diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/univention-management-stack/helmfile.yaml index c95842fc..9f588245 100644 --- a/helmfile/apps/univention-management-stack/helmfile.yaml +++ b/helmfile/apps/univention-management-stack/helmfile.yaml @@ -1,3 +1,86 @@ # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- + +repositories: + - name: "univention" + url: >- + {{ env "PRIVATE_CHART_REPOSITORY_URL" | + default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }} + +releases: + - name: "store-dav" + chart: "univention/store-dav" + version: "0.2.0" + values: + - "values-store-dav.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "ldap-server" + chart: "univention/ldap-server" + version: "0.1.0" + values: + - "values-ldap-server.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "ldap-notifier" + chart: "univention/ldap-notifier" + version: "0.1.0" + values: + - "values-ldap-notifier.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "udm-rest-api" + chart: "univention/udm-rest-api" + version: "0.1.0" + values: + - "values-udm-rest-api.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "stack-data-ums" + chart: "univention/stack-data-ums" + version: "0.1.0" + values: + - "values-stack-data-ums.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "stack-data-swp" + chart: "univention/stack-data-swp" + version: "0.1.0" + values: + - "values-stack-data-swp.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "portal-server" + chart: "univention/portal-server" + version: "0.1.0" + values: + - "values-portal-server.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "notifications-api" + chart: "univention/notifications-api" + version: "0.1.0" + values: + - "values-notifications-api.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "portal-listener" + chart: "univention/portal-listener" + version: "0.1.0" + values: + - "values-portal-listener.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "portal-frontend" + chart: "univention/portal-frontend" + version: "0.1.0" + values: + - "values-portal-frontend.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "umc-gateway" + chart: "univention/umc-gateway" + version: "0.1.0" + values: + - "values-umc-gateway.gotmpl" + condition: "univentionManagementStack.enabled" + - name: "umc-server" + chart: "univention/umc-server" + version: "0.1.0" + values: + - "values-umc-server.gotmpl" + condition: "univentionManagementStack.enabled" + +bases: + - "../../bases/environments.yaml" diff --git a/helmfile/apps/univention-management-stack/values-ldap-notifier.gotmpl b/helmfile/apps/univention-management-stack/values-ldap-notifier.gotmpl new file mode 100644 index 00000000..79ce28a3 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-ldap-notifier.gotmpl @@ -0,0 +1,17 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsLdapNotifier.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsLdapNotifier.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +... diff --git a/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl b/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl new file mode 100644 index 00000000..265f5241 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-ldap-server.gotmpl @@ -0,0 +1,30 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +ldapServer: + ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}" + + # TODO: Certificates handling + # caCert: "" + # certPem: "" + # privateKey: "" + # dhParam: "" + tlsMode: "off" + + # TODO: SAML integration + # samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor" + # samlMetadataUrlInternal: "http://keycloak.default/realms/ucs/protocol/saml/descriptor" + # serviceProviders: "http://localhost:8000/univention/saml/metadata,http://localhost:8000/auth/realms/ucs" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsLdapServer.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsLdapServer.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} +... diff --git a/helmfile/apps/univention-management-stack/values-notifications-api.gotmpl b/helmfile/apps/univention-management-stack/values-notifications-api.gotmpl new file mode 100644 index 00000000..8bab4295 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-notifications-api.gotmpl @@ -0,0 +1,35 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +notificationsapi: + apply_database_migrations: "True" + dev_mode: "False" + environment: "staging" + log_level: "DEBUG" + sql_echo: "False" + api_prefix: "/univention/portal/notifications-api" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsNotificationsApi.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsNotificationsApi.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +istio: + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + enabled: {{ .Values.istio.enabled }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" +... diff --git a/helmfile/apps/univention-management-stack/values-portal-frontend.gotmpl b/helmfile/apps/univention-management-stack/values-portal-frontend.gotmpl new file mode 100644 index 00000000..36337d56 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-portal-frontend.gotmpl @@ -0,0 +1,40 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +portalFrontend: + environment: "staging" + log_level: "INFO" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsPortalFrontend.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsPortalFrontend.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" + +ingressRoot: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" + +istio: + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + enabled: {{ .Values.istio.enabled }} + +... diff --git a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl new file mode 100644 index 00000000..18544be3 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl @@ -0,0 +1,42 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +portalListener: + adminGroup: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet" + environment: "staging" + debugLevel: "4" + # TODO: using this in server without the pending slash, fix + # ucsInternalUrl: "http://portal-listener:univention@store-dav/portal-data/" + assetsRoot: "http://portal-listener:univention@store-dav/portal-assets/" + ucsInternalUrl: "http://portal-listener:univention@store-dav/portal-data/" + umcGetUrl: "http://umc-server/get" + umcSessionUrl: "http://umc-server/get/session-info" + + ldapBaseDn: "dc=univention-organization,dc=intranet" + ldapHost: "ldap-server" + ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet" + ldapSecret: "univention" + machineSecret: "univention" + notifierServer: "ldap-notifier" + portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=univention-organization,dc=intranet" + udmApiUrl: "http://udm-rest-api/udm/" + udmApiUsername: "cn=admin" + + tlsMode: "off" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsPortalListener.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsPortalListener.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +store-dav: + bundled: false + +... diff --git a/helmfile/apps/univention-management-stack/values-portal-server.gotmpl b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl new file mode 100644 index 00000000..bbaec4b2 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl @@ -0,0 +1,38 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +portalServer: + adminGroup: "cn=Domain Admins,cn=groups,dc=univention,dc=intranet" + authMode: "saml" + environment: "staging" + editable: "true" + logLevel: "DEBUG" + ucsInternalUrl: "http://portal-server:univention@store-dav/portal-data" + umcGetUrl: "http://umc-server/get" + umcSessionUrl: "http://umc-server/get/session-info" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsPortalServer.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsPortalServer.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +istio: + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + enabled: {{ .Values.istio.enabled }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" + +... diff --git a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl new file mode 100644 index 00000000..271d6182 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl @@ -0,0 +1,20 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +stackDataSwp: + udmApiPassword: "univention" + loadDevData: true + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsDataLoader.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsDataLoader.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +... diff --git a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl new file mode 100644 index 00000000..28d1f0c4 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl @@ -0,0 +1,26 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +stackDataUms: + udmApiPassword: "univention" + loadDevData: true + +stackDataContext: + initialPasswordAdministrator: "univention" + + # The SWP configuration brings its own UMC policies. + installUmcPolicies: false + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsDataLoader.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsDataLoader.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +... diff --git a/helmfile/apps/univention-management-stack/values-store-dav.gotmpl b/helmfile/apps/univention-management-stack/values-store-dav.gotmpl new file mode 100644 index 00000000..b6735413 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-store-dav.gotmpl @@ -0,0 +1,44 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +storeDav: + auth: + basicAuth: + # TODO: Secrets management + portal-server: "univention" + portal-listener: "univention" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsStoreDav.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsStoreDav.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + + configHtpasswd: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsConfigHtpasswd.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsConfigHtpasswd.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" + +istio: + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + enabled: {{ .Values.istio.enabled }} +... diff --git a/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl b/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl new file mode 100644 index 00000000..067386ba --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl @@ -0,0 +1,57 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +udmRestApi: + apiLogLevel: "4" + authGroups: + dcBackup: "cn=DC Backup Hosts,cn=groups,dc=univention-organization,dc=intranet" + dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=univention-organization,dc=intranet" + domainAdmins: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet" + environment: "staging" + ldapHost: "ldap-server" + ldapBaseDn: "dc=univention-organization,dc=intranet" + # TODO: This should not be required, the machine account is not there + # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet + ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet" + # TODO: Secret should be entered without b64enc + ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" + # TODO: There is on machine secret on the container + # TODO: Secret should be entered without b64enc + machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" + # TODO: why do we need this many subprocesses? + numberOfSubprocesses: 8 + # TODO: Stub value currently + caCert: "" + # TODO: This should not be part of the udm-rest-api anymore + loadJoinData: + enabled: true + # TODO: probably to INFO + logLevel: "DEBUG" + # TODO: configurable + tlsMode: "off" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsUdmRestApi.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsUdmRestApi.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" + +istio: + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + enabled: {{ .Values.istio.enabled }} + +... diff --git a/helmfile/apps/univention-management-stack/values-umc-gateway.gotmpl b/helmfile/apps/univention-management-stack/values-umc-gateway.gotmpl new file mode 100644 index 00000000..21ca5851 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-umc-gateway.gotmpl @@ -0,0 +1,33 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +umcGateway: + domainname: "{{ .Values.global.domain }}" + hostname: "{{ .Values.global.hosts.univentionManagementStack }}" + ssoFqdn: "localhost:8097" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsUmcGateway.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsUmcGateway.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +istio: + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + enabled: {{ .Values.istio.enabled }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" + +... diff --git a/helmfile/apps/univention-management-stack/values-umc-server.gotmpl b/helmfile/apps/univention-management-stack/values-umc-server.gotmpl new file mode 100644 index 00000000..5b554c88 --- /dev/null +++ b/helmfile/apps/univention-management-stack/values-umc-server.gotmpl @@ -0,0 +1,52 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +umcServer: + domainname: "{{ .Values.global.domain }}" + hostname: "{{ .Values.global.hosts.univentionManagementStack }}" + ldapHost: "ldap-server" + ldapBaseDn: "dc=univention-organization,dc=intranet" + # TODO: This should not be required, the machine account is not there + # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet + ldapHostDn: cn=admin,dc=univention-organization,dc=intranet + enforceSessionCookie: "true" + + samlEnabled: false + samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor" + samlMetadataUrlInternal: "http://keycloak/realms/ucs/protocol/saml/descriptor" + samlSpServer: "localhost:8000" + samlSchemes: "http" + + tlsMode: "off" + + # TODO: Secret should be entered without b64enc + ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" + # TODO: There is on machine secret on the container + # TODO: Secret should be entered without b64enc + machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.umsUmcServer.repository }}" + pullPolicy: "Always" + tag: "{{ .Values.images.umsUmcServer.tag }}" + pullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + +istio: + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + enabled: {{ .Values.istio.enabled }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: "{{ .Values.ingress.tls.secretName }}" + +... diff --git a/helmfile/environments/default/global.yaml b/helmfile/environments/default/global.yaml index cd519286..eb3c6161 100644 --- a/helmfile/environments/default/global.yaml +++ b/helmfile/environments/default/global.yaml @@ -25,6 +25,7 @@ global: pollWidget: "poll-widget" synapse: "matrix" univentionCorporateServer: "portal" + univentionManagementStack: "portal" whiteboard: "whiteboard" xwiki: "wiki" diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index e3327fd0..49dc460c 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -119,6 +119,42 @@ images: univentionCorporateServer: repository: "souvap/tooling/images/univention-corporate-server-swp/ucs" tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8" + umsConfigHtpasswd: + repository: "souvap/tooling/images/univention/config-htpasswd" + tag: "latest@sha256:24c5e218baa62b169e7222d8ee4d3951ddc8622cd359def6b660bb23a1052f9e" + umsDataLoader: + repository: "souvap/tooling/images/univention/data-loader" + tag: "latest@sha256:857837c1810f82362d441544dc32bd2c1d6fe358bbb5ae0e2c60b7f8f4092190" + umsLdapNotifier: + repository: "souvap/tooling/images/univention/ldap-notifier" + tag: "latest@sha256:6eccf86fe78926247ec9b59d7ba83c53271bc3ca7d0195863c0489e22c836002" + umsLdapServer: + repository: "souvap/tooling/images/univention/ldap-server" + tag: "latest@sha256:4a7c44b37c727cdc03e4043c88e3dbf6b1f119772c5c1904eaed3298bdd49a3d" + umsNotificationsApi: + repository: "souvap/tooling/images/univention/notifications-api" + tag: "latest@sha256:87a047c2d0669fcbb3501ef94192812e17e09aecabc1edd2e4b92afbb7ea4b20" + umsPortalListener: + repository: "souvap/tooling/images/univention/portal-listener" + tag: "latest@sha256:bcf48d108bc2f1afd745659a1d4f11f1dd0d8ada034899aa401dfea32a29c87a" + umsPortalFrontend: + repository: "souvap/tooling/images/univention/portal-frontend" + tag: "latest@sha256:a1b11db009e992d91cfef2bc60a5022cd4498c38908194020c881ef6dd325bae" + umsPortalServer: + repository: "souvap/tooling/images/univention/portal-server" + tag: "latest@sha256:eb0b032c4cf4b207f78b80c69f3e593e01e577779d877e16908902f19b4fc2ee" + umsStoreDav: + repository: "souvap/tooling/images/univention/store-dav" + tag: "latest@sha256:d65f705e46a497ba58e7373f19973835f731796baeace16a32d6331469bf0068" + umsUdmRestApi: + repository: "souvap/tooling/images/univention/udm-rest-api" + tag: "latest@sha256:dce4322646749692c5d4692ccd7ff55df080a4af3485585a50c82871715e0cae" + umsUmcGateway: + repository: "souvap/tooling/images/univention/umc-gateway" + tag: "latest@sha256:18172ee4317a9259291f251c0cc1d2be05e003558cbd18d6dc062098a127cc8d" + umsUmcServer: + repository: "souvap/tooling/images/univention/umc-server" + tag: "latest@sha256:6cbb1708109c5a0c13f3ee433989094d04cecfb8b32975e723d0f5a2e526f8db" wellKnown: repository: "library/nginx" tag: "1.25.2-bookworm@sha256:9504f3f64a3f16f0eaf9adca3542ff8b2a6880e6abfb13e478cca23f6380080a" diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 7b7d9e35..d9b53be1 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -23,6 +23,14 @@ secrets: ox: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_ox" | sha1sum) }} openproject: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_openproject" | sha1sum) }} xwiki: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_xwiki" | sha1sum) }} + univentionManagementStack: + # TODO: Use "derivePassword" + ldapSecret: "univention" + # TODO: Use "derivePassword" and leave processing to the Helm chart + # Example, password set to "univention" + storeDavAuthHtpasswd: | + portal-server:$apr1$yruGWANI$75Soiqs3hEmezu.g/r3VW/ + portal-listener:$apr1$6kadQ4Ji$hHriD5fpBJyf00SIy.NG41 postgresql: postgresUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum) }} keycloakUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum) }}