,9 +13,6 @@ global:
       password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
       rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
 
-istio:
-  enabled: {{ .Values.istio.enabled }}
-
 nextcloud-integration-ui:
   image:
     registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }}
@@ -77,18 +74,22 @@ appsuite:
   switchboard:
     enabled: false
   istio:
-    enabled: {{ .Values.istio.enabled }}
-    ingressGateway:
-      name: "opendesk-gateway-istio-gateway"
+    enabled: false
+  ingress:
+    enabled: {{ .Values.ingress.enabled }}
+    ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+    tls:
+      enabled: true
+      existingSecret: {{ .Values.ingress.tls.secretName | quote }}
+    appsuite:
       hosts:
-        - "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
-    virtualServices:
-      appsuite:
-        hosts:
-          - "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
-      dav:
-        hosts:
-          - "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+        - "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
+    dav:
+      hosts:
+        - "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
+    routes:
+      trailslash:
+        enabled: false
   core-mw:
     enabled: true
     asConfig:
@@ -99,7 +100,7 @@ appsuite:
         oidcPath: "/oidc"
     masterAdmin: "admin"
     masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
-    hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+    hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
     serviceAccount:
       create: true
     features:
@@ -168,9 +169,9 @@ appsuite:
       com.openexchange.oidc.opJwkSetEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
       com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
       com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
-      com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/auth"
+      com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/auth"
       com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
-      com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/logout"
+      com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/logout"
       com.openexchange.oidc.ssoLogout: "true"
       com.openexchange.oidc.startDefaultBackend: "true"
       com.openexchange.oidc.userLookupClaim: "opendesk_username"
@@ -366,7 +367,7 @@ appsuite:
     enabled: true
     ingress:
       hosts:
-        - host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+        - host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
       enabled: false
     imagePullSecrets:
     {{- range .Values.global.imagePullSecrets }}
@@ -385,6 +386,8 @@ appsuite:
       auth:
         enabled: true
         password: {{ .Values.secrets.redis.password | quote }}
+        # Workaround for a bug in 8.23
+        ca: ""
     resources:
       {{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
       updater:

helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl

@@ -33,7 +33,7 @@ oxConnector:
   oxMasterAdmin: "admin"
   oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
   oxSmtpServer: "smtp://127.0.0.1:587"
-  oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
+  oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
 
 resources:
   {{ .Values.resources.oxConnector | toYaml | nindent 2 }}

helmfile/apps/services/helmfile.yaml

@@ -60,17 +60,6 @@ repositories:
     url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/\
       {{ .Values.charts.postfix.repository }}"
 
-  # openDesk Istio Resources
-  # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-istio-resources
-  - name: "istio-resources-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.istioResources.verify }}
-    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.istioResources.registry }}/\
-      {{ .Values.charts.istioResources.repository }}"
-
   # openDesk ClamAV
   # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-clamav
   - name: "clamav-repo"
@@ -190,14 +179,6 @@ releases:
     installed: {{ .Values.clamavSimple.enabled }}
     timeout: 900
 
-  - name: "opendesk-gateway"
-    chart: "istio-resources-repo/{{ .Values.charts.istioResources.name }}"
-    version: "{{ .Values.charts.istioResources.version }}"
-    values:
-      - "values-istio-gateway.yaml.gotmpl"
-    installed: {{ .Values.istio.enabled }}
-    timeout: 900
-
   - name: "minio"
     chart: "minio-repo/{{ .Values.charts.minio.name }}"
     version: "{{ .Values.charts.minio.version }}"

helmfile/apps/services/values-certificates.yaml.gotmpl

@@ -11,14 +11,6 @@ global:
 issuerRef:
   name: {{ .Values.certificate.issuerRef.name | quote }}
 
-{{- if .Values.istio.enabled }}
-istio:
-  enabled: {{ .Values.istio.enabled }}
-  domain: {{ .Values.istio.domain | quote }}
-  issuerRef:
-    name: {{ .Values.istio.issuerRef.name | quote }}
-{{- end }}
-
 cleanup:
   keepRessourceOnDelete: {{ .Values.cleanup.keepRessourceOnDelete }}
 

helmfile/apps/services/values-istio-gateway.yaml.gotmpl

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-global:
-  domain: {{ .Values.istio.domain | quote }}
-  hosts:
-    openxchange: {{ .Values.global.hosts.openxchange | quote }}
-
-tls:
-  httpsRedirect: false
-  secretName: "{{ .Values.istio.domain }}-tls"
-...

helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl

@@ -253,7 +253,7 @@ config:
         clientAuthenticatorType: "client-secret"
         secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
         redirectUris:
-          - "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/*"
+          - "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*"
           - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
         consentRequired: false
         frontchannelLogout: false
@@ -261,8 +261,8 @@ config:
         authorizationServicesEnabled: false
         attributes:
           backchannel.logout.session.required: true
-          backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/ajax/oidc/backchannel_logout"
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
         protocolMappers:
           - name: "context"
             protocol: "openid-connect"

helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl

@@ -630,7 +630,7 @@ stack-data-swp:
     externalDomainName: {{ .Values.global.domain | quote }}
     externalMailDomain: {{ .Values.global.domain | quote }}
 
-    portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.istio.domain | quote }}
+    portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain | quote }}
     portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }}
     portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain | quote }}
     portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain | quote }}