fix(univention-management-stack): Add Helm charts

helmfile/apps/univention-management-stack/helmfile.yaml

@@ -1,3 +1,86 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
+
+repositories:
+  - name: "univention"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
+
+releases:
+  - name: "store-dav"
+    chart: "univention/store-dav"
+    version: "0.2.0"
+    values:
+      - "values-store-dav.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "ldap-server"
+    chart: "univention/ldap-server"
+    version: "0.1.0"
+    values:
+      - "values-ldap-server.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "ldap-notifier"
+    chart: "univention/ldap-notifier"
+    version: "0.1.0"
+    values:
+      - "values-ldap-notifier.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "udm-rest-api"
+    chart: "univention/udm-rest-api"
+    version: "0.1.0"
+    values:
+      - "values-udm-rest-api.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "stack-data-ums"
+    chart: "univention/stack-data-ums"
+    version: "0.1.0"
+    values:
+      - "values-stack-data-ums.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "stack-data-swp"
+    chart: "univention/stack-data-swp"
+    version: "0.1.0"
+    values:
+      - "values-stack-data-swp.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "portal-server"
+    chart: "univention/portal-server"
+    version: "0.1.0"
+    values:
+      - "values-portal-server.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "notifications-api"
+    chart: "univention/notifications-api"
+    version: "0.1.0"
+    values:
+      - "values-notifications-api.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "portal-listener"
+    chart: "univention/portal-listener"
+    version: "0.1.0"
+    values:
+      - "values-portal-listener.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "portal-frontend"
+    chart: "univention/portal-frontend"
+    version: "0.1.0"
+    values:
+      - "values-portal-frontend.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "umc-gateway"
+    chart: "univention/umc-gateway"
+    version: "0.1.0"
+    values:
+      - "values-umc-gateway.gotmpl"
+    condition: "univentionManagementStack.enabled"
+  - name: "umc-server"
+    chart: "univention/umc-server"
+    version: "0.1.0"
+    values:
+      - "values-umc-server.gotmpl"
+    condition: "univentionManagementStack.enabled"
+
+bases:
+  - "../../bases/environments.yaml"

helmfile/apps/univention-management-stack/values-ldap-notifier.gotmpl

@@ -0,0 +1,17 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsLdapNotifier.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsLdapNotifier.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+...

helmfile/apps/univention-management-stack/values-ldap-server.gotmpl

@@ -0,0 +1,30 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+ldapServer:
+  ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
+
+  # TODO: Certificates handling
+  # caCert: ""
+  # certPem: ""
+  # privateKey: ""
+  # dhParam: ""
+  tlsMode: "off"
+
+  # TODO: SAML integration
+  # samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
+  # samlMetadataUrlInternal: "http://keycloak.default/realms/ucs/protocol/saml/descriptor"
+  # serviceProviders: "http://localhost:8000/univention/saml/metadata,http://localhost:8000/auth/realms/ucs"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsLdapServer.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsLdapServer.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+...

helmfile/apps/univention-management-stack/values-notifications-api.gotmpl

@@ -0,0 +1,35 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+notificationsapi:
+  apply_database_migrations: "True"
+  dev_mode: "False"
+  environment: "staging"
+  log_level: "DEBUG"
+  sql_echo: "False"
+  api_prefix: "/univention/portal/notifications-api"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsNotificationsApi.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsNotificationsApi.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+istio:
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.istio.enabled }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+...

helmfile/apps/univention-management-stack/values-portal-frontend.gotmpl

@@ -0,0 +1,40 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+portalFrontend:
+  environment: "staging"
+  log_level: "INFO"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsPortalFrontend.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsPortalFrontend.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+
+ingressRoot:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+
+istio:
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.istio.enabled }}
+
+...

helmfile/apps/univention-management-stack/values-portal-listener.gotmpl

@@ -0,0 +1,42 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+portalListener:
+  adminGroup: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
+  environment: "staging"
+  debugLevel: "4"
+  # TODO: using this in server without the pending slash, fix
+  # ucsInternalUrl: "http://portal-listener:univention@store-dav/portal-data/"
+  assetsRoot: "http://portal-listener:univention@store-dav/portal-assets/"
+  ucsInternalUrl: "http://portal-listener:univention@store-dav/portal-data/"
+  umcGetUrl: "http://umc-server/get"
+  umcSessionUrl: "http://umc-server/get/session-info"
+
+  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  ldapHost: "ldap-server"
+  ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet"
+  ldapSecret: "univention"
+  machineSecret: "univention"
+  notifierServer: "ldap-notifier"
+  portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=univention-organization,dc=intranet"
+  udmApiUrl: "http://udm-rest-api/udm/"
+  udmApiUsername: "cn=admin"
+
+  tlsMode: "off"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsPortalListener.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsPortalListener.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+store-dav:
+  bundled: false
+
+...

helmfile/apps/univention-management-stack/values-portal-server.gotmpl

@@ -0,0 +1,38 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+portalServer:
+  adminGroup: "cn=Domain Admins,cn=groups,dc=univention,dc=intranet"
+  authMode: "saml"
+  environment: "staging"
+  editable: "true"
+  logLevel: "DEBUG"
+  ucsInternalUrl: "http://portal-server:univention@store-dav/portal-data"
+  umcGetUrl: "http://umc-server/get"
+  umcSessionUrl: "http://umc-server/get/session-info"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsPortalServer.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsPortalServer.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+istio:
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.istio.enabled }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+
+...

helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl

@@ -0,0 +1,20 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+stackDataSwp:
+  udmApiPassword: "univention"
+  loadDevData: true
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsDataLoader.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsDataLoader.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+...

helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl

@@ -0,0 +1,26 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+stackDataUms:
+  udmApiPassword: "univention"
+  loadDevData: true
+
+stackDataContext:
+  initialPasswordAdministrator: "univention"
+
+  # The SWP configuration brings its own UMC policies.
+  installUmcPolicies: false
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsDataLoader.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsDataLoader.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+...

helmfile/apps/univention-management-stack/values-store-dav.gotmpl

@@ -0,0 +1,44 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+storeDav:
+  auth:
+    basicAuth:
+      # TODO: Secrets management
+      portal-server: "univention"
+      portal-listener: "univention"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsStoreDav.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsStoreDav.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+  configHtpasswd:
+    registry: "{{ .Values.global.imageRegistry }}"
+    repository: "{{ .Values.images.umsConfigHtpasswd.repository }}"
+    pullPolicy: "Always"
+    tag: "{{ .Values.images.umsConfigHtpasswd.tag }}"
+    pullSecrets:
+      {{- range .Values.global.imagePullSecrets }}
+      - name: {{ . }}
+      {{- end }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+
+istio:
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.istio.enabled }}
+...

helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl

@@ -0,0 +1,57 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+udmRestApi:
+  apiLogLevel: "4"
+  authGroups:
+    dcBackup: "cn=DC Backup Hosts,cn=groups,dc=univention-organization,dc=intranet"
+    dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=univention-organization,dc=intranet"
+    domainAdmins: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
+  environment: "staging"
+  ldapHost: "ldap-server"
+  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  # TODO: This should not be required, the machine account is not there
+  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet
+  ldapHostDn: "cn=admin,dc=univention-organization,dc=intranet"
+  # TODO: Secret should be entered without b64enc
+  ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
+  # TODO: There is on machine secret on the container
+  # TODO: Secret should be entered without b64enc
+  machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
+  # TODO: why do we need this many subprocesses?
+  numberOfSubprocesses: 8
+  # TODO: Stub value currently
+  caCert: ""
+  # TODO: This should not be part of the udm-rest-api anymore
+  loadJoinData:
+    enabled: true
+  # TODO: probably to INFO
+  logLevel: "DEBUG"
+  # TODO: configurable
+  tlsMode: "off"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsUdmRestApi.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsUdmRestApi.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+
+istio:
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.istio.enabled }}
+
+...

helmfile/apps/univention-management-stack/values-umc-gateway.gotmpl

@@ -0,0 +1,33 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+umcGateway:
+  domainname: "{{ .Values.global.domain }}"
+  hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
+  ssoFqdn: "localhost:8097"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsUmcGateway.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsUmcGateway.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+istio:
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.istio.enabled }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+
+...

helmfile/apps/univention-management-stack/values-umc-server.gotmpl

@@ -0,0 +1,52 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+umcServer:
+  domainname: "{{ .Values.global.domain }}"
+  hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
+  ldapHost: "ldap-server"
+  ldapBaseDn: "dc=univention-organization,dc=intranet"
+  # TODO: This should not be required, the machine account is not there
+  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=univention-organization,dc=intranet
+  ldapHostDn: cn=admin,dc=univention-organization,dc=intranet
+  enforceSessionCookie: "true"
+
+  samlEnabled: false
+  samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
+  samlMetadataUrlInternal: "http://keycloak/realms/ucs/protocol/saml/descriptor"
+  samlSpServer: "localhost:8000"
+  samlSchemes: "http"
+
+  tlsMode: "off"
+
+  # TODO: Secret should be entered without b64enc
+  ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
+  # TODO: There is on machine secret on the container
+  # TODO: Secret should be entered without b64enc
+  machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
+
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  repository: "{{ .Values.images.umsUmcServer.repository }}"
+  pullPolicy: "Always"
+  tag: "{{ .Values.images.umsUmcServer.tag }}"
+  pullSecrets:
+    {{- range .Values.global.imagePullSecrets }}
+    - name: {{ . }}
+    {{- end }}
+
+istio:
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.istio.enabled }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  ingressClassName: "{{ .Values.ingress.ingressClassName }}"
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: "{{ .Values.ingress.tls.secretName }}"
+
+...

helmfile/environments/default/global.yaml

@@ -25,6 +25,7 @@ global:
     pollWidget: "poll-widget"
     synapse: "matrix"
     univentionCorporateServer: "portal"
+    univentionManagementStack: "portal"
     whiteboard: "whiteboard"
     xwiki: "wiki"
 

helmfile/environments/default/images.yaml

@@ -119,6 +119,42 @@ images:
   univentionCorporateServer:
     repository: "souvap/tooling/images/univention-corporate-server-swp/ucs"
     tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8"
+  umsConfigHtpasswd:
+    repository: "souvap/tooling/images/univention/config-htpasswd"
+    tag: "latest@sha256:24c5e218baa62b169e7222d8ee4d3951ddc8622cd359def6b660bb23a1052f9e"
+  umsDataLoader:
+    repository: "souvap/tooling/images/univention/data-loader"
+    tag: "latest@sha256:857837c1810f82362d441544dc32bd2c1d6fe358bbb5ae0e2c60b7f8f4092190"
+  umsLdapNotifier:
+    repository: "souvap/tooling/images/univention/ldap-notifier"
+    tag: "latest@sha256:6eccf86fe78926247ec9b59d7ba83c53271bc3ca7d0195863c0489e22c836002"
+  umsLdapServer:
+    repository: "souvap/tooling/images/univention/ldap-server"
+    tag: "latest@sha256:4a7c44b37c727cdc03e4043c88e3dbf6b1f119772c5c1904eaed3298bdd49a3d"
+  umsNotificationsApi:
+    repository: "souvap/tooling/images/univention/notifications-api"
+    tag: "latest@sha256:87a047c2d0669fcbb3501ef94192812e17e09aecabc1edd2e4b92afbb7ea4b20"
+  umsPortalListener:
+    repository: "souvap/tooling/images/univention/portal-listener"
+    tag: "latest@sha256:bcf48d108bc2f1afd745659a1d4f11f1dd0d8ada034899aa401dfea32a29c87a"
+  umsPortalFrontend:
+    repository: "souvap/tooling/images/univention/portal-frontend"
+    tag: "latest@sha256:a1b11db009e992d91cfef2bc60a5022cd4498c38908194020c881ef6dd325bae"
+  umsPortalServer:
+    repository: "souvap/tooling/images/univention/portal-server"
+    tag: "latest@sha256:eb0b032c4cf4b207f78b80c69f3e593e01e577779d877e16908902f19b4fc2ee"
+  umsStoreDav:
+    repository: "souvap/tooling/images/univention/store-dav"
+    tag: "latest@sha256:d65f705e46a497ba58e7373f19973835f731796baeace16a32d6331469bf0068"
+  umsUdmRestApi:
+    repository: "souvap/tooling/images/univention/udm-rest-api"
+    tag: "latest@sha256:dce4322646749692c5d4692ccd7ff55df080a4af3485585a50c82871715e0cae"
+  umsUmcGateway:
+    repository: "souvap/tooling/images/univention/umc-gateway"
+    tag: "latest@sha256:18172ee4317a9259291f251c0cc1d2be05e003558cbd18d6dc062098a127cc8d"
+  umsUmcServer:
+    repository: "souvap/tooling/images/univention/umc-server"
+    tag: "latest@sha256:6cbb1708109c5a0c13f3ee433989094d04cecfb8b32975e723d0f5a2e526f8db"
   wellKnown:
     repository: "library/nginx"
     tag: "1.25.2-bookworm@sha256:9504f3f64a3f16f0eaf9adca3542ff8b2a6880e6abfb13e478cca23f6380080a"

helmfile/environments/default/secrets.gotmpl

@@ -23,6 +23,14 @@ secrets:
       ox: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_ox" | sha1sum) }}
       openproject: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_openproject" | sha1sum) }}
       xwiki: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_xwiki" | sha1sum) }}
+  univentionManagementStack:
+    # TODO: Use "derivePassword"
+    ldapSecret: "univention"
+    # TODO: Use "derivePassword" and leave processing to the Helm chart
+    # Example, password set to "univention"
+    storeDavAuthHtpasswd: |
+      portal-server:$apr1$yruGWANI$75Soiqs3hEmezu.g/r3VW/
+      portal-listener:$apr1$6kadQ4Ji$hHriD5fpBJyf00SIy.NG41
   postgresql:
     postgresUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum) }}
     keycloakUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum) }}