mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
35 Commits
gaberb1/po
...
ntretkowsk
| Author | SHA1 | Date | |
|---|---|---|---|
|
e720ef1bdb | ||
|
|
8867d1b204 | ||
|
|
cca755d4af | ||
|
|
2423ac2de6 | ||
|
|
09a233511e | ||
|
|
7d101b18d7 | ||
|
|
10f1ced37d | ||
|
|
2ddbd91f3d | ||
|
|
54277dabae | ||
|
|
b32cb70678 | ||
|
|
b7b9968245 | ||
|
|
b830edf8da | ||
|
|
f5aad1fa47 | ||
|
|
f2fe6f3026 | ||
|
|
1857dd961e | ||
|
|
0ab9979693 | ||
|
|
e0a6850a2d | ||
|
|
7032205acf | ||
|
|
51047936de | ||
|
|
a83ecd5c01 | ||
|
|
080073119b | ||
|
|
ec72602cdd | ||
|
|
9387168e89 | ||
|
|
b5a76bea57 | ||
|
|
bdcfb977e0 | ||
|
|
cb367775a6 | ||
|
|
e37361790b | ||
|
|
70bbbf311f | ||
|
|
cc94f0c66d | ||
|
|
684c6d4f29 | ||
|
|
62fae9976a | ||
|
|
7b592a24b0 | ||
|
|
f3f707c9ee | ||
|
|
850761e047 | ||
|
|
12379d67e0 |
@@ -4,7 +4,7 @@
|
||||
---
|
||||
include:
|
||||
- project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
|
||||
ref: "v2.4.10"
|
||||
ref: "v2.4.17"
|
||||
file:
|
||||
- "ci/common/lint.yml"
|
||||
- "ci/release-automation/semantic-release.yml"
|
||||
@@ -767,17 +767,33 @@ import-default-accounts:
|
||||
- "echo \"Starting default account import for ${DOMAIN}\""
|
||||
- "cd /app"
|
||||
- |
|
||||
./user_import_udm_rest_api.py \
|
||||
--import_domain ${DOMAIN} \
|
||||
--udm_api_password ${DEFAULT_ADMINISTRATOR_PASSWORD} \
|
||||
--set_default_password ${DEFAULT_ACCOUNTS_PASSWORD} \
|
||||
--import_filename ./template.ods \
|
||||
--admin_enable_fileshare True \
|
||||
--admin_enable_knowledgemanagement True \
|
||||
--admin_enable_projectmanagement True \
|
||||
--create_admin_accounts True \
|
||||
--create_maildomains True \
|
||||
--verify_certificate False
|
||||
set +e
|
||||
success=0
|
||||
for i in {1..5}; do
|
||||
echo "Attempt $i/5..."
|
||||
./user_import_udm_rest_api.py \
|
||||
--import_domain ${DOMAIN} \
|
||||
--udm_api_password ${DEFAULT_ADMINISTRATOR_PASSWORD} \
|
||||
--set_default_password ${DEFAULT_ACCOUNTS_PASSWORD} \
|
||||
--import_filename ./template.ods \
|
||||
--admin_enable_fileshare True \
|
||||
--admin_enable_knowledgemanagement True \
|
||||
--admin_enable_projectmanagement True \
|
||||
--create_admin_accounts True \
|
||||
--create_maildomains True \
|
||||
--verify_certificate False
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Script succeeded on attempt $i."
|
||||
success=1
|
||||
break
|
||||
fi
|
||||
echo "Script failed. Waiting 60 seconds before retry..."
|
||||
sleep 60
|
||||
done
|
||||
if [ "$success" -ne 1 ]; then
|
||||
echo "Script failed after 5 attempts."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
run-tests:
|
||||
stage: "post-execute"
|
||||
|
||||
27
CHANGELOG.md
27
CHANGELOG.md
@@ -1,3 +1,30 @@
|
||||
# [1.10.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.9.0...v1.10.0) (2025-11-24)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Update Controller to 1.1.6 incl. Helm chart update to 1.1.10 ([d25c95f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/d25c95f06bc199d09aa6ea4dc09c10e95153de38))
|
||||
* **collabora:** Update from 25.04.5 to 25.04.6 ([8de0f5d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/8de0f5de7277ad726588d7de2d06cb3e9376c993))
|
||||
* **external-services:** Create `nubus_authsession` database ([ec72602](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/ec72602cdd3207f73ff806a26bfe7b9fd32b8634))
|
||||
* **helmfile:** Enable verification for XWiki Helm chart ([5104793](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/51047936de102c610adc00f4dff12d2eb8e945b0))
|
||||
* **helmfile:** Streamline annotations ([7aa717c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7aa717c0509a731c060c58a1b5877e1d9899406f))
|
||||
* **nubus:** Remove legacy `UMC` Keycloak client that was used for SAML connection with the Nubus portal ([152221f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/152221fa7976bfa942d5e9e9b8f78cc8e65765c0))
|
||||
* **open-xchange:** Only enable `smtpSASLAuthEnable` when `relayHost` is set ([70bbbf3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/70bbbf311fcba57c31f535be7d0d453f4a945cee))
|
||||
* **open-xchange:** Optimize Dovecot Pro full-text search caches; review `migrations.md` for required upgrade steps ([f3f707c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f3f707c9eee8edf3ad61834d87b5c059f31b0e26))
|
||||
* **open-xchange:** Template SASL security options ([684c6d4](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/684c6d4f29dd447872ebe582eef43c04034896f7))
|
||||
* **open-xchange:** Update Dovecot configuration based on supplier's best practise review ([850761e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/850761e0475b2f281fb23f6972d5c74fbdaa3a61))
|
||||
* **opendesk-static-files:** [[#260](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/260)] Fix doublette creation of configmap `data` keys when the same file is referenced multiple times for a component ([b5a76be](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b5a76bea57ef7b136c54d1bc95c40f0a0c3f9716))
|
||||
* **openproject:** Update from 16.6.0 to 16.6.1 ([62fae99](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/62fae9976a731c00700d56ce8fab198bb2531d20))
|
||||
* **xwiki:** Update XWiki from 17.4.4 to 17.4.7 ([02a3b77](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/02a3b7711490394690df70ca92bab58b253e34f5))
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **jitsi:** Update from 2.0.10431 to 2.0.10590 ([f5aad1f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f5aad1fa47559f0d3941c233c7d40029a9e83281))
|
||||
* **nubus:** Update from v1.14.0 to v1.15.2 ([12379d6](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/12379d67e07936496fe31276b2052406e0137db6))
|
||||
* **open-xchange:** Support for LDAP group based mailing lists ([cc94f0c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/cc94f0c66df098d0a20f7f0d4a6af5e791557981))
|
||||
* **openproject:** Update OpenProject from 16.5.1 to 16.6.0 ([19438c0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/19438c02817875bd408c5d6cf423d7bfb61f907f))
|
||||
|
||||
# [1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.8.0...v1.9.0) (2025-11-07)
|
||||
|
||||
|
||||
|
||||
@@ -86,7 +86,7 @@ When a repository path starts with `/zendis`, the artifact is only available in
|
||||
### Collabora
|
||||
|
||||
- Collabora Online (COOL) container image: Is build from the same public source code as Collabora Development Edition (CODE), only the build configurations might differ. COOL includes a brand package that is not public and its license is not open source.
|
||||
- COOL Controller container image and Helm chart: Source code and chart are using Mozilla Public License Version 2.0, but the source code is not public. It is provided to customers upon request.
|
||||
- [COOL Controller](https://www.collaboraonline.com/cool-controller-release-notes/) container image and Helm chart: Source code and chart are using Mozilla Public License Version 2.0, but the source code is not public. It is provided to customers upon request.
|
||||
|
||||
openDesk updates Collabora once a COOL image based on the version pattern `<major>.<minor>.<patch>.3+.<build>` was made available. This happens usually at the same time the CODE image with `<major>.<minor>.<patch>.2+.<build>` is made available.
|
||||
|
||||
|
||||
@@ -40,9 +40,9 @@ openDesk currently features the following functional main components:
|
||||
| File management | Nextcloud | AGPL-3.0-or-later | [31.0.7](https://nextcloud.com/de/changelog/#31-0-7) | [Nextcloud 31](https://docs.nextcloud.com/) |
|
||||
| Groupware | OX App Suite | GPL-2.0-only (backend), AGPL-3.0-or-later (frontend) | [8.41](https://documentation.open-xchange.com/appsuite/releases/8.41/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Knowledge management | XWiki | LGPL-2.1-or-later | [17.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/17.4.4/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.14.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.14.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Project management | OpenProject | GPL-3.0-only | [16.6.0](https://www.openproject.org/docs/release-notes/16-6-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | Apache-2.0 | [2.0.10431](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_10431) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.15.2](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.15.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Project management | OpenProject | GPL-3.0-only | [16.6.1](https://www.openproject.org/docs/release-notes/16-6-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | Apache-2.0 | [2.0.10590](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_10590) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | MPL-2.0 | [25.04.6](https://www.collaboraoffice.com/code-25-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
|
||||
While not all components are perfectly designed for the execution inside containers, one of the project's objectives is to
|
||||
|
||||
@@ -31,8 +31,6 @@ sankey-beta
|
||||
|
||||
ClamAV,PersistentVolume,1
|
||||
|
||||
Dovecot,PersistentVolume,1
|
||||
|
||||
Element/Synapse,PostgreSQL,1
|
||||
Element/Synapse,PersistentVolume,1
|
||||
|
||||
@@ -54,9 +52,15 @@ OpenProject,S3,1
|
||||
OpenProject,PersistentVolume,1
|
||||
OpenProject,Memcached,1
|
||||
|
||||
Open-Xchange,MariaDB,1
|
||||
Open-Xchange,PersistentVolume,1
|
||||
Open-Xchange,Redis,1
|
||||
OX App Suite,MariaDB,1
|
||||
OX App Suite,Redis,1
|
||||
OX App Suite,S3,1
|
||||
|
||||
OX Connector,PersistentVolume,1
|
||||
|
||||
OX Dovecot,Cassandra,1
|
||||
OX Dovecot,PersistentVolume,1
|
||||
OX Dovecot,S3,1
|
||||
|
||||
Postfix,PersistentVolume,1
|
||||
|
||||
@@ -70,6 +74,7 @@ XWiki,PersistentVolume,1
|
||||
| -------------------- | ------------ | -------- | --------------------------------------------------------------------------------- | ---------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
|
||||
| **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` |
|
||||
| **Dovecot** | PVC | Yes | openDesk CE only: User mail directories | `dovecot` | `/srv/mail` |
|
||||
| | PVC | Yes | openDesk EE only: Metacache directory | `var-lib-dovecot-dovecot-0` | `/var/lib/dovecot` |
|
||||
| | S3 | Yes | openDesk EE only: User mail | `dovecot` | `dovecot` |
|
||||
| | Cassandra | Yes | openDesk EE only: Metadata and ACLs | `dovecot_dictmap`, `dovecot_acl` | |
|
||||
| **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | |
|
||||
@@ -84,8 +89,8 @@ XWiki,PersistentVolume,1
|
||||
| | | Yes | Login actions and device-fingerprints | `keycloak_extensions` | |
|
||||
| | | Optional | Store of the temporary password reset token | `selfservice` | |
|
||||
| | | Optional | OIDC session storage | `umsAuthSession` | |
|
||||
| | | No | Notification features are not used in openDesk 1.1 | `notificationsapi` | |
|
||||
| | | No | Guardian features are currently not used in openDesk 1.1 | `guardianmanagementapi` | |
|
||||
| | | No | At the moment the notification feature not enabled in openDesk | `notificationsapi` | |
|
||||
| | | No | At the moment the Guardian features are currently not enabled in openDesk | `guardianmanagementapi` | |
|
||||
| | S3 | No | Static files for Portal | `ums` | |
|
||||
| | PVC | Yes | openLDAP database (primary R/W Pods), when restore select the one from the leader | `shared-data-ums-ldap-server-primary-0` | `/var/lib/univention-ldap` |
|
||||
| | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` |
|
||||
@@ -100,13 +105,17 @@ XWiki,PersistentVolume,1
|
||||
| | Memcached | No | Cache | | |
|
||||
| | PVC | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-*-tmp` | `/tmp` |
|
||||
| | | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-app-*-tmp` | `/app/tmp` |
|
||||
| **Open-Xchange** | MariaDB | Yes | Application's control database to coordiate dynamically created ones | `configdb` | |
|
||||
| **OX App Suite** | MariaDB | Yes | Application's control database to coordiate dynamically created ones | `configdb` | |
|
||||
| | | Yes | Dynamically creates databases of schema `PRIMARYDB_n`containing multiple contexts | `PRIMARYDB_*` | |
|
||||
| | | Yes | OX Guard related settings | `oxguard*` | |
|
||||
| | S3 | Yes | Attachments of meetings, contacts and tasks | `openxchange` | |
|
||||
| | Redis | Optional | Cache, session related data, distributed maps | | |
|
||||
| | PVC | Optional | OX Connector: Caching of OX object data | for backup | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||
| **OX Connector** | PVC | Optional | OX Connector: Caching of OX object data | for backup | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||
| | | Yes | OX Connector: OX SOAP API credentials | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
||||
| **OX Dovecot** | PVC | Yes | openDesk CE only: User mail directories | `dovecot` | `/srv/mail` |
|
||||
| | PVC | Yes | openDesk EE only: Various meta data and caches | `var-lib-dovecot` | `/var/lib/dovecot` |
|
||||
| | S3 | Yes | Dovecot Pro/openDesk EE only: User mail | `dovecot` | `dovecot` |
|
||||
| | Cassandra | Yes | Dovecot Pro/openDesk EE only: Metadata and ACLs | `dovecot_dictmap`, `dovecot_acl` | |
|
||||
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
|
||||
| **XWiki** | PostgreSQL | Yes | Application's main database | `xwiki` | |
|
||||
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
|
||||
|
||||
@@ -31,6 +31,11 @@ There are two options to deploy openDesk via Argo CD described in the following
|
||||
|
||||
## Option 1: Use YAML manifests
|
||||
|
||||
> [!warning]
|
||||
> Pre-rendering the YAML files will also embed all referenced secrets into the resulting outputs.
|
||||
> You must ensure that these files are accessible solely to individuals who are expressly authorized
|
||||
> to view the corresponding secrets, as well as the infrastructure and data protected by them.
|
||||
|
||||
This option requires a preprocessing step before using Argo CD. This step requires you to compile the Helmfile based
|
||||
deployment into Kubernetes YAML manifest, to do so you need to execute the helmfile binary:
|
||||
|
||||
|
||||
@@ -32,8 +32,10 @@ This documentation lets you create an openDesk evaluation instance on your Kuber
|
||||
* [Install](#install)
|
||||
* [Install single app](#install-single-app)
|
||||
* [Install single release/chart](#install-single-releasechart)
|
||||
* [Access deployment](#access-deployment)
|
||||
* [Using from external repository](#using-from-external-repository)
|
||||
* [Access deployment](#access-deployment)
|
||||
* [Login](#login)
|
||||
* [Credentials](#credentials)
|
||||
* [Uninstall](#uninstall)
|
||||
<!-- TOC -->
|
||||
|
||||
@@ -63,7 +65,7 @@ For your convenience, we recommend creating a `*.domain.tld` A-Record for your c
|
||||
| Record name | Type | Value | Additional information |
|
||||
|-------------------------------|------|----------------------------------------------------|-------------------------------------------------------------------|
|
||||
| *.domain.tld | A | IPv4 address of your Ingress Controller | |
|
||||
| *.domain.tld | AAAA | IPv6 address of your Ingress Controller | |
|
||||
| *.domain.tld | AAAA | IPv6 address of your Ingress Controller | Optional |
|
||||
| mail.domain.tld | A | IPv4 address of your postfix NodePort/LoadBalancer | Optional, mail should directly be delivered to openDesk's Postfix |
|
||||
| mail.domain.tld | AAAA | IPv6 address of your postfix NodePort/LoadBalancer | Optional, mail should directly be delivered to openDesk's Postfix |
|
||||
| domain.tld | MX | `10 mail.domain.tld` | |
|
||||
@@ -77,6 +79,8 @@ For your convenience, we recommend creating a `*.domain.tld` A-Record for your c
|
||||
|
||||
## Domain
|
||||
|
||||
As example base domain for your deployment we use `domain.tld` in this document.
|
||||
|
||||
A list of all subdomains can be found in `helmfile/environments/default/global.yaml.gotmpl`.
|
||||
|
||||
All subdomains can be customized. For example, _Nextcloud_ can be changed to `files.domain.tld` in `dev` environment:
|
||||
@@ -100,6 +104,11 @@ or alternatively via environment variable:
|
||||
export DOMAIN=domain.tld
|
||||
```
|
||||
|
||||
> [!warning]
|
||||
> Due to a limitation caused by a [bug in the SSSD subcomponent](https://github.com/SSSD/sssd/issues/7246), there
|
||||
> is an upper bound on the total domain length used by openDesk. To avoid issues, we recommend keeping the openDesk
|
||||
> base domain length below 94 characters.
|
||||
|
||||
### Apps
|
||||
|
||||
Depending on your ideal openDesk deployment, you may wish to disable or enable certain apps.
|
||||
@@ -441,17 +450,37 @@ Instead of iterating through all services, you can also deploy a single release
|
||||
helmfile apply -e dev -n <NAMESPACE> -l name=mariadb
|
||||
```
|
||||
|
||||
## Using from external repository
|
||||
|
||||
Referring to `./helmfile_generic.yaml.gotmpl` from an external
|
||||
directory or repository is possible. The `helmfile.yaml.gotmpl` that refers to
|
||||
`./helmfile_generic.yaml.gotmpl` may define custom environments. These custom
|
||||
environments may overwrite specific configuration values. These
|
||||
configuration values are:
|
||||
|
||||
* `global.domain`
|
||||
* `global.helmRegistry`
|
||||
* `global.master_password`
|
||||
|
||||
# Access deployment
|
||||
|
||||
## Login
|
||||
|
||||
When all apps are successfully deployed, and their Pod status is `Running` or `Succeeded`, you can navigate to
|
||||
|
||||
```text
|
||||
https://domain.tld
|
||||
```
|
||||
|
||||
which will redirect you to the actual URL of the openDesk portal:
|
||||
|
||||
```text
|
||||
https://portal.domain.tld
|
||||
```
|
||||
|
||||
If you change the subdomain of `nubus`, you must replace the subdomain of `portal` with the same subdomain.
|
||||
By default the portal will send you to openDesk's login screen.
|
||||
|
||||
**Credentials:**
|
||||
## Credentials
|
||||
|
||||
openDesk deploys with the standard user account `Administrator`, the password for which can be retrieved as follows:
|
||||
|
||||
@@ -483,18 +512,6 @@ docker run --rm registry.opencode.de/bmi/opendesk/components/platform-developmen
|
||||
--create_admin_accounts True
|
||||
```
|
||||
|
||||
## Using from external repository
|
||||
|
||||
Referring to `./helmfile_generic.yaml.gotmpl` from an external
|
||||
directory or repository is possible. The `helmfile.yaml.gotmpl` that refers to
|
||||
`./helmfile_generic.yaml.gotmpl` may define custom environments. These custom
|
||||
environments may overwrite specific configuration values. These
|
||||
configuration values are:
|
||||
|
||||
* `global.domain`
|
||||
* `global.helmRegistry`
|
||||
* `global.master_password`
|
||||
|
||||
# Uninstall
|
||||
|
||||
You can uninstall the deployment by executing the following:
|
||||
|
||||
@@ -10,8 +10,21 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Deprecation warnings](#deprecation-warnings)
|
||||
* [Overview and mandatory upgrade path](#overview-and-mandatory-upgrade-path)
|
||||
* [Manual checks/actions](#manual-checksactions)
|
||||
* [Versions ≥ v1.11.0](#versions--v1110)
|
||||
* [Pre-upgrade to versions ≥ v1.11.0](#pre-upgrade-to-versions--v1110)
|
||||
* [Helmfile new option: Annotations for external services (Dovecot, Jitsi JVB, Postfix)](#helmfile-new-option-annotations-for-external-services-dovecot-jitsi-jvb-postfix)
|
||||
* [Versions ≥ v1.10.0](#versions--v1100)
|
||||
* [Pre-upgrade to versions ≥ v1.10.0](#pre-upgrade-to-versions--v1100)
|
||||
* [Deployment cleanup: Collabora Controller](#deployment-cleanup-collabora-controller)
|
||||
* [Helmfile new secret: `secrets.nubus.ldapSearch.postfix`](#helmfile-new-secret-secretsnubusldapsearchpostfix)
|
||||
* [Helmfile new secret: `secrets.doveocot.sharedMailboxesMasterPassword`](#helmfile-new-secret-secretsdoveocotsharedmailboxesmasterpassword)
|
||||
* [New Helmfile default: Nubus provisioning debug container no longer deployed](#new-helmfile-default-nubus-provisioning-debug-container-no-longer-deployed)
|
||||
* [New Helmfile default: Postfix SMTP SASL security options](#new-helmfile-default-postfix-smtp-sasl-security-options)
|
||||
* [Post-upgrade to versions ≥ v1.10.0](#post-upgrade-to-versions--v1100)
|
||||
* [New application default: Dovecot full-text search index configuration](#new-application-default-dovecot-full-text-search-index-configuration)
|
||||
* [Versions ≥ v1.9.0](#versions--v190)
|
||||
* [Pre-upgrade to versions ≥ v1.9.0](#pre-upgrade-to-versions--v190)
|
||||
* [New application default: Postfix SMTP SASL security option](#new-application-default-postfix-smtp-sasl-security-option)
|
||||
* [Helmfile fix: Cassandra passwords read from `databases.*`](#helmfile-fix-cassandra-passwords-read-from-databases)
|
||||
* [Helmfile new feature: `functional.groupware.externalClients.*`](#helmfile-new-feature-functionalgroupwareexternalclients)
|
||||
* [Versions ≥ v1.8.0](#versions--v180)
|
||||
@@ -143,19 +156,20 @@ matching that constraint, though our links always point to the newest patch rele
|
||||
> 1. Upgrade to v1.7.1 → post steps for v1.6.0 to v1.7.1
|
||||
|
||||
<!-- IMPORTANT: Make sure to mark mandatory releases if an automatic migration requires a previous update to be installed -->
|
||||
| Version | Mandatory | Pre-Upgrade | Post-Upgrade | Minimum Required Previous Version |
|
||||
|-----------------------------------------------------------------------------------------|-----------|--------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|-----------------------------------------------------|
|
||||
| [v1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.9.0) | -- | [Pre](#pre-upgrade-to-versions--v190) | -- | ⬇ Install ≥ v1.5.0 first |
|
||||
| [v1.8.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.8.0) | -- | [Pre](#pre-upgrade-to-versions--v180) | -- | ⬇ Install ≥ v1.5.0 first |
|
||||
| [v1.7.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.7.1) | -- | [Pre](#pre-upgrade-to-versions--v170) | [Post](#post-upgrade-to-versions--v170) | ⬇ Install ≥ v1.5.0 first |
|
||||
| [v1.6.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.6.0) | -- | [Pre](#pre-upgrade-to-versions--v160) | [Post](#post-upgrade-to-versions--v160) | [⚠ Install v1.5.0 first](#versions--v160-automated) |
|
||||
| [v1.5.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.5.0) | **yes** | -- | -- | ⬇ Install ≥ v1.1.x first |
|
||||
| [v1.4.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.4.1) | -- | [Pre](#pre-upgrade-to-versions--v140) | -- | ⬇ Install ≥ v1.1.x first |
|
||||
| [v1.3.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.3.2) | -- | [Pre](#pre-upgrade-to-versions--v130) | -- | ⬇ Install ≥ v1.1.x first |
|
||||
| [v1.2.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.2.1) | -- | [Pre](#pre-upgrade-to-versions--v120) | -- | [⚠ Install v1.1.x first](#versions--v120-automated) |
|
||||
| [v1.1.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.1.2) | **yes** | [Pre .0](#pre-upgrade-to-versions--v110) → [Pre .1](#pre-upgrade-to-versions--v111) → [Pre .2](#pre-upgrade-to-versions--v112) | [Post](#post-upgrade-to-versions--v110) | [⚠ Install v1.0.0 first](#versions--v110-automated) |
|
||||
| [v1.0.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.0.0) | **yes** | [Pre](#pre-upgrade-to-versions--v100) | [Post](#post-upgrade-to-versions--v100) | [⚠ Install v0.9.0 first](#versions--v100-automated) |
|
||||
| [v0.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v0.9.0) | **yes** | -- | -- | -- |
|
||||
| Version | Mandatory | Pre-Upgrade | Post-Upgrade | Minimum Required Previous Version |
|
||||
| ---------------------------------------------------------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------- | ---------------------------------------------------- |
|
||||
| [v1.10.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.9.0) | -- | [Pre](#pre-upgrade-to-versions--v1100) | [Post](#post-upgrade-to-versions--v1100) | ⬇ Install ≥ v1.5.0 first |
|
||||
| [v1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.9.0) | -- | [Pre](#pre-upgrade-to-versions--v190) | -- | ⬇ Install ≥ v1.5.0 first |
|
||||
| [v1.8.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.8.0) | -- | [Pre](#pre-upgrade-to-versions--v180) | -- | ⬇ Install ≥ v1.5.0 first |
|
||||
| [v1.7.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.7.1) | -- | [Pre](#pre-upgrade-to-versions--v170) | [Post](#post-upgrade-to-versions--v170) | ⬇ Install ≥ v1.5.0 first |
|
||||
| [v1.6.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.6.0) | -- | [Pre](#pre-upgrade-to-versions--v160) | [Post](#post-upgrade-to-versions--v160) | [⚠ Install v1.5.0 first](#versions--v160-automated) |
|
||||
| [v1.5.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.5.0) | **yes** | -- | -- | ⬇ Install ≥ v1.1.x first |
|
||||
| [v1.4.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.4.1) | -- | [Pre](#pre-upgrade-to-versions--v140) | -- | ⬇ Install ≥ v1.1.x first |
|
||||
| [v1.3.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.3.2) | -- | [Pre](#pre-upgrade-to-versions--v130) | -- | ⬇ Install ≥ v1.1.x first |
|
||||
| [v1.2.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.2.1) | -- | [Pre](#pre-upgrade-to-versions--v120) | -- | [⚠ Install v1.1.x first](#versions--v120-automated) |
|
||||
| [v1.1.x](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.1.2) | **yes** | [Pre .0](#pre-upgrade-to-versions--v110) → [Pre .1](#pre-upgrade-to-versions--v111) → [Pre .2](#pre-upgrade-to-versions--v112) | [Post](#post-upgrade-to-versions--v110) | [⚠ Install v1.0.0 first](#versions--v110-automated) |
|
||||
| [v1.0.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v1.0.0) | **yes** | [Pre](#pre-upgrade-to-versions--v100) | [Post](#post-upgrade-to-versions--v100) | [⚠ Install v0.9.0 first](#versions--v100-automated) |
|
||||
| [v0.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases/v0.9.0) | **yes** | -- | -- | -- |
|
||||
|
||||
> [!warning]
|
||||
> Be sure to check out the table in the release version you are going to install, and not the currently installed version.
|
||||
@@ -171,13 +185,106 @@ If you would like more details about the automated migrations, please read secti
|
||||
> listed no extra manual steps are required when upgrading to that version, e.g. in the case of an update from
|
||||
> version 1.7.0 to version 1.7.1.
|
||||
|
||||
## Versions ≥ v1.9.0
|
||||
## Versions ≥ v1.11.0
|
||||
|
||||
### Pre-upgrade to versions ≥ v1.9.0
|
||||
### Pre-upgrade to versions ≥ v1.11.0
|
||||
|
||||
#### Helmfile fix: New Postfix SMTP SASL security option defaults
|
||||
#### Helmfile new option: Annotations for external services (Dovecot, Jitsi JVB, Postfix)
|
||||
|
||||
Starting from openDesk v1.9.0, the SMTP SALS security options set within openDesk are aligned with the
|
||||
**Target group:** Existing deployments using `service` annotations.
|
||||
|
||||
The three non-HTTP external services support now explicit annotations.
|
||||
See [`annotations.yaml.gomtpl`](../helmfile/environments/default/annotations.yaml.gotmpl) for reference.
|
||||
|
||||
**Jitsi JVB**
|
||||
|
||||
The already existing annotation key `annotations.jitsiJVB.service` has been renamed to
|
||||
`annotations.jitsiJVB.serviceExternal` be in line with the newly added ones for Postfix and Dovecot.
|
||||
If you make use of the JVB service annotation please rename the attribute to the new `serviceExternal` standard.
|
||||
|
||||
**Dovecot**
|
||||
|
||||
Setting service annotation by `annotations.openxchangeDovecot.service` applied the annotations to the internal
|
||||
and external service. This key now only sets annotations for the internal service. If you want to set
|
||||
annotations for the external service use the newly introduced key `annotations.openxchangeDovecot.serviceExternal`.
|
||||
|
||||
**Postfix**
|
||||
|
||||
Setting service annotation by `annotations.openxchangePostfix.service` applied the annotations to the internal
|
||||
and external service. This key now only sets annotations for the internal service. If you want to set
|
||||
annotations for the external service use the newly introduced key `annotations.openxchangePostfix.serviceExternal`.
|
||||
|
||||
## Versions ≥ v1.10.0
|
||||
|
||||
### Pre-upgrade to versions ≥ v1.10.0
|
||||
|
||||
#### Deployment cleanup: Collabora Controller
|
||||
|
||||
**Target group:** Existing openDesk Enterprise deployments using Collabora Controller. Actually only long running
|
||||
deployments are affected, but following the instructions won't hurt.
|
||||
|
||||
As per upstream release notes for [Collabora Online Controller 1.1.4](https://www.collaboraonline.com/cool-controller-release-notes/)
|
||||
you have to remove the existing leases of the Controller. You can do so by setting `<your_namespace>` and executing
|
||||
the commands below.
|
||||
|
||||
```shell
|
||||
export NAMESPACE=<your_namespace>
|
||||
export COLLABORA_CONTROLLER_DEPLOYMENT_NAME=collabora-controller-cool-controller
|
||||
kubectl -n ${NAMESPACE} scale deployment/${COLLABORA_CONTROLLER_DEPLOYMENT_NAME} --replicas=0
|
||||
kubectl -n ${NAMESPACE} delete -n collabora leases.coordination.k8s.io collabora-online
|
||||
```
|
||||
|
||||
> [!note]
|
||||
> The Collabora Online Controller is not scaled up again, as this would happen as part of the upgrade deployment.
|
||||
|
||||
#### Helmfile new secret: `secrets.nubus.ldapSearch.postfix`
|
||||
|
||||
**Target group:** All existing deployments that use self-defined secrets.
|
||||
|
||||
The updated Postfix configuration supporting LDAP group based mailing list requires a new secret that is
|
||||
declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) by the key
|
||||
`secrets.nubus.ldapSearch.postfix`.
|
||||
|
||||
If you define your own secrets, please ensure that you provide a value for this secret, otherwise it will
|
||||
be derived from the `MASTER_PASSWORD`.
|
||||
|
||||
#### Helmfile new secret: `secrets.doveocot.sharedMailboxesMasterPassword`
|
||||
|
||||
**Target group:** All existing deployments that have OX App Suite enabled and that use self-defined secrets.
|
||||
|
||||
The revised Dovecot configuration requires a new secret that is declared in
|
||||
[`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) by the key
|
||||
`secrets.doveocot.sharedMailboxesMasterPassword`.
|
||||
|
||||
If you define your own secrets, please ensure that you provide a value for this secret, otherwise it will
|
||||
be derived from the `MASTER_PASSWORD`.
|
||||
|
||||
#### New Helmfile default: Nubus provisioning debug container no longer deployed
|
||||
|
||||
**Target group:** All deployments that make use of the debugging container for Nubus' provisioning stack called "nats-box",
|
||||
|
||||
The [nats-box](https://github.com/nats-io/nats-box), a handy tool when it comes to debugging the Nubus provisioning stack, is no longer enabled in openDesk by default.
|
||||
|
||||
To re-enable the nats-box for your deployment you have to set:
|
||||
```yaml
|
||||
technical:
|
||||
nubus:
|
||||
provisioning:
|
||||
nats:
|
||||
natsBox:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
> [!note]
|
||||
> The nats-box also gets enabled when setting `debug.enabled: true`, but that should only be used in non-production scenarios and enabled debug
|
||||
> accross the whole deployment.
|
||||
|
||||
#### New Helmfile default: Postfix SMTP SASL security options
|
||||
|
||||
**Target group:** All openDesk deployments using an external SMTP relay that does not support
|
||||
[Postfix's default `smtpSASLSecurityOptions`](https://www.postfix.org/postconf.5.html#smtp_sasl_security_options).
|
||||
|
||||
Starting from openDesk v1.9.0, the SMTP SASL security options set within openDesk are aligned with the
|
||||
recommended defaults. This might break currently working connections with external SMTP relays.
|
||||
|
||||
> [!warning]
|
||||
@@ -209,6 +316,36 @@ smtp:
|
||||
- "noplaintext"
|
||||
```
|
||||
|
||||
### Post-upgrade to versions ≥ v1.10.0
|
||||
|
||||
#### New application default: Dovecot full-text search index configuration
|
||||
|
||||
**Target group:** All openDesk Enterprise deployments using the groupware module.
|
||||
|
||||
Due to a configurational change the full-text search indexes of Dovecot Pro need to be rebuilt.
|
||||
|
||||
Run the following command inside the Dovecot container:
|
||||
|
||||
```shell
|
||||
set -x; for d in /var/lib/dovecot/*/*; do uuid=$(basename "$d"); [[ $uuid =~ ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$ ]] || continue; doveadm fts rescan -u "$uuid"; doveadm index -u "$uuid" -q '*'; done
|
||||
```
|
||||
|
||||
## Versions ≥ v1.9.0
|
||||
|
||||
### Pre-upgrade to versions ≥ v1.9.0
|
||||
|
||||
#### New application default: Postfix SMTP SASL security option
|
||||
|
||||
**Target group:** All openDesk deployments using an external SMTP relay that does not support
|
||||
[Postfix's default `smtpSASLSecurityOptions`](https://www.postfix.org/postconf.5.html#smtp_sasl_security_options).
|
||||
|
||||
Starting from openDesk v1.9.0, the SMTP SASL security options set within openDesk are aligned with the
|
||||
recommended defaults. This might break currently working connections with external SMTP relays. To prevent
|
||||
this you have to configure the supported options for your mail relay one of the following ways:
|
||||
|
||||
- Recommended: Directly upgrade to v1.10.0 and set SMTP SASL options through `smtp.security.*`.
|
||||
- Configure a customization for `smtpSASLSecurityOptions`.
|
||||
|
||||
#### Helmfile fix: Cassandra passwords read from `databases.*`
|
||||
|
||||
**Target group:** All of the below must apply to your deployment:
|
||||
@@ -483,7 +620,7 @@ Please ensure you read the [Nubus 1.10.0 "Migration steps" section](https://docs
|
||||
|
||||
For OX App Suite to access the object storage a new secret has been introduced.
|
||||
|
||||
It is declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) by the key: `secrets.minio.openxchangeUser`. If you define your own secrets, please ensure that you provide a value for this secret as well, otherwise the aforementioned secret will be derived from the `MASTER_PASSWORD`.
|
||||
It is declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) by the key: `secrets.minio.openxchangeUser`. If you define your own secrets, please ensure that you provide a value for this secret as well, otherwise it will be derived from the `MASTER_PASSWORD`.
|
||||
|
||||
#### Helmfile new object storage: `objectstores.openxchange.*`
|
||||
|
||||
|
||||
@@ -23,8 +23,7 @@ openDesk includes integration with Prometheus-based monitoring.
|
||||
|
||||
Together with [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), you can easily leverage the full potential of the open-source cloud-native observability stack.
|
||||
|
||||
Before enabling the following options, you need to install the respective custom resource definitions (CRDs) from the kube-prometheus-stack
|
||||
repository or Prometheus operator.
|
||||
Before enabling the following options, you need to install the respective custom resource definitions (CRDs) from the kube-prometheus-stack repository which should at least include the Prometheus Operator.
|
||||
|
||||
# Defaults
|
||||
|
||||
@@ -33,14 +32,16 @@ All configurable options and their defaults can be found in
|
||||
|
||||
# Metrics
|
||||
|
||||
To deploy `podMonitor` and `serviceMonitor` custom resources, enable it by:
|
||||
To deploy `podMonitor` and `serviceMonitor` custom resources, enable them by:
|
||||
|
||||
```yaml
|
||||
prometheus:
|
||||
serviceMonitors:
|
||||
enabled: true
|
||||
podMonitors:
|
||||
enabled: true
|
||||
monitoring:
|
||||
prometheus:
|
||||
serviceMonitors:
|
||||
enabled: true
|
||||
podMonitors:
|
||||
enabled: true
|
||||
```
|
||||
```
|
||||
|
||||
# Alerts
|
||||
@@ -51,19 +52,23 @@ Some of these are created by our partners while others are defined in [opendesk-
|
||||
All alert rules are deployed as [PrometheusRule](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.PrometheusRule) and can be enabled like this:
|
||||
|
||||
```yaml
|
||||
prometheus:
|
||||
prometheusRules:
|
||||
enabled: true
|
||||
monitoring:
|
||||
prometheus:
|
||||
prometheusRules:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
# Dashboards for Grafana
|
||||
|
||||
To deploy optional Grafana dashboards with ConfigMaps, enable the functionality with:
|
||||
If your Grafana instance is deployed via kube-prometheus-stack, or you have deployed the [Sidecar for datasources](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md#sidecar-for-datasources), openDesk can make dashboards available via ConfigMap resources.
|
||||
|
||||
Enable the functionality with the following snippet:
|
||||
|
||||
```yaml
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: true
|
||||
monitoring:
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
Please find further details in the [related Helm chart](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dashboards).
|
||||
|
||||
@@ -29,14 +29,14 @@ openDesk is a Kubernetes-only solution and requires an existing Kubernetes (K8s)
|
||||
- K8s cluster >= v1.24, [CNCF Certified Kubernetes distribution](https://www.cncf.io/certification/software-conformance/)
|
||||
- Domain and DNS Service
|
||||
- Ingress controller (Ingress NGINX) >= [4.11.5/1.11.5](https://github.com/kubernetes/ingress-nginx/releases)
|
||||
- [Helm](https://helm.sh/) >= v3.17.3, but not v3.18.0[^1]
|
||||
- [Helm](https://helm.sh/) >= v3.17.3 (but not v3.18.0[^1]) and < v4[^2],
|
||||
- [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= v1.0.0
|
||||
- [HelmDiff](https://github.com/databus23/helm-diff) >= v3.11.0
|
||||
- Volume provisioner supporting RWO (read-write-once)[^2]
|
||||
- Volume provisioner supporting RWO (read-write-once)[^3]
|
||||
- Certificate handling with [cert-manager](https://cert-manager.io/)
|
||||
|
||||
**Additional openDesk Enterprise requirements**
|
||||
- [OpenKruise](https://openkruise.io/)[^3] >= v1.6
|
||||
- [OpenKruise](https://openkruise.io/)[^4] >= v1.6
|
||||
|
||||
# Hardware
|
||||
|
||||
@@ -138,8 +138,11 @@ Helmfile requires [HelmDiff](https://github.com/databus23/helm-diff) to compare
|
||||
|
||||
# Footnotes
|
||||
|
||||
[^1]: Due to a [Helm bug](https://github.com/helm/helm/issues/30890) Helm 3.18.0 is not supported.
|
||||
[^1]: Due to a [Helm bug](https://github.com/helm/helm/issues/30890) Helm v3.18.0 is not supported.
|
||||
|
||||
[^2]: Due to [restrictions on Kubernetes `emptyDir`](https://github.com/kubernetes/kubernetes/pull/130277) you need a volume provisioner that has sticky bit support, otherwise the OpenProject seeder job will fail. E.g. the `local-path-provisioner` does not have sticky bit support.
|
||||
[^2]: Helm v4 introduced stricter flag grouping that is not yet supported by the helmdiff plugin.
|
||||
|
||||
[^3]: Due to [restrictions on Kubernetes `emptyDir`](https://github.com/kubernetes/kubernetes/pull/130277) you need a volume provisioner that has sticky bit support, otherwise the OpenProject seeder job will fail. E.g. the `local-path-provisioner` does not have sticky bit support.
|
||||
|
||||
[^4]: Required for Dovecot Pro as part of openDesk Enterprise Edition.
|
||||
|
||||
[^3]: Required for Dovecot Pro as part of openDesk Enterprise Edition.
|
||||
|
||||
@@ -21,9 +21,10 @@ For more details on Chart validation, please visit: https://helm.sh/docs/topics/
|
||||
|
||||
All charts except the ones mentioned below are verifiable:
|
||||
|
||||
| Repository | Verifiable |
|
||||
|-------------------|:----------:|
|
||||
| open-xchange-repo | no |
|
||||
| Repository | Verifiable |
|
||||
| ------------------------- | :--------: |
|
||||
| collabora-controller-repo | no |
|
||||
| open-xchange-repo | no |
|
||||
|
||||
# Kubernetes security enforcements
|
||||
|
||||
|
||||
@@ -248,9 +248,9 @@ jitsi:
|
||||
{{ .Values.resources.jvb | toYaml | nindent 6 }}
|
||||
service:
|
||||
type: {{ coalesce .Values.service.type.jitsiVideoBridge .Values.cluster.service.type | quote }}
|
||||
{{- if .Values.annotations.jitsiJvb.service }}
|
||||
{{- if .Values.annotations.jitsiJvb.serviceExternal }}
|
||||
annotations:
|
||||
{{ .Values.annotations.jitsiJvb.service | toYaml | nindent 8 }}
|
||||
{{ .Values.annotations.jitsiJvb.serviceExternal | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -183,20 +183,12 @@ keycloak:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloak.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloak.tag }}
|
||||
# NOTE: The subchart "keycloak" does not yet support
|
||||
# "global.imagePullPolicy". The local configuration can be removed once it
|
||||
# does have this feature.
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
ingress:
|
||||
enabled: false
|
||||
keycloak:
|
||||
auth:
|
||||
username: "kcadmin"
|
||||
# TODO: Pending secrets refactoring to be able to provide the value directly
|
||||
existingSecret:
|
||||
name: "ums-opendesk-keycloak-credentials"
|
||||
keyMapping:
|
||||
adminPassword: "admin_password"
|
||||
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
login:
|
||||
messages:
|
||||
de:
|
||||
@@ -448,12 +440,6 @@ nubusKeycloakExtensions:
|
||||
keycloak:
|
||||
auth:
|
||||
username: "kcadmin"
|
||||
# TODO: Pending secrets refactoring in component chart. This will refer to
|
||||
# the secret generated by the keycloak subchart.
|
||||
existingSecret:
|
||||
name: "ums-opendesk-keycloak-credentials"
|
||||
keyMapping:
|
||||
adminPassword: "admin_password"
|
||||
proxy:
|
||||
additionalAnnotations:
|
||||
{{ .Values.annotations.nubusKeycloakExtensions.proxyAdditional | toYaml | nindent 6 }}
|
||||
@@ -461,13 +447,6 @@ nubusKeycloakExtensions:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }}
|
||||
# NOTE: The subchart "keycloak-extensions" does not yet support
|
||||
# "global.imagePullPolicy".
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
# NOTE: Remove once the keycloak-extensions subchart respects
|
||||
# "global.imagePullSecrets".
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
ingress:
|
||||
annotations:
|
||||
nginx.org/proxy-buffer-size: "8k"
|
||||
@@ -563,13 +542,6 @@ nubusKeycloakExtensions:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
|
||||
# NOTE: The subchart "keycloak-extensions" does not yet support
|
||||
# "global.imagePullPolicy".
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
# NOTE: Remove once the keycloak-extensions subchart respects
|
||||
# "global.imagePullSecrets".
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-keycloak-extensions-handler"
|
||||
{{- with .Values.annotations.nubusKeycloakExtensions.handlerPod }}
|
||||
@@ -622,7 +594,7 @@ nubusPortalConsumer:
|
||||
replicaCount: {{ .Values.replicas.umsPortalConsumer }}
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }}
|
||||
resourcesWaitForDependency:
|
||||
initResources:
|
||||
{{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }}
|
||||
containerSecurityContext:
|
||||
seccompProfile:
|
||||
@@ -1021,11 +993,13 @@ nubusProvisioning:
|
||||
{{- with .Values.annotations.nubusProvisioning.natsAdditional }}
|
||||
{{ . | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
auth:
|
||||
adminPassword: {{ .Values.secrets.nats.natsAdminPassword | quote }}
|
||||
config:
|
||||
cluster:
|
||||
replicas: {{ .Values.replicas.umsProvisioningNats }}
|
||||
createUsers:
|
||||
adminUser:
|
||||
auth:
|
||||
password: {{ .Values.secrets.nats.natsAdminPassword | quote }}
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
@@ -1045,19 +1019,12 @@ nubusProvisioning:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNats.registry | quote }}
|
||||
repository: {{ .Values.images.nubusNats.repository }}
|
||||
tag: {{ .Values.images.nubusNats.tag }}
|
||||
# NOTE: The subchart does not yet fully support
|
||||
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||
# been adjusted.
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
natsBox:
|
||||
enabled: {{ or .Values.technical.nubus.provisioning.nats.natsBox.enabled .Values.debug.enabled }}
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsBox.registry | quote }}
|
||||
repository: {{ .Values.images.nubusNatsBox.repository }}
|
||||
tag: {{ .Values.images.nubusNatsBox.tag }}
|
||||
# NOTE: The subchart does not yet fully support
|
||||
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||
# been adjusted.
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
persistence:
|
||||
size: {{ .Values.persistence.storages.nubusProvisioningNats.size }}
|
||||
# storageClassName: -- coalesce .Values.persistence.storages.nubusProvisioningNats.storageClassName .Values.persistence.storageClassNames.RWO | quote --
|
||||
@@ -1219,6 +1186,8 @@ nubusSelfServiceConsumer:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfServiceConsumer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusSelfServiceConsumer.repository }}
|
||||
tag: {{ .Values.images.nubusSelfServiceConsumer.tag }}
|
||||
initResources:
|
||||
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-selfservice-listener"
|
||||
{{- with .Values.annotations.nubusSelfserviceConsumer.pod }}
|
||||
@@ -1229,8 +1198,6 @@ nubusSelfServiceConsumer:
|
||||
password: {{ .Values.secrets.nubus.selfserviceConsumer.provisioningApiPassword | quote}}
|
||||
resources:
|
||||
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
|
||||
resourcesWaitForDependency:
|
||||
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
|
||||
replicaCount: {{ .Values.replicas.umsSelfserviceConsumer }}
|
||||
serviceAccount:
|
||||
annotations:
|
||||
@@ -1291,6 +1258,7 @@ nubusStackDataUms:
|
||||
host: {{ .Values.cache.umsSelfservice.host | quote }}
|
||||
postgresql:
|
||||
auth:
|
||||
database: {{ .Values.databases.umsSelfservice.name | quote }}
|
||||
username: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||
connection:
|
||||
host: {{ .Values.databases.umsSelfservice.host | quote }}
|
||||
@@ -1485,7 +1453,9 @@ nubusUmcServer:
|
||||
bundled: false
|
||||
server: {{ .Values.cache.umsSelfservice.host | quote }}
|
||||
auth:
|
||||
password: ""
|
||||
# The memcached connection is not authenticated in openDesk but the umc-server pod needs a secret it can mount.
|
||||
password: "stub-value"
|
||||
existingSecret: null
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-umc-server"
|
||||
{{- with .Values.annotations.nubusUmcServer.pod }}
|
||||
@@ -1631,15 +1601,9 @@ nubusKeycloakBootstrap:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakBootstrap.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloakBootstrap.tag }}
|
||||
# NOTE: The subchart does not yet fully support
|
||||
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||
# been adjusted.
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
keycloak:
|
||||
auth:
|
||||
username: "kcadmin"
|
||||
existingSecret:
|
||||
name: "ums-opendesk-keycloak-credentials"
|
||||
ldap:
|
||||
auth:
|
||||
bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }}
|
||||
@@ -1674,9 +1638,6 @@ extraSecrets:
|
||||
- name: "ums-opendesk-guardian-client-secret"
|
||||
stringData:
|
||||
managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
||||
- name: "ums-opendesk-keycloak-credentials"
|
||||
stringData:
|
||||
admin_password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
- name: "ums-keycloak-postgresql-opendesk-credentials"
|
||||
stringData:
|
||||
keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
|
||||
@@ -33,13 +33,18 @@ dovecot:
|
||||
password:
|
||||
value: {{ .Values.databases.dovecotACL.password | default .Values.secrets.cassandra.dovecotACLUser | quote }}
|
||||
keyspace: {{ .Values.databases.dovecotACL.name | quote }}
|
||||
masterPassword:
|
||||
value: {{ .Values.secrets.dovecot.sharedMailboxesMasterPassword | quote }}
|
||||
objectStorage:
|
||||
bucket: {{ .Values.objectstores.dovecot.bucket | quote }}
|
||||
cacheTmpfs: {{ if .Values.technical.dovecot.objectStorage.cacheTmpfs }}true{{ else }}false{{ end }}
|
||||
encryption:
|
||||
privateKey:
|
||||
value: {{ requiredEnv "DOVECOT_CRYPT_PRIVATE_KEY" | quote }}
|
||||
publicKey:
|
||||
value: {{ requiredEnv "DOVECOT_CRYPT_PUBLIC_KEY" | quote }}
|
||||
fsCacheSize: {{ .Values.technical.dovecot.objectStorage.fsCacheSize | quote }}
|
||||
ftsCacheSize: {{ .Values.technical.dovecot.objectStorage.ftsCacheSize | quote }}
|
||||
fqdn: {{ .Values.objectstores.dovecot.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
username: {{ .Values.objectstores.dovecot.username | quote }}
|
||||
password:
|
||||
|
||||
@@ -140,6 +140,8 @@ service:
|
||||
{{ .Values.annotations.openxchangeDovecot.service | toYaml | nindent 4 }}
|
||||
external:
|
||||
enabled: true
|
||||
annotations:
|
||||
{{ .Values.annotations.openxchangeDovecot.serviceExternal | toYaml | nindent 6 }}
|
||||
type: {{ coalesce .Values.service.type.dovecot .Values.cluster.service.type | quote }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
@@ -64,11 +64,14 @@ postfix:
|
||||
password:
|
||||
value: {{ .Values.smtp.password }}
|
||||
smtpSASLAuthEnable: "yes"
|
||||
{{- else }}
|
||||
smtpSASLAuthEnable: "no"
|
||||
{{- end }}
|
||||
allowRelayNets: false
|
||||
smtpTLSSecurityLevel: "encrypt"
|
||||
smtpdSASLAuthEnable: "yes"
|
||||
smtpdSASLSecurityOptions: "noanonymous"
|
||||
smtpdSASLSecurityOptions: {{ .Values.smtp.security.smtpdSASLSecurityOptions | join ", " | quote }}
|
||||
smtpSASLSecurityOptions: {{ .Values.smtp.security.smtpSASLSecurityOptions | join ", " | quote }}
|
||||
smtpdSASLType: "dovecot"
|
||||
smtpdTLSSecurityLevel: "encrypt"
|
||||
smtpdTLSCertFile: "/etc/tls/tls.crt"
|
||||
@@ -78,6 +81,25 @@ postfix:
|
||||
staticAuthDB:
|
||||
enabled: false
|
||||
|
||||
ldapTransportMaps: []
|
||||
|
||||
ldapVirtualAliasMaps:
|
||||
- host: "ums-ldap-server"
|
||||
scheme: "ldap"
|
||||
port: 389
|
||||
baseDn: "{{ .Values.ldap.baseDn }}"
|
||||
bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
password:
|
||||
value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
|
||||
# ldap filter to find groups with mail address
|
||||
queryFilter: "(&(|(objectClass=univentionMailList)(objectClass=posixGroup))(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)))"
|
||||
# -- use this attribute if the query already returns email addresses of members and no recursive lookup needs to be done
|
||||
resultAttribute: ""
|
||||
# -- do a recursive search on the specified attribute if found, should be a DN
|
||||
specialResultAttribute: "uniqueMember"
|
||||
# -- return the following attribute from all found leaves when a recursive search is done
|
||||
leafResultAttribute: "mailPrimaryAddress"
|
||||
|
||||
{{- if .Values.antivirus.milter.host }}
|
||||
smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
|
||||
{{- else }}
|
||||
@@ -107,6 +129,8 @@ service:
|
||||
{{ .Values.annotations.openxchangePostfix.service | toYaml | nindent 4 }}
|
||||
external:
|
||||
enabled: true
|
||||
annotations:
|
||||
{{ .Values.annotations.openxchangePostfix.serviceExternal | toYaml | nindent 6 }}
|
||||
type: {{ coalesce .Values.service.type.postfix .Values.cluster.service.type | quote }}
|
||||
{{- end }}
|
||||
...
|
||||
|
||||
@@ -28,7 +28,7 @@ clamd:
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "clamav-distributed"
|
||||
{{- with .Values.annotations.servicesExternalClamavDistributed.clamdPod }}
|
||||
{{ . | toYaml | nindent 4 }}
|
||||
{{ . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
|
||||
@@ -46,7 +46,7 @@ persistence:
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "clamav-simple"
|
||||
{{- with .Values.annotations.servicesExternalClamavSimple.pod }}
|
||||
{{ . | toYaml | nindent 2 }}
|
||||
{{ . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
podSecurityContext:
|
||||
|
||||
@@ -32,7 +32,7 @@ image:
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "dkimpy-milter"
|
||||
{{- with .Values.annotations.servicesExternalDkimpy.service }}
|
||||
{{ . | toYaml | nindent 2 }}
|
||||
{{ . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
podSecurityContext:
|
||||
|
||||
@@ -36,7 +36,7 @@ image:
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "memcached"
|
||||
{{- with .Values.annotations.servicesExternalMemcached.pod }}
|
||||
{{ . | toYaml | nindent 2 }}
|
||||
{{ . | toYaml | nindent 2 }}
|
||||
{{- end}}
|
||||
replicaCount: {{ .Values.replicas.memcached }}
|
||||
|
||||
|
||||
@@ -136,7 +136,7 @@ provisioning:
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "minio-provisioning"
|
||||
{{- with .Values.annotations.servicesExternalMinio.provisioningPod }}
|
||||
{{ . | toYaml | nindent 4}}
|
||||
{{ . | toYaml | nindent 4}}
|
||||
{{- end }}
|
||||
policies:
|
||||
- name: "migrations-bucket-policy"
|
||||
|
||||
@@ -72,6 +72,8 @@ postfix:
|
||||
password:
|
||||
value: {{ .Values.smtp.password }}
|
||||
smtpSASLAuthEnable: "yes"
|
||||
{{- else }}
|
||||
smtpSASLAuthEnable: "no"
|
||||
{{- end }}
|
||||
# Warning: This setting allows unauthenticated mail relay from relayNets!
|
||||
allowRelayNets: true
|
||||
@@ -95,6 +97,25 @@ postfix:
|
||||
password:
|
||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
|
||||
ldapTransportMaps: []
|
||||
|
||||
ldapVirtualAliasMaps:
|
||||
- host: "ums-ldap-server"
|
||||
scheme: "ldap"
|
||||
port: 389
|
||||
baseDn: "{{ .Values.ldap.baseDn }}"
|
||||
bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
password:
|
||||
value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
|
||||
# ldap filter to find groups with mail address
|
||||
queryFilter: "(&(|(objectClass=univentionMailList)(objectClass=posixGroup))(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)))"
|
||||
# -- use this attribute if the query already returns email addresses of members and no recursive lookup needs to be done
|
||||
resultAttribute: ""
|
||||
# -- do a recursive search on the specified attribute if found, should be a DN
|
||||
specialResultAttribute: "uniqueMember"
|
||||
# -- return the following attribute from all found leaves when a recursive search is done
|
||||
leafResultAttribute: "mailPrimaryAddress"
|
||||
|
||||
{{- if .Values.antivirus.milter.host }}
|
||||
smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
|
||||
{{- else }}
|
||||
|
||||
@@ -67,6 +67,9 @@ job:
|
||||
- username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.umsGuardianManagementApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.umsAuthSession.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.umsAuthSessionUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.umsAuthSession.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
@@ -96,6 +99,8 @@ job:
|
||||
user: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
||||
- name: {{ .Values.databases.umsNotificationsApi.name | quote }}
|
||||
user: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
||||
- name: {{ .Values.databases.umsAuthSession.name | quote }}
|
||||
user: {{ .Values.databases.umsAuthSession.username | quote }}
|
||||
- name: {{ .Values.databases.umsSelfservice.name | quote }}
|
||||
user: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||
{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
||||
|
||||
@@ -6,7 +6,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
|
||||
name: "dovecot"
|
||||
version: "3.2.0-authcache"
|
||||
version: "3.3.0"
|
||||
verify: true
|
||||
oxAppSuite:
|
||||
registry: "registry.opencode.de"
|
||||
|
||||
@@ -95,7 +95,7 @@ annotations:
|
||||
serviceAccount: ~
|
||||
jitsiJvb:
|
||||
pod: ~
|
||||
service: ~
|
||||
serviceExternal: ~
|
||||
metricsPrometheus: ~
|
||||
metricsGrafana: ~
|
||||
jitsiProsody:
|
||||
@@ -360,6 +360,7 @@ annotations:
|
||||
pod: ~
|
||||
service: ~
|
||||
serviceAccount: ~
|
||||
serviceExternal: ~
|
||||
openxchangeEnterpriseContactPicker:
|
||||
appsuiteCoreMw:
|
||||
appsuiteCoreMwPod: ~
|
||||
@@ -369,6 +370,7 @@ annotations:
|
||||
openxchangePostfix:
|
||||
pod: ~
|
||||
service: ~
|
||||
serviceExternal: ~
|
||||
openxchangePublicSectorUi:
|
||||
pod: ~
|
||||
servicesExternalClamavDistributed:
|
||||
|
||||
@@ -97,7 +97,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
|
||||
name: "dovecot"
|
||||
version: "3.2.0"
|
||||
version: "3.3.0"
|
||||
verify: true
|
||||
element:
|
||||
# providerCategory: "Platform"
|
||||
@@ -139,7 +139,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "intercom-service"
|
||||
version: "2.19.5"
|
||||
version: "2.22.0"
|
||||
verify: true
|
||||
jitsi:
|
||||
# providerCategory: "Platform"
|
||||
@@ -149,7 +149,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-jitsi"
|
||||
name: "opendesk-jitsi"
|
||||
version: "3.3.2"
|
||||
version: "3.4.0"
|
||||
verify: true
|
||||
mariadb:
|
||||
# providerCategory: "Platform"
|
||||
@@ -321,7 +321,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "nubus"
|
||||
version: "1.14.0"
|
||||
version: "1.15.2"
|
||||
verify: true
|
||||
opendeskAlerts:
|
||||
# providerCategory: "Platform"
|
||||
@@ -361,7 +361,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files"
|
||||
name: "opendesk-static-files"
|
||||
version: "4.1.0"
|
||||
version: "4.1.1"
|
||||
verify: true
|
||||
openproject:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -437,7 +437,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
|
||||
name: "postfix"
|
||||
version: "5.0.1"
|
||||
version: "5.1.0"
|
||||
verify: true
|
||||
postgresql:
|
||||
# providerCategory: "Platform"
|
||||
@@ -536,5 +536,5 @@ charts:
|
||||
repository: "bmi/opendesk/components/supplier/xwiki/charts-mirror"
|
||||
name: "xwiki"
|
||||
version: "1.4.4"
|
||||
verify: false
|
||||
verify: true
|
||||
...
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
---
|
||||
global:
|
||||
systemInformation:
|
||||
releaseVersion: "v1.9.0"
|
||||
releaseVersion: "v1.10.0"
|
||||
...
|
||||
|
||||
@@ -15,7 +15,7 @@ global:
|
||||
#
|
||||
mailDomain: {{ env "MAIL_DOMAIN" | quote }}
|
||||
|
||||
## Define additional mail domains, comma separated, e.g. domain1.de,domain2.de
|
||||
## Optional list of additional mail domains
|
||||
#
|
||||
additionalMailDomains: []
|
||||
|
||||
|
||||
@@ -158,7 +158,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
|
||||
tag: "2.19.5@sha256:4f1bccfd29889e1edd093c8e35c9486919984faf55ca92b787a6a7aca3729e47"
|
||||
tag: "2.22.0@sha256:0049fc70c03d42780630c2b9915172086ce0cf8f936daeb04e625270a50d0126"
|
||||
jibri:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -168,7 +168,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8922"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/jibri"
|
||||
tag: "stable-10431@sha256:21ae6f3e9139ca1beea630756060b66f1a6221005f45e35df35d4bf9f69a4cc3"
|
||||
tag: "stable-10590@sha256:c6e10bc418084c2e1664e76bdddb525db34ba5f140af5a9fe9dd5c4f7637a492"
|
||||
jicofo:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -178,7 +178,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8922"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/jicofo"
|
||||
tag: "stable-10431@sha256:6857b0cad627cde79f6e21c1c40843b14d70dd43e627537c60449d448ce14769"
|
||||
tag: "stable-10590@sha256:a30e9e09fdc39d88bc8cc8a4e83a32bb6bf58914abfb44290439afaf4c72e4a8"
|
||||
jigasi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -188,7 +188,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["9955"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/jigasi"
|
||||
tag: "stable-10431@sha256:9bcb35444296ab007b24a8ccecd6c1eacc0f01fccf4223e7f8ac340464f4a52e"
|
||||
tag: "stable-10590@sha256:0596e603eb1b4909e8df97be00649848f2b1b85b7cbb7d5e3065ba482a231d49"
|
||||
jitsi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -198,7 +198,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8922"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/web"
|
||||
tag: "stable-10431@sha256:47f57fb67d95a2d3b5fa6edf93916b4922e1599278c0f9dd16cc30f432c75511"
|
||||
tag: "stable-10590@sha256:ae90a61975f7f7d498051ce9e0d7310117ee3f869dcc8c947a005214b253582d"
|
||||
jitsiKeycloakAdapter:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -208,7 +208,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2023", "12", "14"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/jitsi-keycloak-adapter"
|
||||
tag: "v20250911@sha256:716fb9ba2e866d74cbbd6241a8c75335e48ba25ec2d35f4678e83dd3156bc87c"
|
||||
tag: "v20251119@sha256:2df703ff789be841f984142120e5a31dfd60cfe112a8d8d548ecc92e1401f005"
|
||||
jitsiPatchJVB:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -228,7 +228,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8922"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/jvb"
|
||||
tag: "stable-10431@sha256:64f8a368f593a30d5388d9643b1b0af7b4a09f03f6e585e50cdbff398b5f8918"
|
||||
tag: "stable-10590@sha256:651021ddd4fe1ca29848d96d5813a1ea71b3dbf3587b14a13968ec0e62de2f0c"
|
||||
mariadb:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -380,7 +380,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "34", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/blocklist-cleanup"
|
||||
tag: "0.40.0@sha256:1b4d388196b144327bc55376225675b1df8d23fdaffc85bb9e350c3c94fa0eb5"
|
||||
tag: "0.41.4@sha256:6313e41aaebb6904ca461896ac9633eb05b33bf30b87d83d81852935e8cf0302"
|
||||
nubusDataLoader:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -390,7 +390,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "41", "5"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
|
||||
tag: "0.99.0@sha256:52ef05c1e682e6c706f70632206be1b427a1a346a32ae3bff1566386f75e68af"
|
||||
tag: "0.99.20@sha256:37af6f2a8ed7b5156e01f126c83797c70485353673d92b60d904af97bd309b0c"
|
||||
nubusGuardianAuthorizationApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -400,7 +400,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "0", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-authorization-api"
|
||||
tag: "2.0.0@sha256:5f194f9385aea5a279e25a57352f7b88a6cc4fa90b3bf04c2c97b9ff2bad70a5"
|
||||
tag: "3.0.0@sha256:d2849b25ddd0322e1bef6c1e7b16f59fb63f35b0924f99f200bc22de834d9a2d"
|
||||
nubusGuardianManagementApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -410,7 +410,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "0", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-api-management-api"
|
||||
tag: "2.0.0@sha256:61a1ab84efebe2a87d358e8624f8b39073a6071683e7cd77b740a97d464753a2"
|
||||
tag: "3.0.0@sha256:f3c9af13d50632a7e2232f675408b5559fb9ca314b7babf367cf4db80b62ebea"
|
||||
nubusGuardianManagementUi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -420,7 +420,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "0", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-ui-management-ui"
|
||||
tag: "2.0.0@sha256:57e2503a4772f0ff656e792a98fadef4d41c248218e6c368f76ce82a892478cf"
|
||||
tag: "3.0.0@sha256:b90d496a323353c71e29938a6b1980655fb3aefe53bab455da865e3202b7f0f8"
|
||||
nubusGuardianProvisioning:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -440,7 +440,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "0", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak"
|
||||
tag: "0.2.5@sha256:499006904d262bdd334b54583c359c7e34b521697d5fda32ea977d856bfa93d2"
|
||||
tag: "0.4.1@sha256:482f3108ce775bb028cefa763a21d7af71b3d55e2e1800724ab9cabcd60ba2c6"
|
||||
nubusKeycloakBootstrap:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -450,7 +450,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
|
||||
tag: "0.17.5@sha256:08e2aa0bc0eb7b4bb80498e71ae21ee3de74eb985b46e7c3dd1502e96312d080"
|
||||
tag: "0.19.10@sha256:29dbac967a71c11f2f2920a1a4c109b473fe5edf542a2f5b9dc843a4c0c29fe6"
|
||||
nubusKeycloakExtensionHandler:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -460,7 +460,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "0", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
|
||||
tag: "0.20.0@sha256:227c7cba4eee15c626abbc77ca06b8b61a9dece04c986a9fa2e97b13d0458fe0"
|
||||
tag: "0.23.2@sha256:2a67c9ace51a610397776c17f3542231c9fbce411cfa56d9346b47f66478e416"
|
||||
nubusKeycloakExtensionProxy:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -470,7 +470,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "0", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
|
||||
tag: "0.20.0@sha256:bd075d33c16926ab4c123ac3a8673209664647f35324dfdebd95c6662ee05b2c"
|
||||
tag: "0.23.2@sha256:03a05abd9b759ddf2fa537d61e09a54f1a772121f391e136000eeed44a254189"
|
||||
nubusLdapNotifier:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -480,7 +480,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
|
||||
tag: "0.47.0@sha256:1d00e0bb1575defce42c84eb5139b5b4f7d0942111b339044c2bdf58ed0b025e"
|
||||
tag: "0.47.5@sha256:cc8edd9dfa3cf552396bc1ada9a8a18e2db33b53ab1705bfc392c4a423cfeb96"
|
||||
nubusLdapServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -490,7 +490,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
|
||||
tag: "0.47.0@sha256:3be012680b2da2db4ac468ae948d8514622a245b4e3e00385bbf778e836720b1"
|
||||
tag: "0.47.5@sha256:1a81ef8431aa6a7b021032ce57e5907e27c69dc6603b455793911a7d581889e8"
|
||||
nubusLdapServerDhInitContainer:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -498,7 +498,7 @@ images:
|
||||
# upstreamRepository: 'natsio/nats-box'
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "natsio/nats-box"
|
||||
tag: "0.16.0-nonroot@sha256:f486ca86dfc9b72a2310ea720994a94ce55e447ad01daccd2fb33d61f322dc51"
|
||||
tag: "0.18.1-nonroot@sha256:ec2f58b953916b4804d6636bf6a625bab7894d1b71319bc7865b3e70ab5e3f6f"
|
||||
nubusLdapServerLeaderElector:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -508,7 +508,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "29", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector"
|
||||
tag: "0.47.0@sha256:9b6754e7213f1fa13a12cb593bfe718643f6945ad111bbe1d5f71d7ce5729225"
|
||||
tag: "0.47.5@sha256:abf2e9af9c8d22dde23144cb6344b5e9b0e39d778d28e70d97b0f1b82dd28a5d"
|
||||
nubusLdapUpdateUniventionObjectIdentifier:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -518,7 +518,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "34", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-update-univention-object-identifier"
|
||||
tag: "0.40.0@sha256:1ad952c039140ef1985712201f7bae7cbe9eba66086e0d3f475759e1c181b843"
|
||||
tag: "0.41.4@sha256:c27e4d4cf5a15607c249c8d917e57f698d4d5388967c1ff6151185957eacb779"
|
||||
nubusNats:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -526,7 +526,7 @@ images:
|
||||
# upstreamRepository: 'library/nats'
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "library/nats"
|
||||
tag: "2.10.26@sha256:736d575e60135ce1d50fc206675d48d0e57dcaa0704f696f0cb4b5f6dadd49d7"
|
||||
tag: "2.11.9@sha256:4e97bea2e69ffe4449cdc9b4c7fa707984aa9a4c090bf2faf5441cb6c97c99a4"
|
||||
nubusNatsBox:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -534,7 +534,7 @@ images:
|
||||
# upstreamRepository: 'natsio/nats-box'
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "natsio/nats-box"
|
||||
tag: "0.16.0-nonroot@sha256:f486ca86dfc9b72a2310ea720994a94ce55e447ad01daccd2fb33d61f322dc51"
|
||||
tag: "0.18.1-nonroot@sha256:ec2f58b953916b4804d6636bf6a625bab7894d1b71319bc7865b3e70ab5e3f6f"
|
||||
nubusNatsReloader:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -542,7 +542,7 @@ images:
|
||||
# upstreamRepository: 'natsio/nats-server-config-reloader'
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "natsio/nats-server-config-reloader"
|
||||
tag: "0.17.1@sha256:f364bb8330d3430666ca09f17c6a43bfaefde32f0f3e79d4a41c588c29936e99"
|
||||
tag: "0.18.3@sha256:41271dc1b9e1027867ee0e63aa2866c89ca8272a4f88991f6ebec34eb12dee3b"
|
||||
nubusNotificationsApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -552,7 +552,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
|
||||
tag: "0.80.2@sha256:94b18841018cb7353a95a9c4ef2d5460f82a9ceb0bba97275b8064806e3e8a1c"
|
||||
tag: "0.86.0@sha256:522c4d0a42d2c0b37219f5af4fba7fceb60d070719970ef2754a00ca916f67be"
|
||||
nubusOpendeskExtension:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -578,7 +578,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "0", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-opa"
|
||||
tag: "2.0.0@sha256:56a92a08da5addb951a2b2df09974889295ddde8526e93ad40dd973de1052ad4"
|
||||
tag: "3.0.0@sha256:85539fb7854fac6ba1b874d639188ee0a33743dc16dad0113c54763f2984fc9d"
|
||||
nubusOxExtension:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -598,7 +598,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "27", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
|
||||
tag: "0.80.2@sha256:c719ada025e0ad629516017ed26803c15cee50572f45896b41a6b066b1fe593e"
|
||||
tag: "0.86.0@sha256:80ed7c8300365a3dc4c504d4f0f4f8f1c3f9cfc883508a8ea794d63629a9b086"
|
||||
nubusPortalExtension:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -608,7 +608,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "28", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
|
||||
tag: "0.80.2@sha256:cde5547ef1c2d5da55fb41bdae7248ba8514ab4f200822709ca9a99f483a1cc8"
|
||||
tag: "0.86.0@sha256:1799413fe8cbc6d9cb97656be95a99786a382a3558a7720b7fe62a38c84bdd22"
|
||||
nubusPortalFrontend:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -618,7 +618,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "67", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
|
||||
tag: "0.80.2@sha256:8b40acc66459058dc0cade33793aba2737cdc20ef75968ca2b21d9aa569c9ecc"
|
||||
tag: "0.86.0@sha256:d4e34b42662dbd433dd5d647c6fcfa8f2a0d71fe65c0c6efeebe80d4f13b226d"
|
||||
nubusPortalServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -628,7 +628,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
|
||||
tag: "0.80.2@sha256:9a8f6950e7bf1086075d1c36ea0ad914a61e1198883e8d4926d688c88b8e67cc"
|
||||
tag: "0.86.0@sha256:33a3a7d44fa084d74449dc8f7d5f5d2551b02abee16fe4ec6d4972e134c56906"
|
||||
nubusProvisioningDispatcher:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -638,7 +638,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
|
||||
tag: "0.60.10@sha256:6307e9e1ddad0e6f3285ca11b758902f8c377a5d3de6a59b3437accb8475848f"
|
||||
tag: "0.63.0@sha256:3773333a12b786db6cea5fc0ecd5e74ba3f276ca084cd1ae8b6665bda86b72c1"
|
||||
nubusProvisioningEventsAndConsumerApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -648,7 +648,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
|
||||
tag: "0.60.10@sha256:9d5f4e4a2668605349fa6cd6973c7a6acbc2ef95a37e72834c6525ac9e464740"
|
||||
tag: "0.63.0@sha256:c1687ff385d5bd30e0590472f02de85a3f182b75dc4edd5cf9d063e1db488b4d"
|
||||
nubusProvisioningPrefill:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -658,7 +658,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
|
||||
tag: "0.60.10@sha256:8ea46658e66fb5be81968dcf00397b741f61d4fd84c8210b9761412e67109cd0"
|
||||
tag: "0.63.0@sha256:b93400fecc19bba79ae0f0498b07d18bf9ffb0fc03b9ed25a18f3b6d3be9cc9d"
|
||||
nubusProvisioningUdmListener:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -668,7 +668,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
|
||||
tag: "0.60.10@sha256:fb0d96fa7b382b7d8eec9e262711e1291a0991ade185b39ee604400d4bd5fa9b"
|
||||
tag: "0.63.0@sha256:6dcb696920137973b24f90bb8f6045c2dffd8bc201b0cc62aed43e1a01e5aa0e"
|
||||
nubusProvisioningUdmTransformer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -678,7 +678,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
|
||||
tag: "0.60.10@sha256:62b98f3e2c19de298878f5679577bfcbddacec742015d6f20b998a549318e810"
|
||||
tag: "0.63.0@sha256:da5486cf5d6a30e7d95270db8a6735c82813805e7bce882ff51a2f47faad086f"
|
||||
nubusSelfServiceConsumer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -688,7 +688,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "3", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
|
||||
tag: "0.19.4@sha256:ca9865114fd35fcc1dbe1a5660a3b69d04a8f568cf15286069342e45f0c7ea91"
|
||||
tag: "0.19.31@sha256:b6d1a145e8a3f43b54be1d7d737da1527347e93c9894943c17469cd153f77ccf"
|
||||
nubusUdmRestApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -698,7 +698,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
|
||||
tag: "0.40.0@sha256:7d39c0defda20fc58da19389216d9a80f479a731dca682d834dd8bd00b80e20f"
|
||||
tag: "0.41.4@sha256:d3476100f4174d991faa43ce20630175a1fc33011258887dd52bafad1e779189"
|
||||
nubusUmcGateway:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -708,7 +708,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
|
||||
tag: "0.51.2@sha256:c76860852133b9bbc91eb6d81a6592a5f451be9234376933ddb4d827e0f08515"
|
||||
tag: "0.53.5@sha256:7044228155c8fcb939684855d5b405dd1b066d91c8a5df75676518d88e140ab3"
|
||||
nubusUmcServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -718,7 +718,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
|
||||
tag: "0.51.3@sha256:00f8cc2e7ee98d3988b1db924ca67783e9a645204ae2c388c7afadc50f22bb12"
|
||||
tag: "0.53.5@sha256:1ec839c07492b2f1d6897643b71c284aa2d507cd05f1a0f1696dfdff1885eb20"
|
||||
nubusUmcServerProxy:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -762,7 +762,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["13", "1", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
|
||||
tag: "16.6.0@sha256:11fcbc357a5a4e724bb1164e43a93c713f73e5efb52212d75cfc845becbf64c0"
|
||||
tag: "16.6.1@sha256:e3eb4ecdff5a94d2d2aaa0eacc9e747306d6ba6a06f308d2d16cc209516dd4e0"
|
||||
openprojectBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -914,7 +914,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||
tag: "3.0.3@sha256:12bcebf57ddb53258c48eaa60e9c25b441f4319ee1b94b363c652ad0a992a875"
|
||||
tag: "3.0.4@sha256:5b17c801283215b13e8305b0be1497d70c232e8ea8414f965cd1010333ae95ab"
|
||||
postfixBootstrap:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -940,7 +940,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8922"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/prosody"
|
||||
tag: "stable-10431@sha256:792618fff60c6e0eb4facb221e3477b2249cabeaf0479753ac7a6b98c075fd20"
|
||||
tag: "stable-10590@sha256:86d43e743268fa89035663a5e29be7689b131b9c1fb435c01c94d2eeebbb058a"
|
||||
redis:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
|
||||
@@ -16,6 +16,8 @@ persistence:
|
||||
size: "1Gi"
|
||||
storageClassName: ~
|
||||
dovecot:
|
||||
# openDesk CE: Mail storage
|
||||
# openDesk EE (with Dovecot Pro): Storage for metacache
|
||||
size: "1Gi"
|
||||
storageClassName: ~
|
||||
mariadb:
|
||||
@@ -34,6 +36,7 @@ persistence:
|
||||
size: "1Gi"
|
||||
storageClassName: ~
|
||||
nubusProvisioningNats:
|
||||
# For production and load test environments "10Gi" is recommended.
|
||||
size: "1Gi"
|
||||
storageClassName: ~
|
||||
# This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string
|
||||
|
||||
@@ -32,6 +32,7 @@ secrets:
|
||||
dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_dovecot" | sha1sum | quote }}
|
||||
element: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_element" | sha1sum | quote }}
|
||||
ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_ox" | sha1sum | quote }}
|
||||
postfix: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_postfix" | sha1sum | quote }}
|
||||
openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_openproject" | sha1sum | quote }}
|
||||
xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_xwiki" | sha1sum | quote }}
|
||||
systemAccounts:
|
||||
@@ -122,6 +123,7 @@ secrets:
|
||||
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "redis" "password" | sha1sum | quote }}
|
||||
dovecot:
|
||||
doveadm: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dovecot" "doveadm" | sha1sum | quote }}
|
||||
sharedMailboxesMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dovecot" "sharedMailboxesMasterPassword" | sha1sum | quote }}
|
||||
xwiki:
|
||||
superadminpassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "xwiki" "superadminpassword" | sha1sum | quote }}
|
||||
intercom:
|
||||
|
||||
@@ -2,10 +2,39 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
technical:
|
||||
|
||||
# Collabora related technical settings
|
||||
collabora:
|
||||
# Defines the value for the start parameter `-o:num_prespawn_children`
|
||||
numPrespawnChildren: 4
|
||||
|
||||
# Dovecot EE related settings
|
||||
dovecot:
|
||||
objectStorage:
|
||||
# Size of objectstore fs cache
|
||||
fsCacheSize: "2G"
|
||||
# Size of fts cache
|
||||
ftsCacheSize: "2G"
|
||||
# Wether fs and fts cache should reside in RAM (tmpfs) or not
|
||||
# If this value is true, the cache sizes of the fs cache + fts cache
|
||||
# must be considered additionally to Dovecot's memory footprint.
|
||||
cacheTmpfs: false
|
||||
|
||||
# Nubus related settings
|
||||
nubus:
|
||||
# Nubus provisioning framework that is being used to actively provision data internally within
|
||||
# Nubus e.g. for the portal or self service as well as externally, e.g. to OX App Suite.
|
||||
provisioning:
|
||||
# NATS including NATS JetStream is the queueing used by Nubus' provisioning.
|
||||
# Ref.: https://nats.io/about/
|
||||
nats:
|
||||
# The NATS Box is a container for debugging NATS messages using a CLI tool.
|
||||
# Ref.: https://github.com/nats-io/nats-box
|
||||
natsBox:
|
||||
# Enable the NATS Box container for the deployment. Will also be enabled in case of
|
||||
# `.Values.debug.enabled: true`
|
||||
enabled: false
|
||||
|
||||
# Groupware related technical settings
|
||||
oxAppSuite:
|
||||
provisioning:
|
||||
|
||||
@@ -22,8 +22,8 @@ name: "openDesk"
|
||||
platforms:
|
||||
- "web"
|
||||
developmentStatus: "stable"
|
||||
softwareVersion: "1.9.0"
|
||||
releaseDate: "2025-11-07"
|
||||
softwareVersion: "1.10.0"
|
||||
releaseDate: "2025-11-24"
|
||||
softwareType: "standalone/web"
|
||||
url: "https://gitlab.opencode.de/bmi/opendesk/"
|
||||
logo: ".opencode/openDesk-logo-rgb-color.svg"
|
||||
|
||||
Reference in New Issue
Block a user