mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
16 Commits
ntretkowsk
...
lender/fea
| Author | SHA1 | Date | |
|---|---|---|---|
|
2e61a69906 | ||
|
|
2f1edf63c1 | ||
|
|
2e0dbe51f9 | ||
|
|
ffc751fb87 | ||
|
|
2d4723c691 | ||
|
|
fbd62b139c | ||
|
|
d9e7ccfd78 | ||
|
|
18ed0f9b3b | ||
|
|
ff36497005 | ||
|
|
eda7193aba | ||
|
|
18454dd445 | ||
|
|
9ea17a67bd | ||
|
|
380ccef179 | ||
|
|
d603f7cc96 | ||
|
|
a8696f2ff3 | ||
|
|
f9278912d2 |
@@ -395,6 +395,7 @@ env-cleanup:
|
|||||||
when: "on_success"
|
when: "on_success"
|
||||||
script:
|
script:
|
||||||
- |
|
- |
|
||||||
|
echo "Cleaning up ${NAMESPACE}"
|
||||||
if [ "${OPENDESK_SLEDGEHAMMER_DESTROY_ENABLED}" = "yes" ]; then
|
if [ "${OPENDESK_SLEDGEHAMMER_DESTROY_ENABLED}" = "yes" ]; then
|
||||||
for OPENDESK_RELEASE in $(helm ls -n ${NAMESPACE} -aq); do
|
for OPENDESK_RELEASE in $(helm ls -n ${NAMESPACE} -aq); do
|
||||||
helm uninstall -n ${NAMESPACE} ${OPENDESK_RELEASE};
|
helm uninstall -n ${NAMESPACE} ${OPENDESK_RELEASE};
|
||||||
|
|||||||
@@ -38,12 +38,12 @@ openDesk currently features the following functional main components:
|
|||||||
| Collaborative notes | Notes (aka Docs) | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1) | Online documentation/welcome document available in installed application |
|
| Collaborative notes | Notes (aka Docs) | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1) | Online documentation/welcome document available in installed application |
|
||||||
| Diagram editor | CryptPad ft. diagrams.net | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
| Diagram editor | CryptPad ft. diagrams.net | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||||
| File management | Nextcloud | [30.0.10](https://nextcloud.com/de/changelog/#30-0-10) | [Nextcloud 30](https://docs.nextcloud.com/) |
|
| File management | Nextcloud | [30.0.10](https://nextcloud.com/de/changelog/#30-0-10) | [Nextcloud 30](https://docs.nextcloud.com/) |
|
||||||
| Groupware | OX App Suite | [8.37](https://documentation.open-xchange.com/appsuite/releases/8.37/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
| Groupware | OX App Suite | [8.38](https://documentation.open-xchange.com/appsuite/releases/8.38/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||||
| Knowledge management | XWiki | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
| Knowledge management | XWiki | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||||
| Portal & IAM | Nubus | [1.9.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-9-1-2025-05-07) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
| Portal & IAM | Nubus | [1.11.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-11-1-2025-07-02) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||||
| Project management | OpenProject | [16.0.1](https://www.openproject.org/docs/release-notes/16-0-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
| Project management | OpenProject | [16.1.1](https://www.openproject.org/docs/release-notes/16-1-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||||
| Videoconferencing | Jitsi | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
| Videoconferencing | Jitsi | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||||
| Weboffice | Collabora | [24.04.13](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
| Weboffice | Collabora | [25.04.2](https://www.collaboraoffice.com/code-25-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||||
|
|
||||||
While not all components are perfectly designed for the execution inside containers, one of the project's objectives is to
|
While not all components are perfectly designed for the execution inside containers, one of the project's objectives is to
|
||||||
align the applications with best practices regarding container design and operations.
|
align the applications with best practices regarding container design and operations.
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ Intercom-Service,Redis,1
|
|||||||
|
|
||||||
Jitsi,PersistentVolume,1
|
Jitsi,PersistentVolume,1
|
||||||
|
|
||||||
Nextcloud,MariaDB,1
|
Nextcloud,PostgreSQL,1
|
||||||
Nextcloud,S3,1
|
Nextcloud,S3,1
|
||||||
Nextcloud,Redis,1
|
Nextcloud,Redis,1
|
||||||
|
|
||||||
@@ -60,14 +60,14 @@ Open-Xchange,Redis,1
|
|||||||
|
|
||||||
Postfix,PersistentVolume,1
|
Postfix,PersistentVolume,1
|
||||||
|
|
||||||
XWiki,MariaDB,1
|
XWiki,PostgreSQL,1
|
||||||
XWiki,PersistentVolume,1
|
XWiki,PersistentVolume,1
|
||||||
```
|
```
|
||||||
|
|
||||||
# Details
|
# Details
|
||||||
|
|
||||||
| Application | Data Storage | Backup | Content | Identifier | Details |
|
| Application | Data Storage | Backup | Content | Identifier | Details |
|
||||||
| -------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------- | ----------------------------------------------------- |
|
|----------------------|--------------|----------|--------------------------------------------------------------------------------------------|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
|
||||||
| **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` |
|
| **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` |
|
||||||
| **Dovecot** | PVC | Yes | User mail directories (openDesk CE only, openDesk EE uses Dovecot Pro with Object Storage) | `dovecot` | `/srv/mail` |
|
| **Dovecot** | PVC | Yes | User mail directories (openDesk CE only, openDesk EE uses Dovecot Pro with Object Storage) | `dovecot` | `/srv/mail` |
|
||||||
| **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | |
|
| **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | |
|
||||||
@@ -75,7 +75,7 @@ XWiki,PersistentVolume,1
|
|||||||
| | | Yes | Sync and state data | `matrix-neodatefix-bot` | `/app/storage` |
|
| | | Yes | Sync and state data | `matrix-neodatefix-bot` | `/app/storage` |
|
||||||
| **Intercom-Service** | Redis | No | Shared session data | | |
|
| **Intercom-Service** | Redis | No | Shared session data | | |
|
||||||
| **Jitsi** | PVC | Optional | Meeting recordings (feature not enabled in openDesk) | `prosody-data-jitsi-prosody-0` | `/config/data` |
|
| **Jitsi** | PVC | Optional | Meeting recordings (feature not enabled in openDesk) | `prosody-data-jitsi-prosody-0` | `/config/data` |
|
||||||
| **Nextcloud** | MariaDB | Yes | Application's main database Meta-Data | `nextcloud` | |
|
| **Nextcloud** | PostgreSQL | Yes | Application's main database Meta-Data | `nextcloud` | |
|
||||||
| | S3 | Yes | The Nextcloud managed user files | `nextcloud` | |
|
| | S3 | Yes | The Nextcloud managed user files | `nextcloud` | |
|
||||||
| | Redis | No | Distributed caching, as well as transactional file locking | | |
|
| | Redis | No | Distributed caching, as well as transactional file locking | | |
|
||||||
| **Nubus** | PostgreSQL | Yes | Main database for Nubus' IdP Keycloak | `keycloak` | |
|
| **Nubus** | PostgreSQL | Yes | Main database for Nubus' IdP Keycloak | `keycloak` | |
|
||||||
@@ -88,7 +88,7 @@ XWiki,PersistentVolume,1
|
|||||||
| | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` |
|
| | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` |
|
||||||
| | | No | openLDAP database (secondary R/O Pods), secondaries can sync from the primary | `shared-data-ums-ldap-server-secondary-0` | `/var/lib/univention-ldap` |
|
| | | No | openLDAP database (secondary R/O Pods), secondaries can sync from the primary | `shared-data-ums-ldap-server-secondary-0` | `/var/lib/univention-ldap` |
|
||||||
| | | No | openLDAP process data | `shared-run-ums-ldap-server-secondary-0` | `/var/run/slapd` |
|
| | | No | openLDAP process data | `shared-run-ums-ldap-server-secondary-0` | `/var/run/slapd` |
|
||||||
| | | Yes | The state of the listener | `data-ums-provisioning-listener-0` | `/var/log/univention` and two others |
|
| | | Yes | The state of the listener | `data-ums-provisioning-udm-listener-0` | `/var/log/univention`<br>`/var/lib/univention-ldap/schema/id`<br>`/var/lib/univention-directory-listener` |
|
||||||
| | | No | Cache | `group-membership-cache-ums-portal-consumer-0` | `/usr/share/univention-group-membership-cache/caches` |
|
| | | No | Cache | `group-membership-cache-ums-portal-consumer-0` | `/usr/share/univention-group-membership-cache/caches` |
|
||||||
| | | Yes | Queued provisioning objects | `nats-data-ums-provisioning-nats-0` | `/data` |
|
| | | Yes | Queued provisioning objects | `nats-data-ums-provisioning-nats-0` | `/data` |
|
||||||
| | Memcached | No | Cache for UMC Server | | |
|
| | Memcached | No | Cache for UMC Server | | |
|
||||||
@@ -104,7 +104,7 @@ XWiki,PersistentVolume,1
|
|||||||
| | PVC | Yes | OX-Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
|
| | PVC | Yes | OX-Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||||
| | | Yes | OX-Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
| | | Yes | OX-Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
||||||
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
|
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
|
||||||
| **XWiki** | Database | Yes | Application's main database | `xwiki` | |
|
| **XWiki** | PostgreSQL | Yes | Application's main database | `xwiki` | |
|
||||||
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
|
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
|
||||||
|
|
||||||
Additionally, the following persistent volumes are mounted by pods that serve as a data storage for the applications mentioned above.
|
Additionally, the following persistent volumes are mounted by pods that serve as a data storage for the applications mentioned above.
|
||||||
|
|||||||
@@ -9,6 +9,14 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
* [Disclaimer](#disclaimer)
|
* [Disclaimer](#disclaimer)
|
||||||
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
|
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
|
||||||
* [Manual checks/actions](#manual-checksactions)
|
* [Manual checks/actions](#manual-checksactions)
|
||||||
|
* [v1.6.0+](#v160)
|
||||||
|
* [Pre-upgrade to v1.6.0+](#pre-upgrade-to-v160)
|
||||||
|
* [Upstream contraint: Nubus' external secrets](#upstream-contraint-nubus-external-secrets)
|
||||||
|
* [Helmfile new secret: `secrets.minio.openxchangeUser`](#helmfile-new-secret-secretsminioopenxchangeuser)
|
||||||
|
* [Helmfile new object storage: `objectstores.openxchange.*`](#helmfile-new-object-storage-objectstoresopenxchange)
|
||||||
|
* [OX App Suite fix-up: Using S3 as storage for non mail attachments (pre-upgrade)](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-pre-upgrade)
|
||||||
|
* [Post-upgrade to v1.6.0+](#post-upgrade-to-v160)
|
||||||
|
* [OX App Suite fix-up: Using S3 as storage for non mail attachments (post-upgrade)](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-post-upgrade)
|
||||||
* [v1.4.0+](#v140)
|
* [v1.4.0+](#v140)
|
||||||
* [Pre-upgrade to v1.4.0+](#pre-upgrade-to-v140)
|
* [Pre-upgrade to v1.4.0+](#pre-upgrade-to-v140)
|
||||||
* [Helmfile new feature: `functional.authentication.ssoFederation`](#helmfile-new-feature-functionalauthenticationssofederation)
|
* [Helmfile new feature: `functional.authentication.ssoFederation`](#helmfile-new-feature-functionalauthenticationssofederation)
|
||||||
@@ -49,15 +57,12 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
* [Post-upgrade to v1.0.0+](#post-upgrade-to-v100)
|
* [Post-upgrade to v1.0.0+](#post-upgrade-to-v100)
|
||||||
* [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
|
* [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
|
||||||
* [Optional Cleanup](#optional-cleanup)
|
* [Optional Cleanup](#optional-cleanup)
|
||||||
* [v0.9.0](#v090)
|
|
||||||
* [Pre-upgrade to v0.9.0](#pre-upgrade-to-v090)
|
|
||||||
* [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
|
|
||||||
* [Updated customizable template attributes](#updated-customizable-template-attributes)
|
|
||||||
* [`migrations` S3 bucket](#migrations-s3-bucket)
|
|
||||||
* [Automated migrations - Details](#automated-migrations---details)
|
* [Automated migrations - Details](#automated-migrations---details)
|
||||||
|
* [v1.6.0+ (automated)](#v160-automated)
|
||||||
|
* [v1.6.0+ migrations-post](#v160-migrations-post)
|
||||||
* [v1.2.0+ (automated)](#v120-automated)
|
* [v1.2.0+ (automated)](#v120-automated)
|
||||||
* [migrations-pre](#migrations-pre)
|
* [v1.2.0+ migrations-pre](#v120-migrations-pre)
|
||||||
* [migrations-post](#migrations-post)
|
* [v1.2.0+ migrations-post](#v120-migrations-post)
|
||||||
* [v1.1.0+ (automated)](#v110-automated)
|
* [v1.1.0+ (automated)](#v110-automated)
|
||||||
* [v1.0.0+ (automated)](#v100-automated)
|
* [v1.0.0+ (automated)](#v100-automated)
|
||||||
* [Related components and artifacts](#related-components-and-artifacts)
|
* [Related components and artifacts](#related-components-and-artifacts)
|
||||||
@@ -88,7 +93,8 @@ To upgrade existing deployments, you cannot skip any version mentioned in the co
|
|||||||
|
|
||||||
| Mandatory version |
|
| Mandatory version |
|
||||||
| ----------------- |
|
| ----------------- |
|
||||||
<!--| v1.2+ | add the entry to the table as soon as we get new migration requiring the set version (range) to be deployed first -->
|
<!-- | 1.x.x | add the entry to the table as soon as we get new migration requiring that the former migration was executed -->
|
||||||
|
| v1.5.0 |
|
||||||
| v1.1.x |
|
| v1.1.x |
|
||||||
| v1.0.0 |
|
| v1.0.0 |
|
||||||
| v0.9.0 |
|
| v0.9.0 |
|
||||||
@@ -101,6 +107,102 @@ If you would like more details about the automated migrations, please read secti
|
|||||||
|
|
||||||
# Manual checks/actions
|
# Manual checks/actions
|
||||||
|
|
||||||
|
## v1.6.0+
|
||||||
|
|
||||||
|
### Pre-upgrade to v1.6.0+
|
||||||
|
|
||||||
|
#### Upstream contraint: Nubus' external secrets
|
||||||
|
|
||||||
|
**Target group:** Operators that use external secrets for Nubus.
|
||||||
|
|
||||||
|
> **Note**<br>
|
||||||
|
> External Secrets are not yet a supported feature. We are working on making it available in 2025, though it is possible to make use of the support for external secrets within single applications using the openDesk [customization](../helmfile/environments/default/customization.yaml.gotmpl) options.
|
||||||
|
|
||||||
|
Please ensure you read the [Nubus 1.10.0 "Migration steps" section](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/changelog.html#v1-10-0-migration-steps) with focus on the paragraph "Operators that make use of the following UDM Listener secrets variables" and act accordingly.
|
||||||
|
|
||||||
|
#### Helmfile new secret: `secrets.minio.openxchangeUser`
|
||||||
|
|
||||||
|
**Target group:** All existing deployments that have OX App Suite enabled and that use externally defined secrets in combination with openDesk provided MinIO object storage.
|
||||||
|
|
||||||
|
For OX App Suite to access the object storage a new secret has been introduced.
|
||||||
|
|
||||||
|
It is declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) by the key: `secrets.minio.openxchangeUser`. If you define your own secrets, please ensure that you provide a value for this secret as well, otherwise the aforementioned secret will be derived from the `MASTER_PASSWORD`.
|
||||||
|
|
||||||
|
#### Helmfile new object storage: `objectstores.openxchange.*`
|
||||||
|
|
||||||
|
**Target group:** All deployments that use an external object storage.
|
||||||
|
|
||||||
|
For OX App Suite's newly introduced filestore you have to configure a new object storage (bucket). When you are using
|
||||||
|
an external object storage you did this already for all the entries in
|
||||||
|
[`objectstores.yaml.gotmpl`](../helmfile/environments/default/objectstores.yaml.gotmpl). Where we now introduced
|
||||||
|
`objectstores.openxchange` section that you also need to provide you external configuration for.
|
||||||
|
|
||||||
|
#### OX App Suite fix-up: Using S3 as storage for non mail attachments (pre-upgrade)
|
||||||
|
|
||||||
|
**Target group:** All existing deployments that have OX App Suite enabled.
|
||||||
|
|
||||||
|
With openDesk 1.6.0 OX App Suite persists the attachments on contact, calendar or task objects in object storage.
|
||||||
|
|
||||||
|
To enable the use of this new filestore backend existing deployments must execute the following steps.
|
||||||
|
|
||||||
|
Preparation:
|
||||||
|
- Ensure your `kubeconfig` is pointing to the cluster that is running your deployment.
|
||||||
|
- Identify/create a e.g. local temporary directory that can keep the attachments while upgrading openDesk.
|
||||||
|
- Set some environment variables to prepare running the documented commands:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
export ATTACHMENT_TEMP_DIR=<your_temporary_directory_for_the_attachments>
|
||||||
|
export NAMESPACE=<your_namespace>
|
||||||
|
```
|
||||||
|
|
||||||
|
1. Copy the existing attachments from all `open-xchange-core-mw-default-*` Pods to the identified directory, example for `open-xchange-core-mw-default-0`:
|
||||||
|
```shell
|
||||||
|
kubectl cp -n ${NAMESPACE} open-xchange-core-mw-default-0:/opt/open-xchange/ox-filestore ${ATTACHMENT_TEMP_DIR}
|
||||||
|
```
|
||||||
|
2. Run the upgrade.
|
||||||
|
3. Continue with the [related post-upgrade steps](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-post-upgrade)
|
||||||
|
|
||||||
|
### Post-upgrade to v1.6.0+
|
||||||
|
|
||||||
|
#### OX App Suite fix-up: Using S3 as storage for non mail attachments (post-upgrade)
|
||||||
|
|
||||||
|
**Target group:** All existing deployments having OX App Suite enabled.
|
||||||
|
|
||||||
|
Continued from the [related pre-upgrade section](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-pre-upgrade).
|
||||||
|
|
||||||
|
1. Copy the attachments back from your temporary directory into `open-xchange-core-mw-default-0`.
|
||||||
|
```shell
|
||||||
|
kubectl cp -n ${NAMESPACE} ${ATTACHMENT_TEMP_DIR}/* open-xchange-core-mw-default-0:/opt/open-xchange/ox-filestore
|
||||||
|
```
|
||||||
|
2. Ideally you verify the files have been copied as expected checking the target directory in the `open-xchange-core-mw-default-0` Pod. All the following commands are for execution within the aforementioned Pod.
|
||||||
|
3. Get the `id` of the new object storage based OX filestore, using the following command in the first line of the following block. In the shown example output the `id` for the new filestore would be `10` as the filestore can be identified by its path value `s3://ox-filestore-s3`, the `id` of the existing filestore would be `3` identified by the corresponding path `/opt/open-xchange/ox-filestore`:
|
||||||
|
```shell
|
||||||
|
/opt/open-xchange/sbin/listfilestore -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW
|
||||||
|
id path size reserved used max-entities cur-entities
|
||||||
|
3 /opt/open-xchange/ox-filestore 100000 200 5 5000 1
|
||||||
|
10 s3://ox-filestore-s3 100000 0 0 5000 0
|
||||||
|
```
|
||||||
|
4. Get the list of your OX contexts IDs (`cid` column in the output of the `listcontext` command), as the next step needs to be executed per OX context. Most installation will just have a single OX context (`1`).
|
||||||
|
```shell
|
||||||
|
/opt/open-xchange/sbin/listcontext -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW
|
||||||
|
cid fid fname enabled qmax qused name lmappings
|
||||||
|
1 3 1_ctx_store true 5 1 1,context1
|
||||||
|
```
|
||||||
|
5. For each of your OX contexts IDs run the final filestore migration command and you will get output like this: `context 1 to filestore 10 scheduled as job 1`:
|
||||||
|
```shell
|
||||||
|
/opt/open-xchange/sbin/movecontextfilestore -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW -f <your_s3_filestore_id_from_step_3> -c <your_context_id_from_step_4>
|
||||||
|
```
|
||||||
|
6. Depending on the size of your filestore, moving the contexts will take some time. You can check the status of a context's jobs with the command below. When the job status is `Done` you can also doublecheck that everything worked as expected by running the `listfilestore` command from step #3 and should see that the filestore is no longer used.
|
||||||
|
```shell
|
||||||
|
/opt/open-xchange/sbin/jobcontrol -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW -c <your_context_id_from_step_4> -l
|
||||||
|
ID Type of Job Status Further Information
|
||||||
|
1 movefilestore Done move context 1 to filestore 10
|
||||||
|
```
|
||||||
|
7. Finally you can unregister the old filestore:
|
||||||
|
```shell
|
||||||
|
/opt/open-xchange/sbin/unregisterfilestore -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW -i <your_old_filestore_id_from_step_3>
|
||||||
|
```
|
||||||
|
|
||||||
## v1.4.0+
|
## v1.4.0+
|
||||||
|
|
||||||
### Pre-upgrade to v1.4.0+
|
### Pre-upgrade to v1.4.0+
|
||||||
@@ -280,7 +382,7 @@ persistence:
|
|||||||
|
|
||||||
#### Helmfile new secret: `secrets.nubus.masterpassword`
|
#### Helmfile new secret: `secrets.nubus.masterpassword`
|
||||||
|
|
||||||
A not yet templated secret was discovered in the Nubus deployment. It is now declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) and can be defined using: `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the same value as the `MASTER_PASSWORD` environment variable used in your deployment.
|
A not yet templated secret was discovered in the Nubus deployment. It is now declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) and can be defined using: `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the same value as the `MASTER_PASSWORD` environment variable used in your deployment.
|
||||||
|
|
||||||
## v1.1.0+
|
## v1.1.0+
|
||||||
|
|
||||||
@@ -687,42 +789,31 @@ kubectl -n ${NAMESPACE} delete pvc shared-run-ums-ldap-server-0
|
|||||||
kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
||||||
```
|
```
|
||||||
|
|
||||||
## v0.9.0
|
|
||||||
|
|
||||||
### Pre-upgrade to v0.9.0
|
|
||||||
|
|
||||||
#### Updated `cluster.networking.cidr`
|
|
||||||
|
|
||||||
- Action: `cluster.networking.cidr` is now an array (was a string until v0.8.1); please update your setup accordingly if you explicitly set this value.
|
|
||||||
- Reference:[cluster.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/cluster.yaml)
|
|
||||||
|
|
||||||
#### Updated customizable template attributes
|
|
||||||
|
|
||||||
- Action: Please update your custom deployment values according to the updated default value structure.
|
|
||||||
- References:
|
|
||||||
- `functional.` prefix for `authentication.*`, `externalServices.*`, `admin.*` and `filestore.*`, see [functional.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/functional.yaml).
|
|
||||||
- `debug.` prefix for `cleanup.*`, see [debug.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/debug.yaml).
|
|
||||||
- `monitoring.` prefix for `prometheus.*` and `grafana.*`, see [monitoring.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/monitoring.yaml).
|
|
||||||
- `smtp.` prefix for `localpartNoReply`, see [smtp.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/smtp.yaml).
|
|
||||||
|
|
||||||
#### `migrations` S3 bucket
|
|
||||||
|
|
||||||
- Action: For self-managed/external S3/object storages, please create a bucket called `migrations` using your S3 endpoint.
|
|
||||||
- Reference: `objectstores.migrations` in [objectstores.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/objectstores.yaml)
|
|
||||||
|
|
||||||
# Automated migrations - Details
|
# Automated migrations - Details
|
||||||
|
|
||||||
|
## v1.6.0+ (automated)
|
||||||
|
|
||||||
|
> **Note**<br>
|
||||||
|
> Details can be found in [run_5.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_5.py).
|
||||||
|
|
||||||
|
### v1.6.0+ migrations-post
|
||||||
|
|
||||||
|
Restarting the StatefulSets `ums-provisioning-nats` and `ox-connector` due to a workaround applied on the NATS secrets, see the "Notes" segment of the ["Password seed" heading in getting-started.md](./docs/getting-started.md#password-seed)
|
||||||
|
|
||||||
|
> **Note**<br>
|
||||||
|
> This change aims to prevent authentication failures with NATS in some Pods, which can lead to errors such as: `wait-for-nats Unavailable, waiting 2 seconds. Error: nats: 'Authorization Violation'`.
|
||||||
|
|
||||||
## v1.2.0+ (automated)
|
## v1.2.0+ (automated)
|
||||||
|
|
||||||
> **Note**<br>
|
> **Note**<br>
|
||||||
> Details can be found in [run_4.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_4.py).
|
> Details can be found in [run_4.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_4.py).
|
||||||
|
|
||||||
### migrations-pre
|
### v1.2.0+ migrations-pre
|
||||||
|
|
||||||
- Delete PVC `group-membership-cache-ums-portal-consumer-0`: With the upgrade the Nubus Portal Consumer no longer requires to be executed with root privileges. The PVC contains files that require root permission to access them, therefore the PVC gets deleted (and re-created) during the upgrade.
|
- Delete PVC `group-membership-cache-ums-portal-consumer-0`: With the upgrade the Nubus Portal Consumer no longer requires to be executed with root privileges. The PVC contains files that require root permission to access them, therefore the PVC gets deleted (and re-created) during the upgrade.
|
||||||
- Delete StatefulSet `ums-portal-consumer`: A bug was fixed in the templating of the Portal Consumer's PVC causing the values in `persistence.storages.nubusPortalConsumer.*` to be ignored. As these values are immutable, we had to delete the whole StatefulSet.
|
- Delete StatefulSet `ums-portal-consumer`: A bug was fixed in the templating of the Portal Consumer's PVC causing the values in `persistence.storages.nubusPortalConsumer.*` to be ignored. As these values are immutable, we had to delete the whole StatefulSet.
|
||||||
|
|
||||||
### migrations-post
|
### v1.2.0+ migrations-post
|
||||||
|
|
||||||
- Restarting Deployment `ums-provisioning-udm-transformer` and StatefulSet `ums-provisioning-udm-listener` as well as deleting the Nubus Provisioning consumer `durable_name:incoming` on stream `stream:incoming`: Due to a bug in Nubus 1.7.0 the `incoming` stream was blocked after the upgrade, the aforementioned measures unblock the stream.
|
- Restarting Deployment `ums-provisioning-udm-transformer` and StatefulSet `ums-provisioning-udm-listener` as well as deleting the Nubus Provisioning consumer `durable_name:incoming` on stream `stream:incoming`: Due to a bug in Nubus 1.7.0 the `incoming` stream was blocked after the upgrade, the aforementioned measures unblock the stream.
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{{/*
|
{{/*
|
||||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
*/}}
|
*/}}
|
||||||
@@ -28,8 +28,14 @@ configuration:
|
|||||||
enabled: true
|
enabled: true
|
||||||
username:
|
username:
|
||||||
value: "nextcloud"
|
value: "nextcloud"
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.nextcloud.adminUsername.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.nextcloud.adminUsername.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.nextcloud.adminPassword.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.nextcloud.adminPassword.key | quote }}
|
||||||
|
|
||||||
antivirus:
|
antivirus:
|
||||||
{{- if .Values.antivirus.icap.host }}
|
{{- if .Values.antivirus.icap.host }}
|
||||||
@@ -49,8 +55,14 @@ configuration:
|
|||||||
enabled: true
|
enabled: true
|
||||||
username:
|
username:
|
||||||
value: {{ .Values.cache.nextcloud.username }}
|
value: {{ .Values.cache.nextcloud.username }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.cache.nextcloudUsername.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.cache.nextcloudUsername.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.cache.nextcloudPassword.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.cache.nextcloudPassword.key | quote }}
|
||||||
host: {{ .Values.cache.nextcloud.host | quote }}
|
host: {{ .Values.cache.nextcloud.host | quote }}
|
||||||
port: {{ .Values.cache.nextcloud.port | quote }}
|
port: {{ .Values.cache.nextcloud.port | quote }}
|
||||||
tls: {{ .Values.cache.nextcloud.tls }}
|
tls: {{ .Values.cache.nextcloud.tls }}
|
||||||
@@ -94,8 +106,14 @@ configuration:
|
|||||||
password:
|
password:
|
||||||
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.mariadb.nextcloudUser.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.mariadb.nextcloudUser.key | quote }}
|
||||||
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
|
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.postgresql.nextcloudUser.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.postgresql.nextcloudUser.key | quote }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
value: {{ .Values.databases.nextcloud.password | quote }}
|
value: {{ .Values.databases.nextcloud.password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@@ -104,14 +122,23 @@ configuration:
|
|||||||
host: {{ .Values.ldap.host | quote }}
|
host: {{ .Values.ldap.host | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
|
value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.nubus.ldapSearch.nextcloud.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.nubus.ldapSearch.nextcloud.key | quote }}
|
||||||
adminGroupName: "managed-by-attribute-FileshareAdmin"
|
adminGroupName: "managed-by-attribute-FileshareAdmin"
|
||||||
|
|
||||||
objectstore:
|
objectstore:
|
||||||
auth:
|
auth:
|
||||||
accessKey:
|
accessKey:
|
||||||
value: {{ .Values.objectstores.nextcloud.username | quote }}
|
value: {{ .Values.objectstores.nextcloud.username | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.objectstores.nextcloudAccessKey.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.objectstores.nextcloudAccessKey.key | quote }}
|
||||||
secretKey:
|
secretKey:
|
||||||
value: {{ .Values.objectstores.nextcloud.secretKey | default .Values.secrets.minio.nextcloudUser | quote }}
|
value: {{ .Values.objectstores.nextcloud.secretKey | default .Values.secrets.minio.nextcloudUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.objectstores.nextcloudSecretKey.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.objectstores.nextcloudSecretKey.key | quote }}
|
||||||
bucket: {{ .Values.objectstores.nextcloud.bucket | quote }}
|
bucket: {{ .Values.objectstores.nextcloud.bucket | quote }}
|
||||||
host: {{ .Values.objectstores.nextcloud.endpoint | quote }}
|
host: {{ .Values.objectstores.nextcloud.endpoint | quote }}
|
||||||
region: {{ .Values.objectstores.nextcloud.region | quote }}
|
region: {{ .Values.objectstores.nextcloud.region | quote }}
|
||||||
@@ -125,6 +152,9 @@ configuration:
|
|||||||
value: "opendesk-nextcloud"
|
value: "opendesk-nextcloud"
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.keycloak.clientSecretNcoidc.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.keycloak.clientSecretNcoidc.key | quote }}
|
||||||
|
|
||||||
opendeskIntegration:
|
opendeskIntegration:
|
||||||
centralNavigation:
|
centralNavigation:
|
||||||
@@ -132,6 +162,9 @@ configuration:
|
|||||||
value: "opendesk_username"
|
value: "opendesk_username"
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.centralnavigation.apiKey.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.centralnavigation.apiKey.key | quote }}
|
||||||
oxAppSuite:
|
oxAppSuite:
|
||||||
enabled: {{ .Values.apps.oxAppSuite.enabled }}
|
enabled: {{ .Values.apps.oxAppSuite.enabled }}
|
||||||
|
|
||||||
@@ -156,6 +189,9 @@ configuration:
|
|||||||
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.postfix.opendeskSystemPassword.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.postfix.opendeskSystemPassword.key | quote }}
|
||||||
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||||
port: 587
|
port: 587
|
||||||
fromAddress: {{ .Values.smtp.localpartNoReply | quote }}
|
fromAddress: {{ .Values.smtp.localpartNoReply | quote }}
|
||||||
@@ -172,6 +208,9 @@ configuration:
|
|||||||
serverinfo:
|
serverinfo:
|
||||||
token:
|
token:
|
||||||
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.nextcloud.metricsToken.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.nextcloud.metricsToken.key | quote }}
|
||||||
|
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{{/*
|
{{/*
|
||||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
*/}}
|
*/}}
|
||||||
@@ -21,6 +21,9 @@ exporter:
|
|||||||
server: "http://opendesk-nextcloud-aio"
|
server: "http://opendesk-nextcloud-aio"
|
||||||
token:
|
token:
|
||||||
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.nextcloud.metricsToken.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.nextcloud.metricsToken.key | quote }}
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
capabilities:
|
capabilities:
|
||||||
@@ -73,8 +76,14 @@ aio:
|
|||||||
enabled: true
|
enabled: true
|
||||||
username:
|
username:
|
||||||
value: {{ .Values.cache.nextcloud.username }}
|
value: {{ .Values.cache.nextcloud.username }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.cache.nextcloudUsername.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.cache.nextcloudUsername.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.cache.nextcloudPassword.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.cache.nextcloudPassword.key | quote }}
|
||||||
host: {{ .Values.cache.nextcloud.host | quote }}
|
host: {{ .Values.cache.nextcloud.host | quote }}
|
||||||
port: {{ .Values.cache.nextcloud.port | quote }}
|
port: {{ .Values.cache.nextcloud.port | quote }}
|
||||||
tls: {{ .Values.cache.nextcloud.tls }}
|
tls: {{ .Values.cache.nextcloud.tls }}
|
||||||
@@ -95,8 +104,14 @@ aio:
|
|||||||
password:
|
password:
|
||||||
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.mariadb.nextcloudUser.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.mariadb.nextcloudUser.key | quote }}
|
||||||
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
|
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.externalSecrets.postgresql.nextcloudUser.name | quote }}
|
||||||
|
key: {{ .Values.externalSecrets.postgresql.nextcloudUser.key | quote }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
value: {{ .Values.databases.nextcloud.password | quote }}
|
value: {{ .Values.databases.nextcloud.password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
235
helmfile/apps/nubus/values-nubus-guardian.yaml.gotmpl
Normal file
235
helmfile/apps/nubus/values-nubus-guardian.yaml.gotmpl
Normal file
@@ -0,0 +1,235 @@
|
|||||||
|
{{/*
|
||||||
|
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/}}
|
||||||
|
---
|
||||||
|
#
|
||||||
|
# This file is currently optional for customizing purposes only. It will be a mandatory part of Nubus in a later release.
|
||||||
|
#
|
||||||
|
nubusGuardian:
|
||||||
|
authorizationApi:
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
seLinuxOptions:
|
||||||
|
{{ .Values.seLinuxOptions.umsGuardianAuthorizationApi | toYaml | nindent 8 }}
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianAuthorizationApi.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusGuardianAuthorizationApi.repository }}
|
||||||
|
tag: {{ .Values.images.nubusGuardianAuthorizationApi.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||||
|
podAnnotations:
|
||||||
|
intents.otterize.com/service-name: "ums-guardian-authorization-api"
|
||||||
|
{{- with .Values.annotations.nubusGuardian.authorizationApiPod }}
|
||||||
|
{{ . | toYaml | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
podSecurityContext:
|
||||||
|
fsGroup: 1000
|
||||||
|
fsGroupChangePolicy: "Always"
|
||||||
|
replicaCount: {{ .Values.replicas.umsGuardianAuthorizationApi }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }}
|
||||||
|
global:
|
||||||
|
podAnnotations:
|
||||||
|
{{ .Values.annotations.nubusGuardian.globalPod | toYaml | nindent 6 }}
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
{{ .Values.annotations.nubusGuardian.ingressIngress | toYaml | nindent 6 }}
|
||||||
|
certManager:
|
||||||
|
enabled: false
|
||||||
|
tls:
|
||||||
|
enabled: {{ .Values.ingress.tls.enabled }}
|
||||||
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||||
|
items:
|
||||||
|
- name: management-ui
|
||||||
|
host: ""
|
||||||
|
# -- Define the Ingress paths.
|
||||||
|
paths:
|
||||||
|
- path: /univention/guardian/management-ui
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: guardian-management-ui
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
ingressClassName: ""
|
||||||
|
annotations:
|
||||||
|
{{ .Values.annotations.nubusGuardian.ingressManagementUi | toYaml | nindent 10 }}
|
||||||
|
tls:
|
||||||
|
# enabled: true
|
||||||
|
secretName: ""
|
||||||
|
- name: management-api
|
||||||
|
host: ""
|
||||||
|
paths:
|
||||||
|
- path: /guardian/management
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: guardian-management-api
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
ingressClassName: ""
|
||||||
|
annotations:
|
||||||
|
{{ .Values.annotations.nubusGuardian.ingressManagementApi | toYaml | nindent 10 }}
|
||||||
|
tls:
|
||||||
|
# enabled: true
|
||||||
|
secretName: ""
|
||||||
|
- name: authorization-api
|
||||||
|
host: ""
|
||||||
|
paths:
|
||||||
|
- path: /guardian/authorization
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: guardian-authorization-api
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
ingressClassName: ""
|
||||||
|
annotations:
|
||||||
|
{{ .Values.annotations.nubusGuardian.ingressAuthorizationApi | toYaml | nindent 10 }}
|
||||||
|
tls:
|
||||||
|
# enabled: true
|
||||||
|
secretName: ""
|
||||||
|
managementApi:
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
seLinuxOptions:
|
||||||
|
{{ .Values.seLinuxOptions.umsGuardianManagementApi | toYaml | nindent 8 }}
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementApi.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusGuardianManagementApi.repository }}
|
||||||
|
tag: {{ .Values.images.nubusGuardianManagementApi.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||||
|
podAnnotations:
|
||||||
|
intents.otterize.com/service-name: "ums-guardian-management-api"
|
||||||
|
{{- with .Values.annotations.nubusGuardian.managementApiPod }}
|
||||||
|
{{ . | toYaml | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
podSecurityContext:
|
||||||
|
fsGroup: 1000
|
||||||
|
fsGroupChangePolicy: "Always"
|
||||||
|
replicaCount: {{ .Values.replicas.umsGuardianManagementApi }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }}
|
||||||
|
managementUi:
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
seLinuxOptions:
|
||||||
|
{{ .Values.seLinuxOptions.umsGuardianManagementUi | toYaml | nindent 8 }}
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementUi.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusGuardianManagementUi.repository }}
|
||||||
|
tag: {{ .Values.images.nubusGuardianManagementUi.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||||
|
podAnnotations:
|
||||||
|
intents.otterize.com/service-name: "ums-guardian-management-ui"
|
||||||
|
{{- with .Values.annotations.nubusGuardian.managementUiPod }}
|
||||||
|
{{ . | toYaml | nindent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
replicaCount: {{ .Values.replicas.umsGuardianManagementUi }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}
|
||||||
|
openPolicyAgent:
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
seLinuxOptions:
|
||||||
|
{{ .Values.seLinuxOptions.umsGuardianOpenPolicyAgent | toYaml | nindent 8 }}
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpenPolicyAgent.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusOpenPolicyAgent.repository }}
|
||||||
|
tag: {{ .Values.images.nubusOpenPolicyAgent.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||||
|
podSecurityContext:
|
||||||
|
fsGroup: 1000
|
||||||
|
fsGroupChangePolicy: "Always"
|
||||||
|
podAnnotations:
|
||||||
|
intents.otterize.com/service-name: "ums-ums-open-policy-agent"
|
||||||
|
replicaCount: {{ .Values.replicas.umsGuardianOpenPolicyAgent }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }}
|
||||||
|
postgresql:
|
||||||
|
connection:
|
||||||
|
host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
|
||||||
|
port: {{ .Values.databases.umsGuardianManagementApi.port | quote }}
|
||||||
|
auth:
|
||||||
|
username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
||||||
|
database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
|
||||||
|
existingSecret:
|
||||||
|
name: "ums-guardian-postgresql-opendesk-credentials"
|
||||||
|
keyMapping:
|
||||||
|
password: "guardianDatabasePassword"
|
||||||
|
provisioning:
|
||||||
|
enabled: false
|
||||||
|
config:
|
||||||
|
nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
|
||||||
|
keycloak:
|
||||||
|
credentialSecret:
|
||||||
|
name: "ums-opendesk-keycloak-credentials"
|
||||||
|
key: "admin_password"
|
||||||
|
realm: {{ .Values.platform.realm | quote }}
|
||||||
|
username: "kcadmin"
|
||||||
|
keycloak:
|
||||||
|
auth:
|
||||||
|
existingSecret:
|
||||||
|
name: "ums-opendesk-guardian-client-secret"
|
||||||
|
keyMapping:
|
||||||
|
password: "managementApiClientSecret"
|
||||||
|
connection:
|
||||||
|
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||||
|
baseUrl: "http://ums-keycloak:8080"
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianProvisioning.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusGuardianProvisioning.repository }}
|
||||||
|
tag: {{ .Values.images.nubusGuardianProvisioning.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
serviceAccount:
|
||||||
|
annotations:
|
||||||
|
{{ .Values.annotations.nubusGuardian.serviceAccount | toYaml | nindent 6 }}
|
||||||
|
---
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
{{/*
|
{{/*
|
||||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
*/}}
|
*/}}
|
||||||
---
|
---
|
||||||
@@ -10,15 +10,14 @@ global:
|
|||||||
certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }}
|
certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }}
|
||||||
domain: {{ .Values.global.domain | quote }}
|
domain: {{ .Values.global.domain | quote }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||||
ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }}
|
ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }}
|
||||||
keycloak:
|
keycloak:
|
||||||
realm: {{ .Values.platform.realm | quote }}
|
realm: {{ .Values.platform.realm | quote }}
|
||||||
ldap:
|
ldap:
|
||||||
baseDn: {{ .Values.ldap.baseDn | quote }}
|
baseDn: {{ .Values.ldap.baseDn | quote }}
|
||||||
domainName: {{ .Values.global.domain | quote }}
|
domainName: {{ .Values.global.domain | quote }}
|
||||||
auth:
|
|
||||||
cnAdmin:
|
|
||||||
password: {{ .Values.secrets.nubus.ldapSecret | quote }}
|
|
||||||
nubusDeployment: true
|
nubusDeployment: true
|
||||||
secrets:
|
secrets:
|
||||||
masterPassword: {{ .Values.secrets.nubus.masterpassword | quote }}
|
masterPassword: {{ .Values.secrets.nubus.masterpassword | quote }}
|
||||||
@@ -28,35 +27,31 @@ global:
|
|||||||
|
|
||||||
# -- Extensions to load. Add entries to load additional extensions into Nubus.
|
# -- Extensions to load. Add entries to load additional extensions into Nubus.
|
||||||
extensions:
|
extensions:
|
||||||
- name: "ox"
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOxExtension.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nubusOxExtension.repository }}
|
|
||||||
tag: {{ .Values.images.nubusOxExtension.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
|
||||||
- name: "opendesk"
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtension.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nubusOpendeskExtension.repository }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
|
||||||
tag: {{ .Values.images.nubusOpendeskExtension.tag }}
|
|
||||||
- name: "opendesk-a2g-mapper"
|
- name: "opendesk-a2g-mapper"
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtensionA2gMapper.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtensionA2gMapper.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }}
|
repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
|
||||||
tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }}
|
tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }}
|
||||||
|
|
||||||
# -- Allows to configure the system extensions to load. This is intended for
|
# -- Allows to configure the system extensions to load. This is intended for
|
||||||
# internal usage, prefer to use `global.extensions` for user configured
|
# internal usage, prefer to use `global.extensions` for user configured
|
||||||
# extensions.
|
# extensions.
|
||||||
systemExtensions:
|
systemExtensions:
|
||||||
|
- name: "ox"
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOxExtension.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusOxExtension.repository }}
|
||||||
|
tag: {{ .Values.images.nubusOxExtension.tag }}
|
||||||
|
- name: "opendesk"
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtension.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusOpendeskExtension.repository }}
|
||||||
|
tag: {{ .Values.images.nubusOpendeskExtension.tag }}
|
||||||
- name: "portal"
|
- name: "portal"
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalExtension.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalExtension.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusPortalExtension.repository }}
|
repository: {{ .Values.images.nubusPortalExtension.repository }}
|
||||||
tag: {{ .Values.images.nubusPortalExtension.tag }}
|
tag: {{ .Values.images.nubusPortalExtension.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
|
||||||
configUcr:
|
configUcr:
|
||||||
directory:
|
directory:
|
||||||
manager:
|
manager:
|
||||||
@@ -138,10 +133,6 @@ ingress:
|
|||||||
{{- with .Values.annotations.nubus.ingress }}
|
{{- with .Values.annotations.nubus.ingress }}
|
||||||
{{ . | toYaml | nindent 4 }}
|
{{ . | toYaml | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# temporary fix
|
|
||||||
{{- if not .Values.apps.minio.enabled }}
|
|
||||||
enabled: false
|
|
||||||
{{- end }}
|
|
||||||
certManager:
|
certManager:
|
||||||
enabled: false
|
enabled: false
|
||||||
tls:
|
tls:
|
||||||
@@ -185,14 +176,16 @@ keycloak:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusKeycloak.repository }}
|
repository: {{ .Values.images.nubusKeycloak.repository }}
|
||||||
tag: {{ .Values.images.nubusKeycloak.tag }}
|
tag: {{ .Values.images.nubusKeycloak.tag }}
|
||||||
|
# NOTE: The subchart "keycloak" does not yet support
|
||||||
|
# "global.imagePullPolicy". The local configuration can be removed once it
|
||||||
|
# does have this feature.
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
keycloak:
|
keycloak:
|
||||||
auth:
|
auth:
|
||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
|
# TODO: Pending secrets refactoring to be able to provide the value directly
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: "ums-opendesk-keycloak-credentials"
|
name: "ums-opendesk-keycloak-credentials"
|
||||||
keyMapping:
|
keyMapping:
|
||||||
@@ -203,6 +196,10 @@ keycloak:
|
|||||||
loginTitle: "Anmeldung bei {{ .Values.theme.texts.productName }}"
|
loginTitle: "Anmeldung bei {{ .Values.theme.texts.productName }}"
|
||||||
en:
|
en:
|
||||||
loginTitle: "Sign in to {{ .Values.theme.texts.productName }}"
|
loginTitle: "Sign in to {{ .Values.theme.texts.productName }}"
|
||||||
|
features:
|
||||||
|
enabled:
|
||||||
|
- "admin-fine-grained-authz:v1"
|
||||||
|
- "token-exchange"
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-keycloak"
|
intents.otterize.com/service-name: "ums-keycloak"
|
||||||
{{- with .Values.annotations.nubusKeycloak.pod }}
|
{{- with .Values.annotations.nubusKeycloak.pod }}
|
||||||
@@ -215,6 +212,7 @@ keycloak:
|
|||||||
auth:
|
auth:
|
||||||
username: {{ .Values.databases.keycloak.username | quote }}
|
username: {{ .Values.databases.keycloak.username | quote }}
|
||||||
database: {{ .Values.databases.keycloak.name | quote }}
|
database: {{ .Values.databases.keycloak.name | quote }}
|
||||||
|
# TODO: Pending secrets refactoring to be able to provide the value directly
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: "ums-keycloak-postgresql-opendesk-credentials"
|
name: "ums-keycloak-postgresql-opendesk-credentials"
|
||||||
keyMapping:
|
keyMapping:
|
||||||
@@ -261,231 +259,7 @@ keycloak:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
nubusGuardian:
|
nubusGuardian:
|
||||||
authorizationApi:
|
|
||||||
containerSecurityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
privileged: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
runAsGroup: 1000
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 1000
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
seLinuxOptions:
|
|
||||||
{{ .Values.seLinuxOptions.umsGuardianAuthorizationApi | toYaml | nindent 8 }}
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianAuthorizationApi.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nubusGuardianAuthorizationApi.repository }}
|
|
||||||
tag: {{ .Values.images.nubusGuardianAuthorizationApi.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
||||||
podAnnotations:
|
|
||||||
intents.otterize.com/service-name: "ums-guardian-authorization-api"
|
|
||||||
{{- with .Values.annotations.nubusGuardian.authorizationApiPod }}
|
|
||||||
{{ . | toYaml | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
podSecurityContext:
|
|
||||||
fsGroup: 1000
|
|
||||||
fsGroupChangePolicy: "Always"
|
|
||||||
replicaCount: {{ .Values.replicas.umsGuardianAuthorizationApi }}
|
|
||||||
resources:
|
|
||||||
{{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }}
|
|
||||||
global:
|
|
||||||
podAnnotations:
|
|
||||||
{{ .Values.annotations.nubusGuardian.globalPod | toYaml | nindent 6 }}
|
|
||||||
ingress:
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nubusGuardian.ingressIngress | toYaml | nindent 6 }}
|
|
||||||
certManager:
|
|
||||||
enabled: false
|
enabled: false
|
||||||
tls:
|
|
||||||
enabled: {{ .Values.ingress.tls.enabled }}
|
|
||||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
|
||||||
items:
|
|
||||||
- name: management-ui
|
|
||||||
host: ""
|
|
||||||
# -- Define the Ingress paths.
|
|
||||||
paths:
|
|
||||||
- path: /univention/guardian/management-ui
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: guardian-management-ui
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
ingressClassName: ""
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nubusGuardian.ingressManagementUi | toYaml | nindent 10 }}
|
|
||||||
tls:
|
|
||||||
# enabled: true
|
|
||||||
secretName: ""
|
|
||||||
- name: management-api
|
|
||||||
host: ""
|
|
||||||
paths:
|
|
||||||
- path: /guardian/management
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: guardian-management-api
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
ingressClassName: ""
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nubusGuardian.ingressManagementApi | toYaml | nindent 10 }}
|
|
||||||
tls:
|
|
||||||
# enabled: true
|
|
||||||
secretName: ""
|
|
||||||
- name: authorization-api
|
|
||||||
host: ""
|
|
||||||
paths:
|
|
||||||
- path: /guardian/authorization
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: guardian-authorization-api
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
ingressClassName: ""
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nubusGuardian.ingressAuthorizationApi | toYaml | nindent 10 }}
|
|
||||||
tls:
|
|
||||||
# enabled: true
|
|
||||||
secretName: ""
|
|
||||||
managementApi:
|
|
||||||
containerSecurityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
privileged: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
runAsGroup: 1000
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 1000
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
seLinuxOptions:
|
|
||||||
{{ .Values.seLinuxOptions.umsGuardianManagementApi | toYaml | nindent 8 }}
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementApi.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nubusGuardianManagementApi.repository }}
|
|
||||||
tag: {{ .Values.images.nubusGuardianManagementApi.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
||||||
podAnnotations:
|
|
||||||
intents.otterize.com/service-name: "ums-guardian-management-api"
|
|
||||||
{{- with .Values.annotations.nubusGuardian.managementApiPod }}
|
|
||||||
{{ . | toYaml | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
podSecurityContext:
|
|
||||||
fsGroup: 1000
|
|
||||||
fsGroupChangePolicy: "Always"
|
|
||||||
replicaCount: {{ .Values.replicas.umsGuardianManagementApi }}
|
|
||||||
resources:
|
|
||||||
{{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }}
|
|
||||||
managementUi:
|
|
||||||
containerSecurityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
privileged: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
runAsGroup: 1000
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 1000
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
seLinuxOptions:
|
|
||||||
{{ .Values.seLinuxOptions.umsGuardianManagementUi | toYaml | nindent 8 }}
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementUi.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nubusGuardianManagementUi.repository }}
|
|
||||||
tag: {{ .Values.images.nubusGuardianManagementUi.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
||||||
podAnnotations:
|
|
||||||
intents.otterize.com/service-name: "ums-guardian-management-ui"
|
|
||||||
{{- with .Values.annotations.nubusGuardian.managementUiPod }}
|
|
||||||
{{ . | toYaml | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
replicaCount: {{ .Values.replicas.umsGuardianManagementUi }}
|
|
||||||
resources:
|
|
||||||
{{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}
|
|
||||||
openPolicyAgent:
|
|
||||||
containerSecurityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
privileged: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
runAsGroup: 1000
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 1000
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
seLinuxOptions:
|
|
||||||
{{ .Values.seLinuxOptions.umsGuardianOpenPolicyAgent | toYaml | nindent 8 }}
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpenPolicyAgent.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nubusOpenPolicyAgent.repository }}
|
|
||||||
tag: {{ .Values.images.nubusOpenPolicyAgent.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
||||||
podSecurityContext:
|
|
||||||
fsGroup: 1000
|
|
||||||
fsGroupChangePolicy: "Always"
|
|
||||||
podAnnotations:
|
|
||||||
intents.otterize.com/service-name: "ums-ums-open-policy-agent"
|
|
||||||
replicaCount: {{ .Values.replicas.umsGuardianOpenPolicyAgent }}
|
|
||||||
resources:
|
|
||||||
{{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }}
|
|
||||||
postgresql:
|
|
||||||
connection:
|
|
||||||
host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
|
|
||||||
port: {{ .Values.databases.umsGuardianManagementApi.port | quote }}
|
|
||||||
auth:
|
|
||||||
username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
|
||||||
database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
|
|
||||||
existingSecret:
|
|
||||||
name: "ums-guardian-postgresql-opendesk-credentials"
|
|
||||||
keyMapping:
|
|
||||||
password: "guardianDatabasePassword"
|
|
||||||
provisioning:
|
|
||||||
enabled: false
|
|
||||||
config:
|
|
||||||
nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
|
|
||||||
keycloak:
|
|
||||||
credentialSecret:
|
|
||||||
name: "ums-opendesk-keycloak-credentials"
|
|
||||||
key: "admin_password"
|
|
||||||
realm: {{ .Values.platform.realm | quote }}
|
|
||||||
username: "kcadmin"
|
|
||||||
keycloak:
|
|
||||||
auth:
|
|
||||||
existingSecret:
|
|
||||||
name: "ums-opendesk-guardian-client-secret"
|
|
||||||
keyMapping:
|
|
||||||
password: "managementApiClientSecret"
|
|
||||||
connection:
|
|
||||||
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
|
||||||
baseUrl: "http://ums-keycloak:8080"
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianProvisioning.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nubusGuardianProvisioning.repository }}
|
|
||||||
tag: {{ .Values.images.nubusGuardianProvisioning.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
serviceAccount:
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nubusGuardian.serviceAccount | toYaml | nindent 6 }}
|
|
||||||
|
|
||||||
nubusNotificationsApi:
|
nubusNotificationsApi:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -512,9 +286,6 @@ nubusNotificationsApi:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusNotificationsApi.repository }}
|
repository: {{ .Values.images.nubusNotificationsApi.repository }}
|
||||||
tag: {{ .Values.images.nubusNotificationsApi.tag }}
|
tag: {{ .Values.images.nubusNotificationsApi.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ingress:
|
ingress:
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
|
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
|
||||||
@@ -539,8 +310,12 @@ nubusNotificationsApi:
|
|||||||
auth:
|
auth:
|
||||||
username: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
username: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
||||||
database: {{ .Values.databases.umsNotificationsApi.name | quote }}
|
database: {{ .Values.databases.umsNotificationsApi.name | quote }}
|
||||||
|
password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
||||||
|
# NOTE: Nubus has still an existing secret configured for legacy reasons.
|
||||||
|
# This disables the existing secret and ensures that the value from above
|
||||||
|
# is used.
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: "ums-notifications-api-postgresql-opendesk-credentials"
|
name: null
|
||||||
service:
|
service:
|
||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.nubusNotificationsApi.service | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusNotificationsApi.service | toYaml | nindent 6 }}
|
||||||
@@ -576,9 +351,6 @@ nubusPortalFrontend:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalFrontend.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalFrontend.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusPortalFrontend.repository }}
|
repository: {{ .Values.images.nubusPortalFrontend.repository }}
|
||||||
tag: {{ .Values.images.nubusPortalFrontend.tag }}
|
tag: {{ .Values.images.nubusPortalFrontend.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ingress:
|
ingress:
|
||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.nubusPortalFrontend.ingressIngress | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusPortalFrontend.ingressIngress | toYaml | nindent 6 }}
|
||||||
@@ -658,6 +430,8 @@ nubusKeycloakExtensions:
|
|||||||
keycloak:
|
keycloak:
|
||||||
auth:
|
auth:
|
||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
|
# TODO: Pending secrets refactoring in component chart. This will refer to
|
||||||
|
# the secret generated by the keycloak subchart.
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: "ums-opendesk-keycloak-credentials"
|
name: "ums-opendesk-keycloak-credentials"
|
||||||
keyMapping:
|
keyMapping:
|
||||||
@@ -669,7 +443,11 @@ nubusKeycloakExtensions:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }}
|
repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }}
|
||||||
tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }}
|
tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }}
|
||||||
|
# NOTE: The subchart "keycloak-extensions" does not yet support
|
||||||
|
# "global.imagePullPolicy".
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
# NOTE: Remove once the keycloak-extensions subchart respects
|
||||||
|
# "global.imagePullSecrets".
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||||
ingress:
|
ingress:
|
||||||
@@ -735,6 +513,7 @@ nubusKeycloakExtensions:
|
|||||||
auth:
|
auth:
|
||||||
database: {{ .Values.databases.keycloakExtension.name | quote }}
|
database: {{ .Values.databases.keycloakExtension.name | quote }}
|
||||||
username: {{ .Values.databases.keycloakExtension.username | quote }}
|
username: {{ .Values.databases.keycloakExtension.username | quote }}
|
||||||
|
# TODO: Pending secrets refactoring for this component chart
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
|
name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
|
||||||
keyMapping:
|
keyMapping:
|
||||||
@@ -748,6 +527,7 @@ nubusKeycloakExtensions:
|
|||||||
auth:
|
auth:
|
||||||
enabled: true
|
enabled: true
|
||||||
username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||||
|
# TODO: Pending secrets refactoring in the component chart
|
||||||
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
||||||
@@ -765,7 +545,11 @@ nubusKeycloakExtensions:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
|
repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
|
||||||
tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
|
tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
|
||||||
|
# NOTE: The subchart "keycloak-extensions" does not yet support
|
||||||
|
# "global.imagePullPolicy".
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
# NOTE: Remove once the keycloak-extensions subchart respects
|
||||||
|
# "global.imagePullSecrets".
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
@@ -788,9 +572,6 @@ nubusKeycloakExtensions:
|
|||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.nubusKeycloakExtensions.handlerServiceAccount | toYaml | nindent 8 }}
|
{{ .Values.annotations.nubusKeycloakExtensions.handlerServiceAccount | toYaml | nindent 8 }}
|
||||||
|
|
||||||
nubusPortalListener:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
nubusPortalConsumer:
|
nubusPortalConsumer:
|
||||||
enabled: true
|
enabled: true
|
||||||
portalConsumer:
|
portalConsumer:
|
||||||
@@ -798,24 +579,12 @@ nubusPortalConsumer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusPortalConsumer.repository }}
|
repository: {{ .Values.images.nubusPortalConsumer.repository }}
|
||||||
tag: {{ .Values.images.nubusPortalConsumer.tag }}
|
tag: {{ .Values.images.nubusPortalConsumer.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
pullSecrets:
|
|
||||||
{{- range .Values.global.imagePullSecrets }}
|
|
||||||
- name: {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
assetsBaseUrl: {{ printf "https://%s.%s/univention/portal" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
assetsBaseUrl: {{ printf "https://%s.%s/univention/portal" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||||
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
|
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
|
||||||
objectStorage:
|
objectStorage:
|
||||||
auth:
|
auth:
|
||||||
accessKeyId: {{ .Values.objectstores.nubus.username | quote }}
|
accessKeyId: {{ .Values.objectstores.nubus.username | quote }}
|
||||||
accessKey: {{ .Values.objectstores.nubus.username | quote }}
|
|
||||||
secretAccessKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
secretAccessKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
||||||
secretKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
|
||||||
existingSecret:
|
|
||||||
name: "{{ .Release.Name }}-portal-consumer-minio-credentials"
|
|
||||||
keyMapping:
|
|
||||||
accessKey: "accessKey"
|
|
||||||
secretKey: "secretKey"
|
|
||||||
bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
|
bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
|
||||||
endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||||
persistence:
|
persistence:
|
||||||
@@ -846,7 +615,6 @@ nubusPortalConsumer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
{{- if .Values.certificate.selfSigned }}
|
{{- if .Values.certificate.selfSigned }}
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: "trusted-cert-secret-volume"
|
- name: "trusted-cert-secret-volume"
|
||||||
@@ -905,9 +673,6 @@ nubusPortalServer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalServer.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalServer.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusPortalServer.repository }}
|
repository: {{ .Values.images.nubusPortalServer.repository }}
|
||||||
tag: {{ .Values.images.nubusPortalServer.tag }}
|
tag: {{ .Values.images.nubusPortalServer.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ingress:
|
ingress:
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
|
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
|
||||||
@@ -932,18 +697,11 @@ nubusPortalServer:
|
|||||||
{{ .Values.annotations.nubusPortalServer.persistence | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusPortalServer.persistence | toYaml | nindent 6 }}
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
{{ .Values.annotations.nubusPortalServer.pod | toYaml | nindent 4 }}
|
{{ .Values.annotations.nubusPortalServer.pod | toYaml | nindent 4 }}
|
||||||
portalServer:
|
|
||||||
objectStorageEndpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
|
||||||
objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
|
|
||||||
objectStorageCredentialSecret:
|
|
||||||
name: "ums-portal-server-minio-opendesk-credentials"
|
|
||||||
accessKeyKey: "access-key-id"
|
|
||||||
secretKeyKey: "secret-key-id"
|
|
||||||
portalServer:
|
portalServer:
|
||||||
centralNavigation:
|
centralNavigation:
|
||||||
enabled: true
|
enabled: true
|
||||||
existingSecret:
|
auth:
|
||||||
name: "ums-opendesk-portal-server-central-navigation"
|
sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||||
featureToggles:
|
featureToggles:
|
||||||
notifications_api: false
|
notifications_api: false
|
||||||
replicaCount: {{ .Values.replicas.umsPortalServer }}
|
replicaCount: {{ .Values.replicas.umsPortalServer }}
|
||||||
@@ -1005,8 +763,6 @@ nubusUdmRestApi:
|
|||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
seLinuxOptions:
|
seLinuxOptions:
|
||||||
{{ .Values.seLinuxOptions.umsUdmRestApi | toYaml | nindent 6 }}
|
{{ .Values.seLinuxOptions.umsUdmRestApi | toYaml | nindent 6 }}
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: {{ .Values.functional.externalServices.nubus.udmRestApi.enabled }}
|
enabled: {{ .Values.functional.externalServices.nubus.udmRestApi.enabled }}
|
||||||
annotations:
|
annotations:
|
||||||
@@ -1025,6 +781,23 @@ nubusUdmRestApi:
|
|||||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||||
initResources:
|
initResources:
|
||||||
{{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }}
|
{{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }}
|
||||||
|
waitForDependency:
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||||
|
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||||
|
blocklistCleanup:
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusBlocklistCleanup.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusBlocklistCleanup.repository }}
|
||||||
|
tag: {{ .Values.images.nubusBlocklistCleanup.tag }}
|
||||||
|
ldapUpdateUniventionObjectIdentifier:
|
||||||
|
enabled: true
|
||||||
|
suspend: false
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapUpdateUniventionObjectIdentifier.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusLdapUpdateUniventionObjectIdentifier.repository }}
|
||||||
|
tag: {{ .Values.images.nubusLdapUpdateUniventionObjectIdentifier.tag }}
|
||||||
persistence:
|
persistence:
|
||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.nubusUdmRestApi.persistence | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusUdmRestApi.persistence | toYaml | nindent 6 }}
|
||||||
@@ -1047,7 +820,6 @@ nubusUdmRestApi:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUdmRestApi.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUdmRestApi.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusUdmRestApi.repository }}
|
repository: {{ .Values.images.nubusUdmRestApi.repository }}
|
||||||
tag: {{ .Values.images.nubusUdmRestApi.tag }}
|
tag: {{ .Values.images.nubusUdmRestApi.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
|
|
||||||
nubusLdapNotifier:
|
nubusLdapNotifier:
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
@@ -1070,9 +842,6 @@ nubusLdapNotifier:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapNotifier.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapNotifier.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusLdapNotifier.repository }}
|
repository: {{ .Values.images.nubusLdapNotifier.repository }}
|
||||||
tag: {{ .Values.images.nubusLdapNotifier.tag }}
|
tag: {{ .Values.images.nubusLdapNotifier.tag }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-ldap-notifier"
|
intents.otterize.com/service-name: "ums-ldap-notifier"
|
||||||
{{- with .Values.annotations.nubusLdapNotifier.pod }}
|
{{- with .Values.annotations.nubusLdapNotifier.pod }}
|
||||||
@@ -1091,10 +860,6 @@ serviceAccount:
|
|||||||
nubusLdapServer:
|
nubusLdapServer:
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
{{ .Values.annotations.nubusLdapServer.additional | toYaml | nindent 4 }}
|
{{ .Values.annotations.nubusLdapServer.additional | toYaml | nindent 4 }}
|
||||||
global:
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-ldap-server"
|
intents.otterize.com/service-name: "ums-ldap-server"
|
||||||
dhInitcontainer:
|
dhInitcontainer:
|
||||||
@@ -1102,20 +867,19 @@ nubusLdapServer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
|
repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
|
||||||
tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
|
tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
initResources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
initResources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||||
ldapServer:
|
ldapServer:
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServer.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServer.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusLdapServer.repository }}
|
repository: {{ .Values.images.nubusLdapServer.repository }}
|
||||||
tag: {{ .Values.images.nubusLdapServer.tag }}
|
tag: {{ .Values.images.nubusLdapServer.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
auth:
|
||||||
|
password: {{ .Values.secrets.nubus.ldapSecret | quote }}
|
||||||
leaderElector:
|
leaderElector:
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerLeaderElector.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerLeaderElector.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusLdapServerLeaderElector.repository }}
|
repository: {{ .Values.images.nubusLdapServerLeaderElector.repository }}
|
||||||
tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }}
|
tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
persistence:
|
persistence:
|
||||||
size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }}
|
size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }}
|
||||||
storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
||||||
@@ -1139,7 +903,6 @@ nubusLdapServer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
|
|
||||||
nubusProvisioning:
|
nubusProvisioning:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -1152,14 +915,16 @@ nubusProvisioning:
|
|||||||
{{ . | toYaml | nindent 6 }}
|
{{ . | toYaml | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
auth:
|
auth:
|
||||||
adminPassword: {{ .Values.secrets.nubus.provisioning.api.adminPassword | quote }}
|
admin:
|
||||||
prefillPassword: {{ .Values.secrets.nubus.provisioning.api.prefillPassword | quote}}
|
password: {{ .Values.secrets.nubus.provisioning.api.adminPassword | quote }}
|
||||||
udmTransformerPassword: {{ .Values.secrets.nubus.provisioning.api.udmTransformerPassword | quote}}
|
prefill:
|
||||||
|
password: {{ .Values.secrets.nubus.provisioning.api.prefillPassword | quote}}
|
||||||
|
eventsUdm:
|
||||||
|
password: {{ .Values.secrets.nubus.provisioning.api.udmTransformerPassword | quote}}
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningEventsAndConsumerApi.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningEventsAndConsumerApi.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }}
|
repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }}
|
||||||
tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }}
|
tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
nats:
|
nats:
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}}
|
password: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}}
|
||||||
@@ -1191,7 +956,6 @@ nubusProvisioning:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningDispatcher.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningDispatcher.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusProvisioningDispatcher.repository }}
|
repository: {{ .Values.images.nubusProvisioningDispatcher.repository }}
|
||||||
tag: {{ .Values.images.nubusProvisioningDispatcher.tag }}
|
tag: {{ .Values.images.nubusProvisioningDispatcher.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
nats:
|
nats:
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}}
|
password: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}}
|
||||||
@@ -1199,11 +963,6 @@ nubusProvisioning:
|
|||||||
{{ .Values.annotations.nubusProvisioning.dispatcherPod | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusProvisioning.dispatcherPod | toYaml | nindent 6 }}
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 6 }}
|
{{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 6 }}
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ldap:
|
|
||||||
auth:
|
|
||||||
password: {{ .Values.secrets.nubus.ldapSecret | quote }}
|
|
||||||
nats:
|
nats:
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-provisioning-nats"
|
intents.otterize.com/service-name: "ums-provisioning-nats"
|
||||||
@@ -1229,19 +988,23 @@ nubusProvisioning:
|
|||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
seLinuxOptions:
|
seLinuxOptions:
|
||||||
{{ .Values.seLinuxOptions.umsProvisioningNats | toYaml | nindent 8 }}
|
{{ .Values.seLinuxOptions.umsProvisioningNats | toYaml | nindent 8 }}
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
|
|
||||||
nats:
|
nats:
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNats.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNats.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusNats.repository }}
|
repository: {{ .Values.images.nubusNats.repository }}
|
||||||
tag: {{ .Values.images.nubusNats.tag }}
|
tag: {{ .Values.images.nubusNats.tag }}
|
||||||
|
# NOTE: The subchart does not yet fully support
|
||||||
|
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||||
|
# been adjusted.
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
natsBox:
|
natsBox:
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsBox.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsBox.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusNatsBox.repository }}
|
repository: {{ .Values.images.nubusNatsBox.repository }}
|
||||||
tag: {{ .Values.images.nubusNatsBox.tag }}
|
tag: {{ .Values.images.nubusNatsBox.tag }}
|
||||||
|
# NOTE: The subchart does not yet fully support
|
||||||
|
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||||
|
# been adjusted.
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
persistence:
|
persistence:
|
||||||
size: {{ .Values.persistence.storages.nubusProvisioningNats.size }}
|
size: {{ .Values.persistence.storages.nubusProvisioningNats.size }}
|
||||||
@@ -1251,6 +1014,9 @@ nubusProvisioning:
|
|||||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsReloader.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsReloader.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusNatsReloader.repository }}
|
repository: {{ .Values.images.nubusNatsReloader.repository }}
|
||||||
tag: {{ .Values.images.nubusNatsReloader.tag }}
|
tag: {{ .Values.images.nubusNatsReloader.tag }}
|
||||||
|
# NOTE: The subchart does not yet fully support
|
||||||
|
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||||
|
# been adjusted.
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.umsProvisioningNats | toYaml | nindent 6 }}
|
{{ .Values.resources.umsProvisioningNats | toYaml | nindent 6 }}
|
||||||
@@ -1268,7 +1034,6 @@ nubusProvisioning:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningPrefill.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningPrefill.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusProvisioningPrefill.repository }}
|
repository: {{ .Values.images.nubusProvisioningPrefill.repository }}
|
||||||
tag: {{ .Values.images.nubusProvisioningPrefill.tag }}
|
tag: {{ .Values.images.nubusProvisioningPrefill.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
nats:
|
nats:
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}}
|
password: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}}
|
||||||
@@ -1286,7 +1051,6 @@ nubusProvisioning:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmTransformer.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmTransformer.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusProvisioningUdmTransformer.repository }}
|
repository: {{ .Values.images.nubusProvisioningUdmTransformer.repository }}
|
||||||
tag: {{ .Values.images.nubusProvisioningUdmTransformer.tag }}
|
tag: {{ .Values.images.nubusProvisioningUdmTransformer.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
nats:
|
nats:
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}}
|
password: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}}
|
||||||
@@ -1311,13 +1075,12 @@ nubusProvisioning:
|
|||||||
existingSecret:
|
existingSecret:
|
||||||
name: ums-provisioning-ox-credentials
|
name: ums-provisioning-ox-credentials
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: "ox-connector.json"
|
registration: "ox-connector.json"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-provisioning-register-consumers"
|
intents.otterize.com/service-name: "ums-provisioning-register-consumers"
|
||||||
{{- with .Values.annotations.nubusProvisioning.registerConsumersPod }}
|
{{- with .Values.annotations.nubusProvisioning.registerConsumersPod }}
|
||||||
@@ -1354,9 +1117,9 @@ nubusUdmListener:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmListener.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmListener.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusProvisioningUdmListener.repository }}
|
repository: {{ .Values.images.nubusProvisioningUdmListener.repository }}
|
||||||
tag: {{ .Values.images.nubusProvisioningUdmListener.tag }}
|
tag: {{ .Values.images.nubusProvisioningUdmListener.tag }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
persistence:
|
||||||
imagePullSecrets:
|
size: {{ .Values.persistence.storages.nubusUdmListener.size | quote }}
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
# storageClass: -- coalesce .Values.persistence.storages.nubusUdmListener.storageClassName .Values.persistence.storageClassNames.RWO | quote --
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
{{ .Values.annotations.nubusUdmListener.pod | toYaml | nindent 4 }}
|
{{ .Values.annotations.nubusUdmListener.pod | toYaml | nindent 4 }}
|
||||||
replicaCount: {{ .Values.replicas.umsUdmListener }}
|
replicaCount: {{ .Values.replicas.umsUdmListener }}
|
||||||
@@ -1369,13 +1132,6 @@ nubusUdmListener:
|
|||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.nubusUdmListener.serviceAccount | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusUdmListener.serviceAccount | toYaml | nindent 6 }}
|
||||||
|
|
||||||
nubusSelfServiceListener:
|
|
||||||
enabled: false
|
|
||||||
resources:
|
|
||||||
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
|
|
||||||
resourcesWaitForDependency:
|
|
||||||
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
|
|
||||||
|
|
||||||
nubusSelfServiceConsumer:
|
nubusSelfServiceConsumer:
|
||||||
enabled: true
|
enabled: true
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
@@ -1396,9 +1152,6 @@ nubusSelfServiceConsumer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfServiceConsumer.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfServiceConsumer.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusSelfServiceConsumer.repository }}
|
repository: {{ .Values.images.nubusSelfServiceConsumer.repository }}
|
||||||
tag: {{ .Values.images.nubusSelfServiceConsumer.tag }}
|
tag: {{ .Values.images.nubusSelfServiceConsumer.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-selfservice-listener"
|
intents.otterize.com/service-name: "ums-selfservice-listener"
|
||||||
{{- with .Values.annotations.nubusSelfserviceConsumer.pod }}
|
{{- with .Values.annotations.nubusSelfserviceConsumer.pod }}
|
||||||
@@ -1420,7 +1173,6 @@ nubusSelfServiceConsumer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
|
|
||||||
# Nubus services
|
# Nubus services
|
||||||
nubusStackDataUms:
|
nubusStackDataUms:
|
||||||
@@ -1449,7 +1201,8 @@ nubusStackDataUms:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusDataLoader.repository }}
|
repository: {{ .Values.images.nubusDataLoader.repository }}
|
||||||
tag: {{ .Values.images.nubusDataLoader.tag }}
|
tag: {{ .Values.images.nubusDataLoader.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
|
# TODO: Are these used for anything?
|
||||||
nubusPortalConsumer:
|
nubusPortalConsumer:
|
||||||
objectStorage:
|
objectStorage:
|
||||||
bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
|
bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
|
||||||
@@ -1458,6 +1211,7 @@ nubusStackDataUms:
|
|||||||
objectStorage:
|
objectStorage:
|
||||||
bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
|
bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
|
||||||
endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||||
|
|
||||||
initResources:
|
initResources:
|
||||||
{{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
|
{{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
|
||||||
# In openDesk the external memcache does not expect a username to be set. Overwriting
|
# In openDesk the external memcache does not expect a username to be set. Overwriting
|
||||||
@@ -1475,17 +1229,16 @@ nubusStackDataUms:
|
|||||||
host: {{ .Values.databases.umsSelfservice.host | quote }}
|
host: {{ .Values.databases.umsSelfservice.host | quote }}
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
{{ .Values.annotations.nubusStackDataUms.pod | toYaml | nindent 4 }}
|
{{ .Values.annotations.nubusStackDataUms.pod | toYaml | nindent 4 }}
|
||||||
pullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
|
{{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
|
||||||
stackDataContext:
|
stackDataContext:
|
||||||
umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }}
|
|
||||||
umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }}
|
|
||||||
umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }}
|
|
||||||
umcMemcachedUsername: ""
|
|
||||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||||
umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}"
|
umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}"
|
||||||
|
# NOTE: The sub-chart is not yet properly respecting the configuration of
|
||||||
|
# "global.subDomains.portal". This value should be removed once this is
|
||||||
|
# supported in the sub-chart.
|
||||||
|
ldapSamlSpUrls: {{ printf "https://%s.%s/univention/saml/metadata" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||||
|
portalFqdn: {{ printf "%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||||
smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||||
smtpPort: 25
|
smtpPort: 25
|
||||||
smtpUser: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
smtpUser: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||||
@@ -1599,12 +1352,12 @@ nubusUmcServer:
|
|||||||
capabilities:
|
capabilities:
|
||||||
drop:
|
drop:
|
||||||
- "ALL"
|
- "ALL"
|
||||||
runAsUser: 0
|
runAsUser: 999
|
||||||
runAsGroup: 0
|
runAsGroup: 999
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: "RuntimeDefault"
|
type: "RuntimeDefault"
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
runAsNonRoot: false
|
runAsNonRoot: true
|
||||||
seLinuxOptions:
|
seLinuxOptions:
|
||||||
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
|
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
|
||||||
containerSecurityContextSssd:
|
containerSecurityContextSssd:
|
||||||
@@ -1638,10 +1391,6 @@ nubusUmcServer:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcServer.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcServer.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusUmcServer.repository }}
|
repository: {{ .Values.images.nubusUmcServer.repository }}
|
||||||
tag: {{ .Values.images.nubusUmcServer.tag }}
|
tag: {{ .Values.images.nubusUmcServer.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ingress:
|
ingress:
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||||
@@ -1660,10 +1409,7 @@ nubusUmcServer:
|
|||||||
bundled: false
|
bundled: false
|
||||||
server: {{ .Values.cache.umsSelfservice.host | quote }}
|
server: {{ .Values.cache.umsSelfservice.host | quote }}
|
||||||
auth:
|
auth:
|
||||||
existingSecret:
|
password: ""
|
||||||
name: "ums-umc-server-memcached-opendesk-credentials"
|
|
||||||
keyMapping:
|
|
||||||
memcached-password: "umcServerMemcachedPassword"
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
{{ .Values.annotations.nubusUmcServer.pod | toYaml | nindent 4 }}
|
{{ .Values.annotations.nubusUmcServer.pod | toYaml | nindent 4 }}
|
||||||
postgresql:
|
postgresql:
|
||||||
@@ -1674,16 +1420,17 @@ nubusUmcServer:
|
|||||||
auth:
|
auth:
|
||||||
username: {{ .Values.databases.umsSelfservice.username | quote }}
|
username: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||||
database: {{ .Values.databases.umsSelfservice.name | quote }}
|
database: {{ .Values.databases.umsSelfservice.name | quote }}
|
||||||
|
password: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
||||||
|
# NOTE: Nubus has still an existing secret configured for legacy reasons.
|
||||||
|
# This disables the existing secret and ensures that the value from above
|
||||||
|
# is used.
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: "ums-umc-server-postgresql-opendesk-credentials"
|
name: null
|
||||||
keyMapping:
|
|
||||||
password: "umcServerDatabasePassword"
|
|
||||||
proxy:
|
proxy:
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusUmcServerProxy.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusUmcServerProxy.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusUmcServerProxy.repository }}
|
repository: {{ .Values.images.nubusUmcServerProxy.repository }}
|
||||||
tag: {{ .Values.images.nubusUmcServerProxy.tag }}
|
tag: {{ .Values.images.nubusUmcServerProxy.tag }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
replicaCount: {{ .Values.replicas.umsUmcServerProxy }}
|
replicaCount: {{ .Values.replicas.umsUmcServerProxy }}
|
||||||
replicaCount: {{ .Values.replicas.umsUmcServer }}
|
replicaCount: {{ .Values.replicas.umsUmcServer }}
|
||||||
resources:
|
resources:
|
||||||
@@ -1708,8 +1455,8 @@ nubusUmcServer:
|
|||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.nubusUmcServer.serviceAccount | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusUmcServer.serviceAccount | toYaml | nindent 6 }}
|
||||||
smtp:
|
smtp:
|
||||||
existingSecret:
|
auth:
|
||||||
name: "ums-umc-server-smtp-credentials-custom"
|
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
|
|
||||||
nubusUmcGateway:
|
nubusUmcGateway:
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
@@ -1730,10 +1477,6 @@ nubusUmcGateway:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcGateway.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcGateway.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusUmcGateway.repository }}
|
repository: {{ .Values.images.nubusUmcGateway.repository }}
|
||||||
tag: {{ .Values.images.nubusUmcGateway.tag }}
|
tag: {{ .Values.images.nubusUmcGateway.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
ingress:
|
ingress:
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||||
@@ -1771,6 +1514,9 @@ nubusKeycloakBootstrap:
|
|||||||
twoFactorAuthentication:
|
twoFactorAuthentication:
|
||||||
enabled: true
|
enabled: true
|
||||||
group: "2fa-users"
|
group: "2fa-users"
|
||||||
|
config:
|
||||||
|
debug:
|
||||||
|
enabled: {{ .Values.debug.enabled }}
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
@@ -1789,9 +1535,10 @@ nubusKeycloakBootstrap:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusKeycloakBootstrap.repository }}
|
repository: {{ .Values.images.nubusKeycloakBootstrap.repository }}
|
||||||
tag: {{ .Values.images.nubusKeycloakBootstrap.tag }}
|
tag: {{ .Values.images.nubusKeycloakBootstrap.tag }}
|
||||||
|
# NOTE: The subchart does not yet fully support
|
||||||
|
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||||
|
# been adjusted.
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
keycloak:
|
keycloak:
|
||||||
auth:
|
auth:
|
||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
@@ -1814,6 +1561,9 @@ nubusKeycloakBootstrap:
|
|||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||||
|
# NOTE: The subchart does not yet fully support
|
||||||
|
# "global.imagePullPolicy". This can be removed once the subchart has
|
||||||
|
# been adjusted.
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
annotations:
|
annotations:
|
||||||
@@ -1821,9 +1571,6 @@ nubusKeycloakBootstrap:
|
|||||||
|
|
||||||
# Credential secrets for accessing customer supplied services
|
# Credential secrets for accessing customer supplied services
|
||||||
extraSecrets:
|
extraSecrets:
|
||||||
- name: "ums-opendesk-portal-server-central-navigation"
|
|
||||||
stringData:
|
|
||||||
password: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
|
||||||
- name: "ums-opendesk-guardian-client-secret"
|
- name: "ums-opendesk-guardian-client-secret"
|
||||||
stringData:
|
stringData:
|
||||||
managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
||||||
@@ -1836,15 +1583,6 @@ extraSecrets:
|
|||||||
- name: "ums-guardian-postgresql-opendesk-credentials"
|
- name: "ums-guardian-postgresql-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
guardianDatabasePassword: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
guardianDatabasePassword: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
||||||
- name: "ums-notifications-api-postgresql-opendesk-credentials"
|
|
||||||
stringData:
|
|
||||||
password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
|
||||||
- name: "ums-umc-server-postgresql-opendesk-credentials"
|
|
||||||
stringData:
|
|
||||||
umcServerDatabasePassword: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
|
||||||
- name: "ums-umc-server-memcached-opendesk-credentials"
|
|
||||||
stringData:
|
|
||||||
umcServerMemcachedPassword: ""
|
|
||||||
- name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
|
- name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||||
@@ -1854,13 +1592,6 @@ extraSecrets:
|
|||||||
- name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
|
- name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
|
password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
|
||||||
- name: "ums-portal-server-minio-opendesk-credentials"
|
|
||||||
stringData:
|
|
||||||
access-key-id: {{ .Values.objectstores.nubus.username | quote }}
|
|
||||||
secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
|
||||||
- name: "ums-umc-server-smtp-credentials-custom"
|
|
||||||
stringData:
|
|
||||||
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
|
||||||
- name: "ums-provisioning-ox-credentials"
|
- name: "ums-provisioning-ox-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }"
|
ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }"
|
||||||
|
|||||||
@@ -42,4 +42,8 @@ serviceAccount:
|
|||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.openxchangeBootstrap.serviceAccount | toYaml | nindent 4 }}
|
{{ .Values.annotations.openxchangeBootstrap.serviceAccount | toYaml | nindent 4 }}
|
||||||
|
|
||||||
|
filestore:
|
||||||
|
# identifier must match identifier in /opt/open-xchange/etc/filestore-s3.properties
|
||||||
|
identifier: "ox-filestore-s3"
|
||||||
|
size: {{ .Values.objectstores.openxchange.maxSize }}
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -39,6 +39,7 @@ appsuite:
|
|||||||
uiSettings:
|
uiSettings:
|
||||||
# Enterprise contact picker
|
# Enterprise contact picker
|
||||||
io.ox/core//features/enterprisePicker/enabled: "true"
|
io.ox/core//features/enterprisePicker/enabled: "true"
|
||||||
|
io.ox/contacts//search/fields: 'email1,email2'
|
||||||
|
|
||||||
yamlFiles:
|
yamlFiles:
|
||||||
contacts-provider-ldap.yml:
|
contacts-provider-ldap.yml:
|
||||||
@@ -286,6 +287,7 @@ appsuite:
|
|||||||
givenname: "givenName"
|
givenname: "givenName"
|
||||||
surname: "sn"
|
surname: "sn"
|
||||||
email1: "mailPrimaryAddress"
|
email1: "mailPrimaryAddress"
|
||||||
|
email2: "mailAlternativeAddress"
|
||||||
department: "oxDepartment,department"
|
department: "oxDepartment,department"
|
||||||
company: "oxCompany,o"
|
company: "oxCompany,o"
|
||||||
branches: "oxBranches"
|
branches: "oxBranches"
|
||||||
@@ -297,8 +299,6 @@ appsuite:
|
|||||||
city_home: "oxCityHome"
|
city_home: "oxCityHome"
|
||||||
commercial_register: "oxCommercialRegister"
|
commercial_register: "oxCommercialRegister"
|
||||||
country_home: "oxCountryHome"
|
country_home: "oxCountryHome"
|
||||||
email2: "oxEmail2"
|
|
||||||
email3: "oxEmail3"
|
|
||||||
employeetype: "employeeType"
|
employeetype: "employeeType"
|
||||||
fax_business: "oxFaxBusiness,facsimileTelehoneNumber"
|
fax_business: "oxFaxBusiness,facsimileTelehoneNumber"
|
||||||
fax_home: "oxFaxHome"
|
fax_home: "oxFaxHome"
|
||||||
|
|||||||
@@ -295,6 +295,8 @@ appsuite:
|
|||||||
open-xchange-oauth-provider: "enabled"
|
open-xchange-oauth-provider: "enabled"
|
||||||
# Needed to set com.openexchange.hostname
|
# Needed to set com.openexchange.hostname
|
||||||
open-xchange-hostname-config-cascade: "enabled"
|
open-xchange-hostname-config-cascade: "enabled"
|
||||||
|
# Enable s3 storage
|
||||||
|
open-xchange-filestore-s3: "enabled"
|
||||||
properties:
|
properties:
|
||||||
com.openexchange.hostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
|
com.openexchange.hostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
|
||||||
com.openexchange.UIWebPath: "/appsuite/"
|
com.openexchange.UIWebPath: "/appsuite/"
|
||||||
@@ -408,7 +410,7 @@ appsuite:
|
|||||||
# Usage (in browser console after login):
|
# Usage (in browser console after login):
|
||||||
# http = (await import('./io.ox/core/http.js')).default
|
# http = (await import('./io.ox/core/http.js')).default
|
||||||
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
|
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
|
||||||
com.openexchange.smime.test: "true"
|
com.openexchange.smime.test: {{ .Values.debug.enabled | quote }}
|
||||||
# DAV
|
# DAV
|
||||||
{{- if .Values.functional.groupware.davSupport.enabled }}
|
{{- if .Values.functional.groupware.davSupport.enabled }}
|
||||||
com.openexchange.caldav.enabled: "true"
|
com.openexchange.caldav.enabled: "true"
|
||||||
@@ -479,6 +481,11 @@ appsuite:
|
|||||||
com.openexchange.antivirus.port: "1344"
|
com.openexchange.antivirus.port: "1344"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
com.openexchange.antivirus.maxFileSize: "1024"
|
com.openexchange.antivirus.maxFileSize: "1024"
|
||||||
|
/opt/open-xchange/etc/filestore-s3.properties:
|
||||||
|
com.openexchange.filestore.s3.ox-filestore-s3.endpoint: {{ .Values.objectstores.openxchange.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||||
|
com.openexchange.filestore.s3.ox-filestore-s3.bucketName: {{ .Values.objectstores.openxchange.bucket | quote }}
|
||||||
|
com.openexchange.filestore.s3.ox-filestore-s3.accessKey: {{ .Values.objectstores.openxchange.username | quote }}
|
||||||
|
com.openexchange.filestore.s3.ox-filestore-s3.secretKey: {{ .Values.objectstores.openxchange.secretKey | default .Values.secrets.minio.openxchangeUser | quote }}
|
||||||
uiSettings:
|
uiSettings:
|
||||||
io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
||||||
io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
||||||
@@ -647,6 +654,10 @@ appsuite:
|
|||||||
cache:
|
cache:
|
||||||
remoteCache:
|
remoteCache:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
|
- name: {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }}
|
||||||
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
||||||
@@ -733,6 +744,10 @@ appsuite:
|
|||||||
adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
|
adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
|
||||||
basicAuthLogin: "oxlogin"
|
basicAuthLogin: "oxlogin"
|
||||||
basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
|
basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
|
- name: {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }}
|
||||||
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{{/*
|
{{/*
|
||||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
*/}}
|
*/}}
|
||||||
---
|
---
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{{/*
|
{{/*
|
||||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
*/}}
|
*/}}
|
||||||
---
|
---
|
||||||
|
|||||||
@@ -124,6 +124,9 @@ provisioning:
|
|||||||
- name: {{ .Values.objectstores.openproject.bucket | quote }}
|
- name: {{ .Values.objectstores.openproject.bucket | quote }}
|
||||||
versioning: "Suspended"
|
versioning: "Suspended"
|
||||||
withLock: false
|
withLock: false
|
||||||
|
- name: {{ .Values.objectstores.openxchange.bucket | quote }}
|
||||||
|
versioning: "Suspended"
|
||||||
|
withLock: false
|
||||||
- name: {{ .Values.objectstores.nubus.bucket | quote }}
|
- name: {{ .Values.objectstores.nubus.bucket | quote }}
|
||||||
versioning: "Suspended"
|
versioning: "Suspended"
|
||||||
withLock: false
|
withLock: false
|
||||||
@@ -183,6 +186,18 @@ provisioning:
|
|||||||
effect: "Allow"
|
effect: "Allow"
|
||||||
actions:
|
actions:
|
||||||
- "s3:*"
|
- "s3:*"
|
||||||
|
- name: "openxchange-bucket-policy"
|
||||||
|
statements:
|
||||||
|
- resources:
|
||||||
|
- "arn:aws:s3:::openxchange"
|
||||||
|
effect: "Allow"
|
||||||
|
actions:
|
||||||
|
- "s3:*"
|
||||||
|
- resources:
|
||||||
|
- "arn:aws:s3:::openxchange/*"
|
||||||
|
effect: "Allow"
|
||||||
|
actions:
|
||||||
|
- "s3:*"
|
||||||
- name: "ums-bucket-policy"
|
- name: "ums-bucket-policy"
|
||||||
statements:
|
statements:
|
||||||
- resources:
|
- resources:
|
||||||
@@ -234,6 +249,12 @@ provisioning:
|
|||||||
policies:
|
policies:
|
||||||
- "openproject-bucket-policy"
|
- "openproject-bucket-policy"
|
||||||
setPolicies: true
|
setPolicies: true
|
||||||
|
- username: {{ .Values.objectstores.openxchange.username | quote }}
|
||||||
|
password: {{ .Values.secrets.minio.openxchangeUser | quote }}
|
||||||
|
disabled: false
|
||||||
|
policies:
|
||||||
|
- "openxchange-bucket-policy"
|
||||||
|
setPolicies: true
|
||||||
- username: {{ .Values.objectstores.nubus.username | quote }}
|
- username: {{ .Values.objectstores.nubus.username | quote }}
|
||||||
password: {{ .Values.secrets.minio.umsUser | quote }}
|
password: {{ .Values.secrets.minio.umsUser | quote }}
|
||||||
disabled: false
|
disabled: false
|
||||||
|
|||||||
@@ -12,5 +12,6 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
|
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
|
||||||
name: "appsuite-public-sector-pro-chart"
|
name: "appsuite-public-sector-pro-chart"
|
||||||
version: "1.17.292"
|
version: "1.18.273"
|
||||||
verify: false
|
verify: false
|
||||||
|
...
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ images:
|
|||||||
collabora:
|
collabora:
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
|
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||||
tag: "24.04.13.4.1@sha256:4d4f88fa244280f6116b072a923ee7e5c183ab30ee9759952f9b6aa802802300"
|
tag: "25.04.2.3.1@sha256:b6dbe27d7242488dfdb400219abbc6c97fb83df029975e1127f52abc8444475e"
|
||||||
dovecot:
|
dovecot:
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
|
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
|
||||||
@@ -17,5 +17,5 @@ images:
|
|||||||
openxchangeCoreMW:
|
openxchangeCoreMW:
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
|
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
|
||||||
tag: "8.37.69@sha256:40908484e71bc45ad23598685b0519d82fc9e3cf372e00fe38befe9196cf84e2"
|
tag: "8.38.73@sha256:2ddd6ce6e33a77aadc6043ad01026afbea09d28f7b0c469ab6fd412fb4ca8792"
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
|
repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
|
||||||
name: "collabora-online"
|
name: "collabora-online"
|
||||||
version: "1.1.38"
|
version: "1.1.41"
|
||||||
verify: true
|
verify: true
|
||||||
collaboraController:
|
collaboraController:
|
||||||
# Enterprise Component
|
# Enterprise Component
|
||||||
@@ -65,7 +65,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
|
repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
|
||||||
name: "cool-controller"
|
name: "cool-controller"
|
||||||
version: "1.1.2"
|
version: "1.1.6"
|
||||||
verify: false
|
verify: false
|
||||||
cryptpad:
|
cryptpad:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
@@ -231,7 +231,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
|
||||||
name: "opendesk-migrations"
|
name: "opendesk-migrations"
|
||||||
version: "1.6.0"
|
version: "1.7.4"
|
||||||
verify: true
|
verify: true
|
||||||
minio:
|
minio:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
@@ -303,7 +303,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||||
name: "nubus"
|
name: "nubus"
|
||||||
version: "1.9.1"
|
version: "1.11.1"
|
||||||
verify: true
|
verify: true
|
||||||
opendeskAlerts:
|
opendeskAlerts:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -355,7 +355,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/openproject/charts-mirror"
|
repository: "bmi/opendesk/components/supplier/openproject/charts-mirror"
|
||||||
name: "openproject"
|
name: "openproject"
|
||||||
version: "10.0.3"
|
version: "10.1.0"
|
||||||
verify: true
|
verify: true
|
||||||
openprojectBootstrap:
|
openprojectBootstrap:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -387,7 +387,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
|
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
|
||||||
name: "appsuite-public-sector"
|
name: "appsuite-public-sector"
|
||||||
version: "2.19.262"
|
version: "2.20.247"
|
||||||
verify: false
|
verify: false
|
||||||
oxAppSuiteBootstrap:
|
oxAppSuiteBootstrap:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -397,7 +397,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
|
||||||
name: "opendesk-open-xchange-bootstrap"
|
name: "opendesk-open-xchange-bootstrap"
|
||||||
version: "2.1.2"
|
version: "3.0.1"
|
||||||
verify: true
|
verify: true
|
||||||
oxConnector:
|
oxConnector:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
|
|||||||
56
helmfile/environments/default/external_secrets.yaml.gotmpl
Normal file
56
helmfile/environments/default/external_secrets.yaml.gotmpl
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
{{/*
|
||||||
|
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/}}
|
||||||
|
---
|
||||||
|
externalSecrets:
|
||||||
|
cache:
|
||||||
|
nextcloudUsername:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
nextcloudPassword:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
centralnavigation:
|
||||||
|
apiKey:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
keycloak:
|
||||||
|
clientSecretNcoidc:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
mariadb:
|
||||||
|
nextcloudUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
nextcloud:
|
||||||
|
adminPassword:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
adminUsername:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
metricsToken:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
nubus:
|
||||||
|
ldapSearch:
|
||||||
|
nextcloud:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
objectstores:
|
||||||
|
nextcloudAccessKey:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
nextcloudSecretKey:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
postfix:
|
||||||
|
opendeskSystemPassword:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
postgresql:
|
||||||
|
nextcloudUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
...
|
||||||
@@ -3,5 +3,5 @@
|
|||||||
---
|
---
|
||||||
global:
|
global:
|
||||||
systemInformation:
|
systemInformation:
|
||||||
releaseVersion: "v1.5.0"
|
releaseVersion: "v1.6.0"
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -44,14 +44,14 @@ images:
|
|||||||
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||||
tag: "24.04.14.3.1@sha256:b7085475740a4e92ad3611d52808b6d822478e52286d18d3272a9b685e049464"
|
tag: "25.04.2.2.1@sha256:03ec7f7740c5030eeb4f642c41fa0b9989d7a0dab81435a86b5c82479d0f78e2"
|
||||||
collaboraController:
|
collaboraController:
|
||||||
# Enterprise Component
|
# Enterprise Component
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Collabora"
|
# providerResponsible: "Collabora"
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
|
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
|
||||||
tag: "1.1.1@sha256:8a5b79920fdf7a8eb9c1e781f480d6134a30c75f14fae3f1ecb0b607e016215c"
|
tag: "1.1.3@sha256:552b63fd748ec873bd286c4d9ea0cf675f349f35a9ca2a69d2962336e4bc5f83"
|
||||||
cryptpad:
|
cryptpad:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "XWiki"
|
# providerResponsible: "XWiki"
|
||||||
@@ -296,7 +296,7 @@ images:
|
|||||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
|
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
|
repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
|
||||||
tag: "1.6.1@sha256:cc97de002f5821e3b3751879514f3f45a3b4ffa851d999187c3cf3dd0dee82e7"
|
tag: "1.7.5@sha256:98375df151d4b9bba81b5a7f3ab80dedd4cbd46dd0440c94b014b656b7115c71"
|
||||||
milter:
|
milter:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -361,6 +361,16 @@ images:
|
|||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "lasuite/impress-y-provider"
|
repository: "lasuite/impress-y-provider"
|
||||||
tag: "v3.2.1@sha256:9dd7068336c02fe71806bc3576e7dc8636d7ccb139667c6303f0753e18d3ab7e"
|
tag: "v3.2.1@sha256:9dd7068336c02fe71806bc3576e7dc8636d7ccb139667c6303f0753e18d3ab7e"
|
||||||
|
nubusBlocklistCleanup:
|
||||||
|
# providerCategory: "Supplier"
|
||||||
|
# providerResponsible: "Univention"
|
||||||
|
# upstreamRegistry: "https://artifacts.software-univention.de"
|
||||||
|
# upstreamRepository: "nubus/images/blocklist-cleanup"
|
||||||
|
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||||
|
# upstreamMirrorStartFrom: ["0", "34", "2"]
|
||||||
|
registry: "registry.opencode.de"
|
||||||
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/blocklist-cleanup"
|
||||||
|
tag: "0.34.2@sha256:137dc06ef02ea4962f5bd55c093153eead2b9f2d204cfc26fd44bc77397b9461"
|
||||||
nubusDataLoader:
|
nubusDataLoader:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -370,7 +380,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "41", "5"]
|
# upstreamMirrorStartFrom: ["0", "41", "5"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
|
||||||
tag: "0.90.0@sha256:a776ea84ca5d4f984a1ecf1f97d8c90cd98894c3568401be6858a8e955c7ed92"
|
tag: "0.95.0@sha256:57028c6a76d000a2085f7a429c704ac495be6e4e7ce0a5cc85e3bed25766ce32"
|
||||||
nubusGuardianAuthorizationApi:
|
nubusGuardianAuthorizationApi:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -420,7 +430,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "0", "1"]
|
# upstreamMirrorStartFrom: ["0", "0", "1"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak"
|
||||||
tag: "0.0.1@sha256:ce2397ac38920750b81a8a6065f7ed8a551641c6562a551963a2857fe6822beb"
|
tag: "0.2.1@sha256:c338d5bba11185b1cca6d5e5e1b6fe28bedcd8f02af8b4b96e431bde617f5f72"
|
||||||
nubusKeycloakBootstrap:
|
nubusKeycloakBootstrap:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -430,7 +440,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "1", "0"]
|
# upstreamMirrorStartFrom: ["0", "1", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
|
||||||
tag: "0.11.0@sha256:55ad741e01dd91bb9b0332fd602a6262d3618abdf97a86c13f1e6148b36bd242"
|
tag: "0.12.1@sha256:4a36e3753bda7d6ccc6fc98f5e115bf96a4257c1a9458d075888256484cfdd4b"
|
||||||
nubusKeycloakExtensionHandler:
|
nubusKeycloakExtensionHandler:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -460,7 +470,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
|
||||||
tag: "0.37.0@sha256:b148e15c268badc45db9a6ce12c97cce332d25b86e86fec47fc417b8fe74d0d2"
|
tag: "0.43.0@sha256:dcd4e7f1008eb4c6c1ae809785bee0da9cba1347af09ddbc147b76c422f4f35c"
|
||||||
nubusLdapServer:
|
nubusLdapServer:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -470,7 +480,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
|
||||||
tag: "0.37.0@sha256:caf7de9e121e5500c52dc8338b80057acd3eaa1e3877b526a5ae944bb53fe876"
|
tag: "0.43.0@sha256:67557ec3e3bd7ff4981666dddb5455672ee8767e12e3876ea79447627f9d9742"
|
||||||
nubusLdapServerDhInitContainer:
|
nubusLdapServerDhInitContainer:
|
||||||
# providerCategory: 'Community'
|
# providerCategory: 'Community'
|
||||||
# providerResponsible: 'Univention'
|
# providerResponsible: 'Univention'
|
||||||
@@ -488,7 +498,17 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "29", "1"]
|
# upstreamMirrorStartFrom: ["0", "29", "1"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector"
|
||||||
tag: "0.37.0@sha256:c9580e33ea48ec5d7ab2d4816926ca1b2ef72787f7615f31b124119c376c4324"
|
tag: "0.40.0@sha256:abd273062824bf652b891b37ef3093771a8f686ef414cbe376c837293d115ac9"
|
||||||
|
nubusLdapUpdateUniventionObjectIdentifier:
|
||||||
|
# providerCategory: "Supplier"
|
||||||
|
# providerResponsible: "Univention"
|
||||||
|
# upstreamRegistry: "https://artifacts.software-univention.de"
|
||||||
|
# upstreamRepository: "nubus/images/ldap-update-univention-object-identifier"
|
||||||
|
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||||
|
# upstreamMirrorStartFrom: ["0", "34", "2"]
|
||||||
|
registry: "registry.opencode.de"
|
||||||
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-update-univention-object-identifier"
|
||||||
|
tag: "0.34.2@sha256:137dc06ef02ea4962f5bd55c093153eead2b9f2d204cfc26fd44bc77397b9461"
|
||||||
nubusNats:
|
nubusNats:
|
||||||
# providerCategory: 'Community'
|
# providerCategory: 'Community'
|
||||||
# providerResponsible: 'Univention'
|
# providerResponsible: 'Univention'
|
||||||
@@ -522,7 +542,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
|
||||||
tag: "0.67.0@sha256:da28ce84d97b78027eafbe0bcf8286a333efffdfc52a8abe852caed9d8cde339"
|
tag: "0.70.0@sha256:0120cca997eddcd6b9a5f0b9d6fb39ac2ffb118357380c28ab5352c16130a873"
|
||||||
nubusOpendeskExtension:
|
nubusOpendeskExtension:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -558,7 +578,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "10", "0"]
|
# upstreamMirrorStartFrom: ["0", "10", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
|
||||||
tag: "0.11.0@sha256:2cb5a9683b6ff81b995a5c71da52c2ff8177b662bb0be8f11e9cd0c6b48d8a11"
|
tag: "0.11.1@sha256:e57df5c02d0480ccf1d299964e3c676d92440d5e959b4f587945f08624da3ae9"
|
||||||
nubusPortalConsumer:
|
nubusPortalConsumer:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -568,7 +588,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "27", "0"]
|
# upstreamMirrorStartFrom: ["0", "27", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
|
||||||
tag: "0.67.1@sha256:580adf9079d27f53f6efd0c519252c7855f6907e3badc033b994165856b16126"
|
tag: "0.70.0@sha256:09eed9e5a7066f69b5d6085541ca91538ca9519d765ec7109d6934a6e67ab7cc"
|
||||||
nubusPortalExtension:
|
nubusPortalExtension:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -596,7 +616,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
|
||||||
tag: "0.67.0@sha256:d9418c7a1db7541ced1e3034f45683c190bf63270c6ba8f3d67c1fe0ac2edb1a"
|
tag: "0.70.0@sha256:1331d5b5861574195f6bd0dfc3c8e1d6a2650b518e206a2815b682d43ab75d0b"
|
||||||
nubusProvisioningDispatcher:
|
nubusProvisioningDispatcher:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -606,7 +626,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
|
||||||
tag: "0.51.0@sha256:f0cea25f788ff565b883e50c6138874c6f0338e0f91c5f8a32595323059930ef"
|
tag: "0.56.0@sha256:324866b7a80e17c5a1a6bbc02163a14e084eecc86df1ece5b3e10d3344bbe1ad"
|
||||||
nubusProvisioningEventsAndConsumerApi:
|
nubusProvisioningEventsAndConsumerApi:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -616,7 +636,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
|
||||||
tag: "0.51.0@sha256:66fec83fd5033cf32cd759e9c73f7ae659a4ec45a433f13417a12e007b1d4db6"
|
tag: "0.56.0@sha256:37d8ac54a9d06685e4536f6f349a51efc0f51a5a06d2503333918377cb7fed37"
|
||||||
nubusProvisioningPrefill:
|
nubusProvisioningPrefill:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -626,7 +646,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
|
||||||
tag: "0.51.0@sha256:ff04d8cec6ecc0b33cdea164e1ba1222c90ed9fe8370057a58329b4521e56de1"
|
tag: "0.56.0@sha256:76b6f556a8baec164ee060104d85b9641bd6f17342d40a53943eea03fd432343"
|
||||||
nubusProvisioningUdmListener:
|
nubusProvisioningUdmListener:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -636,7 +656,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
|
||||||
tag: "0.51.0@sha256:5f0bba855945da2fa97d40b0fe51a14e3495b0b6da83562def6a6fcf4c21c059"
|
tag: "0.56.0@sha256:e89f2094f245b70ffa198942ae4310e5784b61099ac80f427659a28706b509f5"
|
||||||
nubusProvisioningUdmTransformer:
|
nubusProvisioningUdmTransformer:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -646,7 +666,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
|
||||||
tag: "0.51.0@sha256:ce9c312699ebe42c2e1df0d6caf150dfda1e4cc3fc1aaebe62c9ea5de8c11780"
|
tag: "0.56.0@sha256:4bb855be7a1b9abb8c6ae07afd9c35acb6d7aaad80d36c1132e054fe1bdd0156"
|
||||||
nubusSelfServiceConsumer:
|
nubusSelfServiceConsumer:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -656,7 +676,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "3", "2"]
|
# upstreamMirrorStartFrom: ["0", "3", "2"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
|
||||||
tag: "0.15.0@sha256:a7c4c097029de8903e3c2eee2082d740b5352dcc7a7a2a3c330bd9ebd7ad5b62"
|
tag: "0.17.0@sha256:00e6124eecc1b763326023ecaf9702053e24b39b20f5efbcd35dfaad642d2cda"
|
||||||
nubusUdmRestApi:
|
nubusUdmRestApi:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -666,7 +686,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "9", "3"]
|
# upstreamMirrorStartFrom: ["0", "9", "3"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
|
||||||
tag: "0.30.0@sha256:9503666bac5f44a1d7cb6f17c6fd11a7d6976bc9059938596b6ac9f7bb581ca5"
|
tag: "0.37.1@sha256:a0508191a52ed9c388e0574cf6a97031fdfffcff95ab8ca3e4231c795d3a68df"
|
||||||
nubusUmcGateway:
|
nubusUmcGateway:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -676,7 +696,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
|
||||||
tag: "0.43.1@sha256:e1f23a199e1e35667e2ba6a45866bcb6d37bc2b13f3b8134e511ae95973c743b"
|
tag: "0.47.1@sha256:71d1fb00a28a7cc83e1a8a675b8e9dc3ff67b1d7f366b2d60f9623fdb5f6e419"
|
||||||
nubusUmcServer:
|
nubusUmcServer:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -686,7 +706,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
|
||||||
tag: "0.43.1@sha256:1aef76db446164c3ffaeaf233e9ef6303ebb1609b47f918ac4ab6714abf95283"
|
tag: "0.47.1@sha256:8f451e7b50c6a32a8d4bad5959a103e34e3ae8d0bef2fe3df2dc8fbe7ae9c1b6"
|
||||||
nubusUmcServerProxy:
|
nubusUmcServerProxy:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -704,7 +724,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
|
||||||
tag: "0.30.0@sha256:fa804c2a10aa42439bf3f388007d7e55c046d6da6dc8a74c27f5a989fd422c8d"
|
tag: "0.33.0@sha256:7e0e5e93422b2e99915d95d674ab37a8f9c79c0b8f1ebf69c2e7706bb718ae75"
|
||||||
opendeskKeycloakBootstrap:
|
opendeskKeycloakBootstrap:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -730,7 +750,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["13", "1", "1"]
|
# upstreamMirrorStartFrom: ["13", "1", "1"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
|
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
|
||||||
tag: "16.0.1@sha256:c5b1172aed7e5e5ae21cca915e3349cc67fdf1366c9ded3c94db1ae5084e3841"
|
tag: "16.1.1@sha256:2fe8a7d1cab42611b01f4ca20ce7179a0637477f2882364b4a1cfdebde9ecd6f"
|
||||||
openprojectBootstrap:
|
openprojectBootstrap:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -774,7 +794,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "51"]
|
# upstreamMirrorStartFrom: ["8", "20", "51"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
|
||||||
tag: "8.37.69@sha256:dc06c7d9880505ad44ec7892ddf8f379fcd5f106ba1508436501c8f6e94dddb3"
|
tag: "8.38.73@sha256:610d4bab888e5749ff918a782ba1c33ed4aa8da9e13d5be4ad71ca2f698d4044"
|
||||||
openxchangeCoreUI:
|
openxchangeCoreUI:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -784,7 +804,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "1"]
|
# upstreamMirrorStartFrom: ["8", "20", "1"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
|
||||||
tag: "8.37.1@sha256:eb30e03a5976d57a62d00a613336631d46bffc84c0d67e422f062635669f6b62"
|
tag: "8.38.1@sha256:77bf250df7ac465006576d5e1e0a8420ce6d0fce622b749c6da318793b88490c"
|
||||||
openxchangeCoreUIMiddleware:
|
openxchangeCoreUIMiddleware:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -804,7 +824,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "799279"]
|
# upstreamMirrorStartFrom: ["8", "20", "799279"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
|
||||||
tag: "8.37.1354160@sha256:226b210268cd3c9b13a84a2ca1168e1ab08b62e19bccd3129adad7ffca514655"
|
tag: "8.38.1408226@sha256:1a18c6c7b6a7a0f16376a9c298e65a13a4b482f6df1351582250a88571f1fa73"
|
||||||
openxchangeDocumentConverter:
|
openxchangeDocumentConverter:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -814,7 +834,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
|
||||||
tag: "8.37.1818@sha256:d9dc76ac6b24987c1fc0d95ffd81b3d594f7f34aa38a687b98c738bdcd110928"
|
tag: "8.38.1817@sha256:d7537574765e19e7c9e13fe936c1a4c69b39bda216abcd000dad9f93fbb62f7b"
|
||||||
openxchangeGotenberg:
|
openxchangeGotenberg:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -844,7 +864,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
|
||||||
tag: "8.37.2089@sha256:8109351da173fa836d5559973103c8890e6a6e2514866675387bbf4d49606917"
|
tag: "8.38.2105@sha256:9c79f29712c5a5479bc1a08e127c65415a50a63954b244c1d34a570f5f3ed1f6"
|
||||||
openxchangeNextcloudIntegrationUI:
|
openxchangeNextcloudIntegrationUI:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
|
|||||||
@@ -55,4 +55,14 @@ objectstores:
|
|||||||
username: "openproject_user"
|
username: "openproject_user"
|
||||||
pathStyle: true
|
pathStyle: true
|
||||||
useIamProfile: false
|
useIamProfile: false
|
||||||
|
openxchange:
|
||||||
|
bucket: "openxchange"
|
||||||
|
endpoint: ""
|
||||||
|
# Size in MB
|
||||||
|
maxSize: 100000
|
||||||
|
region: ""
|
||||||
|
secretKey: ""
|
||||||
|
storageClass: "STANDARD"
|
||||||
|
username: "openxchange_user"
|
||||||
|
useSSL: true
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -36,6 +36,14 @@ persistence:
|
|||||||
nubusProvisioningNats:
|
nubusProvisioningNats:
|
||||||
size: "1Gi"
|
size: "1Gi"
|
||||||
storageClassName: ~
|
storageClassName: ~
|
||||||
|
# This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string
|
||||||
|
# to avoid issues during the upgrade modifying an existing PV, as the migrations in 1.6 required a smooth
|
||||||
|
# Nubus deployment.
|
||||||
|
# In a later openDesk release we will advise in the migrations.md to explicitly set this on existing deployments
|
||||||
|
# to the default storage class.
|
||||||
|
nubusUdmListener:
|
||||||
|
size: "1Gi"
|
||||||
|
#storageClassName: ""
|
||||||
oxConnector:
|
oxConnector:
|
||||||
size: "1Gi"
|
size: "1Gi"
|
||||||
storageClassName: ~
|
storageClassName: ~
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ repositories:
|
|||||||
# Higher precedence than `global.imageRegistry`
|
# Higher precedence than `global.imageRegistry`
|
||||||
helm:
|
helm:
|
||||||
registryOpencodeDe: ""
|
registryOpencodeDe: ""
|
||||||
registryOpencodeDeEnterprise: "registry.opencode.de"
|
registryOpencodeDeEnterprise: ""
|
||||||
# ClamAV registry settings
|
# ClamAV registry settings
|
||||||
clamav:
|
clamav:
|
||||||
auth: {}
|
auth: {}
|
||||||
|
|||||||
@@ -7,8 +7,8 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
secrets:
|
secrets:
|
||||||
cassandra:
|
cassandra:
|
||||||
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
|
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
|
||||||
dovecotDictmapUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_dictmap_user" | sha1sum | quote }}
|
|
||||||
dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }}
|
dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }}
|
||||||
|
dovecotDictmapUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_dictmap_user" | sha1sum | quote }}
|
||||||
oxAppSuite:
|
oxAppSuite:
|
||||||
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
|
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
|
||||||
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
|
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
|
||||||
@@ -82,6 +82,7 @@ secrets:
|
|||||||
nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }}
|
nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }}
|
||||||
notesUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "notes_user" | sha1sum | quote) }}
|
notesUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "notes_user" | sha1sum | quote) }}
|
||||||
openprojectUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "openproject_user" | sha1sum | quote) }}
|
openprojectUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "openproject_user" | sha1sum | quote) }}
|
||||||
|
openxchangeUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "openxchange_user" | sha1sum | quote) }}
|
||||||
umsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "ums_user" | sha1sum | quote) }}
|
umsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "ums_user" | sha1sum | quote) }}
|
||||||
keycloak:
|
keycloak:
|
||||||
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "adminPassword" | sha1sum | quote }}
|
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "adminPassword" | sha1sum | quote }}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{{/*
|
{{/*
|
||||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
*/}}
|
*/}}
|
||||||
---
|
---
|
||||||
@@ -19,7 +19,7 @@ cleanup:
|
|||||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||||
|
|
||||||
migrations:
|
migrations:
|
||||||
runId: 4
|
runId: 5
|
||||||
namespace: {{ .Values.apps.migrations.namespace | default .Release.Namespace | quote }}
|
namespace: {{ .Values.apps.migrations.namespace | default .Release.Namespace | quote }}
|
||||||
loglevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
|
loglevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
|
||||||
failOnUnexpectedState: true
|
failOnUnexpectedState: true
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ platforms:
|
|||||||
- "web"
|
- "web"
|
||||||
developmentStatus: "stable"
|
developmentStatus: "stable"
|
||||||
softwareVersion: "1.5.0"
|
softwareVersion: "1.5.0"
|
||||||
releaseDate: "2025-04-23"
|
releaseDate: "2025-06-16"
|
||||||
softwareType: "standalone/web"
|
softwareType: "standalone/web"
|
||||||
url: "https://gitlab.opencode.de/bmi/opendesk/"
|
url: "https://gitlab.opencode.de/bmi/opendesk/"
|
||||||
logo: ".opencode/openDesk-logo-rgb-color.svg"
|
logo: ".opencode/openDesk-logo-rgb-color.svg"
|
||||||
@@ -92,9 +92,37 @@ description:
|
|||||||
- ".opencode/screenshots/03-projekte-desktop.png"
|
- ".opencode/screenshots/03-projekte-desktop.png"
|
||||||
- ".opencode/screenshots/04-wiki-desktop.png"
|
- ".opencode/screenshots/04-wiki-desktop.png"
|
||||||
documentation: "https://docs.opendesk.eu/user"
|
documentation: "https://docs.opendesk.eu/user"
|
||||||
|
en:
|
||||||
|
features:
|
||||||
|
- "productivity"
|
||||||
|
- "collaboration"
|
||||||
|
- "communication"
|
||||||
|
genericName: "collaboration & communication"
|
||||||
|
shortDescription: >
|
||||||
|
The adaptable office and collaboration suite for the public administration.
|
||||||
|
longDescription: >
|
||||||
|
openDesk is the adaptable office and collaboration suite specifically developed to meet
|
||||||
|
the needs of the public administration.
|
||||||
|
|
||||||
|
|
||||||
|
Focusing on data sovereignty, security, and seamless collaboration, openDesk provides
|
||||||
|
all the familiar tools required for day-to-day administrative work. It brings together
|
||||||
|
all essential office applications under a single, user-friendly interface.
|
||||||
|
|
||||||
|
|
||||||
|
openDesk is the evolution of the “Sovereign Workplace,” an initiative by the
|
||||||
|
Federal Ministry of the Interior.
|
||||||
|
With openDesk, the public administration gains greater control over its digital tools
|
||||||
|
and can respond more flexibly to changing requirements.
|
||||||
|
Federal, state, and local authorities receive a comprehensive office solution that
|
||||||
|
works independently of specific providers, in any browser, and on all devices.
|
||||||
|
screenshots:
|
||||||
|
- ".opencode/screenshots/01-portal-desktop.png"
|
||||||
|
- ".opencode/screenshots/02-dateien-desktop.png"
|
||||||
|
- ".opencode/screenshots/03-projekte-desktop.png"
|
||||||
|
- ".opencode/screenshots/04-wiki-desktop.png"
|
||||||
usedBy:
|
usedBy:
|
||||||
- "Robert Koch-Institut"
|
- "Robert Koch-Institut"
|
||||||
- "Bundesamt für Seeschifffahrt und Hydrographie"
|
- "Bundesamt für Seeschifffahrt und Hydrographie"
|
||||||
- "Föderale IT-Kooperation (FITKO)"
|
- "Föderale IT-Kooperation (FITKO)"
|
||||||
- "ZenDiS"
|
- "ZenDiS"
|
||||||
...
|
|
||||||
|
|||||||
Reference in New Issue
Block a user