sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(univention-management-stack): Update otterize helm chart

Browse Source
This commit is contained in:
Dominik Kaminski
2024-04-07 17:02:34 +02:00
parent 81ed9d9094
commit 4a23e39b6a
9 changed files with 116 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@@ -48,7 +48,9 @@ variables:
${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}" ${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}"
value: "dev" value: "dev"
MASTER_PASSWORD_WEB_VAR: MASTER_PASSWORD_WEB_VAR:
description: "Optional: Provide a seed to be used for generation of all internal secrets. Same seed will result in same secrets." description: >
Optional: Provide a seed to be used for generation of all internal secrets.
Same seed will result in same secrets.
value: "" value: ""
ENV_STOP_BEFORE: ENV_STOP_BEFORE:
description: "Stop environment/delete namespace for the deployment." description: "Stop environment/delete namespace for the deployment."

3
helmfile/apps/open-xchange/helmfile.yaml
View File

@@ -27,7 +27,8 @@ repositories:
{{ .Values.charts.openXchangeAppSuite.repository }}" {{ .Values.charts.openXchangeAppSuite.repository }}"
# openDesk Open-Xchange Bootstrap # openDesk Open-Xchange Bootstrap
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap # Source:
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap
- name: "open-xchange-bootstrap-repo" - name: "open-xchange-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg" keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }}

4
helmfile/apps/univention-management-stack/helmfile.yaml
View File

@@ -40,8 +40,8 @@ releases:
version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}" version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}"
values: values:
- "values-opendesk-keycloak-bootstrap.yaml.gotmpl" - "values-opendesk-keycloak-bootstrap.yaml.gotmpl"
# needs: needs:
# - "ums" - "ums"
installed: {{ .Values.univentionManagementStack.enabled }} installed: {{ .Values.univentionManagementStack.enabled }}
timeout: 900 timeout: 900

0
helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl
View File

141
helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl
View File

@@ -151,6 +151,14 @@ ldap-notifier:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
replicaCount: {{ .Values.replicas.umsLdapNotifier }}
resources:
{{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }}
securityContext:
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }}
volumes: volumes:
claims: claims:
shared-data: "shared-data-ums-ldap-server-0" shared-data: "shared-data-ums-ldap-server-0"
@@ -160,14 +168,15 @@ ldap-server:
enabled: true enabled: true
additionalAnnotations: additionalAnnotations:
intents.otterize.com/service-name: "ums-ldap-server" intents.otterize.com/service-name: "ums-ldap-server"
replicaCount: {{ .Values.replicas.umsLdapServer }}
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
waitForDependency: waitForDependency:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
repository: {{ .Values.images.umsWaitForDependency.repository }} repository: {{ .Values.images.umsWaitForDependency.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }} imagePullPolicy: {{ .Values.global.imagePullPolicy }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
@@ -176,17 +185,17 @@ ldap-server:
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }}
repository: {{ .Values.images.umsLdapServer.repository | quote }} repository: {{ .Values.images.umsLdapServer.repository | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
config: config:
domainName: "{{ .Release.Namespace }}.gaia.open-desk.cloud" domainName: "{{ .Release.Namespace }}.{{ .Values.global.domain}}"
ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
samlMetadataUrl: "http://ums-keycloak:8080/realms/opendesk/protocol/saml/descriptor" samlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
samlMetadataUrlInternal: "http://ums-keycloak:8080/realms/opendesk/protocol/saml/descriptor" samlMetadataUrlInternal: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
samlServiceProviders: "http://ums-keycloak:8000/univention/saml/metadata,http://ums-keycloak:8000/auth/realms/opendesk" samlServiceProviders: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
credentialSecret: credentialSecret:
name: ums-ldap-credentials name: ums-ldap-credentials
key: adminPassword key: adminPassword
@@ -228,7 +237,7 @@ notifications-api:
intents.otterize.com/service-name: "ums-notifications-api" intents.otterize.com/service-name: "ums-notifications-api"
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsNotificationsApi.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsNotificationsApi.registry | quote }}
repository: {{ .Values.images.umsNotificationsApi.repository }} repository: {{ .Values.images.umsNotificationsApi.repository }}
@@ -247,6 +256,7 @@ notifications-api:
username: {{ .Values.databases.umsNotificationsApi.username | quote }} username: {{ .Values.databases.umsNotificationsApi.username | quote }}
database: {{ .Values.databases.umsNotificationsApi.name | quote }} database: {{ .Values.databases.umsNotificationsApi.name | quote }}
existingSecret: "ums-notifications-api-postgresql-credentials" existingSecret: "ums-notifications-api-postgresql-credentials"
replicaCount: {{ .Values.replicas.umsNotificationsApi }}
notificationsapi: notificationsapi:
apply_database_migrations: "True" apply_database_migrations: "True"
dev_mode: "False" dev_mode: "False"
@@ -255,7 +265,7 @@ notifications-api:
sql_echo: "False" sql_echo: "False"
api_prefix: "/univention/portal/notifications-api" api_prefix: "/univention/portal/notifications-api"
resources: resources:
{{ .Values.resources.umsNotificationsApi | toYaml | nindent 2 }} {{ .Values.resources.umsNotificationsApi | toYaml | nindent 4 }}
portal-frontend: portal-frontend:
enabled: true enabled: true
@@ -263,11 +273,11 @@ portal-frontend:
intents.otterize.com/service-name: "ums-portal-frontend" intents.otterize.com/service-name: "ums-portal-frontend"
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalFrontend.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalFrontend.registry | quote }}
repository: {{ .Values.images.umsPortalFrontend.repository }} repository: {{ .Values.images.umsPortalFrontend.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }} imagePullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.umsPortalFrontend.tag }} tag: {{ .Values.images.umsPortalFrontend.tag }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
@@ -298,7 +308,7 @@ portal-frontend:
subPath: "portal_background_image.svg" subPath: "portal_background_image.svg"
replicaCount: {{ .Values.replicas.umsPortalFrontend }} replicaCount: {{ .Values.replicas.umsPortalFrontend }}
resources: resources:
{{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }} {{ .Values.resources.umsPortalFrontend | toYaml | nindent 4 }}
portal-listener: portal-listener:
enabled: true enabled: true
@@ -347,6 +357,7 @@ portal-listener:
objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }} objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }}
objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }} objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
replicaCount: {{ .Values.replicas.umsPortalListener }}
resources: resources:
{{ .Values.resources.umsPortalListener | toYaml | nindent 4 }} {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
@@ -385,11 +396,11 @@ portal-server:
intents.otterize.com/service-name: "ums-portal-server" intents.otterize.com/service-name: "ums-portal-server"
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalServer.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalServer.registry | quote }}
repository: {{ .Values.images.umsPortalServer.repository }} repository: {{ .Values.images.umsPortalServer.repository }}
pullPolicy: {{ .Values.global.imagePullPolicy }} imagePullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.umsPortalServer.tag }} tag: {{ .Values.images.umsPortalServer.tag }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
@@ -403,7 +414,7 @@ portal-server:
umcGetUrl: "http://ums-umc-server/get" umcGetUrl: "http://ums-umc-server/get"
umcSessionUrl: "http://ums-umc-server/get/session-info" umcSessionUrl: "http://ums-umc-server/get/session-info"
objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
objectStorageBucket: "ums" objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
centralNavigation: centralNavigation:
enabled: true enabled: true
credentialSecret: credentialSecret:
@@ -424,7 +435,7 @@ portal-server:
replicaCount: {{ .Values.replicas.umsPortalServer }} replicaCount: {{ .Values.replicas.umsPortalServer }}
resources: resources:
{{ .Values.resources.umsPortalServer | toYaml | nindent 2 }} {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
provisioning: provisioning:
enabled: false enabled: false
@@ -582,12 +593,12 @@ stack-data-ums:
ldapBase: {{ .Values.ldap.baseDn | quote }} ldapBase: {{ .Values.ldap.baseDn | quote }}
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
umcSamlSpFqdn: "portal.{{ .Release.Namespace }}.gaia.open-desk.cloud" umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }} idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }} ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }} initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }}
initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }} initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }}
umcPostgresqlHostname: {{ .Values.databases.umsNotificationsApi.host | quote }} umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }}
umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }} umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }}
umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }} umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }}
umcMemcachedUsername: "" umcMemcachedUsername: ""
@@ -606,7 +617,7 @@ stack-data-swp:
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
stackDataContext: stackDataContext:
ldapBase: "dc=swp-ldap,dc=internal" ldapBase: {{ .Values.ldap.baseDn }}
oxDefaultContext: "1" oxDefaultContext: "1"
smtpStartTls: true smtpStartTls: true
ldapSearchUsers: ldapSearchUsers:
@@ -615,10 +626,10 @@ stack-data-swp:
password: {{ $password | quote }} password: {{ $password | quote }}
lastname: "LDAP-Search-User" lastname: "LDAP-Search-User"
{{- end }} {{- end }}
externalDomainName: {{ .Values.global.domain | quote }} externalDomainName: {{ .Values.global.domain | quote }}
externalMailDomain: {{ .Values.global.domain | quote }} externalMailDomain: {{ .Values.global.domain | quote }}
portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.istio.domain | quote }} portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.istio.domain | quote }}
portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }} portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }}
portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain | quote }} portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain | quote }}
@@ -627,14 +638,14 @@ stack-data-swp:
portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain | quote }} portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain | quote }}
portalTitleDE: "{{ .Values.theme.texts.productName }} Portal" portalTitleDE: "{{ .Values.theme.texts.productName }} Portal"
portalTitleEN: "{{ .Values.theme.texts.productName }} Portal" portalTitleEN: "{{ .Values.theme.texts.productName }} Portal"
smtpHost: {{ .Values.smtp.host | quote }} smtpHost: {{ .Values.smtp.host | quote }}
smtpPort: {{ .Values.smtp.port | quote }} smtpPort: {{ .Values.smtp.port | quote }}
smtpUser: {{ .Values.smtp.username | quote }} smtpUser: {{ .Values.smtp.username | quote }}
userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }} userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }}
adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }} adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
stackDataSwp: stackDataSwp:
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
systemInformation: systemInformation:
@@ -670,33 +681,35 @@ selfservice-listener:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
selfserviceListener: selfserviceListener:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceListener.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceListener.registry | quote }}
repository: {{ .Values.images.umsSelfserviceListener.repository | quote }} repository: {{ .Values.images.umsSelfserviceListener.repository | quote }}
tag: {{ .Values.images.umsSelfserviceListener.tag | quote }} tag: {{ .Values.images.umsSelfserviceListener.tag | quote }}
selfserviceInvitation: selfserviceInvitation:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }}
repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }} repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }}
tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }} tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }}
waitForDependency: waitForDependency:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
repository: {{ .Values.images.umsWaitForDependency.repository | quote }} repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.umsWaitForDependency.tag | quote }} tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
persistence: persistence:
storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }} storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: {{ .Values.persistence.size.univentionManagementStack.selfserviceListener | quote }} size: {{ .Values.persistence.size.univentionManagementStack.selfserviceListener | quote }}
resources: resources:
{{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }} {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }}
resourcesDependencyWaiter: resourcesDependencyWaiter:
{{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }} {{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.umsSelfserviceListener }}
selfserviceListener: selfserviceListener:
ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
ldapHost: {{ .Values.ldap.host | quote }} ldapHost: {{ .Values.ldap.host | quote }}
@@ -709,7 +722,7 @@ selfservice-listener:
tlsMode: "off" tlsMode: "off"
umcServerUrl: "http://ums-umc-server" umcServerUrl: "http://ums-umc-server"
umcAdminUser: "default.admin" umcAdminUser: "default.admin"
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@@ -742,7 +755,7 @@ udm-rest-api:
intents.otterize.com/service-name: "ums-udm-rest-api" intents.otterize.com/service-name: "ums-udm-rest-api"
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
udmRestApi: udmRestApi:
secretRef: ums-udm-rest-api-credentials secretRef: ums-udm-rest-api-credentials
ldap: ldap:
@@ -780,6 +793,7 @@ umc-gateway:
repository: {{ .Values.images.umsUmcGateway.repository | quote }} repository: {{ .Values.images.umsUmcGateway.repository | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.umsUmcGateway.tag | quote }} tag: {{ .Values.images.umsUmcGateway.tag | quote }}
replicaCount: {{ .Values.replicas.umsUmcGateway }}
umcGateway: umcGateway:
umcHtmlTitle: "openDesk - Admin" umcHtmlTitle: "openDesk - Admin"
extraVolumes: extraVolumes:
@@ -805,10 +819,10 @@ umc-gateway:
enabled: false enabled: false
tls: tls:
enabled: false enabled: false
resources: resources:
{{ .Values.resources.umsUmcGateway | toYaml | nindent 2 }} {{ .Values.resources.umsUmcGateway | toYaml | nindent 2 }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@@ -848,6 +862,7 @@ umc-server:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }} - name: {{ . | quote }}
{{- end }} {{- end }}
replicaCount: {{ .Values.replicas.umsUmcServer }}
umcServer: umcServer:
certPemFile: "/var/secrets/ssl/tls.crt" certPemFile: "/var/secrets/ssl/tls.crt"
caCert: "Cg==" caCert: "Cg=="
@@ -919,7 +934,7 @@ umc-server:
resources: resources:
{{ .Values.resources.umsUmcServer | toYaml | nindent 2 }} {{ .Values.resources.umsUmcServer | toYaml | nindent 2 }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@@ -952,13 +967,13 @@ keycloak:
intents.otterize.com/service-name: "ums-keycloak" intents.otterize.com/service-name: "ums-keycloak"
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloak.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloak.registry | quote }}
repository: {{ .Values.images.umsKeycloak.repository | quote }} repository: {{ .Values.images.umsKeycloak.repository | quote }}
tag: {{ .Values.images.umsKeycloak.tag | quote }} tag: {{ .Values.images.umsKeycloak.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
config: config:
admin: admin:
password: {{ .Values.secrets.keycloak.adminPassword | quote }} password: {{ .Values.secrets.keycloak.adminPassword | quote }}
@@ -976,7 +991,7 @@ keycloak:
# Proxy which is used in openDesk. The setting here is just relevant when Keycloak endpoints are exposed directly # Proxy which is used in openDesk. The setting here is just relevant when Keycloak endpoints are exposed directly
# through an own ingress. # through an own ingress.
exposeAdminConsole: false exposeAdminConsole: false
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@@ -990,18 +1005,18 @@ keycloak:
runAsGroup: 1000 runAsGroup: 1000
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloak }} seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloak }}
podSecurityContext: podSecurityContext:
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch" fsGroupChangePolicy: "OnRootMismatch"
theme: theme:
univentionTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/theme.css" univentionTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/theme.css"
univentionCustomTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/css/custom.css" univentionCustomTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/css/custom.css"
favIcon: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/favicon.ico" favIcon: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/favicon.ico"
replicaCount: {{ .Values.replicas.keycloak }} replicaCount: {{ .Values.replicas.keycloak }}
resources: resources:
{{ .Values.resources.umsKeycloak | toYaml | nindent 2 }} {{ .Values.resources.umsKeycloak | toYaml | nindent 2 }}
@@ -1009,17 +1024,17 @@ keycloak-bootstrap:
enabled: true enabled: true
serviceAccount: serviceAccount:
annotations: annotations:
intended.usage: "compliance" intended.usage: "compliance"
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakBootstrap.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakBootstrap.registry | quote }}
repository: {{ .Values.images.umsKeycloakBootstrap.repository | quote }} repository: {{ .Values.images.umsKeycloakBootstrap.repository | quote }}
tag: {{ .Values.images.umsKeycloakBootstrap.tag | quote }} tag: {{ .Values.images.umsKeycloakBootstrap.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy }} imagePullPolicy: {{ .Values.global.imagePullPolicy }}
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
config: config:
keycloak: keycloak:
adminUser: "kcadmin" adminUser: "kcadmin"
@@ -1051,7 +1066,7 @@ keycloak-bootstrap:
twoFactorAuthentication: twoFactorAuthentication:
enabled: true enabled: true
group: "2fa-users" group: "2fa-users"
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -1067,15 +1082,15 @@ keycloak-bootstrap:
type: "RuntimeDefault" type: "RuntimeDefault"
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.umsKeycloakBootstrap | toYaml | nindent 6 }} {{ .Values.seLinuxOptions.umsKeycloakBootstrap | toYaml | nindent 6 }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-bootstrap" intents.otterize.com/service-name: "ums-keycloak-bootstrap"
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1000 fsGroup: 1000
fsGroupChangePolicy: "Always" fsGroupChangePolicy: "Always"
resources: resources:
{{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 2 }} {{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 2 }}
@@ -1096,6 +1111,7 @@ keycloak-extensions:
username: {{ .Values.databases.keycloakExtension.username | quote }} username: {{ .Values.databases.keycloakExtension.username | quote }}
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
handler: handler:
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-extensions-handler" intents.otterize.com/service-name: "ums-keycloak-extensions-handler"
# nameOverride: "keycloak-extensions-handler" # nameOverride: "keycloak-extensions-handler"
@@ -1130,8 +1146,9 @@ keycloak-extensions:
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler }} seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler }}
resources: resources:
{{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 4 }} {{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 6 }}
proxy: proxy:
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsProxy }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-extensions-proxy" intents.otterize.com/service-name: "ums-keycloak-extensions-proxy"
# nameOverride: "keycloak-extensions-proxy" # nameOverride: "keycloak-extensions-proxy"
@@ -1165,7 +1182,7 @@ keycloak-extensions:
name: "ums-stack-gateway" name: "ums-stack-gateway"
port: port:
name: "http" name: "http"
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }}
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
@@ -1186,7 +1203,7 @@ keycloak-extensions:
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy }} seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy }}
resources: resources:
{{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 4 }} {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
keycloak-postgresql: keycloak-postgresql:
enabled: false enabled: false
@@ -1215,11 +1232,15 @@ stack-gateway:
hostname: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} hostname: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }}
tls: false tls: false
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1001 fsGroup: 1001
replicaCount: {{ .Values.replicas.umsStackGateway }}
resources:
{{ .Values.resources.umsStackGateway | toYaml | nindent 4 }}
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsUser: 1001 runAsUser: 1001
@@ -1234,13 +1255,13 @@ stack-gateway:
seccompProfile: seccompProfile:
type: "RuntimeDefault" type: "RuntimeDefault"
seLinuxOptions: {{ .Values.seLinuxOptions.umsStackGateway }} seLinuxOptions: {{ .Values.seLinuxOptions.umsStackGateway }}
service: service:
type: "ClusterIP" type: "ClusterIP"
serviceAccount: serviceAccount:
create: true create: true
# The content of the "serverBlock" does resemble the Ingress configuration of # The content of the "serverBlock" does resemble the Ingress configuration of
# the UMS components. The "location" entries do intentionally reflect precisely # the UMS components. The "location" entries do intentionally reflect precisely
# the respective paths which are configured. # the respective paths which are configured.

2
helmfile/environments/default/charts.yaml
View File

@@ -294,7 +294,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize" repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
name: "opendesk-otterize" name: "opendesk-otterize"
version: "1.7.9" version: "2.0.0"
verify: true verify: true
oxConnector: oxConnector:
# providerCategory: 'Supplier' # providerCategory: 'Supplier'

10
helmfile/environments/default/replicas.yaml
View File

@@ -44,9 +44,19 @@ replicas:
redis: 1 redis: 1
synapse: 1 synapse: 1
synapseWeb: 1 synapseWeb: 1
umsKeycloakExtensionsHandler: 1
umsKeycloakExtensionsProxy: 1
umsLdapNotifier: 1
umsLdapServer: 1
umsNotificationsApi: 1
umsPortalFrontend: 1 umsPortalFrontend: 1
umsPortalListener: 1
umsPortalServer: 1 umsPortalServer: 1
umsSelfserviceListener: 1
umsStackGateway: 1
umsUdmRestApi: 1 umsUdmRestApi: 1
umsUmcGateway: 1
umsUmcServer: 1
wellKnown: 1 wellKnown: 1
xwiki: 1 xwiki: 1
... ...

7
helmfile/environments/default/resources.yaml
View File

@@ -501,6 +501,13 @@ resources:
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "256Mi" memory: "256Mi"
umsStackGateway:
limits:
cpu: 99
memory: "64Mi"
requests:
cpu: 0.1
memory: "16Mi"
umsUdmRestApi: umsUdmRestApi:
limits: limits:
cpu: 99 cpu: 99

10
helmfile/environments/test/values.yaml.gotmpl
View File

@@ -75,9 +75,19 @@ replicas:
redis: 42 redis: 42
synapse: 42 synapse: 42
synapseWeb: 42 synapseWeb: 42
umsKeycloakExtensionsHandler: 42
umsKeycloakExtensionsProxy: 42
umsLdapNotifier: 42
umsLdapServer: 42
umsNotificationsApi: 42
umsPortalFrontend: 42 umsPortalFrontend: 42
umsPortalListener: 42
umsPortalServer: 42 umsPortalServer: 42
umsSelfserviceListener: 42
umsStackGateway: 42
umsUdmRestApi: 42 umsUdmRestApi: 42
umsUmcGateway: 42
umsUmcServer: 42
wellKnown: 42 wellKnown: 42
xwiki: 42 xwiki: 42
... ...