feat(open-xchange): Use internal endpoint for provisioning and support for optionally spinning up a dedicated internal Pod just for provisioning (see technial.oxAppSuite.provisioning.dedicatedCoreMwPod for details)

2025-12-06 07:21:36 +01:00 · 2025-07-22 12:49:20 +02:00
parent e3b6a28993
commit c982b483de
4 changed files with 53 additions and 2 deletions
--- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
@@ -120,6 +120,9 @@ appsuite:
        annotations:
          {{ .Values.annotations.openxchangeAppsuiteIngress.trailslash | toYaml | nindent 10 }}
      rest-routes-admin:
+        {{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
+        enabled: false
+        {{- end }}
        annotations:
          {{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesAdmin | toYaml | nindent 10 }}
      rest-routes-advertisement:
@@ -224,6 +227,34 @@ appsuite:
            - admin
            - businessmobility
            - request-analyzer
+    roles:
+      admin:
+        values:
+          features:
+            status:
+              admin: "enabled"
+          packages:
+            status:
+              open-xchange-admin-contextrestore: "enabled"
+              open-xchange-admin-oauth-provider: "enabled"
+              open-xchange-admin-soap: "enabled"
+              open-xchange-admin-soap-usercopy: "enabled"
+              open-xchange-admin-user-copy: "enabled"
+    {{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
+    scaling:
+      nodes:
+        groupware:
+          replicas: {{ .Values.replicas.openxchangeCoreMW }}
+          roles:
+            - "http-api"
+            - "sync"
+            - "businessmobility"
+            - "request-analyzer"
+        admin:
+          replicas: 1
+          roles:
+            - "admin"
+    {{- end }}
    masterAdmin: "admin"
    masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
    hzGroupName: "hzgroup"
@@ -245,6 +276,10 @@ appsuite:
        # admin: enabled
        documents: "disabled"
        guard: "enabled"
+        # disabling admin role breaks webmail
+        # {{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
+        # admin: "disabled"
+        # {{- end }}
    gotenberg:
      enabled: true
      imagePullSecrets:
@@ -304,6 +339,14 @@ appsuite:
        open-xchange-hostname-config-cascade: "enabled"
        # Enable s3 storage
        open-xchange-filestore-s3: "enabled"
+        {{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
+        # disabling admin feature breaks webmail, so only sub packages are disabled:
+        open-xchange-admin-contextrestore: "disabled"
+        open-xchange-admin-oauth-provider: "disabled"
+        open-xchange-admin-soap: "disabled"
+        open-xchange-admin-soap-usercopy: "disabled"
+        open-xchange-admin-user-copy: "disabled"
+        {{- end }}
    properties:
      com.openexchange.hostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
      com.openexchange.UIWebPath: "/appsuite/"
--- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
@@ -49,7 +49,7 @@ oxConnector:
  oxMasterAdmin: "admin"
  oxMasterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
  oxSmtpServer: "smtp://127.0.0.1:587"
-  oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
+  oxSoapServer: "http://open-xchange-core-mw-admin"

 provisioningApi:
  connection:
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -407,7 +407,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
    name: "opendesk-open-xchange-bootstrap"
-    version: "4.0.0"
+    version: "4.0.1"
    verify: true
  oxConnector:
    # providerCategory: "Supplier"
--- a/helmfile/environments/default/technical.yaml.gotmpl
+++ b/helmfile/environments/default/technical.yaml.gotmpl
@@ -6,4 +6,12 @@ technical:
  collabora:
    # Defines the value for the start parameter `-o:num_prespawn_children`
    numPrespawnChildren: 4
+  # Groupware related technical settings
+  oxAppSuite:
+    provisioning:
+      # In environments with a large number of users and groups, we offer the option to enable a
+      # dedicated Pod for the OX App Suite Core Middleware, exclusively handling provisioning tasks.
+      # This approach ensures that heavy provisioning workloads do not negatively impact the user
+      # experience, such as by slowing down pods that serve end-user sessions.
+      dedicatedCoreMwPod: false
 ...