diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2cfe282e..27d2270d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -92,7 +92,7 @@ variables: - "yes" - "no" DEPLOY_UMS: - description: "Enable Univention Management Stack deployment." + description: "Enable Nubus deployment." value: "no" options: - "yes" @@ -317,7 +317,7 @@ ums-deploy: ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UMS != "no") when: "on_success" variables: - COMPONENT: "univention-management-stack" + COMPONENT: "nubus" ox-deploy: stage: "component-deploy-stage-1" diff --git a/.gitlab/lint/lint-kyverno.yml b/.gitlab/lint/lint-kyverno.yml index 9bd8af90..dc0caf06 100644 --- a/.gitlab/lint/lint-kyverno.yml +++ b/.gitlab/lint/lint-kyverno.yml @@ -17,12 +17,12 @@ lint-kyverno: - "intercom-service" - "jitsi" - "nextcloud" + - "nubus" - "open-xchange" - "openproject" - "openproject-bootstrap" - "provisioning" - "services" - - "univention-management-stack" - "xwiki" script: - "cd ${CI_PROJECT_DIR}/helmfile/apps/${APP}" diff --git a/.reuse/dep5 b/.reuse/dep5 index 9afa73ea..af52ae35 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -3,8 +3,8 @@ Upstream-Name: openDesk - der Souveräne Arbeitsplatz Upstream-Contact: Source: https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk -Files: helmfile/environments/default/theme/* -Copyright: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +Files: helmfile/files/theme/* +Copyright: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH License: Apache-2.0 Files: helmfile/files/gpg-pubkeys/* diff --git a/docs/enhanced-configuration/idp-federation.md b/docs/enhanced-configuration/idp-federation.md index 0ff8ae1a..e01ace6a 100644 --- a/docs/enhanced-configuration/idp-federation.md +++ b/docs/enhanced-configuration/idp-federation.md @@ -146,8 +146,8 @@ The following configuration is taking place in the Keycloak realm `opendesk`. - *Client ID*: Use the client ID you took form your organization's IdP config (`opendesk-federation-client` in this example) - *Client Secret*: Use the secret you took form your organization's IdP config - When completed with *Add* you get to the detailed IdP configured that also needs some updates (you may need to open the *Advanced* section to access some settings) - - *Back-channel logout*: `On` - - *Disable user info*: `On` + - *Back-channel logout*: `On` + - *Disable user info*: `On` - *First login flow override*: `auto-federate-flow` - In case you want to forcefully redirect all users to your organizations IdP (disabling login with local openDesk accounts): diff --git a/docs/getting-started.md b/docs/getting-started.md index 6aafaf05..222a5929 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -100,29 +100,29 @@ export DOMAIN=domain.tld All available apps and their default value can be found in `helmfile/environments/default/workplace.yaml`. -| Component | Name | Default | Description | -| --------------------------- | ----------------------------------- | ------- | ------------------------------ | -| Certificates | `certificates.enabled` | `true` | TLS certificates | -| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | -| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | -| Collabora | `collabora.enabled` | `true` | Weboffice | -| CryptPad | `cryptpad.enabled` | `true` | Weboffice | -| Dovecot | `dovecot.enabled` | `true` | Mail backend | -| Element | `element.enabled` | `true` | Secure communications platform | -| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | -| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | -| MariaDB | `mariadb.enabled` | `true` | Database | -| Memcached | `memcached.enabled` | `true` | Cache Database | -| MinIO | `minio.enabled` | `true` | Object Storage | -| Nextcloud | `nextcloud.enabled` | `true` | File share | -| OpenProject | `openproject.enabled` | `true` | Project management | -| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | -| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | -| Postfix | `postfix.enabled` | `true` | MTA | -| PostgreSQL | `postgresql.enabled` | `true` | Database | -| Redis | `redis.enabled` | `true` | Cache Database | -| Univention Management Stack | `univentionManagementStack.enabled` | `true` | Identity Management & Portal | -| XWiki | `xwiki.enabled` | `true` | Knowledge management | +| Component | Name | Default | Description | +| -------------------- | --------------------------- | ------- | ------------------------------ | +| Certificates | `certificates.enabled` | `true` | TLS certificates | +| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | +| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | +| Collabora | `collabora.enabled` | `true` | Weboffice | +| CryptPad | `cryptpad.enabled` | `true` | Weboffice | +| Dovecot | `dovecot.enabled` | `true` | Mail backend | +| Element | `element.enabled` | `true` | Secure communications platform | +| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | +| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | +| MariaDB | `mariadb.enabled` | `true` | Database | +| Memcached | `memcached.enabled` | `true` | Cache Database | +| MinIO | `minio.enabled` | `true` | Object Storage | +| Nextcloud | `nextcloud.enabled` | `true` | File share | +| OpenProject | `openproject.enabled` | `true` | Project management | +| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | +| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | +| Postfix | `postfix.enabled` | `true` | MTA | +| PostgreSQL | `postgresql.enabled` | `true` | Database | +| Redis | `redis.enabled` | `true` | Cache Database | +| Nubus | `nubus.enabled` | `true` | Identity Management & Portal | +| XWiki | `xwiki.enabled` | `true` | Knowledge management | Exemplary, Jitsi can be disabled like: @@ -378,8 +378,7 @@ When all apps are successfully deployed and pod status' went to `Running` or `Su https://portal.domain.tld ``` -If you change the subdomain of `univentionManagementStack`, you need to replace `portal` -by your specified subdomain. +If you change the subdomain of `nubus`, you need to replace `portal` by your specified subdomain. **Credentials:** diff --git a/docs/migrations.md b/docs/migrations.md index 484a23a8..fd0c7c0f 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -6,6 +6,10 @@ SPDX-License-Identifier: Apache-2.0

Upgrade migrations

* [Disclaimer](#disclaimer) +* [From v0.9.0](#from-v090) + * [Automated migrations](#automated-migrations) + * [Updated IAM component Nubus](#updated-iam-component-nubus) + * [Manual cleanup](#manual-cleanup) * [From v0.8.1](#from-v081) * [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr) * [Updated customizable template attributes](#updated-customizable-template-attributes) @@ -17,6 +21,34 @@ We do not offer support for upgrades before we reach openDesk 1.0. Though we try to ease the pain when it comes to 0.x upgrades. That is what this document is for. +Limitations: +- We assume that the PV reclaim policy is set to `delete`, so expect that PVs get deleted as soon as the related PVC was deleted and will cover an explicit delete for PVs. + +# From v0.9.0 + +## Automated migrations + +### Updated IAM component Nubus + +openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The new redundant and scalable LDAP requires migration activities. These have been automated to avoid manual interaction. The `run_2` of the openDesk +upgrade migrations executes the following steps + +- Stage PRE: + - Delete service `ums-keycloak`, as it will be recreated headless. + - Scale down `statefulset/ums-ldap-server` and `statefulset/ums-ldap-notifier` in preparation or the next step: + - Create two new PVCs `shared-data-ums-ldap-server-primary-0` and `shared-data-ums-ldap-server-primary-1` for the new LDAP primary pods as copy from the existing `shared-data-ums-ldap-server-0`. The LDAP secondaries will sync from the primary nodes. +- Stage POST: + - Restart Keycloak. + +#### Manual cleanup + +Currently we do not execute possible cleanup steps as part of the migrations POST stage. So you might want to remove the no longer used PVCs after successful upgrade: +``` +NAMESPACE= +kubectl -n ${NAMESPACE} delete pvc shared-data-ums-ldap-server-0 +kubectl -n ${NAMESPACE} delete pvc shared-run-ums-ldap-server-0 +``` + # From v0.8.1 ## Updated `cluster.networking.cidr` diff --git a/docs/scaling.md b/docs/scaling.md index 4b657871..0ed7f193 100644 --- a/docs/scaling.md +++ b/docs/scaling.md @@ -45,7 +45,7 @@ marked with a gear. | | `replicas.jitsi ` | :white_check_mark: | :gear: | | | `replicas.jitsiKeycloakAdapter` | :white_check_mark: | :gear: | | | `replicas.jvb ` | :x: | :x: | -| Keycloak | `replicas.keycloak` | :white_check_mark: | :gear: | +| Keycloak | `replicas.keycloak` | :white_check_mark: | :white_check_mark: | | Memcached | `replicas.memcached` | :gear: | :gear: | | Minio | `replicas.minioDistributed` | :white_check_mark: | :white_check_mark: | | Nextcloud | `replicas.nextcloudApache2` | :white_check_mark: | :white_check_mark: | diff --git a/helmfile/apps/element/values-element.yaml.gotmpl b/helmfile/apps/element/values-element.yaml.gotmpl index 6cb19596..d1e6aecc 100644 --- a/helmfile/apps/element/values-element.yaml.gotmpl +++ b/helmfile/apps/element/values-element.yaml.gotmpl @@ -5,15 +5,15 @@ configuration: endToEndEncryption: true additionalConfiguration: - logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" "net.nordeck.element_web.module.opendesk": config: banner: ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json" ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent" - portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" - portal_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/" + portal_logo_svg_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" + portal_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/" custom_css_variables: --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }} --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }} diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index ed3b8e56..9ce0fb01 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -48,7 +48,7 @@ configuration: value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} ldap: host: {{ .Values.ldap.host | quote }} - password: {{ .Values.secrets.univentionManagementStack.ldapSearch.nextcloud | quote }} + password: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }} adminGroupName: "managed-by-attribute-FileshareAdmin" objectstore: auth: diff --git a/helmfile/apps/univention-management-stack/helmfile-child.yaml b/helmfile/apps/nubus/helmfile-child.yaml similarity index 73% rename from helmfile/apps/univention-management-stack/helmfile-child.yaml rename to helmfile/apps/nubus/helmfile-child.yaml index 8c6d1859..76d3b491 100644 --- a/helmfile/apps/univention-management-stack/helmfile-child.yaml +++ b/helmfile/apps/nubus/helmfile-child.yaml @@ -3,15 +3,15 @@ --- repositories: # Univention Management Stack Umbrella Chart - - name: "ums" + - name: "nubus" keyring: "../../files/gpg-pubkeys/univention-de.gpg" - verify: {{ .Values.charts.ums.verify }} + verify: {{ .Values.charts.nubus.verify }} username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} oci: true url: - "{{ .Values.global.helmRegistry | default .Values.charts.ums.registry }}/\ - {{ .Values.charts.ums.repository }}" + "{{ .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/\ + {{ .Values.charts.nubus.repository }}" # OpenDesk Keycloak Bootstrap Chart - name: "opendesk-keycloak-bootstrap-repo" keyring: "../../files/gpg-pubkeys/opencode.gpg" @@ -25,11 +25,13 @@ repositories: releases: # Univention Management Stack Umbrella Chart - name: "ums" - chart: "ums/{{ .Values.charts.ums.name }}" - version: "{{ .Values.charts.ums.version }}" + chart: "nubus/{{ .Values.charts.nubus.name }}" + version: "{{ .Values.charts.nubus.version }}" values: - - "values-umbrella.yaml.gotmpl" - installed: {{ .Values.univentionManagementStack.enabled }} + - "values-nubus.yaml.gotmpl" + - "values-opendesk-customization.yaml.gotmpl" + - "values-opendesk-images.yaml.gotmpl" + installed: {{ .Values.nubus.enabled }} timeout: 900 # OpenDesk Keycloak Bootstrap Chart - name: "opendesk-keycloak-bootstrap" @@ -39,10 +41,10 @@ releases: - "values-opendesk-keycloak-bootstrap.yaml.gotmpl" needs: - "ums" - installed: {{ .Values.univentionManagementStack.enabled }} + installed: {{ .Values.nubus.enabled }} timeout: 900 commonLabels: deploy-stage: "component-1" - component: "univention-management-stack" + component: "nubus" ... diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/nubus/helmfile.yaml similarity index 100% rename from helmfile/apps/univention-management-stack/helmfile.yaml rename to helmfile/apps/nubus/helmfile.yaml diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl new file mode 100644 index 00000000..7b70dd3c --- /dev/null +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -0,0 +1,323 @@ +# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +global: + nubusDeployment: true + ldap: + baseDn: {{ .Values.ldap.baseDn | quote }} + domainName: {{ .Values.global.domain | quote }} + domain: {{ .Values.global.domain | quote }} + ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} + certManagerIssuer: "letsencrypt-prod-dns" + nubusMasterPassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }} + keycloak: + realm: {{ .Values.platform.realm | quote }} + objectStorage: + bucket: {{ .Values.objectstores.nubus.bucket | quote }} + connection: + host: "minio" + port: "9000" + protocol: "http" + credentialOverride: + ldapServer: + adminPassword: {{ .Values.secrets.nubus.ldapSecret | quote}} + defaultUsers: + defaultAdminPassword: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote}} + defaultUserPassword: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote}} + + # -- Extensions to load. Add entries to load additional extensions into Nubus. + extensions: + - name: "ox" + image: + registry: {{ .Values.images.nubusOxExtension.registry }} + repository: {{ .Values.images.nubusOxExtension.repository }} + tag: {{ .Values.images.nubusOxExtension.tag }} + imagePullPolicy: "IfNotPresent" + - name: "opendesk" + image: + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" + imagePullPolicy: "IfNotPresent" + tag: "1.1.0" + + # -- Allows to configure the system extensions to load. This is intended for + # internal usage, prefer to use `global.extensions` for user configured + # extensions. + systemExtensions: + - name: "portal" + image: + registry: {{ .Values.images.nubusPortalExtension.registry }} + repository: {{ .Values.images.nubusPortalExtension.repository }} + tag: {{ .Values.images.nubusPortalExtension.tag }} + imagePullPolicy: "IfNotPresent" + +# Nubus bundled services +postgresql: + enabled: false + provisioning: + enabled: false + +minio: + enabled: false + +# Nubus services which use customer supplied services +keycloak: + keycloak: + auth: + username: "kcadmin" + credentialSecret: + name: "ums-opendesk-keycloak-credentials" + key: "admin_password" + postgresql: + connection: + host: {{ .Values.databases.keycloak.host | quote }} + port: {{ .Values.databases.keycloak.port | quote }} + auth: + username: {{ .Values.databases.keycloak.username | quote }} + database: {{ .Values.databases.keycloak.name | quote }} + credentialSecret: + name: "ums-keycloak-postgresql-opendesk-credentials" + key: "keycloakDatabasePassword" + config: + exposeAdminConsole: {{ .Values.debug.enabled }} + +nubusGuardian: + provisioning: + enabled: true + config: + keycloak: + credentialSecret: + name: "ums-opendesk-keycloak-credentials" + key: "admin_password" + managementApi: + credentialSecret: + name: "ums-opendesk-guardian-client-secret" + key: "managementApiClientSecret" + + postgresql: + connection: + host: {{ .Values.databases.umsGuardianManagementApi.host | quote }} + port: {{ .Values.databases.umsGuardianManagementApi.port | quote }} + auth: + username: {{ .Values.databases.umsGuardianManagementApi.username | quote }} + database: {{ .Values.databases.umsGuardianManagementApi.name | quote }} + credentialSecret: + name: "ums-guardian-postgresql-opendesk-credentials" + key: "guardianDatabasePassword" + +nubusNotificationsApi: + postgresql: + connection: + host: {{ .Values.databases.umsNotificationsApi.host | quote }} + port: {{ .Values.databases.umsNotificationsApi.port | quote }} + auth: + username: {{ .Values.databases.umsNotificationsApi.username | quote }} + database: {{ .Values.databases.umsNotificationsApi.name | quote }} + existingSecret: "ums-notifications-api-postgresql-opendesk-credentials" + + +nubusKeycloakExtensions: + keycloak: + auth: + username: "kcadmin" + credentialSecret: + name: "ums-opendesk-keycloak-credentials" + key: "admin_password" + proxy: + ingress: + paths: + {{- if .Values.debug.enabled }} + - pathType: "Prefix" + path: "/admin/" + {{- end }} + - pathType: "Prefix" + path: "/realms/" + - pathType: "Prefix" + path: "/js/" + - pathType: "Prefix" + path: "/resources/" + - pathType: "Prefix" + path: "/fingerprintjs" + + + postgresql: + connection: + host: {{ .Values.databases.keycloakExtension.host | quote }} + port: {{ .Values.databases.keycloakExtension.port | quote }} + auth: + database: {{ .Values.databases.keycloakExtension.name | quote }} + username: {{ .Values.databases.keycloakExtension.username | quote }} + credentialSecret: + name: "ums-keycloak-extensions-postgresql-opendesk-credentials" + key: "umcKeycloakExtensionsDatabasePassword" + smtp: + connection: + host: {{ .Values.smtp.host | quote }} + port: {{ .Values.smtp.port | quote }} + auth: + username: {{ .Values.smtp.username | quote }} + credentialSecret: + name: "ums-keycloak-extensions-smtp-opendesk-credentials" + key: "umcKeycloakExtensionsSmtpPassword" + handler: + appConfig: + logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }} + newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account" + mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.keycloak }}.{{ end }}{{ .Values.global.domain }}" + +nubusPortalListener: + portalListener: + objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} + objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }} + objectStorageCredentialSecret: + name: "ums-portal-listener-minio-opendesk-credentials" + accessKeyKey: "access-key-id" + secretKeyKey: "secret-key-id" + +nubusPortalServer: + portalServer: + objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} + objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }} + objectStorageCredentialSecret: + name: "ums-portal-server-minio-opendesk-credentials" + accessKeyKey: "access-key-id" + secretKeyKey: "secret-key-id" + centralNavigation: + enabled: true + authenticatorSecretName: "ums-opendesk-portal-server-central-navigation" + +# NOTE: disabled until the next update. +nubusProvisioning: + enabled: false +nubusUdmListener: + enabled: false +nubusSelfServiceListener: + enabled: true + selfserviceListener: + umcAdminUser: "default.admin" + +# Nubus services +nubusStackDataUms: + stackDataContext: + umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }} + umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }} + umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }} + umcMemcachedUsername: "" + externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }} + umcHtmlTitle: "openDesk Portal" + installUmcPolicies: true + nubusUmcServer: + memcached: + auth: + username: "" + +# TODO: Remove values when upstreaming fixes +nubusStackDataSwp: + stackDataContext: + ldapSearchUsers: + {{- range $username, $password := .Values.secrets.nubus.ldapSearch }} + - username: {{ printf "ldapsearch_%s" $username | quote }} + password: {{ $password | quote }} + lastname: "LDAP-Search-User" + {{- end }} + externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }} + smtpHost: {{ .Values.smtp.host | quote }} + smtpPort: {{ .Values.smtp.port | quote }} + smtpUser: {{ .Values.smtp.username | quote }} + ldapBase: {{ .Values.ldap.baseDn }} + # FIXME: Should be templated correctly in the future + portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }} + portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }} + portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain }} + portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain }} + portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }} + portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain }} + portalTitleDE: "openDesk Portal" + portalTitleEN: "openDesk Portal" + oxDefaultContext: "1" + +nubusUmcServer: + postgresql: + bundled: false + connection: + host: {{ .Values.databases.umsSelfservice.host | quote }} + port: {{ .Values.databases.umsSelfservice.port | quote }} + auth: + username: {{ .Values.databases.umsSelfservice.username | quote }} + database: {{ .Values.databases.umsSelfservice.name | quote }} + credentialSecret: + name: "ums-umc-server-postgresql-opendesk-credentials" + key: "umcServerDatabasePassword" + memcached: + bundled: false + server: {{ .Values.cache.umsSelfservice.host | quote }} + auth: + credentialSecret: + name: "ums-umc-server-memcached-opendesk-credentials" + key: "umcServerMemcachedPassword" + smtp: + credentialSecret: + name: "ums-umc-server-smtp-credentials-custom" + +nubusUmcGateway: + umcGateway: + umcHtmlTitle: "openDesk Portal" + +nubusKeycloakBootstrap: + keycloak: + auth: + username: "kcadmin" + credentialSecret: + name: "ums-opendesk-keycloak-credentials" + key: "admin_password" + bootstrap: + ldapMappers: + - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin" + - ldapAndUserModelAttributeName: "oxContextIDNum" + twoFactorAuthentication: + enabled: true + group: "2fa-users" + +# Credential secrets for accessing customer supplied services +extraSecrets: + - name: "ums-opendesk-portal-server-central-navigation" + stringData: + authenticator.secret: {{ .Values.secrets.centralnavigation.apiKey | quote }} + - name: "ums-opendesk-guardian-client-secret" + stringData: + managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} + - name: "ums-opendesk-keycloak-credentials" + stringData: + admin_password: {{ .Values.secrets.keycloak.adminPassword | quote }} + - name: "ums-keycloak-postgresql-opendesk-credentials" + stringData: + keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }} + - name: "ums-guardian-postgresql-opendesk-credentials" + stringData: + guardianDatabasePassword: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }} + - name: "ums-notifications-api-postgresql-opendesk-credentials" + stringData: + password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }} + - name: "ums-umc-server-postgresql-opendesk-credentials" + stringData: + umcServerDatabasePassword: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }} + - name: "ums-umc-server-memcached-opendesk-credentials" + stringData: + umcServerMemcachedPassword: "" + - name: "ums-keycloak-extensions-postgresql-opendesk-credentials" + stringData: + umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} + - name: "ums-keycloak-extensions-smtp-opendesk-credentials" + stringData: + umcKeycloakExtensionsSmtpPassword: {{ .Values.smtp.password | quote }} + - name: "ums-portal-server-minio-opendesk-credentials" + stringData: + access-key-id: {{ .Values.objectstores.nubus.username | quote }} + secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} + - name: "ums-portal-listener-minio-opendesk-credentials" + stringData: + access-key-id: {{ .Values.objectstores.nubus.username | quote }} + secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} + - name: "ums-umc-server-smtp-credentials-custom" + stringData: + password: {{ .Values.smtp.password | quote }} diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl new file mode 100644 index 00000000..e413696f --- /dev/null +++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl @@ -0,0 +1,229 @@ +# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +keycloak: + enabled: true + podAnnotations: + intents.otterize.com/service-name: "ums-keycloak" + replicaCount: {{ .Values.replicas.keycloak }} + resources: + {{ .Values.resources.umsKeycloak | toYaml | nindent 4 }} + +guardian: + authorizationApi: + podAnnotations: + intents.otterize.com/service-name: "ums-guardian-authorization-api" + resources: + {{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }} + managementApi: + podAnnotations: + intents.otterize.com/service-name: "ums-guardian-management-api" + resources: + {{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }} + managementUi: + podAnnotations: + intents.otterize.com/service-name: "ums-guardian-management-ui" + resources: + {{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}# + openPolicyAgent: + podAnnotations: + intents.otterize.com/service-name: "ums-ums-open-policy-agent" + resources: + {{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }} + provisioning: + # Using openDesk keycloak provisioning + enabled: false + +nubusNotificationsApi: + additionalAnnotations: + intents.otterize.com/service-name: "ums-notifications-api" + serviceAccount: + annotations: + intended.usage: "compliance" + replicaCount: {{ .Values.replicas.umsNotificationsApi }} + resources: + {{ .Values.resources.umsNotificationsApi | toYaml | nindent 4 }} + +nubusUmcServer: + additionalAnnotations: + intents.otterize.com/service-name: "ums-umc-server" + replicaCount: {{ .Values.replicas.umsUmcServer }} + resources: + {{ .Values.resources.umsUmcServer | toYaml | nindent 4 }} + selfService: + passwordresetEmailBody: | + Sehr geehrte Benutzerin, sehr geehrter Benutzer, + + Ihr Benutzername für {domainname} lautet: {username} + + Sie erhalten diese Nachricht, da Sie Ihr Passwort zurücksetzen möchten oder weil Ihr Benutzer neu im System angelegt wurde. + + Klicken Sie bitte auf den folgenden Link, um Ihr Passwort zu setzen: + https://{fqdn}/univention/portal/#/selfservice/newpassword/?token={token}&username={username} + + Der genannte Link ist nur 48 Stunden gültig, danach fordern Sie ihn bitte erneut an unter: + https://{fqdn}/univention/portal/#/selfservice/passwordforgotten + + Mit freundlichen Grüßen + Ihr {domainname} Passwort-Service + +nubusKeycloakExtensions: + handler: + replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }} + podAnnotations: + intents.otterize.com/service-name: "ums-keycloak-extensions-handler" + resources: + {{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 6 }} + proxy: + replicaCount: {{ .Values.replicas.umsKeycloakExtensionsProxy }} + podAnnotations: + intents.otterize.com/service-name: "ums-keycloak-extensions-proxy" + resources: + {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }} + +nubusPortalListener: + podAnnotations: + intents.otterize.com/service-name: "ums-portal-listener" + replicaCount: {{ .Values.replicas.umsPortalListener }} + resources: + {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }} + persistence: + storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.size.nubus.portalListener | quote }} + +nubusPortalServer: + additionalAnnotations: + intents.otterize.com/service-name: "ums-portal-server" + serviceAccount: + annotations: + intended.usage: "compliance" + replicaCount: {{ .Values.replicas.umsPortalServer }} + resources: + {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }} + +nubusLdapNotifier: + podAnnotations: + intents.otterize.com/service-name: "ums-ldap-notifier" + replicaCount: {{ .Values.replicas.umsLdapNotifier }} + resources: + {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }} + +nubusLdapServer: + additionalAnnotations: + intents.otterize.com/service-name: "ums-ldap-server" + serviceAccount: + annotations: + intended.usage: "compliance" + initResources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }} + resources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }} + persistence: + storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.size.nubus.ldapServerData | quote }} + +nubusPortalFrontend: + additionalAnnotations: + intents.otterize.com/service-name: "ums-portal-frontend" + serviceAccount: + annotations: + intended.usage: "compliance" + replicaCount: {{ .Values.replicas.umsPortalFrontend }} + resources: + {{ .Values.resources.umsPortalFrontend | toYaml | nindent 4 }} + portalFrontend: + branding: + css: {{ .Values.theme.imagery.portalCss | toJson }} + favicon: {{ .Values.theme.imagery.faviconIcoB64 | toJson }} + logo: {{ .Values.theme.imagery.logoHeaderSvgB64 | toJson }} + backgroundImage: {{ .Values.theme.imagery.logoPortalBackgroundSvgB64 | toJson }} + +nubusStackDataUms: + additionalAnnotations: + intents.otterize.com/service-name: "ums-stack-data-ums" + resources: + {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }} + +nubusStackDataSwp: + additionalAnnotations: + intents.otterize.com/service-name: "ums-stack-data-swp" + resources: + {{ .Values.resources.umsStackDataSwp | toYaml | nindent 4 }} + +nubusSelfServiceListener: + podAnnotations: + intents.otterize.com/service-name: "ums-selfservice-listener" + resources: + {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }} + replicaCount: {{ .Values.replicas.umsSelfserviceListener }} + +nubusUdmRestApi: + additionalAnnotations: + intents.otterize.com/service-name: "ums-udm-rest-api" + serviceAccount: + annotations: + intended.usage: "compliance" + resources: + {{ .Values.resources.umsUdmRestApi | toYaml | nindent 4 }} + initResources: + {{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }} + replicaCount: {{ .Values.replicas.umsUdmRestApi }} + +nubusUmcGateway: + replicaCount: {{ .Values.replicas.umsUmcGateway }} + resources: + {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }} + extraVolumes: + - name: "entrypoint-swp-patches" + configMap: + name: "ums-stack-data-swp-umc-gateway-entrypoint" + defaultMode: 0555 + extraVolumeMounts: + - name: "entrypoint-swp-patches" + mountPath: "/entrypoint.d/90-swp.sh" + subPath: "90-swp.sh" + +nubusKeycloakBootstrap: + podAnnotations: + intents.otterize.com/service-name: "ums-keycloak-bootstrap" + serviceAccount: + annotations: + intended.usage: "compliance" + resources: + {{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 4 }} + +nubusProvisioning: + serviceAccount: + annotations: + intended.usage: "compliance" + nats: + resources: + {{ .Values.resources.nubusProvisioning.nats | toYaml | nindent 6 }} + additionalAnnotations: + intents.otterize.com/service-name: "ums-provisioning-nats" + serviceAccount: + annotations: + intended.usage: "compliance" + api: + resources: + {{ .Values.resources.nubusProvisioning.api | toYaml | nindent 6 }} + additionalAnnotations: + intents.otterize.com/service-name: "ums-provisioning-api" + dispatcher: + resources: + {{ .Values.resources.nubusProvisioning.dispatcher | toYaml | nindent 6 }} + additionalAnnotations: + intents.otterize.com/service-name: "ums-provisioning-dispatcher" + prefill: + resources: + {{ .Values.resources.nubusProvisioning.prefill | toYaml | nindent 6 }} + additionalAnnotations: + intents.otterize.com/service-name: "ums-provisioning-prefill" + registerConsumers: + resources: + {{ .Values.resources.nubusProvisioning.registerConsumers | toYaml | nindent 6 }} + additionalAnnotations: + intents.otterize.com/service-name: "ums-provisioning-register-consumers" + udmTransformer: + resources: + {{ .Values.resources.nubusProvisioning.udmTransformer | toYaml | nindent 6 }} + additionalAnnotations: + intents.otterize.com/service-name: "ums-provisioning-udm-transformer" diff --git a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl new file mode 100644 index 00000000..085bd704 --- /dev/null +++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl @@ -0,0 +1,241 @@ +# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +keycloak: + image: + registry: {{ .Values.images.nubusKeycloak.registry }} + repository: {{ .Values.images.nubusKeycloak.repository }} + tag: {{ .Values.images.nubusKeycloak.tag }} + +nubusKeycloakBootstrap: + image: + registry: {{ .Values.images.nubusKeycloakBootstrap.registry }} + repository: {{ .Values.images.nubusKeycloakBootstrap.repository }} + tag: {{ .Values.images.nubusKeycloakBootstrap.tag }} + +nubusKeycloakExtensions: + handler: + image: + registry: {{ .Values.images.nubusKeycloakExtensionHandler.registry }} + repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }} + tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }} + + proxy: + image: + registry: {{ .Values.images.nubusKeycloakExtensionProxy.registry }} + repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }} + tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }} + +nubusLdapNotifier: + image: + registry: {{ .Values.images.nubusLdapNotifier.registry }} + repository: {{ .Values.images.nubusLdapNotifier.repository }} + tag: {{ .Values.images.nubusLdapNotifier.tag }} + +nubusLdapServer: + ldapServer: + image: + registry: {{ .Values.images.nubusLdapServer.registry }} + repository: {{ .Values.images.nubusLdapServer.repository }} + tag: {{ .Values.images.nubusLdapServer.tag }} + dhInitcontainer: + image: + registry: {{ .Values.images.nubusLdapServerDhInitContainer.registry }} + repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }} + tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }} + waitForDependency: + image: + registry: {{ .Values.images.nubusWaitForDependency.registry }} + repository: {{ .Values.images.nubusWaitForDependency.repository }} + tag: {{ .Values.images.nubusWaitForDependency.tag }} + + +nubusPortalConsumer: + portalConsumer: + image: + registry: {{ .Values.images.nubusPortalConsumer.registry }} + repository: {{ .Values.images.nubusPortalConsumer.repository }} + tag: {{ .Values.images.nubusPortalConsumer.tag }} + + +nubusNotificationsApi: + image: + registry: {{ .Values.images.nubusNotificationsApi.registry }} + repository: {{ .Values.images.nubusNotificationsApi.repository }} + tag: {{ .Values.images.nubusNotificationsApi.tag }} + +nubusPortalFrontend: + image: + registry: {{ .Values.images.nubusPortalFrontend.registry }} + repository: {{ .Values.images.nubusPortalFrontend.repository }} + tag: {{ .Values.images.nubusPortalFrontend.tag }} + +nubusPortalListener: + image: + registry: {{ .Values.images.nubusPortalListener.registry }} + repository: {{ .Values.images.nubusPortalListener.repository }} + tag: {{ .Values.images.nubusPortalListener.tag }} + waitForDependency: + image: + registry: {{ .Values.images.nubusWaitForDependency.registry }} + repository: {{ .Values.images.nubusWaitForDependency.repository }} + tag: {{ .Values.images.nubusWaitForDependency.tag }} + +nubusPortalServer: + image: + registry: {{ .Values.images.nubusPortalServer.registry }} + repository: {{ .Values.images.nubusPortalServer.repository }} + tag: {{ .Values.images.nubusPortalServer.tag }} + +nubusProvisioning: + api: + image: + registry: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.registry }} + repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }} + tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }} + dispatcher: + image: + registry: {{ .Values.images.nubusProvisioningDispatcher.registry }} + repository: {{ .Values.images.nubusProvisioningDispatcher.repository }} + tag: {{ .Values.images.nubusProvisioningDispatcher.tag }} + udmTransformer: + image: + registry: {{ .Values.images.nubusProvisioningUdmTransformer.registry }} + repository: {{ .Values.images.nubusProvisioningUdmTransformer.repository }} + tag: {{ .Values.images.nubusProvisioningUdmTransformer.tag }} + prefill: + image: + registry: {{ .Values.images.nubusProvisioningPrefill.registry }} + repository: {{ .Values.images.nubusProvisioningPrefill.repository }} + tag: {{ .Values.images.nubusProvisioningPrefill.tag }} + registerConsumers: + image: + registry: {{ .Values.images.nubusWaitForDependency.registry }} + repository: {{ .Values.images.nubusWaitForDependency.repository }} + tag: {{ .Values.images.nubusWaitForDependency.tag }} + nats: + nats: + image: + registry: {{ .Values.images.nubusNats.registry }} + repository: {{ .Values.images.nubusNats.repository }} + tag: {{ .Values.images.nubusNats.tag }} + reloader: + image: + registry: {{ .Values.images.nubusNatsReloader.registry }} + repository: {{ .Values.images.nubusNatsReloader.repository }} + tag: {{ .Values.images.nubusNatsReloader.tag }} + natsBox: + image: + registry: {{ .Values.images.nubusNatsBox.registry }} + repository: {{ .Values.images.nubusNatsBox.repository }} + tag: {{ .Values.images.nubusNatsBox.tag }} + +nubusProvisioningEventsAndConsumerApi: + image: + registry: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.registry }} + repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }} + tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }} + +nubusProvisioningPrefill: + image: + registry: {{ .Values.images.nubusProvisioningPrefill.registry }} + repository: {{ .Values.images.nubusProvisioningPrefill.repository }} + tag: {{ .Values.images.nubusProvisioningPrefill.tag }} + +nubusUdmListener: + image: + registry: {{ .Values.images.nubusProvisioningUdmListener.registry }} + repository: {{ .Values.images.nubusProvisioningUdmListener.repository }} + tag: {{ .Values.images.nubusProvisioningUdmListener.tag }} + +nubusSelfServiceListener: + selfserviceListener: + image: + registry: {{ .Values.images.nubusSelfserviceListener.registry }} + repository: {{ .Values.images.nubusSelfserviceListener.repository }} + tag: {{ .Values.images.nubusSelfserviceListener.tag }} + selfserviceInvitation: + image: + registry: {{ .Values.images.nubusSelfserviceInvitation.registry }} + repository: {{ .Values.images.nubusSelfserviceInvitation.repository }} + tag: {{ .Values.images.nubusSelfserviceInvitation.tag }} + waitForDependency: + image: + registry: {{ .Values.images.nubusWaitForDependency.registry }} + repository: {{ .Values.images.nubusWaitForDependency.repository }} + tag: {{ .Values.images.nubusWaitForDependency.tag }} + +nubusUdmRestApi: + # oxPlugin: + # image: + # registry: \{\{ .Values.images.nubusUdmRestApiOxPlugin.registry }} + # repository: \{\{ .Values.images.nubusUdmRestApiOxPlugin.repository }} + # tag: \{\{ .Values.images.nubusUdmRestApiOxPlugin.tag }} + # portalPlugin: + # image: + # registry: \{\{ .Values.images.nubusUdmRestApiPortalPlugin.registry }} + # repository: \{\{ .Values.images.nubusUdmRestApiPortalPlugin.repository }} + # tag: \{\{ .Values.images.nubusUdmRestApiPortalPlugin.tag }} + udmRestApi: + image: + registry: {{ .Values.images.nubusUdmRestApi.registry }} + repository: {{ .Values.images.nubusUdmRestApi.repository }} + tag: {{ .Values.images.nubusUdmRestApi.tag }} + +nubusUmcGateway: + image: + registry: {{ .Values.images.nubusUmcGateway.registry }} + repository: {{ .Values.images.nubusUmcGateway.repository }} + tag: {{ .Values.images.nubusUmcGateway.tag }} + +nubusUmcServer: + image: + registry: {{ .Values.images.nubusUmcServer.registry }} + repository: {{ .Values.images.nubusUmcServer.repository }} + tag: {{ .Values.images.nubusUmcServer.tag }} + +nubusWaitForDependency: + image: + registry: {{ .Values.images.nubusWaitForDependency.registry }} + repository: {{ .Values.images.nubusWaitForDependency.repository }} + tag: {{ .Values.images.nubusWaitForDependency.tag }} + + +nubusGuardian: + provisioning: + image: + registry: {{ .Values.images.nubusGuardianProvisioning.registry }} + repository: {{ .Values.images.nubusGuardianProvisioning.repository }} + tag: {{ .Values.images.nubusGuardianProvisioning.tag }} + authorizationApi: + image: + registry: {{ .Values.images.nubusGuardianAuthorizationApi.registry }} + repository: {{ .Values.images.nubusGuardianAuthorizationApi.repository }} + tag: {{ .Values.images.nubusGuardianAuthorizationApi.tag }} + managementApi: + image: + registry: {{ .Values.images.nubusGuardianManagementApi.registry }} + repository: {{ .Values.images.nubusGuardianManagementApi.repository }} + tag: {{ .Values.images.nubusGuardianManagementApi.tag }} + managementUi: + image: + registry: {{ .Values.images.nubusGuardianManagementUi.registry }} + repository: {{ .Values.images.nubusGuardianManagementUi.repository }} + tag: {{ .Values.images.nubusGuardianManagementUi.tag }} + openPolicyAgent: + image: + registry: {{ .Values.images.nubusOpenPolicyAgent.registry }} + repository: {{ .Values.images.nubusOpenPolicyAgent.repository }} + tag: {{ .Values.images.nubusOpenPolicyAgent.tag }} + +nubusStackDataUms: + image: + registry: {{ .Values.images.nubusDataLoader.registry }} + repository: {{ .Values.images.nubusDataLoader.repository }} + tag: {{ .Values.images.nubusDataLoader.tag }} + +nubusStackDataSwp: + image: + registry: {{ .Values.images.nubusDataLoader.registry }} + repository: {{ .Values.images.nubusDataLoader.repository }} + tag: {{ .Values.images.nubusDataLoader.tag }} diff --git a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl similarity index 66% rename from helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl rename to helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl index 423041b0..67e52e82 100644 --- a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl @@ -26,6 +26,9 @@ config: {{ .Values.functional.authentication.oidc.clientScopes | toYaml | nindent 6 }} clients: {{ .Values.functional.authentication.oidc.clients | toYaml | nindent 6 }} + managed: + clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list', 'offline_access', 'roles', 'address', 'phone' ] + clients: [ 'UMC', 'guardian-management-api', 'guardian-scripts', 'guardian-ui', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ] keycloak: adminUser: "kcadmin" adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} @@ -461,7 +464,7 @@ config: redirectUris: - "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*" - "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" standardFlowEnabled: true directAccessGrantsEnabled: true serviceAccountsEnabled: true @@ -472,7 +475,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/_synapse/client/oidc/backchannel_logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-matrix-scope" # The following is a temporary OIDC client for matrix, as the OIDC logout still uses "matrix" as client ID. @@ -488,7 +491,7 @@ config: publicClient: false authorizationServicesEnabled: false attributes: - post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: [] optionalClientScopes: [] - name: "opendesk-nextcloud" @@ -498,7 +501,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }} redirectUris: - "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -506,7 +509,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/index.php/apps/user_oidc/backchannel-logout/opendesk" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-nextcloud-scope" - "read_contacts" @@ -518,7 +521,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }} redirectUris: - "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -527,7 +530,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/auth/keycloak/backchannel-logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-openproject-scope" - name: "opendesk-oxappsuite" @@ -537,7 +540,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }} redirectUris: - "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -545,7 +548,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-oxappsuite-scope" - "read_contacts" @@ -557,7 +560,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }} redirectUris: - "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -565,299 +568,9 @@ config: attributes: backchannel.logout.session.required: false backchannel.logout.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/oidc/authenticator/backchannel_logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-xwiki-scope" - - name: "guardian-management-api" - clientId: "guardian-management-api" - rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - protocol: "openid-connect" - publicClient: false - clientAuthenticatorType: "client-secret" - secret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} - redirectUris: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/*" - fullScopeAllowed: true - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: true - protocolMappers: - - name: "Client Host" - protocol: "openid-connect" - protocolMapper: "oidc-usersessionmodel-note-mapper" - consentRequired: false - config: - user.session.note: "clientHost" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - claim.name: "clientHost" - jsonType.label: "String" - - name: "Client ID" - protocol: "openid-connect" - protocolMapper: "oidc-usersessionmodel-note-mapper" - consentRequired: false - config: - user.session.note: "client_id" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - claim.name: "client_id" - jsonType.label: "String" - - name: "guardian-audience" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - userinfo.token.claim: false - id.token.claim: false - access.token.claim: true - - name: "audiencemap" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian-cli" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - - name: "dn" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: false - user.attribute: "LDAP_ENTRY_DN" - id.token.claim: false - access.token.claim: true - claim.name: "dn" - jsonType.label: "String" - - name: "username" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "username" - id.token.claim: true - access.token.claim: true - claim.name: "preferred_username" - jsonType.label: "String" - - name: "uid" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "uid" - id.token.claim: true - access.token.claim: true - claim.name: "uid" - jsonType.label: "String" - - name: "email" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "email" - id.token.claim: true - access.token.claim: true - claim.name: "email" - jsonType.label: "String" - - name: "Client IP Address" - protocol: "openid-connect" - protocolMapper: "oidc-usersessionmodel-note-mapper" - consentRequired: false - config: - user.session.note: "clientAddress" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - claim.name: "clientAddress" - jsonType.label: "String" - - name: "guardian-scripts" - clientId: "guardian-scripts" - description: "" - rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - adminUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: "client-secret" - redirectUris: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/guardian/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/*" - webOrigins: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: false - protocol: "openid-connect" - fullScopeAllowed: true - protocolMappers: - - name: "email" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "email" - id.token.claim: true - access.token.claim: true - claim.name: "email" - jsonType.label: "String" - - name: "guardian-audience" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - id.token.claim: false - access.token.claim: true - userinfo.token.claim: false - - name: "username" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "username" - id.token.claim: true - access.token.claim: true - claim.name: "preferred_username" - jsonType.label: "String" - - name: "uid" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "uid" - id.token.claim: true - access.token.claim: true - claim.name: "uid" - jsonType.label: "String" - - name: "audiencemap" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian-scripts" - id.token.claim: true - access.token.claim: true - userinfo.token.claim: true - - name: "dn" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - aggregate.attrs: false - multivalued: false - userinfo.token.claim: false - user.attribute: "LDAP_ENTRY_DN" - id.token.claim: false - access.token.claim: true - claim.name: "dn" - jsonType.label: "String" - defaultClientScopes: - - "web-origins" - - "acr" - - "roles" - - "profile" - - "email" - optionalClientScopes: - - "address" - - "phone" - - "offline_access" - - "microprofile-jwt" - - name: "guardian-ui" - clientId: "guardian-ui" - rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - clientAuthenticatorType: "client-secret" - redirectUris: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/guardian/*" - standardFlowEnabled: true - publicClient: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: false - protocol: "openid-connect" - fullScopeAllowed: true - protocolMappers: - - name: "uid" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "uid" - id.token.claim: true - access.token.claim: true - claim.name: "uid" - jsonType.label: "String" - - name: "username" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "username" - id.token.claim: true - access.token.claim: true - claim.name: "preferred_username" - jsonType.label: "String" - - name: "dn" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: "false" - user.attribute: "LDAP_ENTRY_DN" - id.token.claim: false - access.token.claim: true - claim.name: "dn" - jsonType.label: "String" - - name: "audiencemap" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - id.token.claim: true - access.token.claim: true - userinfo.token.claim: true - - name: "email" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "email" - id.token.claim: true - access.token.claim: true - claim.name: "email" - jsonType.label: "String" - - name: "guardian-audience" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - id.token.claim: false - access.token.claim: true - userinfo.token.claim: false containerSecurityContext: allowPrivilegeEscalation: false diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index ab3cca41..0b98959e 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -23,7 +23,7 @@ dovecot: port: 389 base: "dc=swp-ldap,dc=internal" dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal" - password: {{ .Values.secrets.univentionManagementStack.ldapSearch.dovecot | quote }} + password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }} oidc: enabled: true clientID: "opendesk-dovecot" diff --git a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl index 502e6742..71aa7fdd 100644 --- a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl @@ -23,7 +23,7 @@ appsuite: type: "adminDN" adminDN: dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" - password: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }} + password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} uiSettings: # Enterprise contact picker diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index 8d085c78..549ecb3c 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -185,7 +185,7 @@ appsuite: com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout" com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token" com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/auth" - com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/logout" com.openexchange.oidc.ssoLogout: "true" com.openexchange.oidc.startDefaultBackend: "true" @@ -275,7 +275,7 @@ appsuite: /opt/open-xchange/etc/ldapauth.properties: java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal" bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" - bindDNPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }} + bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} bindOnly: "false" /opt/open-xchange/etc/antivirus.properties: com.openexchange.antivirus.enabled: "true" @@ -317,7 +317,7 @@ appsuite: # io.ox/mail//contactCollectOnMailAccess: "true" # Dynamic theme io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }} - io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" + io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }} io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }} io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }} diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl index 0fc05183..76a0d22e 100644 --- a/helmfile/apps/openproject/values.yaml.gotmpl +++ b/helmfile/apps/openproject/values.yaml.gotmpl @@ -37,7 +37,7 @@ environment: # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }} OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389" - OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSearch.openproject | quote }} + OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }} OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap" OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal" OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal" @@ -57,7 +57,7 @@ environment: OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }} OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }} OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }} - OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }} OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }} @@ -68,7 +68,7 @@ environment: OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true" OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer" OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.openproject }}.{{ end }}{{ .Values.global.domain }}" - OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} + OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }} OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/" {{- if .Values.enterprise.openproject.token }} diff --git a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl index 2c55f6da..4caa6946 100644 --- a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl +++ b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl @@ -19,9 +19,9 @@ oxConnector: caCert: "ucctempldapstring" debugLevel: {{ if .Values.debug.enabled }}"4"{{ else }}"1"{{ end }} domainName: {{ .Values.global.domain | quote }} - ldapHost: {{ .Values.ldap.host | quote }} + ldapHost: "{{ .Values.ldap.host }}-primary" logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }} - ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} + ldapPassword: {{ .Values.secrets.nubus.ldapSecret | quote }} ldapBaseDn: "dc=swp-ldap,dc=internal" ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal" tlsMode: "off" diff --git a/helmfile/apps/services/values-minio.yaml.gotmpl b/helmfile/apps/services/values-minio.yaml.gotmpl index eca50f92..ac184b1e 100644 --- a/helmfile/apps/services/values-minio.yaml.gotmpl +++ b/helmfile/apps/services/values-minio.yaml.gotmpl @@ -98,7 +98,7 @@ provisioning: - name: {{ .Values.objectstores.openproject.bucket | quote }} versioning: true withLock: false - - name: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} + - name: {{ .Values.objectstores.nubus.bucket | quote }} versioning: false withLock: false policies: @@ -169,7 +169,7 @@ provisioning: policies: - "openproject-bucket-policy" setPolicies: true - - username: {{ .Values.objectstores.univentionManagementStack.username | quote }} + - username: {{ .Values.objectstores.nubus.username | quote }} password: {{ .Values.secrets.minio.umsUser | quote }} disabled: false policies: diff --git a/helmfile/apps/services/values-otterize.yaml.gotmpl b/helmfile/apps/services/values-otterize.yaml.gotmpl index de056d6f..5665fda7 100644 --- a/helmfile/apps/services/values-otterize.yaml.gotmpl +++ b/helmfile/apps/services/values-otterize.yaml.gotmpl @@ -41,7 +41,7 @@ apps: redis: enabled: {{ .Values.redis.enabled }} univentionManagementStack: - enabled: {{ .Values.univentionManagementStack.enabled }} + enabled: {{ .Values.nubus.enabled }} xwiki: enabled: {{ .Values.xwiki.enabled }} diff --git a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl deleted file mode 100644 index b2de51b1..00000000 --- a/helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl +++ /dev/null @@ -1,1617 +0,0 @@ -# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -# SPDX-License-Identifier: Apache-2.0 ---- -global: - configMapUcrDefaults: "ums-stack-data-ums-ucr" - configMapUcr: "ums-stack-data-swp-ucr" - configMapUcrForced: null - domain: {{ .Values.global.domain | quote }} - imagePullSecrets: - {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} - -tags: - pre-release: true - -guardian: - enabled: true - authorizationApi: - podAnnotations: - intents.otterize.com/service-name: "ums-guardian-authorization-api" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsGuardianAuthorizationApi.registry | quote }} - repository: {{ .Values.images.umsGuardianAuthorizationApi.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsGuardianAuthorizationApi.tag | quote }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - - config: - guardianAuthzLoggingStructured: false - oauthAdapterWellKnownUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration" - opaAdapterUrl: "http://ums-guardian-open-policy-agent/" - udmDataAdapterUrl: "http://ums-udm-rest-api/udm/" - secretRef: "ums-guardian-udm-secret" - ingress: - enabled: false - resources: - {{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }} - - managementApi: - podAnnotations: - intents.otterize.com/service-name: "ums-guardian-management-api" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsGuardianManagementApi.registry | quote }} - repository: {{ .Values.images.umsGuardianManagementApi.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsGuardianManagementApi.tag | quote }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - - config: - guardianManagementLoggingStructured: false - guardianManagementAdapterAuthorizationApiUrl: "http://ums-guardian-authorization-api/guardian/authorization" - oauthAdapterWellKnownUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration" - guardianManagementBaseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - secretRef: "ums-guardian-keycloak-client-secret" - ingress: - enabled: false - resources: - {{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }} - - managementUi: - podAnnotations: - intents.otterize.com/service-name: "ums-guardian-management-ui" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsGuardianManagementUi.registry | quote }} - repository: {{ .Values.images.umsGuardianManagementUi.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsGuardianManagementUi.tag | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - - config: - viteApiDataAdapterUri: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/management" - viteKeycloakAuthenticationAdapterSsoUri: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" - viteKeycloakAuthenticationAdapterRealm: {{ .Values.platform.realm | quote }} - ingress: - enabled: false - resources: - {{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }} - - openPolicyAgent: - podAnnotations: - intents.otterize.com/service-name: "ums-ums-open-policy-agent" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsOpenPolicyAgent.registry | quote }} - repository: {{ .Values.images.umsOpenPolicyAgent.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsOpenPolicyAgent.tag | quote }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - - config: - opaGuardianManagementUrl: "http://ums-guardian-management-api/guardian/management" - ingress: - enabled: false - resources: - {{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }} - - - provisioning: - # Using openDesk keycloak provisioning - enabled: false - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsGuardianProvisioning.registry | quote }} - repository: {{ .Values.images.umsGuardianProvisioning.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsGuardianProvisioning.tag | quote }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - config: - nubusBaseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - keycloak: - url: "http://ums-keycloak:8080" - fqdn: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" - realm: {{ .Values.platform.realm | quote }} - admin: "kcadmin" - credentialSecret: - name: "ums-guardian-keycloak-secret" - key: "adminPassword" - managementApi: - credentialSecret: - name: "ums-guardian-keycloak-secret" - key: "managementApiClientSecret" - - postgresql: - bundled: false - connection: - host: {{ .Values.databases.umsGuardianManagementApi.host | quote }} - port: {{ .Values.databases.umsGuardianManagementApi.port | quote }} - auth: - username: {{ .Values.databases.umsGuardianManagementApi.username | quote }} - database: {{ .Values.databases.umsGuardianManagementApi.name | quote }} - password: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }} - -ldap-notifier: - enabled: true - podAnnotations: - intents.otterize.com/service-name: "ums-ldap-notifier" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapNotifier.registry | quote }} - repository: {{ .Values.images.umsLdapNotifier.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsLdapNotifier.tag | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - replicaCount: {{ .Values.replicas.umsLdapNotifier }} - resources: - {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }} - securityContext: - seccompProfile: - type: "RuntimeDefault" - seLinuxOptions: - {{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }} - volumes: - claims: - shared-data: "shared-data-ums-ldap-server-0" - shared-run: "shared-run-ums-ldap-server-0" - -ldap-server: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-ldap-server" - replicaCount: {{ .Values.replicas.umsLdapServer }} - serviceAccount: - annotations: - intended.usage: "compliance" - waitForDependency: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} - repository: {{ .Values.images.umsWaitForDependency.repository }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - tag: {{ .Values.images.umsWaitForDependency.tag | quote }} - ldapServer: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapServer.registry | quote }} - repository: {{ .Values.images.umsLdapServer.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - tag: {{ .Values.images.umsLdapServer.tag | quote }} - config: - domainName: "{{ .Release.Namespace }}.{{ .Values.global.domain}}" - ldapBaseDn: {{ .Values.ldap.baseDn | quote }} - samlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} - samlMetadataUrlInternal: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} - samlServiceProviders: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }} - credentialSecret: - name: ums-ldap-credentials - key: adminPassword - extraVolumes: - - name: "opendesk-schemas" - configMap: - name: "ums-stack-data-swp-schemas" - - extraVolumeMounts: - - name: "opendesk-schemas" - mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskFileshare.schema" - subPath: "opendeskFileshare.schema" - - name: "opendesk-schemas" - mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskKnowledgemanagement.schema" - subPath: "opendeskKnowledgemanagement.schema" - - name: "opendesk-schemas" - mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskLearnmanagement.schema" - subPath: "opendeskLearnmanagement.schema" - - name: "opendesk-schemas" - mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskLivecollaboration.schema" - subPath: "opendeskLivecollaboration.schema" - - name: "opendesk-schemas" - mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskProjectmanagement.schema" - subPath: "opendeskProjectmanagement.schema" - - persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }} - - resources: - {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }} - - initResources: - {{ .Values.resources.umsLdapServerInit | toYaml | nindent 4 }} - -notifications-api: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-notifications-api" - serviceAccount: - annotations: - intended.usage: "compliance" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsNotificationsApi.registry | quote }} - repository: {{ .Values.images.umsNotificationsApi.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsNotificationsApi.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - postgresql: - bundled: false - connection: - host: {{ .Values.databases.umsNotificationsApi.host | quote }} - port: {{ .Values.databases.umsNotificationsApi.port | quote }} - auth: - username: {{ .Values.databases.umsNotificationsApi.username | quote }} - database: {{ .Values.databases.umsNotificationsApi.name | quote }} - existingSecret: "ums-notifications-api-postgresql-credentials" - replicaCount: {{ .Values.replicas.umsNotificationsApi }} - notificationsapi: - apply_database_migrations: "True" - dev_mode: "False" - environment: "staging" - log_level: "DEBUG" - sql_echo: "False" - api_prefix: "/univention/portal/notifications-api" - resources: - {{ .Values.resources.umsNotificationsApi | toYaml | nindent 4 }} - -portal-frontend: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-portal-frontend" - serviceAccount: - annotations: - intended.usage: "compliance" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalFrontend.registry | quote }} - repository: {{ .Values.images.umsPortalFrontend.repository }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsPortalFrontend.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - extraVolumes: - - name: "opendesk-branding" - configMap: - name: "ums-stack-data-swp-branding" - extraVolumeMounts: - - name: "opendesk-branding" - mountPath: "/var/www/html/favicon.ico" - subPath: "favicon.ico" - - name: "opendesk-branding" - mountPath: "/var/www/html/css/custom.css" - subPath: "custom.css" - - name: "opendesk-branding" - mountPath: "/var/www/html/icons/logo.svg" - subPath: "logo.svg" - - name: "opendesk-branding" - mountPath: "/var/www/html/icons/logo_small_border.svg" - subPath: "logo_small_border.svg" - - name: "opendesk-branding" - mountPath: "/var/www/html/custom/portal_background_image.png" - subPath: "portal_background_image.png" - - name: "opendesk-branding" - mountPath: "/var/www/html/custom/portal_background_image.svg" - subPath: "portal_background_image.svg" - replicaCount: {{ .Values.replicas.umsPortalFrontend }} - resources: - {{ .Values.resources.umsPortalFrontend | toYaml | nindent 4 }} - -portal-listener: - enabled: true - podAnnotations: - intents.otterize.com/service-name: "ums-portal-listener" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalListener.registry | quote }} - repository: {{ .Values.images.umsPortalListener.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsPortalListener.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - waitForDependency: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} - repository: {{ .Values.images.umsWaitForDependency.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsWaitForDependency.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - persistence: - storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.univentionManagementStack.portalListener | quote }} - portalListener: - adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }} - assetsRootPath: "portal-assets" - ucsInternalPath: "portal-data" - - ldapBaseDn: {{ .Values.ldap.baseDn | quote }} - ldapHost: {{ .Values.ldap.host | quote }} - ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} - ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - notifierServer: {{ .Values.ldap.notifierHost | quote }} - portalDefaultDn: {{ printf "%s,%s" "cn=domain,cn=portal,cn=portals,cn=univention" .Values.ldap.baseDn | quote }} - udmApiUrl: "http://ums-udm-rest-api/udm/" - udmApiUsername: "cn=admin" - debugLevel: {{ if .Values.debug.enabled }}"4"{{ else }}"1"{{ end }} - tlsMode: "off" - umcGetUrl: "http://ums-umc-server/get" - umcSessionUrl: "http://ums-umc-server/get/session-info" - objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} - objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} - objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }} - objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }} - replicaCount: {{ .Values.replicas.umsPortalListener }} - resources: - {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }} - - resourcesWaitForDependency: - {{ .Values.resources.umsPortalListenerDependencies | toYaml | nindent 4 }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - add: - - "CHOWN" - - "DAC_OVERRIDE" - - "FOWNER" - - "FSETID" - - "KILL" - - "SETGID" - - "SETUID" - - "SETPCAP" - - "NET_BIND_SERVICE" - - "NET_RAW" - - "SYS_CHROOT" - privileged: false - seccompProfile: - type: "RuntimeDefault" - readOnlyRootFilesystem: false - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - seLinuxOptions: - {{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }} - -portal-server: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-portal-server" - serviceAccount: - annotations: - intended.usage: "compliance" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalServer.registry | quote }} - repository: {{ .Values.images.umsPortalServer.repository }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsPortalServer.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - portalServer: - authMode: "saml" - editable: "false" - adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }} - ucsInternalPath: "portal-data" - umcGetUrl: "http://ums-umc-server/get" - umcSessionUrl: "http://ums-umc-server/get/session-info" - objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} - objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} - centralNavigation: - enabled: true - objectStorageCredentialSecret: - name: "ums-portal-server-minio-credentials" - accessKeyKey: "nubus-s3-access-key-id" - secretKeyKey: "nubus-s3-secret-key-id" - - extraVolumes: - - name: authenticator-secret - secret: - secretName: ums-portal-server-authenticator-credentials - - extraVolumeMounts: - - name: authenticator-secret - mountPath: "/var/secrets/authenticator.secret" - subPath: "authenticator.secret" - - replicaCount: {{ .Values.replicas.umsPortalServer }} - - resources: - {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }} - -provisioning: - enabled: false - api: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningEventsAndConsumerApi.registry | quote }} - repository: {{ .Values.images.umsProvisioningEventsAndConsumerApi.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsProvisioningEventsAndConsumerApi.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - credentialSecretName: "ums-provisioning-api-credentials" - dispatcher: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningDispatcher.registry | quote }} - repository: {{ .Values.images.umsProvisioningDispatcher.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsProvisioningDispatcher.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - credentialSecretName: "ums-provisioning-dispatcher-credentials" - prefill: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningPrefill.registry | quote }} - repository: {{ .Values.images.umsProvisioningPrefill.repository }} - pullPolicy: {{ .Values.global.imagePullPolicy }} - tag: {{ .Values.images.umsProvisioningPrefill.tag }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - credentialSecretName: "ums-provisioning-prefill-credentials" - nats: - config: - authorization: - enabled: false - users: - - user: "admin" - password: "$NATS_PASSWORD" - permissions: - publish: ">" - subscribe: ">" - - user: "$NATS_API_USER" - password: "$NATS_API_PASSWORD" - permissions: - publish: ">" - subscribe: ">" - - user: "$NATS_DISPATCHER_USER" - password: "$NATS_DISPATCHER_PASSWORD" - permissions: - publish: ">" - subscribe: ">" - - user: "$NATS_PREFILL_USER" - password: "$NATS_PREFILL_PASSWORD" - permissions: - publish: ">" - subscribe: ">" - extraEnvVars: - - name: NATS_USER - value: "admin" - - name: NATS_PASSWORD - valueFrom: - secretKeyRef: - name: ums-provisioning-nats-credentials - key: admin_password - - name: NATS_API_USER - valueFrom: - secretKeyRef: - name: ums-provisioning-api-credentials - key: NATS_USER - - name: NATS_API_PASSWORD - valueFrom: - secretKeyRef: - name: ums-provisioning-api-credentials - key: NATS_PASSWORD - - name: NATS_DISPATCHER_USER - valueFrom: - secretKeyRef: - name: ums-provisioning-dispatcher-credentials - key: NATS_USER - - name: NATS_DISPATCHER_PASSWORD - valueFrom: - secretKeyRef: - name: ums-provisioning-dispatcher-credentials - key: NATS_PASSWORD - - name: NATS_PREFILL_USER - valueFrom: - secretKeyRef: - name: ums-provisioning-prefill-credentials - key: NATS_USER - - name: NATS_PREFILL_PASSWORD - valueFrom: - secretKeyRef: - name: ums-provisioning-prefill-credentials - key: NATS_PASSWORD - nats: - nats: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsNats.registry | quote }} - repository: {{ .Values.images.umsNats.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsNats.tag | quote }} - natsBox: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsNatsBox.registry | quote }} - repository: {{ .Values.images.umsNatsBox.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsNatsBox.tag | quote }} - reloader: - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsNatsReloader.registry | quote }} - repository: {{ .Values.images.umsNatsReloader.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsNatsReloader.tag | quote }} - - - ingress: - host: "localhost" - tls: - enabled: false - -udm-listener: - enabled: false - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmListener.registry | quote }} - repository: {{ .Values.images.umsProvisioningUdmListener.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsProvisioningUdmListener.tag | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - config: - debugLevel: "4" - ldapBaseDn: {{ .Values.ldap.baseDn | quote }} - ldapHost: {{ .Values.ldap.host | quote }} - ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} - ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - ldapPort: "389" - notifierServer: "ums-ldap-notifier" - tlsMode: "off" - natsHost: "ums-provisioning-nats" - -stack-data-ums: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-stack-data-ums" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsDataLoader.registry | quote }} - repository: {{ .Values.images.umsDataLoader.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsDataLoader.tag | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - stackDataUms: - loadDevData: true - udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - udmApiUrl: "http://ums-udm-rest-api/udm/" - udmApiUser: "cn=admin" - stackDataContext: - idpSamlMetadataUrlInternal: null - umcSamlSchemes: "https" - # The openDesk configuration brings its own UMC policies. - installUmcPolicies: false - domainname: {{ .Values.global.domain | quote }} - externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} - hostname: {{ .Values.global.hosts.univentionManagementStack | quote }} - ldapHost: {{ .Values.ldap.host | quote }} - ldapBase: {{ .Values.ldap.baseDn | quote }} - ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} - idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }} - umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} - idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }} - ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }} - initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }} - initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }} - umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }} - umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }} - umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }} - umcMemcachedUsername: "" - -stack-data-swp: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-stack-data-swp" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsDataLoader.registry | quote }} - repository: {{ .Values.images.umsDataLoader.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsDataLoader.tag | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - stackDataContext: - ldapBase: {{ .Values.ldap.baseDn }} - oxDefaultContext: "1" - smtpStartTls: true - ldapSearchUsers: - {{- range $username, $password := .Values.secrets.univentionManagementStack.ldapSearch }} - - username: {{ printf "ldapsearch_%s" $username | quote }} - password: {{ $password | quote }} - lastname: "LDAP-Search-User" - {{- end }} - - externalDomainName: {{ .Values.global.domain | quote }} - externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} - - portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain | quote }} - portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }} - portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain | quote }} - portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain | quote }} - portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain | quote }} - portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain | quote }} - portalTitleDE: "{{ .Values.theme.texts.productName }} Portal" - portalTitleEN: "{{ .Values.theme.texts.productName }} Portal" - - smtpHost: {{ .Values.smtp.host | quote }} - smtpPort: {{ .Values.smtp.port | quote }} - smtpUser: {{ .Values.smtp.username | quote }} - - userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }} - adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }} - - stackDataSwp: - udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - {{- if .Values.functional.admin.portal.deploymentInformation.enabled }} - systemInformation: - deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}" - releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}" - {{- end }} - udmApiUser: "cn=admin" - udmApiUrl: "http://ums-udm-rest-api/udm/" - loadDevData: true - resources: - {{ .Values.resources.umsStackDataSwp | toYaml | nindent 2 }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - privileged: false - seccompProfile: - type: "RuntimeDefault" - readOnlyRootFilesystem: false - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - seLinuxOptions: - {{- .Values.seLinuxOptions.umsDataLoader | toYaml | nindent 6 }} - -selfservice-listener: - enabled: true - podAnnotations: - intents.otterize.com/service-name: "ums-selfservice-listener" - image: - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - - selfserviceListener: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceListener.registry | quote }} - repository: {{ .Values.images.umsSelfserviceListener.repository | quote }} - tag: {{ .Values.images.umsSelfserviceListener.tag | quote }} - - selfserviceInvitation: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }} - repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }} - tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }} - - waitForDependency: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }} - repository: {{ .Values.images.umsWaitForDependency.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsWaitForDependency.tag | quote }} - - persistence: - storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.univentionManagementStack.selfserviceListener | quote }} - - resources: - {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }} - - resourcesDependencyWaiter: - {{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }} - - replicaCount: {{ .Values.replicas.umsSelfserviceListener }} - - selfserviceListener: - ldapBaseDn: {{ .Values.ldap.baseDn | quote }} - ldapHost: {{ .Values.ldap.host | quote }} - ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} - ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - notifierServer: {{ .Values.ldap.notifierHost | quote }} - umcAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }} - debugLevel: {{ if .Values.debug.enabled }}"4"{{ else }}"1"{{ end }} - tlsMode: "off" - umcServerUrl: "http://ums-umc-server" - umcAdminUser: "default.admin" - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - add: - - "CHOWN" - - "DAC_OVERRIDE" - - "FOWNER" - - "FSETID" - - "KILL" - - "SETGID" - - "SETUID" - - "SETPCAP" - - "NET_BIND_SERVICE" - - "NET_RAW" - - "SYS_CHROOT" - privileged: false - seccompProfile: - type: "RuntimeDefault" - readOnlyRootFilesystem: false - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsSelfserviceListener }} - -udm-rest-api: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-udm-rest-api" - serviceAccount: - annotations: - intended.usage: "compliance" - udmRestApi: - secretRef: ums-udm-rest-api-credentials - ldap: - uri: "ldap://ums-ldap-server:389" - baseDn: {{ .Values.ldap.baseDn | quote }} - tls: - enabled: false - secretName: "portal.{{ .Release.Namespace }}.gaia.open-desk.cloud" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsUdmRestApi.registry | quote }} - repository: {{ .Values.images.umsUdmRestApi.repository | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsUdmRestApi.tag | quote }} - extraVolumes: - - name: "attribute-to-group-mapper-hook" - configMap: - name: "ums-stack-data-swp-attribute-to-group-mapper-hook" - extraVolumeMounts: - - name: "attribute-to-group-mapper-hook" - mountPath: "/usr/lib/python3/dist-packages/univention/admin/hooks.d/AttributeToGroupMapper.py" - subPath: "AttributeToGroupMapper.py" - - name: "attribute-to-group-mapper-hook" - mountPath: "/usr/share/attribute-to-group-mapper/flag_to_group_mapping.json" - subPath: "flag_to_group_mapping.json" - resources: - {{ .Values.resources.umsUdmRestApi | toYaml | nindent 4 }} - initResources: - {{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }} - replicaCount: {{ .Values.replicas.umsUdmRestApi }} - -umc-gateway: - enabled: true - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsUmcGateway.registry | quote }} - repository: {{ .Values.images.umsUmcGateway.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsUmcGateway.tag | quote }} - replicaCount: {{ .Values.replicas.umsUmcGateway }} - umcGateway: - umcHtmlTitle: "openDesk - Admin" - extraVolumes: - - name: "entrypoint-swp-patches" - configMap: - name: "ums-stack-data-swp-umc-gateway-entrypoint" - defaultMode: 0555 - - name: "announcements-customization" - configMap: - name: "ums-stack-data-swp-umc-server-announcements" - defaultMode: 0444 - extraVolumeMounts: - - name: "entrypoint-swp-patches" - mountPath: "/entrypoint.d/90-swp.sh" - subPath: "90-swp.sh" - - name: "announcements-customization" - mountPath: - "/usr/share/univention-management-console-frontend/js/dijit/themes\ - /umc/icons/16x16/udm-portals-announcement.png" - subPath: "udm-portals-announcement.png" - ingress: - host: localhost - enabled: false - tls: - enabled: false - - resources: - {{ .Values.resources.umsUmcGateway | toYaml | nindent 2 }} - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - add: - - "CHOWN" - - "DAC_OVERRIDE" - - "FOWNER" - - "FSETID" - - "KILL" - - "SETGID" - - "SETUID" - - "SETPCAP" - - "NET_BIND_SERVICE" - - "NET_RAW" - - "SYS_CHROOT" - privileged: false - seccompProfile: - type: "RuntimeDefault" - readOnlyRootFilesystem: false - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsUmcGateway }} - -umc-server: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-umc-server" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsUmcServer.registry | quote }} - repository: {{ .Values.images.umsUmcServer.repository | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - tag: {{ .Values.images.umsUmcServer.tag | quote }} - pullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - replicaCount: {{ .Values.replicas.umsUmcServer }} - umcServer: - certPemFile: "/var/secrets/ssl/tls.crt" - caCert: "Cg==" - certPem: "Cg==" - privateKey: "Cg==" - ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - smtpSecret: {{ .Values.smtp.password | quote }} - privateKeyFile: "/var/secrets/ssl/tls.key" - extraVolumes: - - name: "certificates" - secret: - secretName: "opendesk-certificates-tls" - - name: "entrypoint-swp-patches" - configMap: - name: "ums-stack-data-swp-umc-server-entrypoint" - defaultMode: 0555 - - name: "self-service-emails" - configMap: - name: "ums-stack-data-swp-self-service-emails" - defaultMode: 0444 - - name: "attribute-to-group-mapper-hook" - configMap: - name: "ums-stack-data-swp-attribute-to-group-mapper-hook" - - name: "announcements-customization" - configMap: - name: "ums-stack-data-swp-umc-server-announcements" - defaultMode: 0444 - extraVolumeMounts: - - name: "certificates" - mountPath: "/var/secrets/ssl" - - name: "entrypoint-swp-patches" - mountPath: "/entrypoint.d/90-customization.sh" - subPath: "90-customization.sh" - - name: "self-service-emails" - mountPath: "/usr/share/univention-self-service/email_bodies" - - name: "attribute-to-group-mapper-hook" - mountPath: "/usr/lib/python3/dist-packages/univention/admin/hooks.d/AttributeToGroupMapper.py" - subPath: "AttributeToGroupMapper.py" - - name: "attribute-to-group-mapper-hook" - mountPath: "/usr/share/attribute-to-group-mapper/flag_to_group_mapping.json" - subPath: "flag_to_group_mapping.json" - - name: "announcements-customization" - mountPath: "/usr/share/univention-management-console/modules/udm-portals-announcement.xml" - subPath: "udm-portals-announcement.xml" - ingress: - host: localhost - enabled: false - tls: - enabled: false - memcached: - bundled: false - server: {{ .Values.cache.umsSelfservice.host | quote }} - - postgresql: - bundled: false - connection: - host: {{ .Values.databases.umsSelfservice.host | quote }} - port: {{ .Values.databases.umsSelfservice.port | quote }} - auth: - username: {{ .Values.databases.umsSelfservice.username | quote }} - database: {{ .Values.databases.umsSelfservice.name | quote }} - password: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }} - postgresPassword: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }} - - resources: - {{ .Values.resources.umsUmcServer | toYaml | nindent 2 }} - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - add: - - "CHOWN" - - "DAC_OVERRIDE" - - "FOWNER" - - "FSETID" - - "KILL" - - "SETGID" - - "SETUID" - - "SETPCAP" - - "NET_BIND_SERVICE" - - "NET_RAW" - - "SYS_CHROOT" - privileged: false - seccompProfile: - type: "RuntimeDefault" - readOnlyRootFilesystem: false - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsUmcServer }} - -keycloak: - enabled: true - podAnnotations: - intents.otterize.com/service-name: "ums-keycloak" - serviceAccount: - annotations: - intended.usage: "compliance" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloak.registry | quote }} - repository: {{ .Values.images.umsKeycloak.repository | quote }} - tag: {{ .Values.images.umsKeycloak.tag | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - - config: - logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }} - enableMetrics: true - # The availability of the admin console is already restricted through the path settings in the Keycloak Extensions - # Proxy which is used in openDesk. The setting here is just relevant when Keycloak endpoints are exposed directly - # through an own ingress. - exposeAdminConsole: false - - postgresql: - connection: - host: {{ .Values.databases.keycloak.host | quote }} - port: {{ .Values.databases.keycloak.port }} - auth: - username: {{ .Values.databases.keycloak.username | quote }} - database: {{ .Values.databases.keycloak.name | quote }} - credentialSecret: - name: "ums-keycloak-postgresql-credentials" - key: "keycloakDatabasePassword" - - keycloak: - auth: - username: "kcadmin" - password: {{ .Values.secrets.keycloak.adminPassword | quote }} - - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - seccompProfile: - type: "RuntimeDefault" - privileged: false - readOnlyRootFilesystem: false - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloak }} - - podSecurityContext: - fsGroup: 1000 - fsGroupChangePolicy: "OnRootMismatch" - - theme: - univentionTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/theme.css" - univentionCustomTheme: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/css/custom.css" - favIcon: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/favicon.ico" - - replicaCount: {{ .Values.replicas.keycloak }} - - resources: - {{ .Values.resources.umsKeycloak | toYaml | nindent 2 }} - -keycloak-bootstrap: - enabled: true - serviceAccount: - annotations: - intended.usage: "compliance" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakBootstrap.registry | quote }} - repository: {{ .Values.images.umsKeycloakBootstrap.repository | quote }} - tag: {{ .Values.images.umsKeycloakBootstrap.tag | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - - cleanup: - deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} - keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }} - - keycloak: - connection: - baseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" - auth: - username: "kcadmin" - password: {{ .Values.secrets.keycloak.adminPassword | quote }} - realm: {{ .Values.platform.realm | quote }} - ldap: - baseDn: {{ .Values.ldap.baseDn | quote }} - connection: - host: {{ .Values.ldap.host | quote }} - port: "389" - protocol: "ldap" - auth: - bindDn: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal" - password: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }} - - bootstrap: - ldapMappers: - - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin" - - ldapAndUserModelAttributeName: "oxContextIDNum" - loginLinks: - - link_number: 1 - language: "de" - description: "Passwort vergessen?" - href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" - - link_number: 1 - language: "en" - description: "Forgot password?" - href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten" - twoFactorAuthentication: - enabled: true - group: "2fa-users" - - config: - saml: - serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - - containerSecurityContext: - enabled: true - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - readOnlyRootFilesystem: false - privileged: false - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: "RuntimeDefault" - seLinuxOptions: - {{ .Values.seLinuxOptions.umsKeycloakBootstrap | toYaml | nindent 6 }} - - podAnnotations: - intents.otterize.com/service-name: "ums-keycloak-bootstrap" - - podSecurityContext: - enabled: true - fsGroup: 1000 - fsGroupChangePolicy: "Always" - - resources: - {{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 2 }} - -keycloak-extensions: - enabled: true - keycloak: - connection: - host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}" - auth: - username: "kcadmin" - password: {{ .Values.secrets.keycloak.adminPassword | quote }} - masterRealm: "master" - realm: {{ .Values.platform.realm | quote }} - postgresql: - connection: - host: {{ .Values.databases.keycloakExtension.host | quote }} - port: {{ .Values.databases.keycloakExtension.port }} - auth: - database: {{ .Values.databases.keycloakExtension.name | quote }} - username: {{ .Values.databases.keycloakExtension.username | quote }} - password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} - smtp: - connection: - host: {{ .Values.smtp.host | quote }} - port: {{ .Values.smtp.port | quote }} - auth: - username: {{ .Values.smtp.username | quote }} - password: {{ .Values.smtp.password | quote }} - handler: - replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }} - podAnnotations: - intents.otterize.com/service-name: "ums-keycloak-extensions-handler" - # nameOverride: "keycloak-extensions-handler" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakExtensionHandler.registry | quote }} - repository: {{ .Values.images.umsKeycloakExtensionHandler.repository | quote }} - tag: {{ .Values.images.umsKeycloakExtensionHandler.tag | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - imagePullSecrets: {{ .Values.global.imagePullSecrets }} - appConfig: - captchaProtectionEnable: false - deviceProtectionEnable: true - ipProtectionEnable: true - logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }} - newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account" - mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.keycloak }}.{{ end }}{{ .Values.global.domain }}" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - seccompProfile: - type: "RuntimeDefault" - readOnlyRootFilesystem: true - privileged: false - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler }} - resources: - {{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 6 }} - proxy: - replicaCount: {{ .Values.replicas.umsKeycloakExtensionsProxy }} - podAnnotations: - intents.otterize.com/service-name: "ums-keycloak-extensions-proxy" - # nameOverride: "keycloak-extensions-proxy" - appConfig: - logLevel: {{ if .Values.debug.enabled }}"debug"{{ else }}"warn"{{ end }} - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakExtensionProxy.registry | quote }} - repository: {{ .Values.images.umsKeycloakExtensionProxy.repository | quote }} - tag: {{ .Values.images.umsKeycloakExtensionProxy.tag | quote }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - imagePullSecrets: {{ .Values.global.imagePullSecrets }} - ingress: - paths: - {{- if .Values.debug.enabled }} - - pathType: "Prefix" - path: "/admin/" - {{- end }} - - pathType: "Prefix" - path: "/realms/" - - pathType: "Prefix" - path: "/js/" - - pathType: "Prefix" - path: "/resources/" - - pathType: "Prefix" - path: "/fingerprintjs" - - pathType: "Exact" - path: "/univention/meta.json" - backend: - service: - name: "ums-stack-gateway" - port: - name: "http" - - enabled: {{ .Values.ingress.enabled }} - ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} - host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" - tls: - enabled: {{ .Values.ingress.tls.enabled }} - secretName: {{ .Values.ingress.tls.secretName | quote }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - seccompProfile: - type: "RuntimeDefault" - privileged: false - readOnlyRootFilesystem: true - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy }} - resources: - {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }} - -keycloak-postgresql: - enabled: false - -stack-gateway: - enabled: true - additionalAnnotations: - intents.otterize.com/service-name: "ums-stack-gateway" - fullnameOverride: "ums-stack-gateway" - image: - registry: {{ .Values.global.imageRegistry | default .Values.images.umsStackGateway.registry | quote }} - repository: {{ .Values.images.umsStackGateway.repository | quote }} - tag: {{ .Values.images.umsStackGateway.tag | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - ingress: - annotations: - # Ensure that the ingress controller can handle responses with plenty of - # headers. This is a requirement from the UDM Rest API. - nginx.org/proxy-buffer-size: "64k" - nginx.org/proxy-buffers: "4 128k" - enabled: {{ .Values.ingress.enabled }} - extraTls: - - hosts: - - {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} - secretName: {{ .Values.ingress.tls.secretName | quote }} - hostname: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} - ingressClassName: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} - tls: false - - podSecurityContext: - enabled: true - fsGroup: 1001 - replicaCount: {{ .Values.replicas.umsStackGateway }} - - resources: - {{ .Values.resources.umsStackGateway | toYaml | nindent 4 }} - - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - seccompProfile: - type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.umsStackGateway }} - - service: - type: "ClusterIP" - - serviceAccount: - create: true - - # The content of the "serverBlock" does resemble the Ingress configuration of - # the UMS components. The "location" entries do intentionally reflect precisely - # the respective paths which are configured. - serverBlock: | - server { - listen 8080; - - proxy_http_version 1.1; - - proxy_set_header Host $http_host; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $http_x_forwarded_host; - proxy_set_header X-Forwarded-Port $http_x_forwarded_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - - - {{ if .Values.functional.externalServices.nubus.udmRestApi.enabled }} - ## udm-rest-api - location /univention/udm/ { - # The UDM Rest API does return on some endpoints a lot of headers - proxy_busy_buffers_size 128k; - proxy_buffers 4 128k; - proxy_buffer_size 64k; - - rewrite ^/univention(/udm/.*)$ $1 break; - proxy_pass http://ums-udm-rest-api:80; - } - {{ end }} - - - ## portal-frontend - # The frontend does not own "/univention/portal" nor - # "/univention/selfservice", only these two bits - location = /univention/portal/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80/; - } - location = /univention/portal/index.html { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80/; - } - location = /univention/selfservice/ { - rewrite ^/univention/selfservice(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80/; - } - - # The following prefixes are owned by the frontend - location /univention/portal/css/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/portal/fonts/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/portal/i18n/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/portal/media/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/portal/js/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/portal/oidc/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/selfservice/css/ { - rewrite ^/univention/selfservice(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/selfservice/fonts/ { - rewrite ^/univention/selfservice(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/selfservice/i18n/ { - rewrite ^/univention/selfservice(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/selfservice/media/ { - rewrite ^/univention/selfservice(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/selfservice/js/ { - rewrite ^/univention/selfservice(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - location /univention/selfservice/oidc/ { - rewrite ^/univention/selfservice(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80; - } - - - ## frontend redirects - location = / { - absolute_redirect off; - return 302 /univention/portal/; - } - location = /univention { - absolute_redirect off; - return 302 /univention/portal/; - } - location = /univention/ { - absolute_redirect off; - return 302 /univention/portal/; - } - location = /univention/portal { - absolute_redirect off; - return 302 /univention/portal/; - } - location = /univention/selfservice { - absolute_redirect off; - return 302 /univention/selfservice/; - } - - - ## portal-server - location = /univention/portal/portal.json { - proxy_pass http://ums-portal-server:80; - } - location = /univention/selfservice/portal.json { - proxy_pass http://ums-portal-server:80; - } - location = /univention/portal/navigation.json { - proxy_pass http://ums-portal-server:80; - } - - - ## umc-gateway - location = /univention/languages.json { - proxy_pass http://ums-umc-gateway:80; - } - location = /univention/meta.json { - proxy_pass http://ums-umc-gateway:80; - } - location = /univention/theme.css { - proxy_pass http://ums-umc-gateway:80; - } - location /univention/js/ { - proxy_pass http://ums-umc-gateway:80; - } - location /univention/login/main.js { - proxy_pass http://ums-umc-gateway:80; - } - location /univention/login/LoginDialog.js { - proxy_pass http://ums-umc-gateway:80; - } - location /univention/login/i18n/ { - proxy_pass http://ums-umc-gateway:80; - } - location /univention/management/ { - proxy_pass http://ums-umc-gateway:80; - } - location /univention/themes/ { - proxy_pass http://ums-umc-gateway:80; - } - - - ### umc-server - ## Do not support local authentication - #location = /univention/auth { - # rewrite ^/univention(/.*)$ $1 break; - # proxy_pass http://ums-umc-server:80; - # proxy_set_header X-UMC-HTTPS 'on'; - #} - location /univention/logout { - rewrite ^/univention(/.*)$ $1 break; - proxy_pass http://ums-umc-server:80; - } - location /univention/saml { - rewrite ^/univention(/.*)$ $1 break; - proxy_pass http://ums-umc-server:80; - proxy_set_header X-UMC-HTTPS 'on'; - } - location /univention/get { - rewrite ^/univention(/.*)$ $1 break; - proxy_pass http://ums-umc-server:80; - } - location /univention/set { - rewrite ^/univention(/.*)$ $1 break; - proxy_pass http://ums-umc-server:80; - } - location /univention/command { - rewrite ^/univention(/.*)$ $1 break; - proxy_pass http://ums-umc-server:80; - } - location /univention/upload { - rewrite ^/univention(/.*)$ $1 break; - proxy_pass http://ums-umc-server:80; - } - - - ## notifications-api - location /univention/portal/notifications-api/ { - rewrite ^/univention/portal/notifications-api(/.*)$ $1 break; - proxy_pass http://ums-notifications-api:80; - } - - ## openDesk branding - location = /favicon.ico { - proxy_pass http://ums-portal-frontend:80/; - } - location /univention/portal/custom/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80/; - } - location /univention/portal/icons/ { - rewrite ^/univention/portal(/.*)$ $1 break; - proxy_pass http://ums-portal-frontend:80/; - } - - ## provisioning-api - # location /univention/provisioning-api/ { - # rewrite ^/univention/provisioning-api(/.*)$ $1 break; - # proxy_pass http://ums-provisioning-api:80; - # } - - ## guardian - location /univention/guardian/management-ui { - proxy_pass http://ums-guardian-management-ui:80/univention/guardian/management-ui; - } - location /guardian/management { - proxy_pass http://ums-guardian-management-api:80/guardian/management; - } - location /guardian/authorization { - proxy_pass http://ums-guardian-authorization-api:80/guardian/authorization; - } - - ## object storage (minio) - location /univention/portal/icons/entries/ { - rewrite ^/univention/portal(/icons/entries/.*)$ /ums/portal-assets$1 break; - # proxy_pass {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "http://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) }}:9000; - proxy_pass http://minio:9000; - } - location /univention/portal/icons/logos/ { - rewrite ^/univention/portal(/icons/logos/.*)$ /ums/portal-assets$1 break; - # proxy_pass {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "http://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) }}:9000; - proxy_pass http://minio:9000; - } - location /univention/selfservice/icons/entries/ { - rewrite ^/univention/selfservice(/icons/entries/.*)$ /ums/portal-assets$1 break; - # proxy_pass {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "http://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) }}:9000; - proxy_pass http://minio:9000; - } - location /univention/selfservice/icons/logos/ { - rewrite ^/univention/selfservice(/icons/logos/.*)$ /ums/portal-assets$1 break; - # proxy_pass {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "http://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) }}:9000; - proxy_pass http://minio:9000; - } - - } - -minio: - enabled: false - -extraSecrets: - - name: ums-ldap-credentials - stringData: - adminPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - - name: ums-notifications-api-postgresql-credentials - stringData: - password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }} - - name: ums-keycloak-extensions-postgresql-credentials - stringData: - password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} - - name: ums-portal-server-minio-credentials - stringData: - nubus-s3-access-key-id: {{ .Values.objectstores.univentionManagementStack.username | quote }} - nubus-s3-secret-key-id: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }} - - name: ums-portal-server-authenticator-credentials - stringData: - authenticator.secret: {{ .Values.secrets.centralnavigation.apiKey | quote }} - - name: ums-provisioning-api-credentials - stringData: - NATS_USER: "api" - NATS_PASSWORD: "password" - - name: ums-provisioning-dispatcher-credentials - stringData: - UDM_USERNAME: "cn=admin" - UDM_PASSWORD: "password" - NATS_USER: "dispatcher" - NATS_PASSWORD: "password" - - name: ums-provisioning-prefill-credentials - stringData: - NATS_USER: "prefill" - NATS_PASSWORD: "password" - - name: ums-provisioning-nats-credentials - stringData: - admin_password: "nimda" - - name: ums-udm-rest-api-credentials - stringData: - ldap.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - machine.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - - name: "ums-guardian-udm-secret" - stringData: - udmDataAdapterUsername: "cn=admin" - udmDataAdapterPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} - - name: "ums-guardian-keycloak-client-secret" - stringData: - oauthAdapterM2mSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} - - name: "ums-keycloak-postgresql-credentials" - stringData: - keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }} - - name: "ums-guardian-keycloak-secret" - stringData: - adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} - managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} -... diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl index ce0692a0..d73b4b55 100644 --- a/helmfile/apps/xwiki/values.yaml.gotmpl +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -55,7 +55,7 @@ customConfigs: xwiki.authentication.ldap.port: 389 ## Authentication to the LDAP server xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" - xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionManagementStack.ldapSearch.xwiki | quote }} + xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }} ## Base DN used for searching for users xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" ## Allow short update cycles of the LDAP group cache @@ -83,8 +83,8 @@ customConfigs: # yamllint disable-line rule:line-length oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype" url.trustedDomains: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" - workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json" - workplaceServices.base: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json" + workplaceServices.base: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" workplaceServices.portalSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }} openoffice.serverType: "0" notifications.emails.live.graceTime: "5" @@ -129,8 +129,8 @@ postgresql: enabled: false properties: - "attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}" - "attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.faviconSvg | b64enc }}" + "attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvgB64 }}" + "attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.faviconSvgB64 }}" "attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon16.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon16PngB64 }}" "attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon144.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon144PngB64 }}" "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.secure": 1 diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index a7f0f131..ed7b36a6 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -200,7 +200,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations" name: "opendesk-migrations" - version: "1.0.1" + version: "1.2.1" verify: true minio: # providerCategory: "Community" @@ -242,6 +242,18 @@ charts: name: "nginx" version: "15.9.3" verify: true + nubus: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/charts/nubus" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "19", "3"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/charts-mirror" + name: "nubus" + version: "0.33.0" + verify: true opendeskKeycloakBootstrap: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -250,7 +262,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap" name: "opendesk-keycloak-bootstrap" - version: "2.1.0" + version: "2.1.1" verify: true openproject: # providerCategory: "Supplier" @@ -304,7 +316,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize" name: "opendesk-otterize" - version: "2.0.1" + version: "2.1.0" verify: true oxConnector: # providerCategory: "Supplier" @@ -378,30 +390,6 @@ charts: name: "opendesk-synapse-web" version: "3.3.0" verify: true - ums: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/charts/ums" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "12", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/charts-mirror" - name: "ums" - version: "0.16.0" - verify: true - umsKeycloakBootstrap: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/charts/keycloak-bootstrap" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "1", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/charts-mirror" - name: "keycloak-bootstrap" - version: "0.1.0" - verify: true xwiki: # providerCategory: "Supplier" # providerResponsible: "XWiki" diff --git a/helmfile/environments/default/global.generated.yaml b/helmfile/environments/default/global.generated.yaml index d19dfb3a..76d72350 100644 --- a/helmfile/environments/default/global.generated.yaml +++ b/helmfile/environments/default/global.generated.yaml @@ -3,5 +3,5 @@ --- global: systemInformation: - releaseVersion: "v0.9.0" + releaseVersion: "v0.9.1" ... diff --git a/helmfile/environments/default/global.gotmpl b/helmfile/environments/default/global.gotmpl index b126028d..3c04ada5 100644 --- a/helmfile/environments/default/global.gotmpl +++ b/helmfile/environments/default/global.gotmpl @@ -40,11 +40,11 @@ global: minioApi: "minio" minioConsole: "minio-console" nextcloud: "fs" + nubus: "portal" openproject: "project" openxchange: "webmail" synapse: "matrix" synapseFederation: "matrix-federation" - univentionManagementStack: "portal" whiteboard: "whiteboard" xwiki: "wiki" diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index fae80dd1..29e6c478 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -205,7 +205,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" - tag: "1.0.2@sha256:fbe21b4e2a276d2c5d052c1bb52158debfcc146188e654661001d4ff45b1b453" + tag: "1.2.0@sha256:42ebe655680466fd4b1647719752f1a4e7482eb2bc44abff806c4ac69fcda3e8" milter: # providerCategory: "Community" # providerResponsible: "openDesk" @@ -254,6 +254,346 @@ images: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php" tag: "1.10.3@sha256:e659ab95d0d3a33d4937354449c12fa46fe2669a866bbf432a9d729bed6d54f7" + nubusDataLoader: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/data-loader" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "41", "5"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader" + tag: "0.60.0@sha256:9b43a66c32f4f66143db00b71cc62966df6ed809ec023a0d573a015f5d15305a" + nubusGuardianAuthorizationApi: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://docker.software-univention.de" + # upstreamRepository: "guardian-authorization-api-authorization-api" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["1", "0", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-authorization-api" + tag: "2.0.0@sha256:5f194f9385aea5a279e25a57352f7b88a6cc4fa90b3bf04c2c97b9ff2bad70a5" + nubusGuardianManagementApi: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://docker.software-univention.de" + # upstreamRepository: "guardian-management-api-management-api" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["1", "0", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-api-management-api" + tag: "2.0.0@sha256:61a1ab84efebe2a87d358e8624f8b39073a6071683e7cd77b740a97d464753a2" + nubusGuardianManagementUi: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://docker.software-univention.de" + # upstreamRepository: "guardian-management-ui-management-ui" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["1", "0", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-ui-management-ui" + tag: "2.0.0@sha256:57e2503a4772f0ff656e792a98fadef4d41c248218e6c368f76ce82a892478cf" + nubusGuardianProvisioning: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/guardian-init" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "3", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init" + tag: "0.9.1@sha256:6006fb1c2779b906e7725df524f2587b2a610cc442793bf8f16b2b4b8c0494fb" + nubusKeycloak: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://docker.software-univention.de" + # upstreamRepository: "keycloak-keycloak" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+).+$' + # upstreamMirrorStartFrom: ["22", "0", "3"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-keycloak" + tag: "24.0.3-ucs1@sha256:cc66a1730abdd5abe88ac5cf045b6558f289bf1ae8d077ee884a42d785742f8b" + nubusKeycloakBootstrap: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/keycloak-bootstrap" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "1", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap" + tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2" + nubusKeycloakExtensionHandler: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/keycloak-handler" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "0", "3"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler" + tag: "0.9.4@sha256:247182a965cc56fe2a891d42a7cfe84205804a9e58dd8f0a8191726a68cb9db1" + nubusKeycloakExtensionProxy: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/keycloak-proxy" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "0", "3"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy" + tag: "0.9.4@sha256:a572fe076a2ef5966433fec478c92cffade816e71f2b4661bd8dbcb9e60c8c2f" + nubusLdapNotifier: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/ldap-notifier" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "8", "2"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier" + tag: "0.15.2@sha256:1f2a9d2136c8e87a4c4a59a94a2235d00e969c98bd7bfe75707a299918f271b5" + nubusLdapServer: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/ldap-server" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "8", "2"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server" + tag: "0.17.1@sha256:5b7b629b9655c7bb2857013f3399cefe5bdd3963d568bbf77d6d488c005e3b3b" + nubusLdapServerDhInitContainer: + # providerCategory: 'Community' + # providerResponsible: 'Univention' + # upstreamRegistry: 'registry-1.docker.io' + # upstreamRepository: 'natsio/nats-box' + registry: "registry-1.docker.io" + repository: "natsio/nats-box" + tag: "0.14.2@sha256:c9b8ebaabb2ca4c227feb4f6b856dc72d4775ac3d71f80d2c65aa82303079011" + nubusNats: + # providerCategory: 'Community' + # providerResponsible: 'Univention' + # upstreamRegistry: 'registry-1.docker.io' + # upstreamRepository: 'library/nats' + registry: "registry-1.docker.io" + repository: "library/nats" + tag: "2.10.10@sha256:fa26beda8a3187ccefa47afcfe9ea6d0e2f40a57c8f64d70bd63c792d7973938" + nubusNatsBox: + # providerCategory: 'Community' + # providerResponsible: 'Univention' + # upstreamRegistry: 'registry-1.docker.io' + # upstreamRepository: 'natsio/nats-box' + registry: "registry-1.docker.io" + repository: "natsio/nats-box" + tag: "0.14.2@sha256:c9b8ebaabb2ca4c227feb4f6b856dc72d4775ac3d71f80d2c65aa82303079011" + nubusNatsReloader: + # providerCategory: 'Community' + # providerResponsible: 'Univention' + # upstreamRegistry: 'registry-1.docker.io' + # upstreamRepository: 'natsio/nats-server-config-reloader' + registry: "registry-1.docker.io" + repository: "natsio/nats-server-config-reloader" + tag: "0.14.1@sha256:77dd4c60001ffbf442c6b25592e73b4fca06ea9406c677607192788d80453783" + nubusNotificationsApi: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/notifications-api" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "9", "4"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api" + tag: "0.27.0@sha256:d99173199f20c701b29b8a3c1a46465085a873b37f413882e7d2e106e258c35a" + nubusOpenPolicyAgent: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://docker.software-univention.de" + # upstreamRepository: "guardian-authorization-api-opa" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["1", "0", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-opa" + tag: "2.0.0@sha256:56a92a08da5addb951a2b2df09974889295ddde8526e93ad40dd973de1052ad4" + nubusOxExtension: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/ox-extension" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "10", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension" + tag: "0.10.0@sha256:f6f32ce0486594eca9c8682b10f60e9d174a526d5acd2ba4d0abcb8f522539b9" + nubusPortalConsumer: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/portal-consumer" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "27", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer" + tag: "0.27.0@sha256:e86bf827d1e93b61473a0730492f48f8dbf0d056b79dd9ecde7af1612696b144" + nubusPortalExtension: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/portal-extension" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "28", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension" + tag: "0.28.0@sha256:1ec467bebc402265e1c24b3d441c211faad1a025ded41afe8dd4687b7ad5a9a4" + nubusPortalFrontend: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/portal-frontend" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "9", "4"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend" + tag: "0.29.0@sha256:3af3d5d24f690557b4a644d5720113dca0c802465b0e43466b49db27acd37939" + nubusPortalListener: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/portal-listener" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "9", "4"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-listener" + tag: "0.24.2@sha256:98306b30c99e190ece6633921d9d54297634b0e4ca58ceaf0794c7050f0b8470" + nubusPortalServer: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/portal-server" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "9", "4"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server" + tag: "0.27.0@sha256:e1ad659feb4a1948d07e6e7d99b94b6bdbd4525d96f4cf9a010b75189f0082fc" + nubusProvisioningDispatcher: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/provisioning-dispatcher" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "14", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" + tag: "0.28.3@sha256:79c81b0143e78c7cabb1efd63d47530eac686fba11db57c173abd8ebdd396778" + nubusProvisioningEventsAndConsumerApi: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/provisioning-events-and-consumer-api" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "14", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" + tag: "0.28.3@sha256:5b0a2c52d715fde613ecfedb3a3f5e47b9eb73cdcf4c373a9cc58248a919f2bf" + nubusProvisioningPrefill: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/provisioning-prefill" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "14", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" + tag: "0.28.3@sha256:a98bce46144a6ff943b0432b66277393b7b476b8969b221b9069c708d3380f5d" + nubusProvisioningUdmListener: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/provisioning-udm-listener" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "14", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" + tag: "0.28.3@sha256:b9c452e55e6716f93309bef0af7d401e218cd1e6ea9ad3d2819fb10dd631aecd" + nubusProvisioningUdmTransformer: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/provisioning-udm-transformer" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "14", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer" + tag: "0.29.0@sha256:68e27eb9560d2729e9065da3573f28073c5e53fedabac4d19562c4b8c6c1d1f3" + nubusSelfserviceInvitation: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/selfservice-invitation" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "3", "2"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation" + tag: "0.6.4@sha256:3fcc56c2e039a5a503183ec272fea334083079ceb83c8af7283f9be9b4334d71" + nubusSelfserviceListener: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/selfservice-listener" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "3", "2"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener" + tag: "0.6.4@sha256:9605072b60d832ba165d8b7f9b1b7195693e7d5744479af321e4cf242f9ea500" + nubusStackGateway: + # providerCategory: "Community" + # providerResponsible: "Univention" + # upstreamRegistry: "https://registry-1.docker.io" + # upstreamRepository: "bitnami/nginx" + registry: "registry-1.docker.io" + repository: "bitnami/nginx" + tag: "1.25.4@sha256:dd352b597f4c38ae24abec411710f4249fb5c793293c7ed04737db6b41d32d24" + nubusUdmRestApi: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/udm-rest-api" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "9", "3"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api" + tag: "0.19.0@sha256:41482c459655afa36eaf9ec21354ff8417e4da5e3a787ec2f865730952f6bb61" + nubusUmcGateway: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/umc-gateway" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "7", "3"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway" + tag: "0.22.2@sha256:fe4d2c148946da6f5e92201f398ebd0d5a72795c50648993bd220ea1e228658d" + nubusUmcServer: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/umc-server" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "7", "3"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server" + tag: "0.22.2@sha256:474497f561c3532b37b7d5e77ec36bd1fefc4fbeaab9747b481533b0da086586" + nubusWaitForDependency: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/wait-for-dependency" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "9", "4"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency" + tag: "0.25.0@sha256:71a4d66fd67db6f92212b1936862b2b0d5a678d412213d74452a9195c2fe67f7" opendeskKeycloakBootstrap: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -261,7 +601,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-keycloak-bootstrap" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-keycloak-bootstrap" - tag: "1.2.0@sha256:3b364c60bedb9ae001c39cbf84e4b4b326b9559078f21bfc993cf0e601196e6f" + tag: "1.2.1@sha256:f5ce0be27580c6347c5e700c4fa271a811d45d8a0e4b40ffe8a4d0e3d47e670f" openproject: # providerCategory: "Supplier" # providerResponsible: "OpenProject" @@ -441,7 +781,7 @@ images: # upstreamMirrorStartFrom: ["8922"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/prosody" - tag: "stable-9646@sha256:ebb258bda974cf5f5d7f7ee845bc7e6d918a68895c62fc1b1fea999960b01b3b" + tag: "stable-9457-2@sha256:5364b0c9c6de654b7b31b5821e9cd7a39660a19010348e7ac56b85be2944daa0" redis: # providerCategory: "Community" # providerResponsible: "openDesk" @@ -487,298 +827,6 @@ images: registry: "registry-1.docker.io" repository: "rapidfort/haproxy-official" tag: "2.6.15-bullseye@sha256:47b6ca4074347788cb414fbf3db35d0c51e9e47af33be46457f95c750540887c" - umsDataLoader: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/data-loader" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "41", "5"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader" - tag: "0.45.2@sha256:6e2e054903f361eea5cd54ae6dd3da94380d4a6a11f2628983e2acdbc66d605e" - umsGuardianAuthorizationApi: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://docker.software-univention.de" - # upstreamRepository: "guardian-authorization-api-authorization-api" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["1", "0", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-authorization-api" - tag: "2.0.0@sha256:5f194f9385aea5a279e25a57352f7b88a6cc4fa90b3bf04c2c97b9ff2bad70a5" - umsGuardianManagementApi: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://docker.software-univention.de" - # upstreamRepository: "guardian-management-api-management-api" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["1", "0", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-api-management-api" - tag: "2.0.0@sha256:61a1ab84efebe2a87d358e8624f8b39073a6071683e7cd77b740a97d464753a2" - umsGuardianManagementUi: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://docker.software-univention.de" - # upstreamRepository: "guardian-management-ui-management-ui" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["1", "0", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-ui-management-ui" - tag: "2.0.0@sha256:57e2503a4772f0ff656e792a98fadef4d41c248218e6c368f76ce82a892478cf" - umsGuardianProvisioning: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/guardian-init" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "3", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init" - tag: "0.4.0@sha256:390e20ad73a91ae2ecc33d91d1f21872a46e6af4d4d09095d1ce18a6d4a3635e" - umsKeycloak: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://docker.software-univention.de" - # upstreamRepository: "keycloak-keycloak" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+).+$' - # upstreamMirrorStartFrom: ["22", "0", "3"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-keycloak" - tag: "24.0.3-ucs1@sha256:cc66a1730abdd5abe88ac5cf045b6558f289bf1ae8d077ee884a42d785742f8b" - umsKeycloakBootstrap: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/keycloak-bootstrap" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "1", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap" - tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2" - umsKeycloakExtensionHandler: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/keycloak-handler" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "0", "3"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler" - tag: "0.4.0@sha256:7c2728d6fce0fa6e6cc2a3c196294fcb4fcce0dd246b95ad96bd96325776a004" - umsKeycloakExtensionProxy: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/keycloak-proxy" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "0", "3"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy" - tag: "0.4.0@sha256:d7369d8b9cb177fc19b08452266bf7440b683fd0a15c01baeb5c131db20081bf" - umsLdapNotifier: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/ldap-notifier" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "8", "2"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier" - tag: "0.10.3@sha256:beb4577e7fdf1e18d3769e62296f210c0651460346dc2325e6cc29f4c671fa71" - umsLdapServer: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/ldap-server" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "8", "2"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server" - tag: "0.10.3@sha256:7742eca27bf1134cf92e6e3571bc2784e2f21a76664fdcab6ae213051db26c05" - umsNats: - # providerCategory: 'Community' - # providerResponsible: 'Univention' - # upstreamRegistry: 'registry-1.docker.io' - # upstreamRepository: 'library/nats' - registry: "registry-1.docker.io" - repository: "library/nats" - tag: "2.10.10@sha256:fa26beda8a3187ccefa47afcfe9ea6d0e2f40a57c8f64d70bd63c792d7973938" - umsNatsBox: - # providerCategory: 'Community' - # providerResponsible: 'Univention' - # upstreamRegistry: 'registry-1.docker.io' - # upstreamRepository: 'natsio/nats-box' - registry: "registry-1.docker.io" - repository: "natsio/nats-box" - tag: "0.14.2@sha256:c9b8ebaabb2ca4c227feb4f6b856dc72d4775ac3d71f80d2c65aa82303079011" - umsNatsReloader: - # providerCategory: 'Community' - # providerResponsible: 'Univention' - # upstreamRegistry: 'registry-1.docker.io' - # upstreamRepository: 'natsio/nats-server-config-reloader' - registry: "registry-1.docker.io" - repository: "natsio/nats-server-config-reloader" - tag: "0.14.1@sha256:77dd4c60001ffbf442c6b25592e73b4fca06ea9406c677607192788d80453783" - umsNotificationsApi: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/notifications-api" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "9", "4"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api" - tag: "0.20.3@sha256:1e32854d6d4413725870fde26a904da83282b3debea82b386c5753223ecc6a59" - umsOpenPolicyAgent: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://docker.software-univention.de" - # upstreamRepository: "guardian-authorization-api-opa" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["1", "0", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-opa" - tag: "2.0.0@sha256:56a92a08da5addb951a2b2df09974889295ddde8526e93ad40dd973de1052ad4" - umsPortalFrontend: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/portal-frontend" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "9", "4"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend" - tag: "0.20.3@sha256:4fe6646711efcc07eb4b6e59a57f1d5080cca5f4ec2c960d073e92ecae8be42f" - umsPortalListener: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/portal-listener" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "9", "4"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-listener" - tag: "0.20.7@sha256:8f158b88e0ceb7a5c79d2ad390f6ce851ce0c5ccb675d08d6b6c37f0b21f6177" - umsPortalServer: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/portal-server" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "9", "4"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server" - tag: "0.20.3@sha256:0ec3db74ce9b7c8706d1534b6dcb464eb016a5de94c3b5bfc49215ccb606715c" - umsProvisioningDispatcher: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/provisioning-dispatcher" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "14", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" - tag: "0.21.3@sha256:29c5f216ab0f8d12c1e77969de6e82046c0d47e1111838fb0a2dcd9950c0175d" - umsProvisioningEventsAndConsumerApi: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/provisioning-events-and-consumer-api" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "14", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" - tag: "0.21.3@sha256:4cb498a64dd40c0963ca1ca382213ad5b8a4de5eb57650946d78ac44b359f43f" - umsProvisioningPrefill: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/provisioning-prefill" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "14", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" - tag: "0.21.3@sha256:944ff8558d12c59f3490cba68680281c3fa5468fd6fd011fd002befcb9956973" - umsProvisioningUdmListener: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/provisioning-udm-listener" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "14", "0"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" - tag: "0.21.3@sha256:e1cd42558e44bb72ed5c7798cef711db94df7d10d6895c993ca6412df1d25f02" - umsSelfserviceInvitation: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/selfservice-invitation" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "3", "2"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation" - tag: "0.4.0@sha256:bd252758576e1733076c78756f04225ebed73d9c48de22440975ef11dd087caf" - umsSelfserviceListener: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/selfservice-listener" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "3", "2"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener" - tag: "0.4.0@sha256:0bc0235fd64a19a183f112da73109b54712c2d70fe7fa77c6405beefb7167588" - umsStackGateway: - # providerCategory: "Community" - # providerResponsible: "Univention" - # upstreamRegistry: "https://registry-1.docker.io" - # upstreamRepository: "bitnami/nginx" - registry: "registry-1.docker.io" - repository: "bitnami/nginx" - tag: "1.25.4@sha256:dd352b597f4c38ae24abec411710f4249fb5c793293c7ed04737db6b41d32d24" - umsUdmRestApi: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/udm-rest-api" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "9", "3"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api" - tag: "0.9.3@sha256:7cf2fec05a4ff8b7085a35a215edbce1eb9456c1ae140af46257e66d5a6cd6f7" - umsUmcGateway: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/umc-gateway" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "7", "3"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway" - tag: "0.11.6@sha256:5d7c1a9b74409d2d7c42e08ca87b41cda506e43cad49efbc85a4ed6b8e9c6bc8" - umsUmcServer: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/umc-server" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "7", "3"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server" - tag: "0.11.8@sha256:38a87524703a1e11fbb3cd3cc9d90d5b719e92329a0e3ea05c50451105d64ac6" - umsWaitForDependency: - # providerCategory: "Supplier" - # providerResponsible: "Univention" - # upstreamRegistry: "https://artifacts.software-univention.de" - # upstreamRepository: "nubus/images/wait-for-dependency" - # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["0", "9", "4"] - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency" - tag: "0.20.3@sha256:d1ccba5fe7448c2bda71c8a93f265a42a000e8dc79fd884e7e6ecdf29ad80efc" wellKnown: # providerCategory: "Community" # providerResponsible: "Element" diff --git a/helmfile/environments/default/objectstores.yaml b/helmfile/environments/default/objectstores.yaml index 9b0d8ad4..ac98652d 100644 --- a/helmfile/environments/default/objectstores.yaml +++ b/helmfile/environments/default/objectstores.yaml @@ -33,7 +33,7 @@ objectstores: username: "openproject_user" pathStyle: true useIamProfile: false - univentionManagementStack: + nubus: bucket: "ums" endpoint: "" region: "eu-west-1" diff --git a/helmfile/environments/default/opendesk_main.gotmpl b/helmfile/environments/default/opendesk_main.gotmpl index b5de7f29..841fb9ed 100644 --- a/helmfile/environments/default/opendesk_main.gotmpl +++ b/helmfile/environments/default/opendesk_main.gotmpl @@ -6,71 +6,71 @@ --- certificates: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ clamavDistributed: enabled: false - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ clamavSimple: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ collabora: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ cryptpad: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ dovecot: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ element: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ home: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ intercom: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ jitsi: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ mariadb: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ memcached: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ migrations: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ minio: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ nextcloud: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ +nubus: + enabled: true + namespace: ~ openproject: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ oxAppsuite: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ oxConnector: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ postfix: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ postgresql: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ redis: enabled: true - namespace: {{ env "NAMESPACE" | quote }} -univentionManagementStack: - enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ xwiki: enabled: true - namespace: {{ env "NAMESPACE" | quote }} + namespace: ~ ... diff --git a/helmfile/environments/default/persistence.yaml b/helmfile/environments/default/persistence.yaml index 441a4d06..fcf87812 100644 --- a/helmfile/environments/default/persistence.yaml +++ b/helmfile/environments/default/persistence.yaml @@ -16,7 +16,7 @@ persistence: prosody: "1Gi" redis: "1Gi" synapse: "1Gi" - univentionManagementStack: + nubus: ldapServerData: "1Gi" ldapServerShared: "1Gi" portalListener: "1Gi" diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml index 48bb54a7..628f04db 100644 --- a/helmfile/environments/default/resources.yaml +++ b/helmfile/environments/default/resources.yaml @@ -218,6 +218,49 @@ resources: requests: cpu: 0.1 memory: "512Mi" + nubusProvisioning: + nats: + limits: + cpu: 288 + memory: "1Gi" + requests: + cpu: 0.1 + memory: "128Mi" + dispatcher: + limits: + cpu: 1 + memory: "1Gi" + requests: + cpu: 0.1 + memory: "64Mi" + registerConsumers: + limits: + cpu: 1 + memory: "1Gi" + requests: + cpu: 0.1 + memory: "64Mi" + udmTransformer: + limits: + cpu: 1 + memory: "1Gi" + requests: + cpu: 0.1 + memory: "64Mi" + prefill: + limits: + cpu: 1 + memory: "1Gi" + requests: + cpu: 0.1 + memory: "64Mi" + api: + limits: + cpu: 1 + memory: "1Gi" + requests: + cpu: 0.1 + memory: "100Mi" openproject: limits: cpu: 99 diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index a25bb085..657bdf8a 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -19,7 +19,7 @@ secrets: shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }} sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryption_key" | sha1sum | quote }} synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "as_token" | sha1sum | quote }} - univentionManagementStack: + nubus: ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }} ldapSearch: keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }} diff --git a/helmfile/environments/default/theme.gotmpl b/helmfile/environments/default/theme.gotmpl new file mode 100644 index 00000000..68a85692 --- /dev/null +++ b/helmfile/environments/default/theme.gotmpl @@ -0,0 +1,53 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +## The theme properties will be used to set the installations color an images. +## This is currently not supported by most of the components, but we still +## want to collect and provide the related information based on the attributes +## defined in this file. +# +theme: + ## Define texts + # + texts: + productName: "openDesk" + + ## Define colors + # + colors: + # Element, OX AppSuite, Xwiki + primary: "#5e27dd" + # OX AppSuite + primary15: "#e7dffa" + # OX AppSuite + black: "#000000" + # OX AppSuite, Xwiki + white: "#ffffff" + # OX AppSuite, Xwiki + secondaryGreyLight: "#f5f5f5" + + # Not in use yet + primary65: "#9673e9" + primary35: "#c7b3f3" + secondaryBlue: "#52c1ff" + secondaryBlueHighcontrast: "#0c3ff3" + secondaryRed: "#ff529e" + secondaryYellow: "#ffc700" + secondaryGreen: "#00ffcd" + secondaryGrey: "#adb3bc" + + ## Define imagery + # + imagery: + # Xwiki + faviconSvgB64: {{ readFile "./../../files/theme/favicon.svg" | b64enc | quote }} + faviconIcoB64: {{ readFile "./../../files/theme/favicon.ico" | b64enc | quote }} + favicon16PngB64: {{ readFile "./../../files/theme/favicon16.png" | b64enc | quote }} + favicon144PngB64: {{ readFile "./../../files/theme/favicon144.png" | b64enc | quote }} + logoHeaderSvgB64: {{ readFile "./../../files/theme/logoHeader.svg" | b64enc | quote }} + + # Portal + logoPortalBackgroundSvgB64: {{ readFile "./../../files/theme/logoPortalBackground.svg" | b64enc | quote }} + portalCss: {{ readFile "./../../files/theme/portal.css" | b64enc }} + +... diff --git a/helmfile/environments/default/theme.yaml b/helmfile/environments/default/theme.yaml deleted file mode 100644 index 28bbef99..00000000 --- a/helmfile/environments/default/theme.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -# SPDX-License-Identifier: Apache-2.0 ---- -## The theme properties will be used to set the installations color an images. -## This is currently not supported by most of the components, but we still -## want to collect and provide the related information based on the attributes -## defined in this file. -# -theme: - ## Define texts - # - texts: - productName: "openDesk" - - ## Define colors - # - colors: - primary: "#5e27dd" - primary65: "#9673e9" - primary35: "#c7b3f3" - primary15: "#e7dffa" - black: "#000000" - white: "#ffffff" - secondaryBlue: "#52c1ff" - secondaryBlueHighcontrast: "#0c3ff3" - secondaryRed: "#ff529e" - secondaryYellow: "#ffc700" - secondaryGreen: "#00ffcd" - secondaryGrey: "#adb3bc" - secondaryGreyLight: "#f5f5f5" - - ## Define imagery - # - imagery: - # yamllint disable-line rule:line-length rule:quoted-strings - logoHeaderSvg: '' - # yamllint disable-line rule:line-length rule:quoted-strings - logoHeaderSvgWhite: ' ' - # yamllint disable-line rule:line-length rule:quoted-strings - logoPortalBackgroundSvg: '' - # yamllint disable-line rule:line-length rule:quoted-strings - faviconSvg: '' - # yamllint disable-line rule:line-length rule:quoted-strings - favicon16PngB64: 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAXnAAAF5wGk6LX5AAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAkNJREFUOI19k01IVGEUhp/vftf5Qc1G1Aib7EcxUzMJzEWbrCh0I4aLFkGgECEoDLZyFdRKJAkXLWoR7URoUSCokUVQRISIRWSa2aop02ac8c7PvadFM+Oln3lXH9953/f8cI7q7OzEjZ3vRxptUb1K5BSKfQAIKyhmxJA70drBBTdfZQ2CC8Pen9q4CVwGDP4NWylux7UVStUMJckSM+JJ4EoeMYAWoc+f9k0WLN7w5Awi2hgFTuYR/ok2f8o7AqAuHVpqdIS5fJmLAxrTo9gIpxFxtaOdJtMW1auQfGXT1R+g7cIOkpbw4uEm9659x06LdhyjRzeX948A5QCV1R6OnS5Em7D+1c4ZLM8neDIeZXneomsgQGTN5tNCAgXFhgh7AeqO+6k+6uX5gyiBCpPWjiJMj6JvdBfBWg/h1RSvJmN8fpukptmX9a4yAAE42OTl6USUdEp4PR2jrNLEMKDlXCHlQTNXjTJwz0EMpfgCvz+1qbaJ20+KA5rd+wto7Siiqs7L4hsrG1o1RZgGDr98tMn5gQBL8wkqqz3MzcZyBt2hUrpDpSS2hNnxCM8mopksTKmLdR8blKPmAK0MKCnTRNccbFtQCsr2FACQshw2vm0PFrBt2zmiD5xYDfvWzlYALQhYMXH3SDziEI84WHFxixHU2Gb94H0DIK6tEPD4P2vwNxQz/qIfg5DZvlTNUHLLtNoRGQPsPFJbULd8hevt4eD1FLiuMYuSD8P1jmP0KOEMZM4ZVlBM2Wnnbqzh6js3/xfTON0VIOhDOwAAAABJRU5ErkJggg==' - # yamllint disable-line rule:line-length rule:quoted-strings - favicon144PngB64: 'iVBORw0KGgoAAAANSUhEUgAAAJAAAACQCAYAAADnRuK4AAAACXBIWXMAADUmAAA1JgEgtd4lAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAFytJREFUeJztnXl8VOXVx3/n3pnJTLbJRkIQMKh5ScLmglRBEKkfl9YKgrRSX321m1q0kK2oqNVWRAmJqLQq9S1u6FtA9HUBFxBEENBSREISJAoEEcmemSSTycy9p3+EQCbrLPfOnRnu9/PJ55O5y/OcTH73uc9yznloxowZOJNILC0a5BLELAIyiOQMgDIIGMRAMk7/iABMAGJO3tYCoB2ABKAOQB0BdQzUAHyYWThM4EOiLB9oGF1YE/y/SjsMWhugJpbKkjSxXb5UIGEiwOMAjJVEDBbAJ68gADj1qR9icFpMKZ73EIg6PkmigPjy4uMA9jHwJTPvIAmf2ccUVCvzF4UeFEktUFL543FuNlzJEK4h4isAZGpt00m+BrBZZn7fRO5N9dn32rU2SCnCXkCJpUWDJAPNBNNsAFMAGLW2aQDaQdhK4DXtsrTOkbOgVmuDAiEsBTSstCjKZhBmMuM2ANMQvq9iN8CbmPFigsxvHh1d6NTaIF8JKwElHCjOlBh3EdOtACdrbY/C1ILwsizys82ZBZVaG+MtYSEga8XSi5gxD6BfomOEFMnIYKwH8JQtJ3+j1sYMREgLKL586RUA/QXAJK1t0QICPpVJeNCelfuJ1rb0RUgKKOHAk5fIsvwYgCu0tiVE2MSysNA+KneX1oZ0J6QEFF/2xFkgcTFA/43OSRqdTpiAtS6BCltH5h3R2phOxKysLK1tQOrRB4zC9zPuIxJWAzQeunh6gwCMEhi/jaq5Wra2TdjVYt0qa22UoLUBCfufPN/ZnLiTwI8CiNbanjAgBoTFbc2Ju+PLSiZobYxmrzDjwUUmi9vyKMB5iPyRlVpIAJY6DG0PuTIXtmthgCYtUELZk1nRbvMOgAuhiycQRAALLG7zvxIqisdoYUDQBWQtL75dJnk3AxcGu+4IZozM2GEtW3prsCsO2hLAsNKiqEZRXMLgPwSrzjOMGCZ6Ka6sZFKb0XFPsF5pQWmBLJUlaU0CbSFdPKpDxL+zuM2b4/YtTQ1GfaoLKKa0KMfo4p0gukTtunROMZEMtDNu/7JstStSVUAJFUVTRVHYDiBDzXp0emUECdJ26/6SKWpWopqA4suWXiuzsB5Aglp16AxIIgv8YXx50XS1KlBFQHEVJT8D0ZsALGqUr+MTUYCwOr685EY1CldcQNaK4lnEvA5AlNJl6/iNCeDX4yqKZypdsKICslaUXMWMVQhfD8FIxkCM1637i3+qZKGKCSihomgqM/8/9JYnlDGxgDWxZSWTlSpQEQHF7V+WLbOwDoBZifJ0VMUiEL8VW14yUonCAhaQpeyJFCLpbQCJCtijExySBPAGS2VJWqAFBSQg48FFJiPEd0A4L1BDdILOCKOL1xkPLjIFUkhAArK4zU/rM8xhzcRoyVwSSAF+C8haXnw7gDsCqVxHe5gxN66s5BZ/7/dLQHH7l2UzsNzfSnVCCyJ+1t9Otc8CSj36gBGC9BJ099NIIkYEv+ZPf8hnAbU1Jy0i4GJf79MJbRi40CKZH/H1Pp8ElFBWfPFJH2adSIRRaK1YepEvt3gtoMbGeQZZoOeh+zBHMiIz/SP16ANeZzjxWkDDjp+9AMwX+GeXThgx1tGckOvtxV4JKKa0aCiB7/PfJp1wgkAPJpU/PcSba70SkCgIS3A6xZtO5BPrZvdj3lw4oIDiK4ouBeGmwG3SCSuIb4krLx4/0GUDt0AsLIIeq34mIhCwaMCL+jsZV750GvQUK2cyV8VVPHl5fxf0KyAC+TyxpBNhMD/c3+k+BXTSa+0ype3RCS8IPDW+oujSvs73KSCBkK+OSTphBwt9rj70mt4l4UBxpiyjAiGQPyjciEsUMTy7/zVJZyvD7WK4nIx2J8NW64bT4UW+fO2QZANn9ZY9ttfoCYlxF+ni8YtzxkUh77nBPt/ndDDqj7vRWOPG99+4cPRAO44eaMd3X7ejrVXzRGSi4MYdAAq7n+jRAnUkfjJ/B2BQkIyLKMZNjfZLQH0hSYzKPU6Ubndg37ZWHC51grVprGqtkjy0ezL0Hi1QtGSexbp4QgZRJIwcb8bI8WbMmpeIE0dc+GStHVvX2mFvkIJpSkqjKF4PYE3Xgz1eUye3D9AJUdLONuLn+Uko2Twcv7w3GTHxwetpEPj27sc8areUPZGCjr0ndEIck5lw9W1WLN4wDBdMC5pz6JXxFYs9tpjwEJCBDDdCD0sOK6zJIub/bTBuuCcoYXlGyFE3dD3gISACVMngoKM+M+Ym4jeLB0EUVV62JJ7d9eMpASWVPx4HQLGYaZ3gM/mGONxZnApSV0NTjQcXxXZ+OCUgNxuuRMc+oTphzIRrYjBjrqqvM5NZspxaYD/9ChNwrZq16gSP6XMTMeEa9fz/iPmazt9Pd5iZ9NGXAkguRout/5ljS4wAQcXQBCLg14sG4Zu9TtQdd6tRxSmt0IwZM2CpLEkzuvgHNWrS6R1B7BCS0UwwRglITBWRcpYB6eeYcM6YKGReaEaUJbDOzO6NLXj67hMKWewBi5Kc1jC6sMYAAAY3n5EbummJLKGjpbIBgISaoy58vfv0eXO0gAnXxmDG3YlITvdvZuWiK2OQeYEZB/e0KWJzF0gWxUsBvC0AALGeYSPUaGuVsfUNO+6/7jtse8v/XcJ/doc6SXIZPBE42Ykm5vNVqUUnYNpaZLxwXw0+eqXJr/vHTon2uwUbqGjgdCd6rBo1+AIJwIjRUcjIicLZOSakDDUi1irAEitAEIAWu4y2Zhn1P0ioKnfiSHk7Du5pg8sZ0n40isAMrFpch/RzTRg90bfMySQAk6bH4u3nGpU2aywA0O3nHRwkiUK10qV7y7CRJkyZFYcJ18QiIdW3oYmjWca/N7Xis7ftKN3uUMnC0CFhkIjH1w+DJc63BdRD+5x4ePYx5Q2i9hSDTGI2EPynOH2EETP/kISLr4nxe+bUEitg0vRYTJoei4N72vDGsgaU74pcITXWSPjg5SafJwozRkUhPlmErU5p9w/DfwkgOUPhUvtFFAnX35WIRe8MxYRr+xaP28Ww1Uk4UeXC8W9daKyR0N7Wt9AzLzDj3pfScceSVEQH0cUh2Hz4UlO/30NvkNDx/SgNQcgwyKCMYEUNJqSKmLd8MM4Z2zOVtNvFKN3uwO6PWnB4vxPHKl2Q3J5fFBGQOsyIjNFRGHd5NC66MhrmGE+xTLw+FlkTzFg+7wS+2evhPBcRtNhklO9yYNzlvrlwjBgThd0bWxS1hUEjDAJheDBeYGnDjSj8RzoGDfUcEbhdjE2rbHhnRSPs9f03sczAiSoXTlS5sGt9M0xmwo/nxOO6OxIQm3C6/5Q02IA/rkzHM3efQOlnkfdK+2prq88CGjZSjWVOOUNgRsC5ggciKd2A+1cN6SGew2VO3H/dd3jt8boBxdMb7W2MDSubUHjVUXz+vufTZY4WkPvcYGRdHHm5zw/u8b1lTRvudcof72Eh1QBwipqh7yYzYd7yNCQM8hxhbXvLjpUP1cLdHnj712qT8df5J1B5mxVzFiSf6lcZTIS5y9LwpxuPod6PNaGxU6Ixa55vHdZP19mxcZXN57p84cQRl8/3dH94lYFTDCBKHvhC/5lzbzIyRnn2eT5ZY8fKP9WAFY5W+eDFJjhbGbc9knJKRPHJIn5fnIpFN3/vczRDbILQw/aBCMZ0QluLDFudhPhk76c9DCaCyUw+d8AHIFkAYFWyxK6MGB2FK34e73GsfJcDLz6svHg62bLahvUveE6aZV5oxsTpcepUqBH1P/jeolpiFB+dJghQcXedWx9KAXWx2d4g4dm8asgqR6O8sawBlV96LiD+oiAJJnPkZKnxJ5I1SnkBRQlQyQsx+0eWHsP1t5Y3oEnxyayeSBLj5T/XebRy1hQRk2dGTivU7vC9CbfEhpGArrrV89VVe8yNzf/0f1XZV46UOfHFh54js6tvs6rqyBVMnH70ZcwxirfAUapM2cbECxg31XOe4uP/s/WYGFSbTa95jobShhtVmZHVAn+Wf5wtyn//AoB2pQsdOyXaI7yEGdgegE+Lvxz4woGao55D3gt/HBm5QqOifX/2Hc2Kj1ycqghozGWeLgdHyp1orAlqHDeADuHu3eo5rB47JTK2+PDH3bWtRR0BKb5gNCzLs/Ncvktxl0qvKd/pKaDBGcaIGI2Z/WiBVEgT4xQAKOppJBoIQ87xnDY/9rXijZzXfHfQs25BBM46L/zD31LO8m1mWZag9CQiAG4QANQqWWR8sgiDyfMJP37I96l3pag+6oIkeX5xyUPCO/w/Pln0eUjeYpMUzytEoFqBgDolC7XE9nw9tNiC3//pRJaAtm6jj2gfPfpCjcEZvi+MVlepEh9WJwBQ1J21u38O0JETUEu6dx57szGc8MfDoLpK+bcAE9cIMqNKyUJ7c3IXNX5jGLu9UpXvCwSXMZN9H0keKVPDuU44LAB0SMkiHfaePX0VptB9onv9Kgxng0bSYAPOPd/35ctDpcoLiMCHBAIrKiB7Q8/OmkpxSV5hTRFhjPJsgZpqteuTBcq1v7L6nAPI5WR8u095ATHkw4IL7golC3U6GLXHPDtsQzQcNp+V2bPu7kP7cCF1uBFTu7nHeEPFF22qvLaNovmA4MhZUAvguJIFf9dt3uc8P5pcpThvnGfdTbWSX+6zWiMaCL8vTvVrEnT3R8o605/kaF3mPfUnOwf8lZIlV3zhOfubc4kFokGb2d/uHc79YehkLxoIdxWnYsQY3x9El5Px+YZmFazCPuBkbDyD9ipZ8p5NrR6fzTGCz1EESpA02IDzzvcc8u75WJWnUTWS0g3IXzEYF1/t3yLwzveaB8xX5BeEr4BOATHvULLsE1UuVJV7vsam3RR8Z64pN8Z5+P+0tcj4amt4tECpw42YnZeExe8OxSgf4+E7kSXgvb8rHhMPAGDQZ8DJ5AoSpG0CDAwFwzM2rmrCrx49nfB+9GXRGDEmCodUGA30hjlGwLQ5nh3OLavtqu87ER0vYNCw/meKjSbAZBYQHSfAGEWIshDik0WkDDUibbgBw7OjkKLAcssna21qLSOxW3btAE4KyJGzoNZYXlwJIFOpGna824zZeUmIS+poAoiAOQuSsfgW36Mj/GHG3ERYu0QtSBLjo1f9S5HiC9Nuise0m3wfKSlNU62ENSX1qpRNhHJH9oJaoEuSTWbarGQl7W2MtcsaPI6NHG/GNberFgRyiqyLzbjqfzz/iRtfsfWYXohUJDfjr7kn0NKkWmt7SiunBQR5g9K1fLLW1iO92uz8JL/f6d6QcpYBv38yzWOyrbFawpvLG/q5K7J4+c+1OPCFej5YDLzf+fspATmNzo1Q2LmMZeDvC2o8ngRRJMz/22BVRDRomBH3vTIE1hTPV9eKe6vVcOcMSd55vhFbVqvqPux0iG1bOj+cEpArc2EzCJ8qXduJKheWzz/h4ZNjMhPy/z4YP/1tgmJZ1bN/ZMGDrw/p0fn855L6sJz78RVm4J9L67H2SXX6PV1q2uLKXHhqYqnbXhm8pucNgVO2w4HnC2vgdp0WkSgSfp6fhLznBwfkIWhNFnHrQylYsDLdo+UBgLefbcAHL6nfcdYal5PxXEF1j4hcdaDVXT95PK7tsrTOSIa/dj+uBLvWN6PVLuPup1I9/HnHTonGqEkWfL6hBdvfsmP/DodXkasjxkRh0vWxmDwrrod/MMvA60vq8MGLkS+eA/9qw8qHanD826B4fbqMBtNbXQ/02PIyvnzp+wBdrZYFaWcbcWdRaq9JpoCOBEqHSp04XOqErV5Cq02GLDGi40TEJggYnm3CiNFRSEzrXeP1P7ixYkGNIqnuJl4fizuWpAZcjhrUH3dj3TMN2PamPXhbYBLes2XlX9f1UI//AjNeJIJqAjpxxIVH53yPq2+34qe/sXokhgI6ghJHT7T4nI3U7WJ8ssaON56qV3P4qjmH9zvx4Ss27Hy3OeiBmmB6sfuhHgJqMzrXWdzmGqi4b6okMda/0IiPX7fhypvjMXlmnF9+vgDQ3Chh53st2PC/jaj9PvLmedpaZXzzpRNfbmnFvze1aDmXVWuVpHe6Zz7qISBX5sJ2c0Xxq8TIVduithYZ765oxLsrGnF2ThQumBbdkSc624SkPpzQWm0yqio68kTv2+ZA2Q5H8J9EhXE5GY01Ehqr3WiolvB9ZceW31UH2lFz1KXVLs3doJXdd2wGeukDAUBS2ZJz3CR+DUCzVAQGEyE6rmO9SDQQWu0yHM1yUN1RY6wCBg1VPjVcq10GM9DWLMPt4nCYo5JIkkc2jS78pvuJXgUEAPEVxevAuKHXkzpnGLzall3wi97O9OntTszF6hmkE04Igvhkn+f6OtGUXbCdoPzMtE7Y8XHjyNydfZ3sN96GGfcrb49OOEEyPdLf+X4FZMvJ3wZgk6IW6YQTG5pG5W3t74IBI/5YFhZCi91YdLRGlgX5gYEuGlBA9lG5uwB+VRmbdMIFAlY2jyz890DXeRdzzNJ9AFSJDdEJSeySID7ozYVeCciWs+AYGIsCs0knXGCiR5pHzvcq2NTrrAdVQ6qWgmiP/2bphAl7LTH1T3t7sdcCSkh4yi1I9CsAkbdiqdOJm4h/XT3sUa+di3zKu9I4KvdLAPoMdYRC4Ceasgp2D3zlaXxO3GOObXgQwOe+3qcT8uxuNTj/7OtNPguoetijLtnAN0MflUUSLTLoZlfmQp/z3viVOqw5s6CSmOf6c69OCEL4XXN23gF/bvU791xTTsHLAP7m7/06IcNTtqz81/y9OaDkhQ5DWy6AzwIpQ0dTtpljGwoDKSAgAbkyF7a72D0djMpAytHRhEPs5lm+DNl7I+D0qY6cBbUChJ8BOHOCz8Ofehl0rX1MQcA5whXJv9uYk1tBMs0AEPkxxOFPK4Gv97fT3B3FEjg3jcrbKgs0HSrs/qOjGO3MmN2UXbBdqQIVzQDePDLvIyb8EvpyRyjiBvNN9pz89UoWqngKeXtW/jommglAu03CdLrTToSbbDkFbypdsCp7ENiz8t4B+CfQZ6tDgVYm4fqmrPw31ChctU0sbNkFm2WmnwBQO2GNTp9QHYGvsmflfqBWDarugtKck/epbOAfAfhazXp0esKgbwWmy5TsMPeG6tvoNGcWVLKbJwNQ9Q/R8WCbQZIuaczJVXQflN4Iyj5M9jEF1VXpVVMBPBGM+s5kmGmFw9D244bRhTXBqK/P2Hi1iCsruYWInwUQGRu4hw7NBNzZlJ2/KpiVBn0nOHtO3isMcQz0RVjFYOALEC4KtngADQQEAPbs+YfMsQ1TQXgc+qRjILjB/JgltmGSLStfk4FK0F9h3YktKxknEL8AYLymhoQfewXGbxtz8r/Q0gjNty9uzsnbW5VedSmDF0CfePQGOxMVVKVXjddaPEAItEBdiT2wLJ0k+WEi/jU0zI4WojDArwoG8Y+Nmbk/aG1MJyEloE7iyovHE7AIwFVa2xIKMOh9FqSF3sSqB5uQFFAn8WXFlzHRXwg8VWtbNOJjmfjB5qyCkB2xhrSAOok9UHShINN8gOZAhSz6IYYMxnoI8mO2rEJFd5JUg7AQUCfW0qJzIdBdTHQrVMxjrRHVAL9sYPnZ+pw/fqu1Md4SVgLqxHhwkcnstkwn8O0ArgSgfC7e4NAOwkdgetFhcLztT2Cf1oSlgLqSfPCZJJfLNRPEswFcDkC7Teq9wwnwFoawxmQwvlmXeU9Yu7uEvYC6EvftczFob51GzNcCuALASCi4kbCfMMAVAG0GYQObYjbbz7kzvPYe74eIElB3LGVPpJjIOJGJL2Wm8wk8BsBZKlf7HYB9IOwlph1Mzu22rPvqVK5TMyJaQL2RfPCZJKfkzBJAGcw0gkg+GyykApwCIPnkjwEd/arYk7fZ0bFm5wK4DqCOH5KrAeEwwIcB+ZDbaKpoPXfeGRUf9x9goPPAEMscLQAAAABJRU5ErkJggg==' - # yamllint disable-line rule:line-length - faviconIco: "AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAABAAABILAAASCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN0nXgDdJ14A3SdeAN0nXgDdJ14E3SdeL90nXnPdJ16z3Sde3t0nXvXdJ17/3Sde/t0nXvTdJ17c3Sder90nXm7dJ14r3SdeA90nXgDdJ14A3SdeAN0nXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJ14A3SdeAN0nXgDdJ14D3SdePd0nXp7dJ17j3Sde/d0nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/N0nXuDdJ16a3SdeOd0nXgLdJ14A3SdeAN0nXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3SdeAN0nXgDdJ14A3SdeH90nXpPdJ17u3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17r3Sdei90nXhrdJ14A3SdeAN0nXgAAAAAAAAAAAAAAAAAAAAAAAAAAAN0nXgDdJ14A3SdeAN0nXj3dJ17K3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sdew90nXjbdJ14A3SdeAN0nXgAAAAAAAAAAAAAAAADdJ14A3SdeAN0nXgDdJ15M3Sde4N0nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde2t0nXkHdJ14A3SdeAN0nXgAAAAAA3SdeAN0nXgDdJ14A3SdePt0nXuHdJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde2t0nXjXdJ14A3SdeAN0nXgDdJ14A3SdeAN0nXiDdJ17M3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sdewt0nXhndJ14A3SdeAN0nXgDdJ14E3Sdelt0nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sdeid0nXgLdJ14A3SdeAN0nXkDdJ17v3Sde/90nXv/dJ17/3Sde/90lXf/cJFv/3CNb/90lXP/dJ17/3Sde/90nXv/dJ17/3SZd/9wkXP/cI1v/3CNb/9wjW//cI1v/3CRb/90kXP/dJl3/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17q3SdeNt0nXgDdJ14F3Sdeo90nXv/dJ17/3Sde/90mXf/dKF//4kd2/+dnjv/oa5H/5FJ+/94tY//dJV3/3Sde/90mXf/fNGj/52aN/+hrkP/oapD/6GqQ/+hqkP/nZo3/5FWA/+A8bv/dKF//3SVd/90nXv/dJ17/3Sde/90nXv/dJ16W3SdeAt0nXjPdJ17m3Sde/90nXv/dJl3/3zNn/+6Trv/1v9D/8aO6//Cet//0ucv/8qzB/+JEdP/dJV3/3SRc/+RQff/87fL///z9//78/P/+/P3///z9//76/P/98/b/+t3m//Ciuv/iRnX/3SVd/90nXv/dJ17/3Sde/90nXt7dJ14p3Sdeet0nXv7dJ17/3Sde/90pX//vl7H/87TH/+FCcv/dJl7/3SVd/980aP/uk6//9LnL/982af/cI1v/5FF9//3x9f////////7////8/f/+/Pz///39//////////////////jS3v/jS3n/3SVd/90nXv/dJ17/3Sde+90nXmvdJ1663Sde/90nXv/dJVz/4016//fN2v/iSHf/3CRc/90nXv/dJ17/3SVd/94vZP/0u8z/6neZ/9whWv/kUX3//fH0///////52uP/6XCV/+hqkP/obpP/7Iim//jU3/////////////Ozxv/eLWL/3Sde/90nXv/dJ17/3Sdeq90nXuTdJ17/3Sde/9wjW//qd5r/87TH/90pX//dJ17/3Sde/90nXv/dJ17/3CNb/+yHpf/xp77/3CRc/+RRff/98fT///////bI1v/eLGL/3CNb/9wjW//cIlv/4097//vj6v///////O3y/+NNe//dJVz/3Sde/90nXv/dJ17X3Sde+t0nXv/dJ17/3CNb/+uCov/yqr//3SZd/90nXv/dJ17/3Sde/90nXv/cI1v/6nmb//Oxxf/dJl3/5FF9//3x9P//////9snX/94vZP/dJl7/3Sde/90nXv/dJ17/8q/D/////////P3/6G6T/9wjW//dJ17/3Sde/90nXvDdJ17/3Sde/90nXv/cJFz/52mP//XB0P/eL2T/3SZd/90nXv/dJ17/3Sde/90kXP/vmbP/75mz/9wiWv/kUX3//fH0///////2ydf/3i9k/90mXv/dJ17/3Sde/90kXP/vmLL////////////rfp//3CNb/90nXv/dJ17/3Sde/N0nXv/dJ17/3Sde/90mXf/gOmz/9sfV/+huk//cI1v/3SVc/90lXf/cI1v/4kl3//fL2P/lWYP/3CJa/+RRff/97/P///////bI1v/eL2T/3SZe/90nXv/dJ17/3SRc/++Ysv///////////+t+n//cI1v/3Sde/90nXv/dJ1783Sde+90nXv/dJ17/3Sde/90lXf/nZ43/98rX/+t/oP/iSXf/4kR0/+hqkP/1wdH/7Yyp/90pX//dJl3/3zVp/+hskv/pc5b/5l+I/90qYP/dJ17/3Sde/90nXv/dJ17/8q/D/////////P3/6G6T/9wjW//dJ17/3Sde/90nXvDdJ17l3Sde/90nXv/dJ17/3Sde/90mXv/kVYD/8aO7//S5y//0ucv/8q/D/+hskv/eK2H/3SZd/90nXv/dJl3/3CRb/9wjW//cI1v/3CRb/9wkW//cI1v/3CJb/+NPfP/75Ov///////zt8v/jTnv/3SVc/90nXv/dJ17/3Sde2N0nXrrdJ17/3Sde/90nXv/dJ17/3Sde/90lXP/dKF//3zNn/981af/eK2H/3SRc/90nXv/dJ17/3Sde/90nXv/dJ17/3SZd/982af/mYYr/52SL/+dpj//shaT/+NTf////////////87TH/94tYv/dJ17/3Sde/90nXv/dJ16s3Sdee90nXv7dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJl3/3SZd/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJFz/5VyF//3x9f/++vv//vv8//////////////////jT3v/jS3n/3SVd/90nXv/dJ17/3Sde/N0nXmzdJ1403Sde5t0nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90kXP/lXIb//fT3///8/f/++/z//fP2//rd5v/xo7v/4kd2/90lXf/dJ17/3Sde/90nXv/dJ17f3SdeKt0nXgbdJ16l3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3SZd/+A4a//naI7/6GuQ/+dmjf/kVYD/4Dxu/90oX//dJV3/3Sde/90nXv/dJ17/3Sde/90nXpjdJ14C3SdeAN0nXkPdJ17x3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3SZd/9wkW//cI1v/3CRb/90kXP/dJl3/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17r3SdeON0nXgDdJ14A3SdeBN0nXpjdJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXovdJ14C3SdeAN0nXgDdJ14A3SdeId0nXs3dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17E3SdeGt0nXgDdJ14A3SdeAN0nXgDdJ14A3SdeQN0nXuLdJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde290nXjfdJ14A3SdeAN0nXgAAAAAA3SdeAN0nXgDdJ14A3SdeTd0nXuLdJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXtzdJ15E3SdeAN0nXgDdJ14AAAAAAAAAAAAAAAAA3SdeAN0nXgDdJ14A3SdeQN0nXs3dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17G3SdeON0nXgDdJ14A3SdeAAAAAAAAAAAAAAAAAAAAAAAAAAAA3SdeAN0nXgDdJ14A3SdeId0nXpbdJ17v3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17t3Sdejt0nXhzdJ14A3SdeAN0nXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3SdeAN0nXgDdJ14A3SdeBN0nXkDdJ16i3Sde5d0nXv3dJ17/3Sde/90nXv/dJ17/3Sde/90nXv/dJ17/3Sde/90nXv3dJ17i3Sdend0nXjvdJ14C3SdeAN0nXgDdJ14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3SdeAN0nXgDdJ14A3SdeAN0nXgXdJ14y3Sded90nXrfdJ17h3Sde+N0nXv/dJ17/3Sde990nXt/dJ16z3Sdec90nXi7dJ14D3SdeAN0nXgDdJ14A3SdeAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAH/AAAA/gAAAHwAAAA4AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAcAAAAPgAAAH8AAAD/gAAB8=" - -... diff --git a/helmfile/environments/test/values.yaml.gotmpl b/helmfile/environments/test/values.yaml.gotmpl index bd1f8c97..0c2bec83 100644 --- a/helmfile/environments/test/values.yaml.gotmpl +++ b/helmfile/environments/test/values.yaml.gotmpl @@ -18,16 +18,16 @@ persistence: mariadb: "42Gi" matrixNeoDateFixBot: "42Gi" minio: "42Gi" + nubus: + ldapServerData: "42Gi" + ldapServerShared: "42Gi" + portalListener: "42Gi" + selfserviceListener: "42Gi" postfix: "42Gi" postgresql: "42Gi" prosody: "42Gi" redis: "42Gi" synapse: "42Gi" - univentionManagementStack: - ldapServerData: "42Gi" - ldapServerShared: "42Gi" - portalListener: "42Gi" - selfserviceListener: "42Gi" xwiki: "42Gi" ingress: ingressClassName: "kyverno" diff --git a/helmfile/files/theme/favicon.ico b/helmfile/files/theme/favicon.ico new file mode 100644 index 00000000..76f16456 Binary files /dev/null and b/helmfile/files/theme/favicon.ico differ diff --git a/helmfile/files/theme/favicon.svg b/helmfile/files/theme/favicon.svg new file mode 100644 index 00000000..4aa3e474 --- /dev/null +++ b/helmfile/files/theme/favicon.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/helmfile/files/theme/favicon144.png b/helmfile/files/theme/favicon144.png new file mode 100644 index 00000000..b0d0e47b Binary files /dev/null and b/helmfile/files/theme/favicon144.png differ diff --git a/helmfile/files/theme/favicon16.png b/helmfile/files/theme/favicon16.png new file mode 100644 index 00000000..f8186196 Binary files /dev/null and b/helmfile/files/theme/favicon16.png differ diff --git a/helmfile/files/theme/logoHeader.svg b/helmfile/files/theme/logoHeader.svg new file mode 100644 index 00000000..0c0243d9 --- /dev/null +++ b/helmfile/files/theme/logoHeader.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/helmfile/files/theme/logoPortalBackground.svg b/helmfile/files/theme/logoPortalBackground.svg new file mode 100644 index 00000000..b776dffa --- /dev/null +++ b/helmfile/files/theme/logoPortalBackground.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/helmfile/files/theme/portal.css b/helmfile/files/theme/portal.css new file mode 100644 index 00000000..1a715151 --- /dev/null +++ b/helmfile/files/theme/portal.css @@ -0,0 +1,429 @@ +/** + * SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" + * SPDX-License-Identifier: Apache-2.0 + */ + +:root { + /* used to accent some elements: checkbox/radiobox, checked toggle buttons/checked input fields */ + --color-accent: #5e27dd; + --color-opendesk-secondary: #f5f5f5; + --color-opendesk-secondary-dark: #c7b3f3; + --color-opendesk-white: #ffffff; + --color-opendesk-black: #000000; + --bgc-announcements-info: #adb3bc; + --bgc-announcements-warn: #ffc700; + --bgc-announcements-success: #00ffcd; + --bgc-announcements-danger: #ff529e; + --bgc-content-body: var(--color-opendesk-secondary); + --bgc-content-container: var(--color-opendesk-white); + --bgc-content-header: var(--bgc-content-container); + --bgc-inputfield-on-container: var(--color-opendesk-white); + --bgc-inputborder-on-container: var( --color-opendesk-secondary); + --bgc-inputfield-on-body: var(--bgc-content-container); + --bgc-checkbox-hover: rgba(255,255,255,0.06); + --bgc-checkbox-focus: rgba(255,255,255,0.12); + --bgc-loading-circle: var(--font-color-contrast-middle); + --bgc-user-menu-item-hover: rgba(255,255,255,0.1); + --bgc-user-menu-item-active: rgba(255,255,255,0.2); + --bgc-header-number-circle: var(--color-accent); + --bgc-tab-separator: var( --color-opendesk-secondary); + --bgc-popup: #d0d0d0; + --bgc-popup-item-hover: rgba(0,0,0,0.15); + --bgc-popup-item-active: rgba(0,0,0,0.3); + --bgc-popup-item-selected: rgba(0,0,0,0.3); + --bgc-grid-row-hover: rgba(255,255,255,0.04); + --bgc-grid-row-selected: var(--bgc-grid-row-hover); + --bgc-tree-row-hover: var(--bgc-grid-row-hover); + --bgc-tree-row-selected: rgba(255,255,255,0.15); + --bgc-apptile-default: var(--color-opendesk-white); + --bgc-appcenter-app-hover: rgba(255,255,255,0.08); + --bgc-appcenter-app-active: rgba(255,255,255,0.12); + --bgc-progressbar-empty: #bdbdbb; + --bgc-progressbar-progress: var(--bgc-success); + --bgc-titlepane-hover: rgba(255,255,255,0.04); + --bgc-underlay: rgb(221 221 221 / 80%); + --bgc-checkerboard: repeating-conic-gradient(var(--bgc-inputfield-on-container) 0% 25%, transparent 0% 50%) 50%/20px 20px; + --bgc-error: #ff529e; + --bgc-warning: #ffc700; + --bgc-success: #00ffcd; + --font-size-1: 1.5rem; + --font-size-2: 1.25rem; + --font-size-3: 1rem; + --font-size-4: 0.875rem; + --font-size-5: 0.75rem; + --font-size-html: 1rem; + --font-size-body: var(--font-size-4); + --font-lineheight-normal: 1.5; + --font-lineheight-compact: 1.25; + --font-lineheight-header: 1.3; + --font-weight-bold: 600; + --font-color-contrast-high: #000; + --font-color-contrast-middle: #606060; + --font-color-contrast-low: #868681; + --font-color-error: #b82323; + --font-color-error-light: #EABFBF; + --font-color-warning: #ff8c00; + --font-color-warning-light: #ffeeca; + --font-color-success: #92d625; + --font-color-success-light: #ebffca; + --button-primary-bgc: #5e27dd; + --button-primary-bgc-hover: #1b1d18; + --button-primary-bgc-active: rgba(79,114,24,1); + --button-primary-bgc-disabled: #5f5f5c; + --button-bgc: var(--color-opendesk-secondary); + --button-bgc-hover: #575755; + --button-bgc-active: rgba(80,80,77,1); + --button-bgc-disabled: #5f5f5c; + --button-text-bgc: transparent; + --button-text-bgc-hover: var(--button-bgc-hover); + --button-text-bgc-active: var(--button-bgc-active); + --button-text-bgc-disabled: transparent; + --button-icon-bgc: transparent; + --button-icon-bgc-hover: var(--button-bgc-hover); + --button-icon-bgc-active: var(--button-bgc-active); + --button-icon-bgc-disabled: transparent; + --button-icon-highlighted-bgc: var(--bgc-inputfield-on-body); + --button-icon-highlighted-bgc-hover: var(--button-bgc-hover); + --button-icon-highlighted-bgc-active: var(--button-bgc-active); + --button-icon-highlighted-bgc-disabled: transparent; + --color-focus: var(--font-color-contrast-high); + --popup-border: 1px solid #bdbdbb; + --box-shadow: 0 1px 6px rgb(1 0 0 / 12%), 0 1px 4px rgb(0 1 0 / 12%); + --serveroverview-tile-hover-bgc: #00acb6; + --serveroverview-tile-hover-color: #1e1e1d; + --portal-tab-background: var(--color-accent); + --select-arrow: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAXCAYAAADgKtSgAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAABkSURBVHgB7Y3BCQAhDAS3BEtICVeCJdi5JVwpGsGHiGLECD4ysL9lBjCMpwk8En6p/kV4XuL9WAeo/sr/gwDHi4JAK47YYBXoxQ6bzALH4lnAa4lHgaQpHgVUxW0g4ILYMC6TAZ0BJA3bxN3RAAAAAElFTkSuQmCC'); + --layout-height-header: 63px; + /* Keycloak user screens logo */ + --login-logo: url("data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIGlkPSJhIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjEuMTQ4IDEuMjQ1IDkyLjYgMTcuMzg2IiB3aWR0aD0iOTIuNiIgaGVpZ2h0PSIxNy4zODYiPjxwb2x5Z29uIHBvaW50cz0iOTMuNzQ4IDUuNTczIDg5LjgzNSA1LjU3MyA4Ni4yNDQgOS4yMjEgODYuMjQ0IDEuMjQ1IDgzLjAxMyAxLjI0NSA4My4wMTMgMTUuMTM3IDg2LjI0NCAxNS4xMzcgODYuMjQ0IDExLjE4NyA4OS44MzUgMTUuMTM3IDkzLjc0OCAxNS4xMzcgODkuMTM2IDEwLjIyMyA5My43NDggNS41NzMiPjwvcG9seWdvbj48cGF0aCBkPSJNIDMxLjU4MyA2LjIxMSBDIDMwLjkzMyA1Ljg1MSAzMC4xNzMgNS42NzEgMjkuMzAzIDUuNjcxIEMgMjguNDQzIDUuNjcxIDI3LjcxMyA1Ljg1MSAyNy4wNTMgNi4yMzEgQyAyNi40MDMgNi42MDEgMjUuOTEzIDcuMTMxIDI1LjU2MyA3LjgzMSBDIDI1LjIyMyA4LjU0MSAyNS4wNDMgOS4zODEgMjUuMDQzIDEwLjM4MSBDIDI1LjA0MyAxMS4zMTEgMjUuMjAzIDEyLjE1MSAyNS41MjMgMTIuOTAxIEMgMjUuODUzIDEzLjY3MSAyNi4zNDMgMTQuMjcxIDI3LjAwMyAxNC43MjEgQyAyNy42ODMgMTUuMTUxIDI4LjUwMyAxNS4zODEgMjkuNDgzIDE1LjM4MSBDIDMwLjc0MyAxNS4zODEgMzEuNjgzIDE1LjA2MSAzMi4zMzMgMTQuNDAxIEMgMzIuODQzIDEzLjg3MSAzMy4yMzMgMTMuMjQxIDMzLjQ5MyAxMi40OTEgTCAzMi42NDMgMTIuMDExIEMgMzIuNDQzIDEyLjc5MSAzMi4wODMgMTMuMzkxIDMxLjU2MyAxMy44NTEgQyAzMS4wMjMgMTQuMzAxIDMwLjMyMyAxNC41NDEgMjkuNDYzIDE0LjU0MSBDIDI4LjMyMyAxNC41NDEgMjcuNDUzIDE0LjE2MSAyNi44ODMgMTMuNDExIEMgMjYuMzQzIDEyLjcxMSAyNi4wNjMgMTEuODExIDI2LjA0MyAxMC43MDEgTCAzMy42NTMgMTAuNzAxIEwgMzMuNjUzIDEwLjIwMSBDIDMzLjY1MyA5LjI2MSAzMy40NzMgOC40NTEgMzMuMTEzIDcuNzcxIEMgMzIuNzUzIDcuMDgxIDMyLjI0MyA2LjU3MSAzMS41ODMgNi4yMTEgWiBNIDI2LjA0MyA5Ljg0MSBDIDI2LjA3MyA5LjIzMSAyNi4yMTMgOC42NzEgMjYuNDUzIDguMjExIEMgMjYuNzMzIDcuNjUxIDI3LjEyMyA3LjI1MSAyNy42MjMgNi45NjEgQyAyOC4xMDMgNi42ODEgMjguNjUzIDYuNTQxIDI5LjI3MyA2LjU0MSBDIDMwLjMwMyA2LjU0MSAzMS4xMTMgNi44NjEgMzEuNzMzIDcuNDcxIEMgMzIuMjgzIDguMDYxIDMyLjYwMyA4Ljg1MSAzMi42MzMgOS44NDEgTCAyNi4wNDMgOS44NDEgWiI+PC9wYXRoPjxwYXRoIGQ9Ik0gNTYuMTA5IDIuMzg2IEMgNTUuMDQ0IDIuMDQxIDUzLjgyOSAxLjg3NiA1Mi40NjQgMS44NzYgTCA1MC42MzQgMS44NzYgTCA1MC42MzQgNC41MTYgTCA1Mi40NjQgNC41MTYgQyA1My40MjQgNC41MTYgNTQuMTg5IDQuNTkxIDU0Ljc1OSA0Ljc0MSBDIDU1LjMxNCA0Ljg5MSA1NS43NzkgNS4yNTEgNTYuMTM5IDUuODM2IEMgNTYuNTE0IDYuNDA2IDU2LjY5NCA3LjMwNiA1Ni42OTQgOC41MjEgQyA1Ni42OTQgOS43NTEgNTYuNTE0IDEwLjY1MSA1Ni4xNTQgMTEuMjIxIEMgNTUuNzk0IDExLjgwNiA1NS4zMjkgMTIuMTY2IDU0Ljc3NCAxMi4zMTYgQyA1NC4yMTkgMTIuNDUxIDUzLjQzOSAxMi41MjYgNTIuNDY0IDEyLjUyNiBMIDUwLjYwNCAxMi41MjYgTCA1MC42MDQgNy4xNjIgTCA0Ny41NTkgNy4xNjIgTCA0Ny41NTkgMTUuMTk2IEwgNTIuNDY0IDE1LjE5NiBDIDUzLjgyOSAxNS4xOTYgNTUuMDQ0IDE1LjAzMSA1Ni4xMDkgMTQuNjg2IEMgNTcuMTU5IDE0LjM0MSA1OC4wMjkgMTMuNjgxIDU4LjcxOSAxMi43MDYgQyA1OS4zOTQgMTEuNzE2IDU5LjczOSAxMC4zMjEgNTkuNzM5IDguNTIxIEMgNTkuNzM5IDYuNzM2IDU5LjM5NCA1LjM0MSA1OC43MTkgNC4zNjYgQyA1OC4wMjkgMy4zNzYgNTcuMTU5IDIuNzE2IDU2LjEwOSAyLjM4NiBaIj48L3BhdGg+PHBhdGggZD0iTSA4LjQ5OCA2LjM0NiBDIDcuNzYzIDUuODk2IDYuOTIzIDUuNjcxIDUuOTQ4IDUuNjcxIEMgNC45NzMgNS42NzEgNC4xMzMgNS44OTYgMy4zOTggNi4zNDYgQyAyLjY2MyA2Ljc4MSAyLjEwOCA3LjM4MSAxLjcxOCA4LjEzMSBDIDEuMzQzIDguODY2IDEuMTQ4IDkuNjYxIDEuMTQ4IDEwLjUzMSBDIDEuMTQ4IDExLjM4NiAxLjM0MyAxMi4xODEgMS43MTggMTIuOTMxIEMgMi4xMDggMTMuNjY2IDIuNjYzIDE0LjI2NiAzLjM5OCAxNC43MTYgQyA0LjEzMyAxNS4xNTEgNC45NzMgMTUuMzc2IDUuOTQ4IDE1LjM3NiBDIDYuOTIzIDE1LjM3NiA3Ljc2MyAxNS4xNTEgOC40OTggMTQuNzE2IEMgOS4yMzMgMTQuMjY2IDkuNzg4IDEzLjY2NiAxMC4xNjMgMTIuOTMxIEMgMTAuNTUzIDEyLjE4MSAxMC43NDggMTEuMzg2IDEwLjc0OCAxMC41MzEgQyAxMC43NDggOS42NjEgMTAuNTUzIDguODY2IDEwLjE2MyA4LjEzMSBDIDkuNzg4IDcuMzgxIDkuMjMzIDYuNzgxIDguNDk4IDYuMzQ2IFogTSA5LjI5MyAxMi40OTYgQyA5LjAwOCAxMy4wOTYgOC41NzMgMTMuNTkxIDguMDAzIDEzLjk2NiBDIDcuNDE4IDE0LjM0MSA2Ljc0MyAxNC41MzYgNS45NDggMTQuNTM2IEMgNS4xNTMgMTQuNTM2IDQuNDYzIDE0LjM0MSAzLjg5MyAxMy45NjYgQyAzLjMyMyAxMy41OTEgMi44ODggMTMuMDk2IDIuNjAzIDEyLjQ5NiBDIDIuMzE4IDExLjg4MSAyLjE2OCAxMS4yMzYgMi4xNjggMTAuNTMxIEMgMi4xNjggOS44MjYgMi4zMTggOS4xNjYgMi42MDMgOC41NjYgQyAyLjg4OCA3Ljk1MSAzLjMyMyA3LjQ3MSAzLjg5MyA3LjA5NiBDIDQuNDYzIDYuNzIxIDUuMTUzIDYuNTQxIDUuOTQ4IDYuNTQxIEMgNi43NDMgNi41NDEgNy40MTggNi43MjEgOC4wMDMgNy4wOTYgQyA4LjU3MyA3LjQ3MSA5LjAwOCA3Ljk1MSA5LjI5MyA4LjU2NiBDIDkuNTc4IDkuMTY2IDkuNzI4IDkuODI2IDkuNzI4IDEwLjUzMSBDIDkuNzI4IDExLjIzNiA5LjU3OCAxMS44ODEgOS4yOTMgMTIuNDk2IFoiPjwvcGF0aD48cGF0aCBkPSJNIDIwLjc2OCA2LjI3MSBDIDIwLjA5MyA1Ljg2NiAxOS4zNDMgNS42NzEgMTguNTAzIDUuNjcxIEMgMTcuNDIzIDUuNjcxIDE2LjUyMyA1Ljk0MSAxNS43NzMgNi40NjYgQyAxNS4wODMgNi45NjEgMTQuNjAzIDcuNjIxIDE0LjMwMyA4LjQ2MSBMIDE0LjMwMyA1Ljg1MSBMIDEzLjI4MyA1Ljg1MSBMIDEzLjI4MyAxOC42MzEgTCAxNC4zMDMgMTguNjMxIEwgMTQuMzAzIDEyLjYzMSBDIDE0LjQ4MyAxMy4xNDEgMTQuNzUzIDEzLjU3NiAxNS4wODMgMTMuOTY2IEMgMTUuNDg4IDE0LjQxNiAxNS45NjggMTQuNzc2IDE2LjU1MyAxNS4wMTYgQyAxNy4xMjMgMTUuMjU2IDE3Ljc4MyAxNS4zNzYgMTguNTAzIDE1LjM3NiBDIDE5LjM0MyAxNS4zNzYgMjAuMDkzIDE1LjE4MSAyMC43NjggMTQuNzc2IEMgMjEuNDI4IDE0LjM3MSAyMS45NTMgMTMuODAxIDIyLjMyOCAxMy4wODEgQyAyMi43MTggMTIuMzQ2IDIyLjg5OCAxMS40OTEgMjIuODk4IDEwLjUzMSBDIDIyLjg5OCA5LjU3MSAyMi43MTggOC43MTYgMjIuMzI4IDcuOTgxIEMgMjEuOTUzIDcuMjQ2IDIxLjQyOCA2LjY3NiAyMC43NjggNi4yNzEgWiBNIDIxLjM4MyAxMi43MjEgQyAyMS4wNTMgMTMuMzIxIDIwLjYxOCAxMy43NzEgMjAuMDYzIDE0LjA4NiBDIDE5LjUwOCAxNC4zODYgMTguODkzIDE0LjUzNiAxOC4yMzMgMTQuNTM2IEMgMTcuNTU4IDE0LjUzNiAxNi45MjggMTQuMzcxIDE2LjM0MyAxNC4wNzEgQyAxNS43NDMgMTMuNzU2IDE1LjI3OCAxMy4zMDYgMTQuOTAzIDEyLjcwNiBDIDE0LjU0MyAxMi4wOTEgMTQuMzYzIDExLjM3MSAxNC4zNjMgMTAuNTMxIEMgMTQuMzYzIDkuNjc2IDE0LjU0MyA4Ljk1NiAxNC45MDMgOC4zNTYgQyAxNS4yNzggNy43NDEgMTUuNzQzIDcuMjkxIDE2LjM0MyA2Ljk5MSBDIDE2LjkyOCA2LjY5MSAxNy41NTggNi41NDEgMTguMjMzIDYuNTQxIEMgMTguODkzIDYuNTQxIDE5LjUwOCA2LjY3NiAyMC4wNjMgNi45NzYgQyAyMC42MTggNy4yNjEgMjEuMDUzIDcuNzExIDIxLjM4MyA4LjMxMSBDIDIxLjcxMyA4LjkxMSAyMS44NzggOS42NjEgMjEuODc4IDEwLjUzMSBDIDIxLjg3OCAxMS40MDEgMjEuNzEzIDEyLjEzNiAyMS4zODMgMTIuNzIxIFoiPjwvcGF0aD48cGF0aCBkPSJNIDQyLjg3OCA2LjA5MSBDIDQyLjM5OCA1LjgwNiA0MS44MTMgNS42NzEgNDEuMTM4IDUuNjcxIEMgNDAuMDczIDUuNjcxIDM5LjE4OCA1Ljk0MSAzOC40OTggNi40OTYgQyAzNy44NjggNy4wMDYgMzcuNDMzIDcuNjk2IDM3LjIwOCA4LjU1MSBMIDM3LjIwOCA1Ljg1MSBMIDM2LjE4OCA1Ljg1MSBMIDM2LjE4OCAxNS4xOTYgTCAzNy4yMDggMTUuMTk2IEwgMzcuMjA4IDEwLjk4MSBDIDM3LjIwOCAxMC4xNDEgMzcuMzU4IDkuMzkxIDM3LjY0MyA4LjcxNiBDIDM3LjkyOCA4LjA0MSAzOC4zNDggNy41MTYgMzguOTAzIDcuMTI2IEMgMzkuNDQzIDYuNzM2IDQwLjA3MyA2LjU0MSA0MC43OTMgNi41NDEgQyA0MS42NjMgNi41NDEgNDIuMzA4IDYuNzUxIDQyLjcxMyA3LjIwMSBDIDQzLjEzMyA3LjYzNiA0My4zMjggOC4zNTYgNDMuMzI4IDkuMzQ2IEwgNDMuMzI4IDE1LjE5NiBMIDQ0LjM2MyAxNS4xOTYgTCA0NC4zNjMgOS4zMDEgQyA0NC4zNjMgOC41MzYgNDQuMjQzIDcuODc2IDQzLjk4OCA3LjMzNiBDIDQzLjcxOCA2Ljc5NiA0My4zNTggNi4zNzYgNDIuODc4IDYuMDkxIFoiPjwvcGF0aD48cGF0aCBkPSJNIDY4LjY3OSA2LjA0NiBDIDY3LjkyOSA1LjY3MSA2Ny4wMTQgNS40NzYgNjUuOTc5IDUuNDc2IEMgNjUuMDA0IDUuNDc2IDY0LjE0OSA1LjY3MSA2My4zOTkgNi4wNjEgQyA2Mi42NDkgNi40NTEgNjIuMDY0IDcuMDIxIDYxLjYyOSA3Ljc3MSBDIDYxLjIwOSA4LjUwNiA2MC45OTkgOS4zNzYgNjAuOTk5IDEwLjM4MSBDIDYwLjk5OSAxMS4zNTYgNjEuMjA5IDEyLjIyNiA2MS42MTQgMTIuOTc2IEMgNjIuMDM0IDEzLjc0MSA2Mi42MTkgMTQuMzI2IDYzLjM4NCAxNC43NDYgQyA2NC4xNDkgMTUuMTY2IDY1LjA2NCAxNS4zNzYgNjYuMDk5IDE1LjM3NiBDIDY3LjUzOSAxNS4zNzYgNjguNjk0IDE1LjA2MSA2OS41NDkgMTQuNDE2IEMgNzAuMDE0IDE0LjA1NiA3MC4zODkgMTMuNjM2IDcwLjY0NCAxMy4xNTYgTCA2OC4yNzQgMTEuODM2IEwgNjguMTk5IDExLjgzNiBDIDY4LjEwOSAxMi4yNzEgNjcuODY5IDEyLjYxNiA2Ny40OTQgMTIuODU2IEMgNjcuMTE5IDEzLjA5NiA2Ni42NTQgMTMuMjE2IDY2LjA4NCAxMy4yMTYgQyA2NS4zOTQgMTMuMjE2IDY0Ljg1NCAxMi45OTEgNjQuNDY0IDEyLjU1NiBDIDY0LjEzNCAxMi4xODEgNjMuOTM5IDExLjY3MSA2My45MDkgMTEuMDQxIEwgNzEuMDM0IDExLjA0MSBMIDcxLjAzNCAxMC4yNDYgQyA3MS4wMzQgOS4yNDEgNzAuODM5IDguMzg2IDcwLjQzNCA3LjY4MSBDIDcwLjAyOSA2Ljk3NiA2OS40NDQgNi40MjEgNjguNjc5IDYuMDQ2IFogTSA2My44NjQgOS40ODEgQyA2My44OTQgOS4xNTEgNjMuOTk5IDguODUxIDY0LjEzNCA4LjU5NiBDIDY0LjMxNCA4LjI2NiA2NC41NjkgOC4wMjYgNjQuODg0IDcuODQ2IEMgNjUuMjE0IDcuNjgxIDY1LjU4OSA3LjU5MSA2Ni4wNTQgNy41OTEgQyA2Ni43MjkgNy41OTEgNjcuMjY5IDcuNzg2IDY3LjY1OSA4LjE2MSBDIDY4LjAwNCA4LjQ5MSA2OC4xODQgOC45MjYgNjguMjI5IDkuNDgxIEwgNjMuODY0IDkuNDgxIFoiPjwvcGF0aD48cGF0aCBkPSJNIDc4LjY1MyA5LjY3NiBMIDc2LjQ0OCA5LjEyMSBDIDc2LjEwMyA5LjAzMSA3NS44NDggOC45MjYgNzUuNjgzIDguNzc2IEMgNzUuNTAzIDguNjI2IDc1LjQyOCA4LjQ2MSA3NS40MjggOC4yODEgQyA3NS40MjggOC4wNDEgNzUuNTMzIDcuODYxIDc1Ljc1OCA3LjcyNiBDIDc1Ljk4MyA3LjYwNiA3Ni4zMjggNy41NDYgNzYuNzYzIDcuNTQ2IEMgNzcuMzQ4IDcuNTQ2IDc3Ljc4MyA3LjY1MSA3OC4wNjggNy44NzYgQyA3OC4zNTMgOC4xMDEgNzguNTAzIDguNDQ2IDc4LjUwMyA4Ljg5NiBMIDgxLjM4MyA4Ljg5NiBDIDgxLjM4MyA3Ljc4NiA4MC45NjMgNi45NDYgODAuMTUzIDYuMzYxIEMgNzkuMzQzIDUuNzc2IDc4LjIwMyA1LjQ3NiA3Ni43NDggNS40NzYgQyA3NS44NjMgNS40NzYgNzUuMTEzIDUuNTgxIDc0LjQ4MyA1LjgwNiBDIDczLjg1MyA2LjAxNiA3My4zNTggNi4zMzEgNzMuMDI4IDYuNzM2IEMgNzIuNjk4IDcuMTQxIDcyLjUzMyA3LjY1MSA3Mi41MzMgOC4yNTEgQyA3Mi41MzMgOS4wMDEgNzIuNzU4IDkuNTg2IDczLjIyMyA5Ljk5MSBDIDczLjcwMyAxMC40MTEgNzQuMjU4IDEwLjcxMSA3NC44ODggMTAuOTA2IEwgNzcuNzk4IDExLjY3MSBDIDc4LjA5OCAxMS43NjEgNzguMzA4IDExLjg4MSA3OC40NDMgMTIuMDE2IEMgNzguNTc4IDEyLjEzNiA3OC42NTMgMTIuMzAxIDc4LjY1MyAxMi40OTYgQyA3OC42NTMgMTIuNzgxIDc4LjU0OCAxMi45OTEgNzguMzIzIDEzLjEyNiBDIDc4LjA5OCAxMy4yNjEgNzcuNzIzIDEzLjMyMSA3Ny4xOTggMTMuMzIxIEMgNzYuNDkzIDEzLjMyMSA3NS45NjggMTMuMjAxIDc1LjYyMyAxMi45MzEgQyA3NS4yNzggMTIuNjc2IDc1LjA5OCAxMi4yNzEgNzUuMDk4IDExLjczMSBMIDcyLjIzMyAxMS43MzEgQyA3Mi4yMzMgMTIuNTI2IDcyLjQxMyAxMy4yMDEgNzIuNzg4IDEzLjc0MSBDIDczLjE3OCAxNC4yODEgNzMuNzE4IDE0LjY4NiA3NC40NTMgMTQuOTcxIEMgNzUuMTczIDE1LjI0MSA3Ni4wNzMgMTUuMzc2IDc3LjE1MyAxNS4zNzYgQyA3OC4xMjggMTUuMzc2IDc4LjkzOCAxNS4yNzEgNzkuNTgzIDE1LjA2MSBDIDgwLjI0MyAxNC44NTEgODAuNzIzIDE0LjUyMSA4MS4wNTMgMTQuMTAxIEMgODEuMzgzIDEzLjY2NiA4MS41NDggMTMuMTQxIDgxLjU0OCAxMi41MjYgQyA4MS41NDggMTEuNzE2IDgxLjI5MyAxMS4xMDEgODAuNzY4IDEwLjY1MSBDIDgwLjI1OCAxMC4yMTYgNzkuNTUzIDkuODg2IDc4LjY1MyA5LjY3NiBaIj48L3BhdGg+PC9zdmc+") no-repeat center; + } + +/* Keycloak user screens begin */ +#kc-login, #kc-logout, #saveTOTPBtn, .pf-c-button.btn-lg { + color: var(--color-opendesk-white); + border: 2px solid; +} + +#kc-login:hover, #kc-logout:hover, #saveTOTPBtn:hover, .pf-c-button.btn-lg:hover { + color: #000000; + background-color: #e7dffa; + border: 2px solid var(--color-accent); +} + +.pf-c-form-control { + background-color: #e7dffa; +} + +.pf-c-dropdown__menu-item:hover { + background-color: var(--color-accent); + color: var(--color-opendesk-white) !important; +} + +#kc-form-options .checkbox { + color: var(--font-color-contrast-high) !important; +} +#kc-header-wrapper { + color: var(--color-opendesk-secondary); +} +/* Keycloak user screens end */ + +.portal-title__image { + width: 82px; + height: auto; +} +.portal-title { + padding: 0 10px 0 5px; +} + +/* +.portal::after { + content: ''; + display: block; + position: fixed; + z-index: 0; + height: 10px; + left: 0; + right: 0; + bottom: 0; + background-image: linear-gradient(to right, #5e27dd, #5e27dd 62%, white 62%); +} +*/ + +.portal__background::before { + content: ''; + display: block; + position: fixed; + left: 0; + background-image: url(/univention/portal/custom/portal_background_image.svg); + background-repeat: no-repeat; + width: 100%; + height: 237px; + background-size: 480px; + bottom: 4px; + background-position: right 25px center; +} + +@media screen and (max-width: 1300px){ + .portal__background::before{ + background-size: 350px; + bottom: -28px; + background-position: right 19px center; + } +} + +@media screen and (max-width: 748px){ + .portal__background::before{ + background-size: 250px; + bottom: -50px; + background-position: right 20px center; + } +} + +.portal-categories:before { +width: 100%; +content: ''; +position: fixed; +left: 0; +height: 1px; +top: var(--layout-height-header); +background-color: #dddddd; +z-index: 1; +} + +.portal-sidenavigation__login-header { +border-bottom-color:var( --color-opendesk-secondary); +} +.portal-sidenavigation__edit-mode { +border-color:var( --color-opendesk-secondary); +background-color:var( --color-opendesk-secondary); +} + +.portal-sidenavigation__edit-mode:hover { +border-color:var(--color-opendesk-secondary-dark); +background-color:var(--color-opendesk-secondary-dark); +} + +.portal-header__edit-mode-label { +background-color: var( --color-opendesk-secondary); +} +.portal-sidenavigation__logout-link { +color: var(--color-accent); +} +.portal-sidenavigation__menu-item:hover, +.portal-sidenavigation__menu-subItem:hover { +background-color: var( --color-opendesk-secondary); +transition: all var(--portal-transition-duration); +} +.portal-sidenavigation__menu-item:hover .portal-sidenavigation__submenu{ +background-color: var(--color-opendesk-white); +} +.portal-sidenavigation__menu-item:active { +border-color: transparent; +} + +input { border: 0.1rem solid var(--color-opendesk-secondary-dark) } +input[readonly] { background-color: var(--color-opendesk-secondary); } +/*input { +border-color: var(--bgc-inputborder-on-container); +}*/ + +.portal-search__input{ +border: 0.1rem solid var(--bgc-inputborder-on-container); +} + +.image-upload__canvas { +background-color: var( --color-opendesk-secondary); +border: 1px solid var( --color-opendesk-secondary); +} + +button { +transition: all var(--portal-transition-duration); +} + +button.primary { +color: var(--color-opendesk-white); +} +button.primary svg { +color: var(--color-opendesk-white); +} +button[disabled] { +color: #afafaf; +} +button[disabled] svg { +color: #afafaf; +} + +button:focus { +border-color:white; +outline: 2px solid var(--color-opendesk-black); +} + +input[type=checkbox]:focus { +outline: 2px solid var(--color-opendesk-black); +} + +.form-element { +margin-bottom: 2px; /*needed for cleaner Outline*/ +margin-left: 2px; +} + +select { +border: 1px solid var( --color-opendesk-secondary); +} +.multi-select__select { +border: 1px solid var( --color-opendesk-secondary); +} + +.multi-input__row--multiline { +box-shadow: inset 2px 0 var( --color-opendesk-secondary); +} + +textarea { +border: .1rem solid #B2AFAF; +width: -webkit-fill-available; +} + +.notification--success { +border: 1px solid var(--font-color-success); +background-color: var(--font-color-success-light); +} +.notification--warning { +border: 1px solid var(--font-color-warning); +background-color: var(--font-color-warning-light); +} +.notification--error { +border: 1px solid var(--font-color-error); +background-color: var(--font-color-error-light); +} + +.header-tab__clickable:before { +background-color: var( --color-opendesk-secondary); +border-color: var(--color-opendesk-white); +box-shadow: 0 0.2rem 0 var( --color-opendesk-secondary); +border-bottom: 0; +} + +.header-tab:hover:before{ +background-color: var(--color-opendesk-secondary-dark); +box-shadow: 0 0.2rem 0 var(--color-opendesk-secondary-dark); +border-bottom: 0; +transition: all var(--portal-transition-duration); +} + +.header-tab:focus:before { +border-bottom: 0.2rem solid var(--color-opendesk-black); +box-shadow: 0; +} + +.header-tab--active:focus:after { +border: 0.2rem solid var(--color-opendesk-black); +} + +.portal-tile__name, +.portal-folder__name { +text-shadow: 0 0.1rem 0.1rem rgb(0 0 0 / 10%); +} + +.header-tab:hover, +.header-tab:hover ~ .icon-button .portal-icon, +.header-tab--active, +.header-tab--active ~ .icon-button .portal-icon{ +color: var(--color-opendesk-white); +transition: all var(--portal-transition-duration); +} + +.header-tab--active ~ .icon-button:focus { +border-color: var(--color-opendesk-white); +} + +.choose-tab:hover { +background-color: var( --color-opendesk-secondary); +} +.choose-tab--active { +background-color: var(--color-accent); +color: var(--color-opendesk-white); +} + + +.header-button__button .portal-icon{ + color: #1F1F1F; + stroke-width: 3; +} +.header-button--is-active .portal-icon { + color: var(--color-accent); +} + +/* +// +// +// Loading Overlay image and Animation +*/ + +.standbyCircle{ +display: none; +} + +.standbyWrapper:before { +content: ''; +background-image: url(/univention/portal/icons/logo.svg); +background-size: 70%; +width: 200px; +height: 200px; +background-repeat: no-repeat; +-webkit-animation: pulsate-bck 1.2s ease-in-out infinite both; +animation: pulsate-bck 1.2s ease-in-out infinite both; +background-position: center center; +} + +@-webkit-keyframes pulsate-bck { +0% { + -webkit-transform: scale(1); + transform: scale(1); + opacity: 1; +} +50% { + -webkit-transform: scale(0.9); + transform: scale(0.9); + opacity: 0.5; +} +100% { + -webkit-transform: scale(1); + transform: scale(1); + opacity: 1; +} +} +@keyframes pulsate-bck { +0% { + -webkit-transform: scale(1); + transform: scale(1); + opacity: 1; +} +50% { + -webkit-transform: scale(0.9); + transform: scale(0.9); + opacity: 0.5; +} +100% { + -webkit-transform: scale(1); + transform: scale(1); + opacity: 1; +} +} + +.portal-tooltip { +border-color: var(--color-accent); +} +.portal-tooltip__arrow { +border-color: transparent transparent var(--color-accent) transparent; +} + +.portal-title__portal-name { +position: absolute; +width: 1px; +height: 1px; +padding: 0; +margin: -1px; +overflow: hidden; +clip: rect(0, 0, 0, 0); +border: 0; +} diff --git a/helmfile/shared/migrations.yaml.gotmpl b/helmfile/shared/migrations.yaml.gotmpl index 4e758e58..ed50cc86 100644 --- a/helmfile/shared/migrations.yaml.gotmpl +++ b/helmfile/shared/migrations.yaml.gotmpl @@ -15,16 +15,13 @@ cleanup: keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }} migrations: - runId: 1 - currentOdRelease: {{ .Values.global.systemInformation.releaseVersion | quote }} - namespace: {{ .Values.migrations.namespace | quote }} + runId: 2 + namespace: {{ .Values.migrations.namespace | default .Release.Namespace | quote }} loglevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }} failOnUnexpectedState: true - credentials: - keycloakAdminUsername: "kcadmin" - keycloakAdminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} - urls: - keycloakBase: "http://ums-keycloak.{{ .Values.univentionManagementStack.namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080" + environmentDetails: + {{ .Values | toYaml | nindent 4 }} + cleanup: false containerSecurityContext: allowPrivilegeEscalation: false diff --git a/helmfile_generic.yaml b/helmfile_generic.yaml index 68276085..ae3fc7a7 100644 --- a/helmfile_generic.yaml +++ b/helmfile_generic.yaml @@ -13,7 +13,7 @@ helmfiles: - {{ toYaml .Values | nindent 8 }} - path: "helmfile/apps/services/helmfile-child.yaml" values: *values - - path: "helmfile/apps/univention-management-stack/helmfile-child.yaml" + - path: "helmfile/apps/nubus/helmfile-child.yaml" values: *values - path: "helmfile/apps/intercom-service/helmfile-child.yaml" values: *values