sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(helmfile): Create child helmfile for GitOps approach.

Browse Source
This commit is contained in:
Gergely Szabo
2024-05-23 11:23:54 +02:00
committed by Thorsten Roßner
parent bd2d7cf748
commit a899699e21
33 changed files with 930 additions and 756 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -11,3 +11,6 @@ helmfile/environments/prod/values.yaml.gotmpl
# Ignore in CI generated files # Ignore in CI generated files
.kyverno/opendesk.yaml .kyverno/opendesk.yaml
.kyverno/kyverno-test.yaml .kyverno/kyverno-test.yaml
# Ignore editor backup files
*~

20
docs/development.md
View File

@@ -27,19 +27,29 @@ the development of the deployment automation of openDesk.
```mermaid ```mermaid
flowchart TD flowchart TD
A[./helmfile.yaml]-->B[./helmfile/apps/*all_configured_apps*/helmfile.yaml\nReferences the relevant app Helm\ncharts using details from 'charts.yaml'] J[helmfile.yaml\nor a helmfile outside of this repository]-->A
J-->K[./helmfile/environemnts/*your_environment*/values.yaml.gotmpl\nor any an environment values file]
A[./helmfile_generic.yaml]-->B[./helmfile/apps/*all_configured_apps*/helmfile.yaml\nReferences the relevant app Helm\ncharts using details from 'charts.yaml']
B-->C[./values-*all_configured_components*.yaml.gotmpl\nValues to template the charts\nwith references to the `images.yaml`] B-->C[./values-*all_configured_components*.yaml.gotmpl\nValues to template the charts\nwith references to the `images.yaml`]
A-->D[./helmfile/environments/default/*\nwith just some examples below] A-->D[./helmfile/environments/default/*\nwith just some examples below]
D-->F[charts.yaml] D-->F[charts.yaml]
D-->G[images.yaml] D-->G[images.yaml]
D-->H[global.*] D-->H[global.*]
D-->I[secrets.yaml\nreplicas.yaml\nresources.yaml\n...] D-->I[secrets.yaml\nreplicas.yaml\nresources.yaml\n...]
A-->|overwrite defaults with your\ndeployment/environment specific values|E[./helmfile/environments/*your_environment*/values.yaml.gotmpl] A-->|overwrite defaults with your\ndeployment/environment specific values|E[./helmfile/environments/default/values.yaml.gotmpl]
``` ```
The `helmfile.yaml` in the root folder is the basis for the whole deployment. It references the app specific `helmfile.yaml` files as well as some The `helmfile.yaml` file in the root folder serves as the foundation
global values files in `./environments/default`. It allows you to overwrite defaults by using one of the three predefined environments `dev`, `test` for the entire deployment. It references the `helmfile_generic.yaml`
and `prod`. file, which includes app-specific `helmfile.yaml` files, as well as
global values files located in `./environments/default`.
`helmfile.yaml` also refers to three predefined environments: `dev`,
`test`, and `prod`.
The `helmfile_generic.yaml` file is designed to be referenced from
external repositories, where custom environments may be defined. An
example is demonstrated in the `helmfile.yaml` file.
Before you look into any app specific configuration it is recommended to review the contents of `./environments/default` to get an understanding of what Before you look into any app specific configuration it is recommended to review the contents of `./environments/default` to get an understanding of what
details are maintained in there, as they are usually referenced by the app configurations. details are maintained in there, as they are usually referenced by the app configurations.

12
docs/getting-started.md
View File

@@ -369,6 +369,18 @@ section provide you with the desired information to login with the two default u
| `default.user` | `40615..............................e9e2f` | Application user | | `default.user` | `40615..............................e9e2f` | Application user |
| `default.admin` | `17027..............................04db6` | Administrator | | `default.admin` | `17027..............................04db6` | Administrator |
## Using from external repository
It is possible to refer to `./helmfile_generic.yaml` from an external
directory or repository. The `helmfile.yaml` that refers to
`./helmfile_generic.yaml` may define custom environments. These custom
environments may overwrite certain configuration values. These
configuration values are:
* `global.domain`
* `global.helmRegistry`
* `global.master_password`
# Uninstall # Uninstall
You can uninstall the deployment by: You can uninstall the deployment by:

53
helmfile.yaml
View File

@@ -1,52 +1,29 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
#
# Advanced Configuration: Nested States
#
helmfiles:
# Path to the helmfile state file being processed BEFORE releases in this state file
- path: "helmfile/apps/services/helmfile.yaml"
- path: "helmfile/apps/univention-management-stack/helmfile.yaml"
- path: "helmfile/apps/intercom-service/helmfile.yaml"
- path: "helmfile/apps/open-xchange/helmfile.yaml"
- path: "helmfile/apps/nextcloud/helmfile.yaml"
- path: "helmfile/apps/collabora/helmfile.yaml"
- path: "helmfile/apps/cryptpad/helmfile.yaml"
- path: "helmfile/apps/jitsi/helmfile.yaml"
- path: "helmfile/apps/element/helmfile.yaml"
- path: "helmfile/apps/openproject/helmfile.yaml"
- path: "helmfile/apps/xwiki/helmfile.yaml"
- path: "helmfile/apps/provisioning/helmfile.yaml"
- path: "helmfile/apps/openproject-bootstrap/helmfile.yaml"
missingFileHandler: "Error"
# Environment is defined here and in helmfile/bases/environments.yaml
# This is a temporary solution to solve issue with different (relative) paths required when
# - Installing all releases from root via helmfile apply
# - Installing a single release from root via helmfile apply -f helmfile/apps/<app>/helmfile.yaml
# - Installing a single release from app directory via helmfile apply
# Issue: https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues/2
environments: environments:
default:
values:
- "helmfile/environments/default/*.gotmpl"
- "helmfile/environments/default/*.yaml"
dev: dev:
values: values:
- "helmfile/environments/default/*.gotmpl"
- "helmfile/environments/default/*.yaml"
- "helmfile/environments/dev/values.yaml.gotmpl" - "helmfile/environments/dev/values.yaml.gotmpl"
test: test:
values: values:
- "helmfile/environments/default/*.gotmpl"
- "helmfile/environments/default/*.yaml"
- "helmfile/environments/test/values.yaml.gotmpl" - "helmfile/environments/test/values.yaml.gotmpl"
prod: prod:
values: values:
- "helmfile/environments/default/*.gotmpl"
- "helmfile/environments/default/*.yaml"
- "helmfile/environments/prod/values.yaml.gotmpl" - "helmfile/environments/prod/values.yaml.gotmpl"
---
# yamllint disable
helmfiles:
- path: "./helmfile_generic.yaml"
values:
- {{ toYaml .Values | nindent 8 }}
# {{/*
#
# Use this format from a remote repository
#
# - path: "git::https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git@helmfile_generic.yaml?ref=v0.7.1"
# values:
# - {{ toYaml .Values | nindent 8 }}
# */}}
... ...

27
helmfile/apps/collabora/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,27 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# Collabora Online
# Source: https://github.com/CollaboraOnline/online
- name: "collabora-online-repo"
keyring: "../../files/gpg-pubkeys/collaboraoffice-com.gpg"
verify: {{ .Values.charts.collabora.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.collabora.registry }}/\
{{ .Values.charts.collabora.repository }}"
releases:
- name: "collabora-online"
chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}"
version: "{{ .Values.charts.collabora.version }}"
values:
- "values.yaml.gotmpl"
installed: {{ .Values.collabora.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "collabora"
...

26
helmfile/apps/collabora/helmfile.yaml
View File

@@ -1,30 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# Collabora Online - path: "./helmfile-child.yaml"
# Source: https://github.com/CollaboraOnline/online
- name: "collabora-online-repo"
keyring: "../../files/gpg-pubkeys/collaboraoffice-com.gpg"
verify: {{ .Values.charts.collabora.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.collabora.registry }}/\
{{ .Values.charts.collabora.repository }}"
releases:
- name: "collabora-online"
chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}"
version: "{{ .Values.charts.collabora.version }}"
values: values:
- "values.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.collabora.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "collabora"
... ...

27
helmfile/apps/cryptpad/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,27 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# CryptPad
# Source: https://github.com/cryptpad/helm
- name: "cryptpad-repo"
keyring: "../../files/gpg-pubkeys/xwiki-com.gpg"
verify: {{ .Values.charts.cryptpad.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.cryptpad.registry }}/\
{{ .Values.charts.cryptpad.repository }}"
releases:
- name: "cryptpad"
chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}"
version: "{{ .Values.charts.cryptpad.version }}"
values:
- "values.yaml.gotmpl"
installed: {{ .Values.cryptpad.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "cryptpad"
...

26
helmfile/apps/cryptpad/helmfile.yaml
View File

@@ -1,30 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# CryptPad - path: "./helmfile-child.yaml"
# Source: https://github.com/cryptpad/helm
- name: "cryptpad-repo"
keyring: "../../files/gpg-pubkeys/xwiki-com.gpg"
verify: {{ .Values.charts.cryptpad.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.cryptpad.registry }}/\
{{ .Values.charts.cryptpad.repository }}"
releases:
- name: "cryptpad"
chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}"
version: "{{ .Values.charts.cryptpad.version }}"
values: values:
- "values.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.cryptpad.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "cryptpad"
... ...

184
helmfile/apps/element/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,184 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# openDesk Element
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element
- name: "element-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.element.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.element.registry }}/\
{{ .Values.charts.element.repository }}"
- name: "element-well-known-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.elementWellKnown.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/\
{{ .Values.charts.elementWellKnown.repository }}"
- name: "synapse-web-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.synapseWeb.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/\
{{ .Values.charts.synapseWeb.repository }}"
- name: "synapse-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.synapse.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/\
{{ .Values.charts.synapse.repository }}"
- name: "synapse-create-account-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.synapseCreateAccount.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/\
{{ .Values.charts.synapseCreateAccount.repository }}"
# openDesk Matrix Widgets
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets
- name: "matrix-user-verification-service-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixUserVerificationService.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/\
{{ .Values.charts.matrixUserVerificationService.repository }}"
- name: "matrix-neoboard-widget-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\
{{ .Values.charts.matrixNeoboardWidget.repository }}"
- name: "matrix-neochoice-widget-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\
{{ .Values.charts.matrixNeoboardWidget.repository }}"
- name: "matrix-neodatefix-widget-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/\
{{ .Values.charts.matrixNeodatefixWidget.repository }}"
- name: "matrix-neodatefix-bot-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/\
{{ .Values.charts.matrixNeodatefixBot.repository }}"
releases:
- name: "opendesk-element"
chart: "element-repo/{{ .Values.charts.element.name }}"
version: "{{ .Values.charts.element.version }}"
values:
- "values-element.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-well-known"
chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}"
version: "{{ .Values.charts.elementWellKnown.version }}"
values:
- "values-well-known.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-synapse-web"
chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}"
version: "{{ .Values.charts.synapseWeb.version }}"
values:
- "values-synapse-web.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-synapse"
chart: "synapse-repo/{{ .Values.charts.synapse.name }}"
version: "{{ .Values.charts.synapse.version }}"
values:
- "values-synapse.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-matrix-user-verification-service-bootstrap"
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
- "values-matrix-user-verification-service-bootstrap.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-matrix-user-verification-service"
chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}"
version: "{{ .Values.charts.matrixUserVerificationService.version }}"
values:
- "values-matrix-user-verification-service.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neoboard-widget"
chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}"
version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
values:
- "values-matrix-neoboard-widget.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neochoice-widget"
chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}"
version: "{{ .Values.charts.matrixNeochoiseWidget.version }}"
values:
- "values-matrix-neochoice-widget.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-widget"
chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}"
version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
values:
- "values-matrix-neodatefix-widget.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-bot-bootstrap"
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
- "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-bot"
chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}"
version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
values:
- "values-matrix-neodatefix-bot.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "element"
...

183
helmfile/apps/element/helmfile.yaml
View File

@@ -1,187 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# openDesk Element - path: "./helmfile-child.yaml"
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element
- name: "element-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.element.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.element.registry }}/\
{{ .Values.charts.element.repository }}"
- name: "element-well-known-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.elementWellKnown.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/\
{{ .Values.charts.elementWellKnown.repository }}"
- name: "synapse-web-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.synapseWeb.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/\
{{ .Values.charts.synapseWeb.repository }}"
- name: "synapse-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.synapse.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/\
{{ .Values.charts.synapse.repository }}"
- name: "synapse-create-account-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.synapseCreateAccount.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/\
{{ .Values.charts.synapseCreateAccount.repository }}"
# openDesk Matrix Widgets
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets
- name: "matrix-user-verification-service-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixUserVerificationService.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/\
{{ .Values.charts.matrixUserVerificationService.repository }}"
- name: "matrix-neoboard-widget-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\
{{ .Values.charts.matrixNeoboardWidget.repository }}"
- name: "matrix-neochoice-widget-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\
{{ .Values.charts.matrixNeoboardWidget.repository }}"
- name: "matrix-neodatefix-widget-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/\
{{ .Values.charts.matrixNeodatefixWidget.repository }}"
- name: "matrix-neodatefix-bot-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/\
{{ .Values.charts.matrixNeodatefixBot.repository }}"
releases:
- name: "opendesk-element"
chart: "element-repo/{{ .Values.charts.element.name }}"
version: "{{ .Values.charts.element.version }}"
values: values:
- "values-element.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-well-known"
chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}"
version: "{{ .Values.charts.elementWellKnown.version }}"
values:
- "values-well-known.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-synapse-web"
chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}"
version: "{{ .Values.charts.synapseWeb.version }}"
values:
- "values-synapse-web.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-synapse"
chart: "synapse-repo/{{ .Values.charts.synapse.name }}"
version: "{{ .Values.charts.synapse.version }}"
values:
- "values-synapse.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-matrix-user-verification-service-bootstrap"
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
- "values-matrix-user-verification-service-bootstrap.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-matrix-user-verification-service"
chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}"
version: "{{ .Values.charts.matrixUserVerificationService.version }}"
values:
- "values-matrix-user-verification-service.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neoboard-widget"
chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}"
version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
values:
- "values-matrix-neoboard-widget.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neochoice-widget"
chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}"
version: "{{ .Values.charts.matrixNeochoiseWidget.version }}"
values:
- "values-matrix-neochoice-widget.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-widget"
chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}"
version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
values:
- "values-matrix-neodatefix-widget.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-bot-bootstrap"
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}"
values:
- "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-bot"
chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}"
version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
values:
- "values-matrix-neodatefix-bot.yaml.gotmpl"
installed: {{ .Values.element.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "element"
... ...

27
helmfile/apps/intercom-service/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,27 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# Intercom Service
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
- name: "intercom-service-repo"
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
verify: {{ .Values.charts.intercomService.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/\
{{ .Values.charts.intercomService.repository }}"
releases:
- name: "intercom-service"
chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}"
version: "{{ .Values.charts.intercomService.version }}"
values:
- "values.yaml.gotmpl"
installed: {{ .Values.intercom.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "intercom-service"
...

26
helmfile/apps/intercom-service/helmfile.yaml
View File

@@ -1,30 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# Intercom Service - path: "./helmfile-child.yaml"
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
- name: "intercom-service-repo"
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
verify: {{ .Values.charts.intercomService.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/\
{{ .Values.charts.intercomService.repository }}"
releases:
- name: "intercom-service"
chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}"
version: "{{ .Values.charts.intercomService.version }}"
values: values:
- "values.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.intercom.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "intercom-service"
... ...

28
helmfile/apps/jitsi/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,28 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# openDesk Jitsi
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-jitsi
- name: "jitsi-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.jitsi.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.jitsi.registry }}/\
{{ .Values.charts.jitsi.repository }}"
releases:
- name: "jitsi"
chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}"
version: "{{ .Values.charts.jitsi.version }}"
values:
- "values-jitsi.yaml.gotmpl"
installed: {{ .Values.jitsi.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "jitsi"
...

27
helmfile/apps/jitsi/helmfile.yaml
View File

@@ -1,31 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# openDesk Jitsi - path: "./helmfile-child.yaml"
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-jitsi
- name: "jitsi-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.jitsi.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.jitsi.registry }}/\
{{ .Values.charts.jitsi.repository }}"
releases:
- name: "jitsi"
chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}"
version: "{{ .Values.charts.jitsi.version }}"
values: values:
- "values-jitsi.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.jitsi.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "jitsi"
... ...

46
helmfile/apps/nextcloud/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,46 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# Nextcloud
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-nextcloud
- name: "nextcloud-management-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.nextcloudManagement.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloudManagement.registry }}/\
{{ .Values.charts.nextcloudManagement.repository }}"
- name: "nextcloud-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.nextcloud.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloud.registry }}/\
{{ .Values.charts.nextcloud.repository }}"
releases:
- name: "opendesk-nextcloud-management"
chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}"
version: "{{ .Values.charts.nextcloudManagement.version }}"
values:
- "values-nextcloud-mgmt.yaml.gotmpl"
waitForJobs: true
wait: true
installed: {{ .Values.nextcloud.enabled }}
timeout: 900
- name: "opendesk-nextcloud"
chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}"
version: "{{ .Values.charts.nextcloud.version }}"
values:
- "values-nextcloud.yaml.gotmpl"
needs:
- "opendesk-nextcloud-management"
installed: {{ .Values.nextcloud.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "nextcloud"
...

45
helmfile/apps/nextcloud/helmfile.yaml
View File

@@ -1,49 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# Nextcloud - path: "./helmfile-child.yaml"
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-nextcloud
- name: "nextcloud-management-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.nextcloudManagement.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloudManagement.registry }}/\
{{ .Values.charts.nextcloudManagement.repository }}"
- name: "nextcloud-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.nextcloud.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloud.registry }}/\
{{ .Values.charts.nextcloud.repository }}"
releases:
- name: "opendesk-nextcloud-management"
chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}"
version: "{{ .Values.charts.nextcloudManagement.version }}"
values: values:
- "values-nextcloud-mgmt.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
waitForJobs: true
wait: true
installed: {{ .Values.nextcloud.enabled }}
timeout: 900
- name: "opendesk-nextcloud"
chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}"
version: "{{ .Values.charts.nextcloud.version }}"
values:
- "values-nextcloud.yaml.gotmpl"
needs:
- "opendesk-nextcloud-management"
installed: {{ .Values.nextcloud.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "nextcloud"
... ...

67
helmfile/apps/open-xchange/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,67 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# openDesk Dovecot
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dovecot
- name: "dovecot-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.dovecot.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/\
{{ .Values.charts.dovecot.repository }}"
# Open-Xchange
- name: "open-xchange-repo"
keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg"
verify: {{ .Values.charts.openXchangeAppSuite.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuite.registry }}/\
{{ .Values.charts.openXchangeAppSuite.repository }}"
# openDesk Open-Xchange Bootstrap
# Source:
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap
- name: "open-xchange-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\
{{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}"
releases:
- name: "dovecot"
chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}"
version: "{{ .Values.charts.dovecot.version }}"
values:
- "values-dovecot.yaml.gotmpl"
installed: {{ .Values.dovecot.enabled }}
timeout: 900
- name: "open-xchange"
chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}"
version: "{{ .Values.charts.openXchangeAppSuite.version }}"
values:
- "values-openxchange.yaml.gotmpl"
- "values-openxchange-enterprise-contact-picker.yaml.gotmpl"
installed: {{ .Values.oxAppsuite.enabled }}
timeout: 900
- name: "opendesk-open-xchange-bootstrap"
chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}"
version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}"
values:
- "values-openxchange-bootstrap.yaml.gotmpl"
installed: {{ .Values.oxAppsuite.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "open-xchange"
...

66
helmfile/apps/open-xchange/helmfile.yaml
View File

@@ -1,70 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# openDesk Dovecot - path: "./helmfile-child.yaml"
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dovecot
- name: "dovecot-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.dovecot.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/\
{{ .Values.charts.dovecot.repository }}"
# Open-Xchange
- name: "open-xchange-repo"
keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg"
verify: {{ .Values.charts.openXchangeAppSuite.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuite.registry }}/\
{{ .Values.charts.openXchangeAppSuite.repository }}"
# openDesk Open-Xchange Bootstrap
# Source:
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap
- name: "open-xchange-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\
{{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}"
releases:
- name: "dovecot"
chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}"
version: "{{ .Values.charts.dovecot.version }}"
values: values:
- "values-dovecot.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.dovecot.enabled }}
timeout: 900
- name: "open-xchange"
chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}"
version: "{{ .Values.charts.openXchangeAppSuite.version }}"
values:
- "values-openxchange.yaml.gotmpl"
- "values-openxchange-enterprise-contact-picker.yaml.gotmpl"
installed: {{ .Values.oxAppsuite.enabled }}
timeout: 900
- name: "opendesk-open-xchange-bootstrap"
chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}"
version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}"
values:
- "values-openxchange-bootstrap.yaml.gotmpl"
installed: {{ .Values.oxAppsuite.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "open-xchange"
... ...

18
helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
View File

@@ -98,8 +98,14 @@ appsuite:
pageHeaderPrefix: "as8.souvap App Suite" pageHeaderPrefix: "as8.souvap App Suite"
oidcLogin: true oidcLogin: true
oidcPath: "/oidc" oidcPath: "/oidc"
masterAdmin: "admin" masterAdmin: "masteradmin"
masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} masterPassword: {{ .Values.secrets.oxAppsuite.masterAdminPassword | quote }}
hzGroupName: "hzgroup"
hzGroupPassword: {{ .Values.secrets.oxAppsuite.hzGroupPassword | quote }}
basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }}
jolokiaLogin: "jolokia"
jolokiaPassword: {{ .Values.secrets.oxAppsuite.jolokiaPassword | quote }}
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
serviceAccount: serviceAccount:
create: true create: true
@@ -413,6 +419,10 @@ appsuite:
enabled: false enabled: false
core-documentconverter: core-documentconverter:
adminUser: "admin"
adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }}
enabled: true enabled: true
documentConverter: documentConverter:
cache: cache:
@@ -486,6 +496,10 @@ appsuite:
core-imageconverter: core-imageconverter:
enabled: true enabled: true
adminUser: "admin"
adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }}
image: image:
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeImageConverter.registry | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeImageConverter.registry | quote }}
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }} repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}

30
helmfile/apps/openproject-bootstrap/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,30 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# openDesk OpenProject Bootstrap
# Source: Set when repo is managed on Open CoDE
- name: "openproject-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.openprojectBootstrap.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openprojectBootstrap.registry }}/\
{{ .Values.charts.openprojectBootstrap.repository }}"
releases:
- name: "opendesk-openproject-bootstrap"
chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}"
version: "{{ .Values.charts.openprojectBootstrap.version }}"
wait: true
waitForJobs: true
values:
- "values.yaml.gotmpl"
installed: {{ .Values.openproject.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-2"
component: "opendesk-openproject-bootstrap"
...

29
helmfile/apps/openproject-bootstrap/helmfile.yaml
View File

@@ -1,33 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# openDesk OpenProject Bootstrap - path: "./helmfile-child.yaml"
# Source: Set when repo is managed on Open CoDE
- name: "openproject-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.openprojectBootstrap.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openprojectBootstrap.registry }}/\
{{ .Values.charts.openprojectBootstrap.repository }}"
releases:
- name: "opendesk-openproject-bootstrap"
chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}"
version: "{{ .Values.charts.openprojectBootstrap.version }}"
wait: true
waitForJobs: true
values: values:
- "values.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.openproject.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-2"
component: "opendesk-openproject-bootstrap"
... ...

30
helmfile/apps/openproject/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,30 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# OpenProject
# Source: https://github.com/opf/helm-charts
- name: "openproject-repo"
keyring: "../../files/gpg-pubkeys/openproject-com.gpg"
verify: {{ .Values.charts.openproject.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openproject.registry }}/\
{{ .Values.charts.openproject.repository }}"
releases:
- name: "openproject"
chart: "openproject-repo/{{ .Values.charts.openproject.name }}"
version: "{{ .Values.charts.openproject.version }}"
wait: true
waitForJobs: true
values:
- "values.yaml.gotmpl"
installed: {{ .Values.openproject.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "openproject"
...

29
helmfile/apps/openproject/helmfile.yaml
View File

@@ -1,33 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# OpenProject - path: "./helmfile-child.yaml"
# Source: https://github.com/opf/helm-charts
- name: "openproject-repo"
keyring: "../../files/gpg-pubkeys/openproject-com.gpg"
verify: {{ .Values.charts.openproject.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openproject.registry }}/\
{{ .Values.charts.openproject.repository }}"
releases:
- name: "openproject"
chart: "openproject-repo/{{ .Values.charts.openproject.name }}"
version: "{{ .Values.charts.openproject.version }}"
wait: true
waitForJobs: true
values: values:
- "values.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.openproject.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "openproject"
... ...

24
helmfile/apps/provisioning/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,24 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# OX Connector
- name: "ox-connector-repo"
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/\
{{ .Values.charts.oxConnector.repository }}"
releases:
- name: "ox-connector"
chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}"
version: "{{ .Values.charts.oxConnector.version }}"
values:
- "values-oxconnector.yaml.gotmpl"
installed: {{ .Values.oxConnector.enabled }}
commonLabels:
deploy-stage: "component-2"
component: "provisioning"
...

23
helmfile/apps/provisioning/helmfile.yaml
View File

@@ -1,27 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# OX Connector - path: "./helmfile-child.yaml"
- name: "ox-connector-repo"
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/\
{{ .Values.charts.oxConnector.repository }}"
releases:
- name: "ox-connector"
chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}"
version: "{{ .Values.charts.oxConnector.version }}"
values: values:
- "values-oxconnector.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.oxConnector.enabled }}
commonLabels:
deploy-stage: "component-2"
component: "provisioning"
... ...

208
helmfile/apps/services/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,208 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# openDesk Otterize
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-otterize
- name: "otterize-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.otterize.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.otterize.registry }}/\
{{ .Values.charts.otterize.repository }}"
# openDesk Home
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-home
- name: "home-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.home.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.home.registry }}/\
{{ .Values.charts.home.repository }}"
# openDesk Certificates
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-certificates
- name: "certificates-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.certificates.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.certificates.registry }}/\
{{ .Values.charts.certificates.repository }}"
# openDesk PostgreSQL
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postgresql
- name: "postgresql-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.postgresql.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.postgresql.registry }}/\
{{ .Values.charts.postgresql.repository }}"
# openDesk MariaDB
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-mariadb
- name: "mariadb-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.mariadb.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.mariadb.registry }}/\
{{ .Values.charts.mariadb.repository }}"
# openDesk Postfix
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix
- name: "postfix-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.postfix.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/\
{{ .Values.charts.postfix.repository }}"
# openDesk ClamAV
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-clamav
- name: "clamav-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.clamav.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.clamav.registry }}/\
{{ .Values.charts.clamav.repository }}"
- name: "clamav-simple-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.clamavSimple.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/\
{{ .Values.charts.clamavSimple.repository }}"
# VMWare Bitnami
# Source: https://github.com/bitnami/charts/
- name: "memcached-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.memcached.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.memcached.registry }}/\
{{ .Values.charts.memcached.repository }}"
- name: "redis-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.redis.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.redis.registry }}/\
{{ .Values.charts.redis.repository }}"
- name: "minio-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.minio.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.minio.registry }}/\
{{ .Values.charts.minio.repository }}"
releases:
- name: "opendesk-otterize"
chart: "otterize-repo/{{ .Values.charts.otterize.name }}"
version: "{{ .Values.charts.otterize.version }}"
values:
- "values-otterize.yaml.gotmpl"
installed: {{ .Values.security.otterizeIntents.enabled }}
timeout: 900
- name: "opendesk-home"
chart: "home-repo/{{ .Values.charts.home.name }}"
version: "{{ .Values.charts.home.version }}"
values:
- "values-home.yaml.gotmpl"
installed: {{ .Values.home.enabled }}
- name: "opendesk-certificates"
chart: "certificates-repo/{{ .Values.charts.certificates.name }}"
version: "{{ .Values.charts.certificates.version }}"
values:
- "values-certificates.yaml.gotmpl"
installed: {{ .Values.certificates.enabled }}
timeout: 900
- name: "redis"
chart: "redis-repo/{{ .Values.charts.redis.name }}"
version: "{{ .Values.charts.redis.version }}"
values:
- "values-redis.yaml.gotmpl"
installed: {{ .Values.redis.enabled }}
timeout: 900
- name: "memcached"
chart: "memcached-repo/{{ .Values.charts.memcached.name }}"
version: "{{ .Values.charts.memcached.version }}"
values:
- "values-memcached.yaml.gotmpl"
installed: {{ .Values.memcached.enabled }}
timeout: 900
- name: "postgresql"
chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}"
version: "{{ .Values.charts.postgresql.version }}"
values:
- "values-postgresql.yaml.gotmpl"
installed: {{ .Values.postgresql.enabled }}
timeout: 900
- name: "mariadb"
chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}"
version: "{{ .Values.charts.mariadb.version }}"
values:
- "values-mariadb.yaml.gotmpl"
installed: {{ .Values.mariadb.enabled }}
timeout: 900
- name: "postfix"
chart: "postfix-repo/{{ .Values.charts.postfix.name }}"
version: "{{ .Values.charts.postfix.version }}"
values:
- "values-postfix.yaml.gotmpl"
installed: {{ .Values.postfix.enabled }}
timeout: 900
- name: "clamav"
chart: "clamav-repo/{{ .Values.charts.clamav.name }}"
version: "{{ .Values.charts.clamav.version }}"
values:
- "values-clamav-distributed.yaml.gotmpl"
installed: {{ .Values.clamavDistributed.enabled }}
timeout: 900
- name: "clamav-simple"
chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}"
version: "{{ .Values.charts.clamavSimple.version }}"
values:
- "values-clamav-simple.yaml.gotmpl"
installed: {{ .Values.clamavSimple.enabled }}
timeout: 900
- name: "minio"
chart: "minio-repo/{{ .Values.charts.minio.name }}"
version: "{{ .Values.charts.minio.version }}"
values:
- "values-minio.yaml.gotmpl"
installed: {{ .Values.minio.enabled }}
timeout: 900
commonLabels:
deploy-stage: "services"
component: "services"
...

206
helmfile/apps/services/helmfile.yaml
View File

@@ -5,208 +5,8 @@
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# openDesk Otterize - path: "./helmfile-child.yaml"
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-otterize
- name: "otterize-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.otterize.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.otterize.registry }}/\
{{ .Values.charts.otterize.repository }}"
# openDesk Home
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-home
- name: "home-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.home.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.home.registry }}/\
{{ .Values.charts.home.repository }}"
# openDesk Certificates
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-certificates
- name: "certificates-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.certificates.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.certificates.registry }}/\
{{ .Values.charts.certificates.repository }}"
# openDesk PostgreSQL
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postgresql
- name: "postgresql-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.postgresql.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.postgresql.registry }}/\
{{ .Values.charts.postgresql.repository }}"
# openDesk MariaDB
# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-mariadb
- name: "mariadb-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.mariadb.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.mariadb.registry }}/\
{{ .Values.charts.mariadb.repository }}"
# openDesk Postfix
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix
- name: "postfix-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.postfix.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/\
{{ .Values.charts.postfix.repository }}"
# openDesk ClamAV
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-clamav
- name: "clamav-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.clamav.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.clamav.registry }}/\
{{ .Values.charts.clamav.repository }}"
- name: "clamav-simple-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.clamavSimple.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/\
{{ .Values.charts.clamavSimple.repository }}"
# VMWare Bitnami
# Source: https://github.com/bitnami/charts/
- name: "memcached-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.memcached.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.memcached.registry }}/\
{{ .Values.charts.memcached.repository }}"
- name: "redis-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.redis.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.redis.registry }}/\
{{ .Values.charts.redis.repository }}"
- name: "minio-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.minio.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.minio.registry }}/\
{{ .Values.charts.minio.repository }}"
releases:
- name: "opendesk-otterize"
chart: "otterize-repo/{{ .Values.charts.otterize.name }}"
version: "{{ .Values.charts.otterize.version }}"
values: values:
- "values-otterize.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.security.otterizeIntents.enabled }}
timeout: 900
- name: "opendesk-home"
chart: "home-repo/{{ .Values.charts.home.name }}"
version: "{{ .Values.charts.home.version }}"
values:
- "values-home.yaml.gotmpl"
installed: {{ .Values.home.enabled }}
- name: "opendesk-certificates"
chart: "certificates-repo/{{ .Values.charts.certificates.name }}"
version: "{{ .Values.charts.certificates.version }}"
values:
- "values-certificates.yaml.gotmpl"
installed: {{ .Values.certificates.enabled }}
timeout: 900
- name: "redis"
chart: "redis-repo/{{ .Values.charts.redis.name }}"
version: "{{ .Values.charts.redis.version }}"
values:
- "values-redis.yaml.gotmpl"
installed: {{ .Values.redis.enabled }}
timeout: 900
- name: "memcached"
chart: "memcached-repo/{{ .Values.charts.memcached.name }}"
version: "{{ .Values.charts.memcached.version }}"
values:
- "values-memcached.yaml.gotmpl"
installed: {{ .Values.memcached.enabled }}
timeout: 900
- name: "postgresql"
chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}"
version: "{{ .Values.charts.postgresql.version }}"
values:
- "values-postgresql.yaml.gotmpl"
installed: {{ .Values.postgresql.enabled }}
timeout: 900
- name: "mariadb"
chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}"
version: "{{ .Values.charts.mariadb.version }}"
values:
- "values-mariadb.yaml.gotmpl"
installed: {{ .Values.mariadb.enabled }}
timeout: 900
- name: "postfix"
chart: "postfix-repo/{{ .Values.charts.postfix.name }}"
version: "{{ .Values.charts.postfix.version }}"
values:
- "values-postfix.yaml.gotmpl"
installed: {{ .Values.postfix.enabled }}
timeout: 900
- name: "clamav"
chart: "clamav-repo/{{ .Values.charts.clamav.name }}"
version: "{{ .Values.charts.clamav.version }}"
values:
- "values-clamav-distributed.yaml.gotmpl"
installed: {{ .Values.clamavDistributed.enabled }}
timeout: 900
- name: "clamav-simple"
chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}"
version: "{{ .Values.charts.clamavSimple.version }}"
values:
- "values-clamav-simple.yaml.gotmpl"
installed: {{ .Values.clamavSimple.enabled }}
timeout: 900
- name: "minio"
chart: "minio-repo/{{ .Values.charts.minio.name }}"
version: "{{ .Values.charts.minio.version }}"
values:
- "values-minio.yaml.gotmpl"
installed: {{ .Values.minio.enabled }}
timeout: 900
commonLabels:
deploy-stage: "services"
component: "services"
... ...

48
helmfile/apps/univention-management-stack/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,48 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# Univention Management Stack Umbrella Chart
- name: "ums"
keyring: "../../files/gpg-pubkeys/univention-de.gpg"
verify: {{ .Values.charts.ums.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url:
"{{ .Values.global.helmRegistry | default .Values.charts.ums.registry }}/\
{{ .Values.charts.ums.repository }}"
# OpenDesk Keycloak Bootstrap Chart
- name: "opendesk-keycloak-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.opendeskKeycloakBootstrap.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskKeycloakBootstrap.registry }}/\
{{ .Values.charts.opendeskKeycloakBootstrap.repository }}"
releases:
# Univention Management Stack Umbrella Chart
- name: "ums"
chart: "ums/{{ .Values.charts.ums.name }}"
version: "{{ .Values.charts.ums.version }}"
values:
- "values-umbrella.yaml.gotmpl"
installed: {{ .Values.univentionManagementStack.enabled }}
timeout: 900
# OpenDesk Keycloak Bootstrap Chart
- name: "opendesk-keycloak-bootstrap"
chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.opendeskKeycloakBootstrap.name }}"
version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}"
values:
- "values-opendesk-keycloak-bootstrap.yaml.gotmpl"
needs:
- "ums"
installed: {{ .Values.univentionManagementStack.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "univention-management-stack"
...

47
helmfile/apps/univention-management-stack/helmfile.yaml
View File

@@ -1,51 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# Univention Management Stack Umbrella Chart - path: "./helmfile-child.yaml"
- name: "ums"
keyring: "../../files/gpg-pubkeys/univention-de.gpg"
verify: {{ .Values.charts.ums.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url:
"{{ .Values.global.helmRegistry | default .Values.charts.ums.registry }}/\
{{ .Values.charts.ums.repository }}"
# OpenDesk Keycloak Bootstrap Chart
- name: "opendesk-keycloak-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.opendeskKeycloakBootstrap.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskKeycloakBootstrap.registry }}/\
{{ .Values.charts.opendeskKeycloakBootstrap.repository }}"
releases:
# Univention Management Stack Umbrella Chart
- name: "ums"
chart: "ums/{{ .Values.charts.ums.name }}"
version: "{{ .Values.charts.ums.version }}"
values: values:
- "values-umbrella.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.univentionManagementStack.enabled }}
timeout: 900
# OpenDesk Keycloak Bootstrap Chart
- name: "opendesk-keycloak-bootstrap"
chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.opendeskKeycloakBootstrap.name }}"
version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}"
values:
- "values-opendesk-keycloak-bootstrap.yaml.gotmpl"
needs:
- "ums"
installed: {{ .Values.univentionManagementStack.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "univention-management-stack"
... ...

29
helmfile/apps/xwiki/helmfile-child.yaml Normal file
View File

@@ -0,0 +1,29 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
repositories:
# XWiki
# Source: https://github.com/xwiki-contrib/xwiki-helm
- name: "xwiki-repo"
keyring: "../../files/gpg-pubkeys/xwiki-com.gpg"
verify: {{ .Values.charts.xwiki.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.xwiki.registry }}/\
{{ .Values.charts.xwiki.repository }}"
releases:
- name: "xwiki"
chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}"
version: "{{ .Values.charts.xwiki.version }}"
wait: true
values:
- "values.yaml.gotmpl"
installed: {{ .Values.xwiki.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "xwiki"
...

28
helmfile/apps/xwiki/helmfile.yaml
View File

@@ -1,32 +1,12 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
--- ---
repositories: helmfiles:
# XWiki - path: "./helmfile-child.yaml"
# Source: https://github.com/xwiki-contrib/xwiki-helm
- name: "xwiki-repo"
keyring: "../../files/gpg-pubkeys/xwiki-com.gpg"
verify: {{ .Values.charts.xwiki.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.xwiki.registry }}/\
{{ .Values.charts.xwiki.repository }}"
releases:
- name: "xwiki"
chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}"
version: "{{ .Values.charts.xwiki.version }}"
wait: true
values: values:
- "values.yaml.gotmpl" - {{ toYaml .Values | nindent 8 }}
installed: {{ .Values.xwiki.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-1"
component: "xwiki"
... ...

5
helmfile/environments/default/secrets.gotmpl
View File

@@ -7,11 +7,15 @@ SPDX-License-Identifier: Apache-2.0
secrets: secrets:
oxAppsuite: oxAppsuite:
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
masterAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "master_admin_password" | sha1sum | quote }}
cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }} cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }} sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }}
shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }} shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}
oxguardMC: {{ printf "MC%s" (randAlphaNum 20 | b64enc) | quote }} oxguardMC: {{ printf "MC%s" (randAlphaNum 20 | b64enc) | quote }}
oxguardRC: {{ printf "RC%s" (randAlphaNum 20 | b64enc) | quote }} oxguardRC: {{ printf "RC%s" (randAlphaNum 20 | b64enc) | quote }}
hzGroupPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "hz_group_password" | sha1sum | quote }}
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
jolokiaPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "jolokia_password" | sha1sum | quote }}
univentionManagementStack: univentionManagementStack:
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }} ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
ldapSearch: ldapSearch:
@@ -46,7 +50,6 @@ secrets:
udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }} udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
nats: nats:
natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }} natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }}
postgresql: postgresql:
postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }} postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }}
keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }} keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}

39
helmfile_generic.yaml Normal file
View File

@@ -0,0 +1,39 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
#
# Advanced Configuration: Nested States
#
helmfiles:
# Path to the helmfile state file being processed BEFORE releases in this state file
- path: "helmfile/apps/services/helmfile-child.yaml"
values: &values
- "helmfile/environments/default/*.yaml"
- "helmfile/environments/default/*.gotmpl"
- {{ toYaml .Values | nindent 8 }}
- path: "helmfile/apps/univention-management-stack/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/intercom-service/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/open-xchange/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/nextcloud/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/collabora/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/cryptpad/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/jitsi/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/element/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/openproject/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/xwiki/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/provisioning/helmfile-child.yaml"
values: *values
- path: "helmfile/apps/openproject-bootstrap/helmfile-child.yaml"
values: *values
missingFileHandler: "Error"
...