diff --git a/README-EE.md b/README-EE.md index 1cfd9adc..fa5e9056 100644 --- a/README-EE.md +++ b/README-EE.md @@ -123,7 +123,7 @@ When a repository path starts with `/zendis`, the artifact is only available in - Collabora Online (COOL) container image: Is build from the same public source code as Collabora Development Edition (CODE), only the build configurations might differ. COOL includes a brand package that is not public and its license is not open source. - COOL Controller container image and Helm chart: Source code and chart are using Mozilla Public License Version 2.0, but the source code is not public. It is provided to customers upon request. -openDesk updates Collabora once a COOL image based on the version pattern `...3` is available, at the same time the CODE image will be updated to `...2`. +openDesk updates Collabora once a COOL image based on the version pattern `...3+.` was made available. This happens usually at the same time the CODE image with `...2+.` is made available. ### Element diff --git a/README.md b/README.md index f101d65c..d371e4c8 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ openDesk currently features the following functional main components: | Portal & IAM | Nubus | [1.8.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-8-0-2025-04-07) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) | | Project management | OpenProject | [15.4.2](https://www.openproject.org/docs/release-notes/15-4-2/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) | | Videoconferencing | Jitsi | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) | -| Weboffice | Collabora | [24.04.12.4](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) | +| Weboffice | Collabora | [24.04.13](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) | While not all components are perfectly designed for the execution inside containers, one of the project's objectives is to align the applications with best practices regarding container design and operations. diff --git a/docs/baseline-requirements.md b/docs/baseline-requirements.md index c22303f1..9e0b1c9a 100644 --- a/docs/baseline-requirements.md +++ b/docs/baseline-requirements.md @@ -185,7 +185,8 @@ With a central Identity- and Access Management (IAM) also the user lifecycle (UL The focus is to have all the account information in all applications including the account's state, profile picture ([reference](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/issues/27)) and - where required - the user's group memberships. This cannot be done purely by pushing that data through OIDC claims when a user logs in to an application therefore two ways of managing an account are applicable and described in the following subchapters. -Note: Allowing ad hoc updates of account data through OIDC claims during login is still encouraged. +> **Note**
+> Allowing ad hoc updates of account data through OIDC claims during login is still encouraged. ### Pull: LDAP diff --git a/helmfile/apps/collabora/values.yaml.gotmpl b/helmfile/apps/collabora/values.yaml.gotmpl index 55d2be22..a81a1641 100644 --- a/helmfile/apps/collabora/values.yaml.gotmpl +++ b/helmfile/apps/collabora/values.yaml.gotmpl @@ -80,7 +80,7 @@ ingress: podAnnotations: {} podSecurityContext: - fsGroup: 100 + fsGroup: 1001 prometheus: servicemonitor: @@ -102,8 +102,8 @@ securityContext: privileged: false readOnlyRootFilesystem: false runAsNonRoot: true - runAsUser: 100 - runAsGroup: 101 + runAsUser: 1001 + runAsGroup: 1001 seccompProfile: type: "RuntimeDefault" capabilities: diff --git a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl index 40f937f8..85d18121 100644 --- a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl +++ b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl @@ -5,7 +5,7 @@ images: collabora: registry: "registry.opencode.de" repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk" - tag: "24.04.12.4.1@sha256:af4d4d0e743c71f7995e81cb081d0e1db79d016b0c50169480096f70b4b42f85" + tag: "24.04.13.3.1@sha256:7e9b63972415a5a8006ec6b7e904c2d78d9af467218ead7e578d0c8a5691f0bc" dovecot: registry: "registry.opencode.de" repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro" diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 3fe269e7..231c0ed6 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -56,7 +56,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/collabora/charts-mirror" name: "collabora-online" - version: "1.1.21" + version: "1.1.37" verify: true collaboraController: # Enterprise Component diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index aeab324f..084ec946 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -44,7 +44,7 @@ images: # upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk" registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk" - tag: "24.04.12.4.1@sha256:c794cefc3b56b13479e29626bb13e903ccc77a49163dacab1328efed69140c62" + tag: "24.04.13.3.1@sha256:f04a31d72b2b12b530b4e88b3ecb81eb96ebd98112515db59499ff71a4ec905f" collaboraController: # Enterprise Component # providerCategory: "Supplier"