fix(helmfile): Support component specific storageClassNames. **Note:** Please check the migration.md if you upgrade a deployment that has set custom PVC sizes using persistence.size settings.

2025-12-06 07:21:36 +01:00 · 2025-01-16 16:20:38 +01:00
parent 033cb558dd
commit bacf51efb1
18 changed files with 131 additions and 50 deletions
--- a/.kyverno/policies/template-storage.yaml
+++ b/.kyverno/policies/template-storage.yaml
@@ -10,7 +10,7 @@ metadata:
    policies.kyverno.io/subject: "Pod"
    policies.kyverno.io/description: >-
      This policy validates if `.Values.persistence.storageClassNames` variables are used in templates and if the size
-      of volumes can be customized by `.Values.persistence.size` variable.
+      of volumes can be customized by `.Values.persistence.storages.<COMPONENT>.size` variable.
 spec:
  background: true
  rules:
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ openDesk currently features the following functional main components:
 | File management      | Nextcloud                   | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8)                                                 | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                           |
 | Groupware            | OX App Suite                | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/)                               | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
 | Knowledge management | XWiki                       | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/)                       | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                     |
-| Portal & IAM         | Nubus                       | [1.4.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |
+| Portal & IAM         | Nubus                       | [1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |
 | Project management   | OpenProject                 | [15.1.1](https://www.openproject.org/docs/release-notes/15-1-1/)                                     | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
 | Videoconferencing    | Jitsi                       | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823)                | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                            |
 | Weboffice            | Collabora                   | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/)                               | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)        |
--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -11,6 +11,7 @@ SPDX-License-Identifier: Apache-2.0
 * [Manual update steps](#manual-update-steps)
  * [From v1.1.0: Manual checks/steps](#from-v110-manual-checkssteps)
    * [Pre-upgrade](#pre-upgrade)
      * [Helmfile Feature: Component specific `storageClassName`](#helmfile-feature-component-specific-storageclassname)
      * [Helmfile new secret: `secrets.nubus.masterpassword`](#helmfile-new-secret-secretsnubusmasterpassword)
  * [From v1.0.0: Manual checks/steps](#from-v100-manual-checkssteps)
    * [Pre-upgrade](#pre-upgrade-1)
@@ -87,6 +88,53 @@ Be sure you check all the sections for the releases your are going to update you
 ### Pre-upgrade
 #### Helmfile Feature: Component specific `storageClassName`
 With openDesk 1.1.1 we support component specific `storageClassName` definitions beside the global ones, but we had to adapt the structure that can be found in `persistence.yaml.gotmpl` to achieve this in a clean manner.
 If you have set custom `persistence.size.*`-values for your deployment, please continue reading as you need to adapt your `persistence` settings to the new structure.
 When comparing the [old 1.1.0 structure](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/v1.1.0/helmfile/environments/default/persistence.yaml.gotmpl) with the [new one](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/v1.1.1/helmfile/environments/default/persistence.yaml.gotmpl) you can spot the changes:
 - We replaced `persistence.size` with `persistence.storages`.
 - Below each component you can define now the `size` and the optional component specific `storageClassName`.
 - We streamlined all components to be on the same level, as Nubus had an additional level of nesting before.
 So a setting of:
 ```yaml
 persistence:
  size:
    synapse: "1Gi"
 ```
 needs to be changed to:
 ```yaml
 persistence:
  storages:
    synapse:
      size: "1Gi"
 ```
 or for the Nubus related entries, the following:
 ```yaml
 persistence:
  size:
    nubus:
      ldapServerData: "1Gi"
 ```
 needs to be changed to:
 ```yaml
 persistence:
  storages:
    nubusLdapServerData:
      size: "1Gi"
 ```
 #### Helmfile new secret: `secrets.nubus.masterpassword`
 A not yet templated secret was discovered in the Nubus deployment that is now defined in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) with the key `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the value of the `MASTER_PASSWORD` environment variable used in your deployment.
--- a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
@@ -81,8 +81,8 @@ liveness sample:
  enabled: true
 persistence:
-  size: {{ .Values.persistence.size.matrixNeoDateFixBot | quote }}
+  size: {{ .Values.persistence.storages.matrixNeoDateFixBot.size | quote }}
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.matrixNeoDateFixBot.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations: {}
--- a/helmfile/apps/element/values-synapse.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse.yaml.gotmpl
@@ -176,8 +176,8 @@ image:
  tag: {{ .Values.images.synapse.tag | quote }}
 persistence:
-  size: {{ .Values.persistence.size.synapse | quote }}
+  size: {{ .Values.persistence.storages.synapse.size | quote }}
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.synapse.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations: {}
--- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
+++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
@@ -138,8 +138,8 @@ jitsi:
    resources:
      {{ .Values.resources.prosody | toYaml | nindent 6 }}
    persistence:
-      size: {{ .Values.persistence.size.prosody | quote }}
+      size: {{ .Values.persistence.storages.prosody.size | quote }}
-      storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
+      storageClassName: {{ coalesce .Values.persistence.storages.prosody.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
    securityContext:
      allowPrivilegeEscalation: false
      capabilities: {}
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -581,8 +581,8 @@ nubusPortalConsumer:
      accessKey: {{ .Values.objectstores.nubus.username | quote }}
      secretKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
  persistence:
-    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+    size: {{ .Values.persistence.storages.nubusPortalConsumer.size | quote }}
-    size: {{ .Values.persistence.size.nubus.portalConsumer | quote }}
+    storageClass: {{ coalesce .Values.persistence.storages.nubusPortalConsumer.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
  podAnnotations:
    intents.otterize.com/service-name: "ums-portal-consumer"
  provisioningApi:
@@ -811,8 +811,8 @@ nubusLdapServer:
        tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }}
        pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  persistence:
-    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+    size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }}
-    size: {{ .Values.persistence.size.nubus.ldapServerData | quote }}
+    storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
  replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }}
  replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }}
  replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }}
@@ -914,7 +914,8 @@ nubusProvisioning:
        tag: {{ .Values.images.nubusNatsBox.tag }}
        imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    persistence:
-      size: {{ .Values.persistence.size.nubus.provisioningNats }}
+      size: {{ .Values.persistence.storages.nubusProvisioningNats.size }}
      storageClass: {{ coalesce .Values.persistence.storages.nubusProvisioningNats.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
    reloader:
      image:
        registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsReloader.registry | quote }}
--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -92,15 +92,15 @@ podSecurityContext:
 persistence:
  {{- if .Values.cluster.persistence.readWriteMany.enabled }}
-  storageClassName: {{ .Values.persistence.storageClassNames.RWX | quote }}
+  storageClassName: {{ coalesce .Values.persistence.storages.dovecot.storageClassName .Values.persistence.storageClassNames.RWX | quote }}
  accessModes:
    - "ReadWriteMany"
  {{- else }}
-  storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  storageClassName: {{ coalesce .Values.persistence.storages.dovecot.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
  accessModes:
    - "ReadWriteOnce"
  {{- end }}
-  size: {{ .Values.persistence.size.dovecot | quote }}
+  size: {{ .Values.persistence.storages.dovecot.size | quote }}
 resources:
  {{ .Values.resources.dovecot | toYaml | nindent 2 }}
--- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
@@ -66,7 +66,8 @@ resourcesWaitForDependency:
  {{ .Values.resources.oxConnector | toYaml | nindent 2 }}
 persistence:
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  size: {{ .Values.persistence.storages.oxConnector.size | quote }}
  storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations: {}
--- a/helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl
@@ -152,6 +152,6 @@ milter:
    {{ .Values.resources.milter | toYaml | nindent 4 }}
 persistence:
-  storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }}
+  size: {{ .Values.persistence.storages.clamav.size | quote }}
-  size: {{ .Values.persistence.size.clamav | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.clamav.storageClassName .Values.persistence.storageClassNames.RWX | quote }}
 ...
--- a/helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl
@@ -37,8 +37,8 @@ image:
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 persistence:
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  size: {{ .Values.persistence.storages.clamav.size | quote }}
-  size: {{ .Values.persistence.size.clamav | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.clamav.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations: {}
--- a/helmfile/apps/services-external/values-mariadb.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-mariadb.yaml.gotmpl
@@ -71,8 +71,8 @@ mariadb:
    value: {{ .Values.secrets.mariadb.rootPassword | quote }}
 persistence:
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  size: {{ .Values.persistence.storages.mariadb.size | quote }}
-  size: {{ .Values.persistence.size.mariadb | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.mariadb.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations:
  argocd.argoproj.io/hook: "PostSync"
--- a/helmfile/apps/services-external/values-minio.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-minio.yaml.gotmpl
@@ -90,8 +90,8 @@ podSecurityContext:
  fsGroup: 1001
 persistence:
-  storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
+  size: {{ .Values.persistence.storages.minio.size | quote }}
-  size: "{{ .Values.persistence.size.minio }}"
+  storageClass: {{ coalesce .Values.persistence.storages.minio.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 provisioning:
  enabled: true
--- a/helmfile/apps/services-external/values-postfix.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-postfix.yaml.gotmpl
@@ -34,8 +34,8 @@ image:
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 persistence:
-  size: {{ .Values.persistence.size.postfix | quote }}
+  size: {{ .Values.persistence.storages.postfix.size | quote }}
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.postfix.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 podSecurityContext:
  enabled: true
--- a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl
@@ -89,8 +89,8 @@ job:
      user: {{ .Values.databases.umsSelfservice.username | quote }}
 persistence:
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  size: {{ .Values.persistence.storages.postgresql.size | quote }}
-  size: {{ .Values.persistence.size.postgresql | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.postgresql.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations:
  argocd.argoproj.io/hook: "PostSync"
--- a/helmfile/apps/services-external/values-redis.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-redis.yaml.gotmpl
@@ -12,7 +12,7 @@ auth:
 global:
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.redis.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 image:
  registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.redis.registry | quote }}
@@ -37,7 +37,7 @@ master:
      {{ .Values.seLinuxOptions.redis | toYaml | nindent 6 }}
  count: {{ .Values.replicas.redis }}
  persistence:
-    size: {{ .Values.persistence.size.redis | quote }}
+    size: {{ .Values.persistence.storages.redis.size | quote }}
  podAnnotations: {}
  resources:
    {{ .Values.resources.redis | toYaml | nindent 4 }}
--- a/helmfile/apps/xwiki/values.yaml.gotmpl
+++ b/helmfile/apps/xwiki/values.yaml.gotmpl
@@ -133,8 +133,8 @@ mysql:
  enabled: false
 persistence:
-  size: {{ .Values.persistence.size.xwiki | quote }}
+  size: {{ .Values.persistence.storages.xwiki.size | quote }}
-  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.xwiki.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
 postgresql:
  enabled: false
--- a/helmfile/environments/default/persistence.yaml.gotmpl
+++ b/helmfile/environments/default/persistence.yaml.gotmpl
@@ -2,24 +2,55 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 persistence:
  # Will be used as default if not otherwise define on the component level
  storageClassNames:
    RWX: ""
    RWO: ""
-  size:
+
-    clamav: "1Gi"
+  storages:
-    dovecot: "1Gi"
+    clamav:
-    mariadb: "1Gi"
+      size: "1Gi"
-    matrixNeoDateFixBot: "1Gi"
+      storageClassName: ~
-    minio: "10Gi"
+    dovecot:
-    postfix: "1Gi"
+      size: "1Gi"
-    postgresql: "1Gi"
+      storageClassName: ~
-    prosody: "1Gi"
+    mariadb:
-    redis: "1Gi"
+      size: "1Gi"
-    synapse: "1Gi"
+      storageClassName: ~
-    nubus:
+    matrixNeoDateFixBot:
-      ldapServerData: "1Gi"
+      size: "1Gi"
-      ldapServerShared: "1Gi"
+      storageClassName: ~
-      portalConsumer: "1Gi"
+    minio:
-      provisioningNats: "1Gi"
+      size: "10Gi"
-    xwiki: "1Gi"
+      storageClassName: ~
    nubusLdapServerData:
      size: "1Gi"
      storageClassName: ~
    nubusPortalConsumer:
      size: "1Gi"
      storageClassName: ~
    nubusProvisioningNats:
      size: "1Gi"
      storageClassName: ~
    oxConnector:
      size: "1Gi"
      storageClassName: ~
    postfix:
      size: "1Gi"
      storageClassName: ~
    postgresql:
      size: "1Gi"
      storageClassName: ~
    prosody:
      size: "1Gi"
      storageClassName: ~
    redis:
      size: "1Gi"
      storageClassName: ~
    synapse:
      size: "1Gi"
      storageClassName: ~
    xwiki:
      size: "1Gi"
      storageClassName: ~
 ...