mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
fix(univention-management-stack): Update LDAP server for BSI base security compliance
This commit is contained in:
Andreas Niemann
committed by
Thorsten Roßner
Thorsten Roßner
parent
5ebf291a4d
commit
8e889db63e
@@ -16,9 +16,6 @@ resources:
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
@@ -23,70 +23,70 @@ extraVolumeMounts:
|
||||
mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskProjectmanagement.schema"
|
||||
subPath: "opendeskProjectmanagement.schema"
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }}
|
||||
repository: {{ .Values.images.umsLdapServer.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.umsLdapServer.tag | quote }}
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
extraSecrets:
|
||||
- name: ums-stack-openldap-credentials
|
||||
stringData:
|
||||
adminPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
|
||||
waitForDependency:
|
||||
waitForDependency:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
|
||||
|
||||
ldapServer:
|
||||
caCert: "Cg=="
|
||||
certPem: "Cg=="
|
||||
privateKey: "Cg=="
|
||||
dhParam: "Cg=="
|
||||
waitForSamlMetadata: true
|
||||
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }}
|
||||
repository: {{ .Values.images.umsLdapServer.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.umsLdapServer.tag | quote }}
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
||||
config:
|
||||
domainName: "univention-organization.intranet"
|
||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||
samlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
|
||||
samlMetadataUrlInternal: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
|
||||
samlServiceProviders: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
|
||||
credentialSecret:
|
||||
name: ums-stack-openldap-credentials
|
||||
key: adminPassword
|
||||
|
||||
persistence:
|
||||
sharedData:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
|
||||
sharedRun:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
size: {{ .Values.persistence.size.univentionManagementStack.ldapServerShared | quote }}
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsLdapServer | toYaml | nindent 4 }}
|
||||
|
||||
service:
|
||||
type: "ClusterIP"
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
|
||||
legacy:
|
||||
sharedRunSize: {{ .Values.persistence.size.univentionManagementStack.ldapServerShared | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsLdapServer | toYaml | nindent 2 }}
|
||||
|
||||
initResources:
|
||||
{{ .Values.resources.umsLdapServerInit | toYaml | nindent 2 }}
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 102
|
||||
fsGroupChangePolicy: "Always"
|
||||
sysctls:
|
||||
- name: "net.ipv4.ip_unprivileged_port_start"
|
||||
value: "1"
|
||||
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
runAsUser: 101
|
||||
runAsGroup: 102
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
...
|
||||
|
||||
@@ -28,6 +28,7 @@ postgresql:
|
||||
username: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
||||
database: {{ .Values.databases.umsNotificationsApi.name | quote }}
|
||||
password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
||||
existingSecret: "ums-notifications-api-postgresql-credentials"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsNotificationsApi | toYaml | nindent 2 }}
|
||||
@@ -47,4 +48,8 @@ securityContext:
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsNotificationsApi | toYaml | nindent 4 }}
|
||||
|
||||
extraSecrets:
|
||||
- name: ums-notifications-api-postgresql-credentials
|
||||
stringData:
|
||||
password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
||||
...
|
||||
|
||||
@@ -21,42 +21,43 @@ portalServer:
|
||||
ucsInternalPath: "portal-data"
|
||||
objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
|
||||
objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }}
|
||||
objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
||||
centralNavigation:
|
||||
enabled: true
|
||||
authenticatorSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
credentialSecret:
|
||||
name: "ums-portal-server-minio-credentials"
|
||||
|
||||
replicaCount: {{ .Values.replicas.umsPortalServer }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalServer | toYaml | nindent 2 }}
|
||||
|
||||
securityContext:
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "Always"
|
||||
sysctls:
|
||||
- name: "net.ipv4.ip_unprivileged_port_start"
|
||||
value: "1"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsPortalServer | toYaml | nindent 4 }}
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
|
||||
extraSecrets:
|
||||
- name: ums-portal-server-minio-credentials
|
||||
stringData:
|
||||
accessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }}
|
||||
secretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
||||
|
||||
...
|
||||
|
||||
@@ -49,6 +49,10 @@ stackDataContext:
|
||||
ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
|
||||
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }}
|
||||
initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }}
|
||||
umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }}
|
||||
umcPostgresqUsername: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||
umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }}
|
||||
umcMemcachedUsername: "selfservice"
|
||||
|
||||
stackDataUms:
|
||||
loadDevData: true
|
||||
|
||||
@@ -14,54 +14,51 @@ extraVolumeMounts:
|
||||
mountPath: "/usr/share/attribute-to-group-mapper/flag_to_group_mapping.json"
|
||||
subPath: "flag_to_group_mapping.json"
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsUdmRestApi.registry | quote }}
|
||||
repository: {{ .Values.images.umsUdmRestApi.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.umsUdmRestApi.tag | quote }}
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsUdmRestApi | toYaml | nindent 2 }}
|
||||
|
||||
initResources:
|
||||
{{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.umsUdmRestApi }}
|
||||
|
||||
securityContext:
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "Always"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsUdmRestApi | toYaml | nindent 4 }}
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
udmRestApi:
|
||||
# TODO: Stub value currently
|
||||
caCert: ""
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
|
||||
# TODO: Secret should be entered without b64enc
|
||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
|
||||
secretRef: ums-udm-rest-api-credentials
|
||||
ldap:
|
||||
uri: "ldap://{{ .Values.ldap.host }}:389"
|
||||
baseDN: {{ .Values.ldap.baseDn | quote }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.umsUdmRestApi.registry | quote }}
|
||||
repository: {{ .Values.images.umsUdmRestApi.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.umsUdmRestApi.tag | quote }}
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
||||
extraSecrets:
|
||||
- name: ums-udm-rest-api-credentials
|
||||
stringData:
|
||||
ldap.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
machine.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
|
||||
|
||||
...
|
||||
|
||||
@@ -53,7 +53,8 @@ memcached:
|
||||
bundled: false
|
||||
auth:
|
||||
username: null
|
||||
password: null
|
||||
# This is also used by the umc-server Helm chart to generate a secret. The secrets content is represented as an environment variable. If said variable is empty, the container fails to start due to an entrypoint script erroring on a nullish value for the environment variable SELF_SERVICE_MEMCACHED_SECRET.
|
||||
password: "password"
|
||||
server: {{ .Values.cache.umsSelfservice.host | quote }}
|
||||
|
||||
postgresql:
|
||||
@@ -102,10 +103,8 @@ umcServer:
|
||||
caCert: "Cg=="
|
||||
certPem: "Cg=="
|
||||
privateKey: "Cg=="
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
|
||||
# TODO: Secret should be entered without b64enc
|
||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
|
||||
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
smtpSecret: {{ .Values.smtp.password | quote }}
|
||||
privateKeyFile: "/var/secrets/ssl/tls.key"
|
||||
|
||||
|
||||
@@ -450,7 +450,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "ldap-notifier"
|
||||
version: "0.8.2"
|
||||
version: "0.10.0"
|
||||
verify: true
|
||||
umsLdapServer:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -462,7 +462,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "ldap-server"
|
||||
version: "0.8.2"
|
||||
version: "0.10.0"
|
||||
verify: true
|
||||
umsNotificationsApi:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -474,7 +474,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "notifications-api"
|
||||
version: "0.9.2"
|
||||
version: "0.20.1"
|
||||
verify: true
|
||||
umsOpenPolicyAgent:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -498,7 +498,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "portal-frontend"
|
||||
version: "0.14.0"
|
||||
version: "0.20.1"
|
||||
verify: true
|
||||
umsPortalListener:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -510,7 +510,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "portal-listener"
|
||||
version: "0.14.0"
|
||||
version: "0.20.1"
|
||||
verify: true
|
||||
umsPortalServer:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -522,7 +522,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "portal-server"
|
||||
version: "0.14.0"
|
||||
version: "0.20.1"
|
||||
verify: true
|
||||
umsProvisioning:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -570,7 +570,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "stack-data-swp"
|
||||
version: "0.44.0"
|
||||
version: "0.45.1"
|
||||
verify: true
|
||||
umsStackDataUms:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -582,7 +582,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "stack-data-ums"
|
||||
version: "0.44.0"
|
||||
version: "0.45.1"
|
||||
verify: true
|
||||
umsUdmRestApi:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -594,7 +594,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "udm-rest-api"
|
||||
version: "0.5.2"
|
||||
version: "0.9.0"
|
||||
verify: true
|
||||
umsUmcGateway:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -606,7 +606,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "umc-gateway"
|
||||
version: "0.6.4"
|
||||
version: "0.11.2"
|
||||
verify: true
|
||||
umsUmcServer:
|
||||
# providerCategory: 'Supplier'
|
||||
@@ -618,7 +618,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "umc-server"
|
||||
version: "0.6.4"
|
||||
version: "0.11.2"
|
||||
verify: true
|
||||
xwiki:
|
||||
# providerCategory: 'Supplier'
|
||||
|
||||
@@ -566,7 +566,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '8', '2']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
|
||||
tag: "0.8.2@sha256:bb7d76fb5299e9d019aa61b5397af15063a5b341fcf2b74c65db679ca5fa873f"
|
||||
tag: "0.10.0@sha256:c2532b7a0920f49c115a58f1660cb7af495ebbb0e2eac0bb5f6723c59633a019"
|
||||
umsLdapServer:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -576,7 +576,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '8', '2']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
|
||||
tag: "0.8.2@sha256:abcaec050875a8605befe13cce78f9f8eb28aa3c1764e281a8540b2a3db4a5da"
|
||||
tag: "0.10.0@sha256:ee54a0c6bf2e1d24fa04e7487cbebdec0a344f5db8f9a706db2b982fd07bc720"
|
||||
umsNotificationsApi:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -586,7 +586,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '9', '4']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
|
||||
tag: "0.9.4@sha256:f058398d68c38039bb168af6d60d016f66fffde83a02f0b8f62124ebf2fed4d9"
|
||||
tag: "0.20.1@sha256:c1176da0ecd3d964b7caaea0d9e583d7644c7a7dbdb08c0ecd85df88e0f27321"
|
||||
umsOpenPolicyAgent:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -606,7 +606,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '9', '4']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
|
||||
tag: "0.19.0@sha256:7c80f703faf720da159c405a140c1029fd8c12def61653737e2a772982012d5c"
|
||||
tag: "0.20.1@sha256:fc7d1d7b22b83037ac6d54b2cc1baaefc78175cdc86557cfc121eda469832b59"
|
||||
umsPortalListener:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -616,7 +616,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '9', '4']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-listener"
|
||||
tag: "0.19.0@sha256:7fff6db5151b9aecffdfcd429b6eefb36a96ca14c5384183aa4246b5c0c8b133"
|
||||
tag: "0.20.1@sha256:e93f256f736223edceaac50831cee062b4b8fee0a46f27175e6ea0c506620358"
|
||||
umsPortalServer:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -626,7 +626,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '9', '4']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
|
||||
tag: "0.19.0@sha256:9a19e3a0990fba1dd2cdb1fd96ab53dcfba23717291ca1b0c87d8ed19b4c2c46"
|
||||
tag: "0.20.1@sha256:db5d79b64dc1b8678401d32a1a695b217d7677e7578738f0eec90467c7b5ae05"
|
||||
umsProvisioningDispatcher:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -704,7 +704,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '5', '2']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
|
||||
tag: "0.5.2@sha256:94c8294130f6a187bb850bcaeb314a09c5aa48ab97e3f419fbeb6ddbd39a3246"
|
||||
tag: "0.9.0@sha256:f5589a1a885e9f96d98304148bac5a40dfd4350ee40205a29b8798b29ae0a7db"
|
||||
umsUmcGateway:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -714,7 +714,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '7', '3']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
|
||||
tag: "0.9.0@sha256:e15b59b851b3cae2bdfde1a9de707bfbc64a124db98a8d9ac7965d7d3827519b"
|
||||
tag: "0.11.2@sha256:13edaa88ded4b3389ef36d0215ad19ea093ae962f8de9b4b178550e02de06277"
|
||||
umsUmcServer:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -724,7 +724,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '7', '3']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
|
||||
tag: "0.9.0@sha256:7ef0f6a3a3024120a4dae6f0bd44fc531c88ca0b5893465d0bdbd96b5a9c87ea"
|
||||
tag: "0.11.2@sha256:866b8c3d2845653c68316458d7a24901b0493d2e2b83d50e0932adc42cda1706"
|
||||
umsWaitForDependency:
|
||||
# providerCategory: 'Supplier'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -734,7 +734,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ['0', '9', '4']
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
|
||||
tag: "0.14.0@sha256:fda3f99be59614115997a55ad5887bf8f6482de4c8e168706aac3e42575b4915"
|
||||
tag: "0.20.1@sha256:8b3d7195223de10ce6ac2649a363eed073dad9bb277c0d8d2d1c0f1613e0d5a7"
|
||||
wellKnown:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Element'
|
||||
|
||||
@@ -396,6 +396,13 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsLdapServerInit:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsNotificationsApi:
|
||||
limits:
|
||||
cpu: 99
|
||||
@@ -501,6 +508,13 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsUdmRestApiInit:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsUmcGateway:
|
||||
limits:
|
||||
cpu: 99
|
||||
|
||||
Reference in New Issue
Block a user