sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(univention-management-stack): Update otterize helm chart

Browse Source
This commit is contained in:
Dominik Kaminski
2024-04-07 17:02:34 +02:00
parent 81ed9d9094
commit 4a23e39b6a
9 changed files with 116 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -48,7 +48,9 @@ variables:
${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}" ${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}"
value: "dev" value: "dev"
MASTER_PASSWORD_WEB_VAR: MASTER_PASSWORD_WEB_VAR:
description: "Optional: Provide a seed to be used for generation of all internal secrets. Same seed will result in same secrets." description: >
Optional: Provide a seed to be used for generation of all internal secrets.
Same seed will result in same secrets.
value: "" value: ""
ENV_STOP_BEFORE: ENV_STOP_BEFORE:
description: "Stop environment/delete namespace for the deployment." description: "Stop environment/delete namespace for the deployment."

3
helmfile/apps/open-xchange/helmfile.yaml
View File

@@ -27,7 +27,8 @@ repositories:
{{ .Values.charts.openXchangeAppSuite.repository }}" {{ .Values.charts.openXchangeAppSuite.repository }}"
# openDesk Open-Xchange Bootstrap # openDesk Open-Xchange Bootstrap
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap # Source:
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap
- name: "open-xchange-bootstrap-repo" - name: "open-xchange-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg" keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }}

4
helmfile/apps/univention-management-stack/helmfile.yaml
View File

@@ -40,8 +40,8 @@ releases:
version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}" version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}"
values: values:
- "values-opendesk-keycloak-bootstrap.yaml.gotmpl" - "values-opendesk-keycloak-bootstrap.yaml.gotmpl"
# needs: needs:
# - "ums" - "ums"
installed: {{ .Values.univentionManagementStack.enabled }} installed: {{ .Values.univentionManagementStack.enabled }}
timeout: 900 timeout: 900

0
helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl
View File

59
helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
View File

@@ -151,6 +151,14 @@ ldap-notifier:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
replicaCount: {{ .Values.replicas.umsLdapNotifier }}
resources:
{{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }}
securityContext:
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }}
volumes: volumes:
claims: claims:
shared-data: "shared-data-ums-ldap-server-0" shared-data: "shared-data-ums-ldap-server-0"
@@ -160,6 +168,7 @@ ldap-server:
enabled: true enabled: true
additionalAnnotations: additionalAnnotations:
intents.otterize.com/service-name: "ums-ldap-server" intents.otterize.com/service-name: "ums-ldap-server"
replicaCount: {{ .Values.replicas.umsLdapServer }}
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
@@ -167,7 +176,7 @@ ldap-server:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
repository: {{ .Values.images.umsWaitForDependency.repository }} repository: {{ .Values.images.umsWaitForDependency.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }} imagePullPolicy: {{ .Values.global.imagePullPolicy }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
@@ -176,17 +185,17 @@ ldap-server:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }}
repository: {{ .Values.images.umsLdapServer.repository | quote }} repository: {{ .Values.images.umsLdapServer.repository | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
config: config:
domainName: "{{ .Release.Namespace }}.gaia.open-desk.cloud" domainName: "{{ .Release.Namespace }}.{{ .Values.global.domain}}"
ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
samlMetadataUrl: "http://ums-keycloak:8080/realms/opendesk/protocol/saml/descriptor" samlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
samlMetadataUrlInternal: "http://ums-keycloak:8080/realms/opendesk/protocol/saml/descriptor" samlMetadataUrlInternal: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
samlServiceProviders: "http://ums-keycloak:8000/univention/saml/metadata,http://ums-keycloak:8000/auth/realms/opendesk" samlServiceProviders: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
credentialSecret: credentialSecret:
name: ums-ldap-credentials name: ums-ldap-credentials
key: adminPassword key: adminPassword
@@ -247,6 +256,7 @@ notifications-api:
username: {{ .Values.databases.umsNotificationsApi.username | quote }} username: {{ .Values.databases.umsNotificationsApi.username | quote }}
database: {{ .Values.databases.umsNotificationsApi.name | quote }} database: {{ .Values.databases.umsNotificationsApi.name | quote }}
existingSecret: "ums-notifications-api-postgresql-credentials" existingSecret: "ums-notifications-api-postgresql-credentials"
replicaCount: {{ .Values.replicas.umsNotificationsApi }}
notificationsapi: notificationsapi:
apply_database_migrations: "True" apply_database_migrations: "True"
dev_mode: "False" dev_mode: "False"
@@ -255,7 +265,7 @@ notifications-api:
sql_echo: "False" sql_echo: "False"
api_prefix: "/univention/portal/notifications-api" api_prefix: "/univention/portal/notifications-api"
resources: resources:
{{ .Values.resources.umsNotificationsApi | toYaml | nindent 2 }} {{ .Values.resources.umsNotificationsApi | toYaml | nindent 4 }}
portal-frontend: portal-frontend:
enabled: true enabled: true
@@ -267,7 +277,7 @@ portal-frontend:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalFrontend.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalFrontend.registry | quote }}
repository: {{ .Values.images.umsPortalFrontend.repository }} repository: {{ .Values.images.umsPortalFrontend.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }} imagePullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.umsPortalFrontend.tag }} tag: {{ .Values.images.umsPortalFrontend.tag }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
@@ -298,7 +308,7 @@ portal-frontend:
subPath: "portal_background_image.svg" subPath: "portal_background_image.svg"
replicaCount: {{ .Values.replicas.umsPortalFrontend }} replicaCount: {{ .Values.replicas.umsPortalFrontend }}
resources: resources:
{{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }} {{ .Values.resources.umsPortalFrontend | toYaml | nindent 4 }}
portal-listener: portal-listener:
enabled: true enabled: true
@@ -347,6 +357,7 @@ portal-listener:
objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }} objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }}
objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }} objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
replicaCount: {{ .Values.replicas.umsPortalListener }}
resources: resources:
{{ .Values.resources.umsPortalListener | toYaml | nindent 4 }} {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
@@ -389,7 +400,7 @@ portal-server:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalServer.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalServer.registry | quote }}
repository: {{ .Values.images.umsPortalServer.repository }} repository: {{ .Values.images.umsPortalServer.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }} imagePullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.umsPortalServer.tag }} tag: {{ .Values.images.umsPortalServer.tag }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
@@ -403,7 +414,7 @@ portal-server:
umcGetUrl: "http://ums-umc-server/get" umcGetUrl: "http://ums-umc-server/get"
umcSessionUrl: "http://ums-umc-server/get/session-info" umcSessionUrl: "http://ums-umc-server/get/session-info"
objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
objectStorageBucket: "ums" objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
centralNavigation: centralNavigation:
enabled: true enabled: true
credentialSecret: credentialSecret:
@@ -424,7 +435,7 @@ portal-server:
replicaCount: {{ .Values.replicas.umsPortalServer }} replicaCount: {{ .Values.replicas.umsPortalServer }}
resources: resources:
{{ .Values.resources.umsPortalServer | toYaml | nindent 2 }} {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
provisioning: provisioning:
enabled: false enabled: false
@@ -582,12 +593,12 @@ stack-data-ums:
ldapBase: {{ .Values.ldap.baseDn | quote }} ldapBase: {{ .Values.ldap.baseDn | quote }}
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
umcSamlSpFqdn: "portal.{{ .Release.Namespace }}.gaia.open-desk.cloud" umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }} idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }} ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }} initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }}
initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }} initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }}
umcPostgresqlHostname: {{ .Values.databases.umsNotificationsApi.host | quote }} umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }}
umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }} umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }}
umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }} umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }}
umcMemcachedUsername: "" umcMemcachedUsername: ""
@@ -606,7 +617,7 @@ stack-data-swp:
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
stackDataContext: stackDataContext:
ldapBase: "dc=swp-ldap,dc=internal" ldapBase: {{ .Values.ldap.baseDn }}
oxDefaultContext: "1" oxDefaultContext: "1"
smtpStartTls: true smtpStartTls: true
ldapSearchUsers: ldapSearchUsers:
@@ -684,7 +695,7 @@ selfservice-listener:
waitForDependency: waitForDependency:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
repository: {{ .Values.images.umsWaitForDependency.repository | quote }} repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.umsWaitForDependency.tag | quote }} tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
persistence: persistence:
@@ -697,6 +708,8 @@ selfservice-listener:
resourcesDependencyWaiter: resourcesDependencyWaiter:
{{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }} {{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.umsSelfserviceListener }}
selfserviceListener: selfserviceListener:
ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
ldapHost: {{ .Values.ldap.host | quote }} ldapHost: {{ .Values.ldap.host | quote }}
@@ -780,6 +793,7 @@ umc-gateway:
repository: {{ .Values.images.umsUmcGateway.repository | quote }} repository: {{ .Values.images.umsUmcGateway.repository | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.umsUmcGateway.tag | quote }} tag: {{ .Values.images.umsUmcGateway.tag | quote }}
replicaCount: {{ .Values.replicas.umsUmcGateway }}
umcGateway: umcGateway:
umcHtmlTitle: "openDesk - Admin" umcHtmlTitle: "openDesk - Admin"
extraVolumes: extraVolumes:
@@ -848,6 +862,7 @@ umc-server:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
replicaCount: {{ .Values.replicas.umsUmcServer }}
umcServer: umcServer:
certPemFile: "/var/secrets/ssl/tls.crt" certPemFile: "/var/secrets/ssl/tls.crt"
caCert: "Cg==" caCert: "Cg=="
@@ -957,7 +972,7 @@ keycloak:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloak.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloak.registry | quote }}
repository: {{ .Values.images.umsKeycloak.repository | quote }} repository: {{ .Values.images.umsKeycloak.repository | quote }}
tag: {{ .Values.images.umsKeycloak.tag | quote }} tag: {{ .Values.images.umsKeycloak.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
config: config:
admin: admin:
@@ -1096,6 +1111,7 @@ keycloak-extensions:
username: {{ .Values.databases.keycloakExtension.username | quote }} username: {{ .Values.databases.keycloakExtension.username | quote }}
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
handler: handler:
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-extensions-handler" intents.otterize.com/service-name: "ums-keycloak-extensions-handler"
# nameOverride: "keycloak-extensions-handler" # nameOverride: "keycloak-extensions-handler"
@@ -1130,8 +1146,9 @@ keycloak-extensions:
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler }} seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler }}
resources: resources:
{{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 4 }} {{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 6 }}
proxy: proxy:
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsProxy }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-extensions-proxy" intents.otterize.com/service-name: "ums-keycloak-extensions-proxy"
# nameOverride: "keycloak-extensions-proxy" # nameOverride: "keycloak-extensions-proxy"
@@ -1186,7 +1203,7 @@ keycloak-extensions:
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy }} seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy }}
resources: resources:
{{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 4 }} {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
keycloak-postgresql: keycloak-postgresql:
enabled: false enabled: false
@@ -1219,6 +1236,10 @@ stack-gateway:
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1001 fsGroup: 1001
replicaCount: {{ .Values.replicas.umsStackGateway }}
resources:
{{ .Values.resources.umsStackGateway | toYaml | nindent 4 }}
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true

2
helmfile/environments/default/charts.yaml
View File

@@ -294,7 +294,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize" repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
name: "opendesk-otterize" name: "opendesk-otterize"
version: "1.7.9" version: "2.0.0"
verify: true verify: true
oxConnector: oxConnector:
# providerCategory: 'Supplier' # providerCategory: 'Supplier'

10
helmfile/environments/default/replicas.yaml
View File

@@ -44,9 +44,19 @@ replicas:
redis: 1 redis: 1
synapse: 1 synapse: 1
synapseWeb: 1 synapseWeb: 1
umsKeycloakExtensionsHandler: 1
umsKeycloakExtensionsProxy: 1
umsLdapNotifier: 1
umsLdapServer: 1
umsNotificationsApi: 1
umsPortalFrontend: 1 umsPortalFrontend: 1
umsPortalListener: 1
umsPortalServer: 1 umsPortalServer: 1
umsSelfserviceListener: 1
umsStackGateway: 1
umsUdmRestApi: 1 umsUdmRestApi: 1
umsUmcGateway: 1
umsUmcServer: 1
wellKnown: 1 wellKnown: 1
xwiki: 1 xwiki: 1
... ...

7
helmfile/environments/default/resources.yaml
View File

@@ -501,6 +501,13 @@ resources:
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "256Mi" memory: "256Mi"
umsStackGateway:
limits:
cpu: 99
memory: "64Mi"
requests:
cpu: 0.1
memory: "16Mi"
umsUdmRestApi: umsUdmRestApi:
limits: limits:
cpu: 99 cpu: 99

10
helmfile/environments/test/values.yaml.gotmpl
View File

@@ -75,9 +75,19 @@ replicas:
redis: 42 redis: 42
synapse: 42 synapse: 42
synapseWeb: 42 synapseWeb: 42
umsKeycloakExtensionsHandler: 42
umsKeycloakExtensionsProxy: 42
umsLdapNotifier: 42
umsLdapServer: 42
umsNotificationsApi: 42
umsPortalFrontend: 42 umsPortalFrontend: 42
umsPortalListener: 42
umsPortalServer: 42 umsPortalServer: 42
umsSelfserviceListener: 42
umsStackGateway: 42
umsUdmRestApi: 42 umsUdmRestApi: 42
umsUmcGateway: 42
umsUmcServer: 42
wellKnown: 42 wellKnown: 42
xwiki: 42 xwiki: 42
... ...