mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
16 Commits
tkaltenbru
...
hermann/fe
| Author | SHA1 | Date | |
|---|---|---|---|
|
09c1a03764 | ||
|
|
f75c0d90f2 | ||
|
|
9c50e18173 | ||
|
|
a3b9e6067f | ||
|
|
355f6a1faf | ||
|
|
7600e17304 | ||
|
|
883b0283f4 | ||
|
|
1320ac3c6c | ||
|
|
317e656a4f | ||
|
|
fe19a02aa2 | ||
|
|
ee2b082664 | ||
|
|
0ff7a9ba5e | ||
|
|
2e3bbc7f99 | ||
|
|
1e22a455a2 | ||
|
|
5fc2395106 | ||
|
|
db1c826abb |
@@ -1,81 +1,57 @@
|
||||
## 📌 Summary
|
||||
# 🪲 Bugfix
|
||||
|
||||
Brief description of the issue and what this MR resolves.
|
||||
*Expected MR Title and git commit message*
|
||||
*`fix(<app-name>): <Short description of what has been fixed>`*
|
||||
|
||||
> Example:
|
||||
> Fixes a bug where users were unable to save their profile due to a missing field validation.
|
||||
|
||||
---
|
||||
|
||||
## ✅ Changes
|
||||
|
||||
Explain for the reviewer how the change addresses the issue:
|
||||
Explain for the reviewer how the change addresses the issue, providing some insights on the underlaying cause of the bug.
|
||||
|
||||
- Fixed null check on user input
|
||||
- Added unit test for edge case
|
||||
- Updated error handling in the `ProfileService`
|
||||
- ...
|
||||
|
||||
---
|
||||
## 🧪 How to reproduce & test
|
||||
|
||||
## 🧪 Analysis
|
||||
Provida a link to the issue or document the required details below.
|
||||
In case it is a GitLab issue, reference it at the end of the commit message in square brackets, like `[#123]`
|
||||
|
||||
Explain the **underlying cause** of the bug:
|
||||
### Before the Fix
|
||||
|
||||
- What was the unexpected behavior?
|
||||
- Why did it happen?
|
||||
- Where in the code or logic did it occur?
|
||||
1. ...
|
||||
|
||||
---
|
||||
### After the Fix
|
||||
|
||||
## 📚 Related Issue(s)
|
||||
Provide steps for QA or reviewers to test the fix and mention anything reviewers should be aware of:
|
||||
|
||||
- Should be listed as part of the commit message.
|
||||
- Fixes #[issue-number]
|
||||
- Related to #[optional additional issues]
|
||||
1. ...
|
||||
|
||||
## 🧪 How to Reproduce & Test
|
||||
## 🔄 Requirements for migrations
|
||||
|
||||
Link to issue or document the required details below.
|
||||
- [ ] Describe manual steps required to update existing deployments. This especially applies if this MR introduces breaking changes:
|
||||
- [ ] Any other considerations in context of the update:
|
||||
|
||||
### Before the Fix:
|
||||
# Checklist / Sign-offs
|
||||
|
||||
1. Go to `/profile/edit`
|
||||
2. Leave the "email" field empty
|
||||
3. Click "Save"
|
||||
4. Observe 500 server error
|
||||
## 🏷️ Labels
|
||||
|
||||
### After the Fix:
|
||||
Set labels:
|
||||
|
||||
1. Same steps as above
|
||||
2. Now see appropriate validation message
|
||||
3. No server error occurs
|
||||
```
|
||||
/label ~"MR-Type::Bugfix"
|
||||
/label ~"PO::👀"
|
||||
/label ~"Tech Lead::👀"
|
||||
/label ~"QA::👀"
|
||||
/label ~"Testautomation::👀"
|
||||
```
|
||||
|
||||
---
|
||||
# 👷 Developer Checklist
|
||||
|
||||
## Checklist / Sign-offs
|
||||
- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
|
||||
- [ ] No.
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
### 💿 CI/CD
|
||||
|
||||
- [ ] CI pipeline passes for all jobs
|
||||
- [ ] Linting and formatting checks pass
|
||||
- [ ] Review app (if used) reflects fix correctly
|
||||
|
||||
### 🖥 QA & Product
|
||||
|
||||
Set related labels on the MR for
|
||||
|
||||
- [ ] `PO::👀`
|
||||
- [ ] `Tech Lead::👀`
|
||||
- [ ] `Testautomation::👀`
|
||||
- [ ] `QA::👀`
|
||||
|
||||
---
|
||||
|
||||
## 👷 Developer Checklist
|
||||
|
||||
- [ ] Code builds and passes linting
|
||||
- [ ] Tests added or updated
|
||||
- [ ] Verified fix locally
|
||||
- [ ] Regression testing done for related functionality
|
||||
- [ ] No new warnings or errors in logs
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the fix is working as expected, also in upgrade scenarios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
--> Link to comment:
|
||||
|
||||
@@ -1 +1,8 @@
|
||||
Please select one of the templates, in case your contribution contains more than a **simple** typo fix.
|
||||
Thank you for your contribution!
|
||||
|
||||
Please follow these simple guidelines to continue:
|
||||
|
||||
- Create MRs early and use the "draft" state to show that this MR isn't ready for review and merge.
|
||||
- Flag the MR "ready" as soon as it can be reviewed and QA'd.
|
||||
- Always assign the MR to yourself and set somebody from the development team as reviewer. If you do not know whom to chose leave the reviewer empty.
|
||||
- Select one of the templates in case your contribution contains more than simple documentation updates and follow the templates instructions.
|
||||
|
||||
@@ -1,74 +1,47 @@
|
||||
## 📌 Summary
|
||||
# ⬆️ Feature
|
||||
|
||||
Briefly describe what this feature MR does and why it’s needed.
|
||||
|
||||
> Example:
|
||||
> Adds user profile editing capabilities to the dashboard. This enables users to update their personal information without admin intervention.*
|
||||
|
||||
---
|
||||
*Expected MR Title and git commit message*
|
||||
*`feat(<app-name>): <Short description of the new feature>`*
|
||||
|
||||
## ✅ Changes
|
||||
|
||||
List the key changes made in this MR:
|
||||
|
||||
- Added new route /profile/edit
|
||||
- Created `ProfileEditForm` component
|
||||
- Integrated with backend API for user updates
|
||||
- Added unit tests and basic form validation
|
||||
|
||||
---
|
||||
- ...
|
||||
|
||||
## 🧪 Tests
|
||||
|
||||
Provide steps for QA or reviewers to test the feature.
|
||||
Provide steps for QA or reviewers to test the feature and mention anything reviewers should be aware of:
|
||||
|
||||
1. Login as any user
|
||||
2. Navigate to `/profile/edit`
|
||||
3. Update profile info and save
|
||||
4. Verify changes are persisted and reflected in the UI
|
||||
- ...
|
||||
|
||||
---
|
||||
## 🔄 Requirements for migrations
|
||||
|
||||
## 📚 Related Issue(s)
|
||||
- [ ] Describe manual steps required to update existing deployments. This especially applies if this MR introduces breaking changes:
|
||||
- [ ] Any other considerations in context of the update:
|
||||
|
||||
- Closes #[issue number]
|
||||
- Depends on #[merge request or issue, if any]
|
||||
# Checklist / Sign-offs
|
||||
|
||||
---
|
||||
## 🏷️ Labels
|
||||
|
||||
## 🕵️ Notes for Reviewer
|
||||
Set labels:
|
||||
|
||||
Mention anything reviewers should be aware of:
|
||||
```
|
||||
/label ~"MR-Type::Feature"
|
||||
/label ~"PO::👀"
|
||||
/label ~"Tech Lead::👀"
|
||||
/label ~"QA::👀"
|
||||
/label ~"Testautomation::👀"
|
||||
```
|
||||
|
||||
- Known issues or limitations
|
||||
- Code sections that may need special attention
|
||||
- Design considerations or edge cases handled
|
||||
# 👷 Developer Checklist
|
||||
|
||||
---
|
||||
- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
|
||||
- [ ] No.
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
## Checklist / Sign-offs
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the feature is working as expected, also in upgrade scenarios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
### 💿 CI/CD
|
||||
|
||||
- [ ] CI pipeline passes for all jobs
|
||||
- [ ] Linting and formatting checks pass
|
||||
- [ ] Review app (if used) reflects fix correctly
|
||||
|
||||
### 🖥 QA & Product
|
||||
|
||||
Set related labels on the MR for
|
||||
|
||||
- [ ] `PO::👀`
|
||||
- [ ] `Tech Lead::👀`
|
||||
- [ ] `Testautomation::👀`
|
||||
- [ ] `QA::👀`
|
||||
|
||||
---
|
||||
|
||||
## 👷 Developer Checklist
|
||||
|
||||
- [ ] Code builds and passes linting
|
||||
- [ ] Tests added or updated
|
||||
- [ ] Verified fix locally
|
||||
- [ ] Regression testing done for related functionality
|
||||
- [ ] No new warnings or errors in logs
|
||||
--> Link to comment:
|
||||
|
||||
@@ -1,33 +1,41 @@
|
||||
## 📌 Summary
|
||||
# 🎉 Other
|
||||
|
||||
Provide a concise summary of **what** this MR does and **why**.
|
||||
|
||||
> Example:
|
||||
> This MR updates the CI configuration to cache NPM dependencies and reduce pipeline execution time.
|
||||
|
||||
---
|
||||
*Expected MR Title and git commit message*
|
||||
*`fix(<component>): <Short description of what has been changed>`*
|
||||
|
||||
## ✅ Changes
|
||||
|
||||
List the key updates made:
|
||||
Explain for the reviewer and QA the reason for the MR and what changes are included.
|
||||
|
||||
- ...
|
||||
- ...
|
||||
|
||||
---
|
||||
## 🔄 Requirements for migrations
|
||||
|
||||
## 🧪 Tests (if applicable)
|
||||
- [ ] Describe manual steps required to update existing deployments. This especially applies if this MR introduces breaking changes:
|
||||
- [ ] Any other considerations in context of the update:
|
||||
|
||||
Explain how reviewers or CI can verify the change works as intended.
|
||||
# Checklist / Sign-offs
|
||||
|
||||
> Example:
|
||||
>- For CI: Check job `build:frontend` completes in <3 mins.
|
||||
>- For docs: View rendered markdown locally or in GitLab.
|
||||
## 🏷️ Labels
|
||||
|
||||
---
|
||||
Set labels:
|
||||
|
||||
## 🧾 Checks
|
||||
```
|
||||
/label ~"MR-Type::Other"
|
||||
/label ~"PO::👀"
|
||||
/label ~"Tech Lead::👀"
|
||||
/label ~"QA::👀"
|
||||
/label ~"Testautomation::👀"
|
||||
```
|
||||
|
||||
- [ ] CI passes
|
||||
- [ ] No functional changes
|
||||
- [ ] Verified (if needed)
|
||||
# 👷 Developer Checklist
|
||||
|
||||
- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
|
||||
- [ ] No.
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the change is working as expected, also in upgrade scenarios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
--> Link to comment:
|
||||
|
||||
@@ -1,49 +1,41 @@
|
||||
## ⬆️ Application Update
|
||||
# ⬆️ Application Update
|
||||
|
||||
Expected MR Title and git commit message:
|
||||
*Expected MR Title and git commit message*
|
||||
*`feat/fix(<app-name>): Update from <old-version> to <new-version>`*
|
||||
|
||||
`feat/fix(<app-name>): Update from <old-version> to <new-version>`
|
||||
## 📋 Changelog/Release Notes
|
||||
|
||||
### 📋 Changelog/Release Notes
|
||||
- [ ] [README.md](../../README.md) component table updated including the link to the related release notes
|
||||
- [ ] Provide significant improvements you'd like to see in the openDesk release notes. If you have a lot of details to provide or someone else is providing the details, please use a comment on the MR and link the comment in here.
|
||||
|
||||
- [ ] Upstream release notes: `[link]`
|
||||
- [ ] No breaking changes (or listed below)
|
||||
- [ ] Relevant changes communicated (if needed)
|
||||
## 🔄 Requirements for migrations
|
||||
|
||||
---
|
||||
- [ ] Minimum version of the application required in existing depoyments to update/upgrade:
|
||||
- [ ] Describe manual steps required to update existing deployments. This especially applies if the upgrade includes any breaking changes:
|
||||
- [ ] Any other considerations in context of the update:
|
||||
|
||||
### 🔄 Migrations to Run (if any)
|
||||
# Checklist / Sign-offs
|
||||
|
||||
Describe any migrations that need to be performed when upgrading to this application version.
|
||||
## 🏷️ Labels
|
||||
|
||||
- [ ] Database migrations
|
||||
- [ ] Configuration changes
|
||||
- [ ] Cache clears / rebuilds
|
||||
- [ ] Other: _describe_
|
||||
Set labels:
|
||||
|
||||
## Checklist / Sign-offs
|
||||
|
||||
### 💿 CI/CD
|
||||
|
||||
- [ ] CI pipeline passes for all jobs
|
||||
- [ ] Linting and formatting checks pass
|
||||
- [ ] Review app (if used) reflects fix correctly
|
||||
|
||||
### 🖥 QA & Product
|
||||
|
||||
Set related labels on the MR for
|
||||
|
||||
- [ ] `PO::👀`
|
||||
- [ ] `Tech Lead::👀`
|
||||
- [ ] `Testautomation::👀`
|
||||
- [ ] `QA::👀`
|
||||
|
||||
---
|
||||
```
|
||||
/label ~"MR-Type::AppUpdate"
|
||||
/label ~"PO::👀"
|
||||
/label ~"Tech Lead::👀"
|
||||
/label ~"QA::👀"
|
||||
/label ~"Testautomation::👀"
|
||||
```
|
||||
|
||||
## 👷 Developer Checklist
|
||||
|
||||
- [ ] Code builds and passes linting
|
||||
- [ ] Tests added or updated
|
||||
- [ ] Verified fix locally
|
||||
- [ ] Regression testing done for related functionality
|
||||
- [ ] No new warnings or errors in logs
|
||||
- Does the MR include new bits and pieces (e.g. new secrets) that require documentation?
|
||||
- [ ] No.
|
||||
- [ ] Yes, and the documentation was updated accordingly.
|
||||
|
||||
Document in an extra comment and link to that comment:
|
||||
- [ ] How you verified the update is working as expected, also in upgrade scenarios.
|
||||
- [ ] Any regression testing done.
|
||||
|
||||
--> Link to comment:
|
||||
|
||||
@@ -146,7 +146,7 @@ OPENDESK_ENTERPRISE=true
|
||||
|
||||
With openDesk EE you get access to the related artifact registry owned by ZenDiS.
|
||||
|
||||
Three steps are required to access the registry - for step #1 and #2 you can set some variables. Below, you can define `<your_name_for_the_secret>` freely, like `enterprise-secret`, as long as it consistent in step #1 and #3.
|
||||
Three steps are required to access the registry - for step 1 and 2 you can set some variables. Below, you can define `<your_name_for_the_secret>` freely, like `enterprise-secret`, as long as it consistent in step 1 and 3.
|
||||
|
||||
```shell
|
||||
NAMESPACE=<your_namespace>
|
||||
|
||||
@@ -38,9 +38,9 @@ openDesk currently features the following functional main components:
|
||||
| Collaborative notes | Notes (aka Docs) | MIT | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1) | Online documentation/welcome document available in installed application |
|
||||
| Diagram editor | CryptPad ft. diagrams.net | AGPL-3.0-only | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||
| File management | Nextcloud | AGPL-3.0-or-later | [31.0.6](https://nextcloud.com/de/changelog/#31-0-6) | [Nextcloud 31](https://docs.nextcloud.com/) |
|
||||
| Groupware | OX App Suite | GPL-2.0-only (backend), AGPL-3.0-or-later (frontend) | [8.38](https://documentation.open-xchange.com/appsuite/releases/8.38/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Groupware | OX App Suite | GPL-2.0-only (backend), AGPL-3.0-or-later (frontend) | [8.39](https://documentation.open-xchange.com/appsuite/releases/8.39/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Knowledge management | XWiki | LGPL-2.1-or-later | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.11.2](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/changelog.html#version-1-11-2-2025-07-10) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Portal & IAM | Nubus | AGPL-3.0-or-later | [1.12.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.12.html#version-1-12-0-2025-07-31) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Project management | OpenProject | GPL-3.0-only | [16.2.0](https://www.openproject.org/docs/release-notes/16-2-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | Apache-2.0 | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | MPL-2.0 | [25.04.2](https://www.collaboraoffice.com/code-25-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
|
||||
@@ -443,7 +443,7 @@ While the IAM manages users centrally, some applications come with local account
|
||||
| Element | `uvs` | The account for the "User Verification Service". It is used by Jitsi integrated into Element. | `secrets.matrixUserVerificationService.password` |
|
||||
| | `meeting-bot` | Used by the Nordeck Meeting-Bot to manage meeting rooms in Synapse. | `secrets.matrixNeoDateFixBot.password` |
|
||||
| Nextcloud | `nextcloud` | Bootstrap the Nextcloud fileshare for OpenProject with `opendesk-openproject-bootstrap` job[^1]. | `secrets.nextcloud.adminPassword` |
|
||||
| OX App Suite | `admin` | OX-Connector to provision context, users, groups etc. | `secrets.oxAppsuite.adminPassword` |
|
||||
| OX App Suite | `admin` | OX Connector to provision context, users, groups etc. | `secrets.oxAppsuite.adminPassword` |
|
||||
| OpenProject | set in `secrets.openproject.apiAdminUsername` | Bootstrap the Nextcloud fileshare for OpenProject with `opendesk-openproject-bootstrap` job[^1]. | `secrets.openproject.apiAdminPassword` |
|
||||
| XWiki | `superadmin` | Only available with `debug.enabled: true`, can be used for interactive login using `/bin/view/Main/?oidc.skipped=true`. | `secrets.xwiki.superadminpassword` |
|
||||
|
||||
|
||||
@@ -288,7 +288,7 @@ The following are the APIs used by the Groupware application:
|
||||
| In openDesk provided by | OX AppSuite Middleware |
|
||||
| Transport protocol | HTTP(S) |
|
||||
| Usage within component | none |
|
||||
| Usage within openDesk | OX-Connector synchronizes the state of the objects (users, groups etc.) managed in the LDAP. |
|
||||
| Usage within openDesk | OX Connector synchronizes the state of the objects (users, groups etc.) managed in the LDAP. |
|
||||
| Usage for external integration | none |
|
||||
| Parallel access | Allowed |
|
||||
| Message protocol | XML based, exactly following the format of Java RMI. |
|
||||
|
||||
@@ -66,52 +66,58 @@ XWiki,PersistentVolume,1
|
||||
|
||||
# Details
|
||||
|
||||
| Application | Data Storage | Backup | Content | Identifier | Details |
|
||||
|----------------------|--------------|----------|--------------------------------------------------------------------------------------------|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
|
||||
| **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` |
|
||||
| **Dovecot** | PVC | Yes | User mail directories (openDesk CE only, openDesk EE uses Dovecot Pro with Object Storage) | `dovecot` | `/srv/mail` |
|
||||
| **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | |
|
||||
| | PVC | Yes | Attachments | `media-opendesk-synapse-0` | `/media` |
|
||||
| | | Yes | Sync and state data | `matrix-neodatefix-bot` | `/app/storage` |
|
||||
| **Intercom-Service** | Redis | No | Shared session data | | |
|
||||
| **Jitsi** | PVC | Optional | Meeting recordings (feature not enabled in openDesk) | `prosody-data-jitsi-prosody-0` | `/config/data` |
|
||||
| **Nextcloud** | PostgreSQL | Yes | Application's main database Meta-Data | `nextcloud` | |
|
||||
| | S3 | Yes | The Nextcloud managed user files | `nextcloud` | |
|
||||
| | Redis | No | Distributed caching, as well as transactional file locking | | |
|
||||
| **Nubus** | PostgreSQL | Yes | Main database for Nubus' IdP Keycloak | `keycloak` | |
|
||||
| | | Yes | Login actions and device-fingerprints | `keycloak_extensions` | |
|
||||
| | | Optional | Store of the temporary password reset token | `selfservice` | |
|
||||
| | | No | Notification features are not used in openDesk 1.1 | `notificationsapi` | |
|
||||
| | | No | Guardian features are currently not used in openDesk 1.1 | `guardianmanagementapi` | |
|
||||
| | S3 | No | Static files for Portal | `ums` | |
|
||||
| | PVC | Yes | openLDAP database (primary R/W Pods), when restore select the one from the leader | `shared-data-ums-ldap-server-primary-0` | `/var/lib/univention-ldap` |
|
||||
| | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` |
|
||||
| | | No | openLDAP database (secondary R/O Pods), secondaries can sync from the primary | `shared-data-ums-ldap-server-secondary-0` | `/var/lib/univention-ldap` |
|
||||
| | | No | openLDAP process data | `shared-run-ums-ldap-server-secondary-0` | `/var/run/slapd` |
|
||||
| | | Yes | The state of the listener | `data-ums-provisioning-udm-listener-0` | `/var/log/univention`<br>`/var/lib/univention-ldap/schema/id`<br>`/var/lib/univention-directory-listener` |
|
||||
| | | No | Cache | `group-membership-cache-ums-portal-consumer-0` | `/usr/share/univention-group-membership-cache/caches` |
|
||||
| | | Yes | Queued provisioning objects | `nats-data-ums-provisioning-nats-0` | `/data` |
|
||||
| | Memcached | No | Cache for UMC Server | | |
|
||||
| **OpenProject** | PostgreSQL | Yes | Application's main database | `openproject` | |
|
||||
| | S3 | Yes | Attachments, custom styles | `openproject` | |
|
||||
| | Memcached | No | Cache | | |
|
||||
| | PVC | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-*-tmp` | `/tmp` |
|
||||
| | | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-app-*-tmp` | `/app/tmp` |
|
||||
| **Open-Xchange** | MariaDB | Yes | Application's control database to coordiate dynamically created ones | `configdb` | |
|
||||
| | | Yes | Dynamically creates databases of schema `PRIMARYDB_n`containing multiple contexts | `PRIMARYDB_*` | |
|
||||
| | | Yes | OX Guard related settings | `oxguard*` | |
|
||||
| | Redis | Optional | Cache, session related data, distributed maps | | |
|
||||
| | PVC | Yes | OX-Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||
| | | Yes | OX-Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
||||
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
|
||||
| **XWiki** | PostgreSQL | Yes | Application's main database | `xwiki` | |
|
||||
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
|
||||
| Application | Data Storage | Backup | Content | (Default) Identifier | Details |
|
||||
|----------------------|--------------|----------|-----------------------------------------------------------------------------------|------------------------------------------------|-----------------------------------------------------------------------------------------------------------|
|
||||
| **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` |
|
||||
| **Dovecot** | PVC | Yes | openDesk CE only: User mail directories | `dovecot` | `/srv/mail` |
|
||||
| | S3 | Yes | openDesk EE only: User mail | `dovecot` | `dovecot` |
|
||||
| | Cassandra | Yes | openDesk EE only: Metadata and ACLs | `dovecot_dictmap`, `dovecot_acl` |
|
||||
| **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | |
|
||||
| | PVC | Yes | Attachments | `media-opendesk-synapse-0` | `/media` |
|
||||
| | | Yes | Sync and state data | `matrix-neodatefix-bot` | `/app/storage` |
|
||||
| **Intercom-Service** | Redis | No | Shared session data | | |
|
||||
| **Jitsi** | PVC | Optional | Meeting recordings (feature not enabled in openDesk) | `prosody-data-jitsi-prosody-0` | `/config/data` |
|
||||
| **Nextcloud** | PostgreSQL | Yes | Application's main database Meta-Data | `nextcloud` | |
|
||||
| | S3 | Yes | The Nextcloud managed user files | `nextcloud` | |
|
||||
| | Redis | No | Distributed caching, as well as transactional file locking | | |
|
||||
| **Nubus** | PostgreSQL | Yes | Main database for Nubus' IdP Keycloak | `keycloak` | |
|
||||
| | | Yes | Login actions and device-fingerprints | `keycloak_extensions` | |
|
||||
| | | Optional | Store of the temporary password reset token | `selfservice` | |
|
||||
| | | No | Notification features are not used in openDesk 1.1 | `notificationsapi` | |
|
||||
| | | No | Guardian features are currently not used in openDesk 1.1 | `guardianmanagementapi` | |
|
||||
| | S3 | No | Static files for Portal | `ums` | |
|
||||
| | PVC | Yes | openLDAP database (primary R/W Pods), when restore select the one from the leader | `shared-data-ums-ldap-server-primary-0` | `/var/lib/univention-ldap` |
|
||||
| | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` |
|
||||
| | | No | openLDAP database (secondary R/O Pods), secondaries can sync from the primary | `shared-data-ums-ldap-server-secondary-0` | `/var/lib/univention-ldap` |
|
||||
| | | No | openLDAP process data | `shared-run-ums-ldap-server-secondary-0` | `/var/run/slapd` |
|
||||
| | | Yes | The state of the listener | `data-ums-provisioning-udm-listener-0` | `/var/log/univention`<br>`/var/lib/univention-ldap/schema/id`<br>`/var/lib/univention-directory-listener` |
|
||||
| | | No | Cache | `group-membership-cache-ums-portal-consumer-0` | `/usr/share/univention-group-membership-cache/caches` |
|
||||
| | | Yes | Queued provisioning objects | `nats-data-ums-provisioning-nats-0` | `/data` |
|
||||
| | Memcached | No | Cache for UMC Server | | |
|
||||
| **OpenProject** | PostgreSQL | Yes | Application's main database | `openproject` | |
|
||||
| | S3 | Yes | Attachments, custom styles | `openproject` | |
|
||||
| | Memcached | No | Cache | | |
|
||||
| | PVC | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-*-tmp` | `/tmp` |
|
||||
| | | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-app-*-tmp` | `/app/tmp` |
|
||||
| **Open-Xchange** | MariaDB | Yes | Application's control database to coordiate dynamically created ones | `configdb` | |
|
||||
| | | Yes | Dynamically creates databases of schema `PRIMARYDB_n`containing multiple contexts | `PRIMARYDB_*` | |
|
||||
| | | Yes | OX Guard related settings | `oxguard*` | |
|
||||
| | S3 | Yes | Attachments of meetings, contacts and tasks | `openxchange` | |
|
||||
| | Redis | Optional | Cache, session related data, distributed maps | | |
|
||||
| | PVC | Yes | OX Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
|
||||
| | | Yes | OX Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
|
||||
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
|
||||
| **XWiki** | PostgreSQL | Yes | Application's main database | `xwiki` | |
|
||||
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
|
||||
|
||||
Additionally, the following persistent volumes are mounted by pods that serve as a data storage for the applications mentioned above.
|
||||
Additionally, the following persistent volumes are mounted by Pods that serve as a data storage for the applications mentioned above.
|
||||
|
||||
| Service | Pod | Volume Name | PVC | MountPath |
|
||||
| ---------- | ---------------- | ------------ | --------------------------- | --------------------- |
|
||||
| MariaDB | `mariadb-*` | `data` | `data-mariadb-0` | `/var/lib/mysql` |
|
||||
| MinIO | `minio-*-*` | `data` | `minio` | `/bitnami/minio/data` |
|
||||
| PostgreSQL | `postgresql-*` | `data` | `data-postgresql-0` | `/mnt/postgresql` |
|
||||
| Redis | `redis-master-*` | `redis-data` | `redis-data-redis-master-0` | `/data` |
|
||||
These services are not ment for production use, so you can ignore these as you surely backup your production services instead.
|
||||
|
||||
| Service | Pod | Volume Name | PVC | MountPath | Comment |
|
||||
|------------|------------------|--------------|-----------------------------|-----------------------|------------------|
|
||||
| MariaDB | `mariadb-*` | `data` | `data-mariadb-0` | `/var/lib/mysql` | |
|
||||
| MinIO | `minio-*-*` | `data` | `minio` | `/bitnami/minio/data` | |
|
||||
| PostgreSQL | `postgresql-*` | `data` | `data-postgresql-0` | `/mnt/postgresql` | |
|
||||
| Redis | `redis-master-*` | `redis-data` | `redis-data-redis-master-0` | `/data` | |
|
||||
| Cassandra | `cassandra-*` | `data` | `data-cassandra-*` | `/bitnami/cassandra` | openDesk EE only |
|
||||
|
||||
@@ -355,12 +355,15 @@ Example: `tmueller/fix_jitsi_theming`.
|
||||
|
||||
Commit messages must adhere to the [Conventional Commit standard](https://www.conventionalcommits.org/en/v1.0.0/#summary). Commits that do not adhere to the standard get rejected by either [Gitlab push rules](https://docs.gitlab.com/ee/user/project/repository/push_rules.html) or the CI.
|
||||
|
||||
> **Note**<br>
|
||||
> The first letter after the `: ` must be uppercase.
|
||||
|
||||
```text
|
||||
<type>(<scope>): [path/to/issue#1] <short summary>.
|
||||
<type>(<scope>): <Short summary> [path/to/issue#1]
|
||||
│ │ │ │
|
||||
│ │ | └─> Summary in present tense, sentence case, with no period at the end
|
||||
│ │ | └─> Issue reference (optional)
|
||||
│ │ |
|
||||
│ │ └─> Issue reference (optional)
|
||||
│ │ └─> Summary in present tense, sentence case, with no period at the end
|
||||
│ │
|
||||
│ └─> Commit Scope: helmfile, docs, collabora, nextcloud, open-xchange, etc.
|
||||
│
|
||||
@@ -370,7 +373,7 @@ Commit messages must adhere to the [Conventional Commit standard](https://www.co
|
||||
Example: `fix(open-xchange): Bump to 8.26 to heal issue with functional mailbox provisioning.`
|
||||
|
||||
> **Note**<br>
|
||||
> The commit messages are an essential part of the [technical releases](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases) as the release's notes are generated from the messages.
|
||||
> The commit messages are an essential part of the [technical releases](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/releases) as the release notes are generated from these messages.
|
||||
|
||||
#### Verified commits
|
||||
|
||||
|
||||
@@ -77,7 +77,7 @@ With openDesk 1.0 Enterprise, you can set openDesk's email components (OX AppSui
|
||||
```
|
||||
secrets:
|
||||
oxAppSuite:
|
||||
adminPassword: "your_temporary_master_password"
|
||||
migrationsMasterPassword: "your_temporary_master_password"
|
||||
functional:
|
||||
migration:
|
||||
oxAppSuite:
|
||||
@@ -89,7 +89,7 @@ functional:
|
||||
|
||||
To validate the master authentication mode please read the appendix section at the end of the document.
|
||||
|
||||
Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppSuite.adminPassword` and need to turn off the migration mode by setting `functional.migration.oxAppSuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again.
|
||||
Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppSuite.migrationsMasterPassword` and need to turn off the migration mode by setting `functional.migration.oxAppSuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again.
|
||||
|
||||
> **Note**<br>
|
||||
> For the changes to take effect, it is sufficient to re-deploy the `open-xchange` component alone. But you have to restart the Dovecot Pod(s) manually when switching to/from the master authentication mode for the changes to take effect.
|
||||
|
||||
@@ -10,9 +10,14 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Deprecation warnings](#deprecation-warnings)
|
||||
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
|
||||
* [Manual checks/actions](#manual-checksactions)
|
||||
* [v1.7.0+](#v170)
|
||||
* [Pre-upgrade to v1.7.0+](#pre-upgrade-to-v170)
|
||||
* [Replace Helm chart: New Notes Helm chart with support for self-signed deployments](#replace-helm-chart-new-notes-helm-chart-with-support-for-self-signed-deployments)
|
||||
* [Post-upgrade to v1.7.0+](#post-upgrade-to-v170)
|
||||
* [Upstream fix: Provisioning of functional mailboxes](#upstream-fix-provisioning-of-functional-mailboxes)
|
||||
* [v1.6.0+](#v160)
|
||||
* [Pre-upgrade to v1.6.0+](#pre-upgrade-to-v160)
|
||||
* [Upstream contraint: Nubus' external secrets](#upstream-contraint-nubus-external-secrets)
|
||||
* [Upstream constraint: Nubus' external secrets](#upstream-constraint-nubus-external-secrets)
|
||||
* [Helmfile new secret: `secrets.minio.openxchangeUser`](#helmfile-new-secret-secretsminioopenxchangeuser)
|
||||
* [Helmfile new object storage: `objectstores.openxchange.*`](#helmfile-new-object-storage-objectstoresopenxchange)
|
||||
* [OX App Suite fix-up: Using S3 as storage for non mail attachments (pre-upgrade)](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-pre-upgrade)
|
||||
@@ -94,6 +99,8 @@ This section should provide you with an overview of what changes to expect in th
|
||||
|
||||
- `functional.portal.link*` (see `functional.yaml.gotmpl` for details) are going to be moved into the `theme.*` tree, we are also going to move the icons used for the links currently found under `theme.imagery.portalEntries` in this step.
|
||||
- We will explicitly set the [database schema configuration](https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Configuration/#HConfigurethenamesofdatabaseschemas) for XWiki to avoid the use of the `public` schema.
|
||||
- `persistance.storages.oxConnector.storageClassName` and `persistance.storages.nubusUdmListener.storageClassName` will be templated in Helmfile requiring you to template them explicitly if their current default values differs from the global value set in `persistence.storageClassNames.RWO`.
|
||||
- The currently used Helm chart for Notes will be replaced requiring some config updates.
|
||||
|
||||
# Automated migrations - Overview and mandatory upgrade path
|
||||
|
||||
@@ -117,11 +124,61 @@ If you would like more details about the automated migrations, please read secti
|
||||
|
||||
# Manual checks/actions
|
||||
|
||||
## v1.7.0+
|
||||
|
||||
### Pre-upgrade to v1.7.0+
|
||||
|
||||
#### Replace Helm chart: New Notes Helm chart with support for self-signed deployments
|
||||
|
||||
**Target group:** All deployments that set `app.notes.enabled: true` (default is `false`).
|
||||
|
||||
We replaced the Helm Chart used for the Notes (aka "Impress") deployment. If you have enabled Notes in your deployment, you must manually uninstall the old chart before upgrading to openDesk v1.7.0.
|
||||
|
||||
```shell
|
||||
helm uninstall -n <your_namespace> impress
|
||||
```
|
||||
|
||||
In case you are using `annotation.notes` they have to be moved into one of the remaining dicts, see [`annotations.yaml.gotmpl`](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/develop/helmfile/environments/default/annotations.yaml.gotmpl) for details:
|
||||
|
||||
```yaml
|
||||
annotation:
|
||||
notesBackend: {}
|
||||
notesFrontend: {}
|
||||
notesYProvider: {}
|
||||
```
|
||||
|
||||
### Post-upgrade to v1.7.0+
|
||||
|
||||
#### Upstream fix: Provisioning of functional mailboxes
|
||||
|
||||
**Target group:** Deployments with OX App Suite that make use of IAM maintained functional mailboxes.
|
||||
|
||||
The update of OX Connector included in openDesk 1.7.0 fixes an issue with the provisioning of IAM maintained functional mailboxes. If your deployment makes use of these mailboxes it is recommended to trigger a full sync of the OX App Suite provisioning by recreating the OX Connector's provisioning subscription using calls to the provisioning API that is temporary port-forwarded in the example below:
|
||||
|
||||
```shell
|
||||
export NAMESPACE=<your_namespace>
|
||||
export SUBSCRIPTION_NAME=ox-connector
|
||||
export SUBSCRIPTION_SECRET_NAME=ums-provisioning-ox-credentials
|
||||
export TEMPORARY_CONSUMER_JSON=$(mktemp)
|
||||
export PROVISIONING_API_POD_NAME=$(kubectl -n ${NAMESPACE} get pods --no-headers -o custom-columns=":metadata.name" | grep ums-provisioning-api | tr -d '\n')
|
||||
kubectl -n ${NAMESPACE} port-forward ${PROVISIONING_API_POD_NAME} 7777:7777 &
|
||||
export PROVISIONING_PORT_FORWARD_PID=$!
|
||||
sleep 10
|
||||
kubectl -n ${NAMESPACE} get secret ${SUBSCRIPTION_SECRET_NAME} -o json | jq '.data | map_values(@base64d)' | jq -r '."ox-connector.json"' > ${TEMPORARY_CONSUMER_JSON}.json
|
||||
export PROVISIONING_ADMIN_PASSWORD=$(kubectl -n ${NAMESPACE} get secret ums-provisioning-api-admin -o jsonpath='{.data.password}' | base64 --decode)
|
||||
# Delete the current subscription
|
||||
curl -o - -u "admin:${PROVISIONING_ADMIN_PASSWORD}" -X DELETE http://localhost:7777/v1/subscriptions/${SUBSCRIPTION_NAME}
|
||||
# Recreate the subscription
|
||||
curl -u "admin:${PROVISIONING_ADMIN_PASSWORD}" -H 'Content-Type: application/json' -d @${TEMPORARY_CONSUMER_JSON}.json http://localhost:7777/v1/subscriptions
|
||||
kill ${PROVISIONING_PORT_FORWARD_PID}
|
||||
rm ${TEMPORARY_CONSUMER_JSON}
|
||||
```
|
||||
|
||||
## v1.6.0+
|
||||
|
||||
### Pre-upgrade to v1.6.0+
|
||||
|
||||
#### Upstream contraint: Nubus' external secrets
|
||||
#### Upstream constraint: Nubus' external secrets
|
||||
|
||||
**Target group:** Operators that use external secrets for Nubus.
|
||||
|
||||
|
||||
@@ -175,6 +175,9 @@ configuration:
|
||||
token:
|
||||
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||
|
||||
# A sane default for windows clients would be: `* " | & ? , ; : \ / ~ < >`
|
||||
forbiddenChars: "* \" | & ? , ; : \\ / ~ < >"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
||||
@@ -1,285 +1,197 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry) (.Values.images.notesBackend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesBackend.tag }}
|
||||
credentials:
|
||||
name: {{ .Values.global.imagePullSecrets | first | quote }}
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.notes }}"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.notes }}"
|
||||
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}s"
|
||||
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.notes }}s"
|
||||
|
||||
ingressCollaborationWS:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
path: "/collaboration/ws/"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/enable-websocket: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
|
||||
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: null
|
||||
nginx.ingress.kubernetes.io/auth-url: null
|
||||
{{- with .Values.annotations.notes.ingressCollaborationWS }}
|
||||
{{ . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
ingressAdmin:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
{{ .Values.annotations.notes.ingressAdmin | toYaml | nindent 4 }}
|
||||
|
||||
ingressMedia:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
|
||||
nginx.ingress.kubernetes.io/auth-url: "https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/api/v1.0/documents/media-auth/"
|
||||
nginx.ingress.kubernetes.io/upstream-vhost: {{ .Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /{{ .Values.objectstores.notes.bucket }}/$1
|
||||
nginx.ingress.kubernetes.io/session-cookie-path: /media
|
||||
{{- with .Values.annotations.notes.ingressMedia }}
|
||||
{{ . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
ingressCollaborationApi:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
host: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
path: /collaboration/api/
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
annotations:
|
||||
{{ .Values.annotations.notes.ingressCollaborationAPI | toYaml | nindent 4 }}
|
||||
|
||||
serviceMedia:
|
||||
host: {{ .Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
port: {{ .Values.objectstores.notes.port | default 443 }}
|
||||
annotations:
|
||||
{{ .Values.annotations.notes.serviceMedia | toYaml | nindent 4 }}
|
||||
|
||||
frontend:
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesFrontend.registry) (.Values.images.notesFrontend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesFrontend.tag }}
|
||||
envVars:
|
||||
PORT: 8080
|
||||
NEXT_PUBLIC_API_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
NEXT_PUBLIC_MEDIA_URL: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
runtimeEnvs:
|
||||
ICS_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.intercomService .Values.global.domain | quote }}
|
||||
PORTAL_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
replicas: {{ .Values.replicas.notesFrontend }}
|
||||
resources:
|
||||
{{ .Values.resources.notesFrontend | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesFrontend | toYaml | nindent 6 }}
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesFrontend.pod | toYaml | nindent 4 }}
|
||||
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesFrontend.service | toYaml | nindent 6 }}
|
||||
|
||||
yProvider:
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.notesYProvider.registry) (.Values.images.notesYProvider.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesYProvider.tag }}
|
||||
resources:
|
||||
{{ .Values.resources.notesYProvider | toYaml | nindent 4 }}
|
||||
replicas: {{ .Values.replicas.notesYProvider }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
envVars:
|
||||
COLLABORATION_BACKEND_BASE_URL: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_LOGGING: {{ if .Values.debug.enabled }}"true"{{ else }}"false"{{ end }}
|
||||
COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
Y_PROVIDER_API_KEY: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesYProvider.pod | toYaml | nindent 4 }}
|
||||
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesYProvider.service | toYaml | nindent 6 }}
|
||||
|
||||
oidc:
|
||||
clientId: "opendesk-notes"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
|
||||
aiApiKey: {{ .Values.ai.apiKey }}
|
||||
aiBaseUrl: {{ .Values.ai.endpoint }}
|
||||
|
||||
djangoSuperUserEmail: "default.admin@{{ .Values.global.domain }}"
|
||||
djangoSuperUserPass: {{ .Values.secrets.notes.superuser }}
|
||||
djangoSecretKey: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
global:
|
||||
collaborationServerSecret:
|
||||
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
yProviderApiKey:
|
||||
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||
tlsSecretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
backend:
|
||||
image:
|
||||
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry) (.Values.images.notesBackend.repository) | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.notesBackend.tag }}
|
||||
replicas: {{ .Values.replicas.notesBackend }}
|
||||
envVars:
|
||||
DB_HOST: {{ .Values.databases.notes.host | quote }}
|
||||
DB_NAME: {{ .Values.databases.notes.name | quote }}
|
||||
DB_USER: {{ .Values.databases.notes.username | quote }}
|
||||
DB_PASSWORD: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
DB_PORT: {{ .Values.databases.notes.port | quote }}
|
||||
POSTGRES_DB: {{ .Values.databases.notes.name | quote }}
|
||||
POSTGRES_USER: {{ .Values.databases.notes.username | quote }}
|
||||
POSTGRES_PASSWORD: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
FRONTEND_THEME: "openDesk"
|
||||
REDIS_URL: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
|
||||
AWS_S3_ENDPOINT_URL: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
AWS_S3_ACCESS_KEY_ID: {{ .Values.objectstores.notes.username }}
|
||||
AWS_S3_SECRET_ACCESS_KEY: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
|
||||
AWS_STORAGE_BUCKET_NAME: {{ .Values.objectstores.notes.bucket }}
|
||||
DJANGO_CSRF_TRUSTED_ORIGINS: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
DJANGO_SITE_DOMAIN: {{ printf "%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
DJANGO_SITE_NAME: {{ printf "%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
DJANGO_CONFIGURATION: Production
|
||||
DJANGO_ALLOWED_HOSTS: "*"
|
||||
DJANGO_SECRET_KEY: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
DJANGO_SETTINGS_MODULE: impress.settings
|
||||
DJANGO_SUPERUSER_PASSWORD: {{ .Values.secrets.notes.superuser }}
|
||||
DJANGO_EMAIL_BRAND_NAME: "openDesk"
|
||||
DJANGO_EMAIL_LOGO_IMG: {{ printf "https://%s.%s/univention/portal/icons/entries/swp.notes.svg" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
DJANGO_EMAIL_FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
DJANGO_EMAIL_HOST: "postfix"
|
||||
DJANGO_EMAIL_PORT: 25
|
||||
DJANGO_EMAIL_USE_SSL: False
|
||||
DJANGO_EMAIL_HOST_USER: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
DJANGO_EMAIL_HOST_PASSWORD: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
DJANGO_EMAIL_USE_TLS: False
|
||||
OIDC_RP_CLIENT_ID: "opendesk-notes"
|
||||
OIDC_RP_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
OIDC_OP_JWKS_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
OIDC_OP_TOKEN_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
OIDC_OP_USER_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||
OIDC_OP_LOGOUT_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
|
||||
OIDC_RP_SIGN_ALGO: RS256
|
||||
OIDC_RP_SCOPES: "openid opendesk-notes-scope"
|
||||
OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
|
||||
OIDC_USERINFO_FULLNAME_FIELDS: "given_name,family_name"
|
||||
USER_OIDC_ESSENTIAL_CLAIMS: "email"
|
||||
OIDC_REDIRECT_ALLOWED_HOSTS: {{ printf "https://%s.%s/*" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{}"
|
||||
OIDC_RENEW_ID_TOKEN: "False"
|
||||
LOGIN_REDIRECT_URL: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
LOGIN_REDIRECT_URL_FAILURE: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
LOGOUT_REDIRECT_URL: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
AI_BASE_URL: {{ .Values.ai.endpoint | quote }}
|
||||
AI_API_KEY: {{ .Values.ai.apiKey | quote }}
|
||||
AI_MODEL: {{ .Values.ai.model | quote }}
|
||||
Y_PROVIDER_API_KEY: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
Y_PROVIDER_API_BASE_URL: {{ printf "https://%s.%s/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_API_URL: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_ORIGIN: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||
COLLABORATION_WS_URL: {{ printf "wss://%s.%s/collaboration/ws/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
FRONTEND_HOMEPAGE_FEATURE_ENABLED: False
|
||||
FRONTEND_FOOTER_FEATURE_ENABLED: False
|
||||
migrate:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
python manage.py migrate --no-input
|
||||
restartPolicy: Never
|
||||
|
||||
migrateJobAnnotations:
|
||||
{{ .Values.annotations.notesBackend.migrateJob | toYaml | nindent 4 }}
|
||||
|
||||
createsuperuser:
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
python manage.py createsuperuser --email default.admin@{{ .Values.global.domain }} --password {{ .Values.secrets.notes.superuser }}
|
||||
restartPolicy: Never
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesBackend.pod | toYaml | nindent 4 }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.notesBackend | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry | quote }}
|
||||
repository: {{ .Values.images.notesBackend.repository | quote }}
|
||||
pullPolicy: "IfNotPresent"
|
||||
tag: {{ .Values.images.notesBackend.tag | quote }}
|
||||
ingress:
|
||||
annotations:
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "{{ .Values.ingress.parameters.bodySize.notes }}"
|
||||
"nginx.ingress.kubernetes.io/proxy-read-timeout": "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
"nginx.ingress.kubernetes.io/proxy-send-timeout": "{{ .Values.ingress.parameters.bodyTimeout.notes }}"
|
||||
{{- if .Values.annotations.notesBackend.ingress }}
|
||||
{{ .Values.annotations.notesBackend.ingress | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
ingressAdmin:
|
||||
enabled: true
|
||||
annotations:
|
||||
{{ .Values.annotations.notesBackend.ingressAdmin | toYaml | nindent 6 }}
|
||||
replicaCount: {{ .Values.replicas.notesBackend }}
|
||||
containerSecurityContext:
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
|
||||
configuration:
|
||||
ai:
|
||||
apiKey:
|
||||
value: {{ .Values.ai.apiKey }}
|
||||
baseUrl: {{ .Values.ai.endpoint }}
|
||||
model: {{ .Values.ai.model | quote }}
|
||||
aws:
|
||||
endpointUrl: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
|
||||
s3AccessKeyId:
|
||||
value: {{ .Values.objectstores.notes.username }}
|
||||
s3SecretAccessKey:
|
||||
value: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
|
||||
storageBucketName: {{ .Values.objectstores.notes.bucket }}
|
||||
collaboration:
|
||||
apiUrl: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
wsUrl: {{ printf "wss://%s.%s/collaboration/ws/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
database:
|
||||
host: {{ .Values.databases.notes.host | quote }}
|
||||
name: {{ .Values.databases.notes.name | quote }}
|
||||
password:
|
||||
value: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||
port: {{ .Values.databases.notes.port | quote }}
|
||||
user:
|
||||
value: {{ .Values.databases.notes.username | quote }}
|
||||
email:
|
||||
brandName: "openDesk"
|
||||
from: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
host: "postfix"
|
||||
port: "25"
|
||||
logoImage: {{ printf "https://%s.%s/univention/portal/icons/entries/swp.notes.svg" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
user:
|
||||
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
password:
|
||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
oidc:
|
||||
enabled: true
|
||||
rpClientId:
|
||||
value: "opendesk-notes"
|
||||
rpClientSecret:
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
opJWKSEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
opUserEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||
opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
|
||||
rpScopes: "openid opendesk-notes-scope"
|
||||
loginRedirectUrl: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
loginRedirectUrlFailure: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
logoutRedirectUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
redirectAllowedHosts: {{ printf "https://%s.%s/*" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||
essentialClaims: "email"
|
||||
fullnameFields: "given_name,family_name"
|
||||
shortnameField: "given_name"
|
||||
django:
|
||||
secretKey:
|
||||
value: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||
createSuperuser: true
|
||||
superuserEmail:
|
||||
value: {{ printf "default.admin@%s" .Values.global.domain | quote }}
|
||||
superuserPassword:
|
||||
value: {{ .Values.secrets.notes.superuser }}
|
||||
frontendTheme: "openDesk"
|
||||
redisUrl:
|
||||
value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
|
||||
extraEnvVars:
|
||||
- name: "FRONTEND_HOMEPAGE_FEATURE_ENABLED"
|
||||
value: "False"
|
||||
- name: "FRONTEND_FOOTER_FEATURE_ENABLED"
|
||||
value: "False"
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesBackend.pod | toYaml | nindent 4 }}
|
||||
podAnnotationsCreateUser:
|
||||
{{ .Values.annotations.notesBackend.createUserJob | toYaml | nindent 4 }}
|
||||
podAnnotationsMigrate:
|
||||
{{ .Values.annotations.notesBackend.migrateJob | toYaml | nindent 4 }}
|
||||
resources:
|
||||
{{ .Values.resources.notesBackend | toYaml | nindent 4 }}
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesBackend.service | toYaml | nindent 6 }}
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraVolumes:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-ca-tls"
|
||||
items:
|
||||
- key: "ca.crt"
|
||||
path: "ca-certificates.crt"
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
mountPath: "/usr/local/lib/python3.12/site-packages/certifi/cacert.pem"
|
||||
subPath: "ca-certificates.crt"
|
||||
{{- end }}
|
||||
|
||||
frontend:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesFrontend.registry | quote }}
|
||||
repository: {{ .Values.images.notesFrontend.repository | quote }}
|
||||
pullPolicy: "IfNotPresent"
|
||||
tag: {{ .Values.images.notesFrontend.tag | quote }}
|
||||
ingressMedia:
|
||||
enabled: true
|
||||
annotations:
|
||||
{{ .Values.annotations.notesFrontend.ingressMedia | toYaml | nindent 6 }}
|
||||
extraEnvVars:
|
||||
- name: "ICS_BASE_URL"
|
||||
value: {{ printf "https://%s.%s" .Values.global.hosts.intercomService .Values.global.domain | quote }}
|
||||
- name: "PORTAL_BASE_URL"
|
||||
value: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
configuration:
|
||||
objectStoreHost: {{ printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.notesFrontend | toYaml | nindent 4 }}
|
||||
containerSecurityContext:
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesFrontend | toYaml | nindent 6 }}
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesFrontend.pod | toYaml | nindent 4 }}
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesFrontend.service | toYaml | nindent 6 }}
|
||||
serviceMedia:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesFrontend.service | toYaml | nindent 6 }}
|
||||
|
||||
y-provider:
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.notesYProvider.registry | quote }}
|
||||
repository: {{ .Values.images.notesYProvider.repository | quote }}
|
||||
pullPolicy: "IfNotPresent"
|
||||
tag: {{ .Values.images.notesYProvider.tag }}
|
||||
replicaCount: 1
|
||||
debug: true
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraEnvVars:
|
||||
- name: "NODE_EXTRA_CA_CERTS"
|
||||
value: "/etc/ssl/certs/cacert.pem"
|
||||
extraVolumes:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-ca-tls"
|
||||
items:
|
||||
- key: "ca.crt"
|
||||
path: "ca-certificates.crt"
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
mountPath: "/etc/ssl/certs/cacert.pem"
|
||||
subPath: "ca-certificates.crt"
|
||||
{{- end }}
|
||||
containerSecurityContext:
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
|
||||
ingressCollaborationApi:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesYProvider.ingressCollaborationAPI | toYaml | nindent 6 }}
|
||||
ingressCollaborationWs:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesYProvider.ingressCollaborationWS | toYaml | nindent 6 }}
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.notesYProvider.pod | toYaml | nindent 4 }}
|
||||
service:
|
||||
annotations:
|
||||
{{ .Values.annotations.notesYProvider.service | toYaml | nindent 6 }}
|
||||
...
|
||||
|
||||
@@ -10,7 +10,7 @@ repositories:
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url:
|
||||
"{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/{{ .Values.charts.nubus.repository }}"
|
||||
"{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/{{ .Values.charts.nubus.repository }}"
|
||||
# Intercom Service
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
|
||||
- name: "intercom-service-repo"
|
||||
|
||||
@@ -51,31 +51,36 @@ global:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
ics:
|
||||
secret: {{ .Values.secrets.intercom.secret | quote }}
|
||||
session:
|
||||
secret: {{ .Values.secrets.intercom.secret | quote }}
|
||||
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
originRegex: "{{ .Values.global.domain }}"
|
||||
enableSessionCookie: true
|
||||
userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"opendesk_useruuid"{{ else }}"opendesk_username"{{ end }}
|
||||
usernameClaim: "opendesk_username"
|
||||
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
|
||||
keycloak:
|
||||
realm: {{ .Values.platform.realm | quote }}
|
||||
default:
|
||||
domain: {{ .Values.global.domain | quote }}
|
||||
oidc:
|
||||
id: "opendesk-intercom"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||
matrix:
|
||||
asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
subdomain: {{ .Values.global.hosts.synapse | quote }}
|
||||
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
||||
auth:
|
||||
applicationServiceSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
nordeck:
|
||||
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
|
||||
portal:
|
||||
apiKey: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
auth:
|
||||
sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
redis:
|
||||
host: {{ .Values.cache.intercomService.host | quote }}
|
||||
port: {{ .Values.cache.intercomService.port }}
|
||||
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
||||
auth:
|
||||
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
||||
openxchange:
|
||||
oci: true
|
||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
||||
@@ -116,21 +121,20 @@ provisioning:
|
||||
# client's claims this way.
|
||||
enabled: false
|
||||
config:
|
||||
nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
|
||||
clientBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
|
||||
keycloak:
|
||||
url: "http://ums-keycloak:8080/realms/{{ .Values.platform.realm }}/"
|
||||
username: "kcadmin"
|
||||
realm: {{ .Values.platform.realm | quote }}
|
||||
connection:
|
||||
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
baseUrl: "http://ums-keycloak:8080"
|
||||
credentialSecret:
|
||||
name: "ums-opendesk-keycloak-credentials"
|
||||
protocol: "http"
|
||||
host: "ums-keycloak"
|
||||
port: 8080
|
||||
auth:
|
||||
username: "kcadmin"
|
||||
existingSecret:
|
||||
name: "ums-opendesk-keycloak-credentials"
|
||||
keyMapping:
|
||||
password: "admin_password"
|
||||
key: "admin_password"
|
||||
ics_client:
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||
credentialSecret:
|
||||
key: "ics_secret"
|
||||
image:
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||
|
||||
@@ -113,6 +113,11 @@ global:
|
||||
token_validity_period: 172800
|
||||
blacklist:
|
||||
groups: __DELETE_KEY__
|
||||
limit:
|
||||
total:
|
||||
day: {{ .Values.security.passwordResetLimits.day }}
|
||||
hour: {{ .Values.security.passwordResetLimits.hour }}
|
||||
minute: {{ .Values.security.passwordResetLimits.minute }}
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
@@ -259,6 +264,9 @@ keycloak:
|
||||
nubusGuardian:
|
||||
enabled: false
|
||||
|
||||
nubusTwofaHelpdesk:
|
||||
enabled: false
|
||||
|
||||
nubusNotificationsApi:
|
||||
enabled: false
|
||||
additionalAnnotations:
|
||||
@@ -1310,6 +1318,8 @@ nubusStackDataUms:
|
||||
portalLinkFeedback: {{ .Values.functional.portal.linkFeedback | quote }}
|
||||
oxDefaultContext: "1"
|
||||
oxContextHidden: true
|
||||
oxSystemUserPassword: {{ .Values.secrets.nubus.ldapSearch.ox }}
|
||||
portalOxLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
|
||||
ldapSearchUsers:
|
||||
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
||||
|
||||
@@ -527,7 +527,10 @@ config:
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
use.refresh.tokens: true
|
||||
backchannel.logout.session.required: true
|
||||
standard.token.exchange.enabled: true
|
||||
standard.token.exchange.enableRefreshRequestedTokenType: "SAME_SESSION"
|
||||
backchannel.logout.revoke.offline.tokens: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
|
||||
protocolMappers:
|
||||
|
||||
@@ -240,9 +240,35 @@ appsuite:
|
||||
open-xchange-admin-soap: "enabled"
|
||||
open-xchange-admin-soap-usercopy: "enabled"
|
||||
open-xchange-admin-user-copy: "enabled"
|
||||
{{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
migration:
|
||||
values:
|
||||
packages:
|
||||
status:
|
||||
open-xchange-oidc: "disabled"
|
||||
open-xchange-authentication-masterpassword: "enabled"
|
||||
properties:
|
||||
com.openexchange.calendar.allowOrganizerPartStatChanges: "true"
|
||||
propertiesFiles:
|
||||
/opt/open-xchange/etc/masterpassword-authentication.properties:
|
||||
com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
|
||||
services:
|
||||
- type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
{{- end }}
|
||||
scaling:
|
||||
nodes:
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
migration:
|
||||
replicas: 1
|
||||
roles:
|
||||
- "migration"
|
||||
{{- end }}
|
||||
{{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
|
||||
groupware:
|
||||
replicas: {{ .Values.replicas.openxchangeCoreMW }}
|
||||
roles:
|
||||
@@ -254,7 +280,16 @@ appsuite:
|
||||
replicas: 1
|
||||
roles:
|
||||
- "admin"
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
groupware:
|
||||
replicas: {{ .Values.replicas.openxchangeCoreMW }}
|
||||
roles:
|
||||
- "http-api"
|
||||
- "sync"
|
||||
- "businessmobility"
|
||||
- "request-analyzer"
|
||||
- "admin"
|
||||
{{- end }}
|
||||
masterAdmin: "admin"
|
||||
masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
|
||||
hzGroupName: "hzgroup"
|
||||
@@ -319,13 +354,8 @@ appsuite:
|
||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||
packages:
|
||||
status:
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
open-xchange-oidc: "disabled"
|
||||
open-xchange-authentication-masterpassword: "enabled"
|
||||
{{- else }}
|
||||
open-xchange-oidc: "enabled"
|
||||
open-xchange-authentication-masterpassword: "disabled"
|
||||
{{- end }}
|
||||
open-xchange-authentication-oauth: "disabled"
|
||||
open-xchange-authentication-database: "disabled"
|
||||
open-xchange-authentication-ldap: "disabled"
|
||||
@@ -406,7 +436,7 @@ appsuite:
|
||||
com.openexchange.mail.login.resolver.ldap.contextNameAttribute: "oxContextIDNum"
|
||||
com.openexchange.mail.login.resolver.ldap.entitySearchFilter: "(&(oxContextIDNum=[cid])(uid=[uname]))"
|
||||
com.openexchange.mail.login.resolver.ldap.mailLoginAttribute: "entryUUID"
|
||||
# Requirements for OX-Connector
|
||||
# Requirements for OX Connector
|
||||
com.openexchange.user.enforceUniqueDisplayName: "false"
|
||||
com.openexchange.folderstorage.database.preferDisplayName: "false"
|
||||
# Mailfilter
|
||||
@@ -502,10 +532,6 @@ appsuite:
|
||||
com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey | quote }}
|
||||
com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
|
||||
propertiesFiles:
|
||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||
/opt/open-xchange/etc/masterpassword-authentication.properties:
|
||||
com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
|
||||
{{- end }}
|
||||
/opt/open-xchange/etc/AdminDaemon.properties:
|
||||
MASTER_ACCOUNT_OVERRIDE: "true"
|
||||
/opt/open-xchange/etc/AdminUser.properties:
|
||||
|
||||
@@ -65,7 +65,7 @@ resourcesWaitForDependency:
|
||||
|
||||
persistence:
|
||||
size: {{ .Values.persistence.storages.oxConnector.size | quote }}
|
||||
storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
||||
#storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
||||
|
||||
podAnnotations:
|
||||
{{ .Values.annotations.nubusOxConnector.pod | toYaml | nindent 2 }}
|
||||
|
||||
@@ -46,10 +46,6 @@ postfix:
|
||||
hostname: "postfix"
|
||||
inetProtocols: "ipv4"
|
||||
milterDefaultAction: "tempfail"
|
||||
overrides:
|
||||
- fileName: "sasl_passwd.map"
|
||||
content:
|
||||
- {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
|
||||
{{- if .Values.apps.dkimpy.enabled }}
|
||||
dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892"
|
||||
{{- end }}
|
||||
@@ -58,7 +54,17 @@ postfix:
|
||||
smtpdTLSMandatoryCiphers: "high"
|
||||
|
||||
rspamdHost: ""
|
||||
relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
|
||||
{{- if .Values.smtp.host }}
|
||||
relayHost:
|
||||
enabled: true
|
||||
host: {{ .Values.smtp.host }}
|
||||
port: {{ .Values.smtp.port }}
|
||||
authentication:
|
||||
username:
|
||||
value: {{ .Values.smtp.username }}
|
||||
password:
|
||||
value: {{ .Values.smtp.password }}
|
||||
{{- end }}
|
||||
allowRelayNets: false
|
||||
smtpSASLAuthEnable: "yes"
|
||||
smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map"
|
||||
|
||||
@@ -54,19 +54,24 @@ postfix:
|
||||
hostname: "postfix"
|
||||
inetProtocols: "ipv4"
|
||||
milterDefaultAction: "accept"
|
||||
overrides:
|
||||
- fileName: "sasl_passwd.map"
|
||||
content:
|
||||
- {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
|
||||
{{- if .Values.apps.dkimpy.enabled }}
|
||||
dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892"
|
||||
{{- end }}
|
||||
rspamdHost: ""
|
||||
relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
|
||||
|
||||
{{- if .Values.smtp.host }}
|
||||
relayHost:
|
||||
enabled: true
|
||||
host: {{ .Values.smtp.host }}
|
||||
port: {{ .Values.smtp.port }}
|
||||
authentication:
|
||||
username:
|
||||
value: {{ .Values.smtp.username }}
|
||||
password:
|
||||
value: {{ .Values.smtp.password }}
|
||||
{{- end }}
|
||||
# Warning: This setting allows unauthenticated mail relay from relayNets!
|
||||
relayNets: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||
allowRelayNets: true
|
||||
relayNets: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||
|
||||
minTLSVersion: "TLSv1.3"
|
||||
smtpdTLSMandatoryCiphers: "high"
|
||||
|
||||
@@ -12,6 +12,6 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
|
||||
name: "appsuite-public-sector-pro-chart"
|
||||
version: "1.18.273"
|
||||
version: "1.19.197"
|
||||
verify: false
|
||||
...
|
||||
|
||||
@@ -13,9 +13,9 @@ images:
|
||||
nextcloud:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
|
||||
tag: "31.0.6@sha256:12e5009019a072ee9bf6c9a69f4ecbf00a0590f6a2f10155ab56a1a61b43baf9"
|
||||
tag: "31.0.6@sha256:07cd284179654739c8e6aea05e960ee7d3e3eb4cd09bd9a3e3747c69b9e2ec22"
|
||||
openxchangeCoreMW:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
|
||||
tag: "8.38.73@sha256:2ddd6ce6e33a77aadc6043ad01026afbea09d28f7b0c469ab6fd412fb4ca8792"
|
||||
tag: "8.39.70@sha256:94b6e9325dfa4c91587b761946151987dd49000727ab81d10a41fdc7c17ae2cb"
|
||||
...
|
||||
|
||||
@@ -126,20 +126,21 @@ annotations:
|
||||
service: ~
|
||||
serviceMetrics: ~
|
||||
serviceAccount: ~
|
||||
notes:
|
||||
ingressAdmin: ~
|
||||
ingressCollaborationWS: ~
|
||||
ingressCollaborationAPI: ~
|
||||
ingressMedia: ~
|
||||
serviceMedia: ~
|
||||
notesBackend:
|
||||
createUserJob: ~
|
||||
ingress: ~
|
||||
ingressAdmin: ~
|
||||
migrateJob: ~
|
||||
pod: ~
|
||||
service: ~
|
||||
notesFrontend:
|
||||
ingressMedia: ~
|
||||
pod: ~
|
||||
service: ~
|
||||
serviceMedia: ~
|
||||
notesYProvider:
|
||||
ingressCollaborationAPI: ~
|
||||
ingressCollaborationWS: ~
|
||||
pod: ~
|
||||
service: ~
|
||||
nubus:
|
||||
|
||||
@@ -119,7 +119,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-well-known"
|
||||
version: "6.1.3"
|
||||
version: "6.1.4"
|
||||
verify: true
|
||||
home:
|
||||
# providerCategory: "Platform"
|
||||
@@ -129,7 +129,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-home"
|
||||
name: "opendesk-home"
|
||||
version: "1.0.2"
|
||||
version: "1.1.0"
|
||||
verify: true
|
||||
intercomService:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -141,7 +141,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "intercom-service"
|
||||
version: "2.12.0"
|
||||
version: "2.19.0"
|
||||
verify: true
|
||||
jitsi:
|
||||
# providerCategory: "Platform"
|
||||
@@ -251,7 +251,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud"
|
||||
version: "4.3.1"
|
||||
version: "4.4.0"
|
||||
verify: true
|
||||
nextcloudManagement:
|
||||
# providerCategory: "Platform"
|
||||
@@ -261,7 +261,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud-management"
|
||||
version: "4.3.1"
|
||||
version: "4.4.0"
|
||||
verify: true
|
||||
nextcloudNotifyPush:
|
||||
# providerCategory: "Platform"
|
||||
@@ -271,7 +271,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud-notifypush"
|
||||
version: "4.3.1"
|
||||
version: "4.4.0"
|
||||
verify: true
|
||||
nginx:
|
||||
# providerCategory: "Community"
|
||||
@@ -294,14 +294,14 @@ charts:
|
||||
version: "1.0.1"
|
||||
verify: true
|
||||
notes:
|
||||
# providerCategory: "Supplier"
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://gitlab.opencode.de"
|
||||
# packageName=bmi/opendesk/components/supplier/dinum/charts/notes
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# packageName=bmi/opendesk/components/platform-development/charts/opendesk-impress
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/dinum/charts/notes"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-impress"
|
||||
name: "impress"
|
||||
version: "2.0.0"
|
||||
version: "1.0.0"
|
||||
verify: true
|
||||
nubus:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -313,7 +313,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "nubus"
|
||||
version: "1.11.2"
|
||||
version: "1.12.0"
|
||||
verify: true
|
||||
opendeskAlerts:
|
||||
# providerCategory: "Platform"
|
||||
@@ -353,7 +353,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files"
|
||||
name: "opendesk-static-files"
|
||||
version: "4.0.1"
|
||||
version: "4.0.2"
|
||||
verify: true
|
||||
openproject:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -397,7 +397,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
|
||||
name: "appsuite-public-sector"
|
||||
version: "2.20.247"
|
||||
version: "2.21.167"
|
||||
verify: false
|
||||
oxAppSuiteBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
@@ -419,7 +419,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "ox-connector"
|
||||
version: "0.19.0"
|
||||
version: "0.27.2"
|
||||
verify: true
|
||||
postfix:
|
||||
# providerCategory: "Platform"
|
||||
@@ -429,7 +429,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
|
||||
name: "postfix"
|
||||
version: "4.0.0"
|
||||
version: "5.0.0"
|
||||
verify: true
|
||||
postgresql:
|
||||
# providerCategory: "Platform"
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
---
|
||||
global:
|
||||
systemInformation:
|
||||
releaseVersion: "v1.6.0"
|
||||
releaseVersion: "v1.7.0"
|
||||
...
|
||||
|
||||
@@ -154,7 +154,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
|
||||
tag: "2.12.0@sha256:380476d849fb353dc167ba52a6b0f6235b3fa7561c082e65c37e2242cedb0df1"
|
||||
tag: "2.19.0@sha256:ebb4e721f4daebf5a206359978b327e85f2d51b9bf145576778ca3b5983920f8"
|
||||
jibri:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -320,7 +320,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
tag: "31.0.6@sha256:f881cde15c41df21177a1edf3cc08ed5abe88627a5a44fdb42caacdcfe25de19"
|
||||
tag: "31.0.6@sha256:4b99dc24ac61db1e5159fbb63e4c9f4178155fba821a9f5552060264b3dd6e31"
|
||||
nextcloudExporter:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -370,7 +370,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "34", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/blocklist-cleanup"
|
||||
tag: "0.37.1@sha256:e18a5ca77accb9438c57ec7448f0984e6de11481ca8e0cd3ce557e6492dd8355"
|
||||
tag: "0.39.1@sha256:a08a36d0c0558a71f164ef24b3b8f897fa4b87217f9063ae493d4c66c7348c5c"
|
||||
nubusDataLoader:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -380,7 +380,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "41", "5"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
|
||||
tag: "0.95.0@sha256:57028c6a76d000a2085f7a429c704ac495be6e4e7ce0a5cc85e3bed25766ce32"
|
||||
tag: "0.97.0@sha256:0c4a92f892d54ca3669b33391fb1fb6b45f6a9c43080beacd0d3fa061b0826ab"
|
||||
nubusGuardianAuthorizationApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -430,7 +430,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "0", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak"
|
||||
tag: "0.2.1@sha256:c338d5bba11185b1cca6d5e5e1b6fe28bedcd8f02af8b4b96e431bde617f5f72"
|
||||
tag: "0.2.5@sha256:499006904d262bdd334b54583c359c7e34b521697d5fda32ea977d856bfa93d2"
|
||||
nubusKeycloakBootstrap:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -440,7 +440,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
|
||||
tag: "0.12.2@sha256:b3b058e49f9671e01530fca548a3308738aec3bf7d57c9ced9cde556f1f7545f"
|
||||
tag: "0.15.2@sha256:207cb4355cead96c8dbfc5c89f77e591c226ebbcac1079c08e6f0eeb8183acea"
|
||||
nubusKeycloakExtensionHandler:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -450,7 +450,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "0", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
|
||||
tag: "0.19.2@sha256:6e4c65b375ad12819240cb8eabd4ef629858ad74179bd639acb713201c528ef4"
|
||||
tag: "0.20.0@sha256:227c7cba4eee15c626abbc77ca06b8b61a9dece04c986a9fa2e97b13d0458fe0"
|
||||
nubusKeycloakExtensionProxy:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -460,7 +460,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "0", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
|
||||
tag: "0.19.2@sha256:b7c897870a12214064d79d72d52d0030bf2513148078cb922b8782806c2e4773"
|
||||
tag: "0.20.0@sha256:bd075d33c16926ab4c123ac3a8673209664647f35324dfdebd95c6662ee05b2c"
|
||||
nubusLdapNotifier:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -470,7 +470,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
|
||||
tag: "0.43.0@sha256:dcd4e7f1008eb4c6c1ae809785bee0da9cba1347af09ddbc147b76c422f4f35c"
|
||||
tag: "0.46.0@sha256:2856ea8767e5fa93d0bfcb7211397e121e2792a731825381400dedbdd8ff6a7b"
|
||||
nubusLdapServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -480,7 +480,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "8", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
|
||||
tag: "0.43.0@sha256:67557ec3e3bd7ff4981666dddb5455672ee8767e12e3876ea79447627f9d9742"
|
||||
tag: "0.46.0@sha256:5a1612c58f4edb2e42060ac2f927414574d5689c52cbd813f5b2eca0c7c5f75c"
|
||||
nubusLdapServerDhInitContainer:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -498,7 +498,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "29", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector"
|
||||
tag: "0.43.0@sha256:179097cf89774b1ac48c5315ccc06cc8628cc89d085d95f2d89a223d52a75fe2"
|
||||
tag: "0.46.0@sha256:688dd37bc472d752d8e4a727374ce13ffdd3fcd65a598f39a8cf54c56d3988e0"
|
||||
nubusLdapUpdateUniventionObjectIdentifier:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -508,7 +508,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "34", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-update-univention-object-identifier"
|
||||
tag: "0.37.1@sha256:0715b8c98390337f230c04e88ed63142b94faf590bb2cb1dacb41390b2e8edf0"
|
||||
tag: "0.39.1@sha256:3c1ff735df4f4c133bdb3d6a833cc081c7a31e8efcb84c63ed046cd6840469e5"
|
||||
nubusNats:
|
||||
# providerCategory: 'Community'
|
||||
# providerResponsible: 'Univention'
|
||||
@@ -542,7 +542,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
|
||||
tag: "0.70.0@sha256:0120cca997eddcd6b9a5f0b9d6fb39ac2ffb118357380c28ab5352c16130a873"
|
||||
tag: "0.74.1@sha256:3613be84aa991fcd15f6cf47f32bc61345ec660c1a5bf9c3e3e843e8b803b9c4"
|
||||
nubusOpendeskExtension:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -578,7 +578,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "10", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
|
||||
tag: "0.11.1@sha256:e57df5c02d0480ccf1d299964e3c676d92440d5e959b4f587945f08624da3ae9"
|
||||
tag: "0.27.2@sha256:7bb54f5ae0e797172fb92bd7a8a479f179ebd51c1fb5af98fa7b6025f9ffaca4"
|
||||
nubusPortalConsumer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -588,7 +588,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "27", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
|
||||
tag: "0.70.0@sha256:09eed9e5a7066f69b5d6085541ca91538ca9519d765ec7109d6934a6e67ab7cc"
|
||||
tag: "0.74.1@sha256:1d9b7e890ee46aa4a2a78ab2e7734ac4bf037f86631a43964d1d8fab17772987"
|
||||
nubusPortalExtension:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -598,7 +598,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "28", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
|
||||
tag: "0.59.1@sha256:c9c7faa3cca2be2f45d073517a50e8a8cc89d46c978c2f3a6be3c13d0e6ae900"
|
||||
tag: "0.74.1@sha256:cb3c3e4188cfde1d2091790bed38495bf4aa05b54c88e76fd78923db25502c1a"
|
||||
nubusPortalFrontend:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -608,7 +608,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "67", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
|
||||
tag: "0.70.0@sha256:9e0826c954e99b36b3c7b9ce6dfa1f567a3432158fb78af13337760197f94997"
|
||||
tag: "0.74.1@sha256:c96209ceb0220b4f05472ba8273a96ed4e526ba5b37f82876aa21a030603cf95"
|
||||
nubusPortalServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -618,7 +618,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
|
||||
tag: "0.70.0@sha256:1331d5b5861574195f6bd0dfc3c8e1d6a2650b518e206a2815b682d43ab75d0b"
|
||||
tag: "0.74.1@sha256:1f143b81c7c72754784f9399999c2fcb0d34ac7ec0db6fdefb790a1c2ab4ec62"
|
||||
nubusProvisioningDispatcher:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -628,7 +628,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
|
||||
tag: "0.58.0@sha256:2ac4d4a7362e45f67499537dd74d2fdfb7b54817b7f12eb9e2d88d87cf3a6f7e"
|
||||
tag: "0.60.2@sha256:356f28afe6354b91a5473c8e3f3c647ae6aca0cf7de47f4e47f6e7acf7a5ab7c"
|
||||
nubusProvisioningEventsAndConsumerApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -638,7 +638,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
|
||||
tag: "0.58.0@sha256:083cf58d9522d5058d09a78355a9ca935be2882fc595ad221b1ffd707a7d615d"
|
||||
tag: "0.60.2@sha256:3e4fd557abc8350a8d7725ade0103ade7dc28f1ea31cfc981e03e9ce51fa7244"
|
||||
nubusProvisioningPrefill:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -648,7 +648,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
|
||||
tag: "0.58.0@sha256:368bc284956b642af02ca7199c6a7d94ae3bbdb3ede09db1c98822a146d9106d"
|
||||
tag: "0.60.2@sha256:23eec4905847ab050a83834f6d70419182601838da4687882c93100842ff349f"
|
||||
nubusProvisioningUdmListener:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -658,7 +658,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
|
||||
tag: "0.58.0@sha256:5f924be8fdb29bda5734fd2b6b98f106913757e11530611bf5f6a5f144165be7"
|
||||
tag: "0.60.2@sha256:38c2db4e270f67b2d97423ca727fc2a8030dce73a93bd2967d2682844d3bf480"
|
||||
nubusProvisioningUdmTransformer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -668,7 +668,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
|
||||
tag: "0.58.0@sha256:afa6028bbaec6c14e09035b7d18507aad45ff6d6aa852fb664ab485f2622a308"
|
||||
tag: "0.60.2@sha256:df38dc8528f0eec1f44db45a8156697d0424bd008c65a1619de15b6ac586d1a0"
|
||||
nubusSelfServiceConsumer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -678,7 +678,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "3", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
|
||||
tag: "0.17.0@sha256:00e6124eecc1b763326023ecaf9702053e24b39b20f5efbcd35dfaad642d2cda"
|
||||
tag: "0.19.0@sha256:4215533c7c4497e02666cf04ee77ab866263ae6e595758e8b63018b257e972ad"
|
||||
nubusUdmRestApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -688,7 +688,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
|
||||
tag: "0.37.1@sha256:a0508191a52ed9c388e0574cf6a97031fdfffcff95ab8ca3e4231c795d3a68df"
|
||||
tag: "0.39.1@sha256:62324c259bdd8e6273aeaf93df44405ef5e42ca17281d19e2a0d86f4f44b742e"
|
||||
nubusUmcGateway:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -698,7 +698,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
|
||||
tag: "0.47.1@sha256:71d1fb00a28a7cc83e1a8a675b8e9dc3ff67b1d7f366b2d60f9623fdb5f6e419"
|
||||
tag: "0.49.0@sha256:a6b779fc7f214f045fe04783d7d137b1dca15dcfafa369508225ab7734bc0287"
|
||||
nubusUmcServer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -708,7 +708,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "7", "3"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
|
||||
tag: "0.47.1@sha256:8f451e7b50c6a32a8d4bad5959a103e34e3ae8d0bef2fe3df2dc8fbe7ae9c1b6"
|
||||
tag: "0.49.0@sha256:94efec7b3559c27b54984d75f43d248139091255b4978ef7bf0219eb6f6d2e48"
|
||||
nubusUmcServerProxy:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -726,7 +726,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "9", "4"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
|
||||
tag: "0.34.0@sha256:6ed1ae644160f0e69c00b4ea90efd4ea4aeaadeefb87e77f3454bcafaacd5e01"
|
||||
tag: "0.35.0@sha256:61dfaea28a2b150459138dfd6a554ce53850cee05ef2a72ab47bbe23f2a92d0d"
|
||||
opendeskKeycloakBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -786,7 +786,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "6", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-guidedtours"
|
||||
tag: "8.6.17@sha256:27178fc42f2334385f1d206e4e7991d4953a102f114729d186b61c0d40babb4f"
|
||||
tag: "8.6.19@sha256:2c8abc8385090bac03c4540c176ec9c51cd73b0a5a477840d7250ead10701770"
|
||||
openxchangeCoreMW:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -796,7 +796,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "51"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
|
||||
tag: "8.38.73@sha256:610d4bab888e5749ff918a782ba1c33ed4aa8da9e13d5be4ad71ca2f698d4044"
|
||||
tag: "8.39.71@sha256:eb5a1e124e8d98aeac2bd32dab8ec690aa71c8e49e5c57916452c471e1afd628"
|
||||
openxchangeCoreUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -806,7 +806,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
|
||||
tag: "8.38.1@sha256:77bf250df7ac465006576d5e1e0a8420ce6d0fce622b749c6da318793b88490c"
|
||||
tag: "8.39.1@sha256:d25119e36689231d09d747c32c14439d073318f6fd7d084761525579b636ee93"
|
||||
openxchangeCoreUIMiddleware:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -816,7 +816,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "0", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui-middleware"
|
||||
tag: "2.1.2@sha256:36fe59a047fa466bef6fcdeed1ed8e4bbeaf7824c37c63e3bfe7262cd135cb9e"
|
||||
tag: "2.1.3@sha256:5a9259ef6cb155a8e5b94d567af00d8899934550565fbf109ab17200cf5df7f4"
|
||||
openxchangeCoreUserGuide:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -826,7 +826,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "799279"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
|
||||
tag: "8.38.1408226@sha256:1a18c6c7b6a7a0f16376a9c298e65a13a4b482f6df1351582250a88571f1fa73"
|
||||
tag: "8.39.1471602@sha256:4a02e72caca3e21c2919960167f28962de7e70161dad6f7916e8d3b8e104768e"
|
||||
openxchangeDocumentConverter:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -836,7 +836,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
|
||||
tag: "8.38.1817@sha256:d7537574765e19e7c9e13fe936c1a4c69b39bda216abcd000dad9f93fbb62f7b"
|
||||
tag: "8.39.1842@sha256:a405aface2a9a187c66b2862bc724ee075ebc0209c931abd3478f3cafaf137f7"
|
||||
openxchangeGotenberg:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -856,7 +856,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["4", "2", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/guard-ui"
|
||||
tag: "8.33.2@sha256:920b5ac87128f30c176c0ae75c6bedd32d226a97c6c5a822235606c39992ee9a"
|
||||
tag: "8.33.4@sha256:e73afec3d549943379fdb12dde1ab14d53c6fafac221e2512c6641ac71c65b3f"
|
||||
openxchangeImageConverter:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -866,7 +866,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
|
||||
tag: "8.38.2105@sha256:9c79f29712c5a5479bc1a08e127c65415a50a63954b244c1d34a570f5f3ed1f6"
|
||||
tag: "8.39.2122@sha256:d025984017d9a70473a4217bd9b815df08cfa9941137e6f02c024917061313a6"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -876,7 +876,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "2", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/nextcloud-integration-ui"
|
||||
tag: "1.4.1@sha256:423d596b52ab32778d7227d98ccc719f98395a00d95ff0bcac826665b59e1937"
|
||||
tag: "1.4.2@sha256:b52b0d1735e545fb6ec1cb064aa229135b0503295e8ac672a06816a364a7a18e"
|
||||
openxchangePublicSectorUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -896,7 +896,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "4", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-connector-standalone"
|
||||
tag: "0.19.0@sha256:447e3c3e0cdd8bf1f86004d2088c24fcf6141ff6fef78ade8dfe86f7f16ba40e"
|
||||
tag: "0.27.2@sha256:4753a1d4a01acb7c6946fc9c8596fd328afe0d3c0b3098adfe85cef89fb1b7d7"
|
||||
postfix:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
|
||||
@@ -46,6 +46,7 @@ persistence:
|
||||
#storageClassName: ""
|
||||
oxConnector:
|
||||
size: "1Gi"
|
||||
# This value is not passed on to the related Helm chart yet, but required for linting purposes.
|
||||
storageClassName: ~
|
||||
postfix:
|
||||
size: "1Gi"
|
||||
|
||||
@@ -12,4 +12,11 @@ security:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: "ingress-nginx"
|
||||
namespace: "ingress-nginx"
|
||||
|
||||
# Global limits for how often a password reset action can be requested.
|
||||
# Defaults are taken from the nubus stack-data-ums chart and should work with most small to medium installations
|
||||
passwordResetLimits:
|
||||
day: 1000
|
||||
hour: 200
|
||||
minute: 120
|
||||
...
|
||||
|
||||
@@ -10,6 +10,9 @@ helmfiles:
|
||||
values: &values
|
||||
- "helmfile/environments/default/*.yaml.gotmpl"
|
||||
- {{ toYaml .Values | nindent 8 }}
|
||||
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
|
||||
- "helmfile/environments/default-enterprise-overrides/*.yaml.gotmpl"
|
||||
{{- end }}
|
||||
- path: "helmfile/apps/opendesk-services/helmfile-child.yaml.gotmpl"
|
||||
values: *values
|
||||
- path: "helmfile/apps/services-external/helmfile-child.yaml.gotmpl"
|
||||
|
||||
Reference in New Issue
Block a user