fix(ci): Reduce Kyverno linting issues

helmfile/apps/nubus/values-intercom-service.yaml.gotmpl

@@ -130,6 +130,8 @@ provisioning:
     registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
     repository: {{ .Values.images.nubusKeycloakBootstrap.repository | quote }}
     tag: {{ .Values.images.nubusKeycloakBootstrap.tag | quote }}
+  resources:
+    {{ .Values.resources.intercomService | toYaml | nindent 4 }}
   securityContext:
     seccompProfile:
       type: "RuntimeDefault"

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -401,6 +401,10 @@ nubusUdmListener:
 
 nubusSelfServiceListener:
   enabled: false
+  resources:
+    {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
+  resourcesWaitForDependency:
+    {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
 
 nubusSelfServiceConsumer:
   enabled: true

helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl

@@ -421,12 +421,13 @@ nubusLdapNotifier:
     {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }}
 
 nubusLdapServer:
-  imagePullSecrets:
+  global:
-    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
-  highAvailabilityMode: false
+    imagePullSecrets:
-  replicaCountPrimary: 1
+      {{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
-  replicaCountSecondary: 0 # {{ .Values.replicas.umsLdapServerSecondary }}
+  replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }}
-  replicaCountProxy: 0 # {{ .Values.replicas.umsLdapServerProxy }}
+  replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }}
+  replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }}
   additionalAnnotations:
     intents.otterize.com/service-name: "ums-ldap-server"
   serviceAccount:
@@ -543,6 +544,8 @@ nubusStackDataUms:
     intents.otterize.com/service-name: "ums-stack-data-ums"
   resources:
     {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
+  initResources:
+    {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
 
 nubusSelfServiceConsumer:
   containerSecurityContext:
@@ -615,6 +618,8 @@ nubusUmcGateway:
   replicaCount: {{ .Values.replicas.umsUmcGateway }}
   resources:
     {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
+  initResources:
+    {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
 
 nubusKeycloakBootstrap:
   containerSecurityContext:

helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl

@@ -49,6 +49,12 @@ nubusLdapServer:
       repository: {{ .Values.images.nubusLdapServer.repository }}
       tag: {{ .Values.images.nubusLdapServer.tag }}
       imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    leaderElector:
+      image:
+        registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerLeaderElector.registry | quote }}
+        repository: {{ .Values.images.nubusLdapServerLeaderElector.repository }}
+        tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }}
+        imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
   dhInitcontainer:
     image:
       registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }}

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -422,6 +422,9 @@ appsuite:
     replicas: {{ .Values.replicas.openxchangeCoreMW }}
     resources:
       {{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
+    initContainer:
+      resources:
+        {{ .Values.resources.openxchangeCoreMW | toYaml | nindent 8 }}
 
   core-ui:
     enabled: true

helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl

@@ -63,30 +63,14 @@ provisioningApi:
 
 resources:
   {{ .Values.resources.oxConnector | toYaml | nindent 2 }}
+resourcesWaitForDependency:
+  {{ .Values.resources.oxConnector | toYaml | nindent 2 }}
 
 persistence:
   storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
 
 podAnnotations: {}
 
-## Container deployment probes
-probes:
-  liveness:
-    enabled: true
-    initialDelaySeconds: 120
-    timeoutSeconds: 3
-    periodSeconds: 30
-    failureThreshold: 3
-    successThreshold: 1
-
-  readiness:
-    enabled: true
-    initialDelaySeconds: 30
-    timeoutSeconds: 3
-    periodSeconds: 15
-    failureThreshold: 30
-    successThreshold: 1
-
 replicaCount: {{ .Values.replicas.oxConnector }}
 
 securityContext:

helmfile/environments/default/charts.yaml.gotmpl

@@ -139,7 +139,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "intercom-service"
-    version: "2.4.0"
+    version: "2.7.1"
     verify: true
   jitsi:
     # providerCategory: "Platform"
@@ -387,7 +387,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "ox-connector"
-    version: "0.14.5"
+    version: "0.14.11"
     verify: true
   postfix:
     # providerCategory: "Platform"

helmfile/environments/default/images.yaml.gotmpl

@@ -370,6 +370,16 @@ images:
     registry: "registry-1.docker.io"
     repository: "natsio/nats-box"
     tag: "0.14.2@sha256:c9b8ebaabb2ca4c227feb4f6b856dc72d4775ac3d71f80d2c65aa82303079011"
+  nubusLdapServerLeaderElector:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Univention"
+    # upstreamRegistry: "https://artifacts.software-univention.de"
+    # upstreamRepository: "nubus/images/ldap-server-elector"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["0", "29", "1"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector"
+    tag: "0.29.1@sha256:3c6213b745a4dab642acf9b170a4f4db7dfa94c71262723fe563c447145af198"
   nubusNats:
     # providerCategory: 'Community'
     # providerResponsible: 'Univention'

helmfile/environments/default/replicas.yaml.gotmpl

@@ -66,7 +66,6 @@ replicas:
   # -- scalable: true
   keycloak: 1
   # -- scalable: false
-  # -- comment: Will be removed soon.
   oxConnector: 1
   # -- scalable: tbd
   umsGuardianAuthorizationApi: 1
@@ -85,13 +84,14 @@ replicas:
   umsKeycloakExtensionsProxy: 1
   # -- scalable: tbd
   umsLdapNotifier: 1
-  # -- scalable: false
+  # -- scalable: true
-  # -- comment: Experimental feature and not supported.
+  # -- comment: Please find details on the following `umsLdapServer*` entries in the upstream documentation:
+  # https://docs.software-univention.de/nubus-kubernetes-operation/latest/en/configuration/ldap.html#directory-service-high-availability-and-scalability
   umsLdapServerPrimary: 1
   # -- scalable: true
-  umsLdapServerSecondary: 1
+  umsLdapServerSecondary: 0
   # -- scalable: true
-  umsLdapServerProxy: 1
+  umsLdapServerProxy: 0
   # -- scalable: tbd
   umsNotificationsApi: 1
   # -- scalable: true