mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
8 Commits
trossner/f
...
101-add-co
| Author | SHA1 | Date | |
|---|---|---|---|
|
7239df2ec1 | ||
|
|
86a328bda1 | ||
|
|
85149086ae | ||
|
|
01c5e6b359 | ||
|
|
a8692d5506 | ||
|
|
1ad35f1e12 | ||
|
|
01767d3806 | ||
|
|
7268f607a5 |
@@ -15,12 +15,16 @@ include:
|
||||
ref: "main"
|
||||
- local: "/.gitlab/lint/lint-opendesk.yml"
|
||||
rules:
|
||||
- if: "$JOB_OPENDESK_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'"
|
||||
- if: >
|
||||
$JOB_OPENDESK_LINTER_ENABLED == 'false' ||
|
||||
$CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'
|
||||
when: "never"
|
||||
- when: "always"
|
||||
- local: "/.gitlab/lint/lint-kyverno.yml"
|
||||
rules:
|
||||
- if: "$JOB_KYVERNO_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'"
|
||||
- if: >
|
||||
$JOB_OPENDESK_LINTER_ENABLED == 'false' ||
|
||||
$CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
|
||||
24
CHANGELOG.md
24
CHANGELOG.md
@@ -1,3 +1,27 @@
|
||||
## [0.8.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.8.0...v0.8.1) (2024-07-01)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Bump image to 24.04.4.1.1. ([368fe13](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/368fe13ddb080f0c8f42cbd3612a29f818308708))
|
||||
* **collabora:** Bump image to 24.04.4.2.1. ([01767d3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/01767d38061259853e4bd8b2eba31d3b04c4e672))
|
||||
* **docs:** Add Ports section to getting started. ([c07b25c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c07b25c4b9a702e214373fe08d95827286ebd866))
|
||||
* **docs:** Correction regarding the currently supported ingress controller. ([8514908](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/85149086ae70cb85a1718715747985a3da2a7b64))
|
||||
* **docs:** Update regarding the currently supported ingress controller. ([064a5ad](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/064a5ad246ea7217c2fb107787228d7aca9b5028))
|
||||
* **element:** Provide the internal cluster domain to `synapse-web`. ([a8692d5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/a8692d5506dc65895a562423d8ddb7da9078fc3a))
|
||||
* **helmfile:** Add script to ease local development of platform charts. ([d8f3e05](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/d8f3e05e584116f6196d43e0ea9bb8946ab2e5ab))
|
||||
* **helmfile:** Enable SMTP for XWiki and Element/Synapse; Streamline mail sender addresses within platform based on `<localpart>@<component>.<domain>` and allow configuration of `<localpart>`. ([01c5e6b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/01c5e6b359dd5eb42c98e818da301871bea79264))
|
||||
* **helmfile:** Include all `.yaml.gotmpl` files for the envs in `environments.yaml`. ([e523434](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e52343440d81c0596177399058b4711cc0d5da67))
|
||||
* **helmfile:** Streamline `functional.yaml`. *Upgrade notice:* If you set a non default value for `.Values.portal.enableDeploymentInformation` please change it to `.Values.admin.portal.deploymentInformation.enabled` with this version. ([e89b16a](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e89b16a747f95be7661b1fd4f5c90acce638542e))
|
||||
* **jitsi:** Update PatchJVB bitnami/kubectl image to 1.30.2. ([6ef3641](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6ef3641d82d88d6fed80652b239bc63115abbf2d))
|
||||
* **nubus:** Enable Keycloak's user account console. ([c03e4a5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c03e4a534090dde46363a7cfab718bb307e22621))
|
||||
* **nubus:** Remove doublette ingress annotations. ([890b36e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/890b36ecbb8c9311b5048d8d6d50ee5acf00ea61))
|
||||
* **open-xchange:** Fixing YAML indentation of updater resources ([0ce346b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/0ce346b162feb0bc6fee7f18caee84917117abe1))
|
||||
* **openproject:** Bump image to 14.2.0. ([1ad35f1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1ad35f1e12e236607e3830da6d08010eb465b501))
|
||||
* **openproject:** Switch DBInit container image to Alpine based version to reduce footprint. ([c90f7c1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c90f7c1742d415d5a787ff5832959e2974b77b83))
|
||||
* **openproject:** Update PostgreSQL image for DB init to 16.3. ([45e5699](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/45e569955d09c584490e6826651f7564567c1f9b))
|
||||
* **services:** Allow Postfix "relayHost" to be empty. ([7268f60](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7268f607a5839c6e940ce07fa15c1ffec9610d19))
|
||||
|
||||
# [0.8.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.7.1...v0.8.0) (2024-06-10)
|
||||
|
||||
|
||||
|
||||
22
README.md
22
README.md
@@ -28,17 +28,17 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
|
||||
|
||||
openDesk currently features the following functional main components:
|
||||
|
||||
| Function | Functional Component | Component<br/>Version | Upstream Documentation |
|
||||
| -------------------- | --------------------------- | -------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67) | [For the most recent release](https://element.io/user-guide) |
|
||||
| Diagram editor | CryptPad ft. diagrams.net | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||
| File management | Nextcloud | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5) | [Nextcloud 28](https://docs.nextcloud.com/) |
|
||||
| Groupware | OX App Suite | [8.23](https://documentation.open-xchange.com/appsuite/releases/8.23/) | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
|
||||
| Knowledge management | XWiki | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | Product Preview[^1] | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html) |
|
||||
| Project management | OpenProject | [14.1.1](https://www.openproject.org/docs/release-notes/14-1-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | [2.0.9457](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9457) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | [24.04.4.1.1](https://www.collaboraoffice.com/collabora-online-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
| Function | Functional Component | Component<br/>Version | Upstream Documentation |
|
||||
| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67) | [For the most recent release](https://element.io/user-guide) |
|
||||
| Diagram editor | CryptPad ft. diagrams.net | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||
| File management | Nextcloud | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5) | [Nextcloud 28](https://docs.nextcloud.com/) |
|
||||
| Groupware | OX App Suite | [8.23](https://documentation.open-xchange.com/appsuite/releases/8.23/) | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
|
||||
| Knowledge management | XWiki | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | Product Preview[^1] | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html) |
|
||||
| Project management | OpenProject | [14.2.0](https://www.openproject.org/docs/release-notes/14-2-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | [2.0.9457](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9457) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | [24.04.4.2.1](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
|
||||
While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
|
||||
align the applications with best practices regarding container design and operations.
|
||||
|
||||
@@ -67,7 +67,9 @@
|
||||
"IMAPS",
|
||||
"xwiki",
|
||||
"cryptpad",
|
||||
"clamav"
|
||||
"clamav",
|
||||
"templating",
|
||||
"localpart"
|
||||
],
|
||||
"ignoreWords": [],
|
||||
"import": []
|
||||
|
||||
@@ -3,7 +3,7 @@ SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlic
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
<h1>Tools for local development<h1>
|
||||
<h1>Tools for local development</h1>
|
||||
|
||||
* [charts-local.py](#charts-localpy)
|
||||
* [Commandline parameter](#commandline-parameter)
|
||||
@@ -13,8 +13,9 @@ SPDX-License-Identifier: Apache-2.0
|
||||
# charts-local.py
|
||||
|
||||
This script helps you on cloning the platform development Helm charts and referencing them directly in the openDesk
|
||||
Helmfile deployment for comfortable local development and deployment. The charts will be cloned into a directory
|
||||
parallel to the `opendesk` repo that is named after the branch you are working in the `opendesk` repo with.
|
||||
Helmfile deployment for comfortable local test and development. The charts will be cloned into a directory
|
||||
parallel created next to the `opendesk` repo containing this documentation and the `charts-local.py` script.
|
||||
The name of the chart directory is derived from the branch name you are working with in this `opendesk` repo.
|
||||
|
||||
The script will create `.bak` copies of the helmfiles that have been touched.
|
||||
|
||||
|
||||
@@ -69,18 +69,16 @@ def create_or_switch_branch_base_repo():
|
||||
return branch
|
||||
|
||||
|
||||
def clone_charts_locally(branch):
|
||||
def clone_charts_locally(branch, charts):
|
||||
charts_clone_path = script_path+'/../../'+branch.replace('/', '_')
|
||||
charts_dict = {}
|
||||
remote_dict = {}
|
||||
doublette_dict = {}
|
||||
if os.path.isdir(charts_clone_path):
|
||||
logging.warning(f"Path {charts_clone_path} already exists, will not clone any charts.")
|
||||
else:
|
||||
logging.debug(f"creating directory {charts_clone_path} to clone charts into")
|
||||
Path(charts_clone_path).mkdir(parents=True, exist_ok=True)
|
||||
|
||||
with open(charts_yaml, 'r') as file:
|
||||
charts = yaml.safe_load(file)
|
||||
for chart in charts['charts']:
|
||||
if 'opendesk/components/platform-development/charts' in charts['charts'][chart]['repository']:
|
||||
tag = charts['charts'][chart]['version']
|
||||
@@ -88,9 +86,9 @@ def clone_charts_locally(branch):
|
||||
repository = charts['charts'][chart]['repository']
|
||||
git_url = options.git_hostname+':'+repository
|
||||
chart_repo_path = charts_clone_path+'/'+charts['charts'][chart]['name']
|
||||
if git_url in remote_dict:
|
||||
logging.debug(f"{chart} located at {git_url} is already checked out to {remote_dict[git_url]}")
|
||||
charts_dict[chart] = remote_dict[git_url]
|
||||
if git_url in doublette_dict:
|
||||
logging.debug(f"{chart} located at {git_url} is already checked out to {doublette_dict[git_url]}")
|
||||
charts_dict[chart] = doublette_dict[git_url]
|
||||
else:
|
||||
if os.path.isdir(chart_repo_path):
|
||||
logging.debug(f"Already exists {chart_repo_path} leaving it unmodified")
|
||||
@@ -99,8 +97,8 @@ def clone_charts_locally(branch):
|
||||
Repo.clone_from(git_url, chart_repo_path)
|
||||
chart_repo = Repo(path=chart_repo_path)
|
||||
chart_repo.git.checkout('v'+charts['charts'][chart]['version'])
|
||||
doublette_dict[git_url] = chart_repo_path
|
||||
charts_dict[chart] = chart_repo_path
|
||||
remote_dict[git_url] = chart_repo_path
|
||||
return charts_dict
|
||||
|
||||
|
||||
@@ -121,9 +119,8 @@ def get_child_helmfiles():
|
||||
return child_helmfiles
|
||||
|
||||
|
||||
def process_the_helmfiles(charts_dict):
|
||||
def process_the_helmfiles(charts_dict, charts):
|
||||
chart_def_prefix = ' chart: "'
|
||||
name_def_prefix = ' - name: "'
|
||||
child_helmfiles = get_child_helmfiles()
|
||||
for child_helmfile in child_helmfiles:
|
||||
child_helmfile_updated = False
|
||||
@@ -134,23 +131,18 @@ def process_the_helmfiles(charts_dict):
|
||||
for chart_ident in charts_dict:
|
||||
if '.Values.charts.'+chart_ident+'.name' in line:
|
||||
logging.debug(f"found match with {chart_ident} in {line.strip()}")
|
||||
if name_def_prefix not in line_memory:
|
||||
sys.exit(f"Script requires `name` definition before the actual `chart` definition. Not the case for '{chart_ident}'")
|
||||
else:
|
||||
name = re.search(rf"^{name_def_prefix}(.+)\"", line_memory).group(1)
|
||||
line = chart_def_prefix+charts_dict[chart_ident]+'/charts/'+name+'" # replaced by local-dev script'+"\n"
|
||||
line = chart_def_prefix+charts_dict[chart_ident]+'/charts/'+charts['charts'][chart_ident]['name']+'" # replaced by local-dev script'+"\n"
|
||||
child_helmfile_updated = True
|
||||
break
|
||||
output.append(line)
|
||||
line_memory = line
|
||||
if child_helmfile_updated:
|
||||
child_helmfile_backup = child_helmfile+helmfile_backup_extension
|
||||
logging.debug(f"Updated {child_helmfile}")
|
||||
if os.path.isfile(child_helmfile_backup):
|
||||
logging.debug("backup {child_helmfile_backup} already exists, will not create a new one.")
|
||||
else:
|
||||
logging.debug(f"creating backup {child_helmfile_backup}.")
|
||||
shutil.copy2(child_helmfile, child_helmfile_backup)
|
||||
logging.debug(f"Updating {child_helmfile}")
|
||||
with open(child_helmfile, 'w') as file:
|
||||
file.writelines(output)
|
||||
|
||||
@@ -172,5 +164,7 @@ if options.revert:
|
||||
revert_the_helmfiles()
|
||||
else:
|
||||
branch = create_or_switch_branch_base_repo()
|
||||
charts_dict = clone_charts_locally(branch)
|
||||
process_the_helmfiles(charts_dict)
|
||||
with open(charts_yaml, 'r') as file:
|
||||
charts = yaml.safe_load(file)
|
||||
charts_dict = clone_charts_locally(branch, charts)
|
||||
process_the_helmfiles(charts_dict, charts)
|
||||
|
||||
@@ -64,7 +64,7 @@ The following example can e.g. be used to debug the `openDesk-Nextcloud-PHP` con
|
||||
shareProcessNamespace: true
|
||||
containers:
|
||||
- name: debugging
|
||||
image: registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:1.0.0
|
||||
image: registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest
|
||||
command: ["/bin/bash", "-c", "while true; do echo 'This is a temporary container for debugging'; sleep 5 ; done"]
|
||||
securityContext:
|
||||
capabilities:
|
||||
|
||||
@@ -208,6 +208,8 @@ ingress:
|
||||
ingressClassName: "cilium"
|
||||
```
|
||||
|
||||
**Note:** Please check the [requirements.md](./requirements.md) for the supported Ingress controllers.
|
||||
|
||||
### Container runtime
|
||||
|
||||
Some apps require specific configuration for the container runtime. You can set your container runtime like `cri-o`,
|
||||
|
||||
@@ -22,7 +22,7 @@ openDesk is a Kubernetes only solution and requires an existing Kubernetes (K8s)
|
||||
|
||||
- K8s cluster >= 1.24, [CNCF Certified Kubernetes distribution](https://www.cncf.io/certification/software-conformance/)
|
||||
- Domain and DNS Service
|
||||
- Ingress controller (nginx-ingress)
|
||||
- Ingress controller (Ingress NGINX)
|
||||
- [Helm](https://helm.sh/) >= v3.9.0
|
||||
- [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= **v0.157.0**
|
||||
- [HelmDiff](https://github.com/databus23/helm-diff) >= 3.6.0
|
||||
@@ -54,7 +54,7 @@ The deployment is intended to use only over HTTPS via a configured FQDN, therefo
|
||||
configured ingress controller deployed.
|
||||
|
||||
**Supported controllers:**
|
||||
- [NGINX Ingress Controller](https://github.com/nginxinc/kubernetes-ingress)
|
||||
- [Ingress NGINX Controller](https://github.com/kubernetes/ingress-nginx)
|
||||
|
||||
Note: The platform development team is evaluating the use of [Gateway API](https://gateway-api.sigs.k8s.io/).
|
||||
If you have feedback on that topic, please share it with us.
|
||||
|
||||
@@ -7,7 +7,7 @@ autoscaling:
|
||||
enabled: false
|
||||
|
||||
collabora:
|
||||
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=65536"
|
||||
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=0"
|
||||
username: "collabora-internal-admin"
|
||||
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
||||
aliasgroups:
|
||||
|
||||
@@ -21,6 +21,7 @@ containerSecurityContext:
|
||||
|
||||
global:
|
||||
domain: {{ .Values.global.domain | quote }}
|
||||
clusterDomain: {{ .Values.cluster.networking.domain | quote }}
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
|
||||
@@ -41,6 +41,13 @@ configuration:
|
||||
url: null
|
||||
sender_localpart: intercom-service
|
||||
|
||||
smtp:
|
||||
senderAddress: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
|
||||
host: {{ .Values.smtp.host | quote }}
|
||||
port: {{ .Values.smtp.port }}
|
||||
username: {{ .Values.smtp.username | quote }}
|
||||
password: {{ .Values.smtp.password | quote }}
|
||||
|
||||
oidc:
|
||||
clientId: "opendesk-matrix"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
|
||||
|
||||
@@ -78,6 +78,9 @@ configuration:
|
||||
value: {{ .Values.smtp.password | quote }}
|
||||
host: {{ .Values.smtp.host | quote }}
|
||||
port: {{ .Values.smtp.port | quote }}
|
||||
fromAddress: {{ .Values.localpartNoReply | quote }}
|
||||
mailDomain: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
|
||||
serverinfo:
|
||||
token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||
|
||||
@@ -102,7 +105,7 @@ debug:
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.nextcloudManagement.registry | quote }}
|
||||
repository: "{{ .Values.images.nextcloudManagement.repository }}"
|
||||
repository: {{ .Values.images.nextcloudManagement.repository | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.nextcloudManagement.tag | quote }}
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ imagePullSecrets:
|
||||
{{- end }}
|
||||
|
||||
dovecot:
|
||||
mailDomain: {{ .Values.global.domain | quote }}
|
||||
mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||
ldap:
|
||||
enabled: true
|
||||
@@ -38,8 +38,6 @@ dovecot:
|
||||
ssl: "no"
|
||||
host: "postfix:25"
|
||||
|
||||
|
||||
|
||||
certificate:
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
|
||||
@@ -33,9 +33,6 @@ environment:
|
||||
OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER: "keycloak"
|
||||
OPENPROJECT_PER__PAGE__OPTIONS: "20, 50, 100, 200"
|
||||
OPENPROJECT_EMAIL__DELIVERY__METHOD: "smtp"
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }}
|
||||
@@ -61,13 +58,16 @@ environment:
|
||||
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.domain | quote }}
|
||||
OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }}
|
||||
OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }}
|
||||
OPENPROJECT_SMTP__PORT: {{ .Values.smtp.port | quote }}
|
||||
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
||||
OPENPROJECT_SMTP__ADDRESS: {{ .Values.smtp.host | quote }}
|
||||
OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
OPENPROJECT_MAIL__FROM: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
|
||||
@@ -41,7 +41,7 @@ podSecurityContext:
|
||||
postfix:
|
||||
amavisHost: ""
|
||||
amavisPortIn: ""
|
||||
domain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||
domain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
hostname: "postfix"
|
||||
inetProtocols: "ipv4"
|
||||
milterDefaultAction: "accept"
|
||||
@@ -50,7 +50,7 @@ postfix:
|
||||
content:
|
||||
- {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
|
||||
rspamdHost: ""
|
||||
relayHost: {{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}
|
||||
relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
|
||||
relayNets: {{ .Values.cluster.networking.cidr | quote}}
|
||||
smtpSASLAuthEnable: "yes"
|
||||
smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map"
|
||||
@@ -67,7 +67,7 @@ postfix:
|
||||
{{- else if .Values.clamavSimple.enabled }}
|
||||
smtpdMilters: "inet:clamav-simple:7357"
|
||||
{{- end }}
|
||||
virtualMailboxDomains: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||
virtualMailboxDomains: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
virtualTransport: "lmtps:dovecot:24"
|
||||
|
||||
replicaCount: {{ .Values.replicas.postfix }}
|
||||
|
||||
@@ -613,7 +613,7 @@ stack-data-ums:
|
||||
# The openDesk configuration brings its own UMC policies.
|
||||
installUmcPolicies: false
|
||||
domainname: {{ .Values.global.domain | quote }}
|
||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
|
||||
ldapHost: {{ .Values.ldap.host | quote }}
|
||||
ldapBase: {{ .Values.ldap.baseDn | quote }}
|
||||
@@ -654,7 +654,7 @@ stack-data-swp:
|
||||
{{- end }}
|
||||
|
||||
externalDomainName: {{ .Values.global.domain | quote }}
|
||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
|
||||
portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain | quote }}
|
||||
portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }}
|
||||
@@ -1172,7 +1172,7 @@ keycloak-extensions:
|
||||
ipProtectionEnable: true
|
||||
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
|
||||
newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
|
||||
mailFrom: "noreply@{{ .Values.global.domain }}"
|
||||
mailFrom: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
||||
@@ -126,6 +126,13 @@ properties:
|
||||
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.faviconSvg | b64enc }}"
|
||||
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon16.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon16PngB64 }}"
|
||||
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon144.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon144PngB64 }}"
|
||||
## SMTP settings
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ .Values.smtp.host | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": {{ .Values.smtp.port | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ .Values.smtp.username | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.password": {{ .Values.smtp.password | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=true"
|
||||
## Link LDAP users and users authenticated through OIDC
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
|
||||
@@ -78,7 +78,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-element"
|
||||
version: "3.0.0"
|
||||
version: "3.2.0"
|
||||
verify: true
|
||||
elementWellKnown:
|
||||
# providerCategory: "Platform"
|
||||
@@ -88,7 +88,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-well-known"
|
||||
version: "3.0.0"
|
||||
version: "3.2.0"
|
||||
verify: true
|
||||
home:
|
||||
# providerCategory: "Platform"
|
||||
@@ -180,7 +180,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-matrix-user-verification-service"
|
||||
version: "3.0.0"
|
||||
version: "3.2.0"
|
||||
verify: true
|
||||
memcached:
|
||||
# providerCategory: "Community"
|
||||
@@ -210,7 +210,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud"
|
||||
version: "1.5.2"
|
||||
version: "2.0.0"
|
||||
verify: true
|
||||
nextcloudManagement:
|
||||
# providerCategory: "Platform"
|
||||
@@ -220,7 +220,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud-management"
|
||||
version: "1.5.2"
|
||||
version: "2.0.0"
|
||||
verify: true
|
||||
nginx:
|
||||
# providerCategory: "Community"
|
||||
@@ -346,7 +346,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse"
|
||||
version: "3.0.0"
|
||||
version: "3.2.0"
|
||||
verify: true
|
||||
synapseCreateAccount:
|
||||
# providerCategory: "Platform"
|
||||
@@ -356,7 +356,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-create-account"
|
||||
version: "3.0.0"
|
||||
version: "3.2.0"
|
||||
verify: true
|
||||
synapseWeb:
|
||||
# providerCategory: "Platform"
|
||||
@@ -366,7 +366,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-web"
|
||||
version: "3.0.0"
|
||||
version: "3.2.0"
|
||||
verify: true
|
||||
ums:
|
||||
# providerCategory: "Supplier"
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
---
|
||||
global:
|
||||
systemInformation:
|
||||
releaseVersion: "v0.8.0"
|
||||
releaseVersion: "v0.8.1"
|
||||
...
|
||||
|
||||
@@ -20,7 +20,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
tag: "24.04.4.1.1@sha256:8de43029e5994f503e5dc57f62bb3961a2c9d1e3b5362ecb314e33ff898b24fe"
|
||||
tag: "24.04.4.2.1@sha256:268b586d48848958f9a0329f1ce6849f842d1ab2413a3c45ddf2f2dd249efc9a"
|
||||
cryptpad:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "XWiki"
|
||||
@@ -263,7 +263,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["13", "1", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
|
||||
tag: "14.1.1@sha256:ce1fabf4d02534990ebb5c934df8fbd227192a529a2e6e81c7feb412bb3eac8b"
|
||||
tag: "14.2.0@sha256:b4ea55b925de4fc8760ccf30268f0a2d472c4204bd4fc512720e8757489335d6"
|
||||
openprojectBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -279,7 +279,7 @@ images:
|
||||
# upstreamRepository: "library/postgres"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "library/postgres"
|
||||
tag: "16.3-alpine3.20@sha256:f18f3c509f481e4ddf167c108d11ecb07faca78b5e2204a702a379dee1d84f86"
|
||||
tag: "16.3-alpine3.20@sha256:de3d7b6e4b5b3fe899e997579d6dfe95a99539d154abe03f0b6839133ed05065"
|
||||
openxchangeBootstrap:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
|
||||
@@ -8,4 +8,6 @@ smtp:
|
||||
port: 587
|
||||
username: ""
|
||||
password: {{ env "SMTP_PASSWORD" | quote }}
|
||||
|
||||
localpartNoReply: "no-reply"
|
||||
...
|
||||
|
||||
Reference in New Issue
Block a user