mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-08 08:21:40 +01:00
Compare commits
35 Commits
trossner/n
...
lender/fea
| Author | SHA1 | Date | |
|---|---|---|---|
|
0583090916 | ||
|
|
b1acec9171 | ||
|
|
2f56a94b2a | ||
|
|
b5908100dd | ||
|
|
cc16bee370 | ||
|
|
26970483b2 | ||
|
|
f8fa301b6c | ||
|
|
b40b8630c1 | ||
|
|
9b9726087f | ||
|
|
88b29c57e8 | ||
|
|
f2b1384670 | ||
|
|
d916365cb4 | ||
|
|
bba2af0f06 | ||
|
|
1d2b17b495 | ||
|
|
709e50ff7c | ||
|
|
7603bbdc64 | ||
|
|
4b305768c4 | ||
|
|
91a25f4c18 | ||
|
|
006aed791e | ||
|
|
b45a0bf832 | ||
|
|
8e638b6714 | ||
|
|
e91efa8ecc | ||
|
|
58b74c7cfd | ||
|
|
c3417f404c | ||
|
|
799ba97b3c | ||
|
|
9320274162 | ||
|
|
5f58a857ac | ||
|
|
86bfa3e559 | ||
|
|
42f6151121 | ||
|
|
6cbb6b6922 | ||
|
|
7ba84b99ca | ||
|
|
f49980b3ef | ||
|
|
69e66c65f6 | ||
|
|
aed14e1ce1 | ||
|
|
e557393025 |
@@ -4,7 +4,7 @@
|
|||||||
---
|
---
|
||||||
include:
|
include:
|
||||||
- project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
|
- project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
|
||||||
ref: "v2.4.8"
|
ref: "v2.4.9"
|
||||||
file:
|
file:
|
||||||
- "ci/common/lint.yml"
|
- "ci/common/lint.yml"
|
||||||
- "ci/release-automation/semantic-release.yml"
|
- "ci/release-automation/semantic-release.yml"
|
||||||
@@ -232,8 +232,8 @@ variables:
|
|||||||
extends: ".environments"
|
extends: ".environments"
|
||||||
environment:
|
environment:
|
||||||
name: "${NAMESPACE}"
|
name: "${NAMESPACE}"
|
||||||
image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:1.3.1\
|
image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:1.3.2\
|
||||||
@sha256:de527f493044f06009045c369be831ababbc8dd74adaa378613c5acb1e654959"
|
@sha256:87358b39af7403c9a536d1b71fd87ee84394310497dc0fbc90f78b75a3057712"
|
||||||
script:
|
script:
|
||||||
- "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
|
- "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
|
||||||
# MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
|
# MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
|
||||||
@@ -696,7 +696,6 @@ import-default-accounts:
|
|||||||
--admin_enable_knowledgemanagement True \
|
--admin_enable_knowledgemanagement True \
|
||||||
--admin_enable_projectmanagement True \
|
--admin_enable_projectmanagement True \
|
||||||
--create_admin_accounts True \
|
--create_admin_accounts True \
|
||||||
--create_maildomains True \
|
|
||||||
--verify_certificate False
|
--verify_certificate False
|
||||||
|
|
||||||
run-tests:
|
run-tests:
|
||||||
|
|||||||
@@ -1,3 +1,11 @@
|
|||||||
|
## [1.3.2](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.3.1...v1.3.2) (2025-05-06)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **dovecot:** Update Helm chart to fix migration mode ([7ba84b9](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7ba84b99caf61e5a4a35b71d875e9ede0f71423e))
|
||||||
|
* **helmfile:** Explicitly template auth-modules in OX App Suite; Streamline name of OX App Suite EE image ([6cbb6b6](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6cbb6b6922864467ca365bcc9b1cfa49182df050))
|
||||||
|
|
||||||
## [1.3.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.3.0...v1.3.1) (2025-04-24)
|
## [1.3.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.3.0...v1.3.1) (2025-04-24)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -94,7 +94,7 @@ Details regarding the scope/limitation of the component's licenses:
|
|||||||
|
|
||||||
- Nextcloud: Enterprise license to enable [Nextcloud Enterprise](https://nextcloud.com/de/enterprise/) specific features, can be used across multiple installations until the licensed number of users is reached.
|
- Nextcloud: Enterprise license to enable [Nextcloud Enterprise](https://nextcloud.com/de/enterprise/) specific features, can be used across multiple installations until the licensed number of users is reached.
|
||||||
- OpenProject: Domain specific enterprise license to enable [OpenProject's Enterprise feature set](https://www.openproject.org/enterprise-edition/), domain matching can use regular expressions.
|
- OpenProject: Domain specific enterprise license to enable [OpenProject's Enterprise feature set](https://www.openproject.org/enterprise-edition/), domain matching can use regular expressions.
|
||||||
- XWiki: Deployment specific enterprise license (key pair) to activate the [XWiki Pro](https://xwiki.com/en/offerings/products/xwiki-pro) apps.
|
- XWiki: Deployment specific enterprise license (key pair) to activate the [XWiki Pro](https://xwiki.com/en/offerings/products/xwiki-pro) apps. *Caution! XWiki needs these license keys as one-line strings. Multi-line strings result in installation failure*
|
||||||
|
|
||||||
# Component overview
|
# Component overview
|
||||||
|
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ openDesk currently features the following functional main components:
|
|||||||
| Collaborative notes | Notes (aka Docs) | [2.4.0](https://github.com/suitenumerique/docs/releases/tag/v2.4.0) | Online documentation/welcome document available in installed application |
|
| Collaborative notes | Notes (aka Docs) | [2.4.0](https://github.com/suitenumerique/docs/releases/tag/v2.4.0) | Online documentation/welcome document available in installed application |
|
||||||
| Diagram editor | CryptPad ft. diagrams.net | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
| Diagram editor | CryptPad ft. diagrams.net | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||||
| File management | Nextcloud | [30.0.6](https://nextcloud.com/de/changelog/#30-0-6) | [Nextcloud 30](https://docs.nextcloud.com/) |
|
| File management | Nextcloud | [30.0.6](https://nextcloud.com/de/changelog/#30-0-6) | [Nextcloud 30](https://docs.nextcloud.com/) |
|
||||||
| Groupware | OX App Suite | [8.35](https://documentation.open-xchange.com/appsuite/releases/8.35/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
| Groupware | OX App Suite | [8.36](https://documentation.open-xchange.com/appsuite/releases/8.36/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||||
| Knowledge management | XWiki | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
| Knowledge management | XWiki | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||||
| Portal & IAM | Nubus | [1.8.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-8-0-2025-04-07) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
| Portal & IAM | Nubus | [1.8.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-8-0-2025-04-07) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||||
| Project management | OpenProject | [15.5.1](https://www.openproject.org/docs/release-notes/15-5-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
| Project management | OpenProject | [15.5.1](https://www.openproject.org/docs/release-notes/15-5-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||||
|
|||||||
@@ -70,6 +70,10 @@ For your convenience, we recommend creating a `*.domain.tld` A-Record for your c
|
|||||||
| domain.tld | TXT | `v=spf1 +a +mx +a:mail.domain.tld ~all` | Optional, use proper MTA record if present |
|
| domain.tld | TXT | `v=spf1 +a +mx +a:mail.domain.tld ~all` | Optional, use proper MTA record if present |
|
||||||
| _dmarc.domain.tld | TXT | `v=DMARC1; p=quarantine` | Optional |
|
| _dmarc.domain.tld | TXT | `v=DMARC1; p=quarantine` | Optional |
|
||||||
| default._domainkey.domain.tld | TXT | `v=DKIM1; k=rsa; h=sha256; ...` | Optional, DKIM settings |
|
| default._domainkey.domain.tld | TXT | `v=DKIM1; k=rsa; h=sha256; ...` | Optional, DKIM settings |
|
||||||
|
| _caldavs._tcp.domain.tld | SRV | 10 1 443 dav.domain.tld. | Optional, CalDav auto discovery |
|
||||||
|
| _caldav._tcp.domain.tld | SRV | 10 1 80 dav.domain.tld. | Optional, CalDav auto discovery |
|
||||||
|
| _carddavs._tcp.domain.tld | SRV | 10 1 443 dav.domain.tld. | Optional, CardDav auto discovery |
|
||||||
|
| _carddav._tcp.domain.tld | SRV | 10 1 80 dav.domain.tld. | Optional, CardDav auto discovery |
|
||||||
|
|
||||||
## Domain
|
## Domain
|
||||||
|
|
||||||
|
|||||||
@@ -9,19 +9,22 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
* [Disclaimer](#disclaimer)
|
* [Disclaimer](#disclaimer)
|
||||||
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
|
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
|
||||||
* [Manual checks/actions](#manual-checksactions)
|
* [Manual checks/actions](#manual-checksactions)
|
||||||
* [From v1.1.2](#from-v112)
|
* [v1.4.0+](#v140)
|
||||||
* [Pre-upgrade from v1.1.2](#pre-upgrade-from-v112)
|
* [Pre-upgrade to v1.4.0+](#pre-upgrade-to-v140)
|
||||||
|
* [Helmfile cleanup: `global.additionalMailDomains` as list](#helmfile-cleanup-globaladditionalmaildomains-as-list)
|
||||||
|
* [v1.2.0+](#v120)
|
||||||
|
* [Pre-upgrade to v1.2.0+](#pre-upgrade-to-v120)
|
||||||
* [Helmfile cleanup: Do not configure OX provisioning when no OX installed](#helmfile-cleanup-do-not-configure-ox-provisioning-when-no-ox-installed)
|
* [Helmfile cleanup: Do not configure OX provisioning when no OX installed](#helmfile-cleanup-do-not-configure-ox-provisioning-when-no-ox-installed)
|
||||||
* [Helmfile new default: PostgreSQL for XWiki and Nextcloud](#helmfile-new-default-postgresql-for-xwiki-and-nextcloud)
|
* [Helmfile new default: PostgreSQL for XWiki and Nextcloud](#helmfile-new-default-postgresql-for-xwiki-and-nextcloud)
|
||||||
* [From v1.1.1](#from-v111)
|
* [v1.1.2+](#v112)
|
||||||
* [Pre-upgrade from v1.1.1](#pre-upgrade-from-v111)
|
* [Pre-upgrade to v1.1.2+](#pre-upgrade-to-v112)
|
||||||
* [Helmfile feature update: App settings wrapped in `apps.` element](#helmfile-feature-update-app-settings-wrapped-in-apps-element)
|
* [Helmfile feature update: App settings wrapped in `apps.` element](#helmfile-feature-update-app-settings-wrapped-in-apps-element)
|
||||||
* [From v1.1.0](#from-v110)
|
* [v1.1.1+](#v111)
|
||||||
* [Pre-upgrade from v1.1.0](#pre-upgrade-from-v110)
|
* [Pre-upgrade to v1.1.1](#pre-upgrade-to-v111)
|
||||||
* [Helmfile feature update: Component specific `storageClassName`](#helmfile-feature-update-component-specific-storageclassname)
|
* [Helmfile feature update: Component specific `storageClassName`](#helmfile-feature-update-component-specific-storageclassname)
|
||||||
* [Helmfile new secret: `secrets.nubus.masterpassword`](#helmfile-new-secret-secretsnubusmasterpassword)
|
* [Helmfile new secret: `secrets.nubus.masterpassword`](#helmfile-new-secret-secretsnubusmasterpassword)
|
||||||
* [From v1.0.0](#from-v100)
|
* [v1.1.0+](#v110)
|
||||||
* [Pre-upgrade from v1.0.0](#pre-upgrade-from-v100)
|
* [Pre-upgrade to v1.1.0](#pre-upgrade-to-v110)
|
||||||
* [Helmfile cleanup: Restructured `/helmfile/files/theme` folder](#helmfile-cleanup-restructured-helmfilefilestheme-folder)
|
* [Helmfile cleanup: Restructured `/helmfile/files/theme` folder](#helmfile-cleanup-restructured-helmfilefilestheme-folder)
|
||||||
* [Helmfile cleanup: Consistent use of `*.yaml.gotmpl`](#helmfile-cleanup-consistent-use-of-yamlgotmpl)
|
* [Helmfile cleanup: Consistent use of `*.yaml.gotmpl`](#helmfile-cleanup-consistent-use-of-yamlgotmpl)
|
||||||
* [Helmfile cleanup: Prefixing certain app directories with `opendesk-`](#helmfile-cleanup-prefixing-certain-app-directories-with-opendesk-)
|
* [Helmfile cleanup: Prefixing certain app directories with `opendesk-`](#helmfile-cleanup-prefixing-certain-app-directories-with-opendesk-)
|
||||||
@@ -31,10 +34,10 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
* [openDesk defaults (new): Enforce login](#opendesk-defaults-new-enforce-login)
|
* [openDesk defaults (new): Enforce login](#opendesk-defaults-new-enforce-login)
|
||||||
* [openDesk defaults (changed): Jitsi room history enabled](#opendesk-defaults-changed-jitsi-room-history-enabled)
|
* [openDesk defaults (changed): Jitsi room history enabled](#opendesk-defaults-changed-jitsi-room-history-enabled)
|
||||||
* [External requirements: Redis 7.4](#external-requirements-redis-74)
|
* [External requirements: Redis 7.4](#external-requirements-redis-74)
|
||||||
* [Post-upgrade from v1.0.0](#post-upgrade-from-v100)
|
* [Post-upgrade to v1.1.0+](#post-upgrade-to-v110)
|
||||||
* [XWiki fix-ups](#xwiki-fix-ups)
|
* [XWiki fix-ups](#xwiki-fix-ups)
|
||||||
* [From v0.9.0](#from-v090)
|
* [v1.1.0](#v110-1)
|
||||||
* [Pre-upgrade from v0.9.0](#pre-upgrade-from-v090)
|
* [Pre-upgrade to v1.1.0](#pre-upgrade-to-v110-1)
|
||||||
* [Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus](#configuration-cleanup-removal-of-unnecessary-ox-profiles-in-nubus)
|
* [Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus](#configuration-cleanup-removal-of-unnecessary-ox-profiles-in-nubus)
|
||||||
* [Configuration Cleanup: Updated `global.imagePullSecrets`](#configuration-cleanup-updated-globalimagepullsecrets)
|
* [Configuration Cleanup: Updated `global.imagePullSecrets`](#configuration-cleanup-updated-globalimagepullsecrets)
|
||||||
* [Changed openDesk defaults: Matrix presence status disabled](#changed-opendesk-defaults-matrix-presence-status-disabled)
|
* [Changed openDesk defaults: Matrix presence status disabled](#changed-opendesk-defaults-matrix-presence-status-disabled)
|
||||||
@@ -42,20 +45,20 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
* [Changed openDesk defaults: File-share configurability](#changed-opendesk-defaults-file-share-configurability)
|
* [Changed openDesk defaults: File-share configurability](#changed-opendesk-defaults-file-share-configurability)
|
||||||
* [Changed openDesk defaults: Updated default subdomains in `global.hosts`](#changed-opendesk-defaults-updated-default-subdomains-in-globalhosts)
|
* [Changed openDesk defaults: Updated default subdomains in `global.hosts`](#changed-opendesk-defaults-updated-default-subdomains-in-globalhosts)
|
||||||
* [Changed openDesk defaults: Dedicated group for access to the UDM REST API](#changed-opendesk-defaults-dedicated-group-for-access-to-the-udm-rest-api)
|
* [Changed openDesk defaults: Dedicated group for access to the UDM REST API](#changed-opendesk-defaults-dedicated-group-for-access-to-the-udm-rest-api)
|
||||||
* [Post-upgrade from v0.9.0](#post-upgrade-from-v090)
|
* [Post-upgrade to v1.0.0+](#post-upgrade-to-v100)
|
||||||
* [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
|
* [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
|
||||||
* [Optional Cleanup](#optional-cleanup)
|
* [Optional Cleanup](#optional-cleanup)
|
||||||
* [From v0.8.1](#from-v081)
|
* [v0.9.0](#v090)
|
||||||
* [Pre-upgrade from v0.8.1](#pre-upgrade-from-v081)
|
* [Pre-upgrade to v0.9.0](#pre-upgrade-to-v090)
|
||||||
* [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
|
* [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
|
||||||
* [Updated customizable template attributes](#updated-customizable-template-attributes)
|
* [Updated customizable template attributes](#updated-customizable-template-attributes)
|
||||||
* [`migrations` S3 bucket](#migrations-s3-bucket)
|
* [`migrations` S3 bucket](#migrations-s3-bucket)
|
||||||
* [Automated migrations - Details](#automated-migrations---details)
|
* [Automated migrations - Details](#automated-migrations---details)
|
||||||
* [From v1.1.2 (automated)](#from-v112-automated)
|
* [v1.2.0+ (automated)](#v120-automated)
|
||||||
* [migrations-pre](#migrations-pre)
|
* [migrations-pre](#migrations-pre)
|
||||||
* [migrations-post](#migrations-post)
|
* [migrations-post](#migrations-post)
|
||||||
* [From v1.0.0 (automated)](#from-v100-automated)
|
* [v1.1.0+ (automated)](#v110-automated)
|
||||||
* [From v0.9.0 (automated)](#from-v090-automated)
|
* [v1.0.0+ (automated)](#v100-automated)
|
||||||
* [Related components and artifacts](#related-components-and-artifacts)
|
* [Related components and artifacts](#related-components-and-artifacts)
|
||||||
* [Development](#development)
|
* [Development](#development)
|
||||||
<!-- TOC -->
|
<!-- TOC -->
|
||||||
@@ -97,11 +100,35 @@ If you would like more details about the automated migrations, please read secti
|
|||||||
|
|
||||||
# Manual checks/actions
|
# Manual checks/actions
|
||||||
|
|
||||||
Be sure you check all the sections for the releases you are going to update your current deployment from.
|
## v1.4.0+
|
||||||
|
|
||||||
## From v1.1.2
|
### Pre-upgrade to v1.4.0+
|
||||||
|
|
||||||
### Pre-upgrade from v1.1.2
|
#### Helmfile cleanup: `global.additionalMailDomains` as list
|
||||||
|
|
||||||
|
**Target group:** Installations that have set `global.additionalMailDomains`.
|
||||||
|
|
||||||
|
The `additionalMailDomains` had to be defined as a comma separated string. That now needs to change into a list of domains.
|
||||||
|
|
||||||
|
For example the following config:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
global:
|
||||||
|
additionalMailDomains: "sub1.maildomain.de,sub2.maildomain.de"
|
||||||
|
```
|
||||||
|
|
||||||
|
Needs to change to:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
global:
|
||||||
|
additionalMailDomains:
|
||||||
|
- "sub1.maildomain.de"
|
||||||
|
- "sub2.maildomain.de"
|
||||||
|
```
|
||||||
|
|
||||||
|
## v1.2.0+
|
||||||
|
|
||||||
|
### Pre-upgrade to v1.2.0+
|
||||||
|
|
||||||
#### Helmfile cleanup: Do not configure OX provisioning when no OX installed
|
#### Helmfile cleanup: Do not configure OX provisioning when no OX installed
|
||||||
|
|
||||||
@@ -111,7 +138,7 @@ With openDesk 1.2.0 the OX provisioning consumer will not be registered when the
|
|||||||
|
|
||||||
We do not remove the consumer for existing installations, if you want to do that for your existing installation please perform the following steps:
|
We do not remove the consumer for existing installations, if you want to do that for your existing installation please perform the following steps:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
export NAMESPACE=<your_namespace>
|
export NAMESPACE=<your_namespace>
|
||||||
kubectl -n ${NAMESPACE} exec -it ums-provisioning-nats-0 -c nats-box -- sh -c 'nats consumer rm stream:ox-connector durable_name:ox-connector --user=admin --password=${NATS_PASSWORD} --force'
|
kubectl -n ${NAMESPACE} exec -it ums-provisioning-nats-0 -c nats-box -- sh -c 'nats consumer rm stream:ox-connector durable_name:ox-connector --user=admin --password=${NATS_PASSWORD} --force'
|
||||||
kubectl -n ${NAMESPACE} exec -it ums-provisioning-nats-0 -c nats-box -- sh -c 'nats stream rm stream:ox-connector --user=admin --password=${NATS_PASSWORD} --force'
|
kubectl -n ${NAMESPACE} exec -it ums-provisioning-nats-0 -c nats-box -- sh -c 'nats stream rm stream:ox-connector --user=admin --password=${NATS_PASSWORD} --force'
|
||||||
@@ -162,9 +189,9 @@ In case you are planning to migrate an existing instance from MariaDB to Postgre
|
|||||||
- https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Backup#HUsingtheXWikiExportfeature
|
- https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Backup#HUsingtheXWikiExportfeature
|
||||||
- https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/ImportExport
|
- https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/ImportExport
|
||||||
|
|
||||||
## From v1.1.1
|
## v1.1.2+
|
||||||
|
|
||||||
### Pre-upgrade from v1.1.1
|
### Pre-upgrade to v1.1.2+
|
||||||
|
|
||||||
#### Helmfile feature update: App settings wrapped in `apps.` element
|
#### Helmfile feature update: App settings wrapped in `apps.` element
|
||||||
|
|
||||||
@@ -176,7 +203,7 @@ If you have a deployment where you specify settings found in the aforementioned
|
|||||||
|
|
||||||
The following configuration:
|
The following configuration:
|
||||||
|
|
||||||
```
|
```yaml
|
||||||
certificates:
|
certificates:
|
||||||
enabled: false
|
enabled: false
|
||||||
notes:
|
notes:
|
||||||
@@ -185,7 +212,7 @@ notes:
|
|||||||
|
|
||||||
Needs to be changed to:
|
Needs to be changed to:
|
||||||
|
|
||||||
```
|
```yaml
|
||||||
apps:
|
apps:
|
||||||
certificates:
|
certificates:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -193,9 +220,9 @@ apps:
|
|||||||
enabled: true
|
enabled: true
|
||||||
```
|
```
|
||||||
|
|
||||||
## From v1.1.0
|
## v1.1.1+
|
||||||
|
|
||||||
### Pre-upgrade from v1.1.0
|
### Pre-upgrade to v1.1.1
|
||||||
|
|
||||||
#### Helmfile feature update: Component specific `storageClassName`
|
#### Helmfile feature update: Component specific `storageClassName`
|
||||||
|
|
||||||
@@ -248,9 +275,9 @@ persistence:
|
|||||||
|
|
||||||
A not yet templated secret was discovered in the Nubus deployment. It is now declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) and can be defined using: `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the same value as the `MASTER_PASSWORD` environment variable used in your deployment.
|
A not yet templated secret was discovered in the Nubus deployment. It is now declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) and can be defined using: `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the same value as the `MASTER_PASSWORD` environment variable used in your deployment.
|
||||||
|
|
||||||
## From v1.0.0
|
## v1.1.0+
|
||||||
|
|
||||||
### Pre-upgrade from v1.0.0
|
### Pre-upgrade to v1.1.0
|
||||||
|
|
||||||
#### Helmfile cleanup: Restructured `/helmfile/files/theme` folder
|
#### Helmfile cleanup: Restructured `/helmfile/files/theme` folder
|
||||||
|
|
||||||
@@ -413,7 +440,7 @@ The update from openDesk v1.0.0 contains Redis 7.4.1, like the other openDesk bu
|
|||||||
|
|
||||||
Please ensure the Redis you are using is updated to at least version 7.4 to support the requirement of OX App Suite.
|
Please ensure the Redis you are using is updated to at least version 7.4 to support the requirement of OX App Suite.
|
||||||
|
|
||||||
### Post-upgrade from v1.0.0
|
### Post-upgrade to v1.1.0+
|
||||||
|
|
||||||
#### XWiki fix-ups
|
#### XWiki fix-ups
|
||||||
|
|
||||||
@@ -439,9 +466,9 @@ Unfortunately XWiki does not upgrade itself as expected. The bug has been report
|
|||||||
|
|
||||||
You should have now a fully functional XWiki instance with single sign-on and full-text search.
|
You should have now a fully functional XWiki instance with single sign-on and full-text search.
|
||||||
|
|
||||||
## From v0.9.0
|
## v1.1.0
|
||||||
|
|
||||||
### Pre-upgrade from v0.9.0
|
### Pre-upgrade to v1.1.0
|
||||||
|
|
||||||
#### Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus
|
#### Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus
|
||||||
|
|
||||||
@@ -623,7 +650,7 @@ The IAM admin account `Administrator` is the only member of this group by defaul
|
|||||||
|
|
||||||
If you need other accounts to use the API, please assign them to the aforementioned group.
|
If you need other accounts to use the API, please assign them to the aforementioned group.
|
||||||
|
|
||||||
### Post-upgrade from v0.9.0
|
### Post-upgrade to v1.0.0+
|
||||||
|
|
||||||
#### Configuration Improvement: Separate user permission for using Video Conference component
|
#### Configuration Improvement: Separate user permission for using Video Conference component
|
||||||
|
|
||||||
@@ -653,9 +680,9 @@ kubectl -n ${NAMESPACE} delete pvc shared-run-ums-ldap-server-0
|
|||||||
kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
||||||
```
|
```
|
||||||
|
|
||||||
## From v0.8.1
|
## v0.9.0
|
||||||
|
|
||||||
### Pre-upgrade from v0.8.1
|
### Pre-upgrade to v0.9.0
|
||||||
|
|
||||||
#### Updated `cluster.networking.cidr`
|
#### Updated `cluster.networking.cidr`
|
||||||
|
|
||||||
@@ -678,7 +705,7 @@ kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
|||||||
|
|
||||||
# Automated migrations - Details
|
# Automated migrations - Details
|
||||||
|
|
||||||
## From v1.1.2 (automated)
|
## v1.2.0+ (automated)
|
||||||
|
|
||||||
> **Note**<br>
|
> **Note**<br>
|
||||||
> Details can be found in [run_4.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_4.py).
|
> Details can be found in [run_4.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_4.py).
|
||||||
@@ -692,7 +719,7 @@ kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
|
|||||||
|
|
||||||
- Restarting Deployment `ums-provisioning-udm-transformer` and StatefulSet `ums-provisioning-udm-listener` as well as deleting the Nubus Provisioning consumer `durable_name:incoming` on stream `stream:incoming`: Due to a bug in Nubus 1.7.0 the `incoming` stream was blocked after the upgrade, the aforementioned measures unblock the stream.
|
- Restarting Deployment `ums-provisioning-udm-transformer` and StatefulSet `ums-provisioning-udm-listener` as well as deleting the Nubus Provisioning consumer `durable_name:incoming` on stream `stream:incoming`: Due to a bug in Nubus 1.7.0 the `incoming` stream was blocked after the upgrade, the aforementioned measures unblock the stream.
|
||||||
|
|
||||||
## From v1.0.0 (automated)
|
## v1.1.0+ (automated)
|
||||||
|
|
||||||
With openDesk v1.1.0 the IAM stack supports HA LDAP primary as well as scalable LDAP secondary pods.
|
With openDesk v1.1.0 the IAM stack supports HA LDAP primary as well as scalable LDAP secondary pods.
|
||||||
|
|
||||||
@@ -703,7 +730,7 @@ creating the config map with the mentioned label.
|
|||||||
> **Note**<br>
|
> **Note**<br>
|
||||||
> Details can be found in [run_3.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
|
> Details can be found in [run_3.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
|
||||||
|
|
||||||
## From v0.9.0 (automated)
|
## v1.0.0+ (automated)
|
||||||
|
|
||||||
The `migrations-pre` and `migrations-post` jobs in the openDesk deployment address the automated migration tasks.
|
The `migrations-pre` and `migrations-post` jobs in the openDesk deployment address the automated migration tasks.
|
||||||
|
|
||||||
|
|||||||
@@ -29,11 +29,13 @@ openDesk is a Kubernetes-only solution and requires an existing Kubernetes (K8s)
|
|||||||
- K8s cluster >= v1.24, [CNCF Certified Kubernetes distribution](https://www.cncf.io/certification/software-conformance/)
|
- K8s cluster >= v1.24, [CNCF Certified Kubernetes distribution](https://www.cncf.io/certification/software-conformance/)
|
||||||
- Domain and DNS Service
|
- Domain and DNS Service
|
||||||
- Ingress controller (Ingress NGINX) >= [4.11.5/1.11.5](https://github.com/kubernetes/ingress-nginx/releases)
|
- Ingress controller (Ingress NGINX) >= [4.11.5/1.11.5](https://github.com/kubernetes/ingress-nginx/releases)
|
||||||
- [Helm](https://helm.sh/) >= v3.9.0
|
- [Helm](https://helm.sh/) >= v3.17.3
|
||||||
- [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= v1.0.0-rc8
|
- [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= v1.0.0
|
||||||
- [HelmDiff](https://github.com/databus23/helm-diff) >= v3.6.0
|
- [HelmDiff](https://github.com/databus23/helm-diff) >= v3.11.0
|
||||||
- Volume provisioner supporting RWO (read-write-once)[^1]
|
- Volume provisioner supporting RWO (read-write-once)[^1]
|
||||||
- Certificate handling with [cert-manager](https://cert-manager.io/)
|
- Certificate handling with [cert-manager](https://cert-manager.io/)
|
||||||
|
|
||||||
|
**Additional openDesk Enterprise requirements**
|
||||||
- [OpenKruise](https://openkruise.io/)[^2] >= v1.6
|
- [OpenKruise](https://openkruise.io/)[^2] >= v1.6
|
||||||
|
|
||||||
# Hardware
|
# Hardware
|
||||||
|
|||||||
@@ -24,9 +24,9 @@ releases:
|
|||||||
chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}"
|
chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}"
|
||||||
version: "{{ .Values.charts.nextcloudManagement.version }}"
|
version: "{{ .Values.charts.nextcloudManagement.version }}"
|
||||||
values:
|
values:
|
||||||
- "values-nextcloud-management.yaml.gotmpl"
|
- "values-nextcloud-mgmt.yaml.gotmpl"
|
||||||
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
|
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
|
||||||
- "values-nextcloud-management-ee.yaml.gotmpl"
|
- "values-nextcloud-mgmt-enterprise.yaml.gotmpl"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- range .Values.customization.release.opendeskNextcloudManagement }}
|
{{- range .Values.customization.release.opendeskNextcloudManagement }}
|
||||||
- {{ . }}
|
- {{ . }}
|
||||||
@@ -41,7 +41,7 @@ releases:
|
|||||||
values:
|
values:
|
||||||
- "values-nextcloud.yaml.gotmpl"
|
- "values-nextcloud.yaml.gotmpl"
|
||||||
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
|
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
|
||||||
- "values-nextcloud-ee.yaml.gotmpl"
|
- "values-nextcloud-enterprise.yaml.gotmpl"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- range .Values.customization.release.opendeskNextcloud }}
|
{{- range .Values.customization.release.opendeskNextcloud }}
|
||||||
- {{ . }}
|
- {{ . }}
|
||||||
@@ -49,19 +49,6 @@ releases:
|
|||||||
needs:
|
needs:
|
||||||
- "opendesk-nextcloud-management"
|
- "opendesk-nextcloud-management"
|
||||||
installed: {{ .Values.apps.nextcloud.enabled }}
|
installed: {{ .Values.apps.nextcloud.enabled }}
|
||||||
- name: "opendesk-nextcloud-notifypush"
|
|
||||||
chart: "nextcloud-repo/{{ .Values.charts.nextcloudNotifyPush.name }}"
|
|
||||||
version: "{{ .Values.charts.nextcloudNotifyPush.version }}"
|
|
||||||
values:
|
|
||||||
- "values-nextcloud-notifypush.yaml.gotmpl"
|
|
||||||
{{- range .Values.customization.release.opendeskNextcloudNotifyPush }}
|
|
||||||
- {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
wait: true
|
|
||||||
needs:
|
|
||||||
- "opendesk-nextcloud"
|
|
||||||
installed: {{ and .Values.apps.nextcloud.enabled (gt .Values.replicas.nextcloudNotifyPush 0) }}
|
|
||||||
timeout: 900
|
|
||||||
|
|
||||||
commonLabels:
|
commonLabels:
|
||||||
deployStage: "050-components"
|
deployStage: "050-components"
|
||||||
|
|||||||
@@ -67,8 +67,6 @@ configuration:
|
|||||||
enabled: true
|
enabled: true
|
||||||
integrationOpenproject:
|
integrationOpenproject:
|
||||||
enabled: {{ .Values.apps.openproject.enabled }}
|
enabled: {{ .Values.apps.openproject.enabled }}
|
||||||
notifyPush:
|
|
||||||
enabled: {{ gt .Values.replicas.nextcloudNotifyPush 0 }}
|
|
||||||
spreed:
|
spreed:
|
||||||
enabled: true
|
enabled: true
|
||||||
circles:
|
circles:
|
||||||
@@ -1,135 +0,0 @@
|
|||||||
{{/*
|
|
||||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
|
||||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
||||||
SPDX-License-Identifier: Apache-2.0
|
|
||||||
*/}}
|
|
||||||
---
|
|
||||||
global:
|
|
||||||
domain: {{ .Values.global.domain | quote }}
|
|
||||||
hosts:
|
|
||||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
||||||
|
|
||||||
additionalAnnotations:
|
|
||||||
intents.otterize.com/service-name: "opendesk-nextcloud-notifypush"
|
|
||||||
{{- with .Values.annotations.nextcloudNotifyPush.additional }}
|
|
||||||
{{ . | toYaml | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
configuration:
|
|
||||||
cache:
|
|
||||||
auth:
|
|
||||||
enabled: true
|
|
||||||
username:
|
|
||||||
value: {{ .Values.cache.nextcloud.username }}
|
|
||||||
password:
|
|
||||||
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
|
||||||
host: {{ .Values.cache.nextcloud.host | quote }}
|
|
||||||
port: {{ .Values.cache.nextcloud.port | quote }}
|
|
||||||
tls: {{ .Values.cache.nextcloud.tls }}
|
|
||||||
database:
|
|
||||||
{{ if eq .Values.databases.nextcloud.type "mariadb" }}
|
|
||||||
type: "mysql"
|
|
||||||
{{ else if eq .Values.databases.nextcloud.type "postgresql" }}
|
|
||||||
type: "postgres"
|
|
||||||
{{ else }}
|
|
||||||
{{ .Values.databases.nextcloud.type | quote }}
|
|
||||||
{{ end }}
|
|
||||||
host: {{ .Values.databases.nextcloud.host | quote }}
|
|
||||||
port: {{ .Values.databases.nextcloud.port | quote }}
|
|
||||||
name: {{ .Values.databases.nextcloud.name | quote }}
|
|
||||||
auth:
|
|
||||||
username:
|
|
||||||
value: {{ .Values.databases.nextcloud.username | quote }}
|
|
||||||
password:
|
|
||||||
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
|
||||||
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
|
|
||||||
{{- else }}
|
|
||||||
value: {{ .Values.databases.nextcloud.password | quote }}
|
|
||||||
{{- end }}
|
|
||||||
trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
|
|
||||||
containerSecurityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- "ALL"
|
|
||||||
enabled: true
|
|
||||||
privileged: false
|
|
||||||
runAsUser: 101
|
|
||||||
runAsGroup: 101
|
|
||||||
seccompProfile:
|
|
||||||
type: "RuntimeDefault"
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
runAsNonRoot: true
|
|
||||||
seLinuxOptions:
|
|
||||||
{{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }}
|
|
||||||
# debug:
|
|
||||||
# loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }}
|
|
||||||
# {{- if .Values.certificate.selfSigned }}
|
|
||||||
# extraEnvVars:
|
|
||||||
# - name: "FS_IMPORT_CA_CERTIFICATES"
|
|
||||||
# value: "true"
|
|
||||||
# {{- end }}
|
|
||||||
# {{- if .Values.certificate.selfSigned }}
|
|
||||||
# extraVolumes:
|
|
||||||
# - name: "trusted-cert-secret-volume"
|
|
||||||
# secret:
|
|
||||||
# secretName: "opendesk-certificates-ca-tls"
|
|
||||||
# items:
|
|
||||||
# - key: "ca.crt"
|
|
||||||
# path: "ca-certificates.crt"
|
|
||||||
# extraVolumeMounts:
|
|
||||||
# - name: "trusted-cert-secret-volume"
|
|
||||||
# mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
|
||||||
# subPath: "ca-certificates.crt"
|
|
||||||
# {{- end }}
|
|
||||||
image:
|
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
|
|
||||||
repository: {{ .Values.images.nextcloud.repository | quote }}
|
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
||||||
tag: {{ .Values.images.nextcloud.tag | quote }}
|
|
||||||
ingress:
|
|
||||||
enabled: {{ .Values.ingress.enabled }}
|
|
||||||
annotations:
|
|
||||||
{{- with .Values.annotations.nextcloudNotifyPush.ingress }}
|
|
||||||
{{ . | toYaml | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
|
||||||
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
|
||||||
tls:
|
|
||||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
|
||||||
metrics:
|
|
||||||
enabled: true
|
|
||||||
service:
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nextcloudNotifyPush.serviceMetrics | toYaml | nindent 6 }}
|
|
||||||
|
|
||||||
podAnnotations:
|
|
||||||
{{ .Values.annotations.nextcloudNotifyPush.pod | toYaml | nindent 4 }}
|
|
||||||
podSecurityContext:
|
|
||||||
fsGroup: 101
|
|
||||||
# prometheus:
|
|
||||||
# serviceMonitor:
|
|
||||||
# enabled: { .Values.monitoring.prometheus.serviceMonitors.enabled }}
|
|
||||||
# labels:
|
|
||||||
# { .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
|
|
||||||
# prometheusRule:
|
|
||||||
# enabled: { .Values.monitoring.prometheus.prometheusRules.enabled }}
|
|
||||||
# additionalLabels:
|
|
||||||
# { .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
|
|
||||||
replicaCount: {{ .Values.replicas.nextcloudNotifyPush }}
|
|
||||||
resources:
|
|
||||||
{{ .Values.resources.nextcloudNotifyPush | toYaml | nindent 4 }}
|
|
||||||
|
|
||||||
service:
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nextcloudNotifyPush.service | toYaml | nindent 6 }}
|
|
||||||
|
|
||||||
serviceAccount:
|
|
||||||
annotations:
|
|
||||||
{{ .Values.annotations.nextcloudNotifyPush.serviceAccount | toYaml | nindent 6 }}
|
|
||||||
|
|
||||||
...
|
|
||||||
@@ -246,6 +246,8 @@ keycloak:
|
|||||||
extraEnvVars:
|
extraEnvVars:
|
||||||
- name: "KC_HTTPS_TRUST_STORE_FILE"
|
- name: "KC_HTTPS_TRUST_STORE_FILE"
|
||||||
value: "/etc/ssl/certs/truststore.jks"
|
value: "/etc/ssl/certs/truststore.jks"
|
||||||
|
- name: "KC_TRUSTSTORE_PATHS"
|
||||||
|
value: "/etc/ssl/certs/ca-certificates.crt"
|
||||||
- name: "KC_HTTPS_TRUST_STORE_PASSWORD"
|
- name: "KC_HTTPS_TRUST_STORE_PASSWORD"
|
||||||
value: {{ .Values.secrets.certificates.password | quote }}
|
value: {{ .Values.secrets.certificates.password | quote }}
|
||||||
- name: "KC_HTTPS_TRUST_STORE_TYPE"
|
- name: "KC_HTTPS_TRUST_STORE_TYPE"
|
||||||
@@ -818,21 +820,7 @@ nubusPortalConsumer:
|
|||||||
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
repository: {{ .Values.images.nubusWaitForDependency.repository }}
|
||||||
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
tag: {{ .Values.images.nubusWaitForDependency.tag }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
{{- if .Values.certificate.selfSigned }}
|
{{- if .Values.certificate.selfSigned }}
|
||||||
extraVolumes:
|
|
||||||
- name: "trusted-cert-secret-volume"
|
|
||||||
secret:
|
|
||||||
secretName: "opendesk-certificates-ca-tls"
|
|
||||||
items:
|
|
||||||
- key: "ca.crt"
|
|
||||||
path: "ca-certificates.crt"
|
|
||||||
- key: "ca.crt"
|
|
||||||
path: "cacert.pem"
|
|
||||||
extraVolumeMounts:
|
|
||||||
- name: "trusted-cert-secret-volume"
|
|
||||||
mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
|
||||||
subPath: "ca-certificates.crt"
|
|
||||||
waitForDependency:
|
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: "trusted-cert-secret-volume"
|
- name: "trusted-cert-secret-volume"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@@ -849,6 +837,21 @@ nubusPortalConsumer:
|
|||||||
value: "/etc/ssl/certs/ca-certificates.crt"
|
value: "/etc/ssl/certs/ca-certificates.crt"
|
||||||
- name: "SSL_CERT_FILE"
|
- name: "SSL_CERT_FILE"
|
||||||
value: "/etc/ssl/certs/ca-certificates.crt"
|
value: "/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.certificate.selfSigned }}
|
||||||
|
extraVolumes:
|
||||||
|
- name: "trusted-cert-secret-volume"
|
||||||
|
secret:
|
||||||
|
secretName: "opendesk-certificates-ca-tls"
|
||||||
|
items:
|
||||||
|
- key: "ca.crt"
|
||||||
|
path: "ca-certificates.crt"
|
||||||
|
- key: "ca.crt"
|
||||||
|
path: "cacert.pem"
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: "trusted-cert-secret-volume"
|
||||||
|
mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
||||||
|
subPath: "ca-certificates.crt"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
nubusPortalServer:
|
nubusPortalServer:
|
||||||
@@ -1396,7 +1399,7 @@ nubusSelfServiceConsumer:
|
|||||||
nubusStackDataUms:
|
nubusStackDataUms:
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
argocd.argoproj.io/hook: "Sync"
|
argocd.argoproj.io/hook: "Sync"
|
||||||
argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
|
argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
|
||||||
intents.otterize.com/service-name: "ums-stack-data-ums"
|
intents.otterize.com/service-name: "ums-stack-data-ums"
|
||||||
{{- with .Values.annotations.nubusStackDataUms.additional }}
|
{{- with .Values.annotations.nubusStackDataUms.additional }}
|
||||||
{{ . | toYaml | nindent 4 }}
|
{{ . | toYaml | nindent 4 }}
|
||||||
@@ -1729,6 +1732,7 @@ nubusUmcGateway:
|
|||||||
nubusKeycloakBootstrap:
|
nubusKeycloakBootstrap:
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
argocd.argoproj.io/hook: "Sync"
|
argocd.argoproj.io/hook: "Sync"
|
||||||
|
argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
|
||||||
{{- with .Values.annotations.nubusKeycloakBootstrapNubus.additional }}
|
{{- with .Values.annotations.nubusKeycloakBootstrapNubus.additional }}
|
||||||
{{ . | toYaml | nindent 4 }}
|
{{ . | toYaml | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -23,7 +23,8 @@ imagePullSecrets:
|
|||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 2 }}
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 2 }}
|
||||||
|
|
||||||
dovecot:
|
dovecot:
|
||||||
mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
mailDomains: {{ toYaml (prepend .Values.global.additionalMailDomains (.Values.global.mailDomain | default .Values.global.domain) | uniq) | nindent 4 }}
|
||||||
|
defaultMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.dovecot.doveadm | quote }}
|
value: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||||
migration:
|
migration:
|
||||||
|
|||||||
@@ -108,8 +108,9 @@ appsuite:
|
|||||||
hosts:
|
hosts:
|
||||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
||||||
dav:
|
dav:
|
||||||
|
enabled: {{ .Values.functional.groupware.davSupport.enabled }}
|
||||||
hosts:
|
hosts:
|
||||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
- "{{ .Values.global.hosts.openxchangeDav }}.{{ .Values.global.domain }}"
|
||||||
routes:
|
routes:
|
||||||
appsuite-base:
|
appsuite-base:
|
||||||
annotations:
|
annotations:
|
||||||
@@ -215,7 +216,7 @@ appsuite:
|
|||||||
host: "all"
|
host: "all"
|
||||||
productName: {{ .Values.theme.texts.productName | quote }}
|
productName: {{ .Values.theme.texts.productName | quote }}
|
||||||
oidcLogin: true
|
oidcLogin: true
|
||||||
oidcPath: "/oidc"
|
oidcPath: "/oidc/"
|
||||||
masterAdmin: "admin"
|
masterAdmin: "admin"
|
||||||
masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
|
masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
|
||||||
hzGroupName: "hzgroup"
|
hzGroupName: "hzgroup"
|
||||||
@@ -278,17 +279,14 @@ appsuite:
|
|||||||
status:
|
status:
|
||||||
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
{{- if .Values.functional.migration.oxAppSuite.enabled }}
|
||||||
open-xchange-oidc: "disabled"
|
open-xchange-oidc: "disabled"
|
||||||
open-xchange-authentication-oauth: "disabled"
|
|
||||||
open-xchange-authentication-masterpassword: "enabled"
|
open-xchange-authentication-masterpassword: "enabled"
|
||||||
open-xchange-authentication-database: "disabled"
|
|
||||||
open-xchange-authentication-ldap: "disabled"
|
|
||||||
{{- else }}
|
{{- else }}
|
||||||
open-xchange-oidc: "enabled"
|
open-xchange-oidc: "enabled"
|
||||||
open-xchange-authentication-oauth: "enabled"
|
|
||||||
open-xchange-authentication-masterpassword: "disabled"
|
open-xchange-authentication-masterpassword: "disabled"
|
||||||
|
{{- end }}
|
||||||
|
open-xchange-authentication-oauth: "disabled"
|
||||||
open-xchange-authentication-database: "disabled"
|
open-xchange-authentication-database: "disabled"
|
||||||
open-xchange-authentication-ldap: "disabled"
|
open-xchange-authentication-ldap: "disabled"
|
||||||
{{- end }}
|
|
||||||
# OX Documents (office-web) is not used in openDesk
|
# OX Documents (office-web) is not used in openDesk
|
||||||
open-xchange-documents-backend: "disabled"
|
open-xchange-documents-backend: "disabled"
|
||||||
open-xchange-documents-monitoring: "disabled"
|
open-xchange-documents-monitoring: "disabled"
|
||||||
@@ -323,18 +321,8 @@ appsuite:
|
|||||||
com.openexchange.oidc.startDefaultBackend: "true"
|
com.openexchange.oidc.startDefaultBackend: "true"
|
||||||
com.openexchange.oidc.userLookupClaim: "opendesk_username"
|
com.openexchange.oidc.userLookupClaim: "opendesk_username"
|
||||||
com.openexchange.oidc.userLookupNamePart: "full"
|
com.openexchange.oidc.userLookupNamePart: "full"
|
||||||
# OAUTH
|
com.openexchange.oidc.enablePasswordGrant: "true"
|
||||||
com.openexchange.oauth.provider.enabled: "true"
|
com.openexchange.oidc.passwordGrantUserNamePart: "local-part"
|
||||||
com.openexchange.oauth.provider.allowedIssuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
|
||||||
com.openexchange.oauth.provider.contextLookupClaim: "context"
|
|
||||||
com.openexchange.oauth.provider.contextLookupNamePart: "full"
|
|
||||||
com.openexchange.oauth.provider.jwt.jwksUri: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
|
||||||
com.openexchange.oauth.provider.mode: "expect_jwt"
|
|
||||||
com.openexchange.oauth.provider.userLookupNamePart: "full"
|
|
||||||
com.openexchange.oauth.provider.userLookupClaim: "opendesk_username"
|
|
||||||
com.openexchange.authentication.oauth.clientId: "opendesk-oxappsuite"
|
|
||||||
com.openexchange.authentication.oauth.tokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
|
||||||
com.openexchange.authentication.oauth.clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
|
||||||
# MAIL
|
# MAIL
|
||||||
com.openexchange.mail.authType: "xoauth2"
|
com.openexchange.mail.authType: "xoauth2"
|
||||||
com.openexchange.mail.loginSource: "mail"
|
com.openexchange.mail.loginSource: "mail"
|
||||||
@@ -398,6 +386,15 @@ appsuite:
|
|||||||
# http = (await import('./io.ox/core/http.js')).default
|
# http = (await import('./io.ox/core/http.js')).default
|
||||||
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
|
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
|
||||||
com.openexchange.smime.test: "true"
|
com.openexchange.smime.test: "true"
|
||||||
|
# DAV
|
||||||
|
{{- if .Values.functional.groupware.davSupport.enabled }}
|
||||||
|
com.openexchange.caldav.enabled: "true"
|
||||||
|
com.openexchange.caldav.url: {{ printf "https://%s.%s/caldav/[folderId]" .Values.global.hosts.openxchangeDav .Values.global.domain }}
|
||||||
|
com.openexchange.carddav.enabled: "true"
|
||||||
|
com.openexchange.carddav.url: {{ printf "https://%s.%s/carddav/[folderId]" .Values.global.hosts.openxchangeDav .Values.global.domain }}
|
||||||
|
com.openexchange.client.onboarding.caldav.url: {{ printf "https://%s.%s/" .Values.global.hosts.openxchangeDav .Values.global.domain }}
|
||||||
|
com.openexchange.client.onboarding.carddav.url: {{ printf "https://%s.%s/" .Values.global.hosts.openxchangeDav .Values.global.domain }}
|
||||||
|
{{- end }}
|
||||||
# Other
|
# Other
|
||||||
com.openexchange.secret.secretSource: "\"<user-id> + '@' + <context-id> + '/' + <random>\""
|
com.openexchange.secret.secretSource: "\"<user-id> + '@' + <context-id> + '/' + <random>\""
|
||||||
{{- if .Values.certificate.selfSigned }}
|
{{- if .Values.certificate.selfSigned }}
|
||||||
|
|||||||
@@ -81,7 +81,7 @@ postfix:
|
|||||||
smtpdMilters: "inet:clamav-simple:7357"
|
smtpdMilters: "inet:clamav-simple:7357"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
virtualMailboxDomains: {{ if .Values.global.additionalMailDomains }}{{ printf "%s,%s" (.Values.global.mailDomain | default .Values.global.domain) .Values.global.additionalMailDomains }}{{ else }}{{ .Values.global.mailDomain | default .Values.global.domain | quote }}{{ end }}
|
virtualMailboxDomains: {{ toYaml (prepend .Values.global.additionalMailDomains (.Values.global.mailDomain | default .Values.global.domain) | uniq) | nindent 4 }}
|
||||||
virtualTransport: "lmtps:dovecot:24"
|
virtualTransport: "lmtps:dovecot:24"
|
||||||
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
|
|||||||
@@ -96,7 +96,7 @@ postfix:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
# Only deliver mail to Dovecot, if it is available
|
# Only deliver mail to Dovecot, if it is available
|
||||||
{{- if .Values.apps.oxAppSuite.enabled }}
|
{{- if .Values.apps.oxAppSuite.enabled }}
|
||||||
virtualMailboxDomains: {{ if .Values.global.additionalMailDomains }}{{ printf "%s,%s" (.Values.global.mailDomain | default .Values.global.domain) .Values.global.additionalMailDomains }}{{ else }}{{ .Values.global.mailDomain | default .Values.global.domain | quote }}{{ end }}
|
virtualMailboxDomains: {{ toYaml (prepend .Values.global.additionalMailDomains (.Values.global.mailDomain | default .Values.global.domain) | uniq) | nindent 4 }}
|
||||||
virtualTransport: "lmtps:dovecot:24"
|
virtualTransport: "lmtps:dovecot:24"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
|||||||
@@ -18,8 +18,8 @@ containerSecurityContext:
|
|||||||
- "ALL"
|
- "ALL"
|
||||||
enabled: true
|
enabled: true
|
||||||
privileged: false
|
privileged: false
|
||||||
runAsUser: 1001
|
runAsUser: 70
|
||||||
runAsGroup: 1001
|
runAsGroup: 70
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: "RuntimeDefault"
|
type: "RuntimeDefault"
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
@@ -29,7 +29,7 @@ containerSecurityContext:
|
|||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
fsGroup: 1001
|
fsGroup: 70
|
||||||
fsGroupChangePolicy: "OnRootMismatch"
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
|
|
||||||
replicaCount: {{ .Values.replicas.postgres }}
|
replicaCount: {{ .Values.replicas.postgres }}
|
||||||
@@ -49,37 +49,77 @@ image:
|
|||||||
job:
|
job:
|
||||||
users:
|
users:
|
||||||
- username: {{ .Values.databases.keycloak.username | quote }}
|
- username: {{ .Values.databases.keycloak.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.keycloakUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.keycloakUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.keycloak.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.keycloak.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
- username: {{ .Values.databases.notes.username | quote }}
|
- username: {{ .Values.databases.notes.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.notesUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.notesUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.notesUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.notesUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.notes.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.notes.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
- username: {{ .Values.databases.openproject.username | quote }}
|
- username: {{ .Values.databases.openproject.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.openprojectUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.openprojectUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.openproject.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.openproject.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
- username: {{ .Values.databases.keycloakExtension.username | quote }}
|
- username: {{ .Values.databases.keycloakExtension.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.keycloakExtensionUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.keycloakExtensionUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.keycloakExtension.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.keycloakExtension.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
- username: {{ .Values.databases.synapse.username | quote }}
|
- username: {{ .Values.databases.synapse.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.matrixUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.matrixUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
- username: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
- username: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.umsNotificationsApiUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.umsNotificationsApiUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.umsNotificationsApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.umsNotificationsApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
- username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
- username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.umsGuardianManagementApiUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.umsGuardianManagementApiUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.umsGuardianManagementApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.umsGuardianManagementApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
- username: {{ .Values.databases.umsSelfservice.username | quote }}
|
- username: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.umsSelfserviceUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.umsSelfserviceUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
|
||||||
- username: {{ .Values.databases.nextcloud.username | quote }}
|
- username: {{ .Values.databases.nextcloud.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.nextcloudUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.nextcloudUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.nextcloudUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.nextcloudUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ if eq .Values.databases.xwiki.type "postgresql" }}
|
{{ if eq .Values.databases.xwiki.type "postgresql" }}
|
||||||
- username: {{ .Values.databases.xwiki.username | quote }}
|
- username: {{ .Values.databases.xwiki.username | quote }}
|
||||||
password: {{ .Values.secrets.postgresql.xwikiUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.xwikiUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.xwikiUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.xwikiUser.key | quote }}
|
||||||
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
databases:
|
databases:
|
||||||
@@ -125,7 +165,11 @@ podAnnotations:
|
|||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
user: "postgres"
|
user: "postgres"
|
||||||
password: {{ .Values.secrets.postgresql.postgresUser | quote }}
|
password:
|
||||||
|
value: {{ .Values.secrets.postgresql.postgresUser | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.external_secrets.postgresql.postgresUser.name | quote }}
|
||||||
|
key: {{ .Values.external_secrets.postgresql.postgresUser.key | quote }}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
|
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
|
repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
|
||||||
name: "dovecot"
|
name: "dovecot"
|
||||||
version: "2.0.3"
|
version: "3.0.0"
|
||||||
verify: true
|
verify: true
|
||||||
oxAppSuite:
|
oxAppSuite:
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ images:
|
|||||||
collabora:
|
collabora:
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
|
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||||
tag: "24.04.13.3.1@sha256:7e9b63972415a5a8006ec6b7e904c2d78d9af467218ead7e578d0c8a5691f0bc"
|
tag: "24.04.13.4.1@sha256:4d4f88fa244280f6116b072a923ee7e5c183ab30ee9759952f9b6aa802802300"
|
||||||
dovecot:
|
dovecot:
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
|
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
|
||||||
|
|||||||
@@ -116,16 +116,7 @@ annotations:
|
|||||||
serviceAccount: ~
|
serviceAccount: ~
|
||||||
nextcloudNextcloudMgmt:
|
nextcloudNextcloudMgmt:
|
||||||
additional: ~
|
additional: ~
|
||||||
ingress: ~
|
|
||||||
pod: ~
|
pod: ~
|
||||||
service: ~
|
|
||||||
serviceAccount: ~
|
|
||||||
nextcloudNotifyPush:
|
|
||||||
additional: ~
|
|
||||||
ingress: ~
|
|
||||||
pod: ~
|
|
||||||
service: ~
|
|
||||||
serviceMetrics: ~
|
|
||||||
serviceAccount: ~
|
serviceAccount: ~
|
||||||
notes:
|
notes:
|
||||||
ingressAdmin: ~
|
ingressAdmin: ~
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
|
repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
|
||||||
name: "collabora-online"
|
name: "collabora-online"
|
||||||
version: "1.1.37"
|
version: "1.1.38"
|
||||||
verify: true
|
verify: true
|
||||||
collaboraController:
|
collaboraController:
|
||||||
# Enterprise Component
|
# Enterprise Component
|
||||||
@@ -99,7 +99,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
|
||||||
name: "dovecot"
|
name: "dovecot"
|
||||||
version: "2.0.0"
|
version: "3.0.0"
|
||||||
verify: true
|
verify: true
|
||||||
element:
|
element:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -241,7 +241,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/external/charts/bitnami-charts"
|
repository: "bmi/opendesk/components/external/charts/bitnami-charts"
|
||||||
name: "minio"
|
name: "minio"
|
||||||
version: "14.10.1"
|
version: "16.0.10"
|
||||||
verify: true
|
verify: true
|
||||||
nextcloud:
|
nextcloud:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -251,7 +251,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||||
name: "opendesk-nextcloud"
|
name: "opendesk-nextcloud"
|
||||||
version: "4.2.0-trossner-pn"
|
version: "4.1.0"
|
||||||
verify: true
|
verify: true
|
||||||
nextcloudManagement:
|
nextcloudManagement:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -261,17 +261,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||||
name: "opendesk-nextcloud-management"
|
name: "opendesk-nextcloud-management"
|
||||||
version: "4.2.0-trossner-pn"
|
version: "4.1.0"
|
||||||
verify: true
|
|
||||||
nextcloudNotifyPush:
|
|
||||||
# providerCategory: "Platform"
|
|
||||||
# providerResponsible: "openDesk"
|
|
||||||
# upstreamRegistry: "https://registry.opencode.de"
|
|
||||||
# packageName=bmi/opendesk/components/platform-development/charts/opendesk-nextcloud/opendesk-nextcloud-notifypush
|
|
||||||
registry: "registry.opencode.de"
|
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
|
||||||
name: "opendesk-nextcloud-notifypush"
|
|
||||||
version: "4.2.0-trossner-pn"
|
|
||||||
verify: true
|
verify: true
|
||||||
nginx:
|
nginx:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
@@ -397,7 +387,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
|
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
|
||||||
name: "appsuite-public-sector"
|
name: "appsuite-public-sector"
|
||||||
version: "2.17.164"
|
version: "2.18.36"
|
||||||
verify: false
|
verify: false
|
||||||
oxAppSuiteBootstrap:
|
oxAppSuiteBootstrap:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -429,7 +419,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
|
||||||
name: "postfix"
|
name: "postfix"
|
||||||
version: "3.0.1"
|
version: "4.0.0"
|
||||||
verify: true
|
verify: true
|
||||||
postgresql:
|
postgresql:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
|
|||||||
@@ -46,9 +46,8 @@ customization:
|
|||||||
# migrations-pre
|
# migrations-pre
|
||||||
migrationsPre: {}
|
migrationsPre: {}
|
||||||
# nextcloud
|
# nextcloud
|
||||||
opendeskNextcloud: {}
|
|
||||||
opendeskNextcloudManagement: {}
|
opendeskNextcloudManagement: {}
|
||||||
opendeskNextcloudNotifyPush: {}
|
opendeskNextcloud: {}
|
||||||
# notes
|
# notes
|
||||||
notes: {}
|
notes: {}
|
||||||
# nubus
|
# nubus
|
||||||
|
|||||||
41
helmfile/environments/default/external_secrets.yaml.gotmpl
Normal file
41
helmfile/environments/default/external_secrets.yaml.gotmpl
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
{{/*
|
||||||
|
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/}}
|
||||||
|
---
|
||||||
|
external_secrets:
|
||||||
|
postgresql:
|
||||||
|
postgresUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
keycloakUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
keycloakExtensionUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
matrixUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
nextcloudUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
notesUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
openprojectUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
umsNotificationsApiUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
umsGuardianManagementApiUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
umsSelfserviceUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
xwikiUser:
|
||||||
|
name: ~
|
||||||
|
key: ~
|
||||||
|
...
|
||||||
@@ -144,6 +144,10 @@ functional:
|
|||||||
versions: "auto"
|
versions: "auto"
|
||||||
# yamllint enable rule:line-length
|
# yamllint enable rule:line-length
|
||||||
|
|
||||||
|
groupware:
|
||||||
|
davSupport:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
migration:
|
migration:
|
||||||
oxAppSuite:
|
oxAppSuite:
|
||||||
# Note: Only available in openDesk Enterprise.
|
# Note: Only available in openDesk Enterprise.
|
||||||
|
|||||||
@@ -3,5 +3,5 @@
|
|||||||
---
|
---
|
||||||
global:
|
global:
|
||||||
systemInformation:
|
systemInformation:
|
||||||
releaseVersion: "v1.3.1"
|
releaseVersion: "v1.3.3"
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ global:
|
|||||||
|
|
||||||
## Define additional mail domains, comma separated, e.g. domain1.de,domain2.de
|
## Define additional mail domains, comma separated, e.g. domain1.de,domain2.de
|
||||||
#
|
#
|
||||||
additionalMailDomains: ""
|
additionalMailDomains: []
|
||||||
|
|
||||||
## Define synapse host
|
## Define synapse host
|
||||||
## If this is unset the "domain" value above should be used in all references
|
## If this is unset the "domain" value above should be used in all references
|
||||||
@@ -55,6 +55,7 @@ global:
|
|||||||
nubus: "portal"
|
nubus: "portal"
|
||||||
openproject: "projects"
|
openproject: "projects"
|
||||||
openxchange: "webmail"
|
openxchange: "webmail"
|
||||||
|
openxchangeDav: "dav"
|
||||||
static: "static"
|
static: "static"
|
||||||
synapse: "matrix"
|
synapse: "matrix"
|
||||||
synapseAdmin: "synapse-admin"
|
synapseAdmin: "synapse-admin"
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ images:
|
|||||||
# upstreamRepository: "bitnami/os-shell"
|
# upstreamRepository: "bitnami/os-shell"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "bitnami/os-shell"
|
repository: "bitnami/os-shell"
|
||||||
tag: "12-debian-12-r34@sha256:41e0561b0f08011c24acc5e8ad4c0d09a36062cfab35d9ec7b3fdd4cfecc01e0"
|
tag: "12-debian-12-r44@sha256:6388c7c27a09472906e2f2094410c9ffdadf23b4b242293ce023d0314ec10920"
|
||||||
cassandra:
|
cassandra:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -20,7 +20,7 @@ images:
|
|||||||
# upstreamRepository: "bitnami/cassandra"
|
# upstreamRepository: "bitnami/cassandra"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "bitnami/cassandra"
|
repository: "bitnami/cassandra"
|
||||||
tag: "5.0.2-debian-12-r1@sha256:9f5fd6fe3a24b7e5ea215a99a0e0d6a10d11a914d6eb8c511780271a9097f5ea"
|
tag: "5.0.4-debian-12-r3@sha256:af57aa07f866673d4f605bc555e2699dfa7615de216d6a2d0cc607c81831ec2f"
|
||||||
cassandraExporter:
|
cassandraExporter:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -28,7 +28,7 @@ images:
|
|||||||
# upstreamRepository: "bitnami/cassandra-exporter"
|
# upstreamRepository: "bitnami/cassandra-exporter"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "bitnami/cassandra-exporter"
|
repository: "bitnami/cassandra-exporter"
|
||||||
tag: "2.3.8-debian-12-r31@sha256:ae861f6c8712dd32c2304c680e4564802df689a62dc4aed2f4e7cfcbba8a8051"
|
tag: "2.3.8-debian-12-r46@sha256:e44c65f08d85153041f68bcf180f948341d74018eef8b56e8869ed87fdfd34f0"
|
||||||
clamd:
|
clamd:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -36,7 +36,7 @@ images:
|
|||||||
# upstreamRepository: "clamav/clamav"
|
# upstreamRepository: "clamav/clamav"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "clamav/clamav"
|
repository: "clamav/clamav"
|
||||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
tag: "1.4.2-38_base@sha256:e7d108f30ea8f16935dbd12e4b58665f1bc148ce3dd59028cf04088330216910"
|
||||||
collabora:
|
collabora:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Collabora"
|
# providerResponsible: "Collabora"
|
||||||
@@ -44,7 +44,7 @@ images:
|
|||||||
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||||
tag: "24.04.13.3.1@sha256:f04a31d72b2b12b530b4e88b3ecb81eb96ebd98112515db59499ff71a4ec905f"
|
tag: "24.04.14.3.1@sha256:b7085475740a4e92ad3611d52808b6d822478e52286d18d3272a9b685e049464"
|
||||||
collaboraController:
|
collaboraController:
|
||||||
# Enterprise Component
|
# Enterprise Component
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
@@ -84,7 +84,7 @@ images:
|
|||||||
# upstreamRepository: "alpine/k8s"
|
# upstreamRepository: "alpine/k8s"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "alpine/k8s"
|
repository: "alpine/k8s"
|
||||||
tag: "1.32.3@sha256:eec3541331932d8613ce7b3283508063cba7f704302e9b4eda45e49b38a2a0f9"
|
tag: "1.33.0@sha256:60333a52c38e9a8df0a9b93a5a24a4870f0db2c7ea3266b185386bd0a500d7dc"
|
||||||
element:
|
element:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Element"
|
# providerResponsible: "Element"
|
||||||
@@ -108,13 +108,6 @@ images:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/groupsync"
|
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/groupsync"
|
||||||
tag: "v0.14.0@sha256:a8cee92b9035d8cc80cc13194e4e0118c7dfbfcbc4c0ee5ac173582d0cd55846"
|
tag: "v0.14.0@sha256:a8cee92b9035d8cc80cc13194e4e0118c7dfbfcbc4c0ee5ac173582d0cd55846"
|
||||||
elementHaProxy:
|
|
||||||
# Enterprise Component
|
|
||||||
# providerCategory: "Supplier"
|
|
||||||
# providerResponsible: "Element"
|
|
||||||
registry: "registry.opencode.de"
|
|
||||||
repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/haproxy"
|
|
||||||
tag: "3.0-alpine@sha256:c22c8710886104a48b920306f063401f0d11811858e3c6b9d87d88a7556b2e61"
|
|
||||||
elementPipe:
|
elementPipe:
|
||||||
# Enterprise Component
|
# Enterprise Component
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
@@ -143,7 +136,7 @@ images:
|
|||||||
# upstreamRepository: "clamav/clamav"
|
# upstreamRepository: "clamav/clamav"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "clamav/clamav"
|
repository: "clamav/clamav"
|
||||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
tag: "1.4.2-38_base@sha256:e7d108f30ea8f16935dbd12e4b58665f1bc148ce3dd59028cf04088330216910"
|
||||||
icap:
|
icap:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -237,7 +230,7 @@ images:
|
|||||||
# upstreamRepository: "library/mariadb"
|
# upstreamRepository: "library/mariadb"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "library/mariadb"
|
repository: "library/mariadb"
|
||||||
tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
|
tag: "10.6.21@sha256:8a16204dc96c08ed0ee2c52c0f9324aa5d2dd0e43ad23a471d447a39f75765b5"
|
||||||
matrixNeoBoardWidget:
|
matrixNeoBoardWidget:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Nordeck"
|
# providerResponsible: "Nordeck"
|
||||||
@@ -295,7 +288,7 @@ images:
|
|||||||
# upstreamRepository: "bitnami/memcached"
|
# upstreamRepository: "bitnami/memcached"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "bitnami/memcached"
|
repository: "bitnami/memcached"
|
||||||
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"
|
tag: "1.6.38-debian-12-r3@sha256:3e548fba727578be9d996262471f5f3e07726d625702d26743a5e0f34684cb21"
|
||||||
migrations:
|
migrations:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -311,7 +304,7 @@ images:
|
|||||||
# upstreamRepository: "clamav/clamav"
|
# upstreamRepository: "clamav/clamav"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "clamav/clamav"
|
repository: "clamav/clamav"
|
||||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
tag: "1.4.2-38_base@sha256:e7d108f30ea8f16935dbd12e4b58665f1bc148ce3dd59028cf04088330216910"
|
||||||
minio:
|
minio:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -319,7 +312,7 @@ images:
|
|||||||
# upstreamRepository: "bitnami/minio"
|
# upstreamRepository: "bitnami/minio"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "bitnami/minio"
|
repository: "bitnami/minio"
|
||||||
tag: "2024.12.13-debian-12-r0@sha256:2a258ab6876f6ed3cd5609836d065f20927955a2ae721fd9edde8ca388b52135"
|
tag: "2025.4.22-debian-12-r1@sha256:d7cd0e172c4cc0870f4bdc3142018e2a37be9acf04d68f386600daad427e0cab"
|
||||||
nextcloud:
|
nextcloud:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -327,7 +320,7 @@ images:
|
|||||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||||
tag: "2.5.0-trossner-pn@sha256:078f9ab0ab7c60ebd6d378f2c8a471a396a125eb164c411241b80a4a5f6a6761"
|
tag: "2.5.0@sha256:9457bc2116620e52dcd1f5f12f042090aa4cca2a3e4d5f64b7c84c232ca6bb63"
|
||||||
nextcloudExporter:
|
nextcloudExporter:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -343,7 +336,7 @@ images:
|
|||||||
# upstreamRepository: "nginxinc/nginx-s3-gateway"
|
# upstreamRepository: "nginxinc/nginx-s3-gateway"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "nginxinc/nginx-s3-gateway"
|
repository: "nginxinc/nginx-s3-gateway"
|
||||||
tag: "unprivileged-oss-20241111@sha256:20d6b6ec5fc987b18c3e345de33674374a8335c593d6d0841ac64eb49ae2dea4"
|
tag: "unprivileged-oss-20250512@sha256:064d14fc64ba968bd8123f2f25e446e597cfc5170124879b3834deac1a6d69fd"
|
||||||
notesBackend:
|
notesBackend:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "DINUM"
|
# providerResponsible: "DINUM"
|
||||||
@@ -727,7 +720,7 @@ images:
|
|||||||
# upstreamRepository: "library/nginx"
|
# upstreamRepository: "library/nginx"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "library/nginx"
|
repository: "library/nginx"
|
||||||
tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4"
|
tag: "1.28.0-alpine3.21@sha256:aed99734248e851764f1f2146835ecad42b5f994081fa6631cc5d79240891ec9"
|
||||||
openproject:
|
openproject:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "OpenProject"
|
# providerResponsible: "OpenProject"
|
||||||
@@ -753,7 +746,7 @@ images:
|
|||||||
# upstreamRepository: "library/postgres"
|
# upstreamRepository: "library/postgres"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "library/postgres"
|
repository: "library/postgres"
|
||||||
tag: "16.8-alpine3.20@sha256:951d0626662c85a25e1ba0a89e64f314a2b99abced2c85b4423506249c2d82b0"
|
tag: "16.9-alpine3.20@sha256:e5507c984377515b8c9922b0eb19f55aba2063fdc7bccf268cefd53133f97054"
|
||||||
openxchangeBootstrap:
|
openxchangeBootstrap:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -761,7 +754,7 @@ images:
|
|||||||
# upstreamRepository: "alpine/k8s"
|
# upstreamRepository: "alpine/k8s"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "alpine/k8s"
|
repository: "alpine/k8s"
|
||||||
tag: "1.31.3@sha256:77812543abe5649b286d5f0dc17a7dbaa4056433225f6f695150f329cb4b6803"
|
tag: "1.33.0@sha256:60333a52c38e9a8df0a9b93a5a24a4870f0db2c7ea3266b185386bd0a500d7dc"
|
||||||
openxchangeCoreGuidedtours:
|
openxchangeCoreGuidedtours:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -771,7 +764,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "6", "0"]
|
# upstreamMirrorStartFrom: ["8", "6", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-guidedtours"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-guidedtours"
|
||||||
tag: "8.6.14@sha256:c00546144667d2d5036fa37b2e6185f1abb53c13e9eee7b0c78ec64ac8e5250a"
|
tag: "8.6.15@sha256:f8ea7b3f4003b518c43b12118980d26d1258396f55848af6a64e7a3e7e103c1d"
|
||||||
openxchangeCoreMW:
|
openxchangeCoreMW:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -781,7 +774,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "51"]
|
# upstreamMirrorStartFrom: ["8", "20", "51"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
|
||||||
tag: "8.35.83@sha256:5c4180c1ba255193059241921e6fe0a34555592aa29104a145a0e1beb91157d2"
|
tag: "8.36.51@sha256:db069f8e97f15081c6905f1c18fc1dde7a5b7a0caa9e61f80ea98e009339687b"
|
||||||
openxchangeCoreUI:
|
openxchangeCoreUI:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -791,7 +784,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "1"]
|
# upstreamMirrorStartFrom: ["8", "20", "1"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
|
||||||
tag: "8.35.2@sha256:658563b6ec4d3d5f2e06f2987cd8e730d91b8d0c65b0206495007d347f98965f"
|
tag: "8.36.2@sha256:3a718662355f64846fd99f515a325cf0bfe598eb3a2237bdce649bda0ea8f380"
|
||||||
openxchangeCoreUIMiddleware:
|
openxchangeCoreUIMiddleware:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -811,7 +804,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "799279"]
|
# upstreamMirrorStartFrom: ["8", "20", "799279"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
|
||||||
tag: "8.35.1292950@sha256:a6937222e3b07b42c7dc6a066aae0cd05b3b899325a4e4aee50ee91355c9b3b5"
|
tag: "8.36.1317070@sha256:7de0ced2a4d3f7ddb4bef3b001ae90e3b4a79d86b61ec5e767fe2d3068021558"
|
||||||
openxchangeDocumentConverter:
|
openxchangeDocumentConverter:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -821,7 +814,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
|
||||||
tag: "8.35.1671@sha256:0a7b9d7af9cd22562196b854ad11ca3fd477ddcc70f2ccd113e87ab3b7aad26c"
|
tag: "8.36.1706@sha256:6245f13f6f945121d1d224adab24090efbbe41510ee0de22ce0296c1e5059937"
|
||||||
openxchangeGotenberg:
|
openxchangeGotenberg:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -841,7 +834,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["4", "2", "2"]
|
# upstreamMirrorStartFrom: ["4", "2", "2"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/guard-ui"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/guard-ui"
|
||||||
tag: "8.32.0@sha256:5c9542f9112882e46c3b8cb6f0ca2bef61585abac0e640a4fafa7d7ef60a392b"
|
tag: "8.33.2@sha256:920b5ac87128f30c176c0ae75c6bedd32d226a97c6c5a822235606c39992ee9a"
|
||||||
openxchangeImageConverter:
|
openxchangeImageConverter:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -851,7 +844,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
|
||||||
tag: "8.35.77@sha256:fb67cbaf0771ea6c18b5a1b94aaec9bf72b930227613e70535d382be58940372"
|
tag: "8.36.2042@sha256:ac358a10149901f944ca9a21f66a41f267ac5e33b6cce6d6f92309a44cdc0875"
|
||||||
openxchangeNextcloudIntegrationUI:
|
openxchangeNextcloudIntegrationUI:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -861,7 +854,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["1", "2", "0"]
|
# upstreamMirrorStartFrom: ["1", "2", "0"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/nextcloud-integration-ui"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/nextcloud-integration-ui"
|
||||||
tag: "1.4.0@sha256:4be267ab2dc8dbef6b8382e2de6b28f3851a7af7f68702f360d457898cb9011e"
|
tag: "1.4.1@sha256:423d596b52ab32778d7227d98ccc719f98395a00d95ff0bcac826665b59e1937"
|
||||||
openxchangePublicSectorUI:
|
openxchangePublicSectorUI:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Open-Xchange"
|
# providerResponsible: "Open-Xchange"
|
||||||
@@ -871,7 +864,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["2", "2", "1"]
|
# upstreamMirrorStartFrom: ["2", "2", "1"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/public-sector-ui"
|
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/public-sector-ui"
|
||||||
tag: "2.4.0@sha256:6513e948028ed98aca633d9943ef3be5fed890e4757eee6b527b7215206d2bd6"
|
tag: "2.4.1@sha256:c9f0f5425517e1740aaf9998c5944ce36ce26eda52329754e6b8ac733e2dacc5"
|
||||||
oxConnector:
|
oxConnector:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
@@ -889,7 +882,7 @@ images:
|
|||||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
|
# upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/images/postfix"
|
repository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||||
tag: "3.0.1@sha256:d2c6543b35b616ac3e6c8c27222d3154c0d35680813a8942ce0cc3fa9ea72a6d"
|
tag: "3.0.2@sha256:e65c6a70d2095a839c4337ef5dacefd42781641b7ac4dc202ff111881dae3716"
|
||||||
postfixBootstrap:
|
postfixBootstrap:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -897,7 +890,7 @@ images:
|
|||||||
# upstreamRepository: "alpine/k8s"
|
# upstreamRepository: "alpine/k8s"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "alpine/k8s"
|
repository: "alpine/k8s"
|
||||||
tag: "1.32.3@sha256:eec3541331932d8613ce7b3283508063cba7f704302e9b4eda45e49b38a2a0f9"
|
tag: "1.33.0@sha256:60333a52c38e9a8df0a9b93a5a24a4870f0db2c7ea3266b185386bd0a500d7dc"
|
||||||
postgresql:
|
postgresql:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "openDesk"
|
# providerResponsible: "openDesk"
|
||||||
@@ -905,7 +898,7 @@ images:
|
|||||||
# upstreamRepository: "library/postgres"
|
# upstreamRepository: "library/postgres"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "library/postgres"
|
repository: "library/postgres"
|
||||||
tag: "15.4-alpine3.18@sha256:f36c528a2dc8747ea40b4cb8578da69fa75c5063fd6a71dcea3e3b2a6404ff7b"
|
tag: "15.13-alpine3.20@sha256:f7de0e2497b9a3b027d41377606f94bb0140a034ed303f6de690aa77637bfbc9"
|
||||||
prosody:
|
prosody:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Nordeck"
|
# providerResponsible: "Nordeck"
|
||||||
@@ -923,7 +916,7 @@ images:
|
|||||||
# upstreamRepository: "bitnami/redis"
|
# upstreamRepository: "bitnami/redis"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "bitnami/redis"
|
repository: "bitnami/redis"
|
||||||
tag: "7.4.1-debian-12-r2@sha256:3cfa11e8fef45c006a101ed7cfaae2cdaed7a5167c8ada2a3f76a1de54488cd0"
|
tag: "7.4.3-debian-12-r0@sha256:a25b5d07a14ec13730022c7cd9bab6308d55ccd86b74af7315553c17be884889"
|
||||||
synapse:
|
synapse:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Element"
|
# providerResponsible: "Element"
|
||||||
@@ -933,7 +926,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["1", "91", "2"]
|
# upstreamMirrorStartFrom: ["1", "91", "2"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
|
repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
|
||||||
tag: "v1.127.1@sha256:0b0b933314ac9e1ba917a72c29d5b49c47828ab6e8df3aae3ac244ee947a89fc"
|
tag: "v1.129.0@sha256:13ac3293547d8c06e1e03fca4e02ef9a47f132acc2e2cdb4143a01495dd924cf"
|
||||||
synapseCreateUser:
|
synapseCreateUser:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "Nordeck"
|
# providerResponsible: "Nordeck"
|
||||||
@@ -941,7 +934,7 @@ images:
|
|||||||
# upstreamRepository: "alpine/k8s"
|
# upstreamRepository: "alpine/k8s"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "alpine/k8s"
|
repository: "alpine/k8s"
|
||||||
tag: "1.32.0@sha256:6d49f7f37ae5f4c07bfe46edb44e3d3b6896974d1b87da76d8aa8d6e23b4d619"
|
tag: "1.33.0@sha256:60333a52c38e9a8df0a9b93a5a24a4870f0db2c7ea3266b185386bd0a500d7dc"
|
||||||
synapseGuestModule:
|
synapseGuestModule:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Element"
|
# providerResponsible: "Element"
|
||||||
@@ -959,7 +952,7 @@ images:
|
|||||||
# upstreamRepository: "rapidfort/haproxy-official"
|
# upstreamRepository: "rapidfort/haproxy-official"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "rapidfort/haproxy-official"
|
repository: "rapidfort/haproxy-official"
|
||||||
tag: "2.6.15-bullseye@sha256:47b6ca4074347788cb414fbf3db35d0c51e9e47af33be46457f95c750540887c"
|
tag: "3.1.7-bookworm@sha256:ab50f196f66884f62fb379c40824036cd0dabb10df660097cff99b7ae22c2c44"
|
||||||
wellKnown:
|
wellKnown:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "Element"
|
# providerResponsible: "Element"
|
||||||
@@ -967,7 +960,7 @@ images:
|
|||||||
# upstreamRepository: "library/nginx"
|
# upstreamRepository: "library/nginx"
|
||||||
registry: "registry-1.docker.io"
|
registry: "registry-1.docker.io"
|
||||||
repository: "library/nginx"
|
repository: "library/nginx"
|
||||||
tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4"
|
tag: "1.28.0-alpine3.21@sha256:aed99734248e851764f1f2146835ecad42b5f994081fa6631cc5d79240891ec9"
|
||||||
xwikiMariadb:
|
xwikiMariadb:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "XWiki"
|
# providerResponsible: "XWiki"
|
||||||
|
|||||||
@@ -163,8 +163,6 @@ replicas:
|
|||||||
# -- component: Filestore (Nextcloud)
|
# -- component: Filestore (Nextcloud)
|
||||||
# -- scalable: true
|
# -- scalable: true
|
||||||
nextcloud: 1
|
nextcloud: 1
|
||||||
# -- scalable: tbd
|
|
||||||
nextcloudNotifyPush: 1
|
|
||||||
# -- scalable: true
|
# -- scalable: true
|
||||||
nextcloudExporter: 1
|
nextcloudExporter: 1
|
||||||
|
|
||||||
|
|||||||
@@ -276,13 +276,6 @@ resources:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "32Mi"
|
memory: "32Mi"
|
||||||
nextcloudNotifyPush:
|
|
||||||
limits:
|
|
||||||
cpu: 99
|
|
||||||
memory: "1Gi"
|
|
||||||
requests:
|
|
||||||
cpu: 0.1
|
|
||||||
memory: "512Mi"
|
|
||||||
nginxS3Gateway:
|
nginxS3Gateway:
|
||||||
limits:
|
limits:
|
||||||
cpu: 99
|
cpu: 99
|
||||||
|
|||||||
Reference in New Issue
Block a user