feat(nubus): Update chart to version 0.39.1-post-jlohmer-manual-deploy-jobs

README.md

@@ -36,7 +36,7 @@ openDesk currently features the following functional main components:
 | Groupware            | OX App Suite                | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/)                | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
 | Knowledge management | XWiki                       | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
-| Project management   | OpenProject                 | [14.3.0](https://www.openproject.org/docs/release-notes/14-3-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
+| Project management   | OpenProject                 | [14.4.0](https://www.openproject.org/docs/release-notes/14-4-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.9646](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9646) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
 | Weboffice            | Collabora                   | [24.04.6.1.1](https://www.collaboraoffice.com/code-24-04-release-notes/)              | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
 

docs/debugging.md

@@ -52,7 +52,7 @@ Below you will find some wrap-up notes when it comes to debugging openDesk by ad
 
 You can add a container by editing and updating an existing deployment, which is quite comfortable with tools like [Lens](https://k8slens.dev/).
 
-- Select the container you want to make use of as debugging container, in the example below it's `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`.
+- Select the container you want to make use of as debugging container, in the example below it is `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`.
 - Ensure the `shareProcessNamespace` option is enabled for the Pod.
 - Reference the selected container within the `containers` array of the deployment.
 - In case you want to access another containers filesystem, ensure the user/group settings of both containers match.
@@ -121,7 +121,7 @@ Now you can add the ephemeral container with:
 ```
 kubectl -n ${NAMESPACE} debug -it --attach=false -c ${EPH_CONTAINER_NAME} --image={DEBUG_IMAGE} ${POD_NAME}
 ```
-and open it's interactive terminal with
+and open its interactive terminal with
 ```
 kubectl -n ${NAMESPACE} attach -it -c ${EPH_CONTAINER_NAME} ${POD_NAME}
 ```

docs/enhanced-configuration/separate-mail-matrix-domain.md

@@ -77,7 +77,7 @@ The following changes apply to the standard DNS:
 
 #### Content Security Policy
 
-The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to it's CSP header.
+The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to its CSP header.
 
 #### .well-known
 

docs/requirements.md

@@ -39,6 +39,8 @@ The following minimal requirements are thought for initial evaluation deployment
 | RAM  | 32 GB, more recommended                               |
 | Disk | HDD or SSD, >10 GB                                    |
 
+Check [`scaling.md`](./scaling.md) for more details on resource requirements and scalability.
+
 # Kubernetes
 
 Any self-hosted or managed K8s cluster >= 1.24 listed in

docs/scaling.md

@@ -7,55 +7,17 @@ SPDX-License-Identifier: Apache-2.0
 
 This document should cover the abilities to scale apps.
 
-<!-- TOC -->
+# Horizontal scalability
-* [Replicas](#replicas)
-<!-- TOC -->
 
-# Replicas
+We are working on generating this document automatically based on the file
+[`replicas.yaml`](../helmfile/environments/default/replicas.yaml) that contains necessary annotations.
+In the meantime this file can be used to check the components scaling support / capabilities.
 
-The Replicas can be increased of almost any component, but is only effective for high-availability or load-balancing for
+# Upstream information
-apps with a check-mark in `Scaling (effective)` column.
 
-Verified positive effects are marked with a check-mark in `Scaling (verified)` column, apps which are not yet tested are
+While scaling services horizontally is the ideal solution, information about vertical scaling is helpful
-marked with a gear.
+when it comes to defining the applications resources, see [`resources.yaml`](../helmfile/environments/default/resources.yaml) for references.
 
+Please find below links to the application's upstream resources about scaling:
 
-| Component                   | Name                                     | Scaling (effective) | Scaling (verified) |
+- [OpenProject system requirements](https://www.openproject.org/docs/installation-and-operations/system-requirements/)
-|-----------------------------|------------------------------------------|:-------------------:|:------------------:|
-| ClamAV                      | `replicas.clamav`                        | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.clamd`                         | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.freshclam`                     |         :x:         |        :x:         |
-|                             | `replicas.icap`                          | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.milter`                        | :white_check_mark:  | :white_check_mark: |
-| Collabora                   | `replicas.collabora`                     | :white_check_mark:  |       :gear:       |
-| CryptPad                    | `replicas.cryptpad`                      | :white_check_mark:  |       :gear:       |
-| Dovecot                     | `replicas.dovecot`                       |         :x:         |       :gear:       |
-| Element                     | `replicas.element`                       | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.matrixNeoBoardWidget`          | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixNeoChoiceWidget`         | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixNeoDateFixBot`           | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixNeoDateFixWidget`        | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixUserVerificationService` | :white_check_mark:  |       :gear:       |
-|                             | `replicas.synapse`                       |         :x:         |       :gear:       |
-|                             | `replicas.synapseWeb`                    | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.wellKnown`                     | :white_check_mark:  | :white_check_mark: |
-| Intercom Service            | `replicas.intercomService`               | :white_check_mark:  | :white_check_mark: |
-| Jitsi                       | `replicas.jibri`                         | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jicofo`                        | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jitsi `                        | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jitsiKeycloakAdapter`          | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jvb `                          |         :x:         |        :x:         |
-| Keycloak                    | `replicas.keycloak`                      | :white_check_mark:  | :white_check_mark: |
-| Memcached                   | `replicas.memcached`                     |       :gear:        |       :gear:       |
-| Minio                       | `replicas.minioDistributed`              | :white_check_mark:  | :white_check_mark: |
-| Nextcloud                   | `replicas.nextcloudApache2`              | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.nextcloudExporter`             | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.nextcloudPHP`                  | :white_check_mark:  | :white_check_mark: |
-| OpenProject                 | `replicas.openproject`                   | :white_check_mark:  | :white_check_mark: |
-| Postfix                     | `replicas.postfix`                       |         :x:         |       :gear:       |
-| Redis                       | `replicas.redis`                         |       :gear:        |       :gear:       |
-| Univention Management Stack |                                          |       :gear:        |       :gear:       |
-|                             | `replicas.umsPortalFrontend`             | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.umsPortalServer`               | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.umsUdmRestApi`                 | :white_check_mark:  | :white_check_mark: |
-| XWiki                       | `replicas.xwiki`                         |         :x:         |       :gear:       |

helmfile/apps/intercom-service/values.yaml.gotmpl

@@ -67,6 +67,26 @@ ingress:
     enabled: {{ .Values.ingress.tls.enabled }}
     secretName: {{ .Values.ingress.tls.secretName | quote }}
 
+provisioning:
+  enabled: true
+  config:
+    nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
+    keycloak:
+      url: "http://ums-keycloak:8080"
+      username: "kcadmin"
+      realm: {{ .Values.platform.realm | quote }}
+      connection:
+        host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
+        baseUrl: "http://ums-keycloak:8080"
+      credentialSecret:
+        name: "ums-opendesk-keycloak-credentials"
+        key: "admin_password"
+    ics_client:
+      clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
+      credentialSecret:
+        key: "ics_secret"
+
+
 podSecurityContext:
   enabled: true
   fsGroup: 1000

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -38,7 +38,7 @@ global:
         registry: "registry.opencode.de"
         repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
         imagePullPolicy: "IfNotPresent"
-        tag: "1.1.0"
+        tag: "1.2.0"
 
   # -- Allows to configure the system extensions to load. This is intended for
   # internal usage, prefer to use `global.extensions` for user configured
@@ -85,7 +85,13 @@ nubusGuardian:
   provisioning:
     enabled: true
     config:
+      nubusBaseUrl: {{ printf "https://portal.%s" .Values.global.domain }}
       keycloak:
+        realm: {{ .Values.platform.realm | quote }}
+        username: "kcadmin"
+        connection:
+          host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
+          baseUrl: "http://ums-keycloak:8080"
         credentialSecret:
           name: "ums-opendesk-keycloak-credentials"
           key: "admin_password"
@@ -206,6 +212,44 @@ nubusStackDataUms:
     externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
     umcHtmlTitle: "openDesk Portal"
     installUmcPolicies: true
+  templateContext:
+    portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }}
+    portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }}
+    portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain }}
+    portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain }}
+    portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
+    portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain }}
+    portalTitleDE: "openDesk Portal"
+    portalTitleEN: "openDesk Portal"
+    oxDefaultContext: "1"
+    ldapSearchUsers:
+      {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
+      - username: {{ printf "ldapsearch_%s" $username | quote }}
+        password: {{ $password | quote }}
+        lastname: "LDAP-Search-User"
+      {{- end }}
+    portaltileGroupUserStandard:
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupUserAdmin:
+      - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Support,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupUserAll:
+      - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupGroupware:
+      - 'cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupFileshare:
+      - 'cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementProject:
+      - 'cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementKnowledge:
+      - 'cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementLearn:
+      - 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupLiveCollaboration:
+      - 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
+
   nubusUmcServer:
     memcached:
       auth:

helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl

@@ -171,15 +171,6 @@ nubusUmcGateway:
   replicaCount: {{ .Values.replicas.umsUmcGateway }}
   resources:
     {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
-  extraVolumes:
-    - name: "entrypoint-swp-patches"
-      configMap:
-        name: "ums-stack-data-swp-umc-gateway-entrypoint"
-        defaultMode: 0555
-  extraVolumeMounts:
-    - name: "entrypoint-swp-patches"
-      mountPath: "/entrypoint.d/90-swp.sh"
-      subPath: "90-swp.sh"
 
 nubusKeycloakBootstrap:
   podAnnotations:

helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl

@@ -19,7 +19,7 @@ nubusKeycloakExtensions:
         registry: {{ .Values.images.nubusKeycloakExtensionHandler.registry }}
         repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
         tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
-    
+
     proxy:
       image:
         registry: {{ .Values.images.nubusKeycloakExtensionProxy.registry }}
@@ -40,7 +40,7 @@ nubusLdapServer:
       tag: {{ .Values.images.nubusLdapServer.tag }}
   dhInitcontainer:
     image:
-      registry: {{ .Values.images.nubusLdapServerDhInitContainer.registry }} 
+      registry: {{ .Values.images.nubusLdapServerDhInitContainer.registry }}
       repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
       tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
   waitForDependency:
@@ -48,7 +48,7 @@ nubusLdapServer:
       registry: {{ .Values.images.nubusWaitForDependency.registry }}
       repository: {{ .Values.images.nubusWaitForDependency.repository }}
       tag: {{ .Values.images.nubusWaitForDependency.tag }}
-      
+
 
 nubusPortalConsumer:
   portalConsumer:
@@ -56,7 +56,7 @@ nubusPortalConsumer:
       registry: {{ .Values.images.nubusPortalConsumer.registry }}
       repository: {{ .Values.images.nubusPortalConsumer.repository }}
       tag: {{ .Values.images.nubusPortalConsumer.tag }}
-      
+
 
 nubusNotificationsApi:
   image:
@@ -193,6 +193,11 @@ nubusUmcServer:
     registry: {{ .Values.images.nubusUmcServer.registry }}
     repository: {{ .Values.images.nubusUmcServer.repository }}
     tag: {{ .Values.images.nubusUmcServer.tag }}
+  proxy:
+    image:
+      registry: {{ .Values.images.nubusUmcServerProxy.registry }}
+      repository: {{ .Values.images.nubusUmcServerProxy.repository }}
+      tag: {{ .Values.images.nubusUmcServerProxy.tag }}
 
 nubusWaitForDependency:
   image:

helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl

@@ -388,60 +388,6 @@ config:
           backchannel.logout.session.required: false
         defaultClientScopes:
           - "opendesk-dovecot-scope"
-      - name: "opendesk-intercom"
-        clientId: "opendesk-intercom"
-        protocol: "openid-connect"
-        clientAuthenticatorType: "client-secret"
-        secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
-        redirectUris:
-          - "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
-        consentRequired: false
-        frontchannelLogout: false
-        publicClient: false
-        authorizationServicesEnabled: false
-        attributes:
-          backchannel.logout.session.required: true
-          backchannel.logout.revoke.offline.tokens: true
-          backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
-        protocolMappers:
-          - name: "intercom-audience"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "opendesk-intercom"
-              id.token.claim: false
-              access.token.claim: true
-          # temporary additional claim while entryuuid is a hardcoded attribute in IntercomService and we cannot set
-          # it to `opendesk_useruuid` standard claim. For reference:
-          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/app.js#L89
-          - name: "entryuuid_temp"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "entryUUID"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "entryuuid"
-              jsonType.label: "String"
-          # temporary additional claim while phoenixusername is a hardcoded attribute in IntercomService and we cannot
-          # set it to `opendesk_username` standard claim. For reference:
-          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/routes/navigation.js#L27
-          - name: "phoenixusername_temp"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "uid"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "phoenixusername"
-              jsonType.label: "String"
-        defaultClientScopes:
-          - "offline_access"
       - name: "opendesk-jitsi"
         clientId: "opendesk-jitsi"
         protocol: "openid-connect"

helmfile/environments/default/charts.yaml

@@ -107,11 +107,11 @@ charts:
     # upstreamRepository: "nubus/charts/intercom-service"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["2", "0", "1"]
-    registry: "registry.opencode.de"
+    registry: "artifacts.software-univention.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    repository: "nubus/charts"
     name: "intercom-service"
-    version: "2.0.1"
+    version: "0.8.0"
-    verify: true
+    verify: false
   jitsi:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -200,7 +200,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
     name: "opendesk-migrations"
-    version: "1.2.1"
+    version: "1.2.2"
     verify: true
   minio:
     # providerCategory: "Community"
@@ -249,10 +249,12 @@ charts:
     # upstreamRepository: "nubus/charts/nubus"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "19", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    # repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus-dev/charts"
     name: "nubus"
-    version: "0.33.0"
+    version: "0.39.1-post-jlohmer-manual-deploy-jobs"
     verify: true
   opendeskKeycloakBootstrap:
     # providerCategory: "Platform"

helmfile/environments/default/images.yaml

@@ -71,9 +71,11 @@ images:
     # upstreamRepository: "univention/intercom-service"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["1", "6"]
-    registry: "registry.opencode.de"
+    #registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
+    #repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
-    tag: "1.6@sha256:f32c1e52fa132e9dc6973e9f8ed36a98c5c3e0bcd51c60f9a683e7e528dd2306"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/intercom-service"
+    tag: "0.8.0@sha256:2e5e303c947aca687530244af5856cc4ba2b7cd880ff8348e922ac36c5f11167"
   jibri:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"
@@ -205,7 +207,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.2.0@sha256:42ebe655680466fd4b1647719752f1a4e7482eb2bc44abff806c4ac69fcda3e8"
+    tag: "1.2.1@sha256:241561c51dee3ccd4d54cf732020634291f124025946e6be983f850bbf4eb1d3"
   milter:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -219,9 +221,11 @@ images:
     # providerResponsible: "openDesk"
     # upstreamRegistry: "https://registry-1.docker.io"
     # upstreamRepository: "bitnami/minio"
-    registry: "registry-1.docker.io"
+    # registry: "registry-1.docker.io"
+    # repository: "bitnami/minio"
+    registry: "docker.io"
     repository: "bitnami/minio"
-    tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7"
+    tag: "2024.8.3-debian-12-r1"
   nextcloudApache2:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -263,7 +267,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "41", "5"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
-    tag: "0.60.0@sha256:9b43a66c32f4f66143db00b71cc62966df6ed809ec023a0d573a015f5d15305a"
+    tag: "0.61.0@sha256:598e9fa176c71a6da90ab200ca52abd88176c8cb22a1bf56fec9cd0daf58f58f"
   nubusGuardianAuthorizationApi:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -301,9 +305,11 @@ images:
     # upstreamRepository: "nubus/images/guardian-init"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "3", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
-    tag: "0.9.1@sha256:6006fb1c2779b906e7725df524f2587b2a610cc442793bf8f16b2b4b8c0494fb"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/guardian-init"
+    tag: "0.11.0@sha256:c691aecaf2074a9f1cc6ec5277a70792642bd677f0ff58a6278041b2d99c9d51"
   nubusKeycloak:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -323,7 +329,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "1", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
-    tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2"
+    tag: "0.1.2@sha256:ea462e3e40843215814bddae0668dc56102864d99127ad3c8d9816d741886ac0"
   nubusKeycloakExtensionHandler:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -331,9 +337,11 @@ images:
     # upstreamRepository: "nubus/images/keycloak-handler"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
-    tag: "0.9.4@sha256:247182a965cc56fe2a891d42a7cfe84205804a9e58dd8f0a8191726a68cb9db1"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/keycloak-handler"
+    tag: "0.10.0@sha256:7aa5bac4821c9226fd74c6a2883f7c24d214b4610d516574866cf933ee1be080"
   nubusKeycloakExtensionProxy:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -341,9 +349,11 @@ images:
     # upstreamRepository: "nubus/images/keycloak-proxy"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
-    tag: "0.9.4@sha256:a572fe076a2ef5966433fec478c92cffade816e71f2b4661bd8dbcb9e60c8c2f"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/keycloak-proxy"
+    tag: "0.10.0@sha256:a5f6ae65732f7fb9d7ceae11f1c412b109d230e197075d8a8e1d989c87a0309d"
   nubusLdapNotifier:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -351,9 +361,11 @@ images:
     # upstreamRepository: "nubus/images/ldap-notifier"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "8", "2"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
-    tag: "0.15.2@sha256:1f2a9d2136c8e87a4c4a59a94a2235d00e969c98bd7bfe75707a299918f271b5"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/ldap-notifier"
+    tag: "0.20.0@sha256:d891fe11075740ff0fe1694b2c5fb72c43ac6d823904af8593e0ab359b9175e0"
   nubusLdapServer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -362,8 +374,8 @@ images:
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "8", "2"]
     registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
+    repository: "bmi/opendesk/components/platform-development/images/temp-nubus-ldap-2.5-upgrade"
-    tag: "0.17.1@sha256:5b7b629b9655c7bb2857013f3399cefe5bdd3963d568bbf77d6d488c005e3b3b"
+    tag: "1.1.20@sha256:90f46b8817fa05e6e3ac3b2f053911198675805fb82db8240bfa41239d7e7c61"
   nubusLdapServerDhInitContainer:
     # providerCategory: 'Community'
     # providerResponsible: 'Univention'
@@ -403,9 +415,11 @@ images:
     # upstreamRepository: "nubus/images/notifications-api"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
-    tag: "0.27.0@sha256:d99173199f20c701b29b8a3c1a46465085a873b37f413882e7d2e106e258c35a"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/notifications-api"
+    tag: "0.33.0@sha256:0ddb81d4789b2f43b55ded46ff88db4b99a68e7b1006e35877f582aac875c9ad"
   nubusOpenPolicyAgent:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -423,9 +437,11 @@ images:
     # upstreamRepository: "nubus/images/ox-extension"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "10", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
-    tag: "0.10.0@sha256:f6f32ce0486594eca9c8682b10f60e9d174a526d5acd2ba4d0abcb8f522539b9"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/ox-extension"
+    tag: "0.11.0"
   nubusPortalConsumer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -443,9 +459,11 @@ images:
     # upstreamRepository: "nubus/images/portal-extension"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "28", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
-    tag: "0.28.0@sha256:1ec467bebc402265e1c24b3d441c211faad1a025ded41afe8dd4687b7ad5a9a4"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/portal-extension"
+    tag: "0.28.0"
   nubusPortalFrontend:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -453,9 +471,11 @@ images:
     # upstreamRepository: "nubus/images/portal-frontend"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
-    tag: "0.29.0@sha256:3af3d5d24f690557b4a644d5720113dca0c802465b0e43466b49db27acd37939"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/portal-frontend"
+    tag: "0.33.0@sha256:9cce16009cc478ece11704521347fc4938a3ac5ee4570ac439dd50b08452a3ff"
   nubusPortalListener:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -473,9 +493,11 @@ images:
     # upstreamRepository: "nubus/images/portal-server"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
-    tag: "0.27.0@sha256:e1ad659feb4a1948d07e6e7d99b94b6bdbd4525d96f4cf9a010b75189f0082fc"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus-dev/images/portal-server"
+    tag: "0.33.1@sha256:82e9002786a9d1ec524c0f386838ac4ee1fa9a581b66d2e353ea57cc01e26a95"
   nubusProvisioningDispatcher:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -493,9 +515,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-events-and-consumer-api"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
-    tag: "0.28.3@sha256:5b0a2c52d715fde613ecfedb3a3f5e47b9eb73cdcf4c373a9cc58248a919f2bf"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-events-and-consumer-api"
+    tag: "0.36.0@sha256:69dd2946e7b05384304eeeca50dea645d20f7658d225e7c532381c3bdf2027ce"
   nubusProvisioningPrefill:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -503,9 +527,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-prefill"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
-    tag: "0.28.3@sha256:a98bce46144a6ff943b0432b66277393b7b476b8969b221b9069c708d3380f5d"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-prefill"
+    tag: "0.36.0@sha256:147406648848c068aacc2cb467633d51c65cddbcaa622c352e5fe5349bf92ce6"
   nubusProvisioningUdmListener:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -513,9 +539,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-udm-listener"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
-    tag: "0.28.3@sha256:b9c452e55e6716f93309bef0af7d401e218cd1e6ea9ad3d2819fb10dd631aecd"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-udm-listener"
+    tag: "0.36.0@sha256:8a960db9ff94b3c8a63be1588e47ccc1f62f3071abdce7ee2ef89afbe2674eed"
   nubusProvisioningUdmTransformer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -523,9 +551,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-udm-transformer"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
-    tag: "0.29.0@sha256:68e27eb9560d2729e9065da3573f28073c5e53fedabac4d19562c4b8c6c1d1f3"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-udm-transformer"
+    tag: "0.36.0@sha256:8080b55e705391aa2ac9b11db11dc1f984b5626271b2f175bfe26967b857b06d"
   nubusSelfserviceInvitation:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -561,9 +591,11 @@ images:
     # upstreamRepository: "nubus/images/udm-rest-api"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
-    tag: "0.19.0@sha256:41482c459655afa36eaf9ec21354ff8417e4da5e3a787ec2f865730952f6bb61"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/udm-rest-api"
+    tag: "0.21.0@sha256:f3d189dd0ca619778c907569ddedbdf8772fba26f26cf9e6b8cde2a62618da63"
   nubusUmcGateway:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -571,9 +603,11 @@ images:
     # upstreamRepository: "nubus/images/umc-gateway"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "7", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
-    tag: "0.22.2@sha256:fe4d2c148946da6f5e92201f398ebd0d5a72795c50648993bd220ea1e228658d"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/umc-gateway"
+    tag: "0.27.0@sha256:f0d5831061d9e8c9a47e724d00eeb8902b08f2380d4ca298812e9c1870ff4697"
   nubusUmcServer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -581,9 +615,21 @@ images:
     # upstreamRepository: "nubus/images/umc-server"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "7", "3"]
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/umc-server"
+    tag: "0.27.0@sha256:fa552aa595f75d54b216af4390bd5ea3d5385e6a9a5f558804da3aae9f700acf"
+  nubusUmcServerProxy:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Univention"
+    # upstreamRegistry: "https://artifacts.software-univention.de"
+    # upstreamRepository: "library/traefik"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["3", "0"]
     registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
+    repository: "bmi/opendesk/components/supplier/univention/images-mirror/traefik"
-    tag: "0.22.2@sha256:474497f561c3532b37b7d5e77ec36bd1fefc4fbeaab9747b481533b0da086586"
+    tag: "3.0@sha256:9214fcecc5833b4df2bfe6bf92714f35220d79a4c5c626931701dbbdb555f86b"
   nubusWaitForDependency:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -611,7 +657,7 @@ images:
     # upstreamMirrorStartFrom: ["13", "1", "1"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
-    tag: "14.3.0@sha256:922621b394c1a60e1c427b866284ac636b35717f03bde89302131ad369fbf9ad"
+    tag: "14.4.0@sha256:0c1ee5467b5c7888f38eae88a712c2eec6c96995b85f09e0c27705c09f450a70"
   openprojectBootstrap:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"

helmfile/environments/default/replicas.yaml

@@ -1,62 +1,138 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
-# Before increasing the replicas of components, please consult the scaling documentation at "docs/scaling.md" to ensure
+# This file contains annotations to (later) generate parts of "docs/scaling.md".
-# that scaling of the respective component is possible and has the desired effect.
+# When adding new components in here, do not forget to add them as well to
+# `../test/values.yaml.gotmpl` to ensure their linting coverage.
 replicas:
-  # clamav-simple
+  # -- component: Antivirus (ClamAV)
+  # -- scalable: true
+  # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
   clamav: 1
-  # clamav-distributed
+  # -- scalable: true
+  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
   clamd: 1
-  collabora: 1
+  # -- scalable: true
-  cryptpad: 1
+  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files centrally an should be a singleton.
-  dovecot: 1
-  element: 1
-  # clamav-distributed
   freshclam: 1
-  # clamav-distributed
+  # -- scalable: true
+  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
   icap: 1
-  intercomService: 1
+  # -- scalable: true
-  jibri: 1
+  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
-  jicofo: 1
-  jitsi: 1
-  jitsiKeycloakAdapter: 1
-  jvb: 1
-  keycloak: 1
-  mariadb: 1
-  matrixNeoBoardWidget: 1
-  matrixNeoChoiceWidget: 1
-  matrixNeoDateFixBot: 1
-  matrixNeoDateFixWidget: 1
-  matrixUserVerificationService: 1
-  memcached: 1
-  # clamav-distributed
   milter: 1
-  minio: 1
+
-  nextcloudApache2: 1
+  # -- component: Weboffice (Collabora)
-  nextcloudExporter: 1
+  # -- scalable: true
-  nextcloudPHP: 1
+  collabora: 1
-  openprojectWeb: 1
+
-  openprojectWorker: 1
+  # -- component: Pad (CryptPad)
-  oxConnector: 1
+  # -- scalable: false
+  cryptpad: 1
+
+  # -- component: Groupware (OX AppSuite, OX Dovecot etc.)
+  # -- scalable: false
+  # -- comment: Scalable in openDesk Enterprise only
+  dovecot: 1
+  # -- scalable: false
   postfix: 1
-  postgres: 1
+
-  redis: 1
+  # -- component: Chat (Element, Synapse)
+  # -- scalable: true
+  element: 1
+  # -- scalable: tbd
+  matrixNeoBoardWidget: 1
+  # -- scalable: tbd
+  matrixNeoChoiceWidget: 1
+  # -- scalable: tbd
+  matrixNeoDateFixBot: 1
+  # -- scalable: tbd
+  matrixNeoDateFixWidget: 1
+  # -- scalable: tbd
+  matrixUserVerificationService: 1
+  # -- scalable: tbd
   synapse: 1
+  # -- scalable: true
   synapseWeb: 1
-  umsKeycloakExtensionsHandler: 1
+  # -- scalable: true
-  umsKeycloakExtensionsProxy: 1
-  umsLdapNotifier: 1
-  umsLdapServer: 1
-  umsNotificationsApi: 1
-  umsPortalFrontend: 1
-  umsPortalListener: 1
-  umsPortalServer: 1
-  umsSelfserviceListener: 1
-  umsStackGateway: 1
-  umsUdmRestApi: 1
-  umsUmcGateway: 1
-  umsUmcServer: 1
   wellKnown: 1
+
+  # -- component: IAM (Nubus)
+  # -- scalable: true
+  intercomService: 1
+  # -- scalable: true
+  keycloak: 1
+  # -- scalable: false
+  # -- comment: Will be removed soon.
+  oxConnector: 1
+  # -- scalable: false
+  # -- comment: Should not be scaled, is an async process.
+  umsKeycloakExtensionsHandler: 1
+  # -- scalable: true
+  umsKeycloakExtensionsProxy: 1
+  # -- scalable: tbd
+  umsLdapNotifier: 1
+  # -- scalable: tbd
+  umsLdapServer: 1
+  # -- scalable: tbd
+  umsNotificationsApi: 1
+  # -- scalable: true
+  umsPortalFrontend: 1
+  # -- scalable: tbd
+  umsPortalListener: 1
+  # -- scalable: true
+  umsPortalServer: 1
+  # -- scalable: tbd
+  umsSelfserviceListener: 1
+  # -- scalable: tbd
+  umsStackGateway: 1
+  # -- scalable: true
+  umsUdmRestApi: 1
+  # -- scalable: tbd
+  umsUmcGateway: 1
+  # -- scalable: tbd
+  umsUmcServer: 1
+
+  # -- component: Video conference (Jitsi)
+  # -- scalable: tbd
+  jibri: 1
+  # -- scalable: tbd
+  jicofo: 1
+  # -- scalable: tbd
+  jitsi: 1
+  # -- scalable: tbd
+  jitsiKeycloakAdapter: 1
+  # -- scalable: tbd
+  jvb: 1
+
+  # -- component: Persistence Layer
+  # -- scalable: false
+  mariadb: 1
+  # -- scalable: false
+  memcached: 1
+  # -- scalable: true
+  minio: 1
+  # -- scalable: false
+  postgres: 1
+  # -- scalable: tbd
+  redis: 1
+
+  # -- component: Filestore (Nextcloud)
+  # -- scalable: true
+  nextcloudApache2: 1
+  # -- scalable: true
+  nextcloudExporter: 1
+  # -- scalable: true
+  nextcloudPHP: 1
+
+  # -- component: Project management (OpenProject)
+  # -- scalable: true
+  openprojectWeb: 1
+  # -- scalable: tdb
+  # -- comment: Async process that usually has no need for scaling
+  openprojectWorker: 1
+
+  # -- component: Knowledge management (XWiki)
+  # -- scalable: false
   xwiki: 1
 ...

helmfile/environments/test/values.yaml.gotmpl

@@ -35,17 +35,13 @@ ingress:
     enabled: true
     secretName: "kyverno-tls"
 replicas:
-  # clamav-simple
   clamav: 42
-  # clamav-distributed
   clamd: 42
   collabora: 42
   cryptpad: 42
   dovecot: 42
   element: 42
-  # clamav-distributed
   freshclam: 42
-  # clamav-distributed
   icap: 42
   intercomService: 42
   jibri: 42
@@ -61,7 +57,6 @@ replicas:
   matrixNeoDateFixWidget: 42
   matrixUserVerificationService: 42
   memcached: 42
-  # clamav-distributed
   milter: 42
   minio: 42
   nextcloudApache2: 42