mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
42 Commits
jtorres/ic
...
docs/nubus
| Author | SHA1 | Date | |
|---|---|---|---|
|
c8edd970bb | ||
|
|
6d300304ee | ||
|
|
da79f3b286 | ||
|
|
ed5bf231cc | ||
|
|
f4faebaf68 | ||
|
|
574acb5976 | ||
|
|
44d5e5a2b5 | ||
|
|
984b23c73b | ||
|
|
abca53d02f | ||
|
|
a159724abd | ||
|
|
8c1b0802a0 | ||
|
|
000af5a604 | ||
|
|
ba9560d14b | ||
|
|
0c91117575 | ||
|
|
6c67eca7aa | ||
|
|
0e21d2cea5 | ||
|
|
a13cf63024 | ||
|
|
28a6528528 | ||
|
|
2926e2c93a | ||
|
|
6796f320f7 | ||
|
|
63562c1aae | ||
|
|
1c643ac8ff | ||
|
|
4811b570e7 | ||
|
|
0e69f38fef | ||
|
|
3983c608be | ||
|
|
174951cd51 | ||
|
|
16dfd255c6 | ||
|
|
669995bb95 | ||
|
|
6d329e18cf | ||
|
|
6438284090 | ||
|
|
a63d7cb861 | ||
|
|
4602396583 | ||
|
|
b9656772a9 | ||
|
|
4403dfe720 | ||
|
|
31ec1003c0 | ||
|
|
4cda827f55 | ||
|
|
96f18196c5 | ||
|
|
eac214e364 | ||
|
|
3ad285a869 | ||
|
|
e4d9106c45 | ||
|
|
7f60ab3b7a | ||
|
|
4c7422a411 |
@@ -1,12 +1,11 @@
|
||||
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
include:
|
||||
- project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
|
||||
ref: "v2.4.3"
|
||||
ref: "v2.4.8"
|
||||
file:
|
||||
- "ci/common/automr.yml"
|
||||
- "ci/common/lint.yml"
|
||||
- "ci/release-automation/semantic-release.yml"
|
||||
- local: "/.gitlab/generate/generate-docs.yml"
|
||||
@@ -32,7 +31,6 @@ stages:
|
||||
- ".pre"
|
||||
- "renovate"
|
||||
- "scan"
|
||||
- "automr"
|
||||
- "env-cleanup"
|
||||
- "env"
|
||||
- "pre-services-deploy"
|
||||
@@ -70,7 +68,7 @@ variables:
|
||||
- "no"
|
||||
DEBUG_ENABLED:
|
||||
description: "Allows to set `debug.enabled` to true for a deployment, needs to be supported by stage specific\
|
||||
configuration containting: `debug.enabled: {{ env \"DEBUG_ENABLED\" | default false }}`"
|
||||
configuration containing: `debug.enabled: {{ env \"DEBUG_ENABLED\" | default false }}`"
|
||||
value: "no"
|
||||
options:
|
||||
- "yes"
|
||||
@@ -154,6 +152,12 @@ variables:
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
DEPLOY_NOTES:
|
||||
description: "Enable Notes deployment."
|
||||
value: "no"
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
RUN_TESTS:
|
||||
description: "Triggers execution of E2E-tests."
|
||||
value: "no"
|
||||
@@ -183,10 +187,17 @@ variables:
|
||||
GRACE_PERIOD is the period in seconds that should be waited before running the tests."
|
||||
value: "0"
|
||||
|
||||
# Declare .environments which is in `opendesk-env` repository. In case it is not available
|
||||
# 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
|
||||
.environments:
|
||||
cache: {}
|
||||
|
||||
.deploy-common:
|
||||
cache: {}
|
||||
dependencies: []
|
||||
extends: ".environments"
|
||||
environment:
|
||||
name: "${NAMESPACE}"
|
||||
image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:1.1.0\
|
||||
@sha256:74f349066ac5d20e3afaa6abd28781b4c8dc086f67e3d3c1b8345e4a9c3371b1"
|
||||
script:
|
||||
@@ -208,9 +219,6 @@ variables:
|
||||
|
||||
env-cleanup:
|
||||
extends: ".deploy-common"
|
||||
environment:
|
||||
name: "${NAMESPACE}"
|
||||
action: "stop"
|
||||
needs: []
|
||||
rules:
|
||||
- if: >
|
||||
@@ -444,6 +452,18 @@ jitsi-deploy:
|
||||
variables:
|
||||
COMPONENT: "jitsi"
|
||||
|
||||
notes-deploy:
|
||||
stage: "050-components"
|
||||
extends: ".deploy-common"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NOTES != "no")
|
||||
when: "on_success"
|
||||
variables:
|
||||
COMPONENT: "notes"
|
||||
|
||||
element-deploy:
|
||||
stage: "050-components"
|
||||
extends: ".deploy-common"
|
||||
@@ -458,8 +478,6 @@ element-deploy:
|
||||
|
||||
fetch-administrator-credentials:
|
||||
extends: ".deploy-common"
|
||||
environment:
|
||||
name: "${NAMESPACE}"
|
||||
stage: "post-prepare"
|
||||
rules:
|
||||
- if: >
|
||||
@@ -592,7 +610,7 @@ avscan-prepare:
|
||||
| del(.[].repository)
|
||||
| del(.[].tag)
|
||||
| del(.[].registry)'
|
||||
helmfile/environments/default/images.yaml
|
||||
helmfile/environments/default/images.yaml.gotmpl
|
||||
>> dynamic-scans.yml
|
||||
artifacts:
|
||||
paths:
|
||||
@@ -613,11 +631,6 @@ avscan-start:
|
||||
job: "avscan-prepare"
|
||||
strategy: "depend"
|
||||
|
||||
# Declare .environments which is in `opendesk-env` repository. In case it is not available
|
||||
# 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
|
||||
.environments:
|
||||
cache: {}
|
||||
|
||||
# Overwrite shared settings
|
||||
.common-semantic-release:
|
||||
image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release:1.1.0"
|
||||
@@ -685,7 +698,7 @@ release:
|
||||
- |
|
||||
cat << 'EOF' > ${CI_PROJECT_DIR}/.releaserc
|
||||
{
|
||||
"branches": ["${RELEASE_BRANCH}"],
|
||||
"branches": ["main"],
|
||||
"plugins": [
|
||||
"@semantic-release/gitlab",
|
||||
"@semantic-release/release-notes-generator",
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
variables:
|
||||
OPENDESK_CI_CLI_IMAGE: "registry.opencode.de/bmi/opendesk/tooling/opendesk-ci-cli:2.5.3\
|
||||
@sha256:1296e8590b59f02311881307bb14c58b72bafc92a58e7e7e7212508abf902b00"
|
||||
OPENDESK_LINT_IMAGE: "registry.opencode.de/bmi/opendesk/components/platform-development/images/ci-lint:1.0.8\
|
||||
@sha256:59e714cad38e873cf8a9a132af76ad868b46a51ed12d0bd45477f328c0136991"
|
||||
OPENDESK_CI_CLI_IMAGE: "registry.opencode.de/bmi/opendesk/tooling/opendesk-ci-cli:2.7.1\
|
||||
@sha256:f09e36a4ad4b3a3a9ed260d6f36293002e39866a877c0a6b1efa16a88b8fd107"
|
||||
OPENDESK_LINT_IMAGE: "registry.opencode.de/bmi/opendesk/components/platform-development/images/ci-lint:1.0.14\
|
||||
@sha256:34d2a96e5fc25155abd48fef4d335b131c71d8cbc00ad531df0cae9918b9f2ab"
|
||||
|
||||
.common:
|
||||
cache: {}
|
||||
|
||||
@@ -16,6 +16,7 @@ lint-kyverno:
|
||||
- "element"
|
||||
- "jitsi"
|
||||
- "nextcloud"
|
||||
- "notes"
|
||||
- "nubus"
|
||||
- "open-xchange"
|
||||
- "opendesk-migrations-post"
|
||||
@@ -30,7 +31,11 @@ lint-kyverno:
|
||||
- >
|
||||
node /app/opendesk-ci-cli/src/index.js generate-kyverno-env
|
||||
-d ${CI_PROJECT_DIR}/helmfile/environments
|
||||
-x ${CI_PROJECT_DIR}/.kyverno/_overwrite.yaml
|
||||
- "helmfile template -e test --include-needs --skip-tests > ${CI_PROJECT_DIR}/.kyverno/opendesk.yaml"
|
||||
- >
|
||||
node /app/opendesk-ci-cli/src/index.js remove-empty-keys
|
||||
-f ${CI_PROJECT_DIR}/.kyverno/opendesk.yaml
|
||||
- "cd ${CI_PROJECT_DIR}/.kyverno"
|
||||
# Test optional
|
||||
- >
|
||||
|
||||
6
.kyverno/_overwrite.yaml
Normal file
6
.kyverno/_overwrite.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
replicas:
|
||||
umsLdapServerPrimary: 2
|
||||
...
|
||||
84
CHANGELOG.md
84
CHANGELOG.md
@@ -1,3 +1,87 @@
|
||||
# [1.1.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.0.0...v1.1.0) (2024-12-24)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **cassandra:** Prepare cassandra for openDesk Enterprise. ([508e286](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/508e28623258542a4082e79ed75ce1e5758ae2e0))
|
||||
* **cassandra:** Remove values in charts.yaml for enterprise components. ([c0cbb76](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c0cbb76921b5108d084640baf3e607e9fc6557c7))
|
||||
* **ci:** Explicitly set RELEASE_BRANCH (to `main`) for scan and release steps ([e5ad0bb](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e5ad0bb2e028dafab0ba29fb2e9b0d207b8795fd))
|
||||
* **ci:** Reduce Kyverno linting issues ([e4d9106](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e4d9106c457e018922dcc730df0570d41f3ec2aa))
|
||||
* **collabora:** Add/update Helmfile for Collabora Controller to be used in EE deployments ([a63d7cb](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/a63d7cb8614bfa7d26d997ffdf3ea807ae187664))
|
||||
* **collabora:** Update to 24.04.9.2. ([407f2be](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/407f2be2ad2d40813bb37e0ba302ef14e3a06bd9))
|
||||
* **docs:** Add `architecture.md` and `apis.md` ([7710858](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/77108587c71dee16ecf539608838c8c9064a66f8))
|
||||
* **docs:** Add GitOps / Argo CD documentation ([bbe7550](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/bbe7550c4617b4799190192b5316ac04295e9e88))
|
||||
* **docs:** Update and streamline README.md and migrations.md. ([a86c0af](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/a86c0afdbb7fa1230aa90cf210323969fd580431))
|
||||
* **element:** Add extensive database options ([9e102e2](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/9e102e2d1b9d6621b9c5d6ed0643432e8879f663))
|
||||
* **element:** Prepare element for openDesk Enterprise. ([00a1a93](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/00a1a9394ee3544b1a0d7b3e975c36830ba8b13c))
|
||||
* **element:** Rename release opendesk-element to opendesk-element-web ([1213ecc](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1213ecc425041ac4adba99a0ae2d8188932a7d9f))
|
||||
* **element:** Switch `element-web` base image to Alpine ([47ce294](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/47ce29440388370f7d63e373eeda90d067830ebd))
|
||||
* **element:** Toggle IPv4-only mode depending on cluster.networking.ipFamilies ([627b9c1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/627b9c1e8464fd9529ddf50f171031053710323c))
|
||||
* **element:** Update Matrix Meetings Bot to 2.8.2 ([4403dfe](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4403dfe720982a8339043951a4dfc88bfb0af57c))
|
||||
* **element:** Update Synapse to 1.120.2 and Element to 1.11.87 update also related containers ([9d7644d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/9d7644dc04c9ef97449680e5197f2129d62d56f8))
|
||||
* **helmfile:** Add `opendesk-static-files` to `opendesk-services` to serve favicons ([6438284](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6438284090f3e552843679c1ea62b5538be5dff9))
|
||||
* **helmfile:** Add Redis username and tls option ([564fb2d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/564fb2d7c7190a91446293ce21950701503ecbb7))
|
||||
* **helmfile:** Allow usage of pre-defined CA certificates. ([0738fa0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/0738fa080d61f0e6c084dd8fd5e09635469b1dca))
|
||||
* **helmfile:** Auto-redirect user to login dialogue, please read migrations.md for more details ([a9c8dfe](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/a9c8dfeab125510a7d9a137e16b14685155aa441))
|
||||
* **helmfile:** Remove `default.user` and `default.admin` for new deployments. ([54f9e4c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/54f9e4c3f8fd425bde1272e3eec490efa30461f7))
|
||||
* **helmfile:** Remove `theme` subtree from the migration's `.Values` secret to avoid a bloated secret hitting limits in certain clusters setups and GitOps tools. ([b6725dd](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b6725dddc19f22e142a214c02aef5139b2921d5a))
|
||||
* **helmfile:** Splitting the directory `./helmfile/apps/services` into `-external` and `opendesk-` services, please read migrations.md for more details ([277a1f5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/277a1f5a65e340180feeb84cce2097be5a2157e1))
|
||||
* **helmfile:** Streamline `commonLabels.deployStage`. ([f969425](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f96942536f931e8f8eb714ce0503716b873b593b))
|
||||
* **helmfile:** Streamline `requests.cpu` in `resources.yaml` ([43f427e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/43f427e06a83aea8979e1b54f7ea7f2d24ab28cf))
|
||||
* **helmfile:** Streamline file extensions in `/helmfile/environments/default` to ([0e3b661](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/0e3b6615653d7bbe30b09e57428b1f5c19f171f8))
|
||||
* **helmfile:** Unify templating name for Open-Xchange to `openxchange` and for OX App Suite to `oxAppSuite`. ([6ff1fcd](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6ff1fcd438103534e78a5898f25fcea1080dfb86))
|
||||
* **helmfile:** Use dictionaries for defining `customization.yaml`, please read migrations.md for more details ([86ef0be](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/86ef0be542b0e34d76a85cb226e223a3e7dbc76e))
|
||||
* **jitsi:** Update Jitsi Helm chart and images. ([5c691e4](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/5c691e450821c81b363040b68ffba96e38d1712b))
|
||||
* **jitsi:** Update to 2.0.9823 and chart to 2.1.1 ([56ce335](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/56ce3355fcedf60595f33609848f6c8bd8644914))
|
||||
* **jitsi:** Update to switch the colors of `Hang up` and `End meeting for all` buttons. ([9dbb2b7](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/9dbb2b755caa8e6bda80bed691c54e66b1a63eb9))
|
||||
* **migrations:** Cleanup of jobs ([539a302](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/539a30263c9ce25ab7c6aa6607fd41cd1099315b))
|
||||
* **migrations:** Update to support Nubus 1.5.1 ([7f60ab3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7f60ab3b7a155c8f95bfcf139fa896cbc41ca767))
|
||||
* **nextcloud:** Add Redis TLS option ([1402593](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1402593556af9cf039878a1261b656424fc45c88))
|
||||
* **nextcloud:** Fix templating for nextcloud database name ([7f1f6cd](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7f1f6cdcd4385d24cf13cdf9425b615337a131de))
|
||||
* **nextcloud:** Fix templating for nextcloud database user ([c8c12a2](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c8c12a278e8d00f04c1c7b6dd7fbdf3826c89a19))
|
||||
* **nextcloud:** Support IPv4 only clusters ([b25ada1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b25ada1f603659cd551be23d62992e8fa6a0603d))
|
||||
* **nextcloud:** Trusted Proxy setting. ([bc0ca8b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/bc0ca8b4c1dfdcd046c9b4ddd1f63a28e6a5531a))
|
||||
* **nextcloud:** Update Chart to 3.6.1 and Image to 2.3.3 (including rollback to 29.0.8). Introducing setting for `functional.filestore.sharing.external.sendPasswordMail` ([18fcaa0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/18fcaa0331c9c94bb2f260f97fbadad44b019bb6))
|
||||
* **nextcloud:** Update to 29.0.9 incl. latest apps. ([c63cca7](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c63cca72a35cdeb35b8ea48d98a5c5d55982d145))
|
||||
* **notes:** Add `favicon.ico` via `opendesk-static-files` ([669995b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/669995bb95235a56f7b2387c4c582d6e7250e4a9))
|
||||
* **notes:** Add https to all endpoints ([174951c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/174951cd5145e83d776a9b4bda4f091d5b827402))
|
||||
* **nubus:** Add nginx s3 proxy when minio disabled ([b3b6ab5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b3b6ab5a61dc5bca13c8b1f4e6b716bbcad64e8c))
|
||||
* **nubus:** Enable Keycloak debug mode logging; add Keycloak specific section to debugging.md ([3b3679b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/3b3679bab150ece327ce1e132933820b1e3afa88))
|
||||
* **nubus:** Fix selfsigned certificate mounts ([b90bff3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b90bff30b35b91fff792f2d5d617de4cdba30f23))
|
||||
* **nubus:** Leader election on re-deployments ([b965677](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b9656772a9c743c9119a850e0b48cb39d68f48fa))
|
||||
* **nubus:** Start ums keycloak bootstrap already during Sync phase ([16dfd25](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/16dfd255c621b1da311fd6fee775f7397e5f6792))
|
||||
* **nubus:** Update external portal links and login screen background. ([901b1f5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/901b1f529e7d16a8164511bebac1e7f9a475d111))
|
||||
* **nubus:** Update to 1.4.0 ([2a94f2d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/2a94f2dd4bdfa039b4459b3711e171ee46172583))
|
||||
* **nubus:** Update to v1.5.1 ([4c7422a](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4c7422a411a4fa1ddc36430d363ae06226efb31d))
|
||||
* **nubus:** Use favicon with transparent background for portal ([1b13c3e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1b13c3ea658786420d960c8e67aed81f40067c0a))
|
||||
* **open-xchange:** Extend Dovecot LDAP filter to also match OX-Resources ([31ea6e0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/31ea6e0e08226afb8d9cba4370033fd6f742459b))
|
||||
* **open-xchange:** Fix truststore decrypt error on self-signed deployments ([8611d95](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/8611d95e5a4ab7b158ed8322676589c3d196b548))
|
||||
* **open-xchange:** Update AppSuite to 8.30, update Helm chart to 2.12.85 ([0c88699](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/0c886999174f87030af268c7fdd0beee11f01346))
|
||||
* **opendesk-services:** Update minio to 2024.12.13 ([4cda827](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4cda827f5554ed7ff92a85fc62f6908183181f9b))
|
||||
* **opendesk-services:** Update otterize Network Policies ([4602396](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4602396583c454a23b3458c54cb40e259f245163))
|
||||
* **openproject:** Bump Helm chart to 9.2 ([718eb45](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/718eb45e9c9961f1f792b59e232fd7da66916c7d))
|
||||
* **openproject:** Bump version to 15.0.2 ([c06e0bb](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c06e0bb8d4d04c8794dafddecc189d5f376d661e))
|
||||
* **openproject:** Update 15.1.0 image ([6d329e1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6d329e18cff8c6ebbbf1b0965801827079904f88))
|
||||
* **openproject:** Update branding and Helm chart to 9.0.1 ([d3b1916](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/d3b191644b0bf20cac1cd9f85ed4b4dc7c6b549d))
|
||||
* **openproject:** Update to 14.6.3 incl. latest Helm chart (8.3.2). ([4c82adf](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4c82adf668c7f90489bc4ae46426cf607e3425d8))
|
||||
* **postfix:** Added service type definition analogous to dovecot ([31ec100](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/31ec1003c0874a2920132c61d48a1a88e5569cb8))
|
||||
* **services:** Add template for certificate issuerRef.kind ([df144fe](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/df144fe3d3ffd70ca0b7e5aa4c2894b96d0138f1))
|
||||
* **services:** Update MariaDB chart to v3.0.3 in preparation for the use of external secrets. ([08feab1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/08feab1cfcc099d9b8caed2c4db9a97d4542a5ac))
|
||||
* **services:** Update Redis to 7.4.1 as required by OX Appsuite, please read migrations.md for more details ([5e0b2e2](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/5e0b2e26fc33d7befcb3f94d748e8e9d6f93f383))
|
||||
* **xwiki:** Fix templating for xwiki database port ([de15071](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/de15071ae9d6194d93f9a5fbb0033650b266eaf9))
|
||||
* **xwiki:** Set superadmin password account only when debug is enabled ([e2b3bd5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e2b3bd543fab7be512cef58382c4d62c48cd79b4))
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **helmfile:** Add grafana dashboards ([1441c57](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1441c5734f42b995505e6aa97f59bdb1eae32b1b))
|
||||
* **helmfile:** Add openDesk specific alerts ([f630a36](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f630a369da12ef7f19d5553c6dbd5955e414868f))
|
||||
* **helmfile:** Add template support for antivirus icap/milter ([83da87e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/83da87e9623be294753302686a8d8270c28bcc58))
|
||||
* **helmfile:** Allow custom/self-signed ca-certificates ([c71faf5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c71faf5e8011c42b02fd5025a9b1629300a4f1e3))
|
||||
* **jitsi:** Enable Jitsi room history by default. ([45add79](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/45add7981c3a50045caeadb7f2b0bc11254ae562))
|
||||
* Newsfeed in Portal based on XWiki blog feature ([3ad285a](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/3ad285a8695a32607c4bf0faea0747c7e685dcd6))
|
||||
* **notes:** Integrate Preview of Notes app ([96f1819](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/96f18196c53267dbd72cd28e6fbadf06448db93a))
|
||||
|
||||
# [1.0.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.9.0...v1.0.0) (2024-10-14)
|
||||
|
||||
|
||||
|
||||
10
README.md
10
README.md
@@ -14,6 +14,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Advanced customization](#advanced-customization)
|
||||
* [Architecture](#architecture)
|
||||
* [Releases](#releases)
|
||||
* [Data Storage](#data-storage)
|
||||
* [Feedback](#feedback)
|
||||
* [Development](#development)
|
||||
* [License](#license)
|
||||
@@ -29,12 +30,12 @@ openDesk currently features the following functional main components:
|
||||
|
||||
| Function | Functional Component | Component<br/>Version | Upstream Documentation |
|
||||
| -------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Chat & collaboration | Element ft. Nordeck widgets | [1.11.87](https://github.com/element-hq/element-desktop/releases/tag/v1.11.87) | [For the most recent release](https://element.io/user-guide) |
|
||||
| Chat & collaboration | Element ft. Nordeck widgets | [1.11.89](https://github.com/element-hq/element-desktop/releases/tag/v1.11.89) | [For the most recent release](https://element.io/user-guide) |
|
||||
| Diagram editor | CryptPad ft. diagrams.net | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||
| File management | Nextcloud | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8) | [Nextcloud 29](https://docs.nextcloud.com/) |
|
||||
| Groupware | OX App Suite | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Knowledge management | XWiki | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | [1.4.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Portal & IAM | Nubus | [1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Project management | OpenProject | [15.1.0](https://www.openproject.org/docs/release-notes/15-1-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
@@ -92,6 +93,11 @@ in the files from the release's git-tag:
|
||||
|
||||
Find more information in our [Workflow documentation](./docs/workflow.md).
|
||||
|
||||
# Data Storage
|
||||
|
||||
More information about different data storages used within openDesk are described in the
|
||||
[Data Storage documentation](./docs/data-storage.md).
|
||||
|
||||
# Feedback
|
||||
|
||||
We love to get feedback from you!
|
||||
|
||||
@@ -14,7 +14,7 @@ SPDX-FileCopyrightText = "2023 Bundesministerium des Innern und für Heimat, PG
|
||||
SPDX-License-Identifier = "CC0-1.0"
|
||||
|
||||
[[annotations]]
|
||||
path = "helmfile/files/theme/*"
|
||||
path = "helmfile/files/theme/**"
|
||||
SPDX-FileCopyrightText = "2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH"
|
||||
SPDX-License-Identifier = "Apache-2.0"
|
||||
|
||||
|
||||
132
cspell.json
132
cspell.json
@@ -4,79 +4,81 @@
|
||||
"dictionaryDefinitions": [],
|
||||
"dictionaries": [],
|
||||
"words": [
|
||||
"openDesk",
|
||||
"Addressbooks",
|
||||
"AppSuite",
|
||||
"Collabora",
|
||||
"Digitale",
|
||||
"Jitsi",
|
||||
"Nextcloud",
|
||||
"Öffentlichen",
|
||||
"OpenProject",
|
||||
"Souveränität",
|
||||
"Verwaltung",
|
||||
"Zentrum",
|
||||
"Keycloak",
|
||||
"NATS",
|
||||
"slapadd",
|
||||
"slapcat",
|
||||
"RDBMS",
|
||||
"Velero",
|
||||
"Univention",
|
||||
"OIDC",
|
||||
"kcadmin",
|
||||
"DMARC",
|
||||
"homeserver",
|
||||
"Bundesministerium",
|
||||
"Innern",
|
||||
"Heimat",
|
||||
"Projektgruppe",
|
||||
"Arbeitsplatz",
|
||||
"Aufbau",
|
||||
"Filepicker",
|
||||
"Weboffice",
|
||||
"Xchange",
|
||||
"opencode",
|
||||
"seccomp",
|
||||
"psql",
|
||||
"databasename",
|
||||
"helmfile",
|
||||
"gotmpl",
|
||||
"containerd",
|
||||
"letsencrypt",
|
||||
"CNCF",
|
||||
"kubespray",
|
||||
"ICAP",
|
||||
"bootstrap",
|
||||
"Bundesministerium",
|
||||
"Ceph",
|
||||
"clamav",
|
||||
"CNCF",
|
||||
"Collabora",
|
||||
"commandline",
|
||||
"configurability",
|
||||
"containerd",
|
||||
"Coturn",
|
||||
"Minio",
|
||||
"Kyverno",
|
||||
"Otterize",
|
||||
"IBAC",
|
||||
"pubkeys",
|
||||
"Grundschutz",
|
||||
"Kubescape",
|
||||
"Gitflow",
|
||||
"hadolint",
|
||||
"cryptpad",
|
||||
"databasename",
|
||||
"Digitale",
|
||||
"DMARC",
|
||||
"explorative",
|
||||
"Filepicker",
|
||||
"filestore",
|
||||
"Gitflow",
|
||||
"gotmpl",
|
||||
"Grundschutz",
|
||||
"hadolint",
|
||||
"Heimat",
|
||||
"helmfile",
|
||||
"helmfiles",
|
||||
"homeserver",
|
||||
"IBAC",
|
||||
"ICAP",
|
||||
"IMAPS",
|
||||
"Innern",
|
||||
"Jitsi",
|
||||
"kcadmin",
|
||||
"Keycloak",
|
||||
"Kubescape",
|
||||
"kubespray",
|
||||
"Kyverno",
|
||||
"letsencrypt",
|
||||
"localpart",
|
||||
"Minio",
|
||||
"NATS",
|
||||
"Nextcloud",
|
||||
"nindent",
|
||||
"Nordeck",
|
||||
"Nubus",
|
||||
"Souveräne",
|
||||
"Arbeitsplatz",
|
||||
"commandline",
|
||||
"helmfiles",
|
||||
"SMTPS",
|
||||
"IMAPS",
|
||||
"xwiki",
|
||||
"cryptpad",
|
||||
"clamav",
|
||||
"templating",
|
||||
"localpart",
|
||||
"Addressbooks",
|
||||
"filestore",
|
||||
"trashbin",
|
||||
"bootstrap",
|
||||
"configurability",
|
||||
"Öffentlichen",
|
||||
"OIDC",
|
||||
"opencode",
|
||||
"openDesk",
|
||||
"OpenProject",
|
||||
"Otterize",
|
||||
"Projektgruppe",
|
||||
"psql",
|
||||
"pubkeys",
|
||||
"RDBMS",
|
||||
"seccomp",
|
||||
"selfsigned",
|
||||
"truststore"
|
||||
"slapadd",
|
||||
"slapcat",
|
||||
"SMTPS",
|
||||
"Souveräne",
|
||||
"Souveränität",
|
||||
"templating",
|
||||
"trashbin",
|
||||
"truststore",
|
||||
"Univention",
|
||||
"Velero",
|
||||
"Verwaltung",
|
||||
"Videokonferenz",
|
||||
"Weboffice",
|
||||
"Xchange",
|
||||
"xwiki",
|
||||
"Zentrum"
|
||||
],
|
||||
"ignoreWords": [],
|
||||
"import": []
|
||||
|
||||
@@ -5,6 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
<h1>Architecture</h1>
|
||||
|
||||
<!-- TOC -->
|
||||
* [Overview](#overview)
|
||||
* [Nubus (IAM)](#nubus-iam)
|
||||
* [Authentication](#authentication)
|
||||
@@ -23,6 +24,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Central Contacts](#central-contacts)
|
||||
* [Central Navigation](#central-navigation)
|
||||
* [Filepicker](#filepicker)
|
||||
* [Newsfeed](#newsfeed)
|
||||
* [(OpenProject) File Store](#openproject-file-store)
|
||||
* [Applications vs. Services](#applications-vs-services)
|
||||
* [Collabora (Office)](#collabora-office)
|
||||
@@ -36,6 +38,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [XWiki (Knowledge management)](#xwiki-knowledge-management)
|
||||
* [Application specific user accounts](#application-specific-user-accounts)
|
||||
* [Footnotes](#footnotes)
|
||||
<!-- TOC -->
|
||||
|
||||
openDesk is designed as a [Kubernetes](https://kubernetes.io) deployment.
|
||||
|
||||
@@ -256,6 +259,7 @@ flowchart TD
|
||||
Intercom_Service-->|Silent Login, Token Exchange|IdP
|
||||
Intercom_Service-->|Filepicker|Nextcloud
|
||||
Intercom_Service-->|Central Navigations|Portal
|
||||
Intercom_Service-->|Newsfeed|XWiki
|
||||
OX-AppSuite_Backend-->|Filepicker|Nextcloud
|
||||
OX-AppSuite_Backend-->|Videoconferences|Element
|
||||
Nextcloud-->|Central Navigation|Portal
|
||||
@@ -264,6 +268,7 @@ flowchart TD
|
||||
XWiki-->|Central Navigation|Portal
|
||||
Nextcloud-->|Central Contacts|OX-AppSuite_Backend
|
||||
OX-AppSuite_Frontend-->|Filepicker|OX-AppSuite_Backend
|
||||
Portal-->|Newsfeed|Intercom_Service
|
||||
```
|
||||
|
||||
Details can be found in the upstream documentation that is linked in the respective sections.
|
||||
@@ -325,6 +330,14 @@ when adding a file to an email or storing a file into Nextcloud to avoid passing
|
||||
**Links**
|
||||
- [OX AppSuite Nextcloud Integration upstream documentation](https://gitlab.open-xchange.com/extensions/nextcloud-integration/-/tree/main/documentation).
|
||||
|
||||
## Newsfeed
|
||||
|
||||
The portal renders a newsfeed based on entries of a predefined openDesk blog in XWiki. It accesses the required XWiki
|
||||
service through the Intercom Service's `/wiki` endpoint, in combination with the previously described silent login.
|
||||
|
||||
**Links:**
|
||||
- [XWiki Blog feature](https://extensions.xwiki.org/xwiki/bin/view/Extension/Blog%20Application)
|
||||
|
||||
## (OpenProject) File Store
|
||||
|
||||
While OpenProject allows you to attach files to work packages directly, it is often preferred that the files are
|
||||
|
||||
@@ -51,6 +51,10 @@ This chapter presents APIs available in openDesk grouped by applications.
|
||||
* [Matrix Server-Server API](#matrix-server-server-api)
|
||||
* [Matrix Push Gateway API](#matrix-push-gateway-api)
|
||||
* [Matrix Identity Service API](#matrix-identity-service-api)
|
||||
* [Matrix React SDK Module API](#matrix-react-sdk-module-api)
|
||||
* [Matrix Widget API](#matrix-widget-api)
|
||||
* [NeoBoard Data Model API](#neoboard-data-model-api)
|
||||
* [NeoDateFix REST API](#neodatefix-rest-api)
|
||||
* [Knowledge management - XWiki](#knowledge-management---xwiki)
|
||||
* [REST API](#rest-api-1)
|
||||
* [Scripting API](#scripting-api)
|
||||
@@ -647,7 +651,56 @@ Following are APIs used by the Project management application:
|
||||
|
||||
While Jitsi is available as standalone videoconferencing in openDesk, it is also used in [Element as videoconferencing backend](https://github.com/element-hq/element-web/blob/develop/docs/jitsi.md).
|
||||
|
||||
|
||||
```mermaid
|
||||
---
|
||||
config:
|
||||
class:
|
||||
hideEmptyMembersBox: true
|
||||
---
|
||||
classDiagram
|
||||
class CommunicationService["Communication Service"] {
|
||||
<<interface>>
|
||||
}
|
||||
|
||||
class MxChat["Element Matrix Chat"] {
|
||||
<<interface>>
|
||||
}
|
||||
class JitsiVideoConference["Jitsi Video Conference"] {
|
||||
<<interface>>
|
||||
}
|
||||
|
||||
CommunicationService <|.. MxChat
|
||||
CommunicationService <|.. JitsiVideoConference
|
||||
MxChat <-- JitsiVideoConference
|
||||
|
||||
class MxAppServiceApi["Matrix Application Service API"]
|
||||
class MxClientServerApi["Matrix Client Server API"]
|
||||
class MxServerServerApi["Matrix Server Server API"]
|
||||
class MxPushGatewayApi["Matrix Push Gateway API"]
|
||||
class MxIdentityServiceApi["Matrix Identity Service API"]
|
||||
class MxRtc["Matrix RTC"]
|
||||
class MxElementWebModuleApi["Matrix React SDK Module API"]
|
||||
class MxWidgetApi["Matrix Widget API"]
|
||||
class NeoBoardDataModelApi["NeoBoard Data Model API"]
|
||||
class NeoDateFixRestApi["NeoDateFix REST API"]
|
||||
|
||||
MxChat *-- MxAppServiceApi
|
||||
MxChat *-- MxClientServerApi
|
||||
MxChat *-- MxServerServerApi
|
||||
MxChat *-- MxPushGatewayApi
|
||||
MxChat *-- MxIdentityServiceApi
|
||||
MxChat *-- MxRtc
|
||||
MxChat *-- MxElementWebModuleApi
|
||||
MxChat *-- MxWidgetApi
|
||||
|
||||
class JitsiIframeApi["Jitsi iFrame API"]
|
||||
class JitsiMeetApi["Jitsi Meet API"]
|
||||
class JitsiMeetReactSdk["Jitsi Meet React SDK"]
|
||||
|
||||
JitsiVideoConference *-- JitsiIframeApi
|
||||
JitsiVideoConference *-- JitsiMeetApi
|
||||
JitsiVideoConference *-- JitsiMeetReactSdk
|
||||
```
|
||||
|
||||
Following are APIs used by the Chat application:
|
||||
|
||||
@@ -741,6 +794,74 @@ Following are APIs used by the Chat application:
|
||||
| Supported standards | [Matrix](https://spec.matrix.org/latest/identity-service-api/) |
|
||||
| Documentation | [Synapse](https://element-hq.github.io/synapse/latest/) is the reference implementation of the Matrix protocol, see standard for API details |
|
||||
|
||||
## Matrix React SDK Module API
|
||||
|
||||
| Name | Matrix React SDK Module API |
|
||||
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Purpose | The module system in Element Web is a way to add or modify functionality of Element Web itself, bundled at compile time for the app. |
|
||||
| Versioning | [Releases in the Git repository](https://github.com/matrix-org/matrix-react-sdk-module-api/releases); [Dependency in `package.json` in Element (Chat Web-UI)](https://github.com/element-hq/element-web/blob/develop/package.json) |
|
||||
| Authentication | n/a - used as a library |
|
||||
| In openDesk provided by | Element (Chat Web-UI) |
|
||||
| Transport protocol | n/a - used as a library |
|
||||
| Usage within component | [Element (Chat-Web-UI) Modules](https://github.com/nordeck/element-web-modules/) |
|
||||
| Usage within openDesk | none |
|
||||
| Usage for external integration | n/a - uses as a library |
|
||||
| Parallel access | Allowed |
|
||||
| Message protocol | n/a - used as a library |
|
||||
| Supported standards | n/a - Element (Chat Web-UI) specific |
|
||||
| Documentation | [Element (Chat Web-UI) Documentation](https://github.com/element-hq/element-web/blob/develop/docs/modules.md); [matrix-react-sdk-module-api Git repository](https://github.com/matrix-org/matrix-react-sdk-module-api) |
|
||||
|
||||
## Matrix Widget API
|
||||
|
||||
| Name | Matrix Widget API |
|
||||
| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Purpose | Matrix Widgets are HTML and Javascript content / applications that can be embedded within, and communicate with Matrix clients. |
|
||||
| Versioning | n/a |
|
||||
| Authentication | Widgets request capabilities. They must be confirmed by a user or by the [Widget Lifecycle Module](https://github.com/nordeck/element-web-modules/blob/main/packages/element-web-widget-lifecycle-module/README.md). |
|
||||
| In openDesk provided by | Element (Chat Web-UI) |
|
||||
| Transport protocol | [HTML window.postMessage API](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) |
|
||||
| Usage within component | [NeoDateFix](https://github.com/nordeck/matrix-meetings/), [NeoBoard](https://github.com/nordeck/matrix-neoboard), [NeoChoice](https://github.com/nordeck/matrix-poll) |
|
||||
| Usage within openDesk | none |
|
||||
| Usage for external integration | none |
|
||||
| Parallel access | Allowed |
|
||||
| Message protocol | JSON |
|
||||
| Supported standards | [Matrix - MSC2764](https://github.com/matrix-org/matrix-spec-proposals/pull/2764) |
|
||||
| Documentation | [Matrix - MSC2764](https://github.com/matrix-org/matrix-spec-proposals/pull/2764) |
|
||||
|
||||
## NeoBoard Data Model API
|
||||
|
||||
| Name | NeoBoard Data Model API |
|
||||
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Purpose | The NeoBoard data model can be used to generate whiteboard documents. |
|
||||
| Versioning | `version` field in the [NeoBoard data model](https://github.com/nordeck/matrix-neoboard/blob/main/docs/model/export-format.md#fields) |
|
||||
| Authentication | n/a |
|
||||
| In openDesk provided by | [NeoBoard](https://github.com/nordeck/matrix-neoboard) |
|
||||
| Transport protocol | n/a |
|
||||
| Usage within component | [NeoBoard](https://github.com/nordeck/matrix-neoboard) |
|
||||
| Usage within openDesk | none |
|
||||
| Usage for external integration | none |
|
||||
| Parallel access | n/a |
|
||||
| Message protocol | JSON |
|
||||
| Supported standards | n/a |
|
||||
| Documentation | [NeoBoard data model](https://github.com/nordeck/matrix-neoboard/tree/main/docs/model) |
|
||||
|
||||
## NeoDateFix REST API
|
||||
|
||||
| Name | NeoDateFix REST API |
|
||||
| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Purpose | Can be used to query and set up NeoDateFix Matrix meetings. |
|
||||
| Versioning | Path segment in the [Meetings Bot API](https://github.com/nordeck/matrix-meetings/blob/main/docs/data-model.md#http-api) |
|
||||
| Authentication | n/a |
|
||||
| In openDesk provided by | [NeoDateFix](https://github.com/nordeck/matrix-meetings) |
|
||||
| Transport protocol | HTTP(S) |
|
||||
| Usage within component | [NeoDateFix](https://github.com/nordeck/matrix-meetings) |
|
||||
| Usage within openDesk | Used by OX to sync calendar entries to NeoDateFix |
|
||||
| Usage for external integration | none |
|
||||
| Parallel access | n/a |
|
||||
| Message protocol | JSON |
|
||||
| Supported standards | n/a |
|
||||
| Documentation | [NeoDateFix ADR001](https://github.com/nordeck/matrix-meetings/blob/main/docs/adrs/adr001-use-the-widget-api-to-interact-with-the-meetings-bot.md) |
|
||||
|
||||
# Knowledge management - XWiki
|
||||
|
||||
Following are APIs used by the Knowledge management application:
|
||||
@@ -804,7 +925,7 @@ Following are APIs used by the Knowledge management application:
|
||||
|
||||
## JavaScript API
|
||||
|
||||
| Name | Javascript API |
|
||||
| Name | JavaScript API |
|
||||
| ------------------------------ | -------------------------------------------------------------------------------------------- |
|
||||
| Purpose | Include dynamic components in XWiki/web pages |
|
||||
| Versioning | |
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 28 KiB |
117
docs/data-storage.md
Normal file
117
docs/data-storage.md
Normal file
@@ -0,0 +1,117 @@
|
||||
<!--
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
<h1>Application Data Storages</h1>
|
||||
|
||||
To provide a feasible backup and restore concept, a thorough overview of all openDesk
|
||||
applications and their related data storages (ephemeral & persistent) is provided in the
|
||||
following subsection.
|
||||
|
||||
<!-- TOC -->
|
||||
* [Overview](#overview)
|
||||
* [Details](#details)
|
||||
<!-- TOC -->
|
||||
|
||||
# Overview
|
||||
|
||||
The provided diagram shows all relevant openDesk applications on the left and
|
||||
their utilized data storages on the right. For more detailed information about each
|
||||
application refer to the table show in Section [Details](#details)
|
||||
|
||||
```mermaid
|
||||
---
|
||||
config:
|
||||
sankey:
|
||||
showValues: false
|
||||
linkColor: target
|
||||
---
|
||||
sankey-beta
|
||||
|
||||
ClamAV,PersistentVolume,1
|
||||
|
||||
Dovecot,PersistentVolume,1
|
||||
|
||||
Element/Synapse,PostgreSQL,1
|
||||
Element/Synapse,PersistentVolume,1
|
||||
|
||||
Intercom-Service,Redis,1
|
||||
|
||||
Jitsi,PersistentVolume,1
|
||||
|
||||
Nextcloud,MariaDB,1
|
||||
Nextcloud,S3,1
|
||||
Nextcloud,Redis,1
|
||||
|
||||
Nubus,PostgreSQL,1
|
||||
Nubus,S3,1
|
||||
Nubus,PersistentVolume,1
|
||||
Nubus,Memcached,1
|
||||
|
||||
OpenProject,PostgreSQL,1
|
||||
OpenProject,S3,1
|
||||
OpenProject,PersistentVolume,1
|
||||
OpenProject,Memcached,1
|
||||
|
||||
Open-Xchange,MariaDB,1
|
||||
Open-Xchange,PersistentVolume,1
|
||||
Open-Xchange,Redis,1
|
||||
|
||||
Postfix,PersistentVolume,1
|
||||
|
||||
XWiki,MariaDB,1
|
||||
XWiki,PersistentVolume,1
|
||||
```
|
||||
|
||||
# Details
|
||||
|
||||
| Application | Data Storage | Backup | Content | Identifier | Details |
|
||||
| -------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------- | ----------------------------------------------------- |
|
||||
| **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` |
|
||||
| **Dovecot** | PVC | Yes | User mail directories (openDesk CE only, openDesk EE uses Dovecot Pro with Object Storage) | `dovecot` | `/srv/mail` |
|
||||
| **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | |
|
||||
| | PVC | Yes | Attachments | `media-opendesk-synapse-0` | `/media` |
|
||||
| | | Yes | Sync and state data | `matrix-neodatefix-bot` | `/app/storage` |
|
||||
| **Intercom-Service** | Redis | No | Shared session data | | |
|
||||
| **Jitsi** | PVC | Optional | Meeting recordings (feature not enabled in openDesk) | `prosody-data-jitsi-prosody-0` | `/config/data` |
|
||||
| **Nextcloud** | MariaDB | Yes | Application's main database Meta-Data | `nextcloud` | |
|
||||
| | S3 | Yes | The Nextcloud managed user files | `nextcloud` | |
|
||||
| | Redis | No | Distributed caching, as well as transactional file locking | | |
|
||||
| **Nubus** | PostgreSQL | Yes | Main database for Nubus' IdP Keycloak | `keycloak` | |
|
||||
| | | Yes | Login actions and device-fingerprints | `keycloak_extensions` | |
|
||||
| | | Optional | Store of the temporary password reset token | `selfservice` | |
|
||||
| | | No | Notification features are not used in openDesk 1.1 | `notificationsapi` | |
|
||||
| | | No | Guardian features are currently not used in openDesk 1.1 | `guardianmanagementapi` | |
|
||||
| | S3 | No | Static files for Portal | `ums` | |
|
||||
| | PVC | Yes | openLDAP database (primary R/W Pods), when restore select the one from the leader | `shared-data-ums-ldap-server-primary-0` | `/var/lib/univention-ldap` |
|
||||
| | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` |
|
||||
| | | No | openLDAP database (secondary R/O Pods), secondaries can sync from the primary | `shared-data-ums-ldap-server-secondary-0` | `/var/lib/univention-ldap` |
|
||||
| | | No | openLDAP process data | `shared-run-ums-ldap-server-secondary-0` | `/var/run/slapd` |
|
||||
| | | Yes | The state of the listener | `data-ums-provisioning-listener-0` | `/var/log/univention` and two others |
|
||||
| | | No | Cache | `group-membership-cache-ums-portal-consumer-0` | `/usr/share/univention-group-membership-cache/caches` |
|
||||
| | | Yes | Queued provisioning objects | `nats-data-ums-provisioning-nats-0` | `/data` |
|
||||
| | Memcached | No | Cache for UMC Server | | |
|
||||
| **OpenProject** | PostgreSQL | Yes | Application's main database | `openproject` | |
|
||||
| | S3 | Yes | Attachments, custom styles | `openproject` | |
|
||||
| | Memcached | No | Cache | | |
|
||||
| | PVC | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-*-tmp` | `/tmp` |
|
||||
| | | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-app-*-tmp` | `/app/tmp` |
|
||||
| **Open-Xchange** | MariaDB | Yes | Application's control database to coordiate dynamically created ones | `configdb` | |
|
||||
| | | Yes | Dynamically creates databases of schema `PRIMARYDB_n`containing multiple contexts | `PRIMARYDB_*` | |
|
||||
| | | Yes | OX Guard related settings | `oxguard*` | |
|
||||
| | Redis | Optional | Cache, session related data, distributed maps | | |
|
||||
| | PVC | Yes | OX-Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||
| | | Yes | OX-Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
||||
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
|
||||
| **XWiki** | Database | Yes | Application's main database | `xwiki` | |
|
||||
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
|
||||
|
||||
Additionally, the following persistent volumes are mounted by pods that serve as a data storage for the applications mentioned above.
|
||||
|
||||
| Service | Pod | Volume Name | PVC | MountPath |
|
||||
| ---------- | ---------------- | ------------ | --------------------------- | --------------------- |
|
||||
| MariaDB | `mariadb-*` | `data` | `data-mariadb-0` | `/var/lib/mysql` |
|
||||
| MinIO | `minio-*-*` | `data` | `minio` | `/bitnami/minio/data` |
|
||||
| PostgreSQL | `postgresql-*` | `data` | `data-postgresql-0` | `/mnt/postgresql` |
|
||||
| Redis | `redis-master-*` | `redis-data` | `redis-data-redis-master-0` | `/data` |
|
||||
@@ -12,6 +12,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Adding a container to a pod/deployment - Dev/Test only](#adding-a-container-to-a-poddeployment---devtest-only)
|
||||
* [Temporary/ephemeral containers](#temporaryephemeral-containers)
|
||||
* [Components](#components)
|
||||
* [Helmfile](#helmfile)
|
||||
* [MariaDB](#mariadb)
|
||||
* [Nextcloud](#nextcloud)
|
||||
* [OpenProject](#openproject)
|
||||
@@ -29,7 +30,7 @@ We for sure do not want to reinvent the wheel, so we might link to external sour
|
||||
information where available.
|
||||
|
||||
> **Warning**<br>
|
||||
> You should never enable the debug option in production environments! By looking up `debug.enable` in the deployment, you
|
||||
> You should never enable the debug option in production environments! By looking up `debug.enabled` in the deployment, you
|
||||
will find the various places changes are applied when enabling debugging. So, outside of development and test
|
||||
environments, you should use them thoughtfully and carefully if needed.
|
||||
|
||||
@@ -38,7 +39,7 @@ environments, you should use them thoughtfully and carefully if needed.
|
||||
Check the openDesk [`debug.yaml.gotmpl`](../helmfile/environments/default/debug.yaml.gotmpl) and set for your deployment
|
||||
```
|
||||
debug:
|
||||
enable: true
|
||||
enabled: true
|
||||
```
|
||||
|
||||
This will result in:
|
||||
@@ -142,6 +143,15 @@ kubectl -n ${NAMESPACE} attach -it -c ${EPH_CONTAINER_NAME} ${POD_NAME}
|
||||
|
||||
# Components
|
||||
|
||||
## Helmfile
|
||||
|
||||
When refactoring the Helmfile structure you want to ensure that there are not unintended mistakes by e.g. `diff`
|
||||
comparing the output of Helmfile from before and after the change by calling:
|
||||
|
||||
```shell
|
||||
helmfile template -e dev >output_to_compare.yaml
|
||||
```
|
||||
|
||||
## MariaDB
|
||||
|
||||
When using the openDesk bundled MariaDB, you can explore the database(s) using the MariaDB interactive terminal from the Pod's command line: `mariadb -u root -p`. On the password prompt, provide the value for `MARIADB_ROOT_PASSWORD` found in the Pod's environment.
|
||||
|
||||
@@ -44,6 +44,10 @@ References:
|
||||
|
||||
Afterwards, you can use the resulting manifests within an standard Argo CD workflow.
|
||||
|
||||
> **Note**<br>
|
||||
> When creating the Argo CD application based on the resulting manifests you must not use the `Automated Sync Policy`
|
||||
> offered by Argo CD, as you have to manually ensure the applications are updated in the required sequence.
|
||||
|
||||
## Option 2: Helmfile plugin
|
||||
|
||||
It is possible to deploy openDesk via Argo CD with community developed
|
||||
@@ -52,4 +56,5 @@ It is possible to deploy openDesk via Argo CD with community developed
|
||||
You can find an example for this approach in the
|
||||
[Argo CD Deployments](https://gitlab.opencode.de/bmi/opendesk/deployment/options/argocd-deploy) repository.
|
||||
It contains an example Helm chart (`opendesk-parent`) to create Argo CD Applications via a Helm chart (`opendesk`)
|
||||
according to `app of apps pattern` and is using sync waves to follow dependencies.
|
||||
according to `app of apps pattern` and is using sync waves to ensure to required deployment and update sequence
|
||||
for openDesk is met.
|
||||
|
||||
@@ -41,7 +41,7 @@ deploy openDesk onto your Kubernetes infrastructure.
|
||||
|
||||
# Requirements
|
||||
|
||||
Detailed system requirements are covered on the [requirements](requirements.md) page.
|
||||
Detailed system requirements are covered on the [requirements](./docs/requirements.md) page.
|
||||
|
||||
# Customize environment
|
||||
|
||||
@@ -49,7 +49,7 @@ Before deploying openDesk, you must configure the deployment to fit your environ
|
||||
To keep your deployment up to date, we recommend customizing in `dev`, `test`, or `prod` and not in `default` environment
|
||||
files.
|
||||
|
||||
> All configuration options and their default values can be found in files at `helmfile/environments/default/`
|
||||
> All configuration options and their default values can be found in files at [`helmfile/environments/default/`](../helmfile/environments/default/)
|
||||
|
||||
For the following guide, we will use `dev` as environment where variables can be set in
|
||||
`helmfile/environments/dev/values.yaml.gotmpl`.
|
||||
@@ -141,7 +141,7 @@ like Docker Hub.
|
||||
Doing a test deployment will be fine with this setup. In case you want to deploy multiple times a day
|
||||
and fetch from the same IP address, you might run into rate limits at Docker Hub. In that case and in cases you
|
||||
prefer the use of a private image registry, you can configure such for
|
||||
[your target environment](./../helmfile/environments/dev/values.yaml.gotmpl.sample) by setting
|
||||
[your target environment](../helmfile/environments/dev/values.yaml.gotmpl.sample) by setting
|
||||
- `global.imageRegistry` for a private image registry and
|
||||
- `global.helmRegistry` for a private Helm chart registry.
|
||||
|
||||
@@ -221,7 +221,7 @@ cluster:
|
||||
|
||||
By default, the `ingressClassName` is empty to select your default ingress controller. You may want to customize it by
|
||||
setting the following attribute to the name of the currently only supported ingress controller `ingress-nginx` (see
|
||||
[requirements.md](./requirements.md)) for reference) within your deployment if that is not the cluster's default ingress.
|
||||
[requirements.md](requirements.md)) for reference) within your deployment if that is not the cluster's default ingress.
|
||||
|
||||
```yaml
|
||||
ingress:
|
||||
|
||||
@@ -7,10 +7,14 @@ SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
<!-- TOC -->
|
||||
* [Disclaimer](#disclaimer)
|
||||
* [openDesk supported upgrade path](#opendesk-supported-upgrade-path)
|
||||
* [Releases upgrade details](#releases-upgrade-details)
|
||||
* [From v1.0.0](#from-v100)
|
||||
* [Pre-upgrade: Manual checks/steps](#pre-upgrade-manual-checkssteps)
|
||||
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
|
||||
* [Manual update steps](#manual-update-steps)
|
||||
* [From v1.1.0: Manual checks/steps](#from-v110-manual-checkssteps)
|
||||
* [Pre-upgrade](#pre-upgrade)
|
||||
* [Helmfile new secret: `secrets.nubus.masterpassword`](#helmfile-new-secret-secretsnubusmasterpassword)
|
||||
* [From v1.0.0: Manual checks/steps](#from-v100-manual-checkssteps)
|
||||
* [Pre-upgrade](#pre-upgrade-1)
|
||||
* [Helmfile Cleanup: Restructured `/helmfile/files/theme` folder](#helmfile-cleanup-restructured-helmfilefilestheme-folder)
|
||||
* [Helmfile Cleanup: Consistent use of `*.yaml.gotmpl`](#helmfile-cleanup-consistent-use-of-yamlgotmpl)
|
||||
* [Helmfile Cleanup: Prefixing certain app directories with `opendesk-`](#helmfile-cleanup-prefixing-certain-app-directories-with-opendesk-)
|
||||
* [Helmfile Cleanup: Helmfile Cleanup: Splitting external vs. openDesk services](#helmfile-cleanup-helmfile-cleanup-splitting-external-vs-opendesk-services)
|
||||
@@ -19,59 +23,81 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [openDesk defaults (new): Enforce login](#opendesk-defaults-new-enforce-login)
|
||||
* [openDesk defaults (changed): Jitsi room history enabled](#opendesk-defaults-changed-jitsi-room-history-enabled)
|
||||
* [External requirements: Redis 7.4](#external-requirements-redis-74)
|
||||
* [From v0.9.0](#from-v090)
|
||||
* [From v0.9.0: Manual checks/steps](#from-v090-manual-checkssteps)
|
||||
* [Pre-upgrade: Manual steps](#pre-upgrade-manual-steps)
|
||||
* [Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus](#configuration-cleanup-removal-of-unnecessary-ox-profiles-in-nubus)
|
||||
* [Configuration Cleanup: Updated `global.imagePullSecrets`](#configuration-cleanup-updated-globalimagepullsecrets)
|
||||
* [Changed openDesk defaults: Matrix presence status disabled](#changed-opendesk-defaults-matrix-presence-status-disabled)
|
||||
* [Changed openDesk defaults: Matrix ID](#changed-opendesk-defaults-matrix-id)
|
||||
* [Changed openDesk defaults: File-share configurability](#changed-opendesk-defaults-file-share-configurability)
|
||||
* [Changed openDesk defaults: Updated default subdomains in `global.hosts`](#changed-opendesk-defaults-updated-default-subdomains-in-globalhosts)
|
||||
* [Changed openDesk defaults: Dedicated group for access to the UDM REST API](#changed-opendesk-defaults-dedicated-group-for-access-to-the-udm-rest-api)
|
||||
* [Automated migrations](#automated-migrations)
|
||||
* [Post-upgrade: Manual steps](#post-upgrade-manual-steps)
|
||||
* [Post-upgrade](#post-upgrade)
|
||||
* [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
|
||||
* [Optional Cleanup](#optional-cleanup)
|
||||
* [From v0.8.1](#from-v081)
|
||||
* [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
|
||||
* [Updated customizable template attributes](#updated-customizable-template-attributes)
|
||||
* [`migrations` S3 bucket](#migrations-s3-bucket)
|
||||
* [Related components and artifacts](#related-components-and-artifacts)
|
||||
* [From v1.1.0: Manual checks/steps](#from-v110-manual-checkssteps-1)
|
||||
* [Pre-upgrade](#pre-upgrade-2)
|
||||
* [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
|
||||
* [Updated customizable template attributes](#updated-customizable-template-attributes)
|
||||
* [`migrations` S3 bucket](#migrations-s3-bucket)
|
||||
* [Automated migrations - Details](#automated-migrations---details)
|
||||
* [From v1.1.0: Automated migrations](#from-v110-automated-migrations)
|
||||
* [From v0.9.0: Automated migrations](#from-v090-automated-migrations)
|
||||
* [Related components and artifacts](#related-components-and-artifacts)
|
||||
* [Development](#development)
|
||||
<!-- TOC -->
|
||||
|
||||
# Disclaimer
|
||||
|
||||
With openDesk 1.0, we aim to offer hassle-free updates/upgrades.
|
||||
Starting with openDesk 1.0, we aim to offer hassle-free updates/upgrades.
|
||||
|
||||
But openDesk requires a defined upgrade path that is described in the section [openDesk supported upgrade path](#opendesk-supported-upgrade-path).
|
||||
Therefore openDesk contains automated migrations between versions to lower the requirements for manual interaction. These automated migrations can have limitations in the way that they need a certain openDesk version to be installed causing a mandatory upgrade path that is described in the section [Automated migrations](#automated-migrations).
|
||||
|
||||
Some upgrades even require manual interaction, which are referenced in the aforementioned section and described further down this document.
|
||||
Manual checks and possible activities are also required by openDesk updates, they are described in the section [Manual update steps](#manual-update-steps).
|
||||
|
||||
> **Known limitations:**<br>
|
||||
> **Note**<br>
|
||||
> Please be sure you read / follow the requirements before you update / upgrade thoroughly.
|
||||
|
||||
> **Known limitations**<br>
|
||||
> We assume that the PV reclaim policy is set to `delete`, resulting in PVs getting deleted as soon as the related PVC was deleted; we will not address explicit deletion for PVs.
|
||||
|
||||
# openDesk supported upgrade path
|
||||
# Automated migrations - Overview and mandatory upgrade path
|
||||
|
||||
When updating your openDesk installation you have to install the releases listed below in the sequential order from
|
||||
the lowest version number you are already on to the more current version you are looking to install.
|
||||
The following table gives an overview of the mandatory upgrade path of openDesk for the automated migrations to work as expected.
|
||||
|
||||
Explanation of the table's columns:
|
||||
- *Coming from*: Check the column for the release you are currently on.
|
||||
- *Mandatory release*: Defines which release(s) support the upgrade from your currently installed version.
|
||||
- *Automatic migration*: Summary of, or link to openDesk's automatic migration details.
|
||||
- *Manual activities*: Reference to required manual steps to upgrade your openDesk installation to the *Mandatory release*.
|
||||
To upgrade existing deployments, you cannot skip any version mentioned in the column *Mandatory version*. When a version number is not fully defined (e.g. `v1.1.x`), you can install any version matching the given schema.
|
||||
|
||||
| Coming from | Mandatory (minimum) release | Automatic migration | Manual activities |
|
||||
| ------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- |
|
||||
| v0.9.0 | v1.x.x | [run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_2.py) | See [From v0.9.0](#from-v090) |
|
||||
| v0.8.1 | v0.9.0 | Initializes migration system | See [From v0.8.1](#from-v081) |
|
||||
| not supported | v0.8.1 | First release that supporting updates | |
|
||||
| Mandatory version |
|
||||
| ----------------- |
|
||||
| v1.1.x |
|
||||
| v1.0.0 |
|
||||
| v0.9.0 |
|
||||
| v0.8.1 |
|
||||
|
||||
# Releases upgrade details
|
||||
> **Note**<br>
|
||||
> Be sure you check out the table in the release version you are going to install, an not the one that is currently installed.
|
||||
|
||||
## From v1.0.0
|
||||
When interested in more details about the automated migrations, please read section [Automated migrations - Details](#automated-migrations---details).
|
||||
|
||||
### Pre-upgrade: Manual checks/steps
|
||||
# Manual update steps
|
||||
|
||||
Be sure you check all the sections for the releases your are going to update your current deployment from.
|
||||
|
||||
## From v1.1.0: Manual checks/steps
|
||||
|
||||
### Pre-upgrade
|
||||
|
||||
#### Helmfile new secret: `secrets.nubus.masterpassword`
|
||||
|
||||
A not yet templated secret was discovered in the Nubus deployment that is now defined in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) with the key `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the value of the `MASTER_PASSWORD` environment variable used in your deployment.
|
||||
|
||||
## From v1.0.0: Manual checks/steps
|
||||
|
||||
### Pre-upgrade
|
||||
|
||||
#### Helmfile Cleanup: Restructured `/helmfile/files/theme` folder
|
||||
|
||||
If you make use of the [theme folder](../helmfile/files/theme/) or the [`theme.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl), e.g. to applying your own imagery, please ensure you adhere to the new structure of the folder and the yaml-file.
|
||||
|
||||
#### Helmfile Cleanup: Consistent use of `*.yaml.gotmpl`
|
||||
|
||||
@@ -228,7 +254,7 @@ The update from openDesk 1.0.0 contains Redis 7.4.1, like the other openDesk bun
|
||||
|
||||
Please ensure for the Redis you are using that it is updated to at least 7.4 to support the requirement of OX App Suite.
|
||||
|
||||
## From v0.9.0
|
||||
## From v0.9.0: Manual checks/steps
|
||||
|
||||
### Pre-upgrade: Manual steps
|
||||
|
||||
@@ -272,6 +298,19 @@ global:
|
||||
- "external-registry"
|
||||
```
|
||||
|
||||
#### Changed openDesk defaults: Matrix presence status disabled
|
||||
|
||||
Show other user's Matrix presence status is now disabled by default to comply with data protection requirements.
|
||||
|
||||
To enable it or keep the v0.9.0 default please set:
|
||||
|
||||
```yaml
|
||||
functional:
|
||||
dataProtection:
|
||||
matrixPresence:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
#### Changed openDesk defaults: Matrix ID
|
||||
|
||||
Until 0.9.0 openDesk used the LDAP entryUUID of a user to generate the user's Matrix ID. Due to restrictions on the
|
||||
@@ -401,15 +440,7 @@ The IAMs admin account `Administrator` is a member of this group by default, but
|
||||
|
||||
If you need other accounts to use the API, please assign them to the aforementioned group.
|
||||
|
||||
### Automated migrations
|
||||
|
||||
The `migrations-pre` and `migrations-post` jobs in the openDesk deployment address the automated migration tasks.
|
||||
|
||||
The permissions required to execute the migrations can be found in the migration's Helm chart [`role.yaml'](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/v1.3.5/charts/opendesk-migrations/templates/role.yaml?ref_type=tags#L29)
|
||||
|
||||
The actual actions are described as code comments in the related run module [`run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_2.py).
|
||||
|
||||
### Post-upgrade: Manual steps
|
||||
### Post-upgrade
|
||||
|
||||
#### Configuration Improvement: Separate user permission for using Video Conference component
|
||||
|
||||
@@ -439,14 +470,16 @@ kubectl -n ${NAMESPACE} delete pvc shared-run-ums-ldap-server-0
|
||||
kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
||||
```
|
||||
|
||||
## From v0.8.1
|
||||
## From v1.1.0: Manual checks/steps
|
||||
|
||||
### Updated `cluster.networking.cidr`
|
||||
### Pre-upgrade
|
||||
|
||||
#### Updated `cluster.networking.cidr`
|
||||
|
||||
- Action: `cluster.networking.cidr` is now an array (was a string until 0.8.1); please update your setup accordingly if you explicitly set this value.
|
||||
- Reference:[cluster.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/cluster.yaml)
|
||||
|
||||
### Updated customizable template attributes
|
||||
#### Updated customizable template attributes
|
||||
|
||||
- Action: Please update your custom deployment values according to the updated default value structure.
|
||||
- References:
|
||||
@@ -455,12 +488,34 @@ kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
||||
- `monitoring.` prefix for `prometheus.*` and `graphana.*`, see [monitoring.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/monitoring.yaml).
|
||||
- `smtp.` prefix for `localpartNoReply`, see [smtp.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/smtp.yaml).
|
||||
|
||||
### `migrations` S3 bucket
|
||||
#### `migrations` S3 bucket
|
||||
|
||||
- Action: For self-managed/external S3/object storages, please ensure you add a bucket `migrations` to your S3.
|
||||
- Reference: `objectstores.migrations` in [objectstores.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/objectstores.yaml)
|
||||
|
||||
# Related components and artifacts
|
||||
# Automated migrations - Details
|
||||
|
||||
## From v1.1.0: Automated migrations
|
||||
|
||||
With openDesk v1.1.0 the IAM stack supports HA LDAP primary as well as scalable LDAP secondary pods.
|
||||
|
||||
openDesk's automated migrations takes care of this upgrade requirement described here for
|
||||
[Nubus 1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.5.1/en/changelog.html#migrate-existing-ldap-server-to-mirror-mode-readiness),
|
||||
creating the config map with the mentioned label.
|
||||
|
||||
> **Note**<br>
|
||||
> Details can be found in [run_3.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
|
||||
|
||||
## From v0.9.0: Automated migrations
|
||||
|
||||
The `migrations-pre` and `migrations-post` jobs in the openDesk deployment address the automated migration tasks.
|
||||
|
||||
The permissions required to execute the migrations can be found in the migration's Helm chart [`role.yaml'](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/v1.3.5/charts/opendesk-migrations/templates/role.yaml?ref_type=tags#L29)
|
||||
|
||||
> **Note**<br>
|
||||
> Details can be found in [run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
|
||||
|
||||
## Related components and artifacts
|
||||
|
||||
openDesk comes with two upgrade steps as part of the deployment; they can be found in the folder [/helmfile/apps](../helmfile/apps/) as all other components:
|
||||
|
||||
|
||||
@@ -12,6 +12,16 @@ repositories:
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.collabora.registry }}/{{ .Values.charts.collabora.repository }}"
|
||||
|
||||
# Collabora Controller - Enterprise Only
|
||||
# Source: https://github.com/CollaboraOnline/online
|
||||
- name: "collabora-controller-repo"
|
||||
keyring: "../../files/gpg-pubkeys/collaboraoffice-com.gpg"
|
||||
verify: {{ .Values.charts.collaboraController.verify }}
|
||||
username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.collaboraController.registry }}/{{ .Values.charts.collaboraController.repository }}"
|
||||
|
||||
releases:
|
||||
- name: "collabora-online"
|
||||
chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}"
|
||||
@@ -22,6 +32,14 @@ releases:
|
||||
- {{ . }}
|
||||
{{ end }}
|
||||
installed: {{ .Values.collabora.enabled }}
|
||||
- name: "collabora-controller"
|
||||
chart: "collabora-controller-repo/{{ .Values.charts.collaboraController.name }}"
|
||||
version: "{{ .Values.charts.collaboraController.version }}"
|
||||
values:
|
||||
{{ range .Values.customization.release.collaboraController }}
|
||||
- {{ . }}
|
||||
{{ end }}
|
||||
installed: {{ .Values.collaboraController.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deployStage: "050-components"
|
||||
|
||||
@@ -8,17 +8,32 @@ autoscaling:
|
||||
enabled: false
|
||||
|
||||
collabora:
|
||||
aliasgroups:
|
||||
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
env:
|
||||
- name: "POD_NAME"
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: "metadata.name"
|
||||
extra_params: >
|
||||
--o:ssl.enable=false
|
||||
--o:ssl.termination=true
|
||||
--o:fetch_update_check=0
|
||||
--o:num_prespawn_children={{ .Values.technical.collabora.numPrespawnChildren }}
|
||||
--o:remote_font_config.url=https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/richdocuments/settings/fonts.json
|
||||
--o:net.proto={{ if eq .Values.cluster.networking.ipFamilies "DualStack" }}all{{ else }}{{ .Values.cluster.networking.ipFamilies }}{{ end }}
|
||||
|
||||
{{- if .Values.debug.enabled }}
|
||||
--o:logging.level=debug
|
||||
{{- else }}
|
||||
--o:logging.anonymize.anonymize_user_data=true
|
||||
{{- end }}
|
||||
{{- if .Values.collaboraController.enabled }}
|
||||
--o:indirection_endpoint.url=https://{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}/controller/routeToken
|
||||
--o:monitors.monitor[0]=wss://{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}/controller/ws
|
||||
--o:monitors.monitor[0][@retryInterval]=5
|
||||
{{- end }}
|
||||
username: "collabora-internal-admin"
|
||||
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
||||
aliasgroups:
|
||||
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
|
||||
fullnameOverride: "collabora"
|
||||
|
||||
@@ -34,8 +49,11 @@ imagePullSecrets:
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
# Ingress NGINX
|
||||
{{- if .Values.collaboraController.enabled }}
|
||||
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_RouteToken"
|
||||
{{- else }}
|
||||
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
|
||||
{{- end }}
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.collabora }}"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}"
|
||||
@@ -44,32 +62,6 @@ ingress:
|
||||
location /cool/getMetrics { deny all; return 403; }
|
||||
location /cool/adminws/ { deny all; return 403; }
|
||||
location /browser/dist/admin/admin.html { deny all; return 403; }
|
||||
# NGINX
|
||||
nginx.org/websocket-services: "collabora"
|
||||
nginx.org/lb-method: "hash $arg_WOPISrc consistent"
|
||||
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
|
||||
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
|
||||
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.collabora }}"
|
||||
nginx.org/server-snippets: |
|
||||
# block admin and metrics endpoint from outside by default
|
||||
location /cool/getMetrics { deny all; return 403; }
|
||||
location /cool/adminws/ { deny all; return 403; }
|
||||
location /browser/dist/admin/admin.html { deny all; return 403; }
|
||||
# HAProxy
|
||||
haproxy.org/timeout-tunnel: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
|
||||
haproxy.org/backend-config-snippet: |
|
||||
balance url_param WOPISrc check_post
|
||||
hash-type consistent
|
||||
# HAProxy - Community: https://haproxy-ingress.github.io/
|
||||
haproxy-ingress.github.io/timeout-tunnel: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
|
||||
haproxy-ingress.github.io/balance-algorithm: "url_param WOPISrc check_post"
|
||||
haproxy-ingress.github.io/config-backend: |
|
||||
hash-type consistent
|
||||
# block admin urls from outside
|
||||
acl admin_url path_beg /cool/getMetrics
|
||||
acl admin_url path_beg /cool/adminws/
|
||||
acl admin_url path_beg /browser/dist/admin/admin.html
|
||||
http-request deny if admin_url
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName | quote }}
|
||||
hosts:
|
||||
|
||||
@@ -112,15 +112,9 @@ repositories:
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.synapsePipe.registry }}/{{ .Values.charts.synapsePipe.repository }}"
|
||||
|
||||
releases:
|
||||
# During upgrade 1.0.0 -> 1.1.0 the chart 'opendesk-element' has been moved to 'opendesk-element-web'
|
||||
- name: "opendesk-element"
|
||||
chart: "element-repo/{{ .Values.charts.element.name }}"
|
||||
version: "{{ .Values.charts.element.version }}"
|
||||
installed: false
|
||||
|
||||
- name: "opendesk-element-web"
|
||||
chart: "element-repo/{{ .Values.charts.elementWeb.name }}"
|
||||
version: "{{ .Values.charts.elementWeb.version }}"
|
||||
values:
|
||||
- "values-element.yaml.gotmpl"
|
||||
{{ range .Values.customization.release.opendeskElement }}
|
||||
|
||||
@@ -149,6 +149,7 @@ resources:
|
||||
{{ .Values.resources.element | toYaml | nindent 2 }}
|
||||
|
||||
theme:
|
||||
title: "Chat - {{ .Values.theme.texts.productName }}"
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
...
|
||||
|
||||
@@ -63,6 +63,7 @@ settings:
|
||||
keycloakClientId: "opendesk-jitsi"
|
||||
|
||||
theme:
|
||||
title: "Videokonferenz - {{ .Values.theme.texts.productName }}"
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
jitsi:
|
||||
|
||||
@@ -12,7 +12,7 @@ global:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "opendesk-nextcloud-php"
|
||||
intents.otterize.com/service-name: "opendesk-nextcloud-management"
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
|
||||
@@ -50,7 +50,7 @@ exporter:
|
||||
|
||||
aio:
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "opendesk-nextcloud"
|
||||
intents.otterize.com/service-name: "opendesk-nextcloud-aio"
|
||||
configuration:
|
||||
cache:
|
||||
auth:
|
||||
|
||||
31
helmfile/apps/notes/helmfile-child.yaml.gotmpl
Normal file
31
helmfile/apps/notes/helmfile-child.yaml.gotmpl
Normal file
@@ -0,0 +1,31 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
# Notes
|
||||
# Source: https://github.com/numerique-gouv/impress
|
||||
- name: "notes-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.notes.verify }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.notes.registry }}/{{ .Values.charts.notes.repository }}"
|
||||
|
||||
releases:
|
||||
- name: "impress"
|
||||
chart: "notes-repo/{{ .Values.charts.notes.name }}"
|
||||
version: "{{ .Values.charts.notes.version }}"
|
||||
wait: true
|
||||
values:
|
||||
- "values.yaml.gotmpl"
|
||||
{{ range .Values.customization.release.notes }}
|
||||
- {{ . }}
|
||||
{{ end }}
|
||||
installed: {{ .Values.notes.enabled }}
|
||||
timeout: 1800
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "notes"
|
||||
...
|
||||
11
helmfile/apps/notes/helmfile.yaml.gotmpl
Normal file
11
helmfile/apps/notes/helmfile.yaml.gotmpl
Normal file
@@ -0,0 +1,11 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
---
|
||||
helmfiles:
|
||||
- path: "./helmfile-child.yaml.gotmpl"
|
||||
values:
|
||||
- {{ toYaml .Values | nindent 8 }}
|
||||
...
|
||||
230
helmfile/apps/notes/values.yaml.gotmpl
Normal file
230
helmfile/apps/notes/values.yaml.gotmpl
Normal file
@@ -0,0 +1,230 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.notesBackend.registry) (.Values.images.notesBackend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesBackend.tag }}
|
||||
credentials:
|
||||
name: {{ .Values.global.imagePullSecrets | first | quote }}
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
ingressCollaborationWS:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
path: "/collaboration/ws/"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Can-Edit, X-User-Id"
|
||||
nginx.ingress.kubernetes.io/auth-url: https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/api/v1.0/documents/collaboration-auth/
|
||||
nginx.ingress.kubernetes.io/enable-websocket: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
|
||||
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
|
||||
|
||||
ingressAdmin:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
ingressMedia:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
|
||||
nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/api/v1.0/documents/retrieve-auth/"
|
||||
nginx.ingress.kubernetes.io/upstream-vhost: {{ .Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /{{ .Values.objectstores.notes.bucket }}/$1
|
||||
nginx.ingress.kubernetes.io/session-cookie-path: /media
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
ingressCollaborationApi:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
path: /collaboration/api/
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
|
||||
serviceMedia:
|
||||
host: {{ .Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
port: {{ .Values.objectstores.notes.port | default 443 }}
|
||||
|
||||
frontend:
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesFrontend.registry) (.Values.images.notesFrontend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesFrontend.tag }}
|
||||
envVars:
|
||||
PORT: 8080
|
||||
NEXT_PUBLIC_API_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
NEXT_PUBLIC_Y_PROVIDER_URL: {{ printf "wss://%s.%s/ws" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
NEXT_PUBLIC_MEDIA_URL: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
runtimeEnvs:
|
||||
ICS_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.intercomService .Values.global.domain | quote }}
|
||||
PORTAL_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
replicas: {{ .Values.replicas.notesFrontend }}
|
||||
resources:
|
||||
{{ .Values.resources.notesFrontend | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesFrontend | toYaml | nindent 6 }}
|
||||
|
||||
yProvider:
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.notesYProvider.registry) (.Values.images.notesYProvider.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesYProvider.tag }}
|
||||
resources:
|
||||
{{ .Values.resources.notesYProvider | toYaml | nindent 4 }}
|
||||
replicas: {{ .Values.replicas.notesYProvider }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
envVars:
|
||||
COLLABORATION_LOGGING: {{ if .Values.debug.enabled }}"true"{{ else }}"false"{{ end }}
|
||||
COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
Y_PROVIDER_API_KEY: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
|
||||
oidc:
|
||||
clientId: "opendesk-notes"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
|
||||
aiApiKey: {{ .Values.ai.apiKey }}
|
||||
aiBaseUrl: {{ .Values.ai.endpoint }}
|
||||
|
||||
djangoSuperUserEmail: "default.admin@{{ .Values.global.domain }}"
|
||||
djangoSuperUserPass: {{ .Values.secrets.notes.superuser }}
|
||||
djangoSecretKey: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
|
||||
backend:
|
||||
replicas: {{ .Values.replicas.notesBackend }}
|
||||
envVars:
|
||||
DB_HOST: {{ .Values.databases.notes.host | quote }}
|
||||
DB_NAME: {{ .Values.databases.notes.name | quote }}
|
||||
DB_USER: {{ .Values.databases.notes.username | quote }}
|
||||
DB_PASSWORD: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
DB_PORT: {{ .Values.databases.notes.port | quote }}
|
||||
POSTGRES_DB: {{ .Values.databases.notes.name | quote }}
|
||||
POSTGRES_USER: {{ .Values.databases.notes.username | quote }}
|
||||
POSTGRES_PASSWORD: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
FRONTEND_THEME: "openDesk"
|
||||
REDIS_URL: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
|
||||
AWS_S3_ENDPOINT_URL: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
AWS_S3_ACCESS_KEY_ID: {{ .Values.objectstores.notes.username }}
|
||||
AWS_S3_SECRET_ACCESS_KEY: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
|
||||
AWS_STORAGE_BUCKET_NAME: {{ .Values.objectstores.notes.bucket }}
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
DJANGO_CONFIGURATION: Production
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
DJANGO_SETTINGS_MODULE: impress.settings
|
||||
DJANGO_SUPERUSER_PASSWORD: {{ .Values.secrets.notes.superuser }}
|
||||
DJANGO_EMAIL_HOST: "postfix"
|
||||
DJANGO_EMAIL_PORT: 25
|
||||
DJANGO_EMAIL_USE_SSL: False
|
||||
OIDC_RP_CLIENT_ID: "opendesk-notes"
|
||||
OIDC_RP_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
OIDC_OP_JWKS_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
OIDC_OP_TOKEN_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
OIDC_OP_USER_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||
OIDC_OP_LOGOUT_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid opendesk-notes-scope"
|
||||
USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
|
||||
USER_OIDC_FIELDS_TO_FULLNAME: "given_name family_name"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: {{ printf "https://%s.%s/*" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{}"
|
||||
OIDC_RENEW_ID_TOKEN: "False"
|
||||
LOGIN_REDIRECT_URL: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
LOGIN_REDIRECT_URL_FAILURE: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
LOGOUT_REDIRECT_URL: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
AI_BASE_URL: {{ .Values.ai.endpoint | quote }}
|
||||
AI_API_KEY: {{ .Values.ai.apiKey | quote }}
|
||||
AI_MODEL: {{ .Values.ai.model | quote }}
|
||||
Y_PROVIDER_API_KEY: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
Y_PROVIDER_API_BASE_URL: {{ printf "https://%s.%s/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_API_URL: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
COLLABORATION_WS_URL: {{ printf "wss://%s.%s/collaboration/ws/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
migrate:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
python manage.py migrate --no-input &&
|
||||
python manage.py create_demo --force
|
||||
restartPolicy: Never
|
||||
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
python manage.py createsuperuser --email default.admin@{{ .Values.global.domain }} --password {{ .Values.secrets.notes.superuser }}
|
||||
restartPolicy: Never
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.notesBackend | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
...
|
||||
@@ -44,8 +44,6 @@ releases:
|
||||
version: "{{ .Values.charts.nubus.version }}"
|
||||
values:
|
||||
- "values-nubus.yaml.gotmpl"
|
||||
- "values-opendesk-customization.yaml.gotmpl"
|
||||
- "values-opendesk-images.yaml.gotmpl"
|
||||
{{ range .Values.customization.release.ums }}
|
||||
- {{ . }}
|
||||
{{ end }}
|
||||
|
||||
@@ -53,7 +53,8 @@ ics:
|
||||
secret: {{ .Values.secrets.intercom.secret | quote }}
|
||||
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
originRegex: "{{ .Values.global.domain }}"
|
||||
userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"entryuuid"{{ else }}"phoenixusername"{{ end }}
|
||||
userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"opendesk_useruuid"{{ else }}"opendesk_username"{{ end }}
|
||||
usernameClaim: "opendesk_username"
|
||||
keycloak:
|
||||
realm: {{ .Values.platform.realm | quote }}
|
||||
default:
|
||||
@@ -77,6 +78,9 @@ ics:
|
||||
oci: true
|
||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
||||
audience: "opendesk-oxappsuite"
|
||||
xwiki:
|
||||
subdomain: {{ .Values.global.hosts.xwiki | quote }}
|
||||
audience: "opendesk-xwiki"
|
||||
nextcloud:
|
||||
origin: {{ .Values.global.hosts.nextcloud | quote }}
|
||||
subdomain: {{ .Values.global.hosts.nextcloud | quote }}
|
||||
@@ -103,7 +107,9 @@ podSecurityContext:
|
||||
fsGroupChangePolicy: "Always"
|
||||
|
||||
provisioning:
|
||||
enabled: true
|
||||
# intercom OIDC client is created by opendesk-keycloak-bootstrap, as we have control over the
|
||||
# client's claims this way.
|
||||
enabled: false
|
||||
config:
|
||||
nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
|
||||
keycloak:
|
||||
@@ -130,6 +136,8 @@ provisioning:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakBootstrap.repository | quote }}
|
||||
tag: {{ .Values.images.nubusKeycloakBootstrap.tag | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.intercomService | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,722 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
keycloak:
|
||||
enabled: true
|
||||
ingress:
|
||||
enabled: false
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsKeycloak | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-keycloak"
|
||||
replicaCount: {{ .Values.replicas.keycloak }}
|
||||
resources:
|
||||
{{ .Values.resources.umsKeycloak | toYaml | nindent 4 }}
|
||||
|
||||
nubusGuardian:
|
||||
authorizationApi:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-guardian-authorization-api"
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "Always"
|
||||
replicaCount: {{ .Values.replicas.umsGuardianAuthorizationApi }}
|
||||
resources:
|
||||
{{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsGuardianAuthorizationApi | toYaml | nindent 8 }}
|
||||
managementApi:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-guardian-management-api"
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "Always"
|
||||
replicaCount: {{ .Values.replicas.umsGuardianManagementApi }}
|
||||
resources:
|
||||
{{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsGuardianManagementApi | toYaml | nindent 8 }}
|
||||
managementUi:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-guardian-management-ui"
|
||||
replicaCount: {{ .Values.replicas.umsGuardianManagementUi }}
|
||||
resources:
|
||||
{{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsGuardianManagementUi | toYaml | nindent 8 }}
|
||||
openPolicyAgent:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "Always"
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-ums-open-policy-agent"
|
||||
replicaCount: {{ .Values.replicas.umsGuardianOpenPolicyAgent }}
|
||||
resources:
|
||||
{{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsGuardianOpenPolicyAgent | toYaml | nindent 8 }}
|
||||
provisioning:
|
||||
# Using openDesk keycloak provisioning
|
||||
enabled: false
|
||||
|
||||
nubusNotificationsApi:
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-notifications-api"
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsNotificationsApi | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
serviceAccount:
|
||||
create: true
|
||||
replicaCount: {{ .Values.replicas.umsNotificationsApi }}
|
||||
resources:
|
||||
{{ .Values.resources.umsNotificationsApi | toYaml | nindent 4 }}
|
||||
|
||||
nubusUmcServer:
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-umc-server"
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
|
||||
containerSecurityContextInit:
|
||||
enabled: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
|
||||
containerSecurityContextSssd:
|
||||
enabled: true
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "DAC_OVERRIDE"
|
||||
- "SETGID"
|
||||
- "AUDIT_WRITE"
|
||||
- "SETUID"
|
||||
- "CHOWN"
|
||||
- "SETPCAP"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "MKNOD"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "SYS_CHROOT"
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
proxy:
|
||||
replicaCount: {{ .Values.replicas.umsUmcServerProxy }}
|
||||
replicaCount: {{ .Values.replicas.umsUmcServer }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsUmcServer | toYaml | nindent 4 }}
|
||||
selfService:
|
||||
passwordresetEmailBody: |
|
||||
Sehr geehrte Benutzerin, sehr geehrter Benutzer,
|
||||
|
||||
Ihr Benutzername für {domainname} lautet: {username}
|
||||
|
||||
Sie erhalten diese Nachricht, da Sie Ihr Passwort zurücksetzen möchten oder weil Ihr Benutzer neu im System angelegt wurde.
|
||||
|
||||
Klicken Sie bitte auf den folgenden Link, um Ihr Passwort zu setzen:
|
||||
https://{fqdn}/univention/portal/#/selfservice/newpassword/?token={token}&username={username}
|
||||
|
||||
Der genannte Link ist nur 48 Stunden gültig, danach fordern Sie ihn bitte erneut an unter:
|
||||
https://{fqdn}/univention/portal/#/selfservice/passwordforgotten
|
||||
|
||||
Mit freundlichen Grüßen
|
||||
Ihr {domainname} Passwort-Service
|
||||
|
||||
nubusKeycloakExtensions:
|
||||
enabled: true
|
||||
handler:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-keycloak-extensions-handler"
|
||||
resources:
|
||||
{{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsKeycloakExtensionHandler | toYaml | nindent 8 }}
|
||||
proxy:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsProxy }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-keycloak-extensions-proxy"
|
||||
resources:
|
||||
{{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsKeycloakExtensionHandler | toYaml | nindent 8 }}
|
||||
|
||||
nubusPortalConsumer:
|
||||
portalConsumer:
|
||||
image:
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-portal-consumer"
|
||||
replicaCount: {{ .Values.replicas.umsPortalConsumer }}
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }}
|
||||
resourcesWaitForDependency:
|
||||
{{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }}
|
||||
persistence:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
size: {{ .Values.persistence.size.nubus.portalConsumer | quote }}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsPortalConsumer | toYaml | nindent 6 }}
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraVolumes:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-ca-tls"
|
||||
items:
|
||||
- key: "ca.crt"
|
||||
path: "ca-certificates.crt"
|
||||
- key: "ca.crt"
|
||||
path: "cacert.pem"
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
||||
subPath: "ca-certificates.crt"
|
||||
waitForDependency:
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
readOnly: true
|
||||
mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
||||
subPath: "ca-certificates.crt"
|
||||
- name: "trusted-cert-secret-volume"
|
||||
readOnly: true
|
||||
mountPath: "/usr/local/lib/python3.11/dist-packages/certifi/cacert.pem"
|
||||
subPath: "cacert.pem"
|
||||
extraEnvVars:
|
||||
- name: "REQUESTS_CA_BUNDLE"
|
||||
value: "/etc/ssl/certs/ca-certificates.crt"
|
||||
- name: "DEFAULT_CA_BUNDLE_PATH"
|
||||
value: "/etc/ssl/certs/ca-certificates.crt"
|
||||
- name: "SSL_CERT_FILE"
|
||||
value: "/etc/ssl/certs/ca-certificates.crt"
|
||||
{{- end }}
|
||||
|
||||
nubusUdmListener:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 102
|
||||
runAsGroup: 65534
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsUdmListener | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
replicaCount: {{ .Values.replicas.umsUdmListener }}
|
||||
resources:
|
||||
{{ .Values.resources.umsUdmListener | toYaml | nindent 4 }}
|
||||
|
||||
nubusPortalServer:
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-portal-server"
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsPortalServer | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
serviceAccount:
|
||||
create: true
|
||||
replicaCount: {{ .Values.replicas.umsPortalServer }}
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraVolumes:
|
||||
- name: "trusted-cert-crt-secret-volume"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-ca-tls"
|
||||
items:
|
||||
- key: "ca.crt"
|
||||
path: "ca-certificates.crt"
|
||||
- key: "ca.crt"
|
||||
path: "cacert.pem"
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-crt-secret-volume"
|
||||
readOnly: true
|
||||
mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
||||
subPath: "ca-certificates.crt"
|
||||
- name: "trusted-cert-crt-secret-volume"
|
||||
readOnly: true
|
||||
mountPath: "/usr/local/lib/python3.11/dist-packages/certifi/cacert.pem"
|
||||
subPath: "cacert.pem"
|
||||
- name: "trusted-cert-crt-secret-volume"
|
||||
readOnly: true
|
||||
mountPath: "/usr/lib/python3/dist-packages/botocore/cacert.pem"
|
||||
subPath: "cacert.pem"
|
||||
- name: "trusted-cert-crt-secret-volume"
|
||||
readOnly: true
|
||||
mountPath: "/usr/lib/python3/dist-packages/certifi/cacert.pem"
|
||||
subPath: "cacert.pem"
|
||||
{{- end }}
|
||||
|
||||
nubusLdapNotifier:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 101
|
||||
runAsGroup: 102
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsLdapNotifier | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-ldap-notifier"
|
||||
replicaCount: {{ .Values.replicas.umsLdapNotifier }}
|
||||
resources:
|
||||
{{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }}
|
||||
|
||||
nubusLdapServer:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
highAvailabilityMode: false
|
||||
replicaCountPrimary: 1
|
||||
replicaCountSecondary: 0 # {{ .Values.replicas.umsLdapServerSecondary }}
|
||||
replicaCountProxy: 0 # {{ .Values.replicas.umsLdapServerProxy }}
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-ldap-server"
|
||||
serviceAccount:
|
||||
create: true
|
||||
initResources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
resources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
persistence:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
size: {{ .Values.persistence.size.nubus.ldapServerData | quote }}
|
||||
extraVolumes:
|
||||
- name: "migration-scripts"
|
||||
secret:
|
||||
secretName: "ums-ldap-server-migration"
|
||||
defaultMode: 0555
|
||||
extraVolumeMounts:
|
||||
- name: "migration-scripts"
|
||||
mountPath: "/entrypoint.d/30-purge.sh"
|
||||
subPath: "30-purge.sh"
|
||||
- name: "migration-scripts"
|
||||
mountPath: "/entrypoint.d/95-slapadd-24-ldiff.sh"
|
||||
subPath: "95-slapadd-24-ldif.sh"
|
||||
extraSecrets:
|
||||
- name: "ums-ldap-server-migration"
|
||||
stringData:
|
||||
30-purge.sh: |
|
||||
#!/usr/bin/env bash
|
||||
me=$(basename "$0")
|
||||
echo "- Running ${me}"
|
||||
if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
|
||||
echo "- Cleaning up /var/lib/univention-ldap."
|
||||
cd /var/lib/univention-ldap
|
||||
rm -rf internal
|
||||
rm -rf ldap
|
||||
ls -l
|
||||
else
|
||||
echo "- File /var/lib/univention-ldap/ldap-24-export.ldif not found."
|
||||
fi
|
||||
95-slapadd-24-ldif.sh: |
|
||||
#!/usr/bin/env bash
|
||||
me=$(basename "$0")
|
||||
echo "- Running ${me}"
|
||||
ls -l /var/lib/univention-ldap
|
||||
if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
|
||||
echo "- slapadd-ing /var/lib/univention-ldap/ldap-24-export.ldif"
|
||||
ls -l /var/lib/univention-ldap/
|
||||
rm -rf /var/lib/univention-ldap/ldap
|
||||
rm -rf /var/lib/univention-ldap/internal
|
||||
echo "- deleted /var/lib/univention-ldap/ldap and /var/lib/univention-ldap/internal"
|
||||
ls -l /var/lib/univention-ldap/
|
||||
mkdir /var/lib/univention-ldap/ldap
|
||||
mkdir /var/lib/univention-ldap/internal
|
||||
echo "- created /var/lib/univention-ldap/ldap and /var/lib/univention-ldap/internal"
|
||||
ls -l /var/lib/univention-ldap/
|
||||
/usr/sbin/slapadd -v -l /var/lib/univention-ldap/ldap-24-export.ldif
|
||||
echo "- slapadd executed"
|
||||
ls -l /var/lib/univention-ldap/
|
||||
mv /var/lib/univention-ldap/ldap-24-export.ldif /var/lib/univention-ldap/ldap-24-export.ldif-imported
|
||||
echo "- import file renamed"
|
||||
ls -l /var/lib/univention-ldap/
|
||||
else
|
||||
echo "- File /var/lib/univention-ldap/ldap-24-export.ldif not found."
|
||||
fi
|
||||
nubusPortalFrontend:
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-portal-frontend"
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsPortalFrontend | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
serviceAccount:
|
||||
create: true
|
||||
replicaCount: {{ .Values.replicas.umsPortalFrontend }}
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalFrontend | toYaml | nindent 4 }}
|
||||
portalFrontend:
|
||||
branding:
|
||||
css: {{ .Values.theme.styles.portalCss | toJson }}
|
||||
# Requires .ico, .svg does not work.
|
||||
favicon: {{ .Values.theme.imagery.faviconIcoB64 | toJson }}
|
||||
# The actual `logo` is set in customizing image, the logo down here is for for waiting spinner.
|
||||
logo: {{ .Values.theme.imagery.portalWaitingSpinnerSvgB64 | toJson }}
|
||||
backgroundImage: {{ .Values.theme.imagery.portalLogoBackgroundSvgB64 | toJson }}
|
||||
|
||||
nubusStackDataUms:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsStackDataUms | toYaml | nindent 6 }}
|
||||
pullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-stack-data-ums"
|
||||
resources:
|
||||
{{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
|
||||
|
||||
nubusSelfServiceConsumer:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsSelfserviceConsumer | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-selfservice-listener"
|
||||
resources:
|
||||
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
|
||||
replicaCount: {{ .Values.replicas.umsSelfserviceConsumer }}
|
||||
|
||||
nubusUdmRestApi:
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-udm-rest-api"
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsUdmRestApi | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
serviceAccount:
|
||||
annotations:
|
||||
intended.usage: "compliance"
|
||||
resources:
|
||||
{{ .Values.resources.umsUdmRestApi | toYaml | nindent 4 }}
|
||||
initResources:
|
||||
{{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }}
|
||||
replicaCount: {{ .Values.replicas.umsUdmRestApi }}
|
||||
|
||||
nubusUmcGateway:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsUmcGateway | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
replicaCount: {{ .Values.replicas.umsUmcGateway }}
|
||||
resources:
|
||||
{{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
|
||||
|
||||
nubusKeycloakBootstrap:
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: false
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsKeycloakBootstrap | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-keycloak-bootstrap"
|
||||
serviceAccount:
|
||||
annotations:
|
||||
intended.usage: "compliance"
|
||||
resources:
|
||||
{{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 4 }}
|
||||
|
||||
nubusProvisioning:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsProvisioning | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
replicaCount:
|
||||
dispatcher: {{ .Values.replicas.umsProvisioningDispatcher }}
|
||||
udmTransformer: {{ .Values.replicas.umsProvisioningUdmTransformer }}
|
||||
prefill: {{ .Values.replicas.umsProvisioningPrefill }}
|
||||
api: {{ .Values.replicas.umsProvisioningApi }}
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
nats:
|
||||
config:
|
||||
cluster:
|
||||
replicas: {{ .Values.replicas.umsProvisioningNats }}
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.umsProvisioningNats | toYaml | nindent 8 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||
persistence:
|
||||
size: {{ .Values.persistence.size.nubus.provisioningNats }}
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningNats | toYaml | nindent 6 }}
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-provisioning-nats"
|
||||
serviceAccount:
|
||||
create: true
|
||||
api:
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningApi | toYaml | nindent 6 }}
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-provisioning-api"
|
||||
dispatcher:
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 6 }}
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-provisioning-dispatcher"
|
||||
prefill:
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningPrefill | toYaml | nindent 6 }}
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-provisioning-prefill"
|
||||
registerConsumers:
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-provisioning-register-consumers"
|
||||
udmTransformer:
|
||||
resources:
|
||||
{{ .Values.resources.umsProvisioningUdmTransformer | toYaml | nindent 6 }}
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-provisioning-udm-transformer"
|
||||
resources:
|
||||
registerConsumers:
|
||||
{{ .Values.resources.umsProvisioningRegisterConsumers | toYaml | nindent 6 }}
|
||||
@@ -1,260 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
keycloak:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloak.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloak.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusKeycloakBootstrap:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakBootstrap.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloakBootstrap.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusKeycloakExtensions:
|
||||
handler:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
proxy:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }}
|
||||
repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }}
|
||||
tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusLdapNotifier:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapNotifier.registry | quote }}
|
||||
repository: {{ .Values.images.nubusLdapNotifier.repository }}
|
||||
tag: {{ .Values.images.nubusLdapNotifier.tag }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusLdapServer:
|
||||
ldapServer:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusLdapServer.repository }}
|
||||
tag: {{ .Values.images.nubusLdapServer.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
dhInitcontainer:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
|
||||
tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
waitForDependency:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusNotificationsApi:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
|
||||
repository: {{ .Values.images.nubusNotificationsApi.repository }}
|
||||
tag: {{ .Values.images.nubusNotificationsApi.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusPortalFrontend:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalFrontend.registry | quote }}
|
||||
repository: {{ .Values.images.nubusPortalFrontend.repository }}
|
||||
tag: {{ .Values.images.nubusPortalFrontend.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusPortalConsumer:
|
||||
portalConsumer:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusPortalConsumer.repository }}
|
||||
tag: {{ .Values.images.nubusPortalConsumer.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
waitForDependency:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusPortalServer:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalServer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusPortalServer.repository }}
|
||||
tag: {{ .Values.images.nubusPortalServer.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusProvisioning:
|
||||
api:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningEventsAndConsumerApi.registry | quote }}
|
||||
repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }}
|
||||
tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
dispatcher:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningDispatcher.registry | quote }}
|
||||
repository: {{ .Values.images.nubusProvisioningDispatcher.repository }}
|
||||
tag: {{ .Values.images.nubusProvisioningDispatcher.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
udmTransformer:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmTransformer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusProvisioningUdmTransformer.repository }}
|
||||
tag: {{ .Values.images.nubusProvisioningUdmTransformer.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
prefill:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningPrefill.registry | quote }}
|
||||
repository: {{ .Values.images.nubusProvisioningPrefill.repository }}
|
||||
tag: {{ .Values.images.nubusProvisioningPrefill.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
registerConsumers:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
nats:
|
||||
nats:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNats.registry | quote }}
|
||||
repository: {{ .Values.images.nubusNats.repository }}
|
||||
tag: {{ .Values.images.nubusNats.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
reloader:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsReloader.registry | quote }}
|
||||
repository: {{ .Values.images.nubusNatsReloader.repository }}
|
||||
tag: {{ .Values.images.nubusNatsReloader.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
natsBox:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsBox.registry | quote }}
|
||||
repository: {{ .Values.images.nubusNatsBox.repository }}
|
||||
tag: {{ .Values.images.nubusNatsBox.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusProvisioningEventsAndConsumerApi:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningEventsAndConsumerApi.registry | quote }}
|
||||
repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }}
|
||||
tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusProvisioningPrefill:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningPrefill.registry | quote }}
|
||||
repository: {{ .Values.images.nubusProvisioningPrefill.repository }}
|
||||
tag: {{ .Values.images.nubusProvisioningPrefill.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusUdmListener:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmListener.registry | quote }}
|
||||
repository: {{ .Values.images.nubusProvisioningUdmListener.repository }}
|
||||
tag: {{ .Values.images.nubusProvisioningUdmListener.tag }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusSelfServiceConsumer:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfServiceConsumer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusSelfServiceConsumer.repository }}
|
||||
tag: {{ .Values.images.nubusSelfServiceConsumer.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
waitForDependency:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusUdmRestApi:
|
||||
udmRestApi:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUdmRestApi.registry | quote }}
|
||||
repository: {{ .Values.images.nubusUdmRestApi.repository }}
|
||||
tag: {{ .Values.images.nubusUdmRestApi.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusUmcGateway:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcGateway.registry | quote }}
|
||||
repository: {{ .Values.images.nubusUmcGateway.repository }}
|
||||
tag: {{ .Values.images.nubusUmcGateway.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusUmcServer:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcServer.registry | quote }}
|
||||
repository: {{ .Values.images.nubusUmcServer.repository }}
|
||||
tag: {{ .Values.images.nubusUmcServer.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
proxy:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusUmcServerProxy.registry | quote }}
|
||||
repository: {{ .Values.images.nubusUmcServerProxy.repository }}
|
||||
tag: {{ .Values.images.nubusUmcServerProxy.tag }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusWaitForDependency:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
|
||||
nubusGuardian:
|
||||
provisioning:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianProvisioning.registry | quote }}
|
||||
repository: {{ .Values.images.nubusGuardianProvisioning.repository }}
|
||||
tag: {{ .Values.images.nubusGuardianProvisioning.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
authorizationApi:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianAuthorizationApi.registry | quote }}
|
||||
repository: {{ .Values.images.nubusGuardianAuthorizationApi.repository }}
|
||||
tag: {{ .Values.images.nubusGuardianAuthorizationApi.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
managementApi:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementApi.registry | quote }}
|
||||
repository: {{ .Values.images.nubusGuardianManagementApi.repository }}
|
||||
tag: {{ .Values.images.nubusGuardianManagementApi.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
managementUi:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementUi.registry | quote }}
|
||||
repository: {{ .Values.images.nubusGuardianManagementUi.repository }}
|
||||
tag: {{ .Values.images.nubusGuardianManagementUi.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
openPolicyAgent:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpenPolicyAgent.registry | quote }}
|
||||
repository: {{ .Values.images.nubusOpenPolicyAgent.repository }}
|
||||
tag: {{ .Values.images.nubusOpenPolicyAgent.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
nubusStackDataUms:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
|
||||
repository: {{ .Values.images.nubusDataLoader.repository }}
|
||||
tag: {{ .Values.images.nubusDataLoader.tag }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
@@ -21,6 +21,8 @@ cleanup:
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
componentEnabled:
|
||||
notes: {{ .Values.notes.enabled }}
|
||||
custom:
|
||||
clientScopes:
|
||||
{{ .Values.functional.authentication.oidc.clientScopes | toYaml | nindent 6 }}
|
||||
@@ -28,7 +30,7 @@ config:
|
||||
{{ .Values.functional.authentication.oidc.clients | toYaml | nindent 6 }}
|
||||
managed:
|
||||
clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list', 'offline_access', 'roles', 'address', 'phone' ]
|
||||
clients: [ 'opendesk-intercom', 'guardian-management-api', 'guardian-scripts', 'guardian-ui', 'UMC', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
|
||||
clients: [ 'guardian-management-api', 'guardian-scripts', 'guardian-ui', 'UMC', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
|
||||
keycloak:
|
||||
adminUser: "kcadmin"
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
@@ -42,7 +44,6 @@ config:
|
||||
# We use client specific scopes as we bind them to Keycloak role membership which itself is linked
|
||||
# to LDAP group membership to ensure a user cannot access an application without the required
|
||||
# group membership.
|
||||
# ToDo: Ensure all applications verify the token's signature to ensure it is not tampered.
|
||||
clientScopes:
|
||||
- name: "read_contacts"
|
||||
protocol: "openid-connect"
|
||||
@@ -374,7 +375,136 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
{{ if .Values.notes.enabled }}
|
||||
- name: "opendesk-notes-scope"
|
||||
description: "Scope for the claims required by openDesk's Notes instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
- name: "given name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "firstName"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "given_name"
|
||||
jsonType.label: "String"
|
||||
- name: "family name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "lastName"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "family_name"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
clients:
|
||||
- name: "opendesk-intercom"
|
||||
clientId: "opendesk-intercom"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.revoke.offline.tokens: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
|
||||
protocolMappers:
|
||||
- name: "intercom-audience"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "opendesk-intercom"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
defaultClientScopes:
|
||||
- "offline_access"
|
||||
{{ if .Values.notes.enabled }}
|
||||
- name: "opendesk-notes"
|
||||
clientId: "opendesk-notes"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/api/v1.0/callback/"
|
||||
standardFlowEnabled: true
|
||||
implicitFlowEnabled: false
|
||||
alwaysDisplayInConsole: false
|
||||
bearerOnly: false
|
||||
directAccessGrantsEnabled: true
|
||||
serviceAccountsEnabled: false
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
surrogateAuthRequired: false
|
||||
attributes:
|
||||
backchannel.logout.revoke.offline.tokens: false
|
||||
backchannel.logout.session.required: false
|
||||
client.introspection.response.allow.jwt.claim.enabled: false
|
||||
client.use.lightweight.access.token.enabled: false
|
||||
client_credentials.use_refresh_token: false
|
||||
display.on.consent.screen: false
|
||||
oauth2.device.authorization.grant.enabled: false
|
||||
oidc.ciba.grant.enabled: false
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/*"
|
||||
require.pushed.authorization.requests: false
|
||||
tls.client.certificate.bound.access.tokens: false
|
||||
token.response.type.bearer.lower-case: false
|
||||
use.jwks.url: false
|
||||
use.refresh.tokens: false
|
||||
# it is probably not even required to set this value explicitly.
|
||||
user.info.response.signature.alg: "RS256"
|
||||
defaultClientScopes:
|
||||
- "opendesk-notes-scope"
|
||||
{{ end }}
|
||||
- name: "opendesk-dovecot"
|
||||
clientId: "opendesk-dovecot"
|
||||
protocol: "openid-connect"
|
||||
|
||||
@@ -422,6 +422,9 @@ appsuite:
|
||||
replicas: {{ .Values.replicas.openxchangeCoreMW }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
|
||||
initContainer:
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 8 }}
|
||||
|
||||
core-ui:
|
||||
enabled: true
|
||||
|
||||
@@ -23,9 +23,8 @@ image:
|
||||
repository: {{ .Values.images.oxConnector.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.oxConnector.tag | quote }}
|
||||
|
||||
waitForDependency:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
||||
pullSecrets:
|
||||
@@ -63,30 +62,14 @@ provisioningApi:
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.oxConnector | toYaml | nindent 2 }}
|
||||
resourcesWaitForDependency:
|
||||
{{ .Values.resources.oxConnector | toYaml | nindent 2 }}
|
||||
|
||||
persistence:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
## Container deployment probes
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
initialDelaySeconds: 120
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 30
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
|
||||
readiness:
|
||||
enabled: true
|
||||
initialDelaySeconds: 30
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 15
|
||||
failureThreshold: 30
|
||||
successThreshold: 1
|
||||
|
||||
replicaCount: {{ .Values.replicas.oxConnector }}
|
||||
|
||||
securityContext:
|
||||
|
||||
@@ -44,7 +44,7 @@ repositories:
|
||||
|
||||
# openDesk Grafana Dashboards
|
||||
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dashboards
|
||||
- name: "dashboards-repo"
|
||||
- name: "opendesk-dashboards-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.opendeskDashboards.verify }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
@@ -52,6 +52,16 @@ repositories:
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskDashboards.registry }}/{{ .Values.charts.opendeskDashboards.repository }}"
|
||||
|
||||
# openDesk Static Files
|
||||
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-static-files
|
||||
- name: "opendesk-static-files-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.opendeskStaticFiles.verify }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskStaticFiles.registry }}/{{ .Values.charts.opendeskStaticFiles.repository }}"
|
||||
|
||||
releases:
|
||||
- name: "opendesk-otterize"
|
||||
chart: "otterize-repo/{{ .Values.charts.otterize.name }}"
|
||||
@@ -97,14 +107,23 @@ releases:
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-dashboards"
|
||||
chart: "dashboards-repo/{{ .Values.charts.opendeskDashboards.name }}"
|
||||
chart: "opendesk-dashboards-repo/{{ .Values.charts.opendeskDashboards.name }}"
|
||||
version: "{{ .Values.charts.opendeskDashboards.version }}"
|
||||
values:
|
||||
- "values-dashboards.yaml.gotmpl"
|
||||
- "values-opendesk-dashboards.yaml.gotmpl"
|
||||
- {{ .Values.customization.release.opendeskDashboards | default "additionalValues: false" }}
|
||||
installed: {{ .Values.monitoring.grafana.dashboards.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-static-files"
|
||||
chart: "opendesk-static-files-repo/{{ .Values.charts.opendeskStaticFiles.name }}"
|
||||
version: "{{ .Values.charts.opendeskStaticFiles.version }}"
|
||||
values:
|
||||
- "values-opendesk-static-files.yaml.gotmpl"
|
||||
- {{ .Values.customization.release.opendeskStaticFiles | default "additionalValues: false" }}
|
||||
installed: {{ .Values.staticFiles.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deployStage: "030-opendesk-services"
|
||||
component: "opendesk-services"
|
||||
|
||||
@@ -10,7 +10,6 @@ global:
|
||||
|
||||
ingress:
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
||||
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
...
|
||||
|
||||
@@ -0,0 +1,119 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: {{ .Values.global.domain | quote }}
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
assets:
|
||||
element:
|
||||
subdomain: {{ .Values.global.hosts.element }}
|
||||
paths:
|
||||
- path: "/vector-icons/favicon.........ico"
|
||||
data: {{ .Values.theme.imagery.chat.faviconIco }}
|
||||
jitsi:
|
||||
subdomain: {{ .Values.global.hosts.jitsi }}
|
||||
paths:
|
||||
- path: "/images/favicon.svg"
|
||||
data: {{ .Values.theme.imagery.videoconference.faviconSvg }}
|
||||
keycloak:
|
||||
subdomain: {{ .Values.global.hosts.keycloak }}
|
||||
paths:
|
||||
- path: "/resources/...../login/UCS/img/favicon.ico"
|
||||
data: {{ .Values.theme.imagery.login.faviconIco }}
|
||||
- path: "/static-files/login/logo.svg"
|
||||
data: {{ .Values.theme.imagery.login.logoSvg }}
|
||||
nextcloud:
|
||||
subdomain: {{ .Values.global.hosts.nextcloud }}
|
||||
paths:
|
||||
- path: "/core/img/favicon-touch.png"
|
||||
data: {{ .Values.theme.imagery.files.faviconPng }}
|
||||
- path: "/core/img/favicon.ico"
|
||||
data: {{ .Values.theme.imagery.files.faviconIco }}
|
||||
notes:
|
||||
subdomain: {{ .Values.global.hosts.notes }}
|
||||
paths:
|
||||
- path: "/favicon.ico"
|
||||
data: {{ .Values.theme.imagery.notes.faviconIco }}
|
||||
openproject:
|
||||
subdomain: {{ .Values.global.hosts.openproject }}
|
||||
paths:
|
||||
- path: "/custom_style/........../favicon/favicon.svg"
|
||||
data: {{ .Values.theme.imagery.projects.faviconSvg }}
|
||||
openxchange:
|
||||
subdomain: {{ .Values.global.hosts.openxchange }}
|
||||
paths:
|
||||
- path: "/appsuite/favicon.ico"
|
||||
data: {{ .Values.theme.imagery.groupware.faviconIco }}
|
||||
- path: "/appsuite/favicon.svg"
|
||||
data: {{ .Values.theme.imagery.groupware.faviconSvg }}
|
||||
portal:
|
||||
subdomain: {{ .Values.global.hosts.nubus }}
|
||||
paths:
|
||||
- path: "/favicon.ico"
|
||||
data: {{ .Values.theme.imagery.portal.faviconIco }}
|
||||
- path: "/static-files/portal/background.svg"
|
||||
data: {{ .Values.theme.imagery.portal.backgroundSvg }}
|
||||
- path: "/static-files/portal/waiting-spinner.svg"
|
||||
data: {{ .Values.theme.imagery.portal.waitingSpinnerSvg }}
|
||||
- path: "/static-files/login/background.jpg"
|
||||
data: {{ .Values.theme.imagery.login.backgroundJpg }}
|
||||
|
||||
xwiki:
|
||||
subdomain: {{ .Values.global.hosts.xwiki }}
|
||||
paths:
|
||||
- path: "/resources/icons/xwiki/favicon.svg"
|
||||
data: {{ .Values.theme.imagery.knowledge.faviconSvg }}
|
||||
- path: "/resources/icons/xwiki/favicon16.png"
|
||||
data: {{ .Values.theme.imagery.knowledge.faviconPng }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.opendeskStaticFiles | toYaml | nindent 4 }}
|
||||
|
||||
ingress:
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
||||
host: "{{ .Values.global.hosts.static }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.opendeskStaticFiles.registry | quote }}
|
||||
repository: {{ .Values.images.opendeskStaticFiles.repository | quote }}
|
||||
tag: {{ .Values.images.opendeskStaticFiles.tag | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
fsGroupChangePolicy: "Always"
|
||||
|
||||
replicaCount: {{ .Values.replicas.opendeskStaticFiles }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.opendeskStaticFiles | toYaml | nindent 2 }}
|
||||
|
||||
service:
|
||||
type: "ClusterIP"
|
||||
...
|
||||
@@ -3,6 +3,11 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: {{ .Values.global.domain | quote }}
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
|
||||
apps:
|
||||
clamavDistributed:
|
||||
enabled: {{ .Values.clamavDistributed.enabled }}
|
||||
@@ -12,6 +17,8 @@ apps:
|
||||
enabled: {{ .Values.collabora.enabled }}
|
||||
cryptpad:
|
||||
enabled: {{ .Values.cryptpad.enabled }}
|
||||
dkimpy:
|
||||
enabled: {{ .Values.dkimpy.enabled }}
|
||||
dovecot:
|
||||
enabled: {{ .Values.dovecot.enabled }}
|
||||
element:
|
||||
@@ -22,10 +29,16 @@ apps:
|
||||
enabled: {{ .Values.mariadb.enabled }}
|
||||
memcached:
|
||||
enabled: {{ .Values.memcached.enabled }}
|
||||
migrations:
|
||||
enabled: {{ .Values.migrations.enabled }}
|
||||
minio:
|
||||
enabled: {{ .Values.minio.enabled }}
|
||||
nextcloud:
|
||||
enabled: {{ .Values.nextcloud.enabled }}
|
||||
notes:
|
||||
enabled: {{ .Values.notes.enabled }}
|
||||
nubus:
|
||||
enabled: {{ .Values.nubus.enabled }}
|
||||
openproject:
|
||||
enabled: {{ .Values.openproject.enabled }}
|
||||
oxAppsuite:
|
||||
@@ -36,8 +49,6 @@ apps:
|
||||
enabled: {{ .Values.postgresql.enabled }}
|
||||
redis:
|
||||
enabled: {{ .Values.redis.enabled }}
|
||||
univentionManagementStack:
|
||||
enabled: {{ .Values.nubus.enabled }}
|
||||
xwiki:
|
||||
enabled: {{ .Values.xwiki.enabled }}
|
||||
|
||||
|
||||
@@ -40,7 +40,7 @@ dbInit:
|
||||
environment:
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
OPENPROJECT_APP__TITLE: "Projects | {{ .Values.theme.texts.productName }}"
|
||||
OPENPROJECT_APP__TITLE: "Projekte - {{ .Values.theme.texts.productName }}"
|
||||
OPENPROJECT_LOG__LEVEL: {{ if .Values.debug.enabled }}"debug"{{ else }}"info"{{ end }}
|
||||
OPENPROJECT_LOGIN__REQUIRED: "true"
|
||||
OPENPROJECT_USER__DEFAULT__TIMEZONE: "Europe/Berlin"
|
||||
|
||||
@@ -83,15 +83,14 @@ repositories:
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.minio.registry }}/{{ .Values.charts.minio.repository }}"
|
||||
|
||||
# openDesk Enterprise Repositories
|
||||
|
||||
# openDesk Enterprise
|
||||
# Cassandra
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "cassandra-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.cassandra.verify }}
|
||||
username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.cassandra.registry }}/{{ .Values.charts.cassandra.repository }}"
|
||||
|
||||
|
||||
@@ -26,26 +26,34 @@ containerSecurityContext:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1000
|
||||
runAsGroup: 0
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.minio | toYaml | nindent 4 }}
|
||||
|
||||
defaultBuckets: "openproject,openxchange,ums,nextcloud"
|
||||
|
||||
global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
security:
|
||||
allowInsecureImages: true
|
||||
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.minio.registry | quote }}
|
||||
repository: "{{ .Values.images.minio.repository }}"
|
||||
tag: "{{ .Values.images.minio.tag }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: {{ .Values.images.minio.repository | quote }}
|
||||
tag: {{ .Values.images.minio.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
volumePermissions:
|
||||
enabled: true
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.minio.registry | quote }}
|
||||
repository: {{ .Values.images.bitnamiOSShell.repository | quote }}
|
||||
tag: {{ .Values.images.bitnamiOSShell.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
{{- if .Values.debug.enabled }}
|
||||
ingress:
|
||||
@@ -79,7 +87,7 @@ networkPolicy:
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroup: 1001
|
||||
|
||||
persistence:
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
@@ -94,16 +102,19 @@ provisioning:
|
||||
- "mc anonymous set download provisioning/ums/portal-assets"
|
||||
buckets:
|
||||
- name: {{ .Values.objectstores.migrations.bucket | quote }}
|
||||
versioning: false
|
||||
versioning: "Suspended"
|
||||
withLock: false
|
||||
- name: {{ .Values.objectstores.nextcloud.bucket | quote }}
|
||||
versioning: true
|
||||
versioning: "Suspended"
|
||||
withLock: false
|
||||
- name: {{ .Values.objectstores.notes.bucket | quote }}
|
||||
versioning: "Versioned"
|
||||
withLock: false
|
||||
- name: {{ .Values.objectstores.openproject.bucket | quote }}
|
||||
versioning: true
|
||||
versioning: "Suspended"
|
||||
withLock: false
|
||||
- name: {{ .Values.objectstores.nubus.bucket | quote }}
|
||||
versioning: false
|
||||
versioning: "Suspended"
|
||||
withLock: false
|
||||
policies:
|
||||
- name: "migrations-bucket-policy"
|
||||
@@ -130,6 +141,18 @@ provisioning:
|
||||
effect: "Allow"
|
||||
actions:
|
||||
- "s3:*"
|
||||
- name: "notes-bucket-policy"
|
||||
statements:
|
||||
- resources:
|
||||
- "arn:aws:s3:::notes"
|
||||
effect: "Allow"
|
||||
actions:
|
||||
- "s3:*"
|
||||
- resources:
|
||||
- "arn:aws:s3:::notes/*"
|
||||
effect: "Allow"
|
||||
actions:
|
||||
- "s3:*"
|
||||
- name: "openproject-bucket-policy"
|
||||
statements:
|
||||
- resources:
|
||||
@@ -167,6 +190,12 @@ provisioning:
|
||||
policies:
|
||||
- "nextcloud-bucket-policy"
|
||||
setPolicies: true
|
||||
- username: {{ .Values.objectstores.notes.username | quote }}
|
||||
password: {{ .Values.secrets.minio.notesUser | quote }}
|
||||
disabled: false
|
||||
policies:
|
||||
- "notes-bucket-policy"
|
||||
setPolicies: true
|
||||
- username: {{ .Values.objectstores.openproject.username | quote }}
|
||||
password: {{ .Values.secrets.minio.openprojectUser | quote }}
|
||||
disabled: false
|
||||
@@ -200,6 +229,7 @@ startupProbe:
|
||||
|
||||
statefulset:
|
||||
replicaCount: {{ .Values.replicas.minio }}
|
||||
drivesPerNode: {{ if gt .Values.replicas.minio 1 }}2{{ else }}1{{ end }}
|
||||
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraVolumes:
|
||||
|
||||
@@ -86,4 +86,11 @@ replicaCount: {{ .Values.replicas.postfix }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.postfix | toYaml | nindent 2 }}
|
||||
|
||||
{{- if or (eq .Values.cluster.service.type "NodePort") (eq .Values.cluster.service.type "LoadBalancer") }}
|
||||
service:
|
||||
external:
|
||||
enabled: true
|
||||
type: {{ .Values.cluster.service.type | quote }}
|
||||
{{- end }}
|
||||
...
|
||||
|
||||
@@ -48,6 +48,9 @@ job:
|
||||
- username: {{ .Values.databases.keycloak.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.keycloak.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.notes.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.notesUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.notes.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.openproject.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.openproject.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
@@ -71,6 +74,8 @@ job:
|
||||
user: {{ .Values.databases.keycloak.username | quote }}
|
||||
- name: {{ .Values.databases.keycloakExtension.name | quote }}
|
||||
user: {{ .Values.databases.keycloakExtension.username | quote }}
|
||||
- name: {{ .Values.databases.notes.name | quote }}
|
||||
user: {{ .Values.databases.notes.username | quote }}
|
||||
- name: {{ .Values.databases.openproject.name | quote }}
|
||||
user: {{ .Values.databases.openproject.username | quote }}
|
||||
- name: {{ .Values.databases.synapse.name | quote }}
|
||||
|
||||
@@ -141,12 +141,10 @@ postgresql:
|
||||
|
||||
properties:
|
||||
"attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvgB64 }}"
|
||||
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.faviconSvgB64 }}"
|
||||
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon16.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon16PngB64 }}"
|
||||
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon144.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon144PngB64 }}"
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.secure": 1
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.server": "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443
|
||||
|
||||
## This option overwrites the LDAP group mappings including all dynamically created mappings, therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping.
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,dc=swp-ldap,dc=internal"
|
||||
## SMTP settings
|
||||
@@ -175,7 +173,7 @@ properties:
|
||||
# yamllint disable-line rule:line-length
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "li#tmWorkplaceServices { padding-left: 16px; padding-top: 5px; } .navbar-right { padding-top: 8px; } .navbar { border-bottom: 1px solid #ddd !important; height: 64px;} div#companylogo { width: 90px; height: auto; padding-top: 7px; padding-left: 9px; }"
|
||||
|
||||
"property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"
|
||||
"property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "keycloak-bridge-auth"
|
||||
## Fields to search in when importing users from the administration UI (not completely in scope for now)
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes":
|
||||
"sn,givenname,uid,mailPrimaryAddress"
|
||||
@@ -192,7 +190,7 @@ properties:
|
||||
## LDAP filter to only synchronize some groups
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.title": "{{ .Values.theme.texts.productName }} Wissen - $!tdoc.displayTitle"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.title": "Wissen - $!tdoc.displayTitle - {{ .Values.theme.texts.productName }}"
|
||||
|
||||
cluster:
|
||||
replicas: {{ .Values.replicas.xwiki }}
|
||||
|
||||
8
helmfile/environments/default/ai.yaml.gotmpl
Normal file
8
helmfile/environments/default/ai.yaml.gotmpl
Normal file
@@ -0,0 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
ai:
|
||||
endpoint: ""
|
||||
apiKey: ""
|
||||
model: ""
|
||||
...
|
||||
@@ -13,6 +13,10 @@ cache:
|
||||
username: "default"
|
||||
password: ""
|
||||
tls: false
|
||||
notes:
|
||||
host: "redis-headless"
|
||||
port: 6379
|
||||
password: ""
|
||||
openproject:
|
||||
host: "memcached"
|
||||
port: 11211
|
||||
|
||||
@@ -21,7 +21,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-certificates"
|
||||
name: "opendesk-certificates"
|
||||
version: "3.1.0"
|
||||
version: "3.1.1"
|
||||
verify: true
|
||||
clamav:
|
||||
# providerCategory: "Platform"
|
||||
@@ -55,6 +55,13 @@ charts:
|
||||
name: "collabora-online"
|
||||
version: "1.1.21"
|
||||
verify: true
|
||||
collaboraController:
|
||||
# Component is required for openDesk Enterprise only.
|
||||
registry: ""
|
||||
repository: ""
|
||||
name: ""
|
||||
version: ""
|
||||
verify: true
|
||||
cryptpad:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "XWiki"
|
||||
@@ -97,7 +104,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-element"
|
||||
version: "5.0.1"
|
||||
version: "6.0.0"
|
||||
verify: true
|
||||
elementWeb:
|
||||
# providerCategory: "Platform"
|
||||
@@ -107,7 +114,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-element-web"
|
||||
version: "5.0.1"
|
||||
version: "6.0.0"
|
||||
verify: true
|
||||
elementWellKnown:
|
||||
# providerCategory: "Platform"
|
||||
@@ -117,7 +124,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-well-known"
|
||||
version: "5.0.1"
|
||||
version: "6.0.0"
|
||||
verify: true
|
||||
home:
|
||||
# providerCategory: "Platform"
|
||||
@@ -139,7 +146,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "intercom-service"
|
||||
version: "2.4.0"
|
||||
version: "2.7.3"
|
||||
verify: true
|
||||
jitsi:
|
||||
# providerCategory: "Platform"
|
||||
@@ -149,7 +156,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-jitsi"
|
||||
name: "opendesk-jitsi"
|
||||
version: "2.1.1"
|
||||
version: "3.0.1"
|
||||
verify: true
|
||||
mariadb:
|
||||
# providerCategory: "Platform"
|
||||
@@ -209,7 +216,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-matrix-user-verification-service"
|
||||
version: "5.0.1"
|
||||
version: "6.0.1"
|
||||
verify: true
|
||||
memcached:
|
||||
# providerCategory: "Community"
|
||||
@@ -229,7 +236,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
|
||||
name: "opendesk-migrations"
|
||||
version: "1.3.6"
|
||||
version: "1.4.0"
|
||||
verify: true
|
||||
minio:
|
||||
# providerCategory: "Community"
|
||||
@@ -239,7 +246,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/external/charts/bitnami-charts"
|
||||
name: "minio"
|
||||
version: "12.10.11"
|
||||
version: "14.10.1"
|
||||
verify: true
|
||||
nextcloud:
|
||||
# providerCategory: "Platform"
|
||||
@@ -281,6 +288,16 @@ charts:
|
||||
name: "nginx-s3-gateway"
|
||||
version: "1.0.1"
|
||||
verify: true
|
||||
notes:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://gitlab.opencode.de"
|
||||
# packageName=bmi/opendesk/components/supplier/dinum/charts/notes
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/dinum/charts/notes"
|
||||
name: "impress"
|
||||
version: "2.0.0"
|
||||
verify: true
|
||||
nubus:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -291,7 +308,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "nubus"
|
||||
version: "1.4.0"
|
||||
version: "1.5.1"
|
||||
verify: true
|
||||
opendeskAlerts:
|
||||
# providerCategory: "Platform"
|
||||
@@ -301,7 +318,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-alerts"
|
||||
name: "opendesk-alerts"
|
||||
version: "1.1.0"
|
||||
version: "1.1.1"
|
||||
verify: true
|
||||
opendeskDashboards:
|
||||
# providerCategory: "Platform"
|
||||
@@ -311,7 +328,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-dashboards"
|
||||
name: "opendesk-dashboards"
|
||||
version: "1.1.0"
|
||||
version: "1.1.1"
|
||||
verify: true
|
||||
opendeskKeycloakBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
@@ -321,7 +338,17 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap"
|
||||
name: "opendesk-keycloak-bootstrap"
|
||||
version: "2.1.3"
|
||||
version: "2.2.0"
|
||||
verify: true
|
||||
opendeskStaticFiles:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files/opendesk-static-files"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files"
|
||||
name: "opendesk-static-files"
|
||||
version: "4.0.1"
|
||||
verify: true
|
||||
openproject:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -353,7 +380,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
|
||||
name: "opendesk-otterize"
|
||||
version: "2.1.0"
|
||||
version: "2.1.3"
|
||||
verify: true
|
||||
oxAppSuite:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -387,7 +414,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "ox-connector"
|
||||
version: "0.14.5"
|
||||
version: "0.14.11"
|
||||
verify: true
|
||||
postfix:
|
||||
# providerCategory: "Platform"
|
||||
@@ -427,7 +454,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse"
|
||||
version: "5.0.1"
|
||||
version: "6.0.1"
|
||||
verify: true
|
||||
synapseAdmin:
|
||||
# Component is required for openDesk Enterprise only.
|
||||
@@ -451,7 +478,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-create-account"
|
||||
version: "5.0.1"
|
||||
version: "6.0.0"
|
||||
verify: true
|
||||
synapseGroupsync:
|
||||
# Component is required for openDesk Enterprise only.
|
||||
@@ -475,7 +502,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-web"
|
||||
version: "5.0.1"
|
||||
version: "6.0.0"
|
||||
verify: true
|
||||
xwiki:
|
||||
# providerCategory: "Supplier"
|
||||
|
||||
@@ -34,6 +34,8 @@ customization:
|
||||
# nextcloud
|
||||
opendeskNextcloudManagement: {}
|
||||
opendeskNextcloud: {}
|
||||
# notes
|
||||
notes: {}
|
||||
# nubus
|
||||
ums: {}
|
||||
intercomService: {}
|
||||
@@ -48,12 +50,16 @@ customization:
|
||||
openproject: {}
|
||||
# openproject-bootstrap
|
||||
opendeskOpenprojectBootstrap: {}
|
||||
# services
|
||||
# xwiki
|
||||
xwiki: {}
|
||||
# openDesk services
|
||||
opendeskOtterize: {}
|
||||
opendeskHome: {}
|
||||
opendeskCertificates: {}
|
||||
opendeskAlerts: {}
|
||||
opendeskDashboards: {}
|
||||
opendeskStaticFiles: {}
|
||||
# external services
|
||||
redis: {}
|
||||
memcached: {}
|
||||
postgresql: {}
|
||||
@@ -63,11 +69,10 @@ customization:
|
||||
clamav: {}
|
||||
clamavSimple: {}
|
||||
minio: {}
|
||||
# xwiki
|
||||
xwiki: {}
|
||||
|
||||
# openDesk Enterprise Components
|
||||
cassandra: {}
|
||||
collaboraController: {}
|
||||
opendeskSynapseAdmin: {}
|
||||
opendeskSynapseAdminbotBootstrap: {}
|
||||
opendeskSynapseAdminbotPipe: {}
|
||||
@@ -75,4 +80,5 @@ customization:
|
||||
opendeskSynapseAuditbotBootstrap: {}
|
||||
opendeskSynapseAuditbotPipe: {}
|
||||
opendeskSynapseGroupsync: {}
|
||||
|
||||
...
|
||||
|
||||
@@ -25,6 +25,13 @@ databases:
|
||||
username: "nextcloud_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
notes:
|
||||
name: "notes"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "notes_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
openproject:
|
||||
name: "openproject"
|
||||
host: "postgresql"
|
||||
|
||||
@@ -7,9 +7,9 @@ debug:
|
||||
deletePodsOnSuccess: true
|
||||
# When deletePodsOnSuccess is enabled, the pod will be deleted after configured seconds.
|
||||
deletePodsOnSuccessTimeout: 60
|
||||
# Keep persistence on deletion of this release.
|
||||
# Keep persistence on deletion of a release.
|
||||
keepPVCOnDelete: false
|
||||
# Keep additional resources, like certificates on deletion of this release.
|
||||
# Keep additional resources, like certificates on deletion of a release.
|
||||
keepRessourceOnDelete: true
|
||||
# should activate debug output in all components and even allow e.g. successfully executed jobs
|
||||
# to stay available. This is going to be implemented on a case by case basis when we actually
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
---
|
||||
global:
|
||||
systemInformation:
|
||||
releaseVersion: "v1.0.1"
|
||||
releaseVersion: "v1.1.1"
|
||||
...
|
||||
|
||||
@@ -44,9 +44,11 @@ global:
|
||||
minioApi: "objectstore"
|
||||
minioConsole: "objectstore-ui"
|
||||
nextcloud: "files"
|
||||
notes: "notes"
|
||||
nubus: "portal"
|
||||
openproject: "projects"
|
||||
openxchange: "webmail"
|
||||
static: "static"
|
||||
synapse: "matrix"
|
||||
synapseFederation: "matrix-federation"
|
||||
whiteboard: "whiteboard"
|
||||
|
||||
@@ -5,6 +5,14 @@
|
||||
# Please read the /docs/development.md for information about structure and annotations used in this file.
|
||||
---
|
||||
images:
|
||||
bitnamiOSShell:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "bitnami/os-shell"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "bitnami/os-shell"
|
||||
tag: "12-debian-12-r34@sha256:41e0561b0f08011c24acc5e8ad4c0d09a36062cfab35d9ec7b3fdd4cfecc01e0"
|
||||
clamd:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -53,7 +61,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
|
||||
tag: "1.11.4@sha256:bfb0ce4afe737e7b6a0404c9e3f2d8dbe341ce72a930d0d5173a0145729cf646"
|
||||
tag: "1.11.6@sha256:1ac5eeea24c5fbfdfeda44cb00651fa22864e26d8cb32add150c4bf1aea0fb36"
|
||||
freshclam:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -79,7 +87,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
|
||||
tag: "2.4.0@sha256:df743b7ea30077dc941815ccc60198820d67bbba94853fa7a6f939c0f36af335"
|
||||
tag: "2.7.3@sha256:bae60a9a14df53431f81846bf98520e3340dbfc1abae88622ccbd3c6e81cd930"
|
||||
jibri:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -122,12 +130,12 @@ images:
|
||||
tag: "v20241023@sha256:2391799c5168222f0e3ebb94d7c3cb3bcea6f075399458197f0c1bbbb8f293fe"
|
||||
jitsiPatchJVB:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "Nordeck"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "bitnami/kubectl"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "bitnami/kubectl"
|
||||
tag: "1.31.3@sha256:e90b9642d3daeabcfe73cf9aadcbbc624d1de7f88185095307c785f1c266bdb9"
|
||||
tag: "1.32.0@sha256:48c81b7aaf4fabf2733a0b888960f6982181fbcd2c3f8dfcebc4a1a065631162"
|
||||
jvb:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -175,7 +183,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "7", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-bot"
|
||||
tag: "2.8.1@sha256:d23b08e3b6f322ffdc67029a35bd110cefb98de7a2a023b7f52fb7729886078b"
|
||||
tag: "2.8.2@sha256:1266f4af93cd82554e037125a7f6d753742bcde3dd90ecbeed8f6f5f64689c96"
|
||||
matrixNeoDateFixWidget:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -211,7 +219,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
|
||||
tag: "1.3.18@sha256:d7f13322cc9cc7ab157f926280070850b0dfc6169c93a306ec4c3cf7c21eff69"
|
||||
tag: "1.4.0@sha256:0c74011e4c1216857b73695741196908afcacc2f531fd1c894b8f574ac98f9a2"
|
||||
milter:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -227,7 +235,7 @@ images:
|
||||
# upstreamRepository: "bitnami/minio"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "bitnami/minio"
|
||||
tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7"
|
||||
tag: "2024.12.13-debian-12-r0@sha256:2a258ab6876f6ed3cd5609836d065f20927955a2ae721fd9edde8ca388b52135"
|
||||
nextcloud:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -252,6 +260,30 @@ images:
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "nginxinc/nginx-s3-gateway"
|
||||
tag: "unprivileged-oss-20241111@sha256:20d6b6ec5fc987b18c3e345de33674374a8335c593d6d0841ac64eb49ae2dea4"
|
||||
notesBackend:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "DINUM"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "lasuite/impress-backend"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "lasuite/impress-backend"
|
||||
tag: "v1.10.0-docs-production@sha256:62f31bf18335fec031f9ea3af828b84a8bb811793b63bc1c484e4ce14d437198"
|
||||
notesFrontend:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "DINUM"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "lasuite/impress-frontend"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-notes"
|
||||
tag: "1.5.1@sha256:dad7dd60a5eb39b71b4911558cf7eac9ed6dc050593a046f5da0eaa75c65d344"
|
||||
notesYProvider:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "DINUM"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "lasuite/impress-y-provider"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "lasuite/impress-y-provider"
|
||||
tag: "v1.10.0-docs-production@sha256:9fcdb1fe7b20f0026b94765d64d83a2fe76cbe6e59c43d098fa21a7ea0c74803"
|
||||
nubusDataLoader:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -261,7 +293,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "41", "5"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
|
||||
tag: "0.80.0@sha256:61a8ed924c27578f40022ec7cb8d34337d0bdc890e46a09fee57a5428cd33037"
|
||||
tag: "0.80.2@sha256:04b4b928e5e957f6544b6e0af32c75340cfacf182a78e03bc1a65bdf9f8d9e5d"
|
||||
nubusGuardianAuthorizationApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -351,7 +383,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
|
||||
tag: "0.26.5@sha256:2849bcea1c0d532d83d7d5ccd6036592af53ae6fee2ef5822eae7147ec0e094c"
|
||||
tag: "0.29.1@sha256:c06923e8d9190a83d94b2f3e429d8ae812f09fbb9f89b5689d3e221ccbbcd1ab"
|
||||
nubusLdapServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -361,7 +393,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
|
||||
tag: "0.27.0@sha256:c8b2b4e6987deb37095a7dbfcc4e622a503e003dc9b667558edc2f9c2f58a072"
|
||||
tag: "0.29.1@sha256:0d3f136572849311490d2b616fa948bb6c97a6df9517fcc3770264ed8ee5c8e6"
|
||||
nubusLdapServerDhInitContainer:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -370,6 +402,16 @@ images:
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "natsio/nats-box"
|
||||
tag: "0.14.2@sha256:c9b8ebaabb2ca4c227feb4f6b856dc72d4775ac3d71f80d2c65aa82303079011"
|
||||
nubusLdapServerLeaderElector:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
# upstreamRegistry: "https://artifacts.software-univention.de"
|
||||
# upstreamRepository: "nubus/images/ldap-server-elector"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["0", "29", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector"
|
||||
tag: "0.31.1@sha256:70d23a5055acb2bcaaa629e78b2168355efebab20047a40a8f410b1ce0f624e2"
|
||||
nubusNats:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -403,7 +445,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
|
||||
tag: "0.48.0@sha256:0d633fbe27c153e306b2887e597da138072e3b74218df27fbd27901daed31987"
|
||||
tag: "0.48.3@sha256:7d4e8e0a6fb6be2b3f1e5f0db49375d7a0a5820fc7517b685b2109dac00ea823"
|
||||
nubusOpendeskExtension:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -411,7 +453,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
|
||||
tag: "1.8.2-trossner-nubus1-3@sha256:d8d7d851233e1360968417844c73b1b3822b4e8876194fd4dc3088112c66530a"
|
||||
tag: "1.9.1@sha256:4cc4d4bc39167d7dc305ab1787763fd1091fa1284ddf373e081c595d4dce39a9"
|
||||
nubusOpenPolicyAgent:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -441,7 +483,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "27", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
|
||||
tag: "0.48.0@sha256:949b4e47b0f0f2cf8197c080eba709481e09d776a6293669404bceb749ac4a70"
|
||||
tag: "0.48.3@sha256:329ad2fbfdba2fb3cb0b170158f9fdff8786c0f1e24537d16a197432e0d0f2d0"
|
||||
nubusPortalExtension:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -459,7 +501,7 @@ images:
|
||||
# upstreamRepository: "nubus/images/portal-frontend"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus-portal-update"
|
||||
tag: "1.10.5@sha256:75461683a2233c2e5c99499791ceb576b717c68baa28eef2c307e7052aaaf754"
|
||||
tag: "1.10.13@sha256:2f84f50af5d6ed31587e5ea9d043c9c30599d91350e13ea1ca31c9c9737a32cc"
|
||||
nubusPortalServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -469,7 +511,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
|
||||
tag: "0.48.0@sha256:33860975dac733c1412a7ca0372324a15dc5cd60d73061666744bcab6de5f7c6"
|
||||
tag: "0.48.3@sha256:331a3f247d3c3d496ee1be78d71b6c737666f2fbf0bced1985e2edb295729e59"
|
||||
nubusProvisioningDispatcher:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -479,7 +521,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
|
||||
tag: "0.45.1@sha256:0ba7867e68a3b76a9d094462d17c347839551f46548671c11688a22cc3315e6b"
|
||||
tag: "0.46.0@sha256:01464a4f2e1297ff2d1a507e69829fa7d0b84543e88280113bd9b9fb88bf2bce"
|
||||
nubusProvisioningEventsAndConsumerApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -489,7 +531,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
|
||||
tag: "0.45.1@sha256:9f9d38002da6a9a6f6dc6d08f73055c6636cf63c3c348d7c8830ea8dc20a7766"
|
||||
tag: "0.46.0@sha256:c9025d0c058a36fb7926a6ad9768f9909efa4dff76022d7b7de862b000da6e6f"
|
||||
nubusProvisioningPrefill:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -499,7 +541,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
|
||||
tag: "0.45.1@sha256:c38bb5c8591fb2fca74cbab742c897f194582c55151cae41bc029cbf64992f6a"
|
||||
tag: "0.46.0@sha256:e7dfa77a8fe5b6d40d734b04dda9583c03ae8cf48221e6f0af0b35052514a948"
|
||||
nubusProvisioningUdmListener:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -509,7 +551,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
|
||||
tag: "0.45.1@sha256:09a837ceca9a5f1f5812f8ae242a9427959db9cfa50563a62f6daba9b92ce63d"
|
||||
tag: "0.46.0@sha256:648101e9115fa9c32583f2588a722201fed8b537167931cce3aee1111c6f50b2"
|
||||
nubusProvisioningUdmTransformer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -519,7 +561,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
|
||||
tag: "0.45.1@sha256:5fe7addb286230e185a9d688fdf0a4fa4a2602254412d50df340fde76d8adeba"
|
||||
tag: "0.46.0@sha256:e1877879044e5b0967362b5ec9a491e046d674407fbf081756b5e9e0e2dcd8e5"
|
||||
nubusSelfServiceConsumer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -529,7 +571,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "3", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
|
||||
tag: "0.12.2@sha256:99ec299e5a57a24f5dc9b437d6a66ae4afbbb23b66b09f7239acac0fd1399d03"
|
||||
tag: "0.12.3@sha256:8c20895767bb1972a3abb066ba8adc4034ce718b199fbe205a9ae67d5544a888"
|
||||
nubusUdmRestApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -549,7 +591,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
|
||||
tag: "0.35.4@sha256:940b71bda766deb1325b2728845b669a61b511c3339976def588ec3488c69f77"
|
||||
tag: "0.35.5@sha256:f9a13261821de731f3c3a665aa128b16d7e48e6f3d79a9d4038f9667069542c8"
|
||||
nubusUmcServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -559,7 +601,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
|
||||
tag: "0.35.4@sha256:5f6bed0b01df14eb5a8457a9109c1d87eb49c682ef818dc07c73009f7e7a0bdc"
|
||||
tag: "0.35.5@sha256:f81ce86b16f03d8c840c2f5f6d6814b8119caf2a08f0f01b0a5dab5a528d228a"
|
||||
nubusUmcServerProxy:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -586,16 +628,24 @@ images:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-keycloak-bootstrap"
|
||||
tag: "1.2.1@sha256:f5ce0be27580c6347c5e700c4fa271a811d45d8a0e4b40ffe8a4d0e3d47e670f"
|
||||
opendeskStaticFiles:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "Element"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "library/nginx"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "library/nginx"
|
||||
tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4"
|
||||
openproject:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "OpenProject"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "openproject/open_desk"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)-?\d*$'
|
||||
# upstreamMirrorStartFrom: ["13", "1", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
|
||||
tag: "15.1.0@sha256:3868e97f0694ec747f52a890dafb107f7664a9c3c615d61aaec287ed3afa3305"
|
||||
tag: "15.1.0-20241220@sha256:ac582a338986442f2820dc1467d0e85c66f2408f6a7f8e945fc6471ebed0ad56"
|
||||
openprojectBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -783,7 +833,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "91", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
|
||||
tag: "v1.120.2@sha256:daee887fa4ca6370e297439bb33a61896ff3413c9454540446a94e461f097d33"
|
||||
tag: "v1.121.1@sha256:5d8081b6004eb115635334dbc1ec2f87318f19d5ad0e7c62f7476d4cc16de277"
|
||||
synapseCreateUser:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -791,7 +841,7 @@ images:
|
||||
# upstreamRepository: "alpine/k8s"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.31.3@sha256:77812543abe5649b286d5f0dc17a7dbaa4056433225f6f695150f329cb4b6803"
|
||||
tag: "1.32.0@sha256:6d49f7f37ae5f4c07bfe46edb44e3d3b6896974d1b87da76d8aa8d6e23b4d619"
|
||||
synapseGuestModule:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -817,7 +867,7 @@ images:
|
||||
# upstreamRepository: "library/nginx"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "library/nginx"
|
||||
tag: "1.27.0-bookworm@sha256:1445eb9c6dc5e9619346c836ef6fbd6a95092e4663f27dcfce116f051cdbd232"
|
||||
tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4"
|
||||
xwiki:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "XWiki"
|
||||
@@ -827,5 +877,5 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "12"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
|
||||
tag: "0.22-mariadb-jetty-alpine@sha256:ba29f44befc558c4a4d969f103b216c13a55194dbc532adc43567bee4943d65f"
|
||||
tag: "0.23-mariadb-jetty-alpine@sha256:d358212cc5c3addc4be02cfd0f2b08aa8b88399ac5848e152111f231356558da"
|
||||
...
|
||||
|
||||
@@ -23,6 +23,12 @@ objectstores:
|
||||
useSSL: true
|
||||
pathStyle: true
|
||||
port: 443
|
||||
notes:
|
||||
bucket: "notes"
|
||||
endpoint: ""
|
||||
secretKey: ""
|
||||
username: "notes_user"
|
||||
port: 443
|
||||
openproject:
|
||||
bucket: "openproject"
|
||||
directUploads: true
|
||||
|
||||
@@ -49,6 +49,9 @@ minio:
|
||||
nextcloud:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
notes:
|
||||
enabled: false
|
||||
namespace: ~
|
||||
nubus:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
@@ -67,6 +70,9 @@ postgresql:
|
||||
redis:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
staticFiles:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
xwiki:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
@@ -81,4 +87,7 @@ elementAdmin:
|
||||
elementGroupsync:
|
||||
enabled: false
|
||||
namespace: ~
|
||||
collaboraController:
|
||||
enabled: false
|
||||
namespace: ~
|
||||
...
|
||||
|
||||
@@ -66,7 +66,6 @@ replicas:
|
||||
# -- scalable: true
|
||||
keycloak: 1
|
||||
# -- scalable: false
|
||||
# -- comment: Will be removed soon.
|
||||
oxConnector: 1
|
||||
# -- scalable: tbd
|
||||
umsGuardianAuthorizationApi: 1
|
||||
@@ -85,13 +84,14 @@ replicas:
|
||||
umsKeycloakExtensionsProxy: 1
|
||||
# -- scalable: tbd
|
||||
umsLdapNotifier: 1
|
||||
# -- scalable: false
|
||||
# -- comment: Experimental feature and not supported.
|
||||
# -- scalable: true
|
||||
# -- comment: Please find details on the following `umsLdapServer*` entries in the upstream documentation:
|
||||
# https://docs.software-univention.de/nubus-kubernetes-operation/latest/en/configuration/ldap.html#directory-service-high-availability-and-scalability
|
||||
umsLdapServerPrimary: 1
|
||||
# -- scalable: true
|
||||
umsLdapServerSecondary: 1
|
||||
umsLdapServerSecondary: 0
|
||||
# -- scalable: true
|
||||
umsLdapServerProxy: 1
|
||||
umsLdapServerProxy: 0
|
||||
# -- scalable: tbd
|
||||
umsNotificationsApi: 1
|
||||
# -- scalable: true
|
||||
@@ -155,6 +155,10 @@ replicas:
|
||||
# -- scalable: true
|
||||
nextcloudExporter: 1
|
||||
|
||||
# -- component: openDesk Static Files
|
||||
# -- scalable: true
|
||||
opendeskStaticFiles: 1
|
||||
|
||||
# -- component: Project management (OpenProject)
|
||||
# -- scalable: true
|
||||
openprojectWeb: 1
|
||||
@@ -191,4 +195,12 @@ replicas:
|
||||
# -- component: Knowledge management (XWiki)
|
||||
# -- scalable: false
|
||||
xwiki: 1
|
||||
|
||||
# -- component: Note taking (Notes)
|
||||
# -- scalable: true
|
||||
notesBackend: 1
|
||||
# -- scalable: true
|
||||
notesFrontend: 1
|
||||
# -- scalable: true
|
||||
notesYProvider: 1
|
||||
...
|
||||
|
||||
@@ -106,6 +106,27 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "384Mi"
|
||||
notesBackend:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "768Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "512Mi"
|
||||
notesFrontend:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "32Mi"
|
||||
notesYProvider:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "128Mi"
|
||||
opendeskKeycloakBootstrap:
|
||||
limits:
|
||||
cpu: 99
|
||||
@@ -113,6 +134,13 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
opendeskStaticFiles:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "64Mi"
|
||||
requests:
|
||||
cpu: 0.01
|
||||
memory: "16Mi"
|
||||
umsKeycloak:
|
||||
limits:
|
||||
cpu: 99
|
||||
|
||||
@@ -7,22 +7,20 @@ SPDX-License-Identifier: Apache-2.0
|
||||
secrets:
|
||||
oxAppSuite:
|
||||
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
|
||||
migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
|
||||
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
|
||||
cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
|
||||
sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }}
|
||||
shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}
|
||||
hzGroupPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "hz_group_password" | sha1sum | quote }}
|
||||
jolokiaPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "jolokia_password" | sha1sum | quote }}
|
||||
migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
|
||||
oxguardMC: {{ printf "MC%s" (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "oxguardMC" | sha1sum | trunc 20 | b64enc) | quote }}
|
||||
oxguardRC: {{ printf "RC%s" (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "oxguardRC" | sha1sum | trunc 20 | b64enc) | quote }}
|
||||
hzGroupPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "hz_group_password" | sha1sum | quote }}
|
||||
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
|
||||
jolokiaPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "jolokia_password" | sha1sum | quote }}
|
||||
cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
|
||||
shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }}
|
||||
sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryption_key" | sha1sum | quote }}
|
||||
shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }}
|
||||
synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "as_token" | sha1sum | quote }}
|
||||
oxConnector:
|
||||
provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ox-connector" | sha1sum | quote }}
|
||||
nubus:
|
||||
masterpassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }}
|
||||
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
|
||||
ldapSearch:
|
||||
keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }}
|
||||
@@ -59,6 +57,7 @@ secrets:
|
||||
keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}
|
||||
keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
|
||||
matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
|
||||
notesUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notes_user" | sha1sum | quote }}
|
||||
openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}
|
||||
umsNotificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
|
||||
umsGuardianManagementApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "guardianmanagementapi_user" | sha1sum | quote }}
|
||||
@@ -72,6 +71,7 @@ secrets:
|
||||
rootPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "root_password" | sha1sum | quote) }}
|
||||
migrationsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "migrations_user" | sha1sum | quote) }}
|
||||
nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }}
|
||||
notesUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "notes_user" | sha1sum | quote) }}
|
||||
openprojectUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "openproject_user" | sha1sum | quote) }}
|
||||
umsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "ums_user" | sha1sum | quote) }}
|
||||
keycloak:
|
||||
@@ -86,6 +86,7 @@ secrets:
|
||||
xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "xwiki_client_secret" | sha1sum | quote }}
|
||||
as8oidc: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "as8oidc_client_secret" | sha1sum | quote }}
|
||||
guardian: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "guardian_client_secret" | sha1sum | quote }}
|
||||
notes: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "notes_client_secret" | sha1sum | quote }}
|
||||
nextcloud:
|
||||
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "nextcloud_admin_user" | sha1sum | quote }}
|
||||
metricsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "metricsToken" | sha1sum | quote }}
|
||||
@@ -121,4 +122,8 @@ secrets:
|
||||
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-user-verification-service" "password" | sha1sum | quote }}
|
||||
certificates:
|
||||
password: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "certificates" "password" | sha1sum | quote }}
|
||||
notes:
|
||||
djangoSecretKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "notes" "djangoSecretKey" | sha256sum | quote }}
|
||||
superuser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "notes" "superuser" | sha1sum | quote }}
|
||||
collaborationSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "notes" "collaborationSecret" | sha1sum | quote }}
|
||||
...
|
||||
|
||||
@@ -37,7 +37,11 @@ seLinuxOptions:
|
||||
nextcloud: ~
|
||||
nextcloudExporter: ~
|
||||
nextcloudManagement: ~
|
||||
notesBackend: ~
|
||||
notesFrontend: ~
|
||||
notesYProvider: ~
|
||||
opendeskKeycloakBootstrap: ~
|
||||
opendeskStaticFiles: ~
|
||||
openproject: ~
|
||||
openprojectBootstrap: ~
|
||||
openprojectDbInit: ~
|
||||
|
||||
9
helmfile/environments/default/technical.yaml.gotmpl
Normal file
9
helmfile/environments/default/technical.yaml.gotmpl
Normal file
@@ -0,0 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
technical:
|
||||
# Collabora related technical settings
|
||||
collabora:
|
||||
# Defines the value for the start parameter `-o:num_prespawn_children`
|
||||
numPrespawnChildren: 4
|
||||
...
|
||||
@@ -39,47 +39,72 @@ theme:
|
||||
## Define imagery
|
||||
#
|
||||
imagery:
|
||||
# Xwiki
|
||||
faviconSvgB64: {{ readFile "./../../files/theme/favicon.svg" | b64enc | quote }}
|
||||
faviconIcoB64: {{ readFile "./../../files/theme/favicon.ico" | b64enc | quote }}
|
||||
favicon16PngB64: {{ readFile "./../../files/theme/favicon16.png" | b64enc | quote }}
|
||||
favicon144PngB64: {{ readFile "./../../files/theme/favicon144.png" | b64enc | quote }}
|
||||
logoHeaderSvgB64: {{ readFile "./../../files/theme/logoHeader.svg" | b64enc | quote }}
|
||||
|
||||
# Jitsi
|
||||
logoHeaderInvertedSvgB64: {{ readFile "./../../files/theme/logoHeaderInverted.svg" | b64enc | quote }}
|
||||
|
||||
# Portal
|
||||
portalLogoBackgroundSvgB64: {{ readFile "./../../files/theme/empty.svg" | b64enc | quote }}
|
||||
portalWaitingSpinnerSvgB64: {{ readFile "./../../files/theme/portalWaitingSpinner.svg" | b64enc | quote }}
|
||||
chat:
|
||||
faviconIco: {{ readFile "./../../files/theme/chat/favicon.ico" | b64enc | quote }}
|
||||
|
||||
files:
|
||||
faviconIco: {{ readFile "./../../files/theme/files/favicon.ico" | b64enc | quote }}
|
||||
faviconPng: {{ readFile "./../../files/theme/files/favicon.png" | b64enc | quote }}
|
||||
|
||||
login:
|
||||
faviconIco: {{ readFile "./../../files/theme/login/favicon.ico" | b64enc | quote }}
|
||||
backgroundJpg: {{ readFile "./../../files/theme/login/background.jpg" | b64enc | quote }}
|
||||
logoSvg: {{ readFile "./../../files/theme/login/logo.svg" | b64enc | quote }}
|
||||
|
||||
groupware:
|
||||
faviconIco: {{ readFile "./../../files/theme/groupware/favicon.ico" | b64enc | quote }}
|
||||
faviconSvg: {{ readFile "./../../files/theme/groupware/favicon.svg" | b64enc | quote }}
|
||||
|
||||
knowledge:
|
||||
faviconSvg: {{ readFile "./../../files/theme/knowledge/favicon.svg" | b64enc | quote }}
|
||||
faviconPng: {{ readFile "./../../files/theme/knowledge/favicon.png" | b64enc | quote }}
|
||||
|
||||
notes:
|
||||
faviconIco: {{ readFile "./../../files/theme/notes/favicon.ico" | b64enc | quote }}
|
||||
|
||||
portal:
|
||||
faviconIco: {{ readFile "./../../files/theme/portal/favicon.ico" | b64enc | quote }}
|
||||
waitingSpinnerSvg: {{ readFile "./../../files/theme/portal/waiting-spinner.svg" | b64enc }}
|
||||
backgroundSvg: {{ readFile "./../../files/theme/portal/background.svg" | b64enc | quote }}
|
||||
portalTiles:
|
||||
adminAnnouncement: {{ readFile "./../../files/portal-tiles/admin_announcement.svg" | b64enc | quote }}
|
||||
adminContext: {{ readFile "./../../files/portal-tiles/admin_context.svg" | b64enc | quote }}
|
||||
adminFunctionalmailbox: {{ readFile "./../../files/portal-tiles/admin_functionalmailbox.svg" | b64enc | quote }}
|
||||
adminGroup: {{ readFile "./../../files/portal-tiles/admin_group.svg" | b64enc | quote }}
|
||||
adminResource: {{ readFile "./../../files/portal-tiles/admin_resource.svg" | b64enc | quote }}
|
||||
adminUser: {{ readFile "./../../files/portal-tiles/admin_user.svg" | b64enc | quote }}
|
||||
anonymousLogin: {{ readFile "./../../files/portal-tiles/anonymous_login.svg" | b64enc | quote }}
|
||||
dummyCircle: {{ readFile "./../../files/portal-tiles/dummy_circle.svg" | b64enc | quote }}
|
||||
fileshareActivity: {{ readFile "./../../files/portal-tiles/fileshare_activity.svg" | b64enc | quote }}
|
||||
fileshareDirectdocOdp: {{ readFile "./../../files/portal-tiles/fileshare_directdoc_odp.svg" | b64enc | quote }}
|
||||
fileshareDirectdocOds: {{ readFile "./../../files/portal-tiles/fileshare_directdoc_ods.svg" | b64enc | quote }}
|
||||
fileshareDirectdocOdt: {{ readFile "./../../files/portal-tiles/fileshare_directdoc_odt.svg" | b64enc | quote }}
|
||||
fileshareFiles: {{ readFile "./../../files/portal-tiles/fileshare_files.svg" | b64enc | quote }}
|
||||
groupwareCalendar: {{ readFile "./../../files/portal-tiles/groupware_calendar.svg" | b64enc | quote }}
|
||||
groupwareContacts: {{ readFile "./../../files/portal-tiles/groupware_contacts.svg" | b64enc | quote }}
|
||||
groupwareMail: {{ readFile "./../../files/portal-tiles/groupware_mail.svg" | b64enc | quote }}
|
||||
groupwareTasks: {{ readFile "./../../files/portal-tiles/groupware_tasks.svg" | b64enc | quote }}
|
||||
managementKnowledge: {{ readFile "./../../files/portal-tiles/management_knowledge.svg" | b64enc | quote }}
|
||||
managementProject: {{ readFile "./../../files/portal-tiles/management_project.svg" | b64enc | quote }}
|
||||
realtimeCollaboration: {{ readFile "./../../files/portal-tiles/realtime_collaboration.svg" | b64enc | quote }}
|
||||
realtimeVideoconference: {{ readFile "./../../files/portal-tiles/realtime_videoconference.svg" | b64enc | quote }}
|
||||
selfserviceChangepassword: {{ readFile "./../../files/portal-tiles/selfservice_changepassword.svg" | b64enc | quote }}
|
||||
selfserviceEditprofile: {{ readFile "./../../files/portal-tiles/selfservice_editprofile.svg" | b64enc | quote }}
|
||||
selfserviceProtectaccount: {{ readFile "./../../files/portal-tiles/selfservice_protectaccount.svg" | b64enc | quote }}
|
||||
adminAnnouncement: {{ readFile "./../../files/theme/portal-tiles/admin_announcement.svg" | b64enc | quote }}
|
||||
adminContext: {{ readFile "./../../files/theme/portal-tiles/admin_context.svg" | b64enc | quote }}
|
||||
adminFunctionalmailbox: {{ readFile "./../../files/theme/portal-tiles/admin_functionalmailbox.svg" | b64enc | quote }}
|
||||
adminGroup: {{ readFile "./../../files/theme/portal-tiles/admin_group.svg" | b64enc | quote }}
|
||||
adminResource: {{ readFile "./../../files/theme/portal-tiles/admin_resource.svg" | b64enc | quote }}
|
||||
adminUser: {{ readFile "./../../files/theme/portal-tiles/admin_user.svg" | b64enc | quote }}
|
||||
anonymousLogin: {{ readFile "./../../files/theme/portal-tiles/anonymous_login.svg" | b64enc | quote }}
|
||||
dummyCircle: {{ readFile "./../../files/theme/portal-tiles/dummy_circle.svg" | b64enc | quote }}
|
||||
fileshareActivity: {{ readFile "./../../files/theme/portal-tiles/fileshare_activity.svg" | b64enc | quote }}
|
||||
fileshareDirectdocOdp: {{ readFile "./../../files/theme/portal-tiles/fileshare_directdoc_odp.svg" | b64enc | quote }}
|
||||
fileshareDirectdocOds: {{ readFile "./../../files/theme/portal-tiles/fileshare_directdoc_ods.svg" | b64enc | quote }}
|
||||
fileshareDirectdocOdt: {{ readFile "./../../files/theme/portal-tiles/fileshare_directdoc_odt.svg" | b64enc | quote }}
|
||||
fileshareFiles: {{ readFile "./../../files/theme/portal-tiles/fileshare_files.svg" | b64enc | quote }}
|
||||
groupwareCalendar: {{ readFile "./../../files/theme/portal-tiles/groupware_calendar.svg" | b64enc | quote }}
|
||||
groupwareContacts: {{ readFile "./../../files/theme/portal-tiles/groupware_contacts.svg" | b64enc | quote }}
|
||||
groupwareMail: {{ readFile "./../../files/theme/portal-tiles/groupware_mail.svg" | b64enc | quote }}
|
||||
groupwareTasks: {{ readFile "./../../files/theme/portal-tiles/groupware_tasks.svg" | b64enc | quote }}
|
||||
managementKnowledge: {{ readFile "./../../files/theme/portal-tiles/management_knowledge.svg" | b64enc | quote }}
|
||||
managementProject: {{ readFile "./../../files/theme/portal-tiles/management_project.svg" | b64enc | quote }}
|
||||
notes: {{ readFile "./../../files/theme/portal-tiles/misc_notes.svg" | b64enc | quote }}
|
||||
realtimeCollaboration: {{ readFile "./../../files/theme/portal-tiles/realtime_collaboration.svg" | b64enc | quote }}
|
||||
realtimeVideoconference: {{ readFile "./../../files/theme/portal-tiles/realtime_videoconference.svg" | b64enc | quote }}
|
||||
selfserviceChangepassword: {{ readFile "./../../files/theme/portal-tiles/selfservice_changepassword.svg" | b64enc | quote }}
|
||||
selfserviceEditprofile: {{ readFile "./../../files/theme/portal-tiles/selfservice_editprofile.svg" | b64enc | quote }}
|
||||
selfserviceProtectaccount: {{ readFile "./../../files/theme/portal-tiles/selfservice_protectaccount.svg" | b64enc | quote }}
|
||||
|
||||
projects:
|
||||
faviconSvg: {{ readFile "./../../files/theme/projects/favicon.svg" | b64enc | quote }}
|
||||
|
||||
videoconference:
|
||||
faviconSvg: {{ readFile "./../../files/theme/videoconference/favicon.svg" | b64enc | quote }}
|
||||
|
||||
## Where required define complete Stylesheets
|
||||
#
|
||||
styles:
|
||||
portalCss: {{ readFile "./../../files/theme/portalStylesheet.css" | b64enc }}
|
||||
portal:
|
||||
main: {{ readFile "./../../files/theme/portal/stylesheet.css" | b64enc }}
|
||||
...
|
||||
|
||||
BIN
helmfile/files/theme/_dev/red.ico
Normal file
BIN
helmfile/files/theme/_dev/red.ico
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 70 B |
BIN
helmfile/files/theme/_dev/red.png
Normal file
BIN
helmfile/files/theme/_dev/red.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 72 B |
1
helmfile/files/theme/_dev/red.svg
Normal file
1
helmfile/files/theme/_dev/red.svg
Normal file
@@ -0,0 +1 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="1" height="1"><rect width="100%" height="100%" fill="red"/></svg>
|
||||
|
After Width: | Height: | Size: 150 B |
BIN
helmfile/files/theme/chat/favicon.ico
Normal file
BIN
helmfile/files/theme/chat/favicon.ico
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 49 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 66 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2.7 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 513 B |
BIN
helmfile/files/theme/files/favicon.ico
Normal file
BIN
helmfile/files/theme/files/favicon.ico
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 49 KiB |
BIN
helmfile/files/theme/files/favicon.png
Normal file
BIN
helmfile/files/theme/files/favicon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.2 KiB |
BIN
helmfile/files/theme/groupware/favicon.ico
Normal file
BIN
helmfile/files/theme/groupware/favicon.ico
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 49 KiB |
5
helmfile/files/theme/groupware/favicon.svg
Normal file
5
helmfile/files/theme/groupware/favicon.svg
Normal file
@@ -0,0 +1,5 @@
|
||||
<svg width="110" height="110" viewBox="0 0 110 110" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||
<rect width="110" height="110" rx="20" fill="white"/>
|
||||
<path d="M83.0501 33.75H26.8501L54.9501 54.75L83.0501 33.75Z" fill="#571EFA"/>
|
||||
<path d="M54.95 63.65L26.65 42.35V69.15C26.65 73.05 29.85 76.25 33.75 76.25H76.25C80.15 76.25 83.35 73.05 83.35 69.15V42.35C83.35 42.35 55.05 63.65 54.95 63.65Z" fill="#571EFA" fill-opacity="0.7"/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 438 B |
BIN
helmfile/files/theme/knowledge/favicon.png
Normal file
BIN
helmfile/files/theme/knowledge/favicon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.5 KiB |
5
helmfile/files/theme/knowledge/favicon.svg
Normal file
5
helmfile/files/theme/knowledge/favicon.svg
Normal file
@@ -0,0 +1,5 @@
|
||||
<svg width="110" height="110" viewBox="0 0 110 110" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||
<rect width="110" height="110" rx="20" fill="white"/>
|
||||
<path d="M65.65 72.7C65.65 78.6 60.85 83.3 55.05 83.3C49.25 83.3 44.45 78.5 44.45 72.7V69.2H65.75V72.7H65.65Z" fill="#571EFA" fill-opacity="0.7"/>
|
||||
<path d="M55.05 26.7C43.35 26.7 33.75 36.2 33.75 48C33.75 53.5 35.85 58.4 39.25 62.2H70.85C74.25 58.4 76.25 53.5 76.25 48C76.25 36.3 66.75 26.7 54.95 26.7H55.05Z" fill="#571EFA"/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 488 B |
BIN
helmfile/files/theme/login/background.jpg
Normal file
BIN
helmfile/files/theme/login/background.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 100 KiB |
BIN
helmfile/files/theme/login/favicon.ico
Normal file
BIN
helmfile/files/theme/login/favicon.ico
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 49 KiB |
|
Before Width: | Height: | Size: 3.5 KiB After Width: | Height: | Size: 3.5 KiB |
BIN
helmfile/files/theme/notes/favicon.ico
Normal file
BIN
helmfile/files/theme/notes/favicon.ico
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 49 KiB |
|
Before Width: | Height: | Size: 732 B After Width: | Height: | Size: 732 B |
|
Before Width: | Height: | Size: 690 B After Width: | Height: | Size: 690 B |
|
Before Width: | Height: | Size: 615 B After Width: | Height: | Size: 615 B |
|
Before Width: | Height: | Size: 1.2 KiB After Width: | Height: | Size: 1.2 KiB |
|
Before Width: | Height: | Size: 399 B After Width: | Height: | Size: 399 B |
|
Before Width: | Height: | Size: 794 B After Width: | Height: | Size: 794 B |
|
Before Width: | Height: | Size: 707 B After Width: | Height: | Size: 707 B |
|
Before Width: | Height: | Size: 100 B After Width: | Height: | Size: 100 B |
|
Before Width: | Height: | Size: 518 B After Width: | Height: | Size: 518 B |
|
Before Width: | Height: | Size: 546 B After Width: | Height: | Size: 546 B |
|
Before Width: | Height: | Size: 566 B After Width: | Height: | Size: 566 B |
|
Before Width: | Height: | Size: 550 B After Width: | Height: | Size: 550 B |
|
Before Width: | Height: | Size: 501 B After Width: | Height: | Size: 501 B |
|
Before Width: | Height: | Size: 629 B After Width: | Height: | Size: 629 B |
|
Before Width: | Height: | Size: 585 B After Width: | Height: | Size: 585 B |
|
Before Width: | Height: | Size: 478 B After Width: | Height: | Size: 478 B |
|
Before Width: | Height: | Size: 526 B After Width: | Height: | Size: 526 B |
|
Before Width: | Height: | Size: 556 B After Width: | Height: | Size: 556 B |
|
Before Width: | Height: | Size: 565 B After Width: | Height: | Size: 565 B |
16
helmfile/files/theme/portal-tiles/misc_notes.svg
Normal file
16
helmfile/files/theme/portal-tiles/misc_notes.svg
Normal file
@@ -0,0 +1,16 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg id="Ebene_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 127.56 127.56">
|
||||
<defs>
|
||||
<style>
|
||||
.cls-1 {
|
||||
fill: #571efa;
|
||||
}
|
||||
|
||||
.cls-2 {
|
||||
fill: #341291;
|
||||
}
|
||||
</style>
|
||||
</defs>
|
||||
<rect class="cls-2" x="34.09" y="85.12" width="59.53" height="17.01"/>
|
||||
<path class="cls-1" d="M76.61,27.92l6.01,6.01c3.32,3.32,3.32,8.71,0,12.03l-6.39,6.39-24.26,24.26h-18.04v-18.04l24.26-24.26,6.39-6.39c3.32-3.32,8.71-3.32,12.03,0Z"/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 504 B |
|
Before Width: | Height: | Size: 560 B After Width: | Height: | Size: 560 B |
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user