diff --git a/helmfile/apps/services/values-mariadb.yaml.gotmpl b/helmfile/apps/services/values-mariadb.yaml.gotmpl index fc5109b0..c4af2181 100644 --- a/helmfile/apps/services/values-mariadb.yaml.gotmpl +++ b/helmfile/apps/services/values-mariadb.yaml.gotmpl @@ -3,6 +3,7 @@ --- cleanup: deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} containerSecurityContext: allowPrivilegeEscalation: false @@ -35,19 +36,32 @@ job: retries: 10 wait: 30 users: - - username: "xwiki_user" - password: {{ .Values.secrets.mariadb.xwikiUser | quote }} - - username: "openxchange_user" - password: {{ .Values.secrets.mariadb.openxchangeUser | quote }} - - username: "nextcloud_user" + - username: {{ .Values.databases.nextcloud.username | quote }} password: {{ .Values.secrets.mariadb.nextcloudUser | quote}} + connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + # OX and XWiki are using the db's `root` users (see `database.yaml`). So we are statically referencing their dedicated + # users for the moment. + - username: "openxchange_user" + # - username: {{ .Values.databases.xwiki.username | quote }} + password: {{ .Values.secrets.mariadb.openxchangeUser | quote }} + connectionLimit: {{ .Values.databases.oxAppsuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: "xwiki_user" + # - username: {{ .Values.databases.oxAppsuite.username | quote }} + password: {{ .Values.secrets.mariadb.xwikiUser | quote }} + connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} databases: - - name: "xwiki" - user: "xwiki_user" - - name: "nextcloud" - user: "nextcloud_user" + - name: {{ .Values.databases.nextcloud.name | quote }} + user: {{ .Values.databases.nextcloud.username | quote }} + # OX and XWiki are using the db's `root` users (see `database.yaml`). So we are statically referencing their dedicated + # users for the moment. - name: "openxchange" user: "openxchange_user" + # - name: {{ .Values.databases.oxAppsuite.name | quote }} + # user: {{ .Values.databases.oxAppsuite.username | quote }} + - name: "xwiki" + user: "xwiki_user" + # - name: {{ .Values.databases.xwiki.name | quote }} + # user: {{ .Values.databases.xwiki.username | quote }} mariadb: rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }} diff --git a/helmfile/apps/services/values-minio.yaml.gotmpl b/helmfile/apps/services/values-minio.yaml.gotmpl index ac184b1e..cc893b80 100644 --- a/helmfile/apps/services/values-minio.yaml.gotmpl +++ b/helmfile/apps/services/values-minio.yaml.gotmpl @@ -85,7 +85,8 @@ persistence: provisioning: enabled: true cleanupAfterFinished: - enabled: true + enabled: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + seconds: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} extraCommands: - "mc anonymous set download provisioning/ums/portal-assets" buckets: diff --git a/helmfile/apps/services/values-postgresql.yaml.gotmpl b/helmfile/apps/services/values-postgresql.yaml.gotmpl index c0cf5328..f41cc5f9 100644 --- a/helmfile/apps/services/values-postgresql.yaml.gotmpl +++ b/helmfile/apps/services/values-postgresql.yaml.gotmpl @@ -1,6 +1,10 @@ # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- +cleanup: + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} + containerSecurityContext: allowPrivilegeEscalation: false capabilities: @@ -17,8 +21,6 @@ containerSecurityContext: seLinuxOptions: {{ .Values.seLinuxOptions.postgresql | toYaml | nindent 4 }} -job: - podSecurityContext: enabled: true fsGroup: 1001 @@ -43,36 +45,43 @@ image: job: users: - - username: "keycloak_user" + - username: {{ .Values.databases.keycloak.username | quote }} password: {{ .Values.secrets.postgresql.keycloakUser | quote }} - - username: "openproject_user" + connectionLimit: {{ .Values.databases.keycloak.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: {{ .Values.databases.openproject.username | quote }} password: {{ .Values.secrets.postgresql.openprojectUser | quote }} - - username: "keycloak_extensions_user" + connectionLimit: {{ .Values.databases.openproject.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: {{ .Values.databases.keycloakExtension.username | quote }} password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }} - - username: "matrix_user" + connectionLimit: {{ .Values.databases.keycloakExtension.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: {{ .Values.databases.synapse.username | quote }} password: {{ .Values.secrets.postgresql.matrixUser | quote }} - - username: "notificationsapi_user" + connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: {{ .Values.databases.umsNotificationsApi.username | quote }} password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }} - - username: "guardianmanagementapi_user" + connectionLimit: {{ .Values.databases.umsNotificationsApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: {{ .Values.databases.umsGuardianManagementApi.username | quote }} password: {{ .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }} - - username: "selfservice_user" + connectionLimit: {{ .Values.databases.umsGuardianManagementApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: {{ .Values.databases.umsSelfservice.username | quote }} password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }} + connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} databases: - - name: "keycloak" - user: "keycloak_user" - - name: "keycloak_extensions" - user: "keycloak_extensions_user" - - name: "openproject" - user: "openproject_user" - - name: "matrix" - user: "matrix_user" + - name: {{ .Values.databases.keycloak.name | quote }} + user: {{ .Values.databases.keycloak.username | quote }} + - name: {{ .Values.databases.keycloakExtension.name | quote }} + user: {{ .Values.databases.keycloakExtension.username | quote }} + - name: {{ .Values.databases.openproject.name | quote }} + user: {{ .Values.databases.openproject.username | quote }} + - name: {{ .Values.databases.synapse.name | quote }} + user: {{ .Values.databases.synapse.username | quote }} additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0" - - name: "guardianmanagementapi" - user: "guardianmanagementapi_user" - - name: "notificationsapi" - user: "notificationsapi_user" - - name: "selfservice" - user: "selfservice_user" + - name: {{ .Values.databases.umsGuardianManagementApi.name | quote }} + user: {{ .Values.databases.umsGuardianManagementApi.username | quote }} + - name: {{ .Values.databases.umsNotificationsApi.name | quote }} + user: {{ .Values.databases.umsNotificationsApi.username | quote }} + - name: {{ .Values.databases.umsSelfservice.name | quote }} + user: {{ .Values.databases.umsSelfservice.username | quote }} persistence: storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index 7315c3d4..74b3ec3f 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -142,7 +142,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-mariadb" name: "mariadb" - version: "2.2.1" + version: "2.3.1" verify: true matrixNeoboardWidget: # providerCategory: "Platform" @@ -360,7 +360,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql" name: "postgresql" - version: "2.0.5" + version: "2.1.1" verify: true redis: # providerCategory: "Community" diff --git a/helmfile/environments/default/database.yaml b/helmfile/environments/default/database.yaml index d0cd6a2b..7b41f943 100644 --- a/helmfile/environments/default/database.yaml +++ b/helmfile/environments/default/database.yaml @@ -2,62 +2,76 @@ # SPDX-License-Identifier: Apache-2.0 --- databases: + defaults: + userConnectionLimit: 100 keycloak: name: "keycloak" host: "postgresql" port: 5432 username: "keycloak_user" password: "" + connectionLimit: ~ keycloakExtension: name: "keycloak_extensions" host: "postgresql" port: 5432 username: "keycloak_extensions_user" password: "" + connectionLimit: ~ nextcloud: name: "nextcloud" host: "mariadb" port: 3306 username: "nextcloud_user" password: "" + connectionLimit: ~ openproject: name: "openproject" host: "postgresql" port: 5432 username: "openproject_user" password: "" + connectionLimit: ~ oxAppsuite: - host: "mariadb" name: "configdb" + host: "mariadb" + port: 3306 username: "root" password: "" + connectionLimit: ~ synapse: - host: "postgresql" name: "matrix" + host: "postgresql" + port: 5432 username: "matrix_user" password: "" - port: 5432 + connectionLimit: ~ umsGuardianManagementApi: name: "guardianmanagementapi" host: "postgresql" port: 5432 username: "guardianmanagementapi_user" password: "" + connectionLimit: ~ umsNotificationsApi: name: "notificationsapi" host: "postgresql" port: 5432 username: "notificationsapi_user" password: "" + connectionLimit: ~ umsSelfservice: name: "selfservice" host: "postgresql" port: 5432 username: "selfservice_user" password: "" + connectionLimit: 10 xwiki: name: "xwiki" host: "mariadb" + port: 3306 username: "root" password: "" + connectionLimit: ~ ...