diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index 84022533..3d390cfe 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -10,7 +10,7 @@ global: domainName: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }} ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} - certManagerIssuer: "letsencrypt-prod-dns" + certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }} nubusMasterPassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }} keycloak: realm: {{ .Values.platform.realm | quote }} @@ -53,6 +53,12 @@ global: tag: {{ .Values.images.nubusPortalExtension.tag }} imagePullPolicy: {{ .Values.global.imagePullPolicy }} +ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} + # Nubus bundled services postgresql: enabled: false @@ -95,7 +101,11 @@ nubusGuardian: credentialSecret: name: "ums-opendesk-guardian-client-secret" key: "managementApiClientSecret" - + ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} postgresql: connection: host: {{ .Values.databases.umsGuardianManagementApi.host | quote }} @@ -116,6 +126,11 @@ nubusNotificationsApi: username: {{ .Values.databases.umsNotificationsApi.username | quote }} database: {{ .Values.databases.umsNotificationsApi.name | quote }} existingSecret: "ums-notifications-api-postgresql-opendesk-credentials" + ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} nubusKeycloakExtensions: @@ -140,6 +155,10 @@ nubusKeycloakExtensions: path: "/resources/" - pathType: "Prefix" path: "/fingerprintjs" + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} postgresql: @@ -170,6 +189,13 @@ nubusKeycloakExtensions: newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account" mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}" +nubusPortalFrontend: + ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} + nubusPortalListener: portalListener: objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} @@ -190,6 +216,18 @@ nubusPortalServer: centralNavigation: enabled: true authenticatorSecretName: "ums-opendesk-portal-server-central-navigation" + ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} + +nubusUdmRestApi: + ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} # NOTE: disabled until the next update. nubusProvisioning: @@ -211,6 +249,44 @@ nubusStackDataUms: externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }} umcHtmlTitle: "openDesk Portal" installUmcPolicies: true + templateContext: + portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }} + portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }} + portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain }} + portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain }} + portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }} + portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain }} + portalTitleDE: "openDesk Portal" + portalTitleEN: "openDesk Portal" + oxDefaultContext: "1" + ldapSearchUsers: + {{- range $username, $password := .Values.secrets.nubus.ldapSearch }} + - username: {{ printf "ldapsearch_%s" $username | quote }} + password: {{ $password | quote }} + lastname: "LDAP-Search-User" + {{- end }} + portaltileGroupUserStandard: + - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}' + - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupUserAdmin: + - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}' + - 'cn=Support,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupUserAll: + - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}' + - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupGroupware: + - 'cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupFileshare: + - 'cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupManagementProject: + - 'cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupManagementKnowledge: + - 'cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupManagementLearn: + - 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}' + portaltileGroupLiveCollaboration: + - 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}' + nubusUmcServer: memcached: auth: @@ -270,10 +346,20 @@ nubusUmcServer: smtp: credentialSecret: name: "ums-umc-server-smtp-credentials-custom" + ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} nubusUmcGateway: umcGateway: umcHtmlTitle: "openDesk Portal" + ingress: + certManager: + enabled: false + tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} nubusKeycloakBootstrap: keycloak: diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl index 2df22bfe..bcacd8fd 100644 --- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl @@ -177,15 +177,6 @@ nubusUmcGateway: replicaCount: {{ .Values.replicas.umsUmcGateway }} resources: {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }} - extraVolumes: - - name: "entrypoint-swp-patches" - configMap: - name: "ums-stack-data-swp-umc-gateway-entrypoint" - defaultMode: 0555 - extraVolumeMounts: - - name: "entrypoint-swp-patches" - mountPath: "/entrypoint.d/90-swp.sh" - subPath: "90-swp.sh" nubusKeycloakBootstrap: podAnnotations: diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index 2dc95af8..545f329e 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -212,7 +212,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations" name: "opendesk-migrations" - version: "1.2.2" + version: "1.2.3" verify: true minio: # providerCategory: "Community" @@ -264,7 +264,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "nubus" - version: "0.33.0" + version: "0.39.2" verify: true opendeskKeycloakBootstrap: # providerCategory: "Platform" diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 2c749797..d4b964a8 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -213,7 +213,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" - tag: "1.2.1@sha256:241561c51dee3ccd4d54cf732020634291f124025946e6be983f850bbf4eb1d3" + tag: "1.2.2@sha256:32afdd71c5b8003ed1609e389494ce10c715c5db64d4ed32a74d65b0f0227e64" milter: # providerCategory: "Community" # providerResponsible: "openDesk" @@ -271,7 +271,7 @@ images: # upstreamMirrorStartFrom: ["0", "41", "5"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader" - tag: "0.60.0@sha256:9b43a66c32f4f66143db00b71cc62966df6ed809ec023a0d573a015f5d15305a" + tag: "0.61.0@sha256:598e9fa176c71a6da90ab200ca52abd88176c8cb22a1bf56fec9cd0daf58f58f" nubusGuardianAuthorizationApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -311,7 +311,7 @@ images: # upstreamMirrorStartFrom: ["0", "3", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init" - tag: "0.9.1@sha256:6006fb1c2779b906e7725df524f2587b2a610cc442793bf8f16b2b4b8c0494fb" + tag: "0.11.0@sha256:c691aecaf2074a9f1cc6ec5277a70792642bd677f0ff58a6278041b2d99c9d51" nubusKeycloak: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -331,7 +331,7 @@ images: # upstreamMirrorStartFrom: ["0", "1", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap" - tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2" + tag: "0.1.2@sha256:ea462e3e40843215814bddae0668dc56102864d99127ad3c8d9816d741886ac0" nubusKeycloakExtensionHandler: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -341,7 +341,7 @@ images: # upstreamMirrorStartFrom: ["0", "0", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler" - tag: "0.9.4@sha256:247182a965cc56fe2a891d42a7cfe84205804a9e58dd8f0a8191726a68cb9db1" + tag: "0.10.0@sha256:7aa5bac4821c9226fd74c6a2883f7c24d214b4610d516574866cf933ee1be080" nubusKeycloakExtensionProxy: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -351,7 +351,7 @@ images: # upstreamMirrorStartFrom: ["0", "0", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy" - tag: "0.9.4@sha256:a572fe076a2ef5966433fec478c92cffade816e71f2b4661bd8dbcb9e60c8c2f" + tag: "0.10.0@sha256:a5f6ae65732f7fb9d7ceae11f1c412b109d230e197075d8a8e1d989c87a0309d" nubusLdapNotifier: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -361,7 +361,7 @@ images: # upstreamMirrorStartFrom: ["0", "8", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier" - tag: "0.15.2@sha256:1f2a9d2136c8e87a4c4a59a94a2235d00e969c98bd7bfe75707a299918f271b5" + tag: "0.20.0@sha256:d891fe11075740ff0fe1694b2c5fb72c43ac6d823904af8593e0ab359b9175e0" nubusLdapServer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -370,8 +370,8 @@ images: # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorStartFrom: ["0", "8", "2"] registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/images/temp-nubus-ldap-2.5-upgrade" - tag: "1.1.20@sha256:90f46b8817fa05e6e3ac3b2f053911198675805fb82db8240bfa41239d7e7c61" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server" + tag: "0.20.0@sha256:ad73addd9201378fd5c978ab6bfc64bbd23bb279fc065cade9cb2f8e48a9c85f" nubusLdapServerDhInitContainer: # providerCategory: 'Community' # providerResponsible: 'Univention' @@ -413,7 +413,7 @@ images: # upstreamMirrorStartFrom: ["0", "9", "4"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api" - tag: "0.27.0@sha256:d99173199f20c701b29b8a3c1a46465085a873b37f413882e7d2e106e258c35a" + tag: "0.33.0@sha256:0ddb81d4789b2f43b55ded46ff88db4b99a68e7b1006e35877f582aac875c9ad" nubusOpendeskExtension: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -421,7 +421,9 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" - tag: "1.1.0@sha256:3ff14d9c9611fc4d2bf818786b252eccda870e1beed6a716386cb6ab2bc8412b" + # TODO: Replace with released version once available + # See: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/merge_requests/7 + tag: "1.2.1-jtorres-fixup-icon@sha256:aa10b93e6e9d68a52add2e39bee4ceecc86c9571754db0bc505f00543673b12d" nubusOpenPolicyAgent: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -441,7 +443,7 @@ images: # upstreamMirrorStartFrom: ["0", "10", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension" - tag: "0.10.0@sha256:f6f32ce0486594eca9c8682b10f60e9d174a526d5acd2ba4d0abcb8f522539b9" + tag: "0.11.0@sha256:2cb5a9683b6ff81b995a5c71da52c2ff8177b662bb0be8f11e9cd0c6b48d8a11" nubusPortalConsumer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -451,7 +453,7 @@ images: # upstreamMirrorStartFrom: ["0", "27", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer" - tag: "0.27.0@sha256:e86bf827d1e93b61473a0730492f48f8dbf0d056b79dd9ecde7af1612696b144" + tag: "0.32.0@sha256:7f38a8db34bfe67c9ad0711c0a2c615e278b20a1a7b66b77bd28faa339eaf897" nubusPortalExtension: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -471,7 +473,7 @@ images: # upstreamMirrorStartFrom: ["0", "9", "4"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend" - tag: "0.29.0@sha256:3af3d5d24f690557b4a644d5720113dca0c802465b0e43466b49db27acd37939" + tag: "0.33.0@sha256:9cce16009cc478ece11704521347fc4938a3ac5ee4570ac439dd50b08452a3ff" nubusPortalListener: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -491,7 +493,7 @@ images: # upstreamMirrorStartFrom: ["0", "9", "4"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server" - tag: "0.27.0@sha256:e1ad659feb4a1948d07e6e7d99b94b6bdbd4525d96f4cf9a010b75189f0082fc" + tag: "0.33.1@sha256:82e9002786a9d1ec524c0f386838ac4ee1fa9a581b66d2e353ea57cc01e26a95" nubusProvisioningDispatcher: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -501,7 +503,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" - tag: "0.28.3@sha256:79c81b0143e78c7cabb1efd63d47530eac686fba11db57c173abd8ebdd396778" + tag: "0.36.0@sha256:34f03f48b4c9b470f9809b5fa6bfd6e96346e3f99ac0a2d7eaeac3cf9a4a633d" nubusProvisioningEventsAndConsumerApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -511,7 +513,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" - tag: "0.28.3@sha256:5b0a2c52d715fde613ecfedb3a3f5e47b9eb73cdcf4c373a9cc58248a919f2bf" + tag: "0.36.0@sha256:69dd2946e7b05384304eeeca50dea645d20f7658d225e7c532381c3bdf2027ce" nubusProvisioningPrefill: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -521,7 +523,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" - tag: "0.28.3@sha256:a98bce46144a6ff943b0432b66277393b7b476b8969b221b9069c708d3380f5d" + tag: "0.36.0@sha256:147406648848c068aacc2cb467633d51c65cddbcaa622c352e5fe5349bf92ce6" nubusProvisioningUdmListener: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -531,7 +533,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" - tag: "0.28.3@sha256:b9c452e55e6716f93309bef0af7d401e218cd1e6ea9ad3d2819fb10dd631aecd" + tag: "0.36.0@sha256:8a960db9ff94b3c8a63be1588e47ccc1f62f3071abdce7ee2ef89afbe2674eed" nubusProvisioningUdmTransformer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -541,7 +543,7 @@ images: # upstreamMirrorStartFrom: ["0", "14", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer" - tag: "0.29.0@sha256:68e27eb9560d2729e9065da3573f28073c5e53fedabac4d19562c4b8c6c1d1f3" + tag: "0.36.0@sha256:8080b55e705391aa2ac9b11db11dc1f984b5626271b2f175bfe26967b857b06d" nubusSelfserviceInvitation: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -551,7 +553,7 @@ images: # upstreamMirrorStartFrom: ["0", "3", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation" - tag: "0.6.4@sha256:3fcc56c2e039a5a503183ec272fea334083079ceb83c8af7283f9be9b4334d71" + tag: "0.6.5@sha256:5630c9df3da4134789d2ebafad7de9062375d21547a2074827b680debd7a909e" nubusSelfserviceListener: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -561,15 +563,7 @@ images: # upstreamMirrorStartFrom: ["0", "3", "2"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener" - tag: "0.6.4@sha256:9605072b60d832ba165d8b7f9b1b7195693e7d5744479af321e4cf242f9ea500" - nubusStackGateway: - # providerCategory: "Community" - # providerResponsible: "Univention" - # upstreamRegistry: "https://registry-1.docker.io" - # upstreamRepository: "bitnami/nginx" - registry: "registry-1.docker.io" - repository: "bitnami/nginx" - tag: "1.25.4@sha256:dd352b597f4c38ae24abec411710f4249fb5c793293c7ed04737db6b41d32d24" + tag: "0.6.5@sha256:a9724fd41cb89a9bdf231ea8699126d2d3503dc894fe9510a1e080ab8408838d" nubusUdmRestApi: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -579,7 +573,7 @@ images: # upstreamMirrorStartFrom: ["0", "9", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api" - tag: "0.19.0@sha256:41482c459655afa36eaf9ec21354ff8417e4da5e3a787ec2f865730952f6bb61" + tag: "0.21.0@sha256:f3d189dd0ca619778c907569ddedbdf8772fba26f26cf9e6b8cde2a62618da63" nubusUmcGateway: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -589,7 +583,7 @@ images: # upstreamMirrorStartFrom: ["0", "7", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway" - tag: "0.22.2@sha256:fe4d2c148946da6f5e92201f398ebd0d5a72795c50648993bd220ea1e228658d" + tag: "0.27.1@sha256:50991e4b8e13fd1b1a07228192eadd1b43d8a3502aba16f129ee5ba794720392" nubusUmcServer: # providerCategory: "Supplier" # providerResponsible: "Univention" @@ -599,7 +593,7 @@ images: # upstreamMirrorStartFrom: ["0", "7", "3"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server" - tag: "0.22.2@sha256:474497f561c3532b37b7d5e77ec36bd1fefc4fbeaab9747b481533b0da086586" + tag: "0.27.1@sha256:006680e0a7ffcec3119c85eb30eaa6bbf9b2df54a14dd3d41b6bb7ce71226557" nubusWaitForDependency: # providerCategory: "Supplier" # providerResponsible: "Univention" diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml index 349af5cd..db65bf52 100644 --- a/helmfile/environments/default/resources.yaml +++ b/helmfile/environments/default/resources.yaml @@ -586,7 +586,7 @@ resources: umsUmcServer: limits: cpu: 99 - memory: "1Gi" + memory: "2Gi" requests: cpu: 0.1 memory: "256Mi"