diff --git a/helmfile/apps/services/values-minio.yaml.gotmpl b/helmfile/apps/services/values-minio.yaml.gotmpl index b61ff2c1..67e18f0c 100644 --- a/helmfile/apps/services/values-minio.yaml.gotmpl +++ b/helmfile/apps/services/values-minio.yaml.gotmpl @@ -85,6 +85,8 @@ provisioning: enabled: true cleanupAfterFinished: enabled: true + extraCommands: + - "mc anonymous set download provisioning/ums/portal-assets" buckets: - name: "openproject" versioning: true @@ -92,8 +94,8 @@ provisioning: - name: "openxchange" versioning: true withLock: false - - name: "ums" - versioning: true + - name: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} + versioning: false withLock: false - name: "nextcloud" versioning: true @@ -160,7 +162,7 @@ provisioning: policies: - "openxchange-bucket-policy" setPolicies: true - - username: "ums_user" + - username: {{ .Values.objectstores.univentionManagementStack.username | quote }} password: {{ .Values.secrets.minio.umsUser | quote }} disabled: false policies: diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/univention-management-stack/helmfile.yaml index 09ad9e42..c4da65fd 100644 --- a/helmfile/apps/univention-management-stack/helmfile.yaml +++ b/helmfile/apps/univention-management-stack/helmfile.yaml @@ -34,13 +34,6 @@ repositories: password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} oci: true url: "{{ .Values.global.helmRegistry | default .Values.charts.umsOpenPolicyAgent.registry }}/{{ .Values.charts.umsOpenPolicyAgent.repository }}" - - name: "ums-store-dav-repo" - keyring: "../../files/gpg-pubkeys/univention-de.gpg" - verify: {{ .Values.charts.umsStoreDav.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.umsStoreDav.registry }}/{{ .Values.charts.umsStoreDav.repository }}" - name: "ums-ldap-server-repo" keyring: "../../files/gpg-pubkeys/univention-de.gpg" verify: {{ .Values.charts.umsLdapServer.verify }} @@ -219,15 +212,6 @@ releases: installed: {{ .Values.univentionManagementStack.enabled }} timeout: 900 - - name: "ums-store-dav" - chart: "ums-store-dav-repo/{{ .Values.charts.umsStoreDav.name }}" - version: "{{ .Values.charts.umsStoreDav.version }}" - values: - - "values-common.yaml.gotmpl" - - "values-store-dav.yaml.gotmpl" - installed: {{ .Values.univentionManagementStack.enabled }} - timeout: 900 - - name: "ums-ldap-server" chart: "ums-ldap-server-repo/{{ .Values.charts.umsLdapServer.name }}" version: "{{ .Values.charts.umsLdapServer.version }}" diff --git a/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl index e69da5ab..44008cd1 100644 --- a/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl @@ -23,8 +23,8 @@ persistence: portalListener: adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }} - assetsRoot: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-assets/" | quote }} - ucsInternalUrl: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-data" | quote }} + assetsRootPath: "portal-assets" + ucsInternalPath: "portal-data" ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapHost: {{ .Values.ldap.host | quote }} @@ -41,6 +41,10 @@ portalListener: udmApiUsername: "cn=admin" umcGetUrl: "http://ums-umc-server/get" umcSessionUrl: "http://ums-umc-server/get/session-info" + objectStorageEndpoint: "http://minio:9000" + objectStorageBucket: "ums" + objectStorageAccessKeyId: "ums_user" + objectStorageSecretAccessKey: {{ .Values.secrets.minio.umsUser | quote }} resources: {{ .Values.resources.umsPortalListener | toYaml | nindent 2 }} diff --git a/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl index c842ef49..f6e0e9e5 100644 --- a/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl @@ -18,7 +18,11 @@ portalServer: umcSessionUrl: "http://ums-umc-server/get/session-info" logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }} adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }} - ucsInternalUrl: {{ printf "%s%s%s" "http://portal-server:" .Values.secrets.univentionManagementStack.storeDavUsers.portalServer "@ums-store-dav/portal-data" | quote }} + ucsInternalPath: "portal-data" + objectStorageEndpoint: "http://minio:9000" + objectStorageBucket: "ums" + objectStorageAccessKeyId: "ums_user" + objectStorageSecretAccessKey: {{ .Values.secrets.minio.umsUser | quote }} centralNavigation: enabled: true authenticatorSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }} diff --git a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl index 26e127cd..a3a9bc9b 100644 --- a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl @@ -173,22 +173,22 @@ serverBlock: | } - ## store-dav + ## object storage (minio) location /univention/portal/icons/entries/ { - rewrite ^/univention/portal(/icons/entries/.*)$ /portal-assets$1 break; - proxy_pass http://ums-store-dav:80; + rewrite ^/univention/portal(/icons/entries/.*)$ /ums/portal-assets$1 break; + proxy_pass http://minio:9000; } location /univention/portal/icons/logos/ { - rewrite ^/univention/portal(/icons/logos/.*)$ /portal-assets$1 break; - proxy_pass http://ums-store-dav:80; + rewrite ^/univention/portal(/icons/logos/.*)$ /ums/portal-assets$1 break; + proxy_pass http://minio:9000; } location /univention/selfservice/icons/entries/ { - rewrite ^/univention/selfservice(/icons/entries/.*)$ /portal-assets$1 break; - proxy_pass http://ums-store-dav:80; + rewrite ^/univention/selfservice(/icons/entries/.*)$ /ums/portal-assets$1 break; + proxy_pass http://minio:9000; } location /univention/selfservice/icons/logos/ { - rewrite ^/univention/selfservice(/icons/logos/.*)$ /portal-assets$1 break; - proxy_pass http://ums-store-dav:80; + rewrite ^/univention/selfservice(/icons/logos/.*)$ /ums/portal-assets$1 break; + proxy_pass http://minio:9000; } diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index 22773d19..a3ba6527 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -343,7 +343,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize" name: "opendesk-otterize" - version: "1.7.1" + version: "1.7.3" verify: true # @supplier: "openDesk" @@ -581,7 +581,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "portal-frontend" - version: "0.9.2" + version: "0.14.0" verify: true # @supplier: "Univention" # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' @@ -595,7 +595,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "portal-listener" - version: "0.9.2" + version: "0.14.0" verify: true # @supplier: "Univention" # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' @@ -609,7 +609,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "portal-server" - version: "0.9.2" + version: "0.14.0" verify: true # @supplier: "Univention" # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' @@ -671,20 +671,6 @@ charts: # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFrom: ['0', '41', '8'] - umsStoreDav: - # renovate: - # upstreamRegistry=registry.souvap-univention.de - # upstreamRepository=souvap/tooling/charts/univention/store-dav - # dependencyType=supplier - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/charts-mirror" - name: "store-dav" - version: "0.9.3" - verify: true - # @supplier: "Univention" - # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' - # @mirrorFrom: ['0', '9', '3'] - umsUdmRestApi: # renovate: # upstreamRegistry=registry.souvap-univention.de diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 7bc13336..5a70a966 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -579,18 +579,6 @@ images: tag: "2.6.6-bullseye@sha256:bf22cfb1301aae433213f5f8c687bc5d9ecc6b86daf1084be5f7a339bd27cadd" # @supplier: "Element" - umsConfigHtpasswd: - # renovate: - # upstreamRegistry=registry.souvap-univention.de - # upstreamRepository=souvap/tooling/images/univention/config-htpasswd - # dependencyType=supplier - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/config-htpasswd" - tag: "0.9.4@sha256:ba4f6fa2736a789c6c7413cc784bfadbeda1b3269fee29a871207f6f2ba2ee08" - # @supplier: "Univention" - # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' - # @mirrorFrom: ['0', '9', '4'] - umsDataLoader: # renovate: # upstreamRegistry=registry.souvap-univention.de @@ -742,7 +730,7 @@ images: # dependencyType=supplier registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend" - tag: "0.9.4@sha256:97887159fc4a7febdf663761a65b7fac2eb7b99b6dd042c7d63ce6b254ea6fb9" + tag: "0.14.0@sha256:6f96a7479728e07c3d3311c85e1d14f7ef45f4d5bc5c9a008ce62203ef232f79" # @supplier: "Univention" # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFrom: ['0', '9', '4'] @@ -754,7 +742,7 @@ images: # dependencyType=supplier registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-listener" - tag: "0.9.4@sha256:1e03db8153cbff0825c4370526d5d44a6b9b92c643b0e605d1bfc762ebac3a31" + tag: "0.14.0@sha256:5c86167d3a6ff7e85ff7e870596dd9864c1802b4f622c1f2378472744d4c4c34" # @supplier: "Univention" # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFrom: ['0', '9', '4'] @@ -766,7 +754,7 @@ images: # dependencyType=supplier registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server" - tag: "0.9.4@sha256:47c825f83b61799b287b11cf5c548e05000c21e7d071d1f2095fbba4c952d84c" + tag: "0.14.0@sha256:d608db0692f9638e53101dabaf7749a9fbc29c316194f1977bd8986444f9f472" # @supplier: "Univention" # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFrom: ['0', '9', '4'] @@ -871,18 +859,6 @@ images: tag: "1.25.3@sha256:40ce0d6b8f5fc174a4df8c59c8893164c540192ee862cb7253650a30d9dc3b73" # @supplier: "Univention" - umsStoreDav: - # renovate: - # upstreamRegistry=registry.souvap-univention.de - # upstreamRepository=souvap/tooling/images/univention/store-dav - # dependencyType=supplier - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/store-dav" - tag: "0.9.4@sha256:4a2c7675c15a244a3a8c002e030db425cdbe5cd7bf8c21ced4bac6f5252382bd" - # @supplier: "Univention" - # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' - # @mirrorFrom: ['0', '9', '4'] - umsUdmRestApi: # renovate: # upstreamRegistry=registry.souvap-univention.de @@ -926,7 +902,7 @@ images: # dependencyType=supplier registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency" - tag: "0.9.4@sha256:63451fe519d557e52d5f99e21231594daebb2990eb734931172ad61543c443cb" + tag: "0.14.0@sha256:fda3f99be59614115997a55ad5887bf8f6482de4c8e168706aac3e42575b4915" # @supplier: "Univention" # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFrom: ['0', '9', '4'] diff --git a/helmfile/environments/default/objectstore.gotmpl b/helmfile/environments/default/objectstore.gotmpl index 0c933604..ec6b4409 100644 --- a/helmfile/environments/default/objectstore.gotmpl +++ b/helmfile/environments/default/objectstore.gotmpl @@ -12,4 +12,12 @@ objectstores: secret: "" username: "openproject_user" useIAMProfile: "" + univentionManagementStack: + backend: "minio" + bucket: "ums" + endpoint: "" + region: "" + secret: "" + username: "ums_user" + useIAMProfile: "" ... diff --git a/helmfile/environments/default/persistence.yaml b/helmfile/environments/default/persistence.yaml index 66ee72e8..d209f121 100644 --- a/helmfile/environments/default/persistence.yaml +++ b/helmfile/environments/default/persistence.yaml @@ -21,6 +21,5 @@ persistence: ldapServerShared: "1Gi" portalListener: "1Gi" selfserviceListener: "1Gi" - storeDav: "1Gi" xwiki: "1Gi" ... diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml index 1927f696..5693ab0c 100644 --- a/helmfile/environments/default/resources.yaml +++ b/helmfile/environments/default/resources.yaml @@ -466,13 +466,6 @@ resources: requests: cpu: 0.1 memory: "256Mi" - umsStoreDav: - limits: - cpu: 99 - memory: "1Gi" - requests: - cpu: 0.1 - memory: "256Mi" umsUdmRestApi: limits: cpu: 99 diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 2b395de4..d2da8f68 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -24,9 +24,6 @@ secrets: administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "ums" | sha1sum | quote }} userPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_password" | sha1sum | quote }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_admin" | sha1sum | quote }} - storeDavUsers: - portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }} - portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }} postgresql: postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }} keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}