From a899699e21b1d8da9886a93a2e74442799e23e96 Mon Sep 17 00:00:00 2001 From: Gergely Szabo Date: Thu, 23 May 2024 11:23:54 +0200 Subject: [PATCH] feat(helmfile): Create child helmfile for GitOps approach. --- .gitignore | 3 + docs/development.md | 20 +- docs/getting-started.md | 12 + helmfile.yaml | 53 ++--- helmfile/apps/collabora/helmfile-child.yaml | 27 +++ helmfile/apps/collabora/helmfile.yaml | 26 +-- helmfile/apps/cryptpad/helmfile-child.yaml | 27 +++ helmfile/apps/cryptpad/helmfile.yaml | 26 +-- helmfile/apps/element/helmfile-child.yaml | 184 ++++++++++++++++ helmfile/apps/element/helmfile.yaml | 183 +-------------- .../apps/intercom-service/helmfile-child.yaml | 27 +++ helmfile/apps/intercom-service/helmfile.yaml | 26 +-- helmfile/apps/jitsi/helmfile-child.yaml | 28 +++ helmfile/apps/jitsi/helmfile.yaml | 27 +-- helmfile/apps/nextcloud/helmfile-child.yaml | 46 ++++ helmfile/apps/nextcloud/helmfile.yaml | 45 +--- .../apps/open-xchange/helmfile-child.yaml | 67 ++++++ helmfile/apps/open-xchange/helmfile.yaml | 66 +----- .../values-openxchange.yaml.gotmpl | 18 +- .../openproject-bootstrap/helmfile-child.yaml | 30 +++ .../apps/openproject-bootstrap/helmfile.yaml | 29 +-- helmfile/apps/openproject/helmfile-child.yaml | 30 +++ helmfile/apps/openproject/helmfile.yaml | 29 +-- .../apps/provisioning/helmfile-child.yaml | 24 ++ helmfile/apps/provisioning/helmfile.yaml | 23 +- helmfile/apps/services/helmfile-child.yaml | 208 ++++++++++++++++++ helmfile/apps/services/helmfile.yaml | 206 +---------------- .../helmfile-child.yaml | 48 ++++ .../univention-management-stack/helmfile.yaml | 47 +--- helmfile/apps/xwiki/helmfile-child.yaml | 29 +++ helmfile/apps/xwiki/helmfile.yaml | 28 +-- helmfile/environments/default/secrets.gotmpl | 5 +- helmfile_generic.yaml | 39 ++++ 33 files changed, 930 insertions(+), 756 deletions(-) create mode 100644 helmfile/apps/collabora/helmfile-child.yaml create mode 100644 helmfile/apps/cryptpad/helmfile-child.yaml create mode 100644 helmfile/apps/element/helmfile-child.yaml create mode 100644 helmfile/apps/intercom-service/helmfile-child.yaml create mode 100644 helmfile/apps/jitsi/helmfile-child.yaml create mode 100644 helmfile/apps/nextcloud/helmfile-child.yaml create mode 100644 helmfile/apps/open-xchange/helmfile-child.yaml create mode 100644 helmfile/apps/openproject-bootstrap/helmfile-child.yaml create mode 100644 helmfile/apps/openproject/helmfile-child.yaml create mode 100644 helmfile/apps/provisioning/helmfile-child.yaml create mode 100644 helmfile/apps/services/helmfile-child.yaml create mode 100644 helmfile/apps/univention-management-stack/helmfile-child.yaml create mode 100644 helmfile/apps/xwiki/helmfile-child.yaml create mode 100644 helmfile_generic.yaml diff --git a/.gitignore b/.gitignore index 074dc27a..8992e003 100755 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,6 @@ helmfile/environments/prod/values.yaml.gotmpl # Ignore in CI generated files .kyverno/opendesk.yaml .kyverno/kyverno-test.yaml + +# Ignore editor backup files +*~ diff --git a/docs/development.md b/docs/development.md index 493a1302..42e61580 100644 --- a/docs/development.md +++ b/docs/development.md @@ -27,19 +27,29 @@ the development of the deployment automation of openDesk. ```mermaid flowchart TD - A[./helmfile.yaml]-->B[./helmfile/apps/*all_configured_apps*/helmfile.yaml\nReferences the relevant app Helm\ncharts using details from 'charts.yaml'] + J[helmfile.yaml\nor a helmfile outside of this repository]-->A + J-->K[./helmfile/environemnts/*your_environment*/values.yaml.gotmpl\nor any an environment values file] + A[./helmfile_generic.yaml]-->B[./helmfile/apps/*all_configured_apps*/helmfile.yaml\nReferences the relevant app Helm\ncharts using details from 'charts.yaml'] B-->C[./values-*all_configured_components*.yaml.gotmpl\nValues to template the charts\nwith references to the `images.yaml`] A-->D[./helmfile/environments/default/*\nwith just some examples below] D-->F[charts.yaml] D-->G[images.yaml] D-->H[global.*] D-->I[secrets.yaml\nreplicas.yaml\nresources.yaml\n...] - A-->|overwrite defaults with your\ndeployment/environment specific values|E[./helmfile/environments/*your_environment*/values.yaml.gotmpl] + A-->|overwrite defaults with your\ndeployment/environment specific values|E[./helmfile/environments/default/values.yaml.gotmpl] ``` -The `helmfile.yaml` in the root folder is the basis for the whole deployment. It references the app specific `helmfile.yaml` files as well as some -global values files in `./environments/default`. It allows you to overwrite defaults by using one of the three predefined environments `dev`, `test` -and `prod`. +The `helmfile.yaml` file in the root folder serves as the foundation +for the entire deployment. It references the `helmfile_generic.yaml` +file, which includes app-specific `helmfile.yaml` files, as well as +global values files located in `./environments/default`. + +`helmfile.yaml` also refers to three predefined environments: `dev`, +`test`, and `prod`. + +The `helmfile_generic.yaml` file is designed to be referenced from +external repositories, where custom environments may be defined. An +example is demonstrated in the `helmfile.yaml` file. Before you look into any app specific configuration it is recommended to review the contents of `./environments/default` to get an understanding of what details are maintained in there, as they are usually referenced by the app configurations. diff --git a/docs/getting-started.md b/docs/getting-started.md index 174507f2..706ed2aa 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -369,6 +369,18 @@ section provide you with the desired information to login with the two default u | `default.user` | `40615..............................e9e2f` | Application user | | `default.admin` | `17027..............................04db6` | Administrator | +## Using from external repository + +It is possible to refer to `./helmfile_generic.yaml` from an external +directory or repository. The `helmfile.yaml` that refers to +`./helmfile_generic.yaml` may define custom environments. These custom +environments may overwrite certain configuration values. These +configuration values are: + +* `global.domain` +* `global.helmRegistry` +* `global.master_password` + # Uninstall You can uninstall the deployment by: diff --git a/helmfile.yaml b/helmfile.yaml index c2325c38..01ca04dd 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -1,52 +1,29 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- -# -# Advanced Configuration: Nested States -# -helmfiles: - # Path to the helmfile state file being processed BEFORE releases in this state file - - path: "helmfile/apps/services/helmfile.yaml" - - path: "helmfile/apps/univention-management-stack/helmfile.yaml" - - path: "helmfile/apps/intercom-service/helmfile.yaml" - - path: "helmfile/apps/open-xchange/helmfile.yaml" - - path: "helmfile/apps/nextcloud/helmfile.yaml" - - path: "helmfile/apps/collabora/helmfile.yaml" - - path: "helmfile/apps/cryptpad/helmfile.yaml" - - path: "helmfile/apps/jitsi/helmfile.yaml" - - path: "helmfile/apps/element/helmfile.yaml" - - path: "helmfile/apps/openproject/helmfile.yaml" - - path: "helmfile/apps/xwiki/helmfile.yaml" - - path: "helmfile/apps/provisioning/helmfile.yaml" - - path: "helmfile/apps/openproject-bootstrap/helmfile.yaml" - -missingFileHandler: "Error" - -# Environment is defined here and in helmfile/bases/environments.yaml -# This is a temporary solution to solve issue with different (relative) paths required when -# - Installing all releases from root via helmfile apply -# - Installing a single release from root via helmfile apply -f helmfile/apps//helmfile.yaml -# - Installing a single release from app directory via helmfile apply -# Issue: https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues/2 - environments: - default: - values: - - "helmfile/environments/default/*.gotmpl" - - "helmfile/environments/default/*.yaml" dev: values: - - "helmfile/environments/default/*.gotmpl" - - "helmfile/environments/default/*.yaml" - "helmfile/environments/dev/values.yaml.gotmpl" test: values: - - "helmfile/environments/default/*.gotmpl" - - "helmfile/environments/default/*.yaml" - "helmfile/environments/test/values.yaml.gotmpl" prod: values: - - "helmfile/environments/default/*.gotmpl" - - "helmfile/environments/default/*.yaml" - "helmfile/environments/prod/values.yaml.gotmpl" +--- +# yamllint disable +helmfiles: + - path: "./helmfile_generic.yaml" + values: + - {{ toYaml .Values | nindent 8 }} +# {{/* +# +# Use this format from a remote repository +# +# - path: "git::https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git@helmfile_generic.yaml?ref=v0.7.1" +# values: +# - {{ toYaml .Values | nindent 8 }} +# */}} ... diff --git a/helmfile/apps/collabora/helmfile-child.yaml b/helmfile/apps/collabora/helmfile-child.yaml new file mode 100644 index 00000000..4ad11b38 --- /dev/null +++ b/helmfile/apps/collabora/helmfile-child.yaml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # Collabora Online + # Source: https://github.com/CollaboraOnline/online + - name: "collabora-online-repo" + keyring: "../../files/gpg-pubkeys/collaboraoffice-com.gpg" + verify: {{ .Values.charts.collabora.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.collabora.registry }}/\ + {{ .Values.charts.collabora.repository }}" + +releases: + - name: "collabora-online" + chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}" + version: "{{ .Values.charts.collabora.version }}" + values: + - "values.yaml.gotmpl" + installed: {{ .Values.collabora.enabled }} + +commonLabels: + deploy-stage: "component-1" + component: "collabora" +... diff --git a/helmfile/apps/collabora/helmfile.yaml b/helmfile/apps/collabora/helmfile.yaml index 4ed5de46..9b507b66 100644 --- a/helmfile/apps/collabora/helmfile.yaml +++ b/helmfile/apps/collabora/helmfile.yaml @@ -1,30 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # Collabora Online - # Source: https://github.com/CollaboraOnline/online - - name: "collabora-online-repo" - keyring: "../../files/gpg-pubkeys/collaboraoffice-com.gpg" - verify: {{ .Values.charts.collabora.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.collabora.registry }}/\ - {{ .Values.charts.collabora.repository }}" - -releases: - - name: "collabora-online" - chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}" - version: "{{ .Values.charts.collabora.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values.yaml.gotmpl" - installed: {{ .Values.collabora.enabled }} - -commonLabels: - deploy-stage: "component-1" - component: "collabora" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/cryptpad/helmfile-child.yaml b/helmfile/apps/cryptpad/helmfile-child.yaml new file mode 100644 index 00000000..59118821 --- /dev/null +++ b/helmfile/apps/cryptpad/helmfile-child.yaml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # CryptPad + # Source: https://github.com/cryptpad/helm + - name: "cryptpad-repo" + keyring: "../../files/gpg-pubkeys/xwiki-com.gpg" + verify: {{ .Values.charts.cryptpad.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.cryptpad.registry }}/\ + {{ .Values.charts.cryptpad.repository }}" + +releases: + - name: "cryptpad" + chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}" + version: "{{ .Values.charts.cryptpad.version }}" + values: + - "values.yaml.gotmpl" + installed: {{ .Values.cryptpad.enabled }} + +commonLabels: + deploy-stage: "component-1" + component: "cryptpad" +... diff --git a/helmfile/apps/cryptpad/helmfile.yaml b/helmfile/apps/cryptpad/helmfile.yaml index c78e47a8..9b507b66 100644 --- a/helmfile/apps/cryptpad/helmfile.yaml +++ b/helmfile/apps/cryptpad/helmfile.yaml @@ -1,30 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # CryptPad - # Source: https://github.com/cryptpad/helm - - name: "cryptpad-repo" - keyring: "../../files/gpg-pubkeys/xwiki-com.gpg" - verify: {{ .Values.charts.cryptpad.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.cryptpad.registry }}/\ - {{ .Values.charts.cryptpad.repository }}" - -releases: - - name: "cryptpad" - chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}" - version: "{{ .Values.charts.cryptpad.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values.yaml.gotmpl" - installed: {{ .Values.cryptpad.enabled }} - -commonLabels: - deploy-stage: "component-1" - component: "cryptpad" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/element/helmfile-child.yaml b/helmfile/apps/element/helmfile-child.yaml new file mode 100644 index 00000000..18568fe0 --- /dev/null +++ b/helmfile/apps/element/helmfile-child.yaml @@ -0,0 +1,184 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # openDesk Element + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element + - name: "element-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.element.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.element.registry }}/\ + {{ .Values.charts.element.repository }}" + - name: "element-well-known-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.elementWellKnown.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/\ + {{ .Values.charts.elementWellKnown.repository }}" + - name: "synapse-web-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapseWeb.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/\ + {{ .Values.charts.synapseWeb.repository }}" + - name: "synapse-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapse.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/\ + {{ .Values.charts.synapse.repository }}" + - name: "synapse-create-account-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapseCreateAccount.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/\ + {{ .Values.charts.synapseCreateAccount.repository }}" + + # openDesk Matrix Widgets + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets + - name: "matrix-user-verification-service-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixUserVerificationService.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/\ + {{ .Values.charts.matrixUserVerificationService.repository }}" + - name: "matrix-neoboard-widget-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\ + {{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neochoice-widget-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\ + {{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neodatefix-widget-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeodatefixWidget.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/\ + {{ .Values.charts.matrixNeodatefixWidget.repository }}" + - name: "matrix-neodatefix-bot-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeodatefixBot.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/\ + {{ .Values.charts.matrixNeodatefixBot.repository }}" + + +releases: + - name: "opendesk-element" + chart: "element-repo/{{ .Values.charts.element.name }}" + version: "{{ .Values.charts.element.version }}" + values: + - "values-element.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "opendesk-well-known" + chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}" + version: "{{ .Values.charts.elementWellKnown.version }}" + values: + - "values-well-known.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "opendesk-synapse-web" + chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}" + version: "{{ .Values.charts.synapseWeb.version }}" + values: + - "values-synapse-web.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "opendesk-synapse" + chart: "synapse-repo/{{ .Values.charts.synapse.name }}" + version: "{{ .Values.charts.synapse.version }}" + values: + - "values-synapse.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "opendesk-matrix-user-verification-service-bootstrap" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" + values: + - "values-matrix-user-verification-service-bootstrap.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "opendesk-matrix-user-verification-service" + chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}" + version: "{{ .Values.charts.matrixUserVerificationService.version }}" + values: + - "values-matrix-user-verification-service.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "matrix-neoboard-widget" + chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}" + version: "{{ .Values.charts.matrixNeoboardWidget.version }}" + values: + - "values-matrix-neoboard-widget.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "matrix-neochoice-widget" + chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}" + version: "{{ .Values.charts.matrixNeochoiseWidget.version }}" + values: + - "values-matrix-neochoice-widget.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "matrix-neodatefix-widget" + chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}" + version: "{{ .Values.charts.matrixNeodatefixWidget.version }}" + values: + - "values-matrix-neodatefix-widget.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "matrix-neodatefix-bot-bootstrap" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" + values: + - "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + + - name: "matrix-neodatefix-bot" + chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}" + version: "{{ .Values.charts.matrixNeodatefixBot.version }}" + values: + - "values-matrix-neodatefix-bot.yaml.gotmpl" + installed: {{ .Values.element.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "component-1" + component: "element" +... diff --git a/helmfile/apps/element/helmfile.yaml b/helmfile/apps/element/helmfile.yaml index 7ab6c6ca..9b507b66 100644 --- a/helmfile/apps/element/helmfile.yaml +++ b/helmfile/apps/element/helmfile.yaml @@ -1,187 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # openDesk Element - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element - - name: "element-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.element.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.element.registry }}/\ - {{ .Values.charts.element.repository }}" - - name: "element-well-known-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.elementWellKnown.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/\ - {{ .Values.charts.elementWellKnown.repository }}" - - name: "synapse-web-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapseWeb.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/\ - {{ .Values.charts.synapseWeb.repository }}" - - name: "synapse-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapse.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/\ - {{ .Values.charts.synapse.repository }}" - - name: "synapse-create-account-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapseCreateAccount.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/\ - {{ .Values.charts.synapseCreateAccount.repository }}" - - # openDesk Matrix Widgets - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets - - name: "matrix-user-verification-service-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.matrixUserVerificationService.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/\ - {{ .Values.charts.matrixUserVerificationService.repository }}" - - name: "matrix-neoboard-widget-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.matrixNeoboardWidget.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\ - {{ .Values.charts.matrixNeoboardWidget.repository }}" - - name: "matrix-neochoice-widget-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.matrixNeoboardWidget.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\ - {{ .Values.charts.matrixNeoboardWidget.repository }}" - - name: "matrix-neodatefix-widget-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.matrixNeodatefixWidget.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/\ - {{ .Values.charts.matrixNeodatefixWidget.repository }}" - - name: "matrix-neodatefix-bot-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.matrixNeodatefixBot.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/\ - {{ .Values.charts.matrixNeodatefixBot.repository }}" - - -releases: - - name: "opendesk-element" - chart: "element-repo/{{ .Values.charts.element.name }}" - version: "{{ .Values.charts.element.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values-element.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "opendesk-well-known" - chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}" - version: "{{ .Values.charts.elementWellKnown.version }}" - values: - - "values-well-known.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "opendesk-synapse-web" - chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}" - version: "{{ .Values.charts.synapseWeb.version }}" - values: - - "values-synapse-web.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "opendesk-synapse" - chart: "synapse-repo/{{ .Values.charts.synapse.name }}" - version: "{{ .Values.charts.synapse.version }}" - values: - - "values-synapse.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "opendesk-matrix-user-verification-service-bootstrap" - chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" - version: "{{ .Values.charts.synapseCreateAccount.version }}" - values: - - "values-matrix-user-verification-service-bootstrap.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "opendesk-matrix-user-verification-service" - chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}" - version: "{{ .Values.charts.matrixUserVerificationService.version }}" - values: - - "values-matrix-user-verification-service.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "matrix-neoboard-widget" - chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}" - version: "{{ .Values.charts.matrixNeoboardWidget.version }}" - values: - - "values-matrix-neoboard-widget.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "matrix-neochoice-widget" - chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}" - version: "{{ .Values.charts.matrixNeochoiseWidget.version }}" - values: - - "values-matrix-neochoice-widget.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "matrix-neodatefix-widget" - chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}" - version: "{{ .Values.charts.matrixNeodatefixWidget.version }}" - values: - - "values-matrix-neodatefix-widget.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "matrix-neodatefix-bot-bootstrap" - chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" - version: "{{ .Values.charts.synapseCreateAccount.version }}" - values: - - "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - - - name: "matrix-neodatefix-bot" - chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}" - version: "{{ .Values.charts.matrixNeodatefixBot.version }}" - values: - - "values-matrix-neodatefix-bot.yaml.gotmpl" - installed: {{ .Values.element.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "component-1" - component: "element" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/intercom-service/helmfile-child.yaml b/helmfile/apps/intercom-service/helmfile-child.yaml new file mode 100644 index 00000000..725be5fa --- /dev/null +++ b/helmfile/apps/intercom-service/helmfile-child.yaml @@ -0,0 +1,27 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # Intercom Service + # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service + - name: "intercom-service-repo" + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.intercomService.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/\ + {{ .Values.charts.intercomService.repository }}" + +releases: + - name: "intercom-service" + chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}" + version: "{{ .Values.charts.intercomService.version }}" + values: + - "values.yaml.gotmpl" + installed: {{ .Values.intercom.enabled }} + +commonLabels: + deploy-stage: "component-1" + component: "intercom-service" +... diff --git a/helmfile/apps/intercom-service/helmfile.yaml b/helmfile/apps/intercom-service/helmfile.yaml index 4f451b66..9b507b66 100644 --- a/helmfile/apps/intercom-service/helmfile.yaml +++ b/helmfile/apps/intercom-service/helmfile.yaml @@ -1,30 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # Intercom Service - # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service - - name: "intercom-service-repo" - keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" - verify: {{ .Values.charts.intercomService.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/\ - {{ .Values.charts.intercomService.repository }}" - -releases: - - name: "intercom-service" - chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}" - version: "{{ .Values.charts.intercomService.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values.yaml.gotmpl" - installed: {{ .Values.intercom.enabled }} - -commonLabels: - deploy-stage: "component-1" - component: "intercom-service" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/jitsi/helmfile-child.yaml b/helmfile/apps/jitsi/helmfile-child.yaml new file mode 100644 index 00000000..7afa1c2e --- /dev/null +++ b/helmfile/apps/jitsi/helmfile-child.yaml @@ -0,0 +1,28 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # openDesk Jitsi + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-jitsi + - name: "jitsi-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.jitsi.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.jitsi.registry }}/\ + {{ .Values.charts.jitsi.repository }}" + +releases: + - name: "jitsi" + chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}" + version: "{{ .Values.charts.jitsi.version }}" + values: + - "values-jitsi.yaml.gotmpl" + installed: {{ .Values.jitsi.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "component-1" + component: "jitsi" +... diff --git a/helmfile/apps/jitsi/helmfile.yaml b/helmfile/apps/jitsi/helmfile.yaml index 64170370..9b507b66 100644 --- a/helmfile/apps/jitsi/helmfile.yaml +++ b/helmfile/apps/jitsi/helmfile.yaml @@ -1,31 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # openDesk Jitsi - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-jitsi - - name: "jitsi-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.jitsi.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.jitsi.registry }}/\ - {{ .Values.charts.jitsi.repository }}" - -releases: - - name: "jitsi" - chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}" - version: "{{ .Values.charts.jitsi.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values-jitsi.yaml.gotmpl" - installed: {{ .Values.jitsi.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "component-1" - component: "jitsi" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/nextcloud/helmfile-child.yaml b/helmfile/apps/nextcloud/helmfile-child.yaml new file mode 100644 index 00000000..7a63eba4 --- /dev/null +++ b/helmfile/apps/nextcloud/helmfile-child.yaml @@ -0,0 +1,46 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # Nextcloud + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-nextcloud + - name: "nextcloud-management-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.nextcloudManagement.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloudManagement.registry }}/\ + {{ .Values.charts.nextcloudManagement.repository }}" + - name: "nextcloud-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.nextcloud.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloud.registry }}/\ + {{ .Values.charts.nextcloud.repository }}" + +releases: + - name: "opendesk-nextcloud-management" + chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}" + version: "{{ .Values.charts.nextcloudManagement.version }}" + values: + - "values-nextcloud-mgmt.yaml.gotmpl" + waitForJobs: true + wait: true + installed: {{ .Values.nextcloud.enabled }} + timeout: 900 + - name: "opendesk-nextcloud" + chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}" + version: "{{ .Values.charts.nextcloud.version }}" + values: + - "values-nextcloud.yaml.gotmpl" + needs: + - "opendesk-nextcloud-management" + installed: {{ .Values.nextcloud.enabled }} + +commonLabels: + deploy-stage: "component-1" + component: "nextcloud" +... diff --git a/helmfile/apps/nextcloud/helmfile.yaml b/helmfile/apps/nextcloud/helmfile.yaml index 840ffeeb..9b507b66 100644 --- a/helmfile/apps/nextcloud/helmfile.yaml +++ b/helmfile/apps/nextcloud/helmfile.yaml @@ -1,49 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # Nextcloud - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-nextcloud - - name: "nextcloud-management-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.nextcloudManagement.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloudManagement.registry }}/\ - {{ .Values.charts.nextcloudManagement.repository }}" - - name: "nextcloud-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.nextcloud.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloud.registry }}/\ - {{ .Values.charts.nextcloud.repository }}" - -releases: - - name: "opendesk-nextcloud-management" - chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}" - version: "{{ .Values.charts.nextcloudManagement.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values-nextcloud-mgmt.yaml.gotmpl" - waitForJobs: true - wait: true - installed: {{ .Values.nextcloud.enabled }} - timeout: 900 - - name: "opendesk-nextcloud" - chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}" - version: "{{ .Values.charts.nextcloud.version }}" - values: - - "values-nextcloud.yaml.gotmpl" - needs: - - "opendesk-nextcloud-management" - installed: {{ .Values.nextcloud.enabled }} - -commonLabels: - deploy-stage: "component-1" - component: "nextcloud" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/open-xchange/helmfile-child.yaml b/helmfile/apps/open-xchange/helmfile-child.yaml new file mode 100644 index 00000000..8446692c --- /dev/null +++ b/helmfile/apps/open-xchange/helmfile-child.yaml @@ -0,0 +1,67 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # openDesk Dovecot + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dovecot + - name: "dovecot-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.dovecot.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/\ + {{ .Values.charts.dovecot.repository }}" + + # Open-Xchange + - name: "open-xchange-repo" + keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg" + verify: {{ .Values.charts.openXchangeAppSuite.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuite.registry }}/\ + {{ .Values.charts.openXchangeAppSuite.repository }}" + + # openDesk Open-Xchange Bootstrap + # Source: + # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap + - name: "open-xchange-bootstrap-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\ + {{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}" + +releases: + - name: "dovecot" + chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}" + version: "{{ .Values.charts.dovecot.version }}" + values: + - "values-dovecot.yaml.gotmpl" + installed: {{ .Values.dovecot.enabled }} + timeout: 900 + + - name: "open-xchange" + chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}" + version: "{{ .Values.charts.openXchangeAppSuite.version }}" + values: + - "values-openxchange.yaml.gotmpl" + - "values-openxchange-enterprise-contact-picker.yaml.gotmpl" + installed: {{ .Values.oxAppsuite.enabled }} + timeout: 900 + + - name: "opendesk-open-xchange-bootstrap" + chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}" + version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}" + values: + - "values-openxchange-bootstrap.yaml.gotmpl" + installed: {{ .Values.oxAppsuite.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "component-1" + component: "open-xchange" +... diff --git a/helmfile/apps/open-xchange/helmfile.yaml b/helmfile/apps/open-xchange/helmfile.yaml index 4ee573a1..9b507b66 100644 --- a/helmfile/apps/open-xchange/helmfile.yaml +++ b/helmfile/apps/open-xchange/helmfile.yaml @@ -1,70 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # openDesk Dovecot - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dovecot - - name: "dovecot-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.dovecot.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/\ - {{ .Values.charts.dovecot.repository }}" - - # Open-Xchange - - name: "open-xchange-repo" - keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg" - verify: {{ .Values.charts.openXchangeAppSuite.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuite.registry }}/\ - {{ .Values.charts.openXchangeAppSuite.repository }}" - - # openDesk Open-Xchange Bootstrap - # Source: - # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap - - name: "open-xchange-bootstrap-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\ - {{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}" - -releases: - - name: "dovecot" - chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}" - version: "{{ .Values.charts.dovecot.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values-dovecot.yaml.gotmpl" - installed: {{ .Values.dovecot.enabled }} - timeout: 900 - - - name: "open-xchange" - chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}" - version: "{{ .Values.charts.openXchangeAppSuite.version }}" - values: - - "values-openxchange.yaml.gotmpl" - - "values-openxchange-enterprise-contact-picker.yaml.gotmpl" - installed: {{ .Values.oxAppsuite.enabled }} - timeout: 900 - - - name: "opendesk-open-xchange-bootstrap" - chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}" - version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}" - values: - - "values-openxchange-bootstrap.yaml.gotmpl" - installed: {{ .Values.oxAppsuite.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "component-1" - component: "open-xchange" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index eaaacebb..b68d8317 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -98,8 +98,14 @@ appsuite: pageHeaderPrefix: "as8.souvap App Suite" oidcLogin: true oidcPath: "/oidc" - masterAdmin: "admin" - masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} + masterAdmin: "masteradmin" + masterPassword: {{ .Values.secrets.oxAppsuite.masterAdminPassword | quote }} + hzGroupName: "hzgroup" + hzGroupPassword: {{ .Values.secrets.oxAppsuite.hzGroupPassword | quote }} + basicAuthLogin: "oxlogin" + basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} + jolokiaLogin: "jolokia" + jolokiaPassword: {{ .Values.secrets.oxAppsuite.jolokiaPassword | quote }} hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" serviceAccount: create: true @@ -413,6 +419,10 @@ appsuite: enabled: false core-documentconverter: + adminUser: "admin" + adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} + basicAuthLogin: "oxlogin" + basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} enabled: true documentConverter: cache: @@ -486,6 +496,10 @@ appsuite: core-imageconverter: enabled: true + adminUser: "admin" + adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} + basicAuthLogin: "oxlogin" + basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeImageConverter.registry | quote }} repository: {{ .Values.images.openxchangeImageConverter.repository | quote }} diff --git a/helmfile/apps/openproject-bootstrap/helmfile-child.yaml b/helmfile/apps/openproject-bootstrap/helmfile-child.yaml new file mode 100644 index 00000000..32876bf0 --- /dev/null +++ b/helmfile/apps/openproject-bootstrap/helmfile-child.yaml @@ -0,0 +1,30 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # openDesk OpenProject Bootstrap + # Source: Set when repo is managed on Open CoDE + - name: "openproject-bootstrap-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.openprojectBootstrap.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.openprojectBootstrap.registry }}/\ + {{ .Values.charts.openprojectBootstrap.repository }}" + +releases: + - name: "opendesk-openproject-bootstrap" + chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}" + version: "{{ .Values.charts.openprojectBootstrap.version }}" + wait: true + waitForJobs: true + values: + - "values.yaml.gotmpl" + installed: {{ .Values.openproject.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "component-2" + component: "opendesk-openproject-bootstrap" +... diff --git a/helmfile/apps/openproject-bootstrap/helmfile.yaml b/helmfile/apps/openproject-bootstrap/helmfile.yaml index 3db3fd11..9b507b66 100644 --- a/helmfile/apps/openproject-bootstrap/helmfile.yaml +++ b/helmfile/apps/openproject-bootstrap/helmfile.yaml @@ -1,33 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # openDesk OpenProject Bootstrap - # Source: Set when repo is managed on Open CoDE - - name: "openproject-bootstrap-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.openprojectBootstrap.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.openprojectBootstrap.registry }}/\ - {{ .Values.charts.openprojectBootstrap.repository }}" - -releases: - - name: "opendesk-openproject-bootstrap" - chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}" - version: "{{ .Values.charts.openprojectBootstrap.version }}" - wait: true - waitForJobs: true +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values.yaml.gotmpl" - installed: {{ .Values.openproject.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "component-2" - component: "opendesk-openproject-bootstrap" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/openproject/helmfile-child.yaml b/helmfile/apps/openproject/helmfile-child.yaml new file mode 100644 index 00000000..7b2195b4 --- /dev/null +++ b/helmfile/apps/openproject/helmfile-child.yaml @@ -0,0 +1,30 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # OpenProject + # Source: https://github.com/opf/helm-charts + - name: "openproject-repo" + keyring: "../../files/gpg-pubkeys/openproject-com.gpg" + verify: {{ .Values.charts.openproject.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.openproject.registry }}/\ + {{ .Values.charts.openproject.repository }}" + +releases: + - name: "openproject" + chart: "openproject-repo/{{ .Values.charts.openproject.name }}" + version: "{{ .Values.charts.openproject.version }}" + wait: true + waitForJobs: true + values: + - "values.yaml.gotmpl" + installed: {{ .Values.openproject.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "component-1" + component: "openproject" +... diff --git a/helmfile/apps/openproject/helmfile.yaml b/helmfile/apps/openproject/helmfile.yaml index c3c3f079..9b507b66 100644 --- a/helmfile/apps/openproject/helmfile.yaml +++ b/helmfile/apps/openproject/helmfile.yaml @@ -1,33 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # OpenProject - # Source: https://github.com/opf/helm-charts - - name: "openproject-repo" - keyring: "../../files/gpg-pubkeys/openproject-com.gpg" - verify: {{ .Values.charts.openproject.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.openproject.registry }}/\ - {{ .Values.charts.openproject.repository }}" - -releases: - - name: "openproject" - chart: "openproject-repo/{{ .Values.charts.openproject.name }}" - version: "{{ .Values.charts.openproject.version }}" - wait: true - waitForJobs: true +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values.yaml.gotmpl" - installed: {{ .Values.openproject.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "component-1" - component: "openproject" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/provisioning/helmfile-child.yaml b/helmfile/apps/provisioning/helmfile-child.yaml new file mode 100644 index 00000000..e9b5fbbe --- /dev/null +++ b/helmfile/apps/provisioning/helmfile-child.yaml @@ -0,0 +1,24 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # OX Connector + - name: "ox-connector-repo" + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/\ + {{ .Values.charts.oxConnector.repository }}" + +releases: + - name: "ox-connector" + chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}" + version: "{{ .Values.charts.oxConnector.version }}" + values: + - "values-oxconnector.yaml.gotmpl" + installed: {{ .Values.oxConnector.enabled }} + +commonLabels: + deploy-stage: "component-2" + component: "provisioning" +... diff --git a/helmfile/apps/provisioning/helmfile.yaml b/helmfile/apps/provisioning/helmfile.yaml index 0832f837..9b507b66 100644 --- a/helmfile/apps/provisioning/helmfile.yaml +++ b/helmfile/apps/provisioning/helmfile.yaml @@ -1,27 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # OX Connector - - name: "ox-connector-repo" - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/\ - {{ .Values.charts.oxConnector.repository }}" - -releases: - - name: "ox-connector" - chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}" - version: "{{ .Values.charts.oxConnector.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values-oxconnector.yaml.gotmpl" - installed: {{ .Values.oxConnector.enabled }} - -commonLabels: - deploy-stage: "component-2" - component: "provisioning" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/services/helmfile-child.yaml b/helmfile/apps/services/helmfile-child.yaml new file mode 100644 index 00000000..c0a1a0d7 --- /dev/null +++ b/helmfile/apps/services/helmfile-child.yaml @@ -0,0 +1,208 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # openDesk Otterize + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-otterize + - name: "otterize-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.otterize.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.otterize.registry }}/\ + {{ .Values.charts.otterize.repository }}" + + # openDesk Home + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-home + - name: "home-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.home.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.home.registry }}/\ + {{ .Values.charts.home.repository }}" + + # openDesk Certificates + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-certificates + - name: "certificates-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.certificates.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.certificates.registry }}/\ + {{ .Values.charts.certificates.repository }}" + + # openDesk PostgreSQL + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postgresql + - name: "postgresql-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.postgresql.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.postgresql.registry }}/\ + {{ .Values.charts.postgresql.repository }}" + + # openDesk MariaDB + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-mariadb + - name: "mariadb-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.mariadb.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.mariadb.registry }}/\ + {{ .Values.charts.mariadb.repository }}" + + # openDesk Postfix + # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix + - name: "postfix-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.postfix.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/\ + {{ .Values.charts.postfix.repository }}" + + # openDesk ClamAV + # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-clamav + - name: "clamav-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.clamav.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.clamav.registry }}/\ + {{ .Values.charts.clamav.repository }}" + - name: "clamav-simple-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.clamavSimple.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/\ + {{ .Values.charts.clamavSimple.repository }}" + + # VMWare Bitnami + # Source: https://github.com/bitnami/charts/ + - name: "memcached-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.memcached.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.memcached.registry }}/\ + {{ .Values.charts.memcached.repository }}" + - name: "redis-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.redis.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.redis.registry }}/\ + {{ .Values.charts.redis.repository }}" + - name: "minio-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.minio.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.minio.registry }}/\ + {{ .Values.charts.minio.repository }}" + +releases: + - name: "opendesk-otterize" + chart: "otterize-repo/{{ .Values.charts.otterize.name }}" + version: "{{ .Values.charts.otterize.version }}" + values: + - "values-otterize.yaml.gotmpl" + installed: {{ .Values.security.otterizeIntents.enabled }} + timeout: 900 + + - name: "opendesk-home" + chart: "home-repo/{{ .Values.charts.home.name }}" + version: "{{ .Values.charts.home.version }}" + values: + - "values-home.yaml.gotmpl" + installed: {{ .Values.home.enabled }} + + - name: "opendesk-certificates" + chart: "certificates-repo/{{ .Values.charts.certificates.name }}" + version: "{{ .Values.charts.certificates.version }}" + values: + - "values-certificates.yaml.gotmpl" + installed: {{ .Values.certificates.enabled }} + timeout: 900 + + - name: "redis" + chart: "redis-repo/{{ .Values.charts.redis.name }}" + version: "{{ .Values.charts.redis.version }}" + values: + - "values-redis.yaml.gotmpl" + installed: {{ .Values.redis.enabled }} + timeout: 900 + + - name: "memcached" + chart: "memcached-repo/{{ .Values.charts.memcached.name }}" + version: "{{ .Values.charts.memcached.version }}" + values: + - "values-memcached.yaml.gotmpl" + installed: {{ .Values.memcached.enabled }} + timeout: 900 + + - name: "postgresql" + chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}" + version: "{{ .Values.charts.postgresql.version }}" + values: + - "values-postgresql.yaml.gotmpl" + installed: {{ .Values.postgresql.enabled }} + timeout: 900 + + - name: "mariadb" + chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}" + version: "{{ .Values.charts.mariadb.version }}" + values: + - "values-mariadb.yaml.gotmpl" + installed: {{ .Values.mariadb.enabled }} + timeout: 900 + + - name: "postfix" + chart: "postfix-repo/{{ .Values.charts.postfix.name }}" + version: "{{ .Values.charts.postfix.version }}" + values: + - "values-postfix.yaml.gotmpl" + installed: {{ .Values.postfix.enabled }} + timeout: 900 + + - name: "clamav" + chart: "clamav-repo/{{ .Values.charts.clamav.name }}" + version: "{{ .Values.charts.clamav.version }}" + values: + - "values-clamav-distributed.yaml.gotmpl" + installed: {{ .Values.clamavDistributed.enabled }} + timeout: 900 + + - name: "clamav-simple" + chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}" + version: "{{ .Values.charts.clamavSimple.version }}" + values: + - "values-clamav-simple.yaml.gotmpl" + installed: {{ .Values.clamavSimple.enabled }} + timeout: 900 + + - name: "minio" + chart: "minio-repo/{{ .Values.charts.minio.name }}" + version: "{{ .Values.charts.minio.version }}" + values: + - "values-minio.yaml.gotmpl" + installed: {{ .Values.minio.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "services" + component: "services" +... diff --git a/helmfile/apps/services/helmfile.yaml b/helmfile/apps/services/helmfile.yaml index 10d68e4b..9b507b66 100644 --- a/helmfile/apps/services/helmfile.yaml +++ b/helmfile/apps/services/helmfile.yaml @@ -5,208 +5,8 @@ bases: - "../../bases/environments.yaml" --- -repositories: - # openDesk Otterize - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-otterize - - name: "otterize-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.otterize.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.otterize.registry }}/\ - {{ .Values.charts.otterize.repository }}" - - # openDesk Home - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-home - - name: "home-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.home.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.home.registry }}/\ - {{ .Values.charts.home.repository }}" - - # openDesk Certificates - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-certificates - - name: "certificates-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.certificates.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.certificates.registry }}/\ - {{ .Values.charts.certificates.repository }}" - - # openDesk PostgreSQL - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postgresql - - name: "postgresql-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.postgresql.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.postgresql.registry }}/\ - {{ .Values.charts.postgresql.repository }}" - - # openDesk MariaDB - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-mariadb - - name: "mariadb-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.mariadb.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.mariadb.registry }}/\ - {{ .Values.charts.mariadb.repository }}" - - # openDesk Postfix - # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix - - name: "postfix-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.postfix.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/\ - {{ .Values.charts.postfix.repository }}" - - # openDesk ClamAV - # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-clamav - - name: "clamav-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.clamav.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.clamav.registry }}/\ - {{ .Values.charts.clamav.repository }}" - - name: "clamav-simple-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.clamavSimple.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/\ - {{ .Values.charts.clamavSimple.repository }}" - - # VMWare Bitnami - # Source: https://github.com/bitnami/charts/ - - name: "memcached-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.memcached.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.memcached.registry }}/\ - {{ .Values.charts.memcached.repository }}" - - name: "redis-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.redis.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.redis.registry }}/\ - {{ .Values.charts.redis.repository }}" - - name: "minio-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.minio.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.minio.registry }}/\ - {{ .Values.charts.minio.repository }}" - -releases: - - name: "opendesk-otterize" - chart: "otterize-repo/{{ .Values.charts.otterize.name }}" - version: "{{ .Values.charts.otterize.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values-otterize.yaml.gotmpl" - installed: {{ .Values.security.otterizeIntents.enabled }} - timeout: 900 - - - name: "opendesk-home" - chart: "home-repo/{{ .Values.charts.home.name }}" - version: "{{ .Values.charts.home.version }}" - values: - - "values-home.yaml.gotmpl" - installed: {{ .Values.home.enabled }} - - - name: "opendesk-certificates" - chart: "certificates-repo/{{ .Values.charts.certificates.name }}" - version: "{{ .Values.charts.certificates.version }}" - values: - - "values-certificates.yaml.gotmpl" - installed: {{ .Values.certificates.enabled }} - timeout: 900 - - - name: "redis" - chart: "redis-repo/{{ .Values.charts.redis.name }}" - version: "{{ .Values.charts.redis.version }}" - values: - - "values-redis.yaml.gotmpl" - installed: {{ .Values.redis.enabled }} - timeout: 900 - - - name: "memcached" - chart: "memcached-repo/{{ .Values.charts.memcached.name }}" - version: "{{ .Values.charts.memcached.version }}" - values: - - "values-memcached.yaml.gotmpl" - installed: {{ .Values.memcached.enabled }} - timeout: 900 - - - name: "postgresql" - chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}" - version: "{{ .Values.charts.postgresql.version }}" - values: - - "values-postgresql.yaml.gotmpl" - installed: {{ .Values.postgresql.enabled }} - timeout: 900 - - - name: "mariadb" - chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}" - version: "{{ .Values.charts.mariadb.version }}" - values: - - "values-mariadb.yaml.gotmpl" - installed: {{ .Values.mariadb.enabled }} - timeout: 900 - - - name: "postfix" - chart: "postfix-repo/{{ .Values.charts.postfix.name }}" - version: "{{ .Values.charts.postfix.version }}" - values: - - "values-postfix.yaml.gotmpl" - installed: {{ .Values.postfix.enabled }} - timeout: 900 - - - name: "clamav" - chart: "clamav-repo/{{ .Values.charts.clamav.name }}" - version: "{{ .Values.charts.clamav.version }}" - values: - - "values-clamav-distributed.yaml.gotmpl" - installed: {{ .Values.clamavDistributed.enabled }} - timeout: 900 - - - name: "clamav-simple" - chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}" - version: "{{ .Values.charts.clamavSimple.version }}" - values: - - "values-clamav-simple.yaml.gotmpl" - installed: {{ .Values.clamavSimple.enabled }} - timeout: 900 - - - name: "minio" - chart: "minio-repo/{{ .Values.charts.minio.name }}" - version: "{{ .Values.charts.minio.version }}" - values: - - "values-minio.yaml.gotmpl" - installed: {{ .Values.minio.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "services" - component: "services" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/univention-management-stack/helmfile-child.yaml b/helmfile/apps/univention-management-stack/helmfile-child.yaml new file mode 100644 index 00000000..8c6d1859 --- /dev/null +++ b/helmfile/apps/univention-management-stack/helmfile-child.yaml @@ -0,0 +1,48 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # Univention Management Stack Umbrella Chart + - name: "ums" + keyring: "../../files/gpg-pubkeys/univention-de.gpg" + verify: {{ .Values.charts.ums.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: + "{{ .Values.global.helmRegistry | default .Values.charts.ums.registry }}/\ + {{ .Values.charts.ums.repository }}" + # OpenDesk Keycloak Bootstrap Chart + - name: "opendesk-keycloak-bootstrap-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.opendeskKeycloakBootstrap.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskKeycloakBootstrap.registry }}/\ + {{ .Values.charts.opendeskKeycloakBootstrap.repository }}" + +releases: + # Univention Management Stack Umbrella Chart + - name: "ums" + chart: "ums/{{ .Values.charts.ums.name }}" + version: "{{ .Values.charts.ums.version }}" + values: + - "values-umbrella.yaml.gotmpl" + installed: {{ .Values.univentionManagementStack.enabled }} + timeout: 900 + # OpenDesk Keycloak Bootstrap Chart + - name: "opendesk-keycloak-bootstrap" + chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.opendeskKeycloakBootstrap.name }}" + version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}" + values: + - "values-opendesk-keycloak-bootstrap.yaml.gotmpl" + needs: + - "ums" + installed: {{ .Values.univentionManagementStack.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "component-1" + component: "univention-management-stack" +... diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/univention-management-stack/helmfile.yaml index 9f20039a..9b507b66 100644 --- a/helmfile/apps/univention-management-stack/helmfile.yaml +++ b/helmfile/apps/univention-management-stack/helmfile.yaml @@ -1,51 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # Univention Management Stack Umbrella Chart - - name: "ums" - keyring: "../../files/gpg-pubkeys/univention-de.gpg" - verify: {{ .Values.charts.ums.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: - "{{ .Values.global.helmRegistry | default .Values.charts.ums.registry }}/\ - {{ .Values.charts.ums.repository }}" - # OpenDesk Keycloak Bootstrap Chart - - name: "opendesk-keycloak-bootstrap-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.opendeskKeycloakBootstrap.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskKeycloakBootstrap.registry }}/\ - {{ .Values.charts.opendeskKeycloakBootstrap.repository }}" - -releases: - # Univention Management Stack Umbrella Chart - - name: "ums" - chart: "ums/{{ .Values.charts.ums.name }}" - version: "{{ .Values.charts.ums.version }}" +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values-umbrella.yaml.gotmpl" - installed: {{ .Values.univentionManagementStack.enabled }} - timeout: 900 - # OpenDesk Keycloak Bootstrap Chart - - name: "opendesk-keycloak-bootstrap" - chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.opendeskKeycloakBootstrap.name }}" - version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}" - values: - - "values-opendesk-keycloak-bootstrap.yaml.gotmpl" - needs: - - "ums" - installed: {{ .Values.univentionManagementStack.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "component-1" - component: "univention-management-stack" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/apps/xwiki/helmfile-child.yaml b/helmfile/apps/xwiki/helmfile-child.yaml new file mode 100644 index 00000000..dc02bd5e --- /dev/null +++ b/helmfile/apps/xwiki/helmfile-child.yaml @@ -0,0 +1,29 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # XWiki + # Source: https://github.com/xwiki-contrib/xwiki-helm + - name: "xwiki-repo" + keyring: "../../files/gpg-pubkeys/xwiki-com.gpg" + verify: {{ .Values.charts.xwiki.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.xwiki.registry }}/\ + {{ .Values.charts.xwiki.repository }}" + +releases: + - name: "xwiki" + chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}" + version: "{{ .Values.charts.xwiki.version }}" + wait: true + values: + - "values.yaml.gotmpl" + installed: {{ .Values.xwiki.enabled }} + timeout: 900 + +commonLabels: + deploy-stage: "component-1" + component: "xwiki" +... diff --git a/helmfile/apps/xwiki/helmfile.yaml b/helmfile/apps/xwiki/helmfile.yaml index 760f2cc6..9b507b66 100644 --- a/helmfile/apps/xwiki/helmfile.yaml +++ b/helmfile/apps/xwiki/helmfile.yaml @@ -1,32 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- bases: - "../../bases/environments.yaml" --- -repositories: - # XWiki - # Source: https://github.com/xwiki-contrib/xwiki-helm - - name: "xwiki-repo" - keyring: "../../files/gpg-pubkeys/xwiki-com.gpg" - verify: {{ .Values.charts.xwiki.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.xwiki.registry }}/\ - {{ .Values.charts.xwiki.repository }}" - -releases: - - name: "xwiki" - chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}" - version: "{{ .Values.charts.xwiki.version }}" - wait: true +helmfiles: + - path: "./helmfile-child.yaml" values: - - "values.yaml.gotmpl" - installed: {{ .Values.xwiki.enabled }} - timeout: 900 - -commonLabels: - deploy-stage: "component-1" - component: "xwiki" + - {{ toYaml .Values | nindent 8 }} ... diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 2ee57a3b..c0f17b38 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -7,11 +7,15 @@ SPDX-License-Identifier: Apache-2.0 secrets: oxAppsuite: adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }} + masterAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "master_admin_password" | sha1sum | quote }} cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }} sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }} shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }} oxguardMC: {{ printf "MC%s" (randAlphaNum 20 | b64enc) | quote }} oxguardRC: {{ printf "RC%s" (randAlphaNum 20 | b64enc) | quote }} + hzGroupPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "hz_group_password" | sha1sum | quote }} + basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }} + jolokiaPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "jolokia_password" | sha1sum | quote }} univentionManagementStack: ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }} ldapSearch: @@ -46,7 +50,6 @@ secrets: udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }} nats: natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }} - postgresql: postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }} keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }} diff --git a/helmfile_generic.yaml b/helmfile_generic.yaml new file mode 100644 index 00000000..03a6b580 --- /dev/null +++ b/helmfile_generic.yaml @@ -0,0 +1,39 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +# +# Advanced Configuration: Nested States +# +helmfiles: + # Path to the helmfile state file being processed BEFORE releases in this state file + - path: "helmfile/apps/services/helmfile-child.yaml" + values: &values + - "helmfile/environments/default/*.yaml" + - "helmfile/environments/default/*.gotmpl" + - {{ toYaml .Values | nindent 8 }} + - path: "helmfile/apps/univention-management-stack/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/intercom-service/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/open-xchange/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/nextcloud/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/collabora/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/cryptpad/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/jitsi/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/element/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/openproject/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/xwiki/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/provisioning/helmfile-child.yaml" + values: *values + - path: "helmfile/apps/openproject-bootstrap/helmfile-child.yaml" + values: *values +missingFileHandler: "Error" +...