mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-07 07:51:38 +01:00
Compare commits
5 Commits
hermann/fe
...
jtorres/1.
| Author | SHA1 | Date | |
|---|---|---|---|
|
0b633d1e6f | ||
|
|
11820da8ec | ||
|
|
65382b8077 | ||
|
|
7fe6627656 | ||
|
|
3e2ad11054 |
@@ -51,7 +51,7 @@ Set labels:
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the fix is working as expected, also in upgrade scenarios.
|
||||
- [ ] How you verified the fix is working as expected, also in upgrade sceanrios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
--> Link to comment:
|
||||
|
||||
@@ -41,7 +41,7 @@ Set labels:
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the feature is working as expected, also in upgrade scenarios.
|
||||
- [ ] How you verified the feature is working as expected, also in upgrade sceanrios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
--> Link to comment:
|
||||
|
||||
@@ -35,7 +35,7 @@ Set labels:
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the change is working as expected, also in upgrade scenarios.
|
||||
- [ ] How you verified the change is working as expected, also in upgrade sceanrios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
--> Link to comment:
|
||||
|
||||
@@ -35,7 +35,7 @@ Set labels:
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the update is working as expected, also in upgrade scenarios.
|
||||
- [ ] How you verified the update is working as expected, also in upgrade sceanrios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
--> Link to comment:
|
||||
|
||||
@@ -38,9 +38,9 @@ openDesk currently features the following functional main components:
|
||||
| Collaborative notes | Notes (aka Docs) | MIT | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1) | Online documentation/welcome document available in installed application |
|
||||
| Diagram editor | CryptPad ft. diagrams.net | AGPL-3.0-only | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||
| File management | Nextcloud | AGPL-3.0-or-later | [31.0.6](https://nextcloud.com/de/changelog/#31-0-6) | [Nextcloud 31](https://docs.nextcloud.com/) |
|
||||
| Groupware | OX App Suite | GPL-2.0-only (backend), AGPL-3.0-or-later (frontend) | [8.39](https://documentation.open-xchange.com/appsuite/releases/8.39/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Groupware | OX App Suite | GPL-2.0-only (backend), AGPL-3.0-or-later (frontend) | [8.38](https://documentation.open-xchange.com/appsuite/releases/8.38/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Knowledge management | XWiki | LGPL-2.1-or-later | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.12.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.12.html#version-1-12-0-2025-07-31) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.11.2](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/changelog.html#version-1-11-2-2025-07-10) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Project management | OpenProject | GPL-3.0-only | [16.2.0](https://www.openproject.org/docs/release-notes/16-2-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | Apache-2.0 | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | MPL-2.0 | [25.04.2](https://www.collaboraoffice.com/code-25-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
|
||||
@@ -77,7 +77,7 @@ configured to use the aforementioned OpenLDAP.
|
||||
|
||||
When the user is authenticated by Keycloak, the portal shows the applications the user is permitted to access.
|
||||
|
||||
The user can now access applications and use the corresponding functionality without the need to authenticate
|
||||
The user can now access applications and use the corresponding functionality without the need to authenticate
|
||||
again. This is implemented using the OpenID Connect (OIDC) protocol.
|
||||
|
||||
# Nubus (IAM)
|
||||
@@ -443,7 +443,7 @@ While the IAM manages users centrally, some applications come with local account
|
||||
| Element | `uvs` | The account for the "User Verification Service". It is used by Jitsi integrated into Element. | `secrets.matrixUserVerificationService.password` |
|
||||
| | `meeting-bot` | Used by the Nordeck Meeting-Bot to manage meeting rooms in Synapse. | `secrets.matrixNeoDateFixBot.password` |
|
||||
| Nextcloud | `nextcloud` | Bootstrap the Nextcloud fileshare for OpenProject with `opendesk-openproject-bootstrap` job[^1]. | `secrets.nextcloud.adminPassword` |
|
||||
| OX App Suite | `admin` | OX Connector to provision context, users, groups etc. | `secrets.oxAppsuite.adminPassword` |
|
||||
| OX App Suite | `admin` | OX-Connector to provision context, users, groups etc. | `secrets.oxAppsuite.adminPassword` |
|
||||
| OpenProject | set in `secrets.openproject.apiAdminUsername` | Bootstrap the Nextcloud fileshare for OpenProject with `opendesk-openproject-bootstrap` job[^1]. | `secrets.openproject.apiAdminPassword` |
|
||||
| XWiki | `superadmin` | Only available with `debug.enabled: true`, can be used for interactive login using `/bin/view/Main/?oidc.skipped=true`. | `secrets.xwiki.superadminpassword` |
|
||||
|
||||
|
||||
@@ -65,12 +65,12 @@ This chapter presents APIs available in openDesk, grouped by application.
|
||||
|
||||
# IAM - Nubus
|
||||
|
||||
|
||||
|
||||
[Source](https://docs.software-univention.de/nubus-kubernetes-architecture/latest/en/overview/components.html#overview-components-fig)
|
||||
|
||||
## UMC Python API
|
||||
|
||||
|
||||
|
||||
[Source](https://docs.software-univention.de/developer-reference/latest/en/umc/architecture.html#umc-api)
|
||||
|
||||
| Name | UMC Python API |
|
||||
@@ -143,7 +143,7 @@ More details on the Nubus provisioning service can be found here: https://docs.s
|
||||
|
||||
## UDM Simple API
|
||||
|
||||
|
||||
|
||||
[Source](https://docs.software-univention.de/architecture/latest/en/services/udm.html#architecture-model-udm)
|
||||
|
||||
| Name | UDM Simple API |
|
||||
@@ -180,7 +180,7 @@ More details on the Nubus provisioning service can be found here: https://docs.s
|
||||
|
||||
## UCR Python API
|
||||
|
||||
|
||||
|
||||
[Source](https://docs.software-univention.de/architecture/latest/en/services/ucr.html#services-ucr-architecture-model)
|
||||
|
||||
| Name | UCR Python API |
|
||||
@@ -200,7 +200,7 @@ More details on the Nubus provisioning service can be found here: https://docs.s
|
||||
|
||||
## Identity Store and Directory Service (LDAP)
|
||||
|
||||
|
||||
|
||||
[Source](https://docs.software-univention.de/nubus-kubernetes-architecture/latest/en/components/identity-store.html#component-identity-store-figure)
|
||||
|
||||
| Name | Identity Store and Directory Service (LDAP) |
|
||||
@@ -220,7 +220,7 @@ More details on the Nubus provisioning service can be found here: https://docs.s
|
||||
|
||||
## Nubus Provisioning Service
|
||||
|
||||
|
||||
|
||||
[Source](https://docs.software-univention.de/nubus-kubernetes-architecture/latest/en/components/provisioning-service.html#component-provisioning-service-complete-figure)
|
||||
|
||||
| Name | Nubus Proisioning Service |
|
||||
@@ -229,7 +229,7 @@ More details on the Nubus provisioning service can be found here: https://docs.s
|
||||
|
||||
## Nubus Authorization Service
|
||||
|
||||
|
||||
|
||||
[Source](https://docs.software-univention.de/nubus-kubernetes-architecture/latest/en/overview/interfaces-protocols.html#authorization-service)
|
||||
|
||||
| Name | Nubus Authorization Service |
|
||||
@@ -288,7 +288,7 @@ The following are the APIs used by the Groupware application:
|
||||
| In openDesk provided by | OX AppSuite Middleware |
|
||||
| Transport protocol | HTTP(S) |
|
||||
| Usage within component | none |
|
||||
| Usage within openDesk | OX Connector synchronizes the state of the objects (users, groups etc.) managed in the LDAP. |
|
||||
| Usage within openDesk | OX-Connector synchronizes the state of the objects (users, groups etc.) managed in the LDAP. |
|
||||
| Usage for external integration | none |
|
||||
| Parallel access | Allowed |
|
||||
| Message protocol | XML based, exactly following the format of Java RMI. |
|
||||
|
||||
@@ -104,8 +104,8 @@ XWiki,PersistentVolume,1
|
||||
| | | Yes | OX Guard related settings | `oxguard*` | |
|
||||
| | S3 | Yes | Attachments of meetings, contacts and tasks | `openxchange` | |
|
||||
| | Redis | Optional | Cache, session related data, distributed maps | | |
|
||||
| | PVC | Yes | OX Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||
| | | Yes | OX Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
||||
| | PVC | Yes | OX-Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||
| | | Yes | OX-Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
||||
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
|
||||
| **XWiki** | PostgreSQL | Yes | Application's main database | `xwiki` | |
|
||||
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
|
||||
|
||||
@@ -77,7 +77,7 @@ With openDesk 1.0 Enterprise, you can set openDesk's email components (OX AppSui
|
||||
```
|
||||
secrets:
|
||||
oxAppSuite:
|
||||
migrationsMasterPassword: "your_temporary_master_password"
|
||||
adminPassword: "your_temporary_master_password"
|
||||
functional:
|
||||
migration:
|
||||
oxAppSuite:
|
||||
@@ -89,7 +89,7 @@ functional:
|
||||
|
||||
To validate the master authentication mode please read the appendix section at the end of the document.
|
||||
|
||||
Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppSuite.migrationsMasterPassword` and need to turn off the migration mode by setting `functional.migration.oxAppSuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again.
|
||||
Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppSuite.adminPassword` and need to turn off the migration mode by setting `functional.migration.oxAppSuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again.
|
||||
|
||||
> **Note**<br>
|
||||
> For the changes to take effect, it is sufficient to re-deploy the `open-xchange` component alone. But you have to restart the Dovecot Pod(s) manually when switching to/from the master authentication mode for the changes to take effect.
|
||||
|
||||
@@ -10,14 +10,9 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Deprecation warnings](#deprecation-warnings)
|
||||
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
|
||||
* [Manual checks/actions](#manual-checksactions)
|
||||
* [v1.7.0+](#v170)
|
||||
* [Pre-upgrade to v1.7.0+](#pre-upgrade-to-v170)
|
||||
* [Replace Helm chart: New Notes Helm chart with support for self-signed deployments](#replace-helm-chart-new-notes-helm-chart-with-support-for-self-signed-deployments)
|
||||
* [Post-upgrade to v1.7.0+](#post-upgrade-to-v170)
|
||||
* [Upstream fix: Provisioning of functional mailboxes](#upstream-fix-provisioning-of-functional-mailboxes)
|
||||
* [v1.6.0+](#v160)
|
||||
* [Pre-upgrade to v1.6.0+](#pre-upgrade-to-v160)
|
||||
* [Upstream constraint: Nubus' external secrets](#upstream-constraint-nubus-external-secrets)
|
||||
* [Upstream contraint: Nubus' external secrets](#upstream-contraint-nubus-external-secrets)
|
||||
* [Helmfile new secret: `secrets.minio.openxchangeUser`](#helmfile-new-secret-secretsminioopenxchangeuser)
|
||||
* [Helmfile new object storage: `objectstores.openxchange.*`](#helmfile-new-object-storage-objectstoresopenxchange)
|
||||
* [OX App Suite fix-up: Using S3 as storage for non mail attachments (pre-upgrade)](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-pre-upgrade)
|
||||
@@ -99,8 +94,6 @@ This section should provide you with an overview of what changes to expect in th
|
||||
|
||||
- `functional.portal.link*` (see `functional.yaml.gotmpl` for details) are going to be moved into the `theme.*` tree, we are also going to move the icons used for the links currently found under `theme.imagery.portalEntries` in this step.
|
||||
- We will explicitly set the [database schema configuration](https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Configuration/#HConfigurethenamesofdatabaseschemas) for XWiki to avoid the use of the `public` schema.
|
||||
- `persistance.storages.oxConnector.storageClassName` and `persistance.storages.nubusUdmListener.storageClassName` will be templated in Helmfile requiring you to template them explicitly if their current default values differs from the global value set in `persistence.storageClassNames.RWO`.
|
||||
- The currently used Helm chart for Notes will be replaced requiring some config updates.
|
||||
|
||||
# Automated migrations - Overview and mandatory upgrade path
|
||||
|
||||
@@ -124,61 +117,11 @@ If you would like more details about the automated migrations, please read secti
|
||||
|
||||
# Manual checks/actions
|
||||
|
||||
## v1.7.0+
|
||||
|
||||
### Pre-upgrade to v1.7.0+
|
||||
|
||||
#### Replace Helm chart: New Notes Helm chart with support for self-signed deployments
|
||||
|
||||
**Target group:** All deployments that set `app.notes.enabled: true` (default is `false`).
|
||||
|
||||
We replaced the Helm Chart used for the Notes (aka "Impress") deployment. If you have enabled Notes in your deployment, you must manually uninstall the old chart before upgrading to openDesk v1.7.0.
|
||||
|
||||
```shell
|
||||
helm uninstall -n <your_namespace> impress
|
||||
```
|
||||
|
||||
In case you are using `annotation.notes` they have to be moved into one of the remaining dicts, see [`annotations.yaml.gotmpl`](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/develop/helmfile/environments/default/annotations.yaml.gotmpl) for details:
|
||||
|
||||
```yaml
|
||||
annotation:
|
||||
notesBackend: {}
|
||||
notesFrontend: {}
|
||||
notesYProvider: {}
|
||||
```
|
||||
|
||||
### Post-upgrade to v1.7.0+
|
||||
|
||||
#### Upstream fix: Provisioning of functional mailboxes
|
||||
|
||||
**Target group:** Deployments with OX App Suite that make use of IAM maintained functional mailboxes.
|
||||
|
||||
The update of OX Connector included in openDesk 1.7.0 fixes an issue with the provisioning of IAM maintained functional mailboxes. If your deployment makes use of these mailboxes it is recommended to trigger a full sync of the OX App Suite provisioning by recreating the OX Connector's provisioning subscription using calls to the provisioning API that is temporary port-forwarded in the example below:
|
||||
|
||||
```shell
|
||||
export NAMESPACE=<your_namespace>
|
||||
export SUBSCRIPTION_NAME=ox-connector
|
||||
export SUBSCRIPTION_SECRET_NAME=ums-provisioning-ox-credentials
|
||||
export TEMPORARY_CONSUMER_JSON=$(mktemp)
|
||||
export PROVISIONING_API_POD_NAME=$(kubectl -n ${NAMESPACE} get pods --no-headers -o custom-columns=":metadata.name" | grep ums-provisioning-api | tr -d '\n')
|
||||
kubectl -n ${NAMESPACE} port-forward ${PROVISIONING_API_POD_NAME} 7777:7777 &
|
||||
export PROVISIONING_PORT_FORWARD_PID=$!
|
||||
sleep 10
|
||||
kubectl -n ${NAMESPACE} get secret ${SUBSCRIPTION_SECRET_NAME} -o json | jq '.data | map_values(@base64d)' | jq -r '."ox-connector.json"' > ${TEMPORARY_CONSUMER_JSON}.json
|
||||
export PROVISIONING_ADMIN_PASSWORD=$(kubectl -n ${NAMESPACE} get secret ums-provisioning-api-admin -o jsonpath='{.data.password}' | base64 --decode)
|
||||
# Delete the current subscription
|
||||
curl -o - -u "admin:${PROVISIONING_ADMIN_PASSWORD}" -X DELETE http://localhost:7777/v1/subscriptions/${SUBSCRIPTION_NAME}
|
||||
# Recreate the subscription
|
||||
curl -u "admin:${PROVISIONING_ADMIN_PASSWORD}" -H 'Content-Type: application/json' -d @${TEMPORARY_CONSUMER_JSON}.json http://localhost:7777/v1/subscriptions
|
||||
kill ${PROVISIONING_PORT_FORWARD_PID}
|
||||
rm ${TEMPORARY_CONSUMER_JSON}
|
||||
```
|
||||
|
||||
## v1.6.0+
|
||||
|
||||
### Pre-upgrade to v1.6.0+
|
||||
|
||||
#### Upstream constraint: Nubus' external secrets
|
||||
#### Upstream contraint: Nubus' external secrets
|
||||
|
||||
**Target group:** Operators that use external secrets for Nubus.
|
||||
|
||||
|
||||
@@ -175,9 +175,6 @@ configuration:
|
||||
token:
|
||||
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||
|
||||
# A sane default for windows clients would be: `* " | & ? , ; : \ / ~ < >`
|
||||
forbiddenChars: "* \" | & ? , ; : \\ / ~ < >"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
||||
@@ -1,197 +1,285 @@
|
||||
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
collaborationServerSecret:
|
||||
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
yProviderApiKey:
|
||||
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tlsSecretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry) (.Values.images.notesBackend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesBackend.tag }}
|
||||
credentials:
|
||||
name: {{ .Values.global.imagePullSecrets | first | quote }}
|
||||
|
||||
backend:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry | quote }}
|
||||
repository: {{ .Values.images.notesBackend.repository | quote }}
|
||||
pullPolicy: "IfNotPresent"
|
||||
tag: {{ .Values.images.notesBackend.tag | quote }}
|
||||
ingress:
|
||||
annotations:
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "{{ .Values.ingress.parameters.bodySize.notes }}"
|
||||
"nginx.ingress.kubernetes.io/proxy-read-timeout": "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
"nginx.ingress.kubernetes.io/proxy-send-timeout": "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
{{- if .Values.annotations.notesBackend.ingress }}
|
||||
{{ .Values.annotations.notesBackend.ingress | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
ingressAdmin:
|
||||
enabled: true
|
||||
annotations:
|
||||
{{ .Values.annotations.notesBackend.ingressAdmin | toYaml | nindent 6 }}
|
||||
replicaCount: {{ .Values.replicas.notesBackend }}
|
||||
containerSecurityContext:
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
configuration:
|
||||
ai:
|
||||
apiKey:
|
||||
value: {{ .Values.ai.apiKey }}
|
||||
baseUrl: {{ .Values.ai.endpoint }}
|
||||
model: {{ .Values.ai.model | quote }}
|
||||
aws:
|
||||
endpointUrl: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
s3AccessKeyId:
|
||||
value: {{ .Values.objectstores.notes.username }}
|
||||
s3SecretAccessKey:
|
||||
value: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
|
||||
storageBucketName: {{ .Values.objectstores.notes.bucket }}
|
||||
collaboration:
|
||||
apiUrl: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
wsUrl: {{ printf "wss://%s.%s/collaboration/ws/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
database:
|
||||
host: {{ .Values.databases.notes.host | quote }}
|
||||
name: {{ .Values.databases.notes.name | quote }}
|
||||
password:
|
||||
value: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
port: {{ .Values.databases.notes.port | quote }}
|
||||
user:
|
||||
value: {{ .Values.databases.notes.username | quote }}
|
||||
email:
|
||||
brandName: "openDesk"
|
||||
from: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
host: "postfix"
|
||||
port: "25"
|
||||
logoImage: {{ printf "https://%s.%s/univention/portal/icons/entries/swp.notes.svg" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
user:
|
||||
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
password:
|
||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
oidc:
|
||||
enabled: true
|
||||
rpClientId:
|
||||
value: "opendesk-notes"
|
||||
rpClientSecret:
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
opJWKSEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
opUserEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||
opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
|
||||
rpScopes: "openid opendesk-notes-scope"
|
||||
loginRedirectUrl: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
loginRedirectUrlFailure: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
logoutRedirectUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
redirectAllowedHosts: {{ printf "https://%s.%s/*" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
essentialClaims: "email"
|
||||
fullnameFields: "given_name,family_name"
|
||||
shortnameField: "given_name"
|
||||
django:
|
||||
secretKey:
|
||||
value: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
createSuperuser: true
|
||||
superuserEmail:
|
||||
value: {{ printf "default.admin@%s" .Values.global.domain | quote }}
|
||||
superuserPassword:
|
||||
value: {{ .Values.secrets.notes.superuser }}
|
||||
frontendTheme: "openDesk"
|
||||
redisUrl:
|
||||
value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
|
||||
extraEnvVars:
|
||||
- name: "FRONTEND_HOMEPAGE_FEATURE_ENABLED"
|
||||
value: "False"
|
||||
- name: "FRONTEND_FOOTER_FEATURE_ENABLED"
|
||||
value: "False"
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesBackend.pod | toYaml | nindent 4 }}
|
||||
podAnnotationsCreateUser:
|
||||
{{ .Values.annotations.notesBackend.createUserJob | toYaml | nindent 4 }}
|
||||
podAnnotationsMigrate:
|
||||
{{ .Values.annotations.notesBackend.migrateJob | toYaml | nindent 4 }}
|
||||
resources:
|
||||
{{ .Values.resources.notesBackend | toYaml | nindent 4 }}
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesBackend.service | toYaml | nindent 6 }}
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraVolumes:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-ca-tls"
|
||||
items:
|
||||
- key: "ca.crt"
|
||||
path: "ca-certificates.crt"
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
mountPath: "/usr/local/lib/python3.12/site-packages/certifi/cacert.pem"
|
||||
subPath: "ca-certificates.crt"
|
||||
{{- end }}
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.notes }}"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.notes }}"
|
||||
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}s"
|
||||
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}s"
|
||||
|
||||
ingressCollaborationWS:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
path: "/collaboration/ws/"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/enable-websocket: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
|
||||
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: null
|
||||
nginx.ingress.kubernetes.io/auth-url: null
|
||||
{{- with .Values.annotations.notes.ingressCollaborationWS }}
|
||||
{{ . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
ingressAdmin:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
{{ .Values.annotations.notes.ingressAdmin | toYaml | nindent 4 }}
|
||||
|
||||
ingressMedia:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
|
||||
nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/api/v1.0/documents/media-auth/"
|
||||
nginx.ingress.kubernetes.io/upstream-vhost: {{ .Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /{{ .Values.objectstores.notes.bucket }}/$1
|
||||
nginx.ingress.kubernetes.io/session-cookie-path: /media
|
||||
{{- with .Values.annotations.notes.ingressMedia }}
|
||||
{{ . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
ingressCollaborationApi:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
path: /collaboration/api/
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
{{ .Values.annotations.notes.ingressCollaborationAPI | toYaml | nindent 4 }}
|
||||
|
||||
serviceMedia:
|
||||
host: {{ .Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
port: {{ .Values.objectstores.notes.port | default 443 }}
|
||||
annotations:
|
||||
{{ .Values.annotations.notes.serviceMedia | toYaml | nindent 4 }}
|
||||
|
||||
frontend:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesFrontend.registry | quote }}
|
||||
repository: {{ .Values.images.notesFrontend.repository | quote }}
|
||||
pullPolicy: "IfNotPresent"
|
||||
tag: {{ .Values.images.notesFrontend.tag | quote }}
|
||||
ingressMedia:
|
||||
enabled: true
|
||||
annotations:
|
||||
{{ .Values.annotations.notesFrontend.ingressMedia | toYaml | nindent 6 }}
|
||||
extraEnvVars:
|
||||
- name: "ICS_BASE_URL"
|
||||
value: {{ printf "https://%s.%s" .Values.global.hosts.intercomService .Values.global.domain | quote }}
|
||||
- name: "PORTAL_BASE_URL"
|
||||
value: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
configuration:
|
||||
objectStoreHost: {{ printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain | quote }}
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesFrontend.registry) (.Values.images.notesFrontend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesFrontend.tag }}
|
||||
envVars:
|
||||
PORT: 8080
|
||||
NEXT_PUBLIC_API_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
NEXT_PUBLIC_MEDIA_URL: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
runtimeEnvs:
|
||||
ICS_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.intercomService .Values.global.domain | quote }}
|
||||
PORTAL_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
replicas: {{ .Values.replicas.notesFrontend }}
|
||||
resources:
|
||||
{{ .Values.resources.notesFrontend | toYaml | nindent 4 }}
|
||||
containerSecurityContext:
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesFrontend | toYaml | nindent 6 }}
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesFrontend.pod | toYaml | nindent 4 }}
|
||||
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesFrontend.service | toYaml | nindent 6 }}
|
||||
serviceMedia:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesFrontend.service | toYaml | nindent 6 }}
|
||||
|
||||
y-provider:
|
||||
yProvider:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.notesYProvider.registry | quote }}
|
||||
repository: {{ .Values.images.notesYProvider.repository | quote }}
|
||||
pullPolicy: "IfNotPresent"
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.notesYProvider.registry) (.Values.images.notesYProvider.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesYProvider.tag }}
|
||||
replicaCount: 1
|
||||
debug: true
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraEnvVars:
|
||||
- name: "NODE_EXTRA_CA_CERTS"
|
||||
value: "/etc/ssl/certs/cacert.pem"
|
||||
extraVolumes:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-ca-tls"
|
||||
items:
|
||||
- key: "ca.crt"
|
||||
path: "ca-certificates.crt"
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
mountPath: "/etc/ssl/certs/cacert.pem"
|
||||
subPath: "ca-certificates.crt"
|
||||
{{- end }}
|
||||
containerSecurityContext:
|
||||
resources:
|
||||
{{ .Values.resources.notesYProvider | toYaml | nindent 4 }}
|
||||
replicas: {{ .Values.replicas.notesYProvider }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
ingressCollaborationApi:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesYProvider.ingressCollaborationAPI | toYaml | nindent 6 }}
|
||||
ingressCollaborationWs:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesYProvider.ingressCollaborationWS | toYaml | nindent 6 }}
|
||||
envVars:
|
||||
COLLABORATION_BACKEND_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_LOGGING: {{ if .Values.debug.enabled }}"true"{{ else }}"false"{{ end }}
|
||||
COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
Y_PROVIDER_API_KEY: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesYProvider.pod | toYaml | nindent 4 }}
|
||||
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesYProvider.service | toYaml | nindent 6 }}
|
||||
|
||||
oidc:
|
||||
clientId: "opendesk-notes"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
|
||||
aiApiKey: {{ .Values.ai.apiKey }}
|
||||
aiBaseUrl: {{ .Values.ai.endpoint }}
|
||||
|
||||
djangoSuperUserEmail: "default.admin@{{ .Values.global.domain }}"
|
||||
djangoSuperUserPass: {{ .Values.secrets.notes.superuser }}
|
||||
djangoSecretKey: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
|
||||
backend:
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry) (.Values.images.notesBackend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesBackend.tag }}
|
||||
replicas: {{ .Values.replicas.notesBackend }}
|
||||
envVars:
|
||||
DB_HOST: {{ .Values.databases.notes.host | quote }}
|
||||
DB_NAME: {{ .Values.databases.notes.name | quote }}
|
||||
DB_USER: {{ .Values.databases.notes.username | quote }}
|
||||
DB_PASSWORD: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
DB_PORT: {{ .Values.databases.notes.port | quote }}
|
||||
POSTGRES_DB: {{ .Values.databases.notes.name | quote }}
|
||||
POSTGRES_USER: {{ .Values.databases.notes.username | quote }}
|
||||
POSTGRES_PASSWORD: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
FRONTEND_THEME: "openDesk"
|
||||
REDIS_URL: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
|
||||
AWS_S3_ENDPOINT_URL: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
AWS_S3_ACCESS_KEY_ID: {{ .Values.objectstores.notes.username }}
|
||||
AWS_S3_SECRET_ACCESS_KEY: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
|
||||
AWS_STORAGE_BUCKET_NAME: {{ .Values.objectstores.notes.bucket }}
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
DJANGO_SITE_DOMAIN: {{ printf "%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
DJANGO_SITE_NAME: {{ printf "%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
DJANGO_CONFIGURATION: Production
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
DJANGO_SETTINGS_MODULE: impress.settings
|
||||
DJANGO_SUPERUSER_PASSWORD: {{ .Values.secrets.notes.superuser }}
|
||||
DJANGO_EMAIL_BRAND_NAME: "openDesk"
|
||||
DJANGO_EMAIL_LOGO_IMG: {{ printf "https://%s.%s/univention/portal/icons/entries/swp.notes.svg" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
DJANGO_EMAIL_FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
DJANGO_EMAIL_HOST: "postfix"
|
||||
DJANGO_EMAIL_PORT: 25
|
||||
DJANGO_EMAIL_USE_SSL: False
|
||||
DJANGO_EMAIL_HOST_USER: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
DJANGO_EMAIL_HOST_PASSWORD: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
DJANGO_EMAIL_USE_TLS: False
|
||||
OIDC_RP_CLIENT_ID: "opendesk-notes"
|
||||
OIDC_RP_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
OIDC_OP_JWKS_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
OIDC_OP_TOKEN_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
OIDC_OP_USER_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||
OIDC_OP_LOGOUT_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid opendesk-notes-scope"
|
||||
OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
|
||||
OIDC_USERINFO_FULLNAME_FIELDS: "given_name,family_name"
|
||||
USER_OIDC_ESSENTIAL_CLAIMS: "email"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: {{ printf "https://%s.%s/*" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{}"
|
||||
OIDC_RENEW_ID_TOKEN: "False"
|
||||
LOGIN_REDIRECT_URL: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
LOGIN_REDIRECT_URL_FAILURE: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
LOGOUT_REDIRECT_URL: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
AI_BASE_URL: {{ .Values.ai.endpoint | quote }}
|
||||
AI_API_KEY: {{ .Values.ai.apiKey | quote }}
|
||||
AI_MODEL: {{ .Values.ai.model | quote }}
|
||||
Y_PROVIDER_API_KEY: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
Y_PROVIDER_API_BASE_URL: {{ printf "https://%s.%s/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_API_URL: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
COLLABORATION_WS_URL: {{ printf "wss://%s.%s/collaboration/ws/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
FRONTEND_HOMEPAGE_FEATURE_ENABLED: False
|
||||
FRONTEND_FOOTER_FEATURE_ENABLED: False
|
||||
migrate:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
python manage.py migrate --no-input
|
||||
restartPolicy: Never
|
||||
|
||||
migrateJobAnnotations:
|
||||
{{ .Values.annotations.notesBackend.migrateJob | toYaml | nindent 4 }}
|
||||
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
python manage.py createsuperuser --email default.admin@{{ .Values.global.domain }} --password {{ .Values.secrets.notes.superuser }}
|
||||
restartPolicy: Never
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesBackend.pod | toYaml | nindent 4 }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.notesBackend | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesBackend.service | toYaml | nindent 6 }}
|
||||
|
||||
...
|
||||
|
||||
@@ -10,7 +10,8 @@ repositories:
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url:
|
||||
"{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/{{ .Values.charts.nubus.repository }}"
|
||||
# FIXME: Place coalesce back after testing upgrade - coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default
|
||||
"{{ .Values.charts.nubus.registry }}/{{ .Values.charts.nubus.repository }}"
|
||||
# Intercom Service
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
|
||||
- name: "intercom-service-repo"
|
||||
|
||||
@@ -113,11 +113,6 @@ global:
|
||||
token_validity_period: 172800
|
||||
blacklist:
|
||||
groups: __DELETE_KEY__
|
||||
limit:
|
||||
total:
|
||||
day: {{ .Values.security.passwordResetLimits.day }}
|
||||
hour: {{ .Values.security.passwordResetLimits.hour }}
|
||||
minute: {{ .Values.security.passwordResetLimits.minute }}
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
@@ -1318,8 +1313,6 @@ nubusStackDataUms:
|
||||
portalLinkFeedback: {{ .Values.functional.portal.linkFeedback | quote }}
|
||||
oxDefaultContext: "1"
|
||||
oxContextHidden: true
|
||||
oxSystemUserPassword: {{ .Values.secrets.nubus.ldapSearch.ox }}
|
||||
portalOxLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
|
||||
ldapSearchUsers:
|
||||
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
||||
@@ -1553,6 +1546,7 @@ nubusKeycloakBootstrap:
|
||||
twoFactorAuthentication:
|
||||
enabled: true
|
||||
group: "2fa-users"
|
||||
legacy: true
|
||||
config:
|
||||
debug:
|
||||
enabled: {{ .Values.debug.enabled }}
|
||||
@@ -1571,7 +1565,7 @@ nubusKeycloakBootstrap:
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsKeycloakBootstrap | toYaml | nindent 6 }}
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
||||
registry: {{ .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakBootstrap.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloakBootstrap.tag }}
|
||||
# NOTE: The subchart does not yet fully support
|
||||
|
||||
@@ -240,35 +240,9 @@ appsuite:
|
||||
open-xchange-admin-soap: "enabled"
|
||||
open-xchange-admin-soap-usercopy: "enabled"
|
||||
open-xchange-admin-user-copy: "enabled"
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
migration:
|
||||
values:
|
||||
packages:
|
||||
status:
|
||||
open-xchange-oidc: "disabled"
|
||||
open-xchange-authentication-masterpassword: "enabled"
|
||||
properties:
|
||||
com.openexchange.calendar.allowOrganizerPartStatChanges: "true"
|
||||
propertiesFiles:
|
||||
/opt/open-xchange/etc/masterpassword-authentication.properties:
|
||||
com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
|
||||
services:
|
||||
- type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- end }}
|
||||
{{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
|
||||
scaling:
|
||||
nodes:
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
migration:
|
||||
replicas: 1
|
||||
roles:
|
||||
- "migration"
|
||||
{{- end }}
|
||||
{{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
|
||||
groupware:
|
||||
replicas: {{ .Values.replicas.openxchangeCoreMW }}
|
||||
roles:
|
||||
@@ -280,16 +254,7 @@ appsuite:
|
||||
replicas: 1
|
||||
roles:
|
||||
- "admin"
|
||||
{{- else }}
|
||||
groupware:
|
||||
replicas: {{ .Values.replicas.openxchangeCoreMW }}
|
||||
roles:
|
||||
- "http-api"
|
||||
- "sync"
|
||||
- "businessmobility"
|
||||
- "request-analyzer"
|
||||
- "admin"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
masterAdmin: "admin"
|
||||
masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
|
||||
hzGroupName: "hzgroup"
|
||||
@@ -354,8 +319,13 @@ appsuite:
|
||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||
packages:
|
||||
status:
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
open-xchange-oidc: "disabled"
|
||||
open-xchange-authentication-masterpassword: "enabled"
|
||||
{{- else }}
|
||||
open-xchange-oidc: "enabled"
|
||||
open-xchange-authentication-masterpassword: "disabled"
|
||||
{{- end }}
|
||||
open-xchange-authentication-oauth: "disabled"
|
||||
open-xchange-authentication-database: "disabled"
|
||||
open-xchange-authentication-ldap: "disabled"
|
||||
@@ -436,7 +406,7 @@ appsuite:
|
||||
com.openexchange.mail.login.resolver.ldap.contextNameAttribute: "oxContextIDNum"
|
||||
com.openexchange.mail.login.resolver.ldap.entitySearchFilter: "(&(oxContextIDNum=[cid])(uid=[uname]))"
|
||||
com.openexchange.mail.login.resolver.ldap.mailLoginAttribute: "entryUUID"
|
||||
# Requirements for OX Connector
|
||||
# Requirements for OX-Connector
|
||||
com.openexchange.user.enforceUniqueDisplayName: "false"
|
||||
com.openexchange.folderstorage.database.preferDisplayName: "false"
|
||||
# Mailfilter
|
||||
@@ -532,6 +502,10 @@ appsuite:
|
||||
com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey | quote }}
|
||||
com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
|
||||
propertiesFiles:
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
/opt/open-xchange/etc/masterpassword-authentication.properties:
|
||||
com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
|
||||
{{- end }}
|
||||
/opt/open-xchange/etc/AdminDaemon.properties:
|
||||
MASTER_ACCOUNT_OVERRIDE: "true"
|
||||
/opt/open-xchange/etc/AdminUser.properties:
|
||||
|
||||
@@ -65,7 +65,7 @@ resourcesWaitForDependency:
|
||||
|
||||
persistence:
|
||||
size: {{ .Values.persistence.storages.oxConnector.size | quote }}
|
||||
#storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
||||
storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.nubusOxConnector.pod | toYaml | nindent 2 }}
|
||||
|
||||
@@ -46,6 +46,10 @@ postfix:
|
||||
hostname: "postfix"
|
||||
inetProtocols: "ipv4"
|
||||
milterDefaultAction: "tempfail"
|
||||
overrides:
|
||||
- fileName: "sasl_passwd.map"
|
||||
content:
|
||||
- {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
|
||||
{{- if .Values.apps.dkimpy.enabled }}
|
||||
dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892"
|
||||
{{- end }}
|
||||
@@ -54,17 +58,7 @@ postfix:
|
||||
smtpdTLSMandatoryCiphers: "high"
|
||||
|
||||
rspamdHost: ""
|
||||
{{- if .Values.smtp.host }}
|
||||
relayHost:
|
||||
enabled: true
|
||||
host: {{ .Values.smtp.host }}
|
||||
port: {{ .Values.smtp.port }}
|
||||
authentication:
|
||||
username:
|
||||
value: {{ .Values.smtp.username }}
|
||||
password:
|
||||
value: {{ .Values.smtp.password }}
|
||||
{{- end }}
|
||||
relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
|
||||
allowRelayNets: false
|
||||
smtpSASLAuthEnable: "yes"
|
||||
smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map"
|
||||
|
||||
@@ -54,24 +54,19 @@ postfix:
|
||||
hostname: "postfix"
|
||||
inetProtocols: "ipv4"
|
||||
milterDefaultAction: "accept"
|
||||
overrides:
|
||||
- fileName: "sasl_passwd.map"
|
||||
content:
|
||||
- {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
|
||||
{{- if .Values.apps.dkimpy.enabled }}
|
||||
dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892"
|
||||
{{- end }}
|
||||
rspamdHost: ""
|
||||
{{- if .Values.smtp.host }}
|
||||
relayHost:
|
||||
enabled: true
|
||||
host: {{ .Values.smtp.host }}
|
||||
port: {{ .Values.smtp.port }}
|
||||
authentication:
|
||||
username:
|
||||
value: {{ .Values.smtp.username }}
|
||||
password:
|
||||
value: {{ .Values.smtp.password }}
|
||||
{{- end }}
|
||||
relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
|
||||
|
||||
# Warning: This setting allows unauthenticated mail relay from relayNets!
|
||||
allowRelayNets: true
|
||||
relayNets: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||
allowRelayNets: true
|
||||
|
||||
minTLSVersion: "TLSv1.3"
|
||||
smtpdTLSMandatoryCiphers: "high"
|
||||
|
||||
@@ -12,6 +12,6 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
|
||||
name: "appsuite-public-sector-pro-chart"
|
||||
version: "1.19.197"
|
||||
version: "1.18.273"
|
||||
verify: false
|
||||
...
|
||||
|
||||
@@ -13,9 +13,9 @@ images:
|
||||
nextcloud:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
|
||||
tag: "31.0.6@sha256:07cd284179654739c8e6aea05e960ee7d3e3eb4cd09bd9a3e3747c69b9e2ec22"
|
||||
tag: "31.0.6@sha256:12e5009019a072ee9bf6c9a69f4ecbf00a0590f6a2f10155ab56a1a61b43baf9"
|
||||
openxchangeCoreMW:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
|
||||
tag: "8.39.70@sha256:94b6e9325dfa4c91587b761946151987dd49000727ab81d10a41fdc7c17ae2cb"
|
||||
tag: "8.38.73@sha256:2ddd6ce6e33a77aadc6043ad01026afbea09d28f7b0c469ab6fd412fb4ca8792"
|
||||
...
|
||||
|
||||
@@ -126,21 +126,20 @@ annotations:
|
||||
service: ~
|
||||
serviceMetrics: ~
|
||||
serviceAccount: ~
|
||||
notesBackend:
|
||||
createUserJob: ~
|
||||
ingress: ~
|
||||
notes:
|
||||
ingressAdmin: ~
|
||||
ingressCollaborationWS: ~
|
||||
ingressCollaborationAPI: ~
|
||||
ingressMedia: ~
|
||||
serviceMedia: ~
|
||||
notesBackend:
|
||||
migrateJob: ~
|
||||
pod: ~
|
||||
service: ~
|
||||
notesFrontend:
|
||||
ingressMedia: ~
|
||||
pod: ~
|
||||
service: ~
|
||||
serviceMedia: ~
|
||||
notesYProvider:
|
||||
ingressCollaborationAPI: ~
|
||||
ingressCollaborationWS: ~
|
||||
pod: ~
|
||||
service: ~
|
||||
nubus:
|
||||
|
||||
@@ -119,7 +119,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-well-known"
|
||||
version: "6.1.4"
|
||||
version: "6.1.3"
|
||||
verify: true
|
||||
home:
|
||||
# providerCategory: "Platform"
|
||||
@@ -129,7 +129,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-home"
|
||||
name: "opendesk-home"
|
||||
version: "1.1.0"
|
||||
version: "1.0.2"
|
||||
verify: true
|
||||
intercomService:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -251,7 +251,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud"
|
||||
version: "4.4.0"
|
||||
version: "4.3.1"
|
||||
verify: true
|
||||
nextcloudManagement:
|
||||
# providerCategory: "Platform"
|
||||
@@ -261,7 +261,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud-management"
|
||||
version: "4.4.0"
|
||||
version: "4.3.1"
|
||||
verify: true
|
||||
nextcloudNotifyPush:
|
||||
# providerCategory: "Platform"
|
||||
@@ -271,7 +271,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud-notifypush"
|
||||
version: "4.4.0"
|
||||
version: "4.3.1"
|
||||
verify: true
|
||||
nginx:
|
||||
# providerCategory: "Community"
|
||||
@@ -294,14 +294,14 @@ charts:
|
||||
version: "1.0.1"
|
||||
verify: true
|
||||
notes:
|
||||
# providerCategory: "Platform"
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# packageName=bmi/opendesk/components/platform-development/charts/opendesk-impress
|
||||
# upstreamRegistry: "https://gitlab.opencode.de"
|
||||
# packageName=bmi/opendesk/components/supplier/dinum/charts/notes
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-impress"
|
||||
repository: "bmi/opendesk/components/supplier/dinum/charts/notes"
|
||||
name: "impress"
|
||||
version: "1.0.0"
|
||||
version: "2.0.0"
|
||||
verify: true
|
||||
nubus:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -310,10 +310,12 @@ charts:
|
||||
# upstreamRepository: "nubus/charts/nubus"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["0", "19", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
# registry: "registry.opencode.de"
|
||||
# repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus-dev/charts"
|
||||
name: "nubus"
|
||||
version: "1.12.0"
|
||||
version: "1.12.0-pre-jtorres-kc-bootstrap"
|
||||
verify: true
|
||||
opendeskAlerts:
|
||||
# providerCategory: "Platform"
|
||||
@@ -353,7 +355,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files"
|
||||
name: "opendesk-static-files"
|
||||
version: "4.0.2"
|
||||
version: "4.0.1"
|
||||
verify: true
|
||||
openproject:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -397,7 +399,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
|
||||
name: "appsuite-public-sector"
|
||||
version: "2.21.167"
|
||||
version: "2.20.247"
|
||||
verify: false
|
||||
oxAppSuiteBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
@@ -419,7 +421,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "ox-connector"
|
||||
version: "0.27.2"
|
||||
version: "0.19.0"
|
||||
verify: true
|
||||
postfix:
|
||||
# providerCategory: "Platform"
|
||||
@@ -429,7 +431,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
|
||||
name: "postfix"
|
||||
version: "5.0.0"
|
||||
version: "4.0.0"
|
||||
verify: true
|
||||
postgresql:
|
||||
# providerCategory: "Platform"
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
---
|
||||
global:
|
||||
systemInformation:
|
||||
releaseVersion: "v1.7.0"
|
||||
releaseVersion: "v1.6.0"
|
||||
...
|
||||
|
||||
@@ -320,7 +320,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
tag: "31.0.6@sha256:4b99dc24ac61db1e5159fbb63e4c9f4178155fba821a9f5552060264b3dd6e31"
|
||||
tag: "31.0.6@sha256:f881cde15c41df21177a1edf3cc08ed5abe88627a5a44fdb42caacdcfe25de19"
|
||||
nextcloudExporter:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -438,9 +438,9 @@ images:
|
||||
# upstreamRepository: "nubus/images/keycloak-bootstrap"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["0", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
|
||||
tag: "0.15.2@sha256:207cb4355cead96c8dbfc5c89f77e591c226ebbcac1079c08e6f0eeb8183acea"
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus-dev/images/keycloak-bootstrap"
|
||||
tag: "keycloak-bootstrap@sha256:c8c3f6650afea4511e6e87fe1991e94b969cc946dac919c30f3a283fd2759516"
|
||||
nubusKeycloakExtensionHandler:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -508,7 +508,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "34", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-update-univention-object-identifier"
|
||||
tag: "0.39.1@sha256:3c1ff735df4f4c133bdb3d6a833cc081c7a31e8efcb84c63ed046cd6840469e5"
|
||||
tag: "0.37.1@sha256:0715b8c98390337f230c04e88ed63142b94faf590bb2cb1dacb41390b2e8edf0"
|
||||
nubusNats:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -578,7 +578,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "10", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
|
||||
tag: "0.27.2@sha256:7bb54f5ae0e797172fb92bd7a8a479f179ebd51c1fb5af98fa7b6025f9ffaca4"
|
||||
tag: "0.11.1@sha256:e57df5c02d0480ccf1d299964e3c676d92440d5e959b4f587945f08624da3ae9"
|
||||
nubusPortalConsumer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -786,7 +786,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "6", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-guidedtours"
|
||||
tag: "8.6.19@sha256:2c8abc8385090bac03c4540c176ec9c51cd73b0a5a477840d7250ead10701770"
|
||||
tag: "8.6.17@sha256:27178fc42f2334385f1d206e4e7991d4953a102f114729d186b61c0d40babb4f"
|
||||
openxchangeCoreMW:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -796,7 +796,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "51"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
|
||||
tag: "8.39.71@sha256:eb5a1e124e8d98aeac2bd32dab8ec690aa71c8e49e5c57916452c471e1afd628"
|
||||
tag: "8.38.73@sha256:610d4bab888e5749ff918a782ba1c33ed4aa8da9e13d5be4ad71ca2f698d4044"
|
||||
openxchangeCoreUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -806,7 +806,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
|
||||
tag: "8.39.1@sha256:d25119e36689231d09d747c32c14439d073318f6fd7d084761525579b636ee93"
|
||||
tag: "8.38.1@sha256:77bf250df7ac465006576d5e1e0a8420ce6d0fce622b749c6da318793b88490c"
|
||||
openxchangeCoreUIMiddleware:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -816,7 +816,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "0", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui-middleware"
|
||||
tag: "2.1.3@sha256:5a9259ef6cb155a8e5b94d567af00d8899934550565fbf109ab17200cf5df7f4"
|
||||
tag: "2.1.2@sha256:36fe59a047fa466bef6fcdeed1ed8e4bbeaf7824c37c63e3bfe7262cd135cb9e"
|
||||
openxchangeCoreUserGuide:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -826,7 +826,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "799279"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
|
||||
tag: "8.39.1471602@sha256:4a02e72caca3e21c2919960167f28962de7e70161dad6f7916e8d3b8e104768e"
|
||||
tag: "8.38.1408226@sha256:1a18c6c7b6a7a0f16376a9c298e65a13a4b482f6df1351582250a88571f1fa73"
|
||||
openxchangeDocumentConverter:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -836,7 +836,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
|
||||
tag: "8.39.1842@sha256:a405aface2a9a187c66b2862bc724ee075ebc0209c931abd3478f3cafaf137f7"
|
||||
tag: "8.38.1817@sha256:d7537574765e19e7c9e13fe936c1a4c69b39bda216abcd000dad9f93fbb62f7b"
|
||||
openxchangeGotenberg:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -856,7 +856,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["4", "2", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/guard-ui"
|
||||
tag: "8.33.4@sha256:e73afec3d549943379fdb12dde1ab14d53c6fafac221e2512c6641ac71c65b3f"
|
||||
tag: "8.33.2@sha256:920b5ac87128f30c176c0ae75c6bedd32d226a97c6c5a822235606c39992ee9a"
|
||||
openxchangeImageConverter:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -866,7 +866,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
|
||||
tag: "8.39.2122@sha256:d025984017d9a70473a4217bd9b815df08cfa9941137e6f02c024917061313a6"
|
||||
tag: "8.38.2105@sha256:9c79f29712c5a5479bc1a08e127c65415a50a63954b244c1d34a570f5f3ed1f6"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -876,7 +876,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "2", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/nextcloud-integration-ui"
|
||||
tag: "1.4.2@sha256:b52b0d1735e545fb6ec1cb064aa229135b0503295e8ac672a06816a364a7a18e"
|
||||
tag: "1.4.1@sha256:423d596b52ab32778d7227d98ccc719f98395a00d95ff0bcac826665b59e1937"
|
||||
openxchangePublicSectorUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -896,7 +896,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "4", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-connector-standalone"
|
||||
tag: "0.27.2@sha256:4753a1d4a01acb7c6946fc9c8596fd328afe0d3c0b3098adfe85cef89fb1b7d7"
|
||||
tag: "0.19.0@sha256:447e3c3e0cdd8bf1f86004d2088c24fcf6141ff6fef78ade8dfe86f7f16ba40e"
|
||||
postfix:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
|
||||
@@ -46,7 +46,6 @@ persistence:
|
||||
#storageClassName: ""
|
||||
oxConnector:
|
||||
size: "1Gi"
|
||||
# This value is not passed on to the related Helm chart yet, but required for linting purposes.
|
||||
storageClassName: ~
|
||||
postfix:
|
||||
size: "1Gi"
|
||||
|
||||
@@ -12,11 +12,4 @@ security:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: "ingress-nginx"
|
||||
namespace: "ingress-nginx"
|
||||
|
||||
# Global limits for how often a password reset action can be requested.
|
||||
# Defaults are taken from the nubus stack-data-ums chart and should work with most small to medium installations
|
||||
passwordResetLimits:
|
||||
day: 1000
|
||||
hour: 200
|
||||
minute: 120
|
||||
...
|
||||
|
||||
Reference in New Issue
Block a user