feat(nubus): Update chart to version 0.58.0-post-jbornhold-plain-nubus-2

fix(opendesk-keycloak-bootstrap): Client creation fix
Adjusts the configuration of the guardian related clientids.
2025-12-06 15:31:38 +01:00 · 2024-09-18 14:45:43 +00:00 · 2024-09-17 20:37:24 +02:00 · 2024-09-17 20:37:24 +02:00 · 2024-09-17 20:37:24 +02:00 · 2024-09-17 20:37:24 +02:00
15 changed files with 309 additions and 561 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -461,15 +461,11 @@ env-stop:
 .ums-default-password: &ums-default-password
  - |
    UMS_PASSWORDS=$( \
      kubectl -n ${NAMESPACE} get cm ums-stack-data-swp-data -o jsonpath='{.data.dev-test-users\.yaml}' \
      | yq '.properties.password' > passwords.txt \
    )
    DEFAULT_USER_PASSWORD=$( \
-      awk 'NR==1{print $1}' passwords.txt \
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.user_password}' | base64 -d \
    )
    DEFAULT_ADMIN_PASSWORD=$(
-      awk 'NR==3{print $1}' passwords.txt \
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.administrator_password}' | base64 -d \
    )
 run-tests:
--- a/helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl
@@ -5,7 +5,7 @@ repositories:
  # Intercom Service
  # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
  - name: "intercom-service-repo"
-    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    keyring: "../../files/gpg-pubkeys/univention-de.gpg"
    verify: {{ .Values.charts.intercomService.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
--- a/helmfile/apps/intercom-service/values.yaml.gotmpl
+++ b/helmfile/apps/intercom-service/values.yaml.gotmpl
@@ -72,6 +72,26 @@ ingress:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 provisioning:
  enabled: true
  config:
    nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
    keycloak:
      url: "http://ums-keycloak:8080/realms/{{ .Values.platform.realm }}/"
      username: "kcadmin"
      realm: {{ .Values.platform.realm | quote }}
      connection:
        host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
        baseUrl: "http://ums-keycloak:8080"
      credentialSecret:
        name: "ums-opendesk-keycloak-credentials"
        key: "admin_password"
    ics_client:
      clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
      credentialSecret:
        key: "ics_secret"
 podSecurityContext:
  enabled: true
  fsGroup: 1000
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -9,6 +9,9 @@ global:
    baseDn: {{ .Values.ldap.baseDn | quote }}
    domainName: {{ .Values.global.domain | quote }}
  domain: {{ .Values.global.domain | quote }}
  subDomains:
    portal: {{ .Values.global.hosts.nubus | quote }}
    keycloak: {{ .Values.global.hosts.keycloak | quote }}
  ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }}
  certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }}
  nubusMasterPassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }}
@@ -26,6 +29,30 @@ global:
    defaultUsers:
      defaultAdminPassword: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote}}
      defaultUserPassword: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote}}
      defaultAdministratorPassword: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote}}
    portalConsumer:
      minio:
        accessKey: {{ .Values.objectstores.nubus.username | quote }}
        secretKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
      provisioningApi:
        password: {{ .Values.secrets.nubus.portalConsumer.provisioningApiPassword | quote}}
    provisioning:
      api:
        adminPassword: {{ .Values.secrets.nubus.provisioning.api.adminPassword | quote}}
        natsPassword: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}}
        prefillPassword: {{ .Values.secrets.nubus.provisioning.api.prefillPassword | quote}}
        udmTransformerPassword: {{ .Values.secrets.nubus.provisioning.api.udmTransformerPassword | quote}}
      dispatcher:
        natsPassword: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}}
      nats:
        adminPassword: {{ .Values.secrets.nats.natsAdminPassword | quote}}
      prefill:
        natsPassword: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}}
      udmTransformer:
        natsPassword: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}}
    selfserviceConsumer:
      provisioningApi:
        password: {{ .Values.secrets.nubus.selfserviceConsumer.provisioningApiPassword | quote}}
  # -- Extensions to load. Add entries to load additional extensions into Nubus.
  extensions:
@@ -52,6 +79,62 @@ global:
        repository: {{ .Values.images.nubusPortalExtension.repository }}
        tag: {{ .Values.images.nubusPortalExtension.tag }}
        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
        imagePullPolicy: "IfNotPresent"
  configUcr:
    directory:
      manager:
        web:
          modules:
            users:
              user:
                add:
                  default: cn=openDesk User,cn=templates,cn=univention,{{ .Values.ldap.baseDn }}
                properties:
                  description:
                    syntax: TextArea
                  firstname:
                    required: "true"
                  mailPrimaryAddress:
                    required: "true"
                  username:
                    syntax: uid
                search:
                  autosearch: "False"
                wizard:
                  property:
                    invite:
                      default: "True"
                    overridePWLength:
                      default: "False"
                      visible: "False"
                    pwdChangeNextLogin:
                      default: "True"
                      visible: "False"
            wizard:
              disabled: "No"
    ucs:
      web:
        theme: light
    umc:
      cookie-banner:
        show: "false"
      login:
        password-complexity-message:
          de: "Das Passwort muss den folgenden Anforderungen entsprechen:<br><ul><li>Mindestlänge: 8 Zeichen</li></ul>Anmerkung: Wird befinden uns nicht in einer Produktivumgebung."
          en: "Password must comply with the following rules:<br><ul><li>Minimum length: 8 characters</li></ul>Note: We are in a non production (dev/test/demo) system."
      module:
        udm:
          oxmail:
            oxcontext:
              disabled: "True"
          portals:
            all:
              disabled: "True"
      self-service:
        passwordreset:
          token_validity_period: 172800
 ingress:
  certManager:
@@ -93,7 +176,13 @@ nubusGuardian:
  provisioning:
    enabled: false
    config:
      nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
      keycloak:
        realm: {{ .Values.platform.realm | quote }}
        username: "kcadmin"
        connection:
          host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
          baseUrl: "http://ums-keycloak:8080"
        credentialSecret:
          name: "ums-opendesk-keycloak-credentials"
          key: "admin_password"
@@ -197,13 +286,17 @@ nubusPortalFrontend:
      secretName: {{ .Values.ingress.tls.secretName | quote }}
 nubusPortalListener:
-  portalListener:
+  enabled: false
 nubusPortalConsumer:
  enabled: true
  portalConsumer:
    logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
    objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
    objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
-    objectStorageCredentialSecret:
+  provisioningApi:
-      name: "ums-portal-listener-minio-opendesk-credentials"
+    auth:
-      accessKeyKey: "access-key-id"
+      username: "portal-consumer"
      secretKeyKey: "secret-key-id"
 nubusPortalServer:
  portalServer:
@@ -229,15 +322,17 @@ nubusUdmRestApi:
    tls:
      secretName: {{ .Values.ingress.tls.secretName | quote }}
 # NOTE: disabled until the next update.
 nubusProvisioning:
  enabled: false
 nubusUdmListener:
  enabled: false
 nubusSelfServiceListener:
  enabled: true
-  selfserviceListener:
+
-    umcAdminUser: "default.admin"
+nubusUdmListener:
  enabled: true
 nubusSelfServiceListener:
  enabled: false
 nubusSelfServiceConsumer:
  enabled: true
 # Nubus services
 nubusStackDataUms:
@@ -248,7 +343,11 @@ nubusStackDataUms:
    umcMemcachedUsername: ""
    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
    umcHtmlTitle: "openDesk Portal"
-    installUmcPolicies: true
+    smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
    smtpPort: 25
    smtpUser: ""
    smtpStartTls: false
    ldapBase: {{ .Values.ldap.baseDn }}
  templateContext:
    portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }}
    portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }}
@@ -265,6 +364,7 @@ nubusStackDataUms:
        password: {{ $password | quote }}
        lastname: "LDAP-Search-User"
      {{- end }}
    ldapSystemUsers: []
    portaltileGroupUserStandard:
      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
@@ -286,44 +386,16 @@ nubusStackDataUms:
      - 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
    portaltileGroupLiveCollaboration:
      - 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
    systemInformation:
      enabled: {{ .Values.functional.admin.portal.deploymentInformation.enabled }}
      releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
      deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
  nubusUmcServer:
    memcached:
      auth:
        username: ""
 # TODO: Remove values when upstreaming fixes
 nubusStackDataSwp:
  stackDataSwp:
    {{- if .Values.functional.admin.portal.deploymentInformation.enabled }}
    systemInformation:
      deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
      releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
    {{- end }}
  stackDataContext:
    ldapSearchUsers:
      {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
      - username: {{ printf "ldapsearch_%s" $username | quote }}
        password: {{ $password | quote }}
        lastname: "LDAP-Search-User"
      {{- end }}
    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
    smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
    smtpPort: 25
    smtpUser: ""
    smtpStartTls: false
    ldapBase: {{ .Values.ldap.baseDn }}
    # FIXME: Should be templated correctly in the future
    portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }}
    portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }}
    portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain }}
    portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain }}
    portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
    portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain }}
    portalTitleDE: "openDesk Portal"
    portalTitleEN: "openDesk Portal"
    oxDefaultContext: "1"
 nubusUmcServer:
  postgresql:
    bundled: false
@@ -420,10 +492,6 @@ extraSecrets:
    stringData:
      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
  - name: "ums-portal-listener-minio-opendesk-credentials"
    stringData:
      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
  - name: "ums-umc-server-smtp-credentials-custom"
    stringData:
      password: ""
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -87,15 +87,29 @@ nubusKeycloakExtensions:
    resources:
      {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
-nubusPortalListener:
+nubusPortalConsumer:
  podAnnotations:
-    intents.otterize.com/service-name: "ums-portal-listener"
+    intents.otterize.com/service-name: "ums-portal-consumer"
-  replicaCount: {{ .Values.replicas.umsPortalListener }}
+  replicaCount: {{ .Values.replicas.umsPortalConsumer }}
  resources:
-    {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
+    {{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }}
  resourcesWaitForDependency:
    {{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }}
  persistence:
    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
-    size: {{ .Values.persistence.size.nubus.portalListener | quote }}
+    size: {{ .Values.persistence.size.nubus.portalConsumer | quote }}
 nubusPortalConsumer:
  podAnnotations:
    intents.otterize.com/service-name: "ums-portal-consumer"
  replicaCount: {{ .Values.replicas.umsPortalConsumer }}
  resources:
    {{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }}
  resourcesWaitForDependency:
    {{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }}
  persistence:
    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
    size: {{ .Values.persistence.size.nubus.portalConsumer | quote }}
 nubusPortalServer:
  additionalAnnotations:
@@ -152,18 +166,12 @@ nubusStackDataUms:
  resources:
    {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
-nubusStackDataSwp:
+nubusSelfServiceConsumer:
  additionalAnnotations:
    intents.otterize.com/service-name: "ums-stack-data-swp"
  resources:
    {{ .Values.resources.umsStackDataSwp | toYaml | nindent 4 }}
 nubusSelfServiceListener:
  podAnnotations:
    intents.otterize.com/service-name: "ums-selfservice-listener"
  resources:
-    {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }}
+    {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
-  replicaCount: {{ .Values.replicas.umsSelfserviceListener }}
+  replicaCount: {{ .Values.replicas.umsSelfserviceConsumer }}
 nubusUdmRestApi:
  additionalAnnotations:
--- a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
@@ -51,15 +51,6 @@ nubusLdapServer:
      repository: {{ .Values.images.nubusWaitForDependency.repository }}
      tag: {{ .Values.images.nubusWaitForDependency.tag }}
 nubusPortalConsumer:
  portalConsumer:
    image:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
      repository: {{ .Values.images.nubusPortalConsumer.repository }}
      tag: {{ .Values.images.nubusPortalConsumer.tag }}
 nubusNotificationsApi:
  image:
    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
@@ -72,11 +63,12 @@ nubusPortalFrontend:
    repository: {{ .Values.images.nubusPortalFrontend.repository }}
    tag: {{ .Values.images.nubusPortalFrontend.tag }}
-nubusPortalListener:
+nubusPortalConsumer:
-  image:
+  portalConsumer:
-    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalListener.registry | quote }}
+    image:
-    repository: {{ .Values.images.nubusPortalListener.repository }}
+      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
-    tag: {{ .Values.images.nubusPortalListener.tag }}
+      repository: {{ .Values.images.nubusPortalConsumer.repository }}
      tag: {{ .Values.images.nubusPortalConsumer.tag }}
  waitForDependency:
    image:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
@@ -151,11 +143,6 @@ nubusUdmListener:
    tag: {{ .Values.images.nubusProvisioningUdmListener.tag }}
 nubusSelfServiceListener:
  selfserviceListener:
    image:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfserviceListener.registry | quote }}
      repository: {{ .Values.images.nubusSelfserviceListener.repository }}
      tag: {{ .Values.images.nubusSelfserviceListener.tag }}
  selfserviceInvitation:
    image:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfserviceInvitation.registry | quote }}
@@ -225,9 +212,3 @@ nubusStackDataUms:
    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
    repository: {{ .Values.images.nubusDataLoader.repository }}
    tag: {{ .Values.images.nubusDataLoader.tag }}
 nubusStackDataSwp:
  image:
    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
    repository: {{ .Values.images.nubusDataLoader.repository }}
    tag: {{ .Values.images.nubusDataLoader.tag }}
--- a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
@@ -29,7 +29,7 @@ config:
  managed:
    clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list', 'offline_access', 'roles', 'address', 'phone' ]
    # 'guardian-management-api', 'guardian-scripts', 'guardian-ui' clients have been added explicitly for the moment (see further down this file)
-    clients: [ 'UMC', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
+    clients: [ 'opendesk-intercom', 'guardian-management-api', 'guardian-scripts', 'guardian-ui', 'UMC', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
  keycloak:
    adminUser: "kcadmin"
    adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
@@ -389,60 +389,6 @@ config:
          backchannel.logout.session.required: false
        defaultClientScopes:
          - "opendesk-dovecot-scope"
      - name: "opendesk-intercom"
        clientId: "opendesk-intercom"
        protocol: "openid-connect"
        clientAuthenticatorType: "client-secret"
        secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
        redirectUris:
          - "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
        consentRequired: false
        frontchannelLogout: false
        publicClient: false
        authorizationServicesEnabled: false
        attributes:
          backchannel.logout.session.required: true
          backchannel.logout.revoke.offline.tokens: true
          backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
        protocolMappers:
          - name: "intercom-audience"
            protocol: "openid-connect"
            protocolMapper: "oidc-audience-mapper"
            consentRequired: false
            config:
              included.client.audience: "opendesk-intercom"
              id.token.claim: false
              access.token.claim: true
          # temporary additional claim while entryuuid is a hardcoded attribute in IntercomService and we cannot set
          # it to `opendesk_useruuid` standard claim. For reference:
          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/app.js#L89
          - name: "entryuuid_temp"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "entryUUID"
              id.token.claim: true
              access.token.claim: true
              claim.name: "entryuuid"
              jsonType.label: "String"
          # temporary additional claim while phoenixusername is a hardcoded attribute in IntercomService and we cannot
          # set it to `opendesk_username` standard claim. For reference:
          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/routes/navigation.js#L27
          - name: "phoenixusername_temp"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "uid"
              id.token.claim: true
              access.token.claim: true
              claim.name: "phoenixusername"
              jsonType.label: "String"
        defaultClientScopes:
          - "offline_access"
      - name: "opendesk-jitsi"
        clientId: "opendesk-jitsi"
        protocol: "openid-connect"
@@ -571,296 +517,6 @@ config:
          post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        defaultClientScopes:
          - "opendesk-xwiki-scope"
      - name: "guardian-management-api"
        clientId: "guardian-management-api"
        rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        protocol: "openid-connect"
        publicClient: false
        clientAuthenticatorType: "client-secret"
        secret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
        redirectUris:
          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/guardian/*"
        fullScopeAllowed: true
        standardFlowEnabled: true
        implicitFlowEnabled: false
        directAccessGrantsEnabled: false
        serviceAccountsEnabled: true
        protocolMappers:
          - name: "Client Host"
            protocol: "openid-connect"
            protocolMapper: "oidc-usersessionmodel-note-mapper"
            consentRequired: false
            config:
              user.session.note: "clientHost"
              userinfo.token.claim: true
              id.token.claim: true
              access.token.claim: true
              claim.name: "clientHost"
              jsonType.label: "String"
          - name: "Client ID"
            protocol: "openid-connect"
            protocolMapper: "oidc-usersessionmodel-note-mapper"
            consentRequired: false
            config:
              user.session.note: "client_id"
              userinfo.token.claim: true
              id.token.claim: true
              access.token.claim: true
              claim.name: "client_id"
              jsonType.label: "String"
          - name: "guardian-audience"
            protocol: "openid-connect"
            protocolMapper: "oidc-audience-mapper"
            consentRequired: false
            config:
              included.client.audience: "guardian"
              userinfo.token.claim: false
              id.token.claim: false
              access.token.claim: true
          - name: "audiencemap"
            protocol: "openid-connect"
            protocolMapper: "oidc-audience-mapper"
            consentRequired: false
            config:
              included.client.audience: "guardian-cli"
              userinfo.token.claim: true
              id.token.claim: true
              access.token.claim: true
          - name: "dn"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: false
              user.attribute: "LDAP_ENTRY_DN"
              id.token.claim: false
              access.token.claim: true
              claim.name: "dn"
              jsonType.label: "String"
          - name: "username"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-property-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "username"
              id.token.claim: true
              access.token.claim: true
              claim.name: "preferred_username"
              jsonType.label: "String"
          - name: "uid"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "uid"
              id.token.claim: true
              access.token.claim: true
              claim.name: "uid"
              jsonType.label: "String"
          - name: "email"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-property-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "email"
              id.token.claim: true
              access.token.claim: true
              claim.name: "email"
              jsonType.label: "String"
          - name: "Client IP Address"
            protocol: "openid-connect"
            protocolMapper: "oidc-usersessionmodel-note-mapper"
            consentRequired: false
            config:
              user.session.note: "clientAddress"
              userinfo.token.claim: true
              id.token.claim: true
              access.token.claim: true
              claim.name: "clientAddress"
              jsonType.label: "String"
      - name: "guardian-scripts"
        clientId: "guardian-scripts"
        description: ""
        rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        adminUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        surrogateAuthRequired: false
        enabled: true
        alwaysDisplayInConsole: false
        clientAuthenticatorType: "client-secret"
        redirectUris:
          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/guardian/*"
          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/guardian/*"
        webOrigins:
          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        bearerOnly: false
        consentRequired: false
        standardFlowEnabled: true
        implicitFlowEnabled: false
        directAccessGrantsEnabled: true
        serviceAccountsEnabled: false
        publicClient: true
        frontchannelLogout: false
        protocol: "openid-connect"
        fullScopeAllowed: true
        protocolMappers:
          - name: "email"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-property-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "email"
              id.token.claim: true
              access.token.claim: true
              claim.name: "email"
              jsonType.label: "String"
          - name: "guardian-audience"
            protocol: "openid-connect"
            protocolMapper: "oidc-audience-mapper"
            consentRequired: false
            config:
              included.client.audience: "guardian"
              id.token.claim: false
              access.token.claim: true
              userinfo.token.claim: false
          - name: "username"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-property-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "username"
              id.token.claim: true
              access.token.claim: true
              claim.name: "preferred_username"
              jsonType.label: "String"
          - name: "uid"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "uid"
              id.token.claim: true
              access.token.claim: true
              claim.name: "uid"
              jsonType.label: "String"
          - name: "audiencemap"
            protocol: "openid-connect"
            protocolMapper: "oidc-audience-mapper"
            consentRequired: false
            config:
              included.client.audience: "guardian-scripts"
              id.token.claim: true
              access.token.claim: true
              userinfo.token.claim: true
          - name: "dn"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              aggregate.attrs: false
              multivalued: false
              userinfo.token.claim: false
              user.attribute: "LDAP_ENTRY_DN"
              id.token.claim: false
              access.token.claim: true
              claim.name: "dn"
              jsonType.label: "String"
        defaultClientScopes:
          - "web-origins"
          - "acr"
          - "roles"
          - "profile"
          - "email"
        optionalClientScopes:
          - "address"
          - "phone"
          - "offline_access"
          - "microprofile-jwt"
      - name: "guardian-ui"
        clientId: "guardian-ui"
        rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
        clientAuthenticatorType: "client-secret"
        redirectUris:
          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/guardian/*"
        standardFlowEnabled: true
        publicClient: true
        implicitFlowEnabled: false
        directAccessGrantsEnabled: false
        serviceAccountsEnabled: false
        protocol: "openid-connect"
        fullScopeAllowed: true
        protocolMappers:
          - name: "uid"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "uid"
              id.token.claim: true
              access.token.claim: true
              claim.name: "uid"
              jsonType.label: "String"
          - name: "username"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-property-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "username"
              id.token.claim: true
              access.token.claim: true
              claim.name: "preferred_username"
              jsonType.label: "String"
          - name: "dn"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-attribute-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: "false"
              user.attribute: "LDAP_ENTRY_DN"
              id.token.claim: false
              access.token.claim: true
              claim.name: "dn"
              jsonType.label: "String"
          - name: "audiencemap"
            protocol: "openid-connect"
            protocolMapper: "oidc-audience-mapper"
            consentRequired: false
            config:
              included.client.audience: "guardian"
              id.token.claim: true
              access.token.claim: true
              userinfo.token.claim: true
          - name: "email"
            protocol: "openid-connect"
            protocolMapper: "oidc-usermodel-property-mapper"
            consentRequired: false
            config:
              userinfo.token.claim: true
              user.attribute: "email"
              id.token.claim: true
              access.token.claim: true
              claim.name: "email"
              jsonType.label: "String"
          - name: "guardian-audience"
            protocol: "openid-connect"
            protocolMapper: "oidc-audience-mapper"
            consentRequired: false
            config:
              included.client.audience: "guardian"
              id.token.claim: false
              access.token.claim: true
              userinfo.token.claim: false
 containerSecurityContext:
  allowPrivilegeEscalation: false
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -122,7 +122,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
    name: "intercom-service"
-    version: "2.0.1"
+    version: "2.1.1"
    verify: true
  jitsi:
    # providerCategory: "Platform"
@@ -261,10 +261,12 @@ charts:
    # upstreamRepository: "nubus/charts/nubus"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "19", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    # repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
    registry: "artifacts.software-univention.de"
    repository: "nubus-dev/charts"
    name: "nubus"
-    version: "0.39.2"
+    version: "0.58.0-post-jbornhold-plain-nubus-2"
    verify: true
  opendeskKeycloakBootstrap:
    # providerCategory: "Platform"
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -75,13 +75,13 @@ images:
  intercom:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
-    # upstreamRegistry: "https://quay.io"
+    # upstreamRegistry: "https://artifacts.software-univention.de"
-    # upstreamRepository: "univention/intercom-service"
+    # upstreamRepository: "nubus/images/intercom-service"
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "6"]
+    # upstreamMirrorStartFrom: ["2", "1", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
-    tag: "1.6@sha256:f32c1e52fa132e9dc6973e9f8ed36a98c5c3e0bcd51c60f9a683e7e528dd2306"
+    tag: "2.1.1@sha256:889b82681883b2cec1267a744f135f5b25a716de6ca584f7565ccd118b6f6c4f"
  jibri:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
@@ -269,9 +269,11 @@ images:
    # upstreamRepository: "nubus/images/data-loader"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "41", "5"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
-    tag: "0.61.0@sha256:598e9fa176c71a6da90ab200ca52abd88176c8cb22a1bf56fec9cd0daf58f58f"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/data-loader"
    tag: "0.70.0@sha256:d1d916f11d3b035eb95b46fbc3da2f9c797f89d3f3ac56b9ab1c89482413bac6"
  nubusGuardianAuthorizationApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -309,9 +311,11 @@ images:
    # upstreamRepository: "nubus/images/guardian-init"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "3", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
-    tag: "0.11.0@sha256:c691aecaf2074a9f1cc6ec5277a70792642bd677f0ff58a6278041b2d99c9d51"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/guardian-init"
    tag: "0.14.0@sha256:91613f123f7e46b321002d4b2b86c4635b79621376e513d4bea1bb1d01aa99f8"
  nubusKeycloak:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -321,7 +325,7 @@ images:
    # upstreamMirrorStartFrom: ["22", "0", "3"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-keycloak"
-    tag: "24.0.3-ucs1@sha256:cc66a1730abdd5abe88ac5cf045b6558f289bf1ae8d077ee884a42d785742f8b"
+    tag: "25.0.1-ucs1@sha256:61cb3e703672f6d8806af41bec8056ca84e295bbeb546fdb5349322d1174a43d"
  nubusKeycloakBootstrap:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -329,9 +333,11 @@ images:
    # upstreamRepository: "nubus/images/keycloak-bootstrap"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "1", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
-    tag: "0.1.2@sha256:ea462e3e40843215814bddae0668dc56102864d99127ad3c8d9816d741886ac0"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/keycloak-bootstrap"
    tag: "0.3.0@sha256:2911e8d5409f4e302b5c8c073cc6bf3f3622582e6eef43c63672ac4551712750"
  nubusKeycloakExtensionHandler:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -339,9 +345,11 @@ images:
    # upstreamRepository: "nubus/images/keycloak-handler"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
-    tag: "0.10.0@sha256:7aa5bac4821c9226fd74c6a2883f7c24d214b4610d516574866cf933ee1be080"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/keycloak-handler"
    tag: "0.11.0@sha256:aaba6527f37a7302cf54b0a689a1c11cb439bdc471e01d101726a05902714b9c"
  nubusKeycloakExtensionProxy:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -349,9 +357,11 @@ images:
    # upstreamRepository: "nubus/images/keycloak-proxy"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
-    tag: "0.10.0@sha256:a5f6ae65732f7fb9d7ceae11f1c412b109d230e197075d8a8e1d989c87a0309d"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/keycloak-proxy"
    tag: "0.11.0@sha256:9b2079ed4078daee00d95ac2de4d72497131e699b967943db5be1c655048edb0"
  nubusLdapNotifier:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -359,9 +369,11 @@ images:
    # upstreamRepository: "nubus/images/ldap-notifier"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "8", "2"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
-    tag: "0.20.0@sha256:d891fe11075740ff0fe1694b2c5fb72c43ac6d823904af8593e0ab359b9175e0"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/ldap-notifier"
    tag: "0.25.0@sha256:ff8993585cdae231ae442a9a23fe92cbe01e5ae8446293c7ce979f7bea70e009"
  nubusLdapServer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -369,9 +381,11 @@ images:
    # upstreamRepository: "nubus/images/ldap-server"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "8", "2"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
-    tag: "0.20.0@sha256:ad73addd9201378fd5c978ab6bfc64bbd23bb279fc065cade9cb2f8e48a9c85f"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/ldap-server"
    tag: "0.25.0@sha256:df1ac647bf1edc1a8ca730f95c39a2f7ed9acabe216851a4861b445be71e0aac"
  nubusLdapServerDhInitContainer:
    # providerCategory: 'Community'
    # providerResponsible: 'Univention'
@@ -413,7 +427,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "9", "4"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
-    tag: "0.33.0@sha256:0ddb81d4789b2f43b55ded46ff88db4b99a68e7b1006e35877f582aac875c9ad"
+    tag: "0.38.3@sha256:3b74617c6a8b68b086be8ab648bfffb08ba6ddb052ff0dcd4731c1bcc5a87a03"
  nubusOpendeskExtension:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -421,7 +435,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.2.1@sha256:479f072d8dd9fe445caa5fea4d882bf3aba24af0d22fc378a9839990c6f3a907"
+    tag: "1.5.0@sha256:2bfdf79028ec788162cf75bf80b08ed5aa3f747430bc85fd5e0427decc9994de"
  nubusOpenPolicyAgent:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -451,7 +465,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "27", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
-    tag: "0.32.0@sha256:7f38a8db34bfe67c9ad0711c0a2c615e278b20a1a7b66b77bd28faa339eaf897"
+    tag: "0.38.3@sha256:a4c7b57870aa7868174ef446f4212da1fc9f57d72c31dca245a5787699f2975b"
  nubusPortalExtension:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -461,7 +475,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "28", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
-    tag: "0.28.0@sha256:1ec467bebc402265e1c24b3d441c211faad1a025ded41afe8dd4687b7ad5a9a4"
+    tag: "0.38.0@sha256:aa6ec6b99810e05655d98fa1192bc2eabb855335f7a04aa4cd96ed5b5645d736"
  nubusPortalFrontend:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -471,17 +485,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "9", "4"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
-    tag: "0.33.0@sha256:9cce16009cc478ece11704521347fc4938a3ac5ee4570ac439dd50b08452a3ff"
+    tag: "0.38.3@sha256:514ff5117331d0b446944b252d993db547daad64062fcfaab8794bfb4f5290a3"
  nubusPortalListener:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
    # upstreamRegistry: "https://artifacts.software-univention.de"
    # upstreamRepository: "nubus/images/portal-listener"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "9", "4"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-listener"
    tag: "0.24.2@sha256:98306b30c99e190ece6633921d9d54297634b0e4ca58ceaf0794c7050f0b8470"
  nubusPortalServer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -491,7 +495,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "9", "4"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
-    tag: "0.33.1@sha256:82e9002786a9d1ec524c0f386838ac4ee1fa9a581b66d2e353ea57cc01e26a95"
+    tag: "0.38.3@sha256:0cd37fc82a7426013a1f93dcf4a72686f3b90b7532991dd1d50ae28cbca493e5"
  nubusProvisioningDispatcher:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -499,9 +503,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-dispatcher"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
-    tag: "0.36.0@sha256:34f03f48b4c9b470f9809b5fa6bfd6e96346e3f99ac0a2d7eaeac3cf9a4a633d"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/provisioning-dispatcher"
    tag: "0.40.0@sha256:1c28a404e9062b61d52e5dd0c070952bccbd9cabe5f61abf71b5316a4c94f902"
  nubusProvisioningEventsAndConsumerApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -509,9 +515,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-events-and-consumer-api"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
-    tag: "0.36.0@sha256:69dd2946e7b05384304eeeca50dea645d20f7658d225e7c532381c3bdf2027ce"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/provisioning-events-and-consumer-api"
    tag: "0.40.0@sha256:346e557312ffb7c5e5e93218e053f48254e86960bd40f31c82fd40e0b5962bb7"
  nubusProvisioningPrefill:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -519,9 +527,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-prefill"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
-    tag: "0.36.0@sha256:147406648848c068aacc2cb467633d51c65cddbcaa622c352e5fe5349bf92ce6"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/provisioning-prefill"
    tag: "0.40.0@sha256:23ff5613e6d1640d3b8c4e0124965ebed6cac1e9e0c3e4267fd335b5e8ec8dd2"
  nubusProvisioningUdmListener:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -529,9 +539,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-udm-listener"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
-    tag: "0.36.0@sha256:8a960db9ff94b3c8a63be1588e47ccc1f62f3071abdce7ee2ef89afbe2674eed"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/provisioning-udm-listener"
    tag: "0.40.0@sha256:6130820a4831c3d1f0aa36bc2016cdca3cb3f86487b101dc0a259aa309746bba"
  nubusProvisioningUdmTransformer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -539,9 +551,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-udm-transformer"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
-    tag: "0.36.0@sha256:8080b55e705391aa2ac9b11db11dc1f984b5626271b2f175bfe26967b857b06d"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/provisioning-udm-transformer"
    tag: "0.40.0@sha256:15d579733922b270553753c4a42ec4bec94f1ad4bce9e18a836e4c471c449548"
  nubusSelfserviceInvitation:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -549,19 +563,11 @@ images:
    # upstreamRepository: "nubus/images/selfservice-invitation"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "3", "2"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
-    tag: "0.6.5@sha256:5630c9df3da4134789d2ebafad7de9062375d21547a2074827b680debd7a909e"
+    registry: "artifacts.software-univention.de"
-  nubusSelfserviceListener:
+    repository: "nubus/images/selfservice-invitation"
-    # providerCategory: "Supplier"
+    tag: "0.8.0@sha256:b28809a3f82ef11ce4ba0ba0017b90afa18dd5b90d3e18f4983893da36d8c52b"
    # providerResponsible: "Univention"
    # upstreamRegistry: "https://artifacts.software-univention.de"
    # upstreamRepository: "nubus/images/selfservice-listener"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "3", "2"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener"
    tag: "0.6.5@sha256:a9724fd41cb89a9bdf231ea8699126d2d3503dc894fe9510a1e080ab8408838d"
  nubusUdmRestApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -569,9 +575,11 @@ images:
    # upstreamRepository: "nubus/images/udm-rest-api"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "9", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
-    tag: "0.21.0@sha256:f3d189dd0ca619778c907569ddedbdf8772fba26f26cf9e6b8cde2a62618da63"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/udm-rest-api"
    tag: "0.24.0@sha256:113251d8052f69ac0c7af721954d1711231ca72de1ce6565bb86cdadf53a0ad9"
  nubusUmcGateway:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -579,9 +587,11 @@ images:
    # upstreamRepository: "nubus/images/umc-gateway"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "7", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
-    tag: "0.27.1@sha256:50991e4b8e13fd1b1a07228192eadd1b43d8a3502aba16f129ee5ba794720392"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/umc-gateway"
    tag: "0.31.0@sha256:b852f2f902c5fd66e5d2961ff2f6e7813bef78c58a0deb38ecd320dc262bc7ee"
  nubusUmcServer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -589,9 +599,11 @@ images:
    # upstreamRepository: "nubus/images/umc-server"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "7", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
-    tag: "0.27.1@sha256:006680e0a7ffcec3119c85eb30eaa6bbf9b2df54a14dd3d41b6bb7ce71226557"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/umc-server"
    tag: "0.31.0@sha256:5b97efc2fc68f0ad55040de0b597d74231350469b5a52f4c8c79e9d0dd49d6ee"
  nubusWaitForDependency:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -599,9 +611,11 @@ images:
    # upstreamRepository: "nubus/images/wait-for-dependency"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
-    tag: "0.25.0@sha256:71a4d66fd67db6f92212b1936862b2b0d5a678d412213d74452a9195c2fe67f7"
+    registry: "artifacts.software-univention.de"
    repository: "nubus/images/wait-for-dependency"
    tag: "0.26.0"
  opendeskKeycloakBootstrap:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
--- a/helmfile/environments/default/persistence.yaml
+++ b/helmfile/environments/default/persistence.yaml
@@ -19,7 +19,6 @@ persistence:
    nubus:
      ldapServerData: "1Gi"
      ldapServerShared: "1Gi"
-      portalListener: "1Gi"
+      portalConsumer: "1Gi"
      selfserviceListener: "1Gi"
    xwiki: "1Gi"
 ...
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -93,12 +93,12 @@ replicas:
  umsNotificationsApi: 1
  # -- scalable: true
  umsPortalFrontend: 1
-  # -- scalable: tbd
+  # -- scalable: false
-  umsPortalListener: 1
+  umsPortalConsumer: 1
  # -- scalable: true
  umsPortalServer: 1
  # -- scalable: tbd
-  umsSelfserviceListener: 1
+  umsSelfserviceConsumer: 1
  # -- scalable: tbd
  umsStackGateway: 1
  # -- scalable: true
--- a/helmfile/environments/default/resources.yaml
+++ b/helmfile/environments/default/resources.yaml
@@ -471,14 +471,28 @@ resources:
    requests:
      cpu: 0.1
      memory: "256Mi"
-  umsPortalListener:
+  umsPortalConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
-  umsPortalListenerDependencies:
+  umsPortalConsumerDependencies:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsPortalConsumerDependencies:
    limits:
      cpu: 99
      memory: "1Gi"
@@ -527,7 +541,7 @@ resources:
    requests:
      cpu: 0.1
      memory: "256Mi"
-  umsSelfserviceListener:
+  umsSelfserviceConsumer:
    limits:
      cpu: 99
      memory: "1Gi"
@@ -548,13 +562,6 @@ resources:
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsStackDataSwp:
    limits:
      cpu: 99
      memory: "1Gi"
    requests:
      cpu: 0.1
      memory: "256Mi"
  umsStackGateway:
    limits:
      cpu: 99
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -34,21 +34,19 @@ secrets:
    systemAccounts:
      administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "Administrator" | sha1sum | quote }}
      sysIdpUserPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "sysIdpUser" | sha1sum | quote }}
-    storeDavUsers:
+    portalConsumer:
-      portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
+      provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-consumer" "provisioning-api" | sha1sum | quote }}
-      portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
+    selfserviceConsumer:
      provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "selfservice-consumer" "provisioning-api" | sha1sum | quote }}
    provisioning:
-      apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
+      api:
-      apiAdminNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "apiAdmin" "nats" | sha1sum | quote }}
+        adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }}
-      apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }}
+        natsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
-      dispatcherPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "dispatcher_service" | sha1sum | quote }}
+        prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }}
-      prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }}
+        udmTransformerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }}
      prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }}
      udmProducerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }}
      dispatcherNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "nats" | sha1sum | quote }}
-      dispatcherUdmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
+      prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }}
-      udmListenerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmlistener" "nats" | sha1sum | quote }}
+      udmTransformerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmTransformer" "nats" | sha1sum | quote }}
      udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
    guardian:
      udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
  nats:
--- a/helmfile/environments/default/selinux.yaml
+++ b/helmfile/environments/default/selinux.yaml
@@ -77,7 +77,7 @@ seLinuxOptions:
  umsNotificationsApi: ~
  umsOpenPolicyAgent: ~
  umsPortalFrontend: ~
-  umsPortalListener: ~
+  umsPortalConsumer: ~
  umsPortalServer: ~
  umsProvisioningDispatcher: ~
  umsProvisioningEventsAndConsumerApi: ~
@@ -86,7 +86,7 @@ seLinuxOptions:
  umsProvisioningNatsReloader: ~
  umsProvisioningUdmListener: ~
  umsSelfserviceInvitation: ~
-  umsSelfserviceListener: ~
+  umsSelfserviceConsumer: ~
  umsStackGateway: ~
  umsStoreDav: ~
  umsUdmRestApi: ~
--- a/helmfile/environments/test/values.yaml.gotmpl
+++ b/helmfile/environments/test/values.yaml.gotmpl
@@ -21,8 +21,7 @@ persistence:
    nubus:
      ldapServerData: "42Gi"
      ldapServerShared: "42Gi"
-      portalListener: "42Gi"
+      portalConsumer: "42Gi"
      selfserviceListener: "42Gi"
    postfix: "42Gi"
    postgresql: "42Gi"
    prosody: "42Gi"
@@ -91,9 +90,9 @@ replicas:
  umsLdapServer: 42
  umsNotificationsApi: 42
  umsPortalFrontend: 42
-  umsPortalListener: 42
+  umsPortalConsumer: 42
  umsPortalServer: 42
-  umsSelfserviceListener: 42
+  umsSelfserviceConsumer: 42
  umsStackGateway: 42
  umsUdmRestApi: 42
  umsUmcGateway: 42
Author	SHA1	Message	Date
Nubus CI Bot	e66f6990f9	feat(nubus): Update chart to version 0.58.0-post-jbornhold-plain-nubus-2	2024-09-18 14:45:43 +00:00
Juan Pedro Torres	4d05000539	fix(opendesk-keycloak-bootstrap): Client creation fix Adjusts the configuration of the guardian related clientids.	2024-09-17 20:37:24 +02:00
Johannes Bornhold	7d39434553	fix(nubus): Set opendesk-keycloak-bootstrap back to version 2.1.1 The changed chart is not needed.	2024-09-17 20:37:24 +02:00
Thorsten Roßner	03b755f9d3	fix(nubus): Add `opendesk-intercom` to the list of managed OIDC clients.	2024-09-17 20:37:24 +02:00
Jaime Conde	1589317755	fix(nubus): Update opendesk-nubus to version 1.5.0 This restores systemInformation.	2024-09-17 20:37:24 +02:00
Johannes Bornhold	06d5139f3d	fix(nubus): Update Nubus chart and images to version 0.57.3 This includes a fix in the portal-frontend which is needed in order to use the latest e2e test suite of Nubus.	2024-09-17 20:37:23 +02:00
Johannes Bornhold	62f384c5b3	fix(nubus): Remove commented out password policy related configuration	2024-09-17 20:37:23 +02:00
Johannes Bornhold	6d59d1d725	fix(nubus): Remove values related to stack-data-swp	2024-09-17 20:37:23 +02:00
Johannes Bornhold	fea73c2e85	fix(nubus): Cleanup whitespace	2024-09-17 20:37:23 +02:00
Johannes Bornhold	7f6d2a21a9	fix(nubus): Remove accidentally added values into stack-data-swp	2024-09-17 20:37:23 +02:00
Johannes Lohmer	9e0608531b	fix(nubus): Update chart and images to version 0.57.2	2024-09-17 20:37:23 +02:00
Johannes Bornhold	2ae0979ab3	fix(nubus): Configure "global.subDomains" based on "global.hosts"	2024-09-17 20:37:23 +02:00
Nubus CI Bot	d1195b7d05	feat(nubus): Update chart and images to version 0.56.1	2024-09-17 20:37:22 +02:00
Johannes Bornhold	6e1a9e7f9a	fix(ci): Correct the way how credentials for the RUN_TESTS job are extracted	2024-09-17 20:37:22 +02:00
Carlos García-Mauriño	1900be18e0	chore(nubus): Remove installUmcPolicies option	2024-09-17 20:37:22 +02:00
Johannes Bornhold	9d54fc5c3f	fix(nubus): Update images to match version 0.56.0	2024-09-17 20:37:22 +02:00
Carlos García-Mauriño	d4e2effe3b	feat(nubus): Upgrade nubus chart to 0.56.0	2024-09-17 20:37:22 +02:00
Nubus CI Bot	833d934aa4	feat(nubus): Update chart to version 0.54.1-pre-jlohmer-consumer-race-condition	2024-09-17 20:37:22 +02:00
Johannes Lohmer	89f737d461	fix(nubus): Clean up portal-listener and selfservice-listener artifacts	2024-09-17 20:37:22 +02:00
Johannes Lohmer	cbae40a177	fix(nubus): Use helmfile secrets in provisioning and remove unused secrets.	2024-09-17 20:37:22 +02:00
Johannes Lohmer	fc7e8c245d	feat(nubus): Activate Nubus Provisioning components and Consumers to replace portal-listener and selfservice-listener	2024-09-17 20:37:21 +02:00
Johannes Lohmer	c3ae7459aa	fix(nubus): Keep provisioning and consumers behind a feature-flag for easier merging This commit should be reverted once we are confident that provisioning and the consumers work as expected.	2024-09-17 20:37:21 +02:00
Johannes Lohmer	627ea96a43	fix(nubus): Update nubus provisioning and consumer configuration	2024-09-17 20:37:21 +02:00
Nubus CI Bot	1714a9d00c	feat(nubus): Update chart to version 0.51.0	2024-09-17 20:37:21 +02:00
Juan Pedro Torres	2f0213c527	feat(nubus): Bump chart version for default tiles removal	2024-09-17 20:37:21 +02:00
Johannes Bornhold	63e010d4cf	fix(nubus): Adjust keyring for intercom service	2024-09-17 20:37:21 +02:00
Nubus CI Bot	08f68f823e	feat(nubus): Integrate keycloak provisioning	2024-09-17 20:37:21 +02:00
Juan Pedro Torres	1f590c8e8f	feat(nubus): Bump chart version for default tiles removal	2024-09-17 20:37:21 +02:00
Nubus CI Bot	67f9b272b4	feat(nubus): Update chart to version 0.47.0	2024-09-17 20:37:20 +02:00
Jaime Conde	b698f3d992	fix(nubus): Map Administrator credentials	2024-09-17 20:37:20 +02:00
Jaime Conde	e2412e675b	fix(nubus): Univention Portal images	2024-09-17 20:37:20 +02:00
Nubus CI Bot	2d282a3fd0	feat(nubus): Update chart to version 0.45.0	2024-09-17 20:37:20 +02:00
Carlos García-Mauriño	7548717e9f	feat(nubus): Update charts and images	2024-09-17 20:37:20 +02:00
Carlos García-Mauriño	4c5b20e6f3	fix(nubus): Configure stackDataContext	2024-09-17 20:37:20 +02:00
Carlos García-Mauriño	c90704a1e9	feat(nubus): Add custom UCR values	2024-09-17 20:37:20 +02:00
Juan Pedro Torres	ff6cecee6b	fix(nubus): Cleanup values	2024-09-17 20:37:20 +02:00
Juan Pedro Torres	b4a72dadb0	feat(nubus): Upgrade Keycloak version	2024-09-17 20:37:19 +02:00
Juan Pedro Torres	9606e4e4d3	fix(nubus): Fix Keycloak init race condition	2024-09-17 20:37:19 +02:00
Juan Pedro Torres	2bdbe157d0	feat(nubus): Bump Nubus version to 0.41.0, readonly user from Nubus	2024-09-17 20:37:19 +02:00
Jaime Conde	c4dde1dbed	fix(nubus): Use Nubus LDAP server image	2024-09-17 20:37:19 +02:00
Nubus CI Bot	4c587ab26b	feat(nubus): Update ldap-server with umc-server license fix	2024-09-17 20:37:19 +02:00
Johannes Lohmer	4eef804c24	fix(nubus): Comments are not allowed in images.yaml	2024-09-17 20:37:19 +02:00
Johannes Lohmer	0d99ce9592	fix(nubus): Keep provisioning and consumers behind a feature-flag for easier merging This commit should be reverted once we are confident that provisioning and the consumers work as expected.	2024-09-17 20:37:19 +02:00
Johannes Lohmer	cd2e2cd712	fix(nubus): Update nubus provisioning and consumer configuration	2024-09-17 20:37:18 +02:00
Johannes Lohmer	be41ad9c1f	feat(nubus): Update nubus chart and images to version 0.39.2	2024-09-17 20:37:18 +02:00
Johannes Bornhold	81961a246c	fix(nubus): Disable certManager	2024-09-17 20:37:18 +02:00
Johannes Bornhold	780ca2df11	fix(nubus): Support "ingress.tls.secretName"	2024-09-17 20:37:18 +02:00