From f13f39a0a0fe9748f12270e9c933c985919b8eda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Aubin?= Date: Thu, 28 Dec 2023 16:48:06 +0100 Subject: [PATCH] fix(xwiki): Update default XWiki configuration * Set default language to a locale with country indicator, which allows the workplace services to work properly * Set default page title (visible in the browser tab title) --- helmfile/apps/xwiki/helmfile.yaml | 3 +- helmfile/apps/xwiki/values.gotmpl | 74 ------------------ .../xwiki/{values.yaml => values.yaml.gotmpl} | 76 +++++++++++++++++-- 3 files changed, 69 insertions(+), 84 deletions(-) delete mode 100644 helmfile/apps/xwiki/values.gotmpl rename helmfile/apps/xwiki/{values.yaml => values.yaml.gotmpl} (50%) diff --git a/helmfile/apps/xwiki/helmfile.yaml b/helmfile/apps/xwiki/helmfile.yaml index 872fb28e..7cc397c1 100644 --- a/helmfile/apps/xwiki/helmfile.yaml +++ b/helmfile/apps/xwiki/helmfile.yaml @@ -19,8 +19,7 @@ releases: version: "{{ .Values.charts.xwiki.version }}" wait: true values: - - "values.yaml" - - "values.gotmpl" + - "values.yaml.gotmpl" installed: {{ .Values.xwiki.enabled }} timeout: 900 diff --git a/helmfile/apps/xwiki/values.gotmpl b/helmfile/apps/xwiki/values.gotmpl deleted file mode 100644 index db1f4106..00000000 --- a/helmfile/apps/xwiki/values.gotmpl +++ /dev/null @@ -1,74 +0,0 @@ -{{/* -SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -SPDX-License-Identifier: Apache-2.0 -*/}} ---- -image: - name: "{{ .Values.global.imageRegistry }}/{{ .Values.images.xwiki.repository }}" - tag: {{ .Values.images.xwiki.tag | quote }} - pullPolicy: {{ .Values.global.imagePullPolicy | quote }} - -externalDB: - password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }} - database: {{ .Values.databases.xwiki.name | quote }} - user: {{ .Values.databases.xwiki.username | quote }} - host: {{ .Values.databases.xwiki.host | quote }} - -customConfigs: - "xwiki.cfg": - xwiki.superadminpassword: {{ .Values.secrets.xwiki.superadminpassword | quote }} - ## LDAP Server configuration - xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }} - xwiki.authentication.ldap.port: 389 - ## Authentication to the LDAP server - xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" - xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionManagementStack.ldapSearch.xwiki | quote }} - ## Base DN used for searching for users - xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" - ## Allow short update cycles of the LDAP group cache - xwiki.authentication.ldap.groupcache_expiration: 300 - - "xwiki.properties": - "oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth" - "oidc.endpoint.token": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token" - "oidc.endpoint.userinfo": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo" - "oidc.endpoint.logout": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout" - "oidc.secret": {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }} - "url.trustedDomains": "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" - "workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json" - "workplaceServices.base": "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - "workplaceServices.portalSecret": {{ .Values.secrets.centralnavigation.apiKey | quote }} - -properties: - "attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}" - "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": {{ .Values.theme.colors.primary | quote }} - "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": {{ .Values.theme.colors.white | quote }} - "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": {{ .Values.theme.colors.secondaryGreyLight | quote }} - ## Link LDAP users and users authenticated through OIDC - "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1 - "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" - -ingress: - enabled: {{ .Values.ingress.enabled }} - className: {{ .Values.ingress.ingressClassName | quote }} - annotations: - haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" - hosts: - - host: "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" - paths: - - path: / - pathType: "ImplementationSpecific" - tls: - - secretName: {{ .Values.ingress.tls.secretName | quote }} - hosts: - - "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" - -persistence: - size: {{ .Values.persistence.size.xwiki | quote }} - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - -replicaCount: {{ .Values.replicas.xwiki }} - -resources: - {{ .Values.resources.xwiki | toYaml | nindent 2 }} -... diff --git a/helmfile/apps/xwiki/values.yaml b/helmfile/apps/xwiki/values.yaml.gotmpl similarity index 50% rename from helmfile/apps/xwiki/values.yaml rename to helmfile/apps/xwiki/values.yaml.gotmpl index 05110655..310ee2a1 100644 --- a/helmfile/apps/xwiki/values.yaml +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -1,6 +1,19 @@ -# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -# SPDX-License-Identifier: Apache-2.0 +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} --- +image: + name: "{{ .Values.global.imageRegistry }}/{{ .Values.images.xwiki.repository }}" + tag: {{ .Values.images.xwiki.tag | quote }} + pullPolicy: {{ .Values.global.imagePullPolicy | quote }} + +externalDB: + password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }} + database: {{ .Values.databases.xwiki.name | quote }} + user: {{ .Values.databases.xwiki.username | quote }} + host: {{ .Values.databases.xwiki.host | quote }} + containerSecurityContext: allowPrivilegeEscalation: false enabled: true @@ -20,8 +33,25 @@ customConfigs: xwiki.authentication.ldap.photo_attribute: "jpegPhoto" ## Enable the synchronization of the LDAP profile picture xwiki.authentication.ldap.update_photo: 1 + ## Password of default user + xwiki.superadminpassword: {{ .Values.secrets.xwiki.superadminpassword | quote }} + ## LDAP Server configuration + xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }} + xwiki.authentication.ldap.port: 389 + ## Authentication to the LDAP server + xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" + xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionManagementStack.ldapSearch.xwiki | quote }} + ## Base DN used for searching for users + xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" + ## Allow short update cycles of the LDAP group cache + xwiki.authentication.ldap.groupcache_expiration: 300 xwiki.properties: + oidc.endpoint.authorization: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth" + oidc.endpoint.token: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token" + oidc.endpoint.userinfo: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo" + oidc.endpoint.logout: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout" + oidc.secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }} oidc.scope: "openid,profile,email,address,opendesk" oidc.endpoint.userinfo.method: "GET" oidc.user.nameFormater: "${oidc.user.opendesk_username._clean._lowerCase}" @@ -32,17 +62,29 @@ customConfigs: oidc.endpoint.token.auth_method: "client_secret_basic" oidc.skipped: false oidc.logoutMechanism: "rpInitiated" - -image: - pullPolicy: "IfNotPresent" + url.trustedDomains: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" + workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json" + workplaceServices.base: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + workplaceServices.portalSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }} ingress: - # enabled: true + enabled: {{ .Values.ingress.enabled }} + className: {{ .Values.ingress.ingressClassName | quote }} annotations: kubernetes.io/ingress.class: null nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "250m" + haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" + hosts: + - host: "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" + paths: + - path: / + pathType: "ImplementationSpecific" + tls: + - secretName: {{ .Values.ingress.tls.secretName | quote }} + hosts: + - "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" istio: enabled: false @@ -53,14 +95,22 @@ mariadb: mysql: enabled: false +persistence: + size: {{ .Values.persistence.size.xwiki | quote }} + storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + postgresql: enabled: false properties: + "attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}" + ## Link LDAP users and users authenticated through OIDC + "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1 + "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.colorTheme": "FlamingoThemes.Iceberg" - "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de" + "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de_DE" "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.timezone": "Europe/Berlin" - "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de" + "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de_DE" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.link-color": "@brand-primary" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary" @@ -69,6 +119,9 @@ properties: "@brand-primary" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color": "@brand-primary" + "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": {{ .Values.theme.colors.primary | quote }} + "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": {{ .Values.theme.colors.white | quote }} + "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": {{ .Values.theme.colors.secondaryGreyLight | quote }} # yamllint disable-line rule:line-length "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": " li#tmWorkplaceServices { padding-left: 16px; padding-top: 5px; } .navbar-right { padding-top: 8px; } .navbar { border-bottom: 1px solid #ddd; height: 64px; } div#companylogo { width: 90px; height: auto; padding-top: 7px; padding-left: 9px; }" @@ -91,6 +144,12 @@ properties: # "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))" "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter": "(objectClass=opendeskKnowledgemanagementGroup)" + "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.title": "{{ .Values.theme.texts.productName }} Wissen - $!tdoc.displayTitle" + +replicaCount: {{ .Values.replicas.xwiki }} + +resources: + {{ .Values.resources.xwiki | toYaml | nindent 2 }} securityContext: enabled: true @@ -104,4 +163,5 @@ service: volumePermissions: enabled: true + ...