fix(opendesk-static-files): Bump chart version to comply with ingress-nginx security defaults.

docs/enhanced-configuration/groupware-migration.md

@@ -77,7 +77,7 @@ With openDesk 1.0 Enterprise, you can set openDesk's email components (OX AppSui
 ```
 secrets:
   oxAppSuite:
-    adminPassword: "your_temporary_master_password"
+    migrationsMasterPassword: "your_temporary_master_password"
 functional:
   migration:
     oxAppSuite:
@@ -89,7 +89,7 @@ functional:
 
 To validate the master authentication mode please read the appendix section at the end of the document.
 
-Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppSuite.adminPassword` and need to turn off the migration mode by setting `functional.migration.oxAppSuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again.
+Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppSuite.migrationsMasterPassword` and need to turn off the migration mode by setting `functional.migration.oxAppSuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again.
 
 > **Note**<br>
 > For the changes to take effect, it is sufficient to re-deploy the `open-xchange` component alone. But you have to restart the Dovecot Pod(s) manually when switching to/from the master authentication mode for the changes to take effect.

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -37,7 +37,7 @@ global:
   systemExtensions:
     - name: "ox"
       image:
-        registry: {{ .Values.images.nubusOxExtension.registry | quote }}
+        registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOxExtension.registry | quote }}
         repository: {{ .Values.images.nubusOxExtension.repository }}
         tag: {{ .Values.images.nubusOxExtension.tag }}
     - name: "opendesk"

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -240,9 +240,35 @@ appsuite:
               open-xchange-admin-soap: "enabled"
               open-xchange-admin-soap-usercopy: "enabled"
               open-xchange-admin-user-copy: "enabled"
-    {{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
+      {{- if .Values.functional.migration.oxAppSuite.enabled }}
+      migration:
+        values:
+          packages:
+            status:
+              open-xchange-oidc: "disabled"
+              open-xchange-authentication-masterpassword: "enabled"
+          properties:
+            com.openexchange.calendar.allowOrganizerPartStatChanges: "true"
+          propertiesFiles:
+            /opt/open-xchange/etc/masterpassword-authentication.properties:
+              com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
+        services:
+          - type: ClusterIP
+            ports:
+              - port: 80
+                targetPort: http
+                protocol: TCP
+                name: http
+      {{- end }}
     scaling:
       nodes:
+        {{- if .Values.functional.migration.oxAppSuite.enabled }}
+        migration:
+          replicas: 1
+          roles:
+            - "migration"
+        {{- end }}
+        {{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
         groupware:
           replicas: {{ .Values.replicas.openxchangeCoreMW }}
           roles:
@@ -254,7 +280,16 @@ appsuite:
           replicas: 1
           roles:
             - "admin"
-    {{- end }}
+        {{- else }}
+        groupware:
+          replicas: {{ .Values.replicas.openxchangeCoreMW }}
+          roles:
+            - "http-api"
+            - "sync"
+            - "businessmobility"
+            - "request-analyzer"
+            - "admin"
+        {{- end }}
     masterAdmin: "admin"
     masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
     hzGroupName: "hzgroup"
@@ -319,13 +354,8 @@ appsuite:
           chown open-xchange:open-xchange /opt/open-xchange/guard-files
     packages:
       status:
-        {{- if .Values.functional.migration.oxAppSuite.enabled }}
-        open-xchange-oidc: "disabled"
-        open-xchange-authentication-masterpassword: "enabled"
-        {{- else }}
         open-xchange-oidc: "enabled"
         open-xchange-authentication-masterpassword: "disabled"
-        {{- end }}
         open-xchange-authentication-oauth: "disabled"
         open-xchange-authentication-database: "disabled"
         open-xchange-authentication-ldap: "disabled"
@@ -502,10 +532,6 @@ appsuite:
       com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey | quote }}
       com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
     propertiesFiles:
-      {{- if .Values.functional.migration.oxAppSuite.enabled }}
-      /opt/open-xchange/etc/masterpassword-authentication.properties:
-        com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
-      {{- end }}
       /opt/open-xchange/etc/AdminDaemon.properties:
         MASTER_ACCOUNT_OVERRIDE: "true"
       /opt/open-xchange/etc/AdminUser.properties:

helmfile/environments/default/charts.yaml.gotmpl

@@ -119,7 +119,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-well-known"
-    version: "6.1.3"
+    version: "6.1.4"
     verify: true
   home:
     # providerCategory: "Platform"
@@ -129,7 +129,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-home"
     name: "opendesk-home"
-    version: "1.0.2"
+    version: "1.1.0"
     verify: true
   intercomService:
     # providerCategory: "Supplier"
@@ -353,7 +353,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files"
     name: "opendesk-static-files"
-    version: "4.0.1"
+    version: "4.0.2"
     verify: true
   openproject:
     # providerCategory: "Supplier"

helmfile/environments/default/images.yaml.gotmpl

@@ -576,9 +576,9 @@ images:
     # upstreamRepository: "nubus/images/ox-extension"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "10", "0"]
-    registry: "artifacts.software-univention.de"
+    registry: "registry.opencode.de"
-    repository: "nubus-dev/images/ox-extension"
+    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
-    tag: "0.27.3-pre-jtorres-remove-non-functional-manager@sha256:a4b98ff043d655976049a9de5a930998f0cb44ea27f3520ced69e5d48c352224"
+    tag: "0.27.2@sha256:7bb54f5ae0e797172fb92bd7a8a479f179ebd51c1fb5af98fa7b6025f9ffaca4"
   nubusPortalConsumer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"