sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-07 16:01:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(helmfile): Update charts to use proper quoting

Browse Source
This commit is contained in:
Thomas Kaltenbrunner
2023-11-09 22:01:21 +00:00
committed by Dominik Kaminski
parent ea5bd0a6b7
commit 69ea840517
60 changed files with 600 additions and 612 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
helmfile/apps/collabora/values.gotmpl
View File

@@ -5,24 +5,24 @@ SPDX-License-Identifier: Apache-2.0
--- ---
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.collabora.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.collabora.repository }}"
tag: "{{ .Values.images.collabora.tag }}" tag: {{ .Values.images.collabora.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
className: "{{ .Values.ingress.ingressClassName }}" className: {{ .Values.ingress.ingressClassName | quote }}
hosts: hosts:
- host: "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}" - host: "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
paths: paths:
- path: "/" - path: "/"
pathType: "Prefix" pathType: "Prefix"
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
@@ -33,7 +33,6 @@ collabora:
aliasgroups: aliasgroups:
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443" - host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
replicaCount: {{ .Values.replicas.collabora }} replicaCount: {{ .Values.replicas.collabora }}
resources: resources:

20
helmfile/apps/element/values-element.gotmpl
View File

@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
@@ -103,18 +103,18 @@ configuration:
welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}" welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}"
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.element.repository }}" repository: {{ .Values.images.element.repository | quote }}
tag: "{{ .Values.images.element.tag }}" tag: {{ .Values.images.element.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

18
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoBoardWidget.repository }}" repository: {{ .Values.images.matrixNeoBoardWidget.repository | quote }}
tag: "{{ .Values.images.matrixNeoBoardWidget.tag }}" tag: {{ .Values.images.matrixNeoBoardWidget.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

18
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoChoiceWidget.repository }}" repository: {{ .Values.images.matrixNeoChoiceWidget.repository | quote }}
tag: "{{ .Values.images.matrixNeoChoiceWidget.tag }}" tag: {{ .Values.images.matrixNeoChoiceWidget.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

10
helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -16,8 +16,8 @@ configuration:
password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }} password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.synapseCreateUser.repository }}" url: {{ .Values.images.synapseCreateUser.repository | quote }}
tag: "{{ .Values.images.synapseCreateUser.tag }}" tag: {{ .Values.images.synapseCreateUser.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
... ...

22
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
View File

@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
@@ -15,20 +15,20 @@ configuration:
openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}" openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoDateFixBot.repository }}" repository: {{ .Values.images.matrixNeoDateFixBot.repository | quote }}
tag: "{{ .Values.images.matrixNeoDateFixBot.tag }}" tag: {{ .Values.images.matrixNeoDateFixBot.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
persistence: persistence:
size: "{{ .Values.persistence.size.matrixNeoDateFixBot }}" size: {{ .Values.persistence.size.matrixNeoDateFixBot | quote }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }} replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}

18
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoDateFixWidget.repository }}" repository: {{ .Values.images.matrixNeoDateFixWidget.repository | quote }}
tag: "{{ .Values.images.matrixNeoDateFixWidget.tag }}" tag: {{ .Values.images.matrixNeoDateFixWidget.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

12
helmfile/apps/element/values-matrix-user-verification-service-bootstrap.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -13,11 +13,11 @@ cleanup:
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }} deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
configuration: configuration:
password: {{ .Values.secrets.matrixUserVerificationService.password }} password: {{ .Values.secrets.matrixUserVerificationService.password | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.synapseCreateUser.repository }}" url: {{ .Values.images.synapseCreateUser.repository | quote }}
tag: "{{ .Values.images.synapseCreateUser.tag }}" tag: {{ .Values.images.synapseCreateUser.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
... ...

10
helmfile/apps/element/values-matrix-user-verification-service.gotmpl
View File

@@ -4,17 +4,17 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixUserVerificationService.repository }}" repository: {{ .Values.images.matrixUserVerificationService.repository | quote }}
tag: "{{ .Values.images.matrixUserVerificationService.tag }}" tag: {{ .Values.images.matrixUserVerificationService.tag | quote }}
replicaCount: {{ .Values.replicas.matrixUserVerificationService }} replicaCount: {{ .Values.replicas.matrixUserVerificationService }}

20
helmfile/apps/element/values-synapse-web.gotmpl
View File

@@ -4,26 +4,26 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.synapseWeb.repository }}" repository: {{ .Values.images.synapseWeb.repository | quote }}
tag: "{{ .Values.images.synapseWeb.tag }}" tag: {{ .Values.images.synapseWeb.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
replicaCount: {{ .Values.replicas.synapseWeb }} replicaCount: {{ .Values.replicas.synapseWeb }}

42
helmfile/apps/element/values-synapse.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.synapse.repository }}" repository: {{ .Values.images.synapse.repository | quote }}
tag: "{{ .Values.images.synapse.tag }}" tag: {{ .Values.images.synapse.tag | quote }}
configuration: configuration:
database: database:
host: "{{ .Values.databases.synapse.host }}" host: {{ .Values.databases.synapse.host | quote }}
name: "{{ .Values.databases.synapse.name }}" name: {{ .Values.databases.synapse.name | quote }}
user: "{{ .Values.databases.synapse.username }}" user: {{ .Values.databases.synapse.username | quote }}
password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }} password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
homeserver: homeserver:
@@ -37,32 +37,32 @@ configuration:
sender_localpart: intercom-service sender_localpart: intercom-service
oidc: oidc:
clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix }} clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
turn: turn:
sharedSecret: {{ .Values.turn.credentials }} sharedSecret: {{ .Values.turn.credentials | quote }}
servers: servers:
{{- if .Values.turn.tls.host }} {{- if .Values.turn.tls.host }}
- server: {{ .Values.turn.tls.host }} - server: {{ .Values.turn.tls.host | quote }}
port: {{ .Values.turn.tls.port }} port: {{ .Values.turn.tls.port }}
transport: {{ .Values.turn.transport }} transport: {{ .Values.turn.transport | quote }}
{{- else if .Values.turn.server.host }} {{- else if .Values.turn.server.host }}
- server: {{ .Values.turn.server.host }} - server: {{ .Values.turn.server.host | quote }}
port: {{ .Values.turn.server.port }} port: {{ .Values.turn.server.port }}
transport: {{ .Values.turn.transport }} transport: {{ .Values.turn.transport | quote }}
{{- end }} {{- end }}
guestModule: guestModule:
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.synapseGuestModule.repository }}" repository: {{ .Values.images.synapseGuestModule.repository | quote }}
tag: "{{ .Values.images.synapseGuestModule.tag }}" tag: {{ .Values.images.synapseGuestModule.tag | quote }}
persistence: persistence:
size: "{{ .Values.persistence.size.synapse }}" size: {{ .Values.persistence.size.synapse | quote }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
replicaCount: {{ .Values.replicas.synapse }} replicaCount: {{ .Values.replicas.synapse }}

22
helmfile/apps/element/values-well-known.gotmpl
View File

@@ -4,26 +4,26 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.wellKnown.repository }}" repository: {{ .Values.images.wellKnown.repository | quote }}
tag: "{{ .Values.images.wellKnown.tag }}" tag: {{ .Values.images.wellKnown.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.domain }}" host: {{ .Values.global.domain | quote }}
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
replicaCount: {{ .Values.replicas.wellKnown }} replicaCount: {{ .Values.replicas.wellKnown }}

2
helmfile/apps/intercom-service/helmfile.yaml
View File

@@ -19,7 +19,7 @@ repositories:
releases: releases:
- name: "intercom-service" - name: "intercom-service"
chart: "intercom-service-repo/intercom-service" chart: "intercom-service-repo/intercom-service"
version: "2.0.0" version: "2.0.1"
values: values:
- "values.gotmpl" - "values.gotmpl"
installed: {{ .Values.intercom.enabled }} installed: {{ .Values.intercom.enabled }}

32
helmfile/apps/intercom-service/values.gotmpl
View File

@@ -4,46 +4,46 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ics: ics:
secret: {{ .Values.secrets.intercom.secret }} secret: {{ .Values.secrets.intercom.secret | quote }}
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}" originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}"
default: default:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
oidc: oidc:
secret: {{ .Values.secrets.keycloak.clientSecret.intercom }} secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
matrix: matrix:
asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }} asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
subdomain: {{ .Values.global.hosts.synapse }} subdomain: {{ .Values.global.hosts.synapse | quote }}
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
nordeck: nordeck:
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot }} subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
portal: portal:
apiKey: {{ .Values.secrets.centralnavigation.apiKey }} apiKey: {{ .Values.secrets.centralnavigation.apiKey | quote }}
redis: redis:
host: {{ .Values.cache.intercomService.host }} host: {{ .Values.cache.intercomService.host | quote }}
port: {{ .Values.cache.intercomService.port }} port: {{ .Values.cache.intercomService.port }}
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }} password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
openxchange: openxchange:
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}" url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.intercom.repository }}" repository: {{ .Values.images.intercom.repository | quote }}
tag: "{{ .Values.images.intercom.tag }}" tag: {{ .Values.images.intercom.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
... ...

74
helmfile/apps/jitsi/values-jitsi.gotmpl
View File

@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
@@ -15,13 +15,13 @@ cleanup:
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.jitsiKeycloakAdapter.repository }}" repository: {{ .Values.images.jitsiKeycloakAdapter.repository | quote }}
tag: "{{ .Values.images.jitsiKeycloakAdapter.tag }}" tag: {{ .Values.images.jitsiKeycloakAdapter.tag | quote }}
settings: settings:
jwtAppSecret: "{{ .Values.secrets.jitsi.jwtAppSecret }}" jwtAppSecret: {{ .Values.secrets.jitsi.jwtAppSecret | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}
@@ -32,16 +32,16 @@ jitsi:
replicaCount: {{ .Values.replicas.jitsi }} replicaCount: {{ .Values.replicas.jitsi }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jitsi.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jitsi.repository }}"
tag: "{{ .Values.images.jitsi.tag }}" tag: {{ .Values.images.jitsi.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
hosts: hosts:
- host: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" - host: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
paths: paths:
- "/" - "/"
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
extraEnvs: extraEnvs:
@@ -51,10 +51,10 @@ jitsi:
prosody: prosody:
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.prosody.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.prosody.repository }}"
tag: "{{ .Values.images.prosody.tag }}" tag: {{ .Values.images.prosody.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
extraEnvs: extraEnvs:
- name: "AUTH_TYPE" - name: "AUTH_TYPE"
@@ -62,74 +62,74 @@ jitsi:
- name: "JWT_APP_ID" - name: "JWT_APP_ID"
value: "myappid" value: "myappid"
- name: "JWT_APP_SECRET" - name: "JWT_APP_SECRET"
value: "{{ .Values.secrets.jitsi.jwtAppSecret }}" value: {{ .Values.secrets.jitsi.jwtAppSecret | quote }}
- name: "MATRIX_UVS_SYNC_POWER_LEVELS" - name: "MATRIX_UVS_SYNC_POWER_LEVELS"
value: "true" value: "true"
- name: "MATRIX_UVS_URL" - name: "MATRIX_UVS_URL"
value: "http://opendesk-matrix-user-verification-service.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}" value: "http://opendesk-matrix-user-verification-service.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
- name: TURNS_HOST - name: TURNS_HOST
value: "{{ .Values.turn.tls.host }}" value: {{ .Values.turn.tls.host | quote }}
- name: TURNS_PORT - name: TURNS_PORT
value: "{{ .Values.turn.tls.port }}" value: {{ .Values.turn.tls.port | quote }}
- name: TURN_HOST - name: TURN_HOST
value: "{{ .Values.turn.server.host }}" value: {{ .Values.turn.server.host | quote }}
- name: TURN_PORT - name: TURN_PORT
value: "{{ .Values.turn.server.port }}" value: {{ .Values.turn.server.port | quote }}
- name: TURN_TRANSPORT - name: TURN_TRANSPORT
value: "{{ .Values.turn.transport }}" value: {{ .Values.turn.transport | quote }}
- name: TURN_CREDENTIALS - name: TURN_CREDENTIALS
value: "{{ .Values.turn.credentials }}" value: {{ .Values.turn.credentials | quote }}
resources: resources:
{{ .Values.resources.prosody | toYaml | nindent 6 }} {{ .Values.resources.prosody | toYaml | nindent 6 }}
persistence: persistence:
size: "{{ .Values.persistence.size.prosody }}" size: {{ .Values.persistence.size.prosody | quote }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
jicofo: jicofo:
replicaCount: {{ .Values.replicas.jicofo }} replicaCount: {{ .Values.replicas.jicofo }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
tag: "{{ .Values.images.jicofo.tag }}" tag: {{ .Values.images.jicofo.tag | quote }}
xmpp: xmpp:
password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }} password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }}
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}" componentSecret: {{ .Values.secrets.jitsi.jicofoComponentPassword | quote }}
resources: resources:
{{ .Values.resources.jicofo | toYaml | nindent 6 }} {{ .Values.resources.jicofo | toYaml | nindent 6 }}
jvb: jvb:
replicaCount: {{ .Values.replicas.jvb }} replicaCount: {{ .Values.replicas.jvb }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jvb.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jvb.repository }}"
tag: "{{ .Values.images.jvb.tag }}" tag: {{ .Values.images.jvb.tag | quote }}
xmpp: xmpp:
password: "{{ .Values.secrets.jitsi.jvbAuthPassword }}" password: {{ .Values.secrets.jitsi.jvbAuthPassword | quote }}
resources: resources:
{{ .Values.resources.jvb | toYaml | nindent 6 }} {{ .Values.resources.jvb | toYaml | nindent 6 }}
service: service:
type: "{{ .Values.cluster.service.type }}" type: {{ .Values.cluster.service.type | quote }}
jibri: jibri:
replicaCount: {{ .Values.replicas.jibri }} replicaCount: {{ .Values.replicas.jibri }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jibri.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jibri.repository }}"
tag: "{{ .Values.images.jibri.tag }}" tag: {{ .Values.images.jibri.tag | quote }}
recorder: recorder:
password: "{{ .Values.secrets.jitsi.jibriRecorderPassword }}" password: {{ .Values.secrets.jitsi.jibriRecorderPassword | quote }}
xmpp: xmpp:
password: "{{ .Values.secrets.jitsi.jibriXmppPassword }}" password: {{ .Values.secrets.jitsi.jibriXmppPassword | quote }}
resources: resources:
{{ .Values.resources.jibri | toYaml | nindent 6 }} {{ .Values.resources.jibri | toYaml | nindent 6 }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
patchJVB: patchJVB:
configuration: configuration:
staticLoadbalancerIP: "{{ .Values.cluster.networking.ingressGatewayIP }}" staticLoadbalancerIP: {{ .Values.cluster.networking.ingressGatewayIP | quote }}
loadbalancerStatusField: "{{ .Values.cluster.networking.loadBalancerStatusField }}" loadbalancerStatusField: {{ .Values.cluster.networking.loadBalancerStatusField | quote }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.jitsiPatchJVB.repository }}" repository: {{ .Values.images.jitsiPatchJVB.repository | quote }}
tag: "{{ .Values.images.jitsiPatchJVB.tag }}" tag: {{ .Values.images.jitsiPatchJVB.tag | quote }}
replicaCount: {{ .Values.replicas.jitsiKeycloakAdapter }} replicaCount: {{ .Values.replicas.jitsiKeycloakAdapter }}
resources: resources:

2
helmfile/apps/keycloak-bootstrap/helmfile.yaml
View File

@@ -21,7 +21,7 @@ repositories:
releases: releases:
- name: "opendesk-keycloak-bootstrap" - name: "opendesk-keycloak-bootstrap"
chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap" chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
version: "1.1.11" version: "1.1.12"
values: values:
- "values-bootstrap.gotmpl" - "values-bootstrap.gotmpl"
- "values-bootstrap.yaml" - "values-bootstrap.yaml"

12
helmfile/apps/keycloak-bootstrap/values-bootstrap.gotmpl
View File

@@ -4,10 +4,10 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -20,10 +20,10 @@ config:
password: {{ .Values.secrets.keycloak.adminPassword | quote }} password: {{ .Values.secrets.keycloak.adminPassword | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloakBootstrap.repository }}" repository: {{ .Values.images.keycloakBootstrap.repository | quote }}
tag: "{{ .Values.images.keycloakBootstrap.tag }}" tag: {{ .Values.images.keycloakBootstrap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.keycloakBootstrap | toYaml | nindent 2 }} {{ .Values.resources.keycloakBootstrap | toYaml | nindent 2 }}

37
helmfile/apps/keycloak/values-extensions.gotmpl
View File

@@ -8,39 +8,38 @@ global:
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
postgresql: postgresql:
connection: connection:
host: "{{ .Values.databases.keycloakExtension.host }}" host: {{ .Values.databases.keycloakExtension.host | quote }}
port: "{{ .Values.databases.keycloakExtension.port }}" port: {{ .Values.databases.keycloakExtension.port }}
auth: auth:
database: "{{ .Values.databases.keycloakExtension.name }}" database: {{ .Values.databases.keycloakExtension.name | quote }}
username: "{{ .Values.databases.keycloakExtension.username }}" username: {{ .Values.databases.keycloakExtension.username | quote }}
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
handler: handler:
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloakExtensionHandler.repository }}" repository: {{ .Values.images.keycloakExtensionHandler.repository | quote }}
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}" tag: {{ .Values.images.keycloakExtensionHandler.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
appConfig: appConfig:
smtpPassword: {{ .Values.smtp.password | quote }} smtpPassword: {{ .Values.smtp.password | quote }}
smtpHost: "{{ .Values.smtp.host }}" smtpHost: {{ .Values.smtp.host | quote }}
smtpUsername: "{{ .Values.smtp.username }}" smtpUsername: {{ .Values.smtp.username | quote }}
mailFrom: "noreply@{{ .Values.global.domain }}" mailFrom: "noreply@{{ .Values.global.domain }}"
resources: resources:
{{ .Values.resources.keycloakExtension | toYaml | nindent 4 }} {{ .Values.resources.keycloakExtension | toYaml | nindent 4 }}
proxy: proxy:
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloakExtensionProxy.repository }}" repository: {{ .Values.images.keycloakExtensionProxy.repository | quote }}
tag: "{{ .Values.images.keycloakExtensionProxy.tag }}" tag: {{ .Values.images.keycloakExtensionProxy.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
resources: resources:
{{ .Values.resources.keycloakProxy | toYaml | nindent 4 }} {{ .Values.resources.keycloakProxy | toYaml | nindent 4 }}
... ...

36
helmfile/apps/keycloak/values-keycloak.gotmpl
View File

@@ -4,22 +4,22 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloak.repository }}" repository: {{ .Values.images.keycloak.repository | quote }}
tag: "{{ .Values.images.keycloak.tag }}" tag: {{ .Values.images.keycloak.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
externalDatabase: externalDatabase:
host: "{{ .Values.databases.keycloak.host }}" host: {{ .Values.databases.keycloak.host | quote }}
port: {{ .Values.databases.keycloak.port }} port: {{ .Values.databases.keycloak.port }}
user: "{{ .Values.databases.keycloak.username }}" user: {{ .Values.databases.keycloak.username | quote }}
database: "{{ .Values.databases.keycloak.name }}" database: {{ .Values.databases.keycloak.name | quote }}
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }} password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
auth: auth:
@@ -34,7 +34,7 @@ keycloakConfigCli:
- name: "LDAP_USERS_DN" - name: "LDAP_USERS_DN"
value: "cn=users,dc=swp-ldap,dc=internal" value: "cn=users,dc=swp-ldap,dc=internal"
- name: "LDAP_SERVER_URL" - name: "LDAP_SERVER_URL"
value: "{{ .Values.global.ldap.host }}" value: {{ .Values.global.ldap.host | quote }}
- name: "IDENTIFIER" - name: "IDENTIFIER"
value: "souvap" value: "souvap"
- name: "THEME" - name: "THEME"
@@ -62,23 +62,23 @@ keycloakConfigCli:
- name: "INTERCOM_SERVICE_DOMAIN" - name: "INTERCOM_SERVICE_DOMAIN"
value: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}" value: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
- name: "CLIENT_SECRET_INTERCOM_PASSWORD" - name: "CLIENT_SECRET_INTERCOM_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.intercom }} value: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
- name: "CLIENT_SECRET_MATRIX_PASSWORD" - name: "CLIENT_SECRET_MATRIX_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.matrix }} value: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
- name: "CLIENT_SECRET_JITSI_PASSWORD" - name: "CLIENT_SECRET_JITSI_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.jitsi }} value: {{ .Values.secrets.keycloak.clientSecret.jitsi | quote }}
- name: "CLIENT_SECRET_NCOIDC_PASSWORD" - name: "CLIENT_SECRET_NCOIDC_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc }} value: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
- name: "CLIENT_SECRET_OPENPROJECT_PASSWORD" - name: "CLIENT_SECRET_OPENPROJECT_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.openproject }} value: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
- name: "CLIENT_SECRET_XWIKI_PASSWORD" - name: "CLIENT_SECRET_XWIKI_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.xwiki }} value: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
- name: "CLIENT_SECRET_AS8OIDC_PASSWORD" - name: "CLIENT_SECRET_AS8OIDC_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.as8oidc }} value: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
- name: "KEYCLOAK_STORAGEPROVICER_UCSLDAP_NAME" - name: "KEYCLOAK_STORAGEPROVICER_UCSLDAP_NAME"
value: "storage_provider_ucsldap" value: "storage_provider_ucsldap"
- name: "LDAPSEARCH_PASSWORD" - name: "LDAPSEARCH_PASSWORD"
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak }} value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
- name: "LDAPSEARCH_USERNAME" - name: "LDAPSEARCH_USERNAME"
value: "ldapsearch_keycloak" value: "ldapsearch_keycloak"
resources: resources:

2
helmfile/apps/keycloak/values-theme.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}

38
helmfile/apps/nextcloud/values-bootstrap.gotmpl
View File

@@ -4,11 +4,11 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
istioDomain: "{{ .Values.istio.domain }}" istioDomain: {{ .Values.istio.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -30,19 +30,19 @@ config:
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }} password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
database: database:
host: "{{ .Values.databases.nextcloud.host }}" host: {{ .Values.databases.nextcloud.host | quote }}
name: "{{ .Values.databases.nextcloud.name }}" name: {{ .Values.databases.nextcloud.name | quote }}
user: "{{ .Values.databases.nextcloud.username }}" user: {{ .Values.databases.nextcloud.username | quote }}
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
ldapSearch: ldapSearch:
host: "{{ .Values.global.ldap.host }}" host: {{ .Values.global.ldap.host | quote }}
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}" password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
smtp: smtp:
host: "{{ .Values.smtp.host }}" host: {{ .Values.smtp.host | quote }}
username: "{{ .Values.smtp.username }}" username: {{ .Values.smtp.username | quote }}
password: "{{ .Values.smtp.password }}" password: {{ .Values.smtp.password | quote }}
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
@@ -50,24 +50,24 @@ cleanup:
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.nextcloud.repository }}" repository: {{ .Values.images.nextcloud.repository | quote }}
tag: "{{ .Values.images.nextcloud.tag }}" tag: {{ .Values.images.nextcloud.tag | quote }}
persistence: persistence:
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
accessModes: accessModes:
- "ReadWriteMany" - "ReadWriteMany"
storageClass: "{{ .Values.persistence.storageClassNames.RWX }}" storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }}
{{- else }} {{- else }}
accessModes: accessModes:
- "ReadWriteOnce" - "ReadWriteOnce"
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
{{- end }} {{- end }}
size: size:
main: "{{ .Values.persistence.size.nextcloud.main }}" main: {{ .Values.persistence.size.nextcloud.main | quote }}
data: "{{ .Values.persistence.size.nextcloud.data }}" data: {{ .Values.persistence.size.nextcloud.data | quote }}
resources: resources:
{{ .Values.resources.nextcloud | toYaml | nindent 2 }} {{ .Values.resources.nextcloud | toYaml | nindent 2 }}

16
helmfile/apps/nextcloud/values-nextcloud.gotmpl
View File

@@ -8,9 +8,9 @@ nextcloud:
username: "nextcloud" username: "nextcloud"
password: {{ .Values.secrets.nextcloud.adminPassword | quote }} password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
externalDatabase: externalDatabase:
database: "{{ .Values.databases.nextcloud.name }}" database: {{ .Values.databases.nextcloud.name | quote }}
user: "{{ .Values.databases.nextcloud.username }}" user: {{ .Values.databases.nextcloud.username | quote }}
host: "{{ .Values.databases.nextcloud.host }}" host: {{ .Values.databases.nextcloud.host | quote }}
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
extraEnv: extraEnv:
REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }} REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }}
@@ -22,20 +22,20 @@ redis:
password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }} password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
className: {{ .Values.ingress.ingressClassName }} className: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.nextcloud.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.nextcloud.repository }}"
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.nextcloud.tag }}" tag: {{ .Values.images.nextcloud.tag | quote }}
pullSecrets: pullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
metrics: metrics:
token: "{{ .Values.secrets.nextcloud.metricsToken }}" token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
replicaCount: {{ .Values.replicas.nextcloud }} replicaCount: {{ .Values.replicas.nextcloud }}

2
helmfile/apps/open-xchange/helmfile.yaml
View File

@@ -35,7 +35,7 @@ repositories:
releases: releases:
- name: "dovecot" - name: "dovecot"
chart: "opendesk-dovecot-repo/dovecot" chart: "opendesk-dovecot-repo/dovecot"
version: "1.3.1" version: "1.3.4"
values: values:
- "values-dovecot.yaml" - "values-dovecot.yaml"
- "values-dovecot.gotmpl" - "values-dovecot.gotmpl"

26
helmfile/apps/open-xchange/values-dovecot.gotmpl
View File

@@ -4,31 +4,31 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.dovecot.repository }}" url: {{ .Values.images.dovecot.repository | quote }}
tag: "{{ .Values.images.dovecot.tag }}" tag: {{ .Values.images.dovecot.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
dovecot: dovecot:
mailDomain: "{{ .Values.global.domain }}" mailDomain: {{ .Values.global.domain | quote }}
password: {{ .Values.secrets.dovecot.doveadm | quote }} password: {{ .Values.secrets.dovecot.doveadm | quote }}
ldap: ldap:
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal" dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
host: "{{ .Values.global.ldap.host }}" host: {{ .Values.global.ldap.host | quote }}
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }} password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
oidc: oidc:
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect" introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc }} clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
clientID: "as8oidc" clientID: "as8oidc"
loginTrustedNetworks: "{{ .Values.cluster.networking.cidr }}" loginTrustedNetworks: {{ .Values.cluster.networking.cidr | quote }}
certificate: certificate:
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
replicaCount: {{ .Values.replicas.dovecot }} replicaCount: {{ .Values.replicas.dovecot }}
@@ -38,15 +38,15 @@ replicaCount: 1
persistence: persistence:
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWX }}" storageClassName: {{ .Values.persistence.storageClassNames.RWX | quote }}
accessModes: accessModes:
- "ReadWriteMany" - "ReadWriteMany"
{{- else }} {{- else }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
accessModes: accessModes:
- "ReadWriteOnce" - "ReadWriteOnce"
{{- end }} {{- end }}
size: "{{ .Values.persistence.size.dovecot }}" size: {{ .Values.persistence.size.dovecot | quote }}
resources: resources:
{{ .Values.resources.dovecot | toYaml | nindent 2 }} {{ .Values.resources.dovecot | toYaml | nindent 2 }}

10
helmfile/apps/open-xchange/values-openxchange-bootstrap.gotmpl
View File

@@ -8,13 +8,13 @@ cleanup:
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }} deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.openxchangeBootstrap.repository }}" url: {{ .Values.images.openxchangeBootstrap.repository | quote }}
tag: "{{ .Values.images.openxchangeBootstrap.tag }}" tag: {{ .Values.images.openxchangeBootstrap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
... ...

2
helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.gotmpl
View File

@@ -10,7 +10,7 @@ appsuite:
contactsLdapClient: contactsLdapClient:
pool: pool:
host: host:
address: "{{ .Values.global.ldap.host }}" address: {{ .Values.global.ldap.host | quote }}
port: 389 port: 389
auth: auth:
adminDN: adminDN:

106
helmfile/apps/open-xchange/values-openxchange.gotmpl
View File

@@ -4,13 +4,13 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}" hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
mysql: mysql:
host: "{{ .Values.databases.oxAppsuite.host }}" host: {{ .Values.databases.oxAppsuite.host | quote }}
database: "{{ .Values.databases.oxAppsuite.name }}" database: {{ .Values.databases.oxAppsuite.name | quote }}
auth: auth:
user: "{{ .Values.databases.oxAppsuite.username }}" user: {{ .Values.databases.oxAppsuite.username | quote }}
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
@@ -19,22 +19,22 @@ istio:
nextcloud-integration-ui: nextcloud-integration-ui:
image: image:
repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository }} repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }}
tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag }} tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
public-sector-ui: public-sector-ui:
image: image:
repository: {{ .Values.images.openxchangePublicSectorUI.repository }} repository: {{ .Values.images.openxchangePublicSectorUI.repository | quote }}
tag: {{ .Values.images.openxchangePublicSectorUI.tag }} tag: {{ .Values.images.openxchangePublicSectorUI.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
appsuite: appsuite:
istio: istio:
@@ -56,12 +56,12 @@ appsuite:
gotenberg: gotenberg:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }} repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
tag: {{ .Values.images.openxchangeGotenberg.tag }} tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
properties: properties:
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs" "com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" "com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
@@ -88,15 +88,15 @@ appsuite:
"io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/" "io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
"io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/" "io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
# Dynamic theme # Dynamic theme
io.ox/dynamic-theme//mainColor: "{{ .Values.theme.colors.primary }}" io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }}
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
io.ox/dynamic-theme//topbarBackground: "{{ .Values.theme.colors.white }}" io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }}
io.ox/dynamic-theme//topbarColor: "{{ .Values.theme.colors.black }}" io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }}
io.ox/dynamic-theme//listSelected: "{{ .Values.theme.colors.primary15 }}" io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }}
io.ox/dynamic-theme//listHover: "{{ .Values.theme.colors.secondaryGreyLight }}" io.ox/dynamic-theme//listHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
io.ox/dynamic-theme//folderBackground: "{{ .Values.theme.colors.white }}" io.ox/dynamic-theme//folderBackground: {{ .Values.theme.colors.white | quote }}
io.ox/dynamic-theme//folderSelected: "{{ .Values.theme.colors.primary15 }}" io.ox/dynamic-theme//folderSelected: {{ .Values.theme.colors.primary15 | quote }}
io.ox/dynamic-theme//folderHover: "{{ .Values.theme.colors.secondaryGreyLight }}" io.ox/dynamic-theme//folderHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
secretETCFiles: secretETCFiles:
# Format of the OX Guard master key: # Format of the OX Guard master key:
# MC+base64(20 random bytes) # MC+base64(20 random bytes)
@@ -108,27 +108,27 @@ appsuite:
auth: auth:
password: {{ .Values.secrets.redis.password | quote }} password: {{ .Values.secrets.redis.password | quote }}
image: image:
repository: {{ .Values.images.openxchangeCoreMW.repository }} repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
tag: {{ .Values.images.openxchangeCoreMW.tag }} tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
update: update:
image: image:
repository: {{ .Values.images.openxchangeCoreMW.repository }} repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
tag: {{ .Values.images.openxchangeCoreMW.tag }} tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
core-ui: core-ui:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.images.openxchangeCoreUI.repository }} repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUI.tag }} tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
core-ui-middleware: core-ui-middleware:
ingress: ingress:
@@ -137,55 +137,55 @@ appsuite:
enabled: false enabled: false
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository }} repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag }} tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
redis: redis:
auth: auth:
password: {{ .Values.secrets.redis.password | quote }} password: {{ .Values.secrets.redis.password | quote }}
core-documentconverter: core-documentconverter:
image: image:
repository: {{ .Values.images.openxchangeDocumentConverter.repository }} repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
tag: {{ .Values.images.openxchangeDocumentConverter.tag }} tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
resources: resources:
{{- .Values.resources.oxDocumentConverter | toYaml | nindent 6 }} {{- .Values.resources.oxDocumentConverter | toYaml | nindent 6 }}
core-guidedtours: core-guidedtours:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository }} repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag }} tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
core-imageconverter: core-imageconverter:
image: image:
repository: {{ .Values.images.openxchangeImageConverter.repository }} repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
tag: {{ .Values.images.openxchangeImageConverter.tag }} tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
guard-ui: guard-ui:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }} repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
tag: {{ .Values.images.openxchangeGuardUI.tag }} tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
core-user-guide: core-user-guide:
image: image:
repository: {{ .Values.images.openxchangeCoreUserGuide.repository }} repository: {{ .Values.images.openxchangeCoreUserGuide.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUserGuide.tag }} tag: {{ .Values.images.openxchangeCoreUserGuide.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
... ...

49
helmfile/apps/openproject/values.gotmpl
View File

@@ -8,10 +8,10 @@ global:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.openproject.repository }}" repository: {{ .Values.images.openproject.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.openproject.tag }}" tag: {{ .Values.images.openproject.tag | quote }}
initdb: initdb:
image: image:
@@ -22,21 +22,21 @@ initdb:
memcached: memcached:
connection: connection:
host: "{{ .Values.cache.openproject.host }}" host: {{ .Values.cache.openproject.host | quote }}
port: {{ .Values.cache.openproject.port }} port: {{ .Values.cache.openproject.port }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.memcached.repository }}" repository: {{ .Values.images.memcached.repository | quote }}
tag: "{{ .Values.images.memcached.tag }}" tag: {{ .Values.images.memcached.tag | quote }}
postgresql: postgresql:
auth: auth:
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }} password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
username: "{{ .Values.databases.openproject.username }}" username: {{ .Values.databases.openproject.username | quote }}
database: "{{ .Values.databases.openproject.name }}" database: {{ .Values.databases.openproject.name | quote }}
connection: connection:
host: "{{ .Values.databases.openproject.host }}" host: {{ .Values.databases.openproject.host | quote }}
port: "{{ .Values.databases.openproject.port }}" port: {{ .Values.databases.openproject.port }}
openproject: openproject:
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
@@ -50,39 +50,38 @@ openproject:
ingress: ingress:
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: {{ .Values.ingress.tls.enabled }} enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
environment: environment:
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: {{ .Values.secrets.keycloak.clientSecret.openproject }} OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: "{{ .Values.global.ldap.host }}" OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.global.ldap.host | quote }}
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389" OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }} OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}" OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
OPENPROJECT_SMTP__DOMAIN: "{{ .Values.global.domain }}" OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.domain | quote }}
OPENPROJECT_SMTP__USER__NAME: "{{ .Values.smtp.username }}" OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }}
OPENPROJECT_SMTP__PASSWORD: "{{ .Values.smtp.password }}" OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }}
OPENPROJECT_SMTP__PORT: "{{ .Values.smtp.port }}" OPENPROJECT_SMTP__PORT: {{ .Values.smtp.port | quote }}
OPENPROJECT_SMTP__SSL: "false" # (default=false) OPENPROJECT_SMTP__SSL: "false" # (default=false)
OPENPROJECT_SMTP__ADDRESS: "{{ .Values.smtp.host }}" OPENPROJECT_SMTP__ADDRESS: {{ .Values.smtp.host | quote }}
OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}" OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}" OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
persistence: persistence:
size: "{{ .Values.persistence.size.openproject }}" size: {{ .Values.persistence.size.openproject | quote }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWX }}" storageClassName: {{ .Values.persistence.storageClassNames.RWX | quote }}
replicaCount: {{ .Values.replicas.openproject }} replicaCount: {{ .Values.replicas.openproject }}
resources: resources:
{{ .Values.resources.openproject | toYaml | nindent 2 }} {{ .Values.resources.openproject | toYaml | nindent 2 }}
... ...

18
helmfile/apps/provisioning/values-oxconnector.gotmpl
View File

@@ -4,23 +4,23 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.oxConnector.repository }}" repository: {{ .Values.images.oxConnector.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.oxConnector.tag }}" tag: {{ .Values.images.oxConnector.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
oxConnector: oxConnector:
domainName: "{{ .Values.global.domain }}" domainName: {{ .Values.global.domain | quote }}
ldapHost: "{{ .Values.global.ldap.host }}" ldapHost: {{ .Values.global.ldap.host | quote }}
notifierServer: "{{ .Values.global.ldap.notifierHost }}" notifierServer: {{ .Values.global.ldap.notifierHost | quote }}
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))" #oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
oxMasterAdmin: "admin" oxMasterAdmin: "admin"
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}

6
helmfile/apps/services/helmfile.yaml
View File

@@ -95,7 +95,7 @@ releases:
installed: {{ .Values.memcached.enabled }} installed: {{ .Values.memcached.enabled }}
- name: "postgresql" - name: "postgresql"
chart: "postgresql-repo/postgresql" chart: "postgresql-repo/postgresql"
version: "2.0.2" version: "2.0.3"
values: values:
- "values-postgresql.yaml" - "values-postgresql.yaml"
- "values-postgresql.gotmpl" - "values-postgresql.gotmpl"
@@ -103,7 +103,7 @@ releases:
timeout: 900 timeout: 900
- name: "mariadb" - name: "mariadb"
chart: "mariadb-repo/mariadb" chart: "mariadb-repo/mariadb"
version: "2.0.2" version: "2.1.1"
values: values:
- "values-mariadb.yaml" - "values-mariadb.yaml"
- "values-mariadb.gotmpl" - "values-mariadb.gotmpl"
@@ -111,7 +111,7 @@ releases:
timeout: 900 timeout: 900
- name: "postfix" - name: "postfix"
chart: "postfix-repo/postfix" chart: "postfix-repo/postfix"
version: "2.0.3" version: "2.0.4"
values: values:
- "values-postfix.yaml" - "values-postfix.yaml"
- "values-postfix.gotmpl" - "values-postfix.gotmpl"

8
helmfile/apps/services/values-certificates.gotmpl
View File

@@ -4,19 +4,19 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
issuerRef: issuerRef:
name: "{{ .Values.certificate.issuerRef.name }}" name: {{ .Values.certificate.issuerRef.name | quote }}
{{- if .Values.istio.enabled }} {{- if .Values.istio.enabled }}
istio: istio:
enabled: {{ .Values.istio.enabled }} enabled: {{ .Values.istio.enabled }}
domain: {{ .Values.istio.domain }} domain: {{ .Values.istio.domain | quote }}
issuerRef: issuerRef:
name: "{{ .Values.istio.issuerRef.name }}" name: {{ .Values.istio.issuerRef.name | quote }}
{{- end }} {{- end }}
cleanup: cleanup:

36
helmfile/apps/services/values-clamav-distributed.gotmpl
View File

@@ -7,10 +7,10 @@ clamd:
podSecurityContext: podSecurityContext:
replicaCount: {{ .Values.replicas.clamd }} replicaCount: {{ .Values.replicas.clamd }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.clamd.repository }}" repository: {{ .Values.images.clamd.repository | quote }}
tag: "{{ .Values.images.clamd.tag }}" tag: {{ .Values.images.clamd.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.clamd | toYaml | nindent 4 }} {{ .Values.resources.clamd | toYaml | nindent 4 }}
@@ -18,10 +18,10 @@ freshclam:
podSecurityContext: podSecurityContext:
replicaCount: {{ .Values.replicas.freshclam }} replicaCount: {{ .Values.replicas.freshclam }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.freshclam.repository }}" repository: {{ .Values.images.freshclam.repository | quote }}
tag: "{{ .Values.images.freshclam.tag }}" tag: {{ .Values.images.freshclam.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.freshclam | toYaml | nindent 4 }} {{ .Values.resources.freshclam | toYaml | nindent 4 }}
@@ -32,10 +32,10 @@ global:
icap: icap:
replicaCount: {{ .Values.replicas.icap }} replicaCount: {{ .Values.replicas.icap }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.icap.repository }}" repository: {{ .Values.images.icap.repository | quote }}
tag: "{{ .Values.images.icap.tag }}" tag: {{ .Values.images.icap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.icap | toYaml | nindent 4 }} {{ .Values.resources.icap | toYaml | nindent 4 }}
@@ -43,14 +43,14 @@ milter:
podSecurityContext: podSecurityContext:
replicaCount: {{ .Values.replicas.milter }} replicaCount: {{ .Values.replicas.milter }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.milter.repository }}" repository: {{ .Values.images.milter.repository | quote }}
tag: "{{ .Values.images.milter.tag }}" tag: {{ .Values.images.milter.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.milter | toYaml | nindent 4 }} {{ .Values.resources.milter | toYaml | nindent 4 }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWX }}" storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }}
size: "{{ .Values.persistence.size.clamav }}" size: {{ .Values.persistence.size.clamav | quote }}
... ...

20
helmfile/apps/services/values-clamav-simple.gotmpl
View File

@@ -7,15 +7,15 @@ replicaCount: {{ .Values.replicas.clamav }}
image: image:
clamav: clamav:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.clamd.repository }}" repository: {{ .Values.images.clamd.repository | quote }}
tag: "{{ .Values.images.clamd.tag }}" tag: {{ .Values.images.clamd.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
icap: icap:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.icap.repository }}" repository: {{ .Values.images.icap.repository | quote }}
tag: "{{ .Values.images.icap.tag }}" tag: {{ .Values.images.icap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.clamd | toYaml | nindent 4 }} {{ .Values.resources.clamd | toYaml | nindent 4 }}
@@ -25,6 +25,6 @@ global:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.clamav }}" size: {{ .Values.persistence.size.clamav | quote }}
... ...

4
helmfile/apps/services/values-istio-gateway.gotmpl
View File

@@ -4,9 +4,9 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.istio.domain }}" domain: {{ .Values.istio.domain | quote }}
hosts: hosts:
openxchange: "{{ .Values.global.hosts.openxchange }}" openxchange: {{ .Values.global.hosts.openxchange | quote }}
tls: tls:
secretName: "{{ .Values.istio.domain }}-tls" secretName: "{{ .Values.istio.domain }}-tls"

12
helmfile/apps/services/values-mariadb.gotmpl
View File

@@ -4,14 +4,14 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
repository: "{{ .Values.images.mariadb.repository }}" repository: {{ .Values.images.mariadb.repository | quote }}
tag: "{{ .Values.images.mariadb.tag }}" tag: {{ .Values.images.mariadb.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
# Open-Xchange and XWiki require the permission to create database schemas, so they use the `root` account anyway. # Open-Xchange and XWiki require the permission to create database schemas, so they use the `root` account anyway.
# Please refer to `databases.yaml` for details. # Please refer to `databases.yaml` for details.
@@ -35,8 +35,8 @@ mariadb:
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }} rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.mariadb }}" size: {{ .Values.persistence.size.mariadb | quote }}
resources: resources:
{{ .Values.resources.mariadb | toYaml | nindent 2 }} {{ .Values.resources.mariadb | toYaml | nindent 2 }}

10
helmfile/apps/services/values-memcached.gotmpl
View File

@@ -4,15 +4,15 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.memcached.repository }}" repository: {{ .Values.images.memcached.repository | quote }}
tag: "{{ .Values.images.memcached.tag }}" tag: {{ .Values.images.memcached.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.memcached | toYaml | nindent 2 }} {{ .Values.resources.memcached | toYaml | nindent 2 }}

26
helmfile/apps/services/values-postfix.gotmpl
View File

@@ -4,28 +4,28 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
registry: {{ .Values.global.imageRegistry }} registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: {{ .Values.global.imageRegistry }} registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.postfix.repository }}" repository: {{ .Values.images.postfix.repository | quote }}
tag: "{{ .Values.images.postfix.tag }}" tag: {{ .Values.images.postfix.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
certificate: certificate:
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
postfix: postfix:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
virtualMailboxDomains: "{{ .Values.global.domain }}" virtualMailboxDomains: {{ .Values.global.domain | quote }}
overrides: overrides:
- fileName: "sasl_passwd.map" - fileName: "sasl_passwd.map"
content: content:
- "{{ .Values.smtp.host }} {{ .Values.smtp.username }}:{{ .Values.smtp.password }}" - {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
relayHost: "[{{ .Values.smtp.host }}]:587" relayHost: {{ printf "[%s]:587" .Values.smtp.host | quote }}
relayNets: {{ .Values.cluster.networking.cidr }} relayNets: {{ .Values.cluster.networking.cidr | quote}}
virtualTransport: "lmtps:dovecot:24" virtualTransport: "lmtps:dovecot:24"
smtpdSASLPath: "inet:dovecot:3659" smtpdSASLPath: "inet:dovecot:3659"
{{- if .Values.clamavDistributed.enabled }} {{- if .Values.clamavDistributed.enabled }}
@@ -35,8 +35,8 @@ postfix:
{{- end }} {{- end }}
persistence: persistence:
size: "{{ .Values.persistence.size.postfix }}" size: {{ .Values.persistence.size.postfix | quote }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote}}
replicaCount: {{ .Values.replicas.postfix }} replicaCount: {{ .Values.replicas.postfix }}

12
helmfile/apps/services/values-postgresql.gotmpl
View File

@@ -4,14 +4,14 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
registry: {{ .Values.global.imageRegistry }} registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
repository: "{{ .Values.images.postgresql.repository }}" repository: {{ .Values.images.postgresql.repository | quote }}
tag: "{{ .Values.images.postgresql.tag }}" tag: {{ .Values.images.postgresql.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
job: job:
users: users:
@@ -39,8 +39,8 @@ job:
user: "notificationsapi_user" user: "notificationsapi_user"
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.postgresql }}" size: {{ .Values.persistence.size.postgresql | quote }}
postgres: postgres:
password: {{ .Values.secrets.postgresql.postgresUser | quote }} password: {{ .Values.secrets.postgresql.postgresUser | quote }}

14
helmfile/apps/services/values-redis.gotmpl
View File

@@ -7,20 +7,20 @@ auth:
password: {{ .Values.secrets.redis.password | quote }} password: {{ .Values.secrets.redis.password | quote }}
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.redis.repository }}" repository: {{ .Values.images.redis.repository | quote }}
tag: "{{ .Values.images.redis.tag }}" tag: {{ .Values.images.redis.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
master: master:
persistence: persistence:
size: "{{ .Values.persistence.size.redis }}" size: {{ .Values.persistence.size.redis | quote }}
resources: resources:
{{ .Values.resources.redis | toYaml | nindent 4 }} {{ .Values.resources.redis | toYaml | nindent 4 }}

24
helmfile/apps/univention-corporate-container/values.gotmpl
View File

@@ -4,36 +4,36 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.univentionCorporateServer.repository }}" repository: {{ .Values.images.univentionCorporateServer.repository | quote }}
tag: "{{ .Values.images.univentionCorporateServer.tag }}" tag: {{ .Values.images.univentionCorporateServer.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: {{ .Values.ingress.tls.enabled }} enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionCorporateServer }}" size: {{ .Values.persistence.size.univentionCorporateServer | quote }}
extraEnvVars: extraEnvVars:
- name: ISTIO_DOMAIN - name: ISTIO_DOMAIN
value: {{ .Values.istio.domain }} value: {{ .Values.istio.domain | quote }}
- name: CENTRALNAVIGATION_API_SECRET - name: CENTRALNAVIGATION_API_SECRET
value: {{ .Values.secrets.centralnavigation.apiKey }} value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
- name: LDAPSEARCH_OX_USERNAME - name: LDAPSEARCH_OX_USERNAME
value: "ldapsearch_ox" value: "ldapsearch_ox"
- name: LDAPSEARCH_OX_PASSWORD - name: LDAPSEARCH_OX_PASSWORD

4
helmfile/apps/univention-management-stack/values-common.gotmpl
View File

@@ -3,12 +3,12 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0 SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
ingress: ingress:
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }} enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
# The TLS configuration is on the "master" Ingress, see "portal-frontend" # The TLS configuration is on the "master" Ingress, see "portal-frontend"
enabled: false enabled: false
secretName: "" secretName: ""
...

12
helmfile/apps/univention-management-stack/values-ldap-notifier.gotmpl
View File

@@ -3,18 +3,16 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0 SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsLdapNotifier.repository }}" repository: {{ .Values.images.umsLdapNotifier.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsLdapNotifier.tag }}" tag: {{ .Values.images.umsLdapNotifier.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:
{{ .Values.resources.umsLdapNotifier | toYaml | nindent 2 }} {{ .Values.resources.umsLdapNotifier | toYaml | nindent 2 }}
... ...

21
helmfile/apps/univention-management-stack/values-ldap-server.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
ldapServer: ldapServer:
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
ldapBaseDn: "dc=swp-ldap,dc=internal" ldapBaseDn: "dc=swp-ldap,dc=internal"
# TODO: Certificates handling # TODO: Certificates handling
@@ -19,13 +19,13 @@ ldapServer:
serviceProviders: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata" serviceProviders: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsLdapServer.repository }}" repository: {{ .Values.images.umsLdapServer.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsLdapServer.tag }}" tag: {{ .Values.images.umsLdapServer.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
waitForDependency: waitForDependency:
@@ -37,12 +37,11 @@ image:
# TODO: Pending upstream support, #199 # TODO: Pending upstream support, #199
persistence: persistence:
data: data:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.ldapServerData }}" size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
shared: shared:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.ldapServerShared }}" size: {{ .Values.persistence.size.univentionManagementStack.ldapServerShared | quote }}
resources: resources:
{{ .Values.resources.umsLdapServer | toYaml | nindent 2 }} {{ .Values.resources.umsLdapServer | toYaml | nindent 2 }}

10
helmfile/apps/univention-management-stack/values-notifications-api.gotmpl
View File

@@ -14,13 +14,13 @@ postgresql:
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }} password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry }}
repository: "{{ .Values.images.umsNotificationsApi.repository }}" repository: {{ .Values.images.umsNotificationsApi.repository }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy }}
tag: "{{ .Values.images.umsNotificationsApi.tag }}" tag: {{ .Values.images.umsNotificationsApi.tag }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

14
helmfile/apps/univention-management-stack/values-portal-frontend.gotmpl
View File

@@ -3,15 +3,14 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0 SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsPortalFrontend.repository }}" repository: {{ .Values.images.umsPortalFrontend.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsPortalFrontend.tag }}" tag: {{ .Values.images.umsPortalFrontend.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
extraIngresses: extraIngresses:
@@ -24,9 +23,8 @@ extraIngresses:
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }} enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
tls: tls:
enabled: {{ .Values.ingress.tls.enabled }} enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
resources: resources:
{{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }} {{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }}
... ...

25
helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
View File

@@ -15,8 +15,8 @@ portalListener:
ldapBaseDn: "dc=swp-ldap,dc=internal" ldapBaseDn: "dc=swp-ldap,dc=internal"
ldapHost: "{{ .Values.global.ldap.host }}" ldapHost: "{{ .Values.global.ldap.host }}"
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal" ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}" machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
notifierServer: "ums-ldap-notifier" notifierServer: "ums-ldap-notifier"
portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal" portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal"
udmApiUrl: "http://ums-udm-rest-api/udm/" udmApiUrl: "http://ums-udm-rest-api/udm/"
@@ -25,30 +25,29 @@ portalListener:
tlsMode: "off" tlsMode: "off"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsPortalListener.repository }}" repository: {{ .Values.images.umsPortalListener.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsPortalListener.tag }}" tag: {{ .Values.images.umsPortalListener.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
waitForDependency: waitForDependency:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsWaitForDependency.repository }}" repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
imagePullPolicy: "Always" imagePullPolicy: "Always"
tag: "{{ .Values.images.umsWaitForDependency.tag }}" tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
# TODO: Pending upstream support, #200 # TODO: Pending upstream support, #200
persistence: persistence:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.portalListener }}" size: {{ .Values.persistence.size.univentionManagementStack.portalListener | quote }}
resources: resources:
{{ .Values.resources.umsPortalListener | toYaml | nindent 2 }} {{ .Values.resources.umsPortalListener | toYaml | nindent 2 }}
resourcesDependencyWaiter: resourcesDependencyWaiter:
{{ .Values.resources.umsPortalListenerDependencies | toYaml | nindent 2 }} {{ .Values.resources.umsPortalListenerDependencies | toYaml | nindent 2 }}
... ...

10
helmfile/apps/univention-management-stack/values-portal-server.gotmpl
View File

@@ -14,13 +14,13 @@ portalServer:
umcSessionUrl: "http://ums-umc-server/get/session-info" umcSessionUrl: "http://ums-umc-server/get/session-info"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsPortalServer.repository }}" repository: {{ .Values.images.umsPortalServer.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsPortalServer.tag }}" tag: {{ .Values.images.umsPortalServer.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

10
helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
View File

@@ -31,13 +31,13 @@ stackDataContext:
oxDefaultContext: "10" oxDefaultContext: "10"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsDataLoader.repository }}" repository: {{ .Values.images.umsDataLoader.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsDataLoader.tag }}" tag: {{ .Values.images.umsDataLoader.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

10
helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
View File

@@ -31,13 +31,13 @@ stackDataContext:
installUmcPolicies: false installUmcPolicies: false
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsDataLoader.repository }}" repository: {{ .Values.images.umsDataLoader.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsDataLoader.tag }}" tag: {{ .Values.images.umsDataLoader.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

28
helmfile/apps/univention-management-stack/values-store-dav.gotmpl
View File

@@ -6,33 +6,33 @@ SPDX-License-Identifier: Apache-2.0
storeDav: storeDav:
auth: auth:
basicAuth: basicAuth:
portal-listener: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}" portal-listener: {{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener | quote }}
portal-server: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}" portal-server: {{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsStoreDav.repository }}" repository: {{ .Values.images.umsStoreDav.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsStoreDav.tag }}" tag: {{ .Values.images.umsStoreDav.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
configHtpasswd: configHtpasswd:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsConfigHtpasswd.repository }}" repository: {{ .Values.images.umsConfigHtpasswd.repository | quote }}
pullPolicy: "Always" pullPolicy: "Always"
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsConfigHtpasswd.tag }}" tag: {{ .Values.images.umsConfigHtpasswd.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
# TODO: Pending upstream support, #201 # TODO: Pending upstream support, #201
persistence: persistence:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.storeDav }}" size: {{ .Values.persistence.size.univentionManagementStack.storeDav | quote }}
resources: resources:
{{ .Values.resources.umsStoreDav | toYaml | nindent 2 }} {{ .Values.resources.umsStoreDav | toYaml | nindent 2 }}

13
helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl
View File

@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
--- ---
udmRestApi: udmRestApi:
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
# TODO: Stub value currently # TODO: Stub value currently
@@ -15,16 +15,15 @@ udmRestApi:
enabled: true enabled: true
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsUdmRestApi.repository }}" repository: {{ .Values.images.umsUdmRestApi.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsUdmRestApi.tag }}" tag: {{ .Values.images.umsUdmRestApi.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:
{{ .Values.resources.umsUdmRestApi | toYaml | nindent 2 }} {{ .Values.resources.umsUdmRestApi | toYaml | nindent 2 }}
... ...

10
helmfile/apps/univention-management-stack/values-umc-gateway.gotmpl
View File

@@ -17,13 +17,13 @@ extraVolumeMounts:
subPath: "90-swp.sh" subPath: "90-swp.sh"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsUmcGateway.repository }}" repository: {{ .Values.images.umsUmcGateway.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsUmcGateway.tag }}" tag: {{ .Values.images.umsUmcGateway.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

14
helmfile/apps/univention-management-stack/values-umc-server.gotmpl
View File

@@ -5,18 +5,18 @@ SPDX-License-Identifier: Apache-2.0
--- ---
umcServer: umcServer:
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsUmcServer.repository }}" repository: {{ .Values.images.umsUmcServer.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsUmcServer.tag }}" tag: {{ .Values.images.umsUmcServer.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

34
helmfile/apps/xwiki/values.gotmpl
View File

@@ -5,24 +5,24 @@ SPDX-License-Identifier: Apache-2.0
--- ---
image: image:
name: "{{ .Values.global.imageRegistry }}/{{ .Values.images.xwiki.repository }}" name: "{{ .Values.global.imageRegistry }}/{{ .Values.images.xwiki.repository }}"
tag: "{{ .Values.images.xwiki.tag }}" tag: {{ .Values.images.xwiki.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
externalDB: externalDB:
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }} password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
database: "{{ .Values.databases.xwiki.name }}" database: {{ .Values.databases.xwiki.name | quote }}
user: "{{ .Values.databases.xwiki.username }}" user: {{ .Values.databases.xwiki.username | quote }}
host: "{{ .Values.databases.xwiki.host }}" host: {{ .Values.databases.xwiki.host | quote }}
customConfigs: customConfigs:
"xwiki.cfg": "xwiki.cfg":
"xwiki.superadminpassword": "{{ .Values.secrets.xwiki.superadminpassword }}" "xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
## LDAP Server configuration ## LDAP Server configuration
xwiki.authentication.ldap.server: "{{ .Values.global.ldap.host }}" xwiki.authentication.ldap.server: {{ .Values.global.ldap.host | quote }}
xwiki.authentication.ldap.port: 389 xwiki.authentication.ldap.port: 389
## Authentication to the LDAP server ## Authentication to the LDAP server
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
xwiki.authentication.ldap.bind_pass: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}" xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
## Base DN used for searching for users ## Base DN used for searching for users
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
@@ -31,24 +31,24 @@ customConfigs:
"oidc.endpoint.token": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token" "oidc.endpoint.token": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token"
"oidc.endpoint.userinfo": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/userinfo" "oidc.endpoint.userinfo": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/userinfo"
"oidc.endpoint.logout": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout" "oidc.endpoint.logout": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
"oidc.secret": {{ .Values.secrets.keycloak.clientSecret.xwiki }} "oidc.secret": {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
"url.trustedDomains": "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" "url.trustedDomains": "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
"workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json" "workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
"workplaceServices.base": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}" "workplaceServices.base": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
"workplaceServices.portalSecret": "{{ .Values.secrets.centralnavigation.apiKey }}" "workplaceServices.portalSecret": {{ .Values.secrets.centralnavigation.apiKey | quote }}
properties: properties:
"attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}" "attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}"
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": "{{ .Values.theme.colors.primary }}" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": {{ .Values.theme.colors.primary | quote }}
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "{{ .Values.theme.colors.white }}" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": {{ .Values.theme.colors.white | quote }}
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "{{ .Values.theme.colors.secondaryGreyLight }}" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": {{ .Values.theme.colors.secondaryGreyLight | quote }}
## Link LDAP users and users authenticated through OIDC ## Link LDAP users and users authenticated through OIDC
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1 "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
className: "{{ .Values.ingress.ingressClassName }}" className: {{ .Values.ingress.ingressClassName | quote }}
annotations: annotations:
haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
hosts: hosts:
@@ -57,13 +57,13 @@ ingress:
- path: / - path: /
pathType: "ImplementationSpecific" pathType: "ImplementationSpecific"
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
persistence: persistence:
size: "{{ .Values.persistence.size.xwiki }}" size: {{ .Values.persistence.size.xwiki | quote }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
replicaCount: {{ .Values.replicas.xwiki }} replicaCount: {{ .Values.replicas.xwiki }}

5
helmfile/environments/default/global.gotmpl
View File

@@ -9,7 +9,7 @@ global:
## Define host ## Define host
# #
domain: {{ env "DOMAIN" | default "souvap.cloud" }} domain: {{ env "DOMAIN" | default "souvap.cloud" | quote }}
## Define LDAP service (supports "ums_eval" from the CI pipeline) ## Define LDAP service (supports "ums_eval" from the CI pipeline)
@@ -19,6 +19,5 @@ global:
## Define docker registry address. ## Define docker registry address.
# #
imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" }} imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" | quote }}
... ...

16
helmfile/environments/default/images.yaml
View File

@@ -26,6 +26,14 @@ images:
repository: "clamav/clamav" repository: "clamav/clamav"
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f" tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
# @supplier: "openDesk DevSecOps" # @supplier: "openDesk DevSecOps"
icap:
repository: "souvap/tooling/images/c-icap"
tag: "0.5.10@sha256:cd665e77a42460bb1e6df4282bc1d8737be241fc9f4143d43509e31de3a7993d"
# @supplier: "openDesk DevSecOps"
intercom:
repository: "univention/intercom-service"
tag: "1.4-kubernetes@sha256:e4fa2e0df49595bf9ba5bf73e36a50e8f1b44334a1a326a43488b8f9c8bbcb9c"
# @supplier: "Univention"
jibri: jibri:
repository: "jitsi/jibri" repository: "jitsi/jibri"
tag: "stable-8922@sha256:87aa176b44b745b13769f13b8e2d22ddd6f6ba624244d5354c8dd3664787e936" tag: "stable-8922@sha256:87aa176b44b745b13769f13b8e2d22ddd6f6ba624244d5354c8dd3664787e936"
@@ -50,14 +58,6 @@ images:
repository: "jitsi/jvb" repository: "jitsi/jvb"
tag: "stable-8922@sha256:75dd613807e19cbbd440d071b60609fa9e4ee50a1396b14deb0ed779d882a554" tag: "stable-8922@sha256:75dd613807e19cbbd440d071b60609fa9e4ee50a1396b14deb0ed779d882a554"
# @supplier: "Nordeck" # @supplier: "Nordeck"
icap:
repository: "souvap/tooling/images/c-icap"
tag: "0.5.10@sha256:cd665e77a42460bb1e6df4282bc1d8737be241fc9f4143d43509e31de3a7993d"
# @supplier: "openDesk DevSecOps"
intercom:
repository: "univention/intercom-service"
tag: "1.4-kubernetes@sha256:e4fa2e0df49595bf9ba5bf73e36a50e8f1b44334a1a326a43488b8f9c8bbcb9c"
# @supplier: "Univention"
keycloak: keycloak:
repository: "bitnami/keycloak" repository: "bitnami/keycloak"
tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e" tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e"

2
helmfile/environments/default/istio.gotmpl
View File

@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
--- ---
istio: istio:
enabled: true enabled: true
domain: {{ env "ISTIO_DOMAIN" | default "souvap.cloud" }} domain: {{ env "ISTIO_DOMAIN" | default "souvap.cloud" | quote }}
virtualService: virtualService:
enabled: false enabled: false
gateway: gateway:

110
helmfile/environments/default/secrets.gotmpl
View File

@@ -5,84 +5,84 @@ SPDX-License-Identifier: Apache-2.0
--- ---
secrets: secrets:
oxAppsuite: oxAppsuite:
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum) }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
cookieHashSalt: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum) }} cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
sessiondEncryptionKey: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum) }} sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }}
shareCryptKey: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum) }} shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}
oxguardMC: {{ printf "MC%s" (randAlphaNum 20 | b64enc) | quote }} oxguardMC: {{ printf "MC%s" (randAlphaNum 20 | b64enc) | quote }}
oxguardRC: {{ printf "RC%s" (randAlphaNum 20 | b64enc) | quote }} oxguardRC: {{ printf "RC%s" (randAlphaNum 20 | b64enc) | quote }}
univentionCorporateServer: univentionCorporateServer:
authSecret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "auth_secret" | sha1sum) }} authSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "auth_secret" | sha1sum | quote }}
defaultAccounts: defaultAccounts:
userPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_password" | sha1sum) }} userPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_password" | sha1sum | quote }}
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_admin" | sha1sum) }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_admin" | sha1sum | quote }}
ldapSearch: ldapSearch:
keycloak: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_keycloak" | sha1sum) }} keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_keycloak" | sha1sum | quote }}
nextcloud: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_nextcloud" | sha1sum) }} nextcloud: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_nextcloud" | sha1sum | quote }}
dovecot: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_dovecot" | sha1sum) }} dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_dovecot" | sha1sum | quote }}
ox: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_ox" | sha1sum) }} ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_ox" | sha1sum | quote }}
openproject: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_openproject" | sha1sum) }} openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_openproject" | sha1sum | quote }}
xwiki: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_xwiki" | sha1sum) }} xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_xwiki" | sha1sum | quote }}
univentionManagementStack: univentionManagementStack:
ldapSecret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum) }} ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
defaultAccounts: defaultAccounts:
administratorPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "ums" | sha1sum) }} administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "ums" | sha1sum | quote }}
storeDavUsers: storeDavUsers:
portalServer: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum) }} portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
portalListener: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum) }} portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
postgresql: postgresql:
postgresUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum) }} postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }}
keycloakUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum) }} keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}
keycloakExtensionUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum) }} keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
matrixUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum) }} matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
openprojectUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum) }} openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}
notificationsapiUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum) }} notificationsapiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
mariadb: mariadb:
rootPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum) }} rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }}
xwikiUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum) }} xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }}
openxchangeUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "openxchange_user" | sha1sum) }} openxchangeUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "openxchange_user" | sha1sum | quote }}
nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "nextcloud_user" | sha1sum) }} nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "nextcloud_user" | sha1sum | quote }}
keycloak: keycloak:
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "adminPassword" | sha1sum) }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "adminPassword" | sha1sum | quote }}
clientSecret: clientSecret:
intercom: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "intercom_client_secret" | sha1sum) }} intercom: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "intercom_client_secret" | sha1sum | quote }}
matrix: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "matrix_client_secret" | sha1sum) }} matrix: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "matrix_client_secret" | sha1sum | quote }}
jitsi: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "jitsi_plain_client_secret" | sha1sum) }} jitsi: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "jitsi_plain_client_secret" | sha1sum | quote }}
ncoidc: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "ncoidc_client_secret" | sha1sum) }} ncoidc: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "ncoidc_client_secret" | sha1sum | quote }}
openproject: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "openproject_client_secret" | sha1sum) }} openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "openproject_client_secret" | sha1sum | quote }}
xwiki: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "xwiki_client_secret" | sha1sum) }} xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "xwiki_client_secret" | sha1sum | quote }}
as8oidc: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "as8oidc_client_secret" | sha1sum) }} as8oidc: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "as8oidc_client_secret" | sha1sum | quote }}
nextcloud: nextcloud:
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "nextcloud_admin_user" | sha1sum) }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "nextcloud_admin_user" | sha1sum | quote }}
metricsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "metricsToken" | sha1sum) }} metricsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "metricsToken" | sha1sum | quote }}
openproject: openproject:
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_admin_user" | sha1sum) }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_admin_user" | sha1sum | quote }}
collabora: collabora:
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "collabora" "collabora_admin_user" | sha1sum) }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "collabora" "collabora_admin_user" | sha1sum | quote }}
jitsi: jitsi:
jwtAppSecret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jwtAppSecret" | sha1sum) }} jwtAppSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jwtAppSecret" | sha1sum | quote }}
jibriRecorderPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriRecorderPassword" | sha1sum) }} jibriRecorderPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriRecorderPassword" | sha1sum | quote }}
jibriXmppPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriXmppPassword" | sha1sum) }} jibriXmppPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriXmppPassword" | sha1sum | quote }}
jicofoAuthPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jicofoAuthPassword" | sha1sum) }} jicofoAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jicofoAuthPassword" | sha1sum | quote }}
jicofoComponentPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jicofoComponentPassword" | sha1sum) }} jicofoComponentPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jicofoComponentPassword" | sha1sum | quote }}
jvbAuthPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jvbAuthPassword" | sha1sum) }} jvbAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jvbAuthPassword" | sha1sum | quote }}
etherpad: etherpad:
apiKey: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "etherpad" "apiKey" | sha1sum) }} apiKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "etherpad" "apiKey" | sha1sum | quote }}
whiteboard: whiteboard:
apiKey: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "etherpad" "apiKey" | sha1sum) }} apiKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "etherpad" "apiKey" | sha1sum | quote }}
centralnavigation: centralnavigation:
apiKey: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "centralnavigation" "api_key" | sha1sum) }} apiKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "centralnavigation" "api_key" | sha1sum | quote }}
redis: redis:
password: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "redis" "password" | sha1sum) }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "redis" "password" | sha1sum | quote }}
dovecot: dovecot:
doveadm: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dovecot" "doveadm" | sha1sum) }} doveadm: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dovecot" "doveadm" | sha1sum | quote }}
xwiki: xwiki:
superadminpassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "xwiki" "superadminpassword" | sha1sum) }} superadminpassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "xwiki" "superadminpassword" | sha1sum | quote }}
intercom: intercom:
secret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "secret" | sha1sum) }} secret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "secret" | sha1sum | quote }}
synapseAsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "as_token" | sha1sum) }} synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "as_token" | sha1sum | quote }}
matrixNeoDateFixBot: matrixNeoDateFixBot:
password: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-neodatefix-bot" "password" | sha1sum) }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-neodatefix-bot" "password" | sha1sum | quote }}
matrixUserVerificationService: matrixUserVerificationService:
password: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-user-verification-service" "password" | sha1sum) }} password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-user-verification-service" "password" | sha1sum | quote }}
... ...

2
helmfile/environments/default/smtp.gotmpl
View File

@@ -7,5 +7,5 @@ smtp:
host: "" host: ""
port: 587 port: 587
username: "" username: ""
password: "{{ env "SMTP_PASSWORD" }}" password: {{ env "SMTP_PASSWORD" | quote }}
... ...

3
helmfile/environments/default/turn.gotmpl
View File

@@ -5,12 +5,11 @@ SPDX-License-Identifier: Apache-2.0
--- ---
turn: turn:
transport: "udp" transport: "udp"
credentials: "{{ env "TURN_CREDENTIALS" }}" credentials: {{ env "TURN_CREDENTIALS" | quote }}
server: server:
host: "" host: ""
port: "3478" port: "3478"
tls: tls:
host: "" host: ""
port: "5349" port: "5349"
... ...