chore(release): 0.7.1 [skip ci]

## [0.7.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.7.0...v0.7.1) (2024-05-21)

### Bug Fixes

* **ci:** Add Renovate dependency update automation. ([650c41c](650c41c3f0))
* **cryptpad:** Update Helm chart v0.0.19 and include CryptPad app in Helmfile deployment. ([931ed95](931ed95ce1))
* **docu:** Add IdP federation documentation. ([7167055](7167055303))
* **docu:** Rename SYNAPSE_DOMAIN to MATRIX_DOMAIN. If you use SYNAPSE_DOMAIN in your deployment, ensure you set the MATRIX_DOMAIN accordingly before upgrading. ([96baa6c](96baa6cc15))
* **element:** Provide certificate for alternative Synapse domain. ([88ac239](88ac2396e6))
* **helmfile:** Use Open CoDE as default registry for Univention helm chart ([#71](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/71)). ([4e56ce4](4e56ce4073))
* **jitsi:** Bump images to stable-9457-2. ([1d47fa6](1d47fa681a))
* **jitsi:** Raise Jibri memory limits to fullfil Jibri's 2Gi /dev/shm requirement and update Helm chart; To update an existing installation you need to manually delete the `jitsi-prosody` stateful set before the update e.g. `kubectl -n <your_namespace> delete --cascade=orphan statefulsets jitsi-prosody`. Ensure you use the `--cascade=orphan` part, otherwise you have to remove and reinstall the complete deployment. ([6570c13](6570c13f3a))
* **nextcloud:** Bump to 28.0.5 incl. latest app versions. ([04d9372](04d9372cfc))
* **nubus:** Bump Keycloak to 24.0.3. ([923533d](923533d7b7))
* **nubus:** Enable 2FA for group "Domain Admins" by default. ([1179669](11796699bb))
* **nubus:** Update keycloak-bootstap and keycloak-extensions. ([1c6666f](1c6666fe45))
* **open-xchange:** Support change of username. ([b2cfa8b](b2cfa8b996))
* **openproject:** Bump version to 14.0.1, update Helm chart to 4.5.0. ([e085211](e0852119e8))

CHANGELOG.md

@@ -1,3 +1,23 @@
+## [0.7.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.7.0...v0.7.1) (2024-05-21)
+
+
+### Bug Fixes
+
+* **ci:** Add Renovate dependency update automation. ([650c41c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/650c41c3f04b6c7c04a1d5eca76aba7f75e14b96))
+* **cryptpad:** Update Helm chart v0.0.19 and include CryptPad app in Helmfile deployment. ([931ed95](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/931ed95ce16d5be6bde7ea1c1140406f00fef060))
+* **docu:** Add IdP federation documentation. ([7167055](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7167055303bdbe9ad677b16635089c0328a849ff))
+* **docu:** Rename SYNAPSE_DOMAIN to MATRIX_DOMAIN. If you use SYNAPSE_DOMAIN in your deployment, ensure you set the MATRIX_DOMAIN accordingly before upgrading. ([96baa6c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/96baa6cc15bac8d3ce315132699e301093d5d6d8))
+* **element:** Provide certificate for alternative Synapse domain. ([88ac239](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/88ac2396e6888e0f28a80ceebaa0f51d2ba436ee))
+* **helmfile:** Use Open CoDE as default registry for Univention helm chart ([#71](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/71)). ([4e56ce4](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4e56ce4073105003dffbcaa91af473c1f707cd13))
+* **jitsi:** Bump images to stable-9457-2. ([1d47fa6](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1d47fa681adf29e4b4ca432a9d5390972098d2e0))
+* **jitsi:** Raise Jibri memory limits to fullfil Jibri's 2Gi /dev/shm requirement and update Helm chart; To update an existing installation you need to manually delete the `jitsi-prosody` stateful set before the update e.g. `kubectl -n <your_namespace> delete --cascade=orphan statefulsets jitsi-prosody`. Ensure you use the `--cascade=orphan` part, otherwise you have to remove and reinstall the complete deployment. ([6570c13](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6570c13f3a3ad5864de5afe6afb4c60483cd489f))
+* **nextcloud:** Bump to 28.0.5 incl. latest app versions. ([04d9372](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/04d9372cfccc80145962faf4c2387949a43c8f2c))
+* **nubus:** Bump Keycloak to 24.0.3. ([923533d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/923533d7b7527de728f73813397ed0c2a0427da5))
+* **nubus:** Enable 2FA for group "Domain Admins" by default. ([1179669](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/11796699bb551f8b83badd13204654c880b65efe))
+* **nubus:** Update keycloak-bootstap and keycloak-extensions. ([1c6666f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1c6666fe45fb7acd83c26b5f2b808fce3fb9e20b))
+* **open-xchange:** Support change of username. ([b2cfa8b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b2cfa8b9965ce50f593295c80c363bad7ef0454e))
+* **openproject:** Bump version to 14.0.1, update Helm chart to 4.5.0. ([e085211](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e0852119e8e248431f51a86e3bd5177cef0b1e93))
+
 # [0.7.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.6.0...v0.7.0) (2024-05-06)
 
 

docs/enhanced-configuration.md

@@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 
 # Overview
 
-The follownig enhanced configuration use cases are described in separate documents.
+The following enhanced configuration use cases are described in separate documents.
 
 - [Separate mail & Matrix domain](enhanced-configuration/separate-mail-matrix-domain.md)
 - [Federation with external identity provider](enhanced-configuration/idp-federation.md)

helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl

@@ -142,16 +142,6 @@ ldap-notifier:
   enabled: true
   podAnnotations:
     intents.otterize.com/service-name: "ums-ldap-notifier"
-  affinity:
-    podAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        - labelSelector:
-            matchExpressions:
-              - key: statefulset.kubernetes.io/pod-name
-                operator: In
-                values:
-                  - ums-ldap-server-primary-0
-          topologyKey: kubernetes.io/hostname
   image:
     registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapNotifier.registry | quote }}
     repository: {{ .Values.images.umsLdapNotifier.repository | quote }}
@@ -171,22 +161,13 @@ ldap-notifier:
       {{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }}
   volumes:
     claims:
-      shared-data: "shared-data-ums-ldap-server-primary-0"
-      shared-run: "shared-run-ums-ldap-server-primary-0"
+      shared-data: "shared-data-ums-ldap-server-0"
+      shared-run: "shared-run-ums-ldap-server-0"
 
 ldap-server:
   enabled: true
-  replicaCountPrimary: 2
-  replicaCountSecondary: 3
-  replicaCountProxy: 3
   additionalAnnotations:
     intents.otterize.com/service-name: "ums-ldap-server"
-  podAnnotationsPrimary:
-    intents.otterize.com/service-name: "ums-ldap-server-primary"
-  podAnnotationsSecondary:
-    intents.otterize.com/service-name: "ums-ldap-server-secondary"
-  podAnnotationsProxy:
-    intents.otterize.com/service-name: "ums-ldap-server"
   replicaCount: {{ .Values.replicas.umsLdapServer }}
   serviceAccount:
     annotations:
@@ -246,12 +227,8 @@ ldap-server:
     storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
     size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
 
-  resourcesPrimary:
-    {{ .Values.resources.umsLdapServerPrimary | toYaml | nindent 4 }}
-  resourcesSecondary:
-    {{ .Values.resources.umsLdapServerSecondary | toYaml | nindent 4 }}
-  resourcesProxy:
-    {{ .Values.resources.umsLdapServerProxy | toYaml | nindent 4 }}
+  resources:
+    {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
 
   initResources:
     {{ .Values.resources.umsLdapServerInit | toYaml | nindent 4 }}
@@ -366,7 +343,7 @@ portal-listener:
     ucsInternalPath: "portal-data"
 
     ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
     machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
@@ -600,7 +577,7 @@ udm-listener:
   config:
     debugLevel: "4"
     ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
     ldapPort: "389"
@@ -634,8 +611,7 @@ stack-data-ums:
     domainname: {{ .Values.global.domain | quote }}
     externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
     hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
-    ldapMasterHost: {{ .Values.ldap.hostPrimary | quote }}
-    ldapHost: {{ .Values.ldap.hostSecondary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
     ldapBase: {{ .Values.ldap.baseDn | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
@@ -758,7 +734,7 @@ selfservice-listener:
 
   selfserviceListener:
     ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
     machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}

helmfile/environments/default/_helper.yaml

@@ -3,8 +3,6 @@
 ---
 ldap:
   host: "ums-ldap-server"
-  hostPrimary: "ums-ldap-server-primary"
-  hostSecondary: "ums-ldap-server-secondary"
   notifierHost: "ums-ldap-notifier"
   baseDn: "dc=swp-ldap,dc=internal"
 ## Define Keycloak realmname for openDesk

helmfile/environments/default/charts.yaml

@@ -294,7 +294,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
     name: "opendesk-otterize"
-    version: "2.1.0-feat-ldap-server-scalability"
+    version: "2.0.1"
     verify: true
   oxConnector:
     # providerCategory: "Supplier"
@@ -378,7 +378,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "ums"
-    version: "0.16.0"
+    version: "0.13.0"
     verify: true
   umsKeycloakBootstrap:
     # providerCategory: "Supplier"

helmfile/environments/default/global.generated.yaml

@@ -3,5 +3,5 @@
 ---
 global:
   systemInformation:
-    releaseVersion: "v0.7.0"
+    releaseVersion: "v0.7.1"
 ...

helmfile/environments/default/resources.yaml

@@ -391,21 +391,7 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsLdapServerPrimary:
-    limits:
-      cpu: 99
-      memory: "1Gi"
-    requests:
-      cpu: 0.1
-      memory: "256Mi"
-  umsLdapServerSecondary:
-    limits:
-      cpu: 99
-      memory: "1Gi"
-    requests:
-      cpu: 0.1
-      memory: "256Mi"
-  umsLdapServerProxy:
+  umsLdapServer:
     limits:
       cpu: 99
       memory: "1Gi"