fix(open-xchange): Enable monitoring in Open-Xchange.

README.md

@@ -36,9 +36,9 @@ openDesk currently features the following functional main components:
 | Groupware            | OX App Suite                | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/)                | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
 | Knowledge management | XWiki                       | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
-| Project management   | OpenProject                 | [14.4.0](https://www.openproject.org/docs/release-notes/14-4-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
+| Project management   | OpenProject                 | [14.4.1](https://www.openproject.org/docs/release-notes/14-4-1/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.9646](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9646) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
-| Weboffice            | Collabora                   | [24.04.6.1.1](https://www.collaboraoffice.com/code-24-04-release-notes/)              | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
+| Weboffice            | Collabora                   | [24.04.6.2.1](https://www.collaboraoffice.com/code-24-04-release-notes/)              | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
 
 While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
 align the applications with best practices regarding container design and operations.

cspell.json

@@ -73,7 +73,8 @@
         "Addressbooks",
         "filestore",
         "trashbin",
-        "bootstrap"
+        "bootstrap",
+        "configurability"
     ],
     "ignoreWords": [],
     "import": []

docs/migrations.md

@@ -8,7 +8,11 @@ SPDX-License-Identifier: Apache-2.0
 * [Disclaimer](#disclaimer)
 * [Releases upgrades](#releases-upgrades)
   * [From v0.9.0](#from-v090)
+    * [Changed openDesk defaults](#changed-opendesk-defaults)
+      * [MatrixID localpart update](#matrixid-localpart-update)
+      * [Fileshare configurability](#fileshare-configurability)
     * [Automated migrations](#automated-migrations)
+      * [Local Postfix as Relay](#local-postfix-as-relay)
       * [Updated IAM component Nubus](#updated-iam-component-nubus)
         * [Manual cleanup](#manual-cleanup)
   * [From v0.8.1](#from-v081)
@@ -31,18 +35,80 @@ Limitations:
 
 ## From v0.9.0
 
+### Changed openDesk defaults
+
+#### MatrixID localpart update
+
+Until 0.9.0 openDesk used the LDAP entryUUID of a user to generate the user's MatrixID. Due to restrictions of the
+Matrix protocol an update of a MatrixID is not possible, therefore it was technically convenient to use the UUID
+as it is immutable (see https://de.wikipedia.org/wiki/Universally_Unique_Identifier for more details on UUIDs.)
+
+From the user experience perspective that was a bad approach, so from now on by default the username, that
+is also used for logging into openDesk, is used to define the localpart of the MatrixID.
+
+For existing installations: The changed setting only affects users that login to Element the first time. Existing
+user accounts will not be harmed. If you want existing users to get new MatrixIDs based on the new setting, you
+need to update their external ID in Synapse and deactivate the old user afterwards. The user will get a new
+Matrix account from the scratch, losing the existing contacts, chats and rooms.
+
+The following Admin API calls are helpful:
+- GET /_synapse/admin/v2/users/@<entryuuid>:<matrixdomain> get the user's existing external_id (auth_provider: "oidc")
+- PUT /_synapse/admin/v2/users/@<entryuuid>:<matrixdomain> update user's external_id with JSON payload:
+  `{ "external_ids": [ { "auth_provider": "oidc", "external_id": "<old_id>+deprecated" } ] }`
+- POST /_synapse/admin/v1/deactivate/@<entryuuid>:<matrixdomain> deactivate old user with JSON payload:
+  `{ "erase": true }`
+
+For more details check the Admin API documentation:
+https://element-hq.github.io/synapse/latest/usage/administration/admin_api/index.html
+
+You can enforce the old standard with the following setting:
+```
+functional:
+  chat:
+    matrix:
+      profile:
+        useImmutableIdentifierForLocalpart: true
+```
+
+#### Fileshare configurability
+
+We provide now some configurability regarding the sharing capabilities of the Nextcloud component.
+
+The new default is different from the standard until now. To keep the current state after the upgrade from 0.9.0 you have to provide the following settings:
+
+```
+functional:
+  filestore:
+    sharing:
+      # Enables sharing of files with external participants (create external links, send links by mail and allow external upload in shared folders).
+      enableExternalSharing: true
+      # Enforces passwords to be used on external shares.
+      enforceSharingPasswords: false
+```
+
 ### Automated migrations
 
+#### Local Postfix as Relay
+
+All components relay outgoing mails to the local Postfix. In order for the configuration to be picked up by all components the following restarts are triggered in the migrations `POST` stage:
+
+- Deployments:
+  - `opendesk-nextcloud-php`
+  - `ums-umc-server`
+- Stateful Sets:
+  - `ums-selfservice-listener`
+  - `opendesk-synapse`
+
 #### Updated IAM component Nubus
 
 openDesk is integrating the latest [Nubus](https://www.univention.de/produkte/nubus/) development from Univention. The now redundant and scalable LDAP requires migration activities. These have been automated to avoid manual interaction. The `run_2` of the openDesk
 upgrade migrations executes the following steps:
 
-- Stage PRE:
+- Stage `PRE`:
   - Delete service `ums-keycloak`, as it will be recreated headless.
   - Scale down `statefulset/ums-ldap-server` and `statefulset/ums-ldap-notifier` in preparation or the next step:
   - Create two new PVCs `shared-data-ums-ldap-server-primary-0` and `shared-data-ums-ldap-server-primary-1` for the new LDAP primary pods as copy from the existing `shared-data-ums-ldap-server-0`. The LDAP secondaries will sync from the primary nodes.
-- Stage POST:
+- Stage `POST`:
   - Restart Keycloak.
 
 ##### Manual cleanup

docs/monitoring.md

@@ -66,7 +66,8 @@ grafana:
 
 # Components
 
-| Component | Metrics (pod- or serviceMonitor)  | Alerts (prometheusRule) | Dashboard (Grafana) |
+| Component   | Metrics (pod- or serviceMonitor)  | Alerts (prometheusRule) | Dashboard (Grafana) |
-|:----------|-----------------------------------|-------------------------|---------------------|
+|:------------|-----------------------------------|-------------------------|---------------------|
-| Collabora | :white_check_mark:                | :white_check_mark:      | :white_check_mark:  |
+| Collabora   | :white_check_mark:                | :white_check_mark:      | :white_check_mark:  |
-| Nextcloud | :white_check_mark:                | :x:                     | :x:                 |
+| Nextcloud   | :white_check_mark:                | :x:                     | :x:                 |
+| OX Appsuite | :white_check_mark:                | :x:                     | :white_check_mark:  |

helmfile/apps/collabora/values.yaml.gotmpl

@@ -7,7 +7,7 @@ autoscaling:
   enabled: false
 
 collabora:
-  extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=0"
+  extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=0 --o:remote_font_config.url=https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/index.php/apps/richdocuments/settings/fonts.json"
   username: "collabora-internal-admin"
   password: {{ .Values.secrets.collabora.adminPassword | quote }}
   aliasgroups:

helmfile/apps/element/values-synapse.yaml.gotmpl

@@ -53,6 +53,9 @@ configuration:
     presence:
       enabled: {{ .Values.functional.dataProtection.matrixPresence.enabled }}
 
+    profile:
+      allowUsersToUpdateDisplayname: {{ .Values.functional.chat.matrix.profile.allowUsersToUpdateDisplayname }}
+
     smtp:
       senderAddress: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
       host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
@@ -66,6 +69,7 @@ configuration:
       clientId: "opendesk-matrix"
       clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
       issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
+      matrixIdLocalpart: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"opendesk_useruuid"{{ else }}"opendesk_username"{{ end }}
       scopes:
         - "openid"
         - "opendesk-matrix-scope"

helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl

@@ -73,6 +73,12 @@ configuration:
       value: "opendesk_username"
     password:
       value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
+  sharing:
+    allowLinks: {{ .Values.functional.filestore.sharing.enableExternalSharing }}
+    allowMailNotification: {{ .Values.functional.filestore.sharing.enableExternalSharing }}
+    allowPublicUpload: {{ .Values.functional.filestore.sharing.enableExternalSharing }}
+    enforceLinksPassword: {{ .Values.functional.filestore.sharing.enforceSharingPasswords }}
+    enforcePasswordProtection: {{ .Values.functional.filestore.sharing.enforceSharingPasswords }}
   smtp:
     auth:
       enabled: false

helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl

@@ -13,21 +13,25 @@ guardian:
   authorizationApi:
     podAnnotations:
       intents.otterize.com/service-name: "ums-guardian-authorization-api"
+    replicaCount: {{ .Values.replicas.umsGuardianAuthorizationApi }}
     resources:
       {{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }}
   managementApi:
     podAnnotations:
       intents.otterize.com/service-name: "ums-guardian-management-api"
+    replicaCount: {{ .Values.replicas.umsGuardianManagementApi }}
     resources:
       {{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }}
   managementUi:
     podAnnotations:
       intents.otterize.com/service-name: "ums-guardian-management-ui"
+    replicaCount: {{ .Values.replicas.umsGuardianManagementUi }}
     resources:
       {{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}#
   openPolicyAgent:
     podAnnotations:
       intents.otterize.com/service-name: "ums-ums-open-policy-agent"
+    replicaCount: {{ .Values.replicas.umsGuardianOpenPolicyAgent }}
     resources:
       {{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }}
   provisioning:

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -9,6 +9,9 @@ global:
     cookieHashSalt: {{ .Values.secrets.oxAppsuite.cookieHashSalt }}
     shareCryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey }}
     sessiondEncryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey }}
+  extras:
+    monitoring:
+      enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
   mysql:
     host: {{ .Values.databases.oxAppsuite.host | quote }}
     database: {{ .Values.databases.oxAppsuite.name | quote }}
@@ -26,6 +29,7 @@ nextcloud-integration-ui:
   {{- range .Values.global.imagePullSecrets }}
     - name: {{ . | quote }}
   {{- end }}
+  replicaCount: {{ .Values.replicas.openxchangeNextcloudIntegrationUI }}
   resources:
     {{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
   securityContext:
@@ -54,6 +58,7 @@ public-sector-ui:
     - name: {{ . | quote }}
   {{- end }}
   pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  replicaCount: {{ .Values.replicas.openxchangePublicSectorUI }}
   resources:
     {{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
   securityContext:
@@ -75,6 +80,11 @@ public-sector-ui:
 appsuite:
   appsuite-toolkit:
     enabled: false
+  extras:
+    monitoring:
+      serviceMonitor:
+        additionalLabels:
+          {{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 10 }}
   switchboard:
     enabled: false
   istio:
@@ -134,6 +144,7 @@ appsuite:
         repository: "{{ .Values.global.imageRegistry | default .Values.images.openxchangeGotenberg.registry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
         tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
         pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+      replicaCount: {{ .Values.replicas.openxchangeGotenberg }}
       resources:
         {{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
       securityContext:
@@ -356,6 +367,7 @@ appsuite:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . | quote }}
     {{- end }}
+    replicas: {{ .Values.replicas.openxchangeCoreMW }}
     resources:
       {{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
 
@@ -370,6 +382,7 @@ appsuite:
       repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
       tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
       pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    replicaCount: {{ .Values.replicas.openxchangeCoreUI }}
     resources:
       {{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
     securityContext:
@@ -404,6 +417,7 @@ appsuite:
       pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     overrides: {}
     redis: *redisConfiguration
+    replicaCount: {{ .Values.replicas.openxchangeCoreUIMiddleware }}
     resources:
       {{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
     updater:
@@ -441,6 +455,7 @@ appsuite:
       repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
       tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
     redis: *redisConfiguration
+    replicaCount: {{ .Values.replicas.openxchangeCoreDocumentConverter }}
     resources:
       {{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }}
     securityContext:
@@ -486,6 +501,7 @@ appsuite:
       repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
       tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
       pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    replicaCount: {{ .Values.replicas.openxchangeCoreGuidedtours }}
     resources:
       {{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
     securityContext:
@@ -520,6 +536,7 @@ appsuite:
           accessKey: "."
           secretKey: "."
     redis: *redisConfiguration
+    replicaCount: {{ .Values.replicas.openxchangeCoreImageConverter }}
     resources:
       {{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }}
     securityContext:
@@ -550,6 +567,7 @@ appsuite:
       repository: {{ .Values.images.openxchangeGuardUI.repository | quote }}
       tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
       pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    replicaCount: {{ .Values.replicas.openxchangeGuardUI }}
     resources:
       {{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
     securityContext:
@@ -580,6 +598,7 @@ appsuite:
     {{- range .Values.global.imagePullSecrets }}
       - name: {{ . | quote }}
     {{- end }}
+    replicaCount: {{ .Values.replicas.openxchangeCoreUserGuide }}
     resources:
       {{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
     securityContext:

helmfile/environments/default/charts.yaml

@@ -90,7 +90,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-element"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   elementWellKnown:
     # providerCategory: "Platform"
@@ -100,7 +100,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-well-known"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   home:
     # providerCategory: "Platform"
@@ -192,7 +192,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-matrix-user-verification-service"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   memcached:
     # providerCategory: "Community"
@@ -232,7 +232,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
-    version: "3.0.0"
+    version: "3.1.0"
     verify: true
   nextcloudManagement:
     # providerCategory: "Platform"
@@ -242,7 +242,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-management"
-    version: "3.0.0"
+    version: "3.1.0"
     verify: true
   nginx:
     # providerCategory: "Community"
@@ -380,7 +380,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   synapseCreateAccount:
     # providerCategory: "Platform"
@@ -390,7 +390,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-create-account"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   synapseWeb:
     # providerCategory: "Platform"
@@ -400,7 +400,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-web"
-    version: "3.3.2"
+    version: "3.4.0"
     verify: true
   xwiki:
     # providerCategory: "Supplier"

helmfile/environments/default/functional.yaml

@@ -34,6 +34,13 @@ functional:
     quota:
       # Set the default quota for all users in GB
       default: 1
+    # Options related to file sharing, changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s).
+    sharing:
+      # Enables sharing of files with external participants (create external links, send links by mail and allow external upload in shared folders).
+      # If you disable this option existing external shares stop working, when re-enabling it the old shares are available again.
+      enableExternalSharing: false
+      # Enforces passwords to be used on external shares.
+      enforceSharingPasswords: true
     # Nextcloud specific configuration
     nextcloud:
       retentionObligation:
@@ -52,4 +59,17 @@ functional:
       # Ref.: https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#presence
       enabled: false
 
+  chat:
+    matrix:
+      profile:
+        # Once connected with a user that user's MatrixID is rarely checked by their communication partners, as the
+        # display name is used to see whom they are communicating with. Not allowing users to change their
+        # own display name reduces the risk of identity fraud.
+        # To get the display name updated from the central identity and access management you have to have the Synapse
+        # enterprise feature "groupsync" configured.
+        allowUsersToUpdateDisplayname: true
+
+        # If the LDAP entryUUID should be used for the localpart of user's MatrixIDs following setting must be `true`.
+        useImmutableIdentifierForLocalpart: false
+
 ...

helmfile/environments/default/images.yaml

@@ -20,7 +20,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
-    tag: "24.04.6.1.1@sha256:6237af013065838be27faae69b26feec63de6de8412499285f5379d74fef7387"
+    tag: "24.04.6.2.1@sha256:7de9ac6ce5a256b0f74a56a4654acd851502dc9e3ed4d29949ba5642bacae308"
   cryptpad:
     # providerCategory: "Supplier"
     # providerResponsible: "XWiki"
@@ -237,7 +237,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2"
-    tag: "1.1.24@sha256:c9222da8be7af12c9076b41d1a14e019725afc075e1aaa2b727be21c1bf45f10"
+    tag: "1.2.0@sha256:f1c64bc7b9d1993a7c79ca73c1594fdea49ef4adf4ebe4286e01ccc1ad9290c7"
   nextcloudExporter:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -253,7 +253,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
-    tag: "1.4.4@sha256:b70c159d6a1827748ca1f8fe0b9fd5b011eaed8719172105e1e9c8b8d776cf97"
+    tag: "1.5.3@sha256:19f5354a951b043327906d8670c0466e2a00317ad0dd4b99d0edf882e213d22f"
   nextcloudPHP:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -261,7 +261,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
-    tag: "1.10.3@sha256:e659ab95d0d3a33d4937354449c12fa46fe2669a866bbf432a9d729bed6d54f7"
+    tag: "1.11.3@sha256:c88af69971e2b2b1ead90db69d6af3355be5309d6c91b2b6a18fac2c6781b760"
   nubusDataLoader:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -619,7 +619,7 @@ images:
     # upstreamMirrorStartFrom: ["13", "1", "1"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
-    tag: "14.4.0@sha256:0c1ee5467b5c7888f38eae88a712c2eec6c96995b85f09e0c27705c09f450a70"
+    tag: "14.4.1@sha256:40a2ff3f3a75b9792f93da07e80a730941f783abc7ae3c1a988c7904cbc1f2a4"
   openprojectBootstrap:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"

helmfile/environments/default/replicas.yaml

@@ -67,6 +67,14 @@ replicas:
   # -- scalable: false
   # -- comment: Will be removed soon.
   oxConnector: 1
+  # -- scalable: tbd
+  umsGuardianAuthorizationApi: 1
+  # -- scalable: tbd
+  umsGuardianManagementApi: 1
+  # -- scalable: tbd
+  umsGuardianManagementUi: 1
+  # -- scalable: tbd
+  umsGuardianOpenPolicyAgent: 1
   # -- scalable: false
   # -- comment: Should not be scaled, is an async process.
   umsKeycloakExtensionsHandler: 1
@@ -130,10 +138,34 @@ replicas:
   # -- component: Project management (OpenProject)
   # -- scalable: true
   openprojectWeb: 1
-  # -- scalable: tdb
+  # -- scalable: true
-  # -- comment: Async process that usually has no need for scaling
+  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). See [upstream Helm chart documentation](https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/) for details, as e.g. dedicated workers to specific queues are in general possible with OpenProject as well.Share 
   openprojectWorker: 1
 
+  # -- component: Groupware (OX Appsuite)
+  # -- scalable: tbd
+  openxchangeCoreDocumentConverter: 1
+  # -- scalable: tbd
+  openxchangeCoreGuidedtours: 1
+  # -- scalable: tbd
+  openxchangeCoreImageConverter: 1
+  # -- scalable: tbd
+  openxchangeCoreMW: 1
+  # -- scalable: tbd
+  openxchangeCoreUI: 1
+  # -- scalable: tbd
+  openxchangeCoreUIMiddleware: 1
+  # -- scalable: tbd
+  openxchangeCoreUserGuide: 1
+  # -- scalable: tbd
+  openxchangeGotenberg: 1
+  # -- scalable: tbd
+  openxchangeGuardUI: 1
+  # -- scalable: tbd
+  openxchangeNextcloudIntegrationUI: 1
+  # -- scalable: tbd
+  openxchangePublicSectorUI: 1
+
   # -- component: Knowledge management (XWiki)
   # -- scalable: false
   xwiki: 1

helmfile/environments/test/values.yaml.gotmpl

@@ -64,12 +64,27 @@ replicas:
   nextcloudPHP: 42
   openprojectWeb: 42
   openprojectWorker: 42
+  openxchangeCoreGuidedtours: 42
+  openxchangeCoreMW: 42
+  openxchangeCoreUI: 42
+  openxchangeCoreUIMiddleware: 42
+  openxchangeCoreUserGuide: 42
+  openxchangeDocumentConverter: 42
+  openxchangeGotenberg: 42
+  openxchangeGuardUI: 42
+  openxchangeImageConverter: 42
+  openxchangeNextcloudIntegrationUI: 42
+  openxchangePublicSectorUI: 42
   oxConnector: 42
   postfix: 42
   postgres: 42
   redis: 42
   synapse: 42
   synapseWeb: 42
+  umsGuardianAuthorizationApi: 42
+  umsGuardianManagementApi: 42
+  umsGuardianManagementUi: 42
+  umsGuardianOpenPolicyAgent: 42
   umsKeycloakExtensionsHandler: 42
   umsKeycloakExtensionsProxy: 42
   umsLdapNotifier: 42