From e4d9106c457e018922dcc730df0570d41f3ec2aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Sat, 14 Dec 2024 15:59:54 +0100 Subject: [PATCH] fix(ci): Reduce Kyverno linting issues --- .../nubus/values-intercom-service.yaml.gotmpl | 2 ++ helmfile/apps/nubus/values-nubus.yaml.gotmpl | 4 ++++ .../values-opendesk-customization.yaml.gotmpl | 17 ++++++++++------ .../nubus/values-opendesk-images.yaml.gotmpl | 6 ++++++ .../values-openxchange.yaml.gotmpl | 3 +++ .../values-oxconnector.yaml.gotmpl | 20 ++----------------- .../environments/default/charts.yaml.gotmpl | 4 ++-- .../environments/default/images.yaml.gotmpl | 10 ++++++++++ .../environments/default/replicas.yaml.gotmpl | 10 +++++----- 9 files changed, 45 insertions(+), 31 deletions(-) diff --git a/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl b/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl index bebdad12..1d793048 100644 --- a/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl +++ b/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl @@ -130,6 +130,8 @@ provisioning: registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }} repository: {{ .Values.images.nubusKeycloakBootstrap.repository | quote }} tag: {{ .Values.images.nubusKeycloakBootstrap.tag | quote }} + resources: + {{ .Values.resources.intercomService | toYaml | nindent 4 }} securityContext: seccompProfile: type: "RuntimeDefault" diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index 7a5f000a..2e4030d5 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -401,6 +401,10 @@ nubusUdmListener: nubusSelfServiceListener: enabled: false + resources: + {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }} + resourcesWaitForDependency: + {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }} nubusSelfServiceConsumer: enabled: true diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl index fb67739d..ecb272bf 100644 --- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl @@ -421,12 +421,13 @@ nubusLdapNotifier: {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }} nubusLdapServer: - imagePullSecrets: - {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} - highAvailabilityMode: false - replicaCountPrimary: 1 - replicaCountSecondary: 0 # {{ .Values.replicas.umsLdapServerSecondary }} - replicaCountProxy: 0 # {{ .Values.replicas.umsLdapServerProxy }} + global: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 6 }} + replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }} + replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }} + replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }} additionalAnnotations: intents.otterize.com/service-name: "ums-ldap-server" serviceAccount: @@ -543,6 +544,8 @@ nubusStackDataUms: intents.otterize.com/service-name: "ums-stack-data-ums" resources: {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }} + initResources: + {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }} nubusSelfServiceConsumer: containerSecurityContext: @@ -615,6 +618,8 @@ nubusUmcGateway: replicaCount: {{ .Values.replicas.umsUmcGateway }} resources: {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }} + initResources: + {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }} nubusKeycloakBootstrap: containerSecurityContext: diff --git a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl index c88ea074..2d894b77 100644 --- a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl @@ -49,6 +49,12 @@ nubusLdapServer: repository: {{ .Values.images.nubusLdapServer.repository }} tag: {{ .Values.images.nubusLdapServer.tag }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + leaderElector: + image: + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerLeaderElector.registry | quote }} + repository: {{ .Values.images.nubusLdapServerLeaderElector.repository }} + tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }} + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} dhInitcontainer: image: registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }} diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index 29e1bf01..6ceb7576 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -422,6 +422,9 @@ appsuite: replicas: {{ .Values.replicas.openxchangeCoreMW }} resources: {{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }} + initContainer: + resources: + {{ .Values.resources.openxchangeCoreMW | toYaml | nindent 8 }} core-ui: enabled: true diff --git a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl index 3f3900ef..6b74afcb 100644 --- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl @@ -63,30 +63,14 @@ provisioningApi: resources: {{ .Values.resources.oxConnector | toYaml | nindent 2 }} +resourcesWaitForDependency: + {{ .Values.resources.oxConnector | toYaml | nindent 2 }} persistence: storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: {} -## Container deployment probes -probes: - liveness: - enabled: true - initialDelaySeconds: 120 - timeoutSeconds: 3 - periodSeconds: 30 - failureThreshold: 3 - successThreshold: 1 - - readiness: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 3 - periodSeconds: 15 - failureThreshold: 30 - successThreshold: 1 - replicaCount: {{ .Values.replicas.oxConnector }} securityContext: diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 31a60232..5e6e18d6 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -139,7 +139,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "intercom-service" - version: "2.4.0" + version: "2.7.1" verify: true jitsi: # providerCategory: "Platform" @@ -387,7 +387,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/charts-mirror" name: "ox-connector" - version: "0.14.5" + version: "0.14.11" verify: true postfix: # providerCategory: "Platform" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index 0f7a8448..1d776a32 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -370,6 +370,16 @@ images: registry: "registry-1.docker.io" repository: "natsio/nats-box" tag: "0.14.2@sha256:c9b8ebaabb2ca4c227feb4f6b856dc72d4775ac3d71f80d2c65aa82303079011" + nubusLdapServerLeaderElector: + # providerCategory: "Supplier" + # providerResponsible: "Univention" + # upstreamRegistry: "https://artifacts.software-univention.de" + # upstreamRepository: "nubus/images/ldap-server-elector" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "29", "1"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector" + tag: "0.29.1@sha256:3c6213b745a4dab642acf9b170a4f4db7dfa94c71262723fe563c447145af198" nubusNats: # providerCategory: 'Community' # providerResponsible: 'Univention' diff --git a/helmfile/environments/default/replicas.yaml.gotmpl b/helmfile/environments/default/replicas.yaml.gotmpl index 863ab773..a6bf6c57 100644 --- a/helmfile/environments/default/replicas.yaml.gotmpl +++ b/helmfile/environments/default/replicas.yaml.gotmpl @@ -66,7 +66,6 @@ replicas: # -- scalable: true keycloak: 1 # -- scalable: false - # -- comment: Will be removed soon. oxConnector: 1 # -- scalable: tbd umsGuardianAuthorizationApi: 1 @@ -85,13 +84,14 @@ replicas: umsKeycloakExtensionsProxy: 1 # -- scalable: tbd umsLdapNotifier: 1 - # -- scalable: false - # -- comment: Experimental feature and not supported. + # -- scalable: true + # -- comment: Please find details on the following `umsLdapServer*` entries in the upstream documentation: + # https://docs.software-univention.de/nubus-kubernetes-operation/latest/en/configuration/ldap.html#directory-service-high-availability-and-scalability umsLdapServerPrimary: 1 # -- scalable: true - umsLdapServerSecondary: 1 + umsLdapServerSecondary: 0 # -- scalable: true - umsLdapServerProxy: 1 + umsLdapServerProxy: 0 # -- scalable: tbd umsNotificationsApi: 1 # -- scalable: true