diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4e9aa0ec..ff3ad35e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,9 +30,9 @@ variables: - "souvap-univention.de" - "at-univention.de" - "souvap.cloud" - MASTER_PASSWORD: + MASTER_PASSWORD_WEB_VAR: description: "Optional: Provide a passphrase to be used for password generation." - value: "sovereign-workplace" + value: "" ENV_STOP_BEFORE: description: "Stop environment/delete namespace for the deployment" value: "no" @@ -138,8 +138,8 @@ variables: file: false script: - cd "${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}" - # Match Cluster to helmfile environments - | + # Match Cluster to helmfile environments if [ "${CLUSTER}" = "develop" ]; then export HELMFILE_ENVIRONMENT=uv-develop elif [ "${CLUSTER}" = "prototype" ]; then @@ -152,6 +152,10 @@ variables: echo "Unsupported cluster chosen: ${CLUSTER}" exit 1 fi; + # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD + if ! [ -z "${MASTER_PASSWORD_WEB_VAR}" ]; then + export MASTER_PASSWORD="${MASTER_PASSWORD_WEB_VAR}" + fi; - echo "Installing ${COMPONENT} into ${NAMESPACE} namespace as ${HELMFILE_ENVIRONMENT} environment on ${CLUSTER}" - helmfile --namespace ${NAMESPACE} apply --suppress-diff tags: diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..5e5ac9cf --- /dev/null +++ b/LICENSE @@ -0,0 +1,14 @@ + Copyright (C) 2023 Bundesministerium des Innern und für Heimat, + PG ZenDiS "Projektgruppe für Aufbau ZenDiS" + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index 934ea71d..a56c213f 100644 --- a/README.md +++ b/README.md @@ -10,11 +10,13 @@ SPDX-License-Identifier: Apache-2.0 The current state of the SWP is missing two components that are not yet generally available to the public also outside the SWP (Element Starter Edition and Open-Xchange App Suite 8), and contains components that will be replaced -(e.g. UCS container monolith to be replaced by multiple Univention Management Stack containers). +(e.g. UCS dev container monolith to be replaced by multiple Univention Management Stack containers). In the next months we not only expect upstream updates of the functional components within their feature scope but we are going to address operational issues like monitoring and network policies. -Of course we will extend the documentation and would love to get [feedback from you](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#mitwirkung-und-beteiligung) regarding the areas you require more details on. But be sure also without that feedback the documentation will grow. +Of course we will also extend the documentation. + +In any case we love to get [feedback from you](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#mitwirkung-und-beteiligung) regarding the documentation as well as your experience with the deployment and the SWP itself. The first release of the SWP is scheduled for December 2023. @@ -92,10 +94,19 @@ All of these requirements are optional as long as you do not want to make use of The project includes a `.gitlab-ci.yml` that allows you to execute the deployment from a Gitlab instance of your choice. -Please ensure you provide the variables listed in the `Required input variables` section. When starting the CI through -the Gitlab UI you will be queried for some of the variables, but the variable `ISTIO_DOMAIN` will be derived -automatically by prefixing `DOMAIN` with `istio.`. Other variables you are not asked for when triggering the CI you may -want to set in the projects `Settings` > `CI/CD` > `Variables`. +Please ensure you provide the variables listed in the `Required input variables` section. + +When starting the CI through the Gitlab UI you will be queried for some of the variables and in addition for + +- `NAMESPACE`: Defines into which namespace of your K8s cluster the SWP will be installed +- `MASTER_PASSWORD_WEB_VAR`: Overwrite value of `MASTER_PASSWORD` + +Based on your input the following variables will be set: +- `DOMAIN` = `NAMESPACE`.`DOMAIN` +- `ISTIO_DOMAIN` = istio.`DOMAIN` +- `MASTER_PASSWORD` = `MASTER_PASSWORD_WEB_VAR` if that is not given `MASTER_PASSWORD` will be used, that could be set as masked CI variable in Gitlab or as a fallback the default value of `MASTER_PASSWORD`. + +You might want to set password / credential variables in the projects `Settings` > `CI/CD` > `Variables`. ### Local @@ -190,25 +201,26 @@ In case you don't got for a develop or evaluation environment you want to point #### Scaling -Replicas for scalable components can be increased. +Replicas for components can be increased, while we still have to look in the actual scalability of the +components (see column `Scales at least to 2`). -| Component | Name | Default | Service | Scaling | -|-------------|------------------------|---------|--------------------|--------------------| -| ClamAV | `replicas.clamd` | `1` | :white_check_mark: | :white_check_mark: | -| | `replicas.freshclam` | `1` | :white_check_mark: | :x: | -| | `replicas.icap` | `1` | :white_check_mark: | :white_check_mark: | -| | `replicas.milter` | `1` | :white_check_mark: | :white_check_mark: | -| Collabora | `replicas.collabora` | `1` | :white_check_mark: | :white_check_mark: | -| Dovecot | `replicas.dovecot` | `1` | :white_check_mark: | :x: | -| Jitsi | `replicas.jibri` | `1` | :white_check_mark: | :white_check_mark: | -| | `replicas.jicofo` | `1` | :white_check_mark: | :white_check_mark: | -| | `replicas.jitsi ` | `1` | :white_check_mark: | :white_check_mark: | -| | `replicas.jvb ` | `1` | :white_check_mark: | :white_check_mark: | -| Keycloak | `replicas.keycloak` | `1` | :white_check_mark: | :white_check_mark: | -| Nextcloud | `replicas.nextcloud` | `1` | :white_check_mark: | :white_check_mark: | -| OpenProject | `replicas.openproject` | `1` | :white_check_mark: | :white_check_mark: | -| Postfix | `replicas.postfix` | `1` | :white_check_mark: | :x: | -| XWiki | `replicas.xwiki` | `1` | :white_check_mark: | :white_check_mark: | +| Component | Name | Default | Service | Scaling | Scales at least to 2 | +|-------------|------------------------|---------|--------------------|--------------------|----------------------| +| ClamAV | `replicas.clamd` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| | `replicas.freshclam` | `1` | :white_check_mark: | :x: | not tested | +| | `replicas.icap` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| | `replicas.milter` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| Collabora | `replicas.collabora` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| Dovecot | `replicas.dovecot` | `1` | :white_check_mark: | :x: | not tested | +| Jitsi | `replicas.jibri` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| | `replicas.jicofo` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| | `replicas.jitsi ` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| | `replicas.jvb ` | `1` | :white_check_mark: | :white_check_mark: | tested | +| Keycloak | `replicas.keycloak` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| Nextcloud | `replicas.nextcloud` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| OpenProject | `replicas.openproject` | `1` | :white_check_mark: | :white_check_mark: | not tested | +| Postfix | `replicas.postfix` | `1` | :white_check_mark: | :x: | not tested | +| XWiki | `replicas.xwiki` | `1` | :white_check_mark: | :white_check_mark: | not tested | ## Identity data flows