From 4a23e39b6a68a53246bfc778406b3aeb902cde66 Mon Sep 17 00:00:00 2001 From: Dominik Kaminski Date: Sun, 7 Apr 2024 17:02:34 +0200 Subject: [PATCH] fix(univention-management-stack): Update otterize helm chart --- .gitlab-ci.yml | 4 +- helmfile/apps/open-xchange/helmfile.yaml | 3 +- .../univention-management-stack/helmfile.yaml | 4 +- .../values-portal-server.yaml.gotmpl | 0 .../values-umbrella.yaml.gotmpl | 141 ++++++++++-------- helmfile/environments/default/charts.yaml | 2 +- helmfile/environments/default/replicas.yaml | 10 ++ helmfile/environments/default/resources.yaml | 7 + helmfile/environments/test/values.yaml.gotmpl | 10 ++ 9 files changed, 116 insertions(+), 65 deletions(-) delete mode 100644 helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index efb2333a..ed71a5e0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,9 @@ variables: ${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}" value: "dev" MASTER_PASSWORD_WEB_VAR: - description: "Optional: Provide a seed to be used for generation of all internal secrets. Same seed will result in same secrets." + description: > + Optional: Provide a seed to be used for generation of all internal secrets. + Same seed will result in same secrets. value: "" ENV_STOP_BEFORE: description: "Stop environment/delete namespace for the deployment." diff --git a/helmfile/apps/open-xchange/helmfile.yaml b/helmfile/apps/open-xchange/helmfile.yaml index 7281f2c9..4ee573a1 100644 --- a/helmfile/apps/open-xchange/helmfile.yaml +++ b/helmfile/apps/open-xchange/helmfile.yaml @@ -27,7 +27,8 @@ repositories: {{ .Values.charts.openXchangeAppSuite.repository }}" # openDesk Open-Xchange Bootstrap - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap + # Source: + # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap - name: "open-xchange-bootstrap-repo" keyring: "../../files/gpg-pubkeys/opencode.gpg" verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/univention-management-stack/helmfile.yaml index 6591b241..9f20039a 100644 --- a/helmfile/apps/univention-management-stack/helmfile.yaml +++ b/helmfile/apps/univention-management-stack/helmfile.yaml @@ -40,8 +40,8 @@ releases: version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}" values: - "values-opendesk-keycloak-bootstrap.yaml.gotmpl" - # needs: - # - "ums" + needs: + - "ums" installed: {{ .Values.univentionManagementStack.enabled }} timeout: 900 diff --git a/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl deleted file mode 100644 index e69de29b..00000000 diff --git a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl index 6cc0c976..2b7158f2 100644 --- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl @@ -151,6 +151,14 @@ ldap-notifier: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} + replicaCount: {{ .Values.replicas.umsLdapNotifier }} + resources: + {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }} + securityContext: + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }} volumes: claims: shared-data: "shared-data-ums-ldap-server-0" @@ -160,14 +168,15 @@ ldap-server: enabled: true additionalAnnotations: intents.otterize.com/service-name: "ums-ldap-server" + replicaCount: {{ .Values.replicas.umsLdapServer }} serviceAccount: annotations: - intended.usage: "compliance" + intended.usage: "compliance" waitForDependency: image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} repository: {{ .Values.images.umsWaitForDependency.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} pullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} @@ -176,17 +185,17 @@ ldap-server: image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }} repository: {{ .Values.images.umsLdapServer.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} config: - domainName: "{{ .Release.Namespace }}.gaia.open-desk.cloud" + domainName: "{{ .Release.Namespace }}.{{ .Values.global.domain}}" ldapBaseDn: {{ .Values.ldap.baseDn | quote }} - samlMetadataUrl: "http://ums-keycloak:8080/realms/opendesk/protocol/saml/descriptor" - samlMetadataUrlInternal: "http://ums-keycloak:8080/realms/opendesk/protocol/saml/descriptor" - samlServiceProviders: "http://ums-keycloak:8000/univention/saml/metadata,http://ums-keycloak:8000/auth/realms/opendesk" + samlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} + samlMetadataUrlInternal: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} + samlServiceProviders: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }} credentialSecret: name: ums-ldap-credentials key: adminPassword @@ -228,7 +237,7 @@ notifications-api: intents.otterize.com/service-name: "ums-notifications-api" serviceAccount: annotations: - intended.usage: "compliance" + intended.usage: "compliance" image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsNotificationsApi.registry | quote }} repository: {{ .Values.images.umsNotificationsApi.repository }} @@ -247,6 +256,7 @@ notifications-api: username: {{ .Values.databases.umsNotificationsApi.username | quote }} database: {{ .Values.databases.umsNotificationsApi.name | quote }} existingSecret: "ums-notifications-api-postgresql-credentials" + replicaCount: {{ .Values.replicas.umsNotificationsApi }} notificationsapi: apply_database_migrations: "True" dev_mode: "False" @@ -255,7 +265,7 @@ notifications-api: sql_echo: "False" api_prefix: "/univention/portal/notifications-api" resources: - {{ .Values.resources.umsNotificationsApi | toYaml | nindent 2 }} + {{ .Values.resources.umsNotificationsApi | toYaml | nindent 4 }} portal-frontend: enabled: true @@ -263,11 +273,11 @@ portal-frontend: intents.otterize.com/service-name: "ums-portal-frontend" serviceAccount: annotations: - intended.usage: "compliance" + intended.usage: "compliance" image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalFrontend.registry | quote }} repository: {{ .Values.images.umsPortalFrontend.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} tag: {{ .Values.images.umsPortalFrontend.tag }} pullSecrets: {{- range .Values.global.imagePullSecrets }} @@ -298,7 +308,7 @@ portal-frontend: subPath: "portal_background_image.svg" replicaCount: {{ .Values.replicas.umsPortalFrontend }} resources: - {{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }} + {{ .Values.resources.umsPortalFrontend | toYaml | nindent 4 }} portal-listener: enabled: true @@ -347,6 +357,7 @@ portal-listener: objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }} objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }} + replicaCount: {{ .Values.replicas.umsPortalListener }} resources: {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }} @@ -385,11 +396,11 @@ portal-server: intents.otterize.com/service-name: "ums-portal-server" serviceAccount: annotations: - intended.usage: "compliance" + intended.usage: "compliance" image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalServer.registry | quote }} repository: {{ .Values.images.umsPortalServer.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} tag: {{ .Values.images.umsPortalServer.tag }} pullSecrets: {{- range .Values.global.imagePullSecrets }} @@ -403,7 +414,7 @@ portal-server: umcGetUrl: "http://ums-umc-server/get" umcSessionUrl: "http://ums-umc-server/get/session-info" objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} - objectStorageBucket: "ums" + objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} centralNavigation: enabled: true credentialSecret: @@ -424,7 +435,7 @@ portal-server: replicaCount: {{ .Values.replicas.umsPortalServer }} resources: - {{ .Values.resources.umsPortalServer | toYaml | nindent 2 }} + {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }} provisioning: enabled: false @@ -582,12 +593,12 @@ stack-data-ums: ldapBase: {{ .Values.ldap.baseDn | quote }} ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} - umcSamlSpFqdn: "portal.{{ .Release.Namespace }}.gaia.open-desk.cloud" + umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }} ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }} initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }} initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }} - umcPostgresqlHostname: {{ .Values.databases.umsNotificationsApi.host | quote }} + umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }} umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }} umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }} umcMemcachedUsername: "" @@ -606,7 +617,7 @@ stack-data-swp: - name: {{ . | quote }} {{- end }} stackDataContext: - ldapBase: "dc=swp-ldap,dc=internal" + ldapBase: {{ .Values.ldap.baseDn }} oxDefaultContext: "1" smtpStartTls: true ldapSearchUsers: @@ -615,10 +626,10 @@ stack-data-swp: password: {{ $password | quote }} lastname: "LDAP-Search-User" {{- end }} - + externalDomainName: {{ .Values.global.domain | quote }} externalMailDomain: {{ .Values.global.domain | quote }} - + portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.istio.domain | quote }} portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }} portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain | quote }} @@ -627,14 +638,14 @@ stack-data-swp: portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain | quote }} portalTitleDE: "{{ .Values.theme.texts.productName }} Portal" portalTitleEN: "{{ .Values.theme.texts.productName }} Portal" - + smtpHost: {{ .Values.smtp.host | quote }} smtpPort: {{ .Values.smtp.port | quote }} smtpUser: {{ .Values.smtp.username | quote }} - + userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }} adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }} - + stackDataSwp: udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} systemInformation: @@ -670,33 +681,35 @@ selfservice-listener: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} - + selfserviceListener: registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceListener.registry | quote }} repository: {{ .Values.images.umsSelfserviceListener.repository | quote }} tag: {{ .Values.images.umsSelfserviceListener.tag | quote }} - + selfserviceInvitation: registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }} repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }} tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }} - + waitForDependency: registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} repository: {{ .Values.images.umsWaitForDependency.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + pullPolicy: {{ .Values.global.imagePullPolicy | quote }} tag: {{ .Values.images.umsWaitForDependency.tag | quote }} - + persistence: storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }} size: {{ .Values.persistence.size.univentionManagementStack.selfserviceListener | quote }} - + resources: {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }} - + resourcesDependencyWaiter: {{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }} - + + replicaCount: {{ .Values.replicas.umsSelfserviceListener }} + selfserviceListener: ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapHost: {{ .Values.ldap.host | quote }} @@ -709,7 +722,7 @@ selfservice-listener: tlsMode: "off" umcServerUrl: "http://ums-umc-server" umcAdminUser: "default.admin" - + securityContext: allowPrivilegeEscalation: false capabilities: @@ -742,7 +755,7 @@ udm-rest-api: intents.otterize.com/service-name: "ums-udm-rest-api" serviceAccount: annotations: - intended.usage: "compliance" + intended.usage: "compliance" udmRestApi: secretRef: ums-udm-rest-api-credentials ldap: @@ -780,6 +793,7 @@ umc-gateway: repository: {{ .Values.images.umsUmcGateway.repository | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} tag: {{ .Values.images.umsUmcGateway.tag | quote }} + replicaCount: {{ .Values.replicas.umsUmcGateway }} umcGateway: umcHtmlTitle: "openDesk - Admin" extraVolumes: @@ -805,10 +819,10 @@ umc-gateway: enabled: false tls: enabled: false - + resources: {{ .Values.resources.umsUmcGateway | toYaml | nindent 2 }} - + securityContext: allowPrivilegeEscalation: false capabilities: @@ -848,6 +862,7 @@ umc-server: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} + replicaCount: {{ .Values.replicas.umsUmcServer }} umcServer: certPemFile: "/var/secrets/ssl/tls.crt" caCert: "Cg==" @@ -919,7 +934,7 @@ umc-server: resources: {{ .Values.resources.umsUmcServer | toYaml | nindent 2 }} - + securityContext: allowPrivilegeEscalation: false capabilities: @@ -952,13 +967,13 @@ keycloak: intents.otterize.com/service-name: "ums-keycloak" serviceAccount: annotations: - intended.usage: "compliance" + intended.usage: "compliance" image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloak.registry | quote }} repository: {{ .Values.images.umsKeycloak.repository | quote }} tag: {{ .Values.images.umsKeycloak.tag | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + config: admin: password: {{ .Values.secrets.keycloak.adminPassword | quote }} @@ -976,7 +991,7 @@ keycloak: # Proxy which is used in openDesk. The setting here is just relevant when Keycloak endpoints are exposed directly # through an own ingress. exposeAdminConsole: false - + containerSecurityContext: allowPrivilegeEscalation: false capabilities: @@ -990,18 +1005,18 @@ keycloak: runAsGroup: 1000 runAsNonRoot: true seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloak }} - + podSecurityContext: fsGroup: 1000 fsGroupChangePolicy: "OnRootMismatch" - + theme: univentionTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/theme.css" univentionCustomTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/css/custom.css" favIcon: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/favicon.ico" - + replicaCount: {{ .Values.replicas.keycloak }} - + resources: {{ .Values.resources.umsKeycloak | toYaml | nindent 2 }} @@ -1009,17 +1024,17 @@ keycloak-bootstrap: enabled: true serviceAccount: annotations: - intended.usage: "compliance" + intended.usage: "compliance" image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakBootstrap.registry | quote }} repository: {{ .Values.images.umsKeycloakBootstrap.repository | quote }} tag: {{ .Values.images.umsKeycloakBootstrap.tag | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy }} - + cleanup: deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} - + config: keycloak: adminUser: "kcadmin" @@ -1051,7 +1066,7 @@ keycloak-bootstrap: twoFactorAuthentication: enabled: true group: "2fa-users" - + containerSecurityContext: enabled: true allowPrivilegeEscalation: false @@ -1067,15 +1082,15 @@ keycloak-bootstrap: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakBootstrap | toYaml | nindent 6 }} - + podAnnotations: intents.otterize.com/service-name: "ums-keycloak-bootstrap" - + podSecurityContext: enabled: true fsGroup: 1000 fsGroupChangePolicy: "Always" - + resources: {{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 2 }} @@ -1096,6 +1111,7 @@ keycloak-extensions: username: {{ .Values.databases.keycloakExtension.username | quote }} password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} handler: + replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }} podAnnotations: intents.otterize.com/service-name: "ums-keycloak-extensions-handler" # nameOverride: "keycloak-extensions-handler" @@ -1130,8 +1146,9 @@ keycloak-extensions: runAsNonRoot: true seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler }} resources: - {{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 4 }} + {{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 6 }} proxy: + replicaCount: {{ .Values.replicas.umsKeycloakExtensionsProxy }} podAnnotations: intents.otterize.com/service-name: "ums-keycloak-extensions-proxy" # nameOverride: "keycloak-extensions-proxy" @@ -1165,7 +1182,7 @@ keycloak-extensions: name: "ums-stack-gateway" port: name: "http" - + enabled: {{ .Values.ingress.enabled }} ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" @@ -1186,7 +1203,7 @@ keycloak-extensions: runAsNonRoot: true seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy }} resources: - {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 4 }} + {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }} keycloak-postgresql: enabled: false @@ -1215,11 +1232,15 @@ stack-gateway: hostname: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} tls: false - + podSecurityContext: enabled: true fsGroup: 1001 - + replicaCount: {{ .Values.replicas.umsStackGateway }} + + resources: + {{ .Values.resources.umsStackGateway | toYaml | nindent 4 }} + containerSecurityContext: enabled: true runAsUser: 1001 @@ -1234,13 +1255,13 @@ stack-gateway: seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.umsStackGateway }} - + service: type: "ClusterIP" - + serviceAccount: create: true - + # The content of the "serverBlock" does resemble the Ingress configuration of # the UMS components. The "location" entries do intentionally reflect precisely # the respective paths which are configured. diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index ce95fcf5..906db57e 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -294,7 +294,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize" name: "opendesk-otterize" - version: "1.7.9" + version: "2.0.0" verify: true oxConnector: # providerCategory: 'Supplier' diff --git a/helmfile/environments/default/replicas.yaml b/helmfile/environments/default/replicas.yaml index bb2a7ba1..ad6b1a8e 100644 --- a/helmfile/environments/default/replicas.yaml +++ b/helmfile/environments/default/replicas.yaml @@ -44,9 +44,19 @@ replicas: redis: 1 synapse: 1 synapseWeb: 1 + umsKeycloakExtensionsHandler: 1 + umsKeycloakExtensionsProxy: 1 + umsLdapNotifier: 1 + umsLdapServer: 1 + umsNotificationsApi: 1 umsPortalFrontend: 1 + umsPortalListener: 1 umsPortalServer: 1 + umsSelfserviceListener: 1 + umsStackGateway: 1 umsUdmRestApi: 1 + umsUmcGateway: 1 + umsUmcServer: 1 wellKnown: 1 xwiki: 1 ... diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml index a1b48340..89993741 100644 --- a/helmfile/environments/default/resources.yaml +++ b/helmfile/environments/default/resources.yaml @@ -501,6 +501,13 @@ resources: requests: cpu: 0.1 memory: "256Mi" + umsStackGateway: + limits: + cpu: 99 + memory: "64Mi" + requests: + cpu: 0.1 + memory: "16Mi" umsUdmRestApi: limits: cpu: 99 diff --git a/helmfile/environments/test/values.yaml.gotmpl b/helmfile/environments/test/values.yaml.gotmpl index fdbd14e4..e7043098 100644 --- a/helmfile/environments/test/values.yaml.gotmpl +++ b/helmfile/environments/test/values.yaml.gotmpl @@ -75,9 +75,19 @@ replicas: redis: 42 synapse: 42 synapseWeb: 42 + umsKeycloakExtensionsHandler: 42 + umsKeycloakExtensionsProxy: 42 + umsLdapNotifier: 42 + umsLdapServer: 42 + umsNotificationsApi: 42 umsPortalFrontend: 42 + umsPortalListener: 42 umsPortalServer: 42 + umsSelfserviceListener: 42 + umsStackGateway: 42 umsUdmRestApi: 42 + umsUmcGateway: 42 + umsUmcServer: 42 wellKnown: 42 xwiki: 42 ...