From 6dc470fd67edbb9711e406acb067569ca357b989 Mon Sep 17 00:00:00 2001
From: Thorsten Rossner <rossner@univention.de>
Date: Mon, 7 Aug 2023 15:05:35 +0000
Subject: [PATCH] feat(open-xchange): OX AppSuite 8 within SWP is now publicly
 available

---
 .gitlab-ci.yml                                |  6 +--
 README.md                                     | 20 ++++----
 helmfile.yaml                                 |  3 +-
 .../apps/keycloak-bootstrap/helmfile.yaml     |  6 +--
 helmfile/apps/open-xchange/helmfile.yaml      |  7 +--
 .../open-xchange/values-openxchange.gotmpl    | 47 ++++++++++++-------
 .../apps/open-xchange/values-openxchange.yaml |  2 +-
 helmfile/environments/default/images.gotmpl   | 26 +++++++++-
 8 files changed, 76 insertions(+), 41 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 09e51998..a55d2944 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -29,11 +29,7 @@ variables:
       - "prototype"
   BASE_DOMAIN:
     description: "Define the Cluster Base Domain."
-    value: "souvap-univention.de"
-    options:
-      - "souvap-univention.de"
-      - "at-univention.de"
-      - "souvap.cloud"
+    value: "souvap.cloud"
   MASTER_PASSWORD_WEB_VAR:
     description: "Optional: Provide a passphrase to be used for password generation."
     value: ""
diff --git a/README.md b/README.md
index 08a547ae..e4454d2e 100644
--- a/README.md
+++ b/README.md
@@ -6,11 +6,11 @@ SPDX-License-Identifier: Apache-2.0
 
 [[_TOC_]]
 
-# Disclaimer July 2023
+# Disclaimer August 2023
 
-The current state of the SWP is missing two components that are not yet generally available to the public also
-outside the SWP (Element Starter Edition and Open-Xchange App Suite 8), and contains components that will be replaced
-(e.g. UCS dev container monolith to be replaced by multiple Univention Management Stack containers).
+The current state of the SWP is missing one component which is not yet generally available to the public also
+outside the SWP (Element Starter Edition), and contains components that will be replaced (e.g. UCS dev container
+monolith to be replaced by multiple Univention Management Stack containers).
 In the next months we not only expect upstream updates of the functional components within their feature scope but we
 are going to address operational issues like monitoring and network policies.
 
@@ -18,7 +18,7 @@ Of course we will also extend the documentation.
 
 In any case we love to get feedback from you! Related to the deployment / contents of this repository please use the [issues within this project](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues).
 
- If you want to address other topics, please check the section ["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
+If you want to address other topics, please check the section ["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
 
 The first release of the SWP is scheduled for December 2023. Before that release there will be breaking changes in the deployment.
 
@@ -58,7 +58,7 @@ You have to take care about the following prerequisites in order to deploy the S
 - Volume provisioner supporting RWO (read-write-once)
 - Certificate handling with [cert-manager](https://cert-manager.io/)
 - [Istio](https://istio.io/) is currently required to deploy and operate OX AppSuite8, we are working with Open-Xchange
-to get rid of this component.
+to get rid of this dependency.
 
 #### TLS Certificate
 
@@ -75,7 +75,7 @@ You need to expose following variables to run the installation.
 | `DOMAIN`            | `souvap-univention.de`       | External reachable domain                         |
 | `ISTIO_DOMAIN`      | `istio.souvap-univention.de` | External reachable domain for Istio Gateway       |
 | `MASTER_PASSWORD`   | `sovereign-workplace`        | The password that seeds the autogenerated secrets |
-| `SMTP_PASSWORD`     |                              | Password for STMP relay gateway                   |
+| `SMTP_PASSWORD`     |                              | Password for SMTP relay gateway                   |
 | `TURN_CREDENTIALS`  |                              | Credentials for coturn server                     |
 
 Please ensure you have set DNS records pointing to the respective loadbalancer/IP for `DOMAIN` and `ISTIO_DOMAIN`.
@@ -126,7 +126,9 @@ and wait. After the deployment are finished some bootstrapping is executed which
 
 ## Logging in
 
-Once you have successfully deployed the SWP you should see the portal's login page at `https://portal.<DOMAIN>`.
+When successfully deployed the SWP all K8s jobs from the deployment should be in the status `Succeeded` and all pods should be up an `Running`.
+
+You should see the portal's login page at `https://portal.<DOMAIN>`.
 
 Off the shelf you get two accounts with passwords you can lookup in the `univention-corporate-container-*` pod environment:
 
@@ -135,6 +137,8 @@ Off the shelf you get two accounts with passwords you can lookup in the `univent
 | default.user       | DEFAULT_ACCOUNT_USER_PASSWORD  |
 | default.admin      | DEFAULT_ACCOUNT_ADMIN_PASSWORD |
 
+If you do not see any tiles in the portal after the login you may want to wait a couple of minutes, as on the initial start some bootstrapping and cache building is done, that blocks the portal entries from showing up.
+
 # Helmfile
 
 ## Custom Configuration
diff --git a/helmfile.yaml b/helmfile.yaml
index f4b9780d..76eb33f5 100644
--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -11,8 +11,7 @@ helmfiles:
   - path: "helmfile/apps/univention-corporate-container/helmfile.yaml"
   - path: "helmfile/apps/keycloak-bootstrap/helmfile.yaml"
   - path: "helmfile/apps/intercom-service/helmfile.yaml"
-  # Disable Open-Xchange AppSuite 8 Deployment until it is publicly available
-  # - path: "helmfile/apps/open-xchange/helmfile.yaml"
+  - path: "helmfile/apps/open-xchange/helmfile.yaml"
   - path: "helmfile/apps/nextcloud/helmfile.yaml"
   - path: "helmfile/apps/collabora/helmfile.yaml"
   - path: "helmfile/apps/jitsi/helmfile.yaml"
diff --git a/helmfile/apps/keycloak-bootstrap/helmfile.yaml b/helmfile/apps/keycloak-bootstrap/helmfile.yaml
index 8c7e1f84..0216c193 100644
--- a/helmfile/apps/keycloak-bootstrap/helmfile.yaml
+++ b/helmfile/apps/keycloak-bootstrap/helmfile.yaml
@@ -2,12 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "swp-keycloak-bootstrap"
+  - name: "sovereign-workplace-keycloak-bootstrap"
     url: "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable"
 
 releases:
-  - name: "swp-keycloak-bootstrap"
-    chart: "swp-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap"
+  - name: "sovereign-workplace-keycloak-bootstrap"
+    chart: "sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap"
     version: "1.1.11"
     values:
       - "values-bootstrap.gotmpl"
diff --git a/helmfile/apps/open-xchange/helmfile.yaml b/helmfile/apps/open-xchange/helmfile.yaml
index 41de4334..abfd983f 100644
--- a/helmfile/apps/open-xchange/helmfile.yaml
+++ b/helmfile/apps/open-xchange/helmfile.yaml
@@ -7,9 +7,6 @@ repositories:
   - name: "openxchange"
     url: "registry.open-xchange.com"
     oci: true
-    passCredentials: true
-    # username is retrieve from the environment with the format <registryNameUpperCase>_USERNAME for CI usage, here OPENXCHANGE_USERNAME
-    # username is retrieve from the environment with the format <registryNameUpperCase>_PASSWORD for CI usage, here OPENXCHANGE_PASSWORD
   - name: "sovereign-workplace-open-xchange-bootstrap"
     url: "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable"
 
@@ -22,8 +19,8 @@ releases:
       - "values-dovecot.gotmpl"
     condition: "dovecot.enabled"
   - name: "open-xchange"
-    chart: "openxchange/appsuite-core-public-sector/charts/appsuite-public-sector"
-    version: "1.1.8"
+    chart: "openxchange/appsuite-public-sector/charts/appsuite-public-sector"
+    version: "1.2.13"
     values:
       - "values-openxchange.yaml"
       - "values-openxchange.gotmpl"
diff --git a/helmfile/apps/open-xchange/values-openxchange.gotmpl b/helmfile/apps/open-xchange/values-openxchange.gotmpl
index 318fb20c..8f46a225 100644
--- a/helmfile/apps/open-xchange/values-openxchange.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.gotmpl
@@ -18,12 +18,18 @@ istio:
   enabled: {{ .Values.istio.enabled }}
 
 nextcloud-integration-ui:
+  image:
+    repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository }}
+    tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag }}
   imagePullSecrets:
   {{- range .Values.global.imagePullSecrets }}
     - name: {{ . }}
   {{- end }}
 
 public-sector-ui:
+  image:
+    repository: {{ .Values.images.openxchangePublicSectorUI.repository }}
+    tag: {{ .Values.images.openxchangePublicSectorUI.tag }}
   imagePullSecrets:
   {{- range .Values.global.imagePullSecrets }}
     - name: {{ . }}
@@ -77,6 +83,13 @@ appsuite:
       oxguardpass: |
         {{ .Values.secrets.oxAppsuite.oxguardMC }}
         {{ .Values.secrets.oxAppsuite.oxguardRC }}
+    image:
+      repository: {{ .Values.images.openxchangeCoreMW.repository }}
+      tag: {{ .Values.images.openxchangeCoreMW.tag }}
+    update:
+      image:
+        repository: {{ .Values.images.openxchangeCoreMW.repository }}
+        tag: {{ .Values.images.openxchangeCoreMW.tag }}
     imagePullSecrets:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . }}
@@ -87,6 +100,9 @@ appsuite:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . }}
     {{- end }}
+    image:
+      repository: {{ .Values.images.openxchangeCoreUI.repository }}
+      tag: {{ .Values.images.openxchangeCoreUI.tag }}
 
   core-ui-middleware:
     ingress:
@@ -96,33 +112,32 @@ appsuite:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . }}
     {{- end }}
+    image:
+      repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository }}
+      tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag }}
 
   core-guidedtours:
     imagePullSecrets:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . }}
     {{- end }}
+    image:
+      repository: {{ .Values.images.openxchangeCoreGuidedtours.repository }}
+      tag: {{ .Values.images.openxchangeCoreGuidedtours.tag }}
 
   guard-ui:
+    imagePullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+      - name: {{ . }}
+    {{- end }}
     image:
-      repository: "{{ .Values.global.imageRegistry }}/appsuite-core-public/guard-ui"
-    imagePullSecrets:
-    {{- range .Values.global.imagePullSecrets }}
-      - name: {{ . }}
-    {{- end }}
-
-  core-cacheservice:
-    imagePullSecrets:
-    {{- range .Values.global.imagePullSecrets }}
-      - name: {{ . }}
-    {{- end }}
+      repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}
+      tag: {{ .Values.images.openxchangeGuardUI.tag }}
 
   core-user-guide:
-    imagePullSecrets:
-    {{- range .Values.global.imagePullSecrets }}
-      - name: {{ . }}
-    {{- end }}
-
+    image:
+      repository: {{ .Values.images.openxchangeCoreUserGuide.repository }}
+      tag: {{ .Values.images.openxchangeCoreUserGuide.tag }}
     imagePullSecrets:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . }}
diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml b/helmfile/apps/open-xchange/values-openxchange.yaml
index d3a0a8c7..2ea4a7e1 100644
--- a/helmfile/apps/open-xchange/values-openxchange.yaml
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml
@@ -134,7 +134,7 @@ appsuite:
   guard-ui:
     enabled: true
   core-cacheservice:
-    enabled: true
+    enabled: false
   core-user-guide:
     enabled: true
   core-imageconverter:
diff --git a/helmfile/environments/default/images.gotmpl b/helmfile/environments/default/images.gotmpl
index 1aa23237..c8653a33 100644
--- a/helmfile/environments/default/images.gotmpl
+++ b/helmfile/environments/default/images.gotmpl
@@ -65,6 +65,30 @@ images:
   openproject:
     repository: "souvap/tooling/images/openproject/souvap"
     tag: "dev"
+  openxchangeCoreGuidedtours:
+    repository: "appsuite-public-sector/core-guidedtours"
+    tag: "8.5.0"
+  openxchangeCoreMW:
+    repository: "appsuite-public-sector/middleware-public-sector"
+    tag: "8.15.43"
+  openxchangeCoreUI:
+    repository: "appsuite-public-sector/core-ui"
+    tag: "8.15.2"
+  openxchangeCoreUIMiddleware:
+    repository: "appsuite-public-sector/core-ui-middleware"
+    tag: "1.8.3"
+  openxchangeCoreUserGuide:
+    repository: "appsuite-public-sector/core-user-guide"
+    tag: "8.15.702039"
+  openxchangeGuardUI:
+    repository: "appsuite-public-sector/guard-ui"
+    tag: "4.0.5"
+  openxchangeNextcloudIntegrationUI:
+    repository: "appsuite-public-sector/nextcloud-integration-ui"
+    tag: "1.0.2"
+  openxchangePublicSectorUI:
+    repository: "appsuite-public-sector/public-sector-ui"
+    tag: "1.0.3"
   oxConnector:
     repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
     tag: "branch-jconde-listener-entrypoint-chaining"
@@ -82,7 +106,7 @@ images:
     tag: "7.0.12-debian-11-r0"
   univentionCorporateServer:
     repository: "souvap/tooling/images/univention-corporate-server-swp/ucs"
-    tag: "20230802T174148"
+    tag: "20230806T234258"
   xwiki:
     repository: "xwikisas/swp/xwiki"
     tag: "0.4-mariadb-tomcat"