feat(nubus): Update chart to version 0.39.1-pre-acaceres-update-provisioning-and-stack-data

fix(nubus): Fixup readonly user
fix(nubus): Change registry to opendesk mirrors
2025-12-06 07:21:36 +01:00 · 2024-08-22 08:54:36 +00:00 · 2024-08-21 22:49:14 +02:00 · 2024-08-21 10:37:44 +02:00 · 2024-08-20 10:32:28 +02:00 · 2024-08-20 10:23:21 +02:00
14 changed files with 330 additions and 239 deletions
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ openDesk currently features the following functional main components:
 | Groupware            | OX App Suite                | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/)                | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
 | Knowledge management | XWiki                       | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
-| Project management   | OpenProject                 | [14.3.0](https://www.openproject.org/docs/release-notes/14-3-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
+| Project management   | OpenProject                 | [14.4.0](https://www.openproject.org/docs/release-notes/14-4-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.9646](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9646) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
 | Weboffice            | Collabora                   | [24.04.6.1.1](https://www.collaboraoffice.com/code-24-04-release-notes/)              | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |

--- a/docs/debugging.md
+++ b/docs/debugging.md
@@ -52,7 +52,7 @@ Below you will find some wrap-up notes when it comes to debugging openDesk by ad

 You can add a container by editing and updating an existing deployment, which is quite comfortable with tools like [Lens](https://k8slens.dev/).

- Select the container you want to make use of as debugging container, in the example below it's `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`.
+- Select the container you want to make use of as debugging container, in the example below it is `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`.
 - Ensure the `shareProcessNamespace` option is enabled for the Pod.
 - Reference the selected container within the `containers` array of the deployment.
 - In case you want to access another containers filesystem, ensure the user/group settings of both containers match.
@@ -121,7 +121,7 @@ Now you can add the ephemeral container with:
 ```
 kubectl -n ${NAMESPACE} debug -it --attach=false -c ${EPH_CONTAINER_NAME} --image={DEBUG_IMAGE} ${POD_NAME}
 ```
-and open it's interactive terminal with
+and open its interactive terminal with
 ```
 kubectl -n ${NAMESPACE} attach -it -c ${EPH_CONTAINER_NAME} ${POD_NAME}
 ```
--- a/docs/enhanced-configuration/separate-mail-matrix-domain.md
+++ b/docs/enhanced-configuration/separate-mail-matrix-domain.md
@@ -77,7 +77,7 @@ The following changes apply to the standard DNS:

 #### Content Security Policy

-The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to it's CSP header.
+The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to its CSP header.

 #### .well-known

--- a/docs/requirements.md
+++ b/docs/requirements.md
@@ -39,6 +39,8 @@ The following minimal requirements are thought for initial evaluation deployment
 | RAM  | 32 GB, more recommended                               |
 | Disk | HDD or SSD, >10 GB                                    |

+Check [`scaling.md`](./scaling.md) for more details on resource requirements and scalability.
+
 # Kubernetes

 Any self-hosted or managed K8s cluster >= 1.24 listed in
--- a/docs/scaling.md
+++ b/docs/scaling.md
@@ -7,55 +7,17 @@ SPDX-License-Identifier: Apache-2.0

 This document should cover the abilities to scale apps.

-<!-- TOC -->
-* [Replicas](#replicas)
-<!-- TOC -->
+# Horizontal scalability

-# Replicas
+We are working on generating this document automatically based on the file
+[`replicas.yaml`](../helmfile/environments/default/replicas.yaml) that contains necessary annotations.
+In the meantime this file can be used to check the components scaling support / capabilities.

-The Replicas can be increased of almost any component, but is only effective for high-availability or load-balancing for
-apps with a check-mark in `Scaling (effective)` column.
+# Upstream information

-Verified positive effects are marked with a check-mark in `Scaling (verified)` column, apps which are not yet tested are
-marked with a gear.
+While scaling services horizontally is the ideal solution, information about vertical scaling is helpful
+when it comes to defining the applications resources, see [`resources.yaml`](../helmfile/environments/default/resources.yaml) for references.

+Please find below links to the application's upstream resources about scaling:

-| Component                   | Name                                     | Scaling (effective) | Scaling (verified) |
-|-----------------------------|------------------------------------------|:-------------------:|:------------------:|
-| ClamAV                      | `replicas.clamav`                        | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.clamd`                         | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.freshclam`                     |         :x:         |        :x:         |
-|                             | `replicas.icap`                          | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.milter`                        | :white_check_mark:  | :white_check_mark: |
-| Collabora                   | `replicas.collabora`                     | :white_check_mark:  |       :gear:       |
-| CryptPad                    | `replicas.cryptpad`                      | :white_check_mark:  |       :gear:       |
-| Dovecot                     | `replicas.dovecot`                       |         :x:         |       :gear:       |
-| Element                     | `replicas.element`                       | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.matrixNeoBoardWidget`          | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixNeoChoiceWidget`         | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixNeoDateFixBot`           | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixNeoDateFixWidget`        | :white_check_mark:  |       :gear:       |
-|                             | `replicas.matrixUserVerificationService` | :white_check_mark:  |       :gear:       |
-|                             | `replicas.synapse`                       |         :x:         |       :gear:       |
-|                             | `replicas.synapseWeb`                    | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.wellKnown`                     | :white_check_mark:  | :white_check_mark: |
-| Intercom Service            | `replicas.intercomService`               | :white_check_mark:  | :white_check_mark: |
-| Jitsi                       | `replicas.jibri`                         | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jicofo`                        | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jitsi `                        | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jitsiKeycloakAdapter`          | :white_check_mark:  |       :gear:       |
-|                             | `replicas.jvb `                          |         :x:         |        :x:         |
-| Keycloak                    | `replicas.keycloak`                      | :white_check_mark:  | :white_check_mark: |
-| Memcached                   | `replicas.memcached`                     |       :gear:        |       :gear:       |
-| Minio                       | `replicas.minioDistributed`              | :white_check_mark:  | :white_check_mark: |
-| Nextcloud                   | `replicas.nextcloudApache2`              | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.nextcloudExporter`             | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.nextcloudPHP`                  | :white_check_mark:  | :white_check_mark: |
-| OpenProject                 | `replicas.openproject`                   | :white_check_mark:  | :white_check_mark: |
-| Postfix                     | `replicas.postfix`                       |         :x:         |       :gear:       |
-| Redis                       | `replicas.redis`                         |       :gear:        |       :gear:       |
-| Univention Management Stack |                                          |       :gear:        |       :gear:       |
-|                             | `replicas.umsPortalFrontend`             | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.umsPortalServer`               | :white_check_mark:  | :white_check_mark: |
-|                             | `replicas.umsUdmRestApi`                 | :white_check_mark:  | :white_check_mark: |
-| XWiki                       | `replicas.xwiki`                         |         :x:         |       :gear:       |
+- [OpenProject system requirements](https://www.openproject.org/docs/installation-and-operations/system-requirements/)
--- a/helmfile/apps/intercom-service/values.yaml.gotmpl
+++ b/helmfile/apps/intercom-service/values.yaml.gotmpl
@@ -67,6 +67,26 @@ ingress:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}

+provisioning:
+  enabled: true
+  config:
+    nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
+    keycloak:
+      url: "http://ums-keycloak:8080"
+      username: "kcadmin"
+      realm: {{ .Values.platform.realm | quote }}
+      connection:
+        host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
+        baseUrl: "http://ums-keycloak:8080"
+      credentialSecret:
+        name: "ums-opendesk-keycloak-credentials"
+        key: "admin_password"
+    ics_client:
+      clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
+      credentialSecret:
+        key: "ics_secret"
+
+
 podSecurityContext:
  enabled: true
  fsGroup: 1000
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -38,7 +38,7 @@ global:
        registry: "registry.opencode.de"
        repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
        imagePullPolicy: "IfNotPresent"
-        tag: "1.1.0"
+        tag: "1.2.0"

  # -- Allows to configure the system extensions to load. This is intended for
  # internal usage, prefer to use `global.extensions` for user configured
@@ -85,7 +85,13 @@ nubusGuardian:
  provisioning:
    enabled: true
    config:
+      nubusBaseUrl: {{ printf "https://portal.%s" .Values.global.domain }}
      keycloak:
+        realm: {{ .Values.platform.realm | quote }}
+        username: "kcadmin"
+        connection:
+          host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
+          baseUrl: "http://ums-keycloak:8080"
        credentialSecret:
          name: "ums-opendesk-keycloak-credentials"
          key: "admin_password"
@@ -206,6 +212,44 @@ nubusStackDataUms:
    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
    umcHtmlTitle: "openDesk Portal"
    installUmcPolicies: true
+  templateContext:
+    portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }}
+    portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }}
+    portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain }}
+    portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain }}
+    portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
+    portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain }}
+    portalTitleDE: "openDesk Portal"
+    portalTitleEN: "openDesk Portal"
+    oxDefaultContext: "1"
+    ldapSearchUsers:
+      {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
+      - username: {{ printf "ldapsearch_%s" $username | quote }}
+        password: {{ $password | quote }}
+        lastname: "LDAP-Search-User"
+      {{- end }}
+    portaltileGroupUserStandard:
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupUserAdmin:
+      - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Support,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupUserAll:
+      - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupGroupware:
+      - 'cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupFileshare:
+      - 'cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementProject:
+      - 'cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementKnowledge:
+      - 'cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementLearn:
+      - 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupLiveCollaboration:
+      - 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
+
  nubusUmcServer:
    memcached:
      auth:
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -171,15 +171,6 @@ nubusUmcGateway:
  replicaCount: {{ .Values.replicas.umsUmcGateway }}
  resources:
    {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
-  extraVolumes:
-    - name: "entrypoint-swp-patches"
-      configMap:
-        name: "ums-stack-data-swp-umc-gateway-entrypoint"
-        defaultMode: 0555
-  extraVolumeMounts:
-    - name: "entrypoint-swp-patches"
-      mountPath: "/entrypoint.d/90-swp.sh"
-      subPath: "90-swp.sh"

 nubusKeycloakBootstrap:
  podAnnotations:
--- a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
@@ -19,7 +19,7 @@ nubusKeycloakExtensions:
        registry: {{ .Values.images.nubusKeycloakExtensionHandler.registry }}
        repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
        tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
-    
+
    proxy:
      image:
        registry: {{ .Values.images.nubusKeycloakExtensionProxy.registry }}
@@ -40,7 +40,7 @@ nubusLdapServer:
      tag: {{ .Values.images.nubusLdapServer.tag }}
  dhInitcontainer:
    image:
-      registry: {{ .Values.images.nubusLdapServerDhInitContainer.registry }} 
+      registry: {{ .Values.images.nubusLdapServerDhInitContainer.registry }}
      repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
      tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
  waitForDependency:
@@ -48,7 +48,7 @@ nubusLdapServer:
      registry: {{ .Values.images.nubusWaitForDependency.registry }}
      repository: {{ .Values.images.nubusWaitForDependency.repository }}
      tag: {{ .Values.images.nubusWaitForDependency.tag }}
-      
+

 nubusPortalConsumer:
  portalConsumer:
@@ -56,7 +56,7 @@ nubusPortalConsumer:
      registry: {{ .Values.images.nubusPortalConsumer.registry }}
      repository: {{ .Values.images.nubusPortalConsumer.repository }}
      tag: {{ .Values.images.nubusPortalConsumer.tag }}
-      
+

 nubusNotificationsApi:
  image:
@@ -193,6 +193,11 @@ nubusUmcServer:
    registry: {{ .Values.images.nubusUmcServer.registry }}
    repository: {{ .Values.images.nubusUmcServer.repository }}
    tag: {{ .Values.images.nubusUmcServer.tag }}
+  proxy:
+    image:
+      registry: {{ .Values.images.nubusUmcServerProxy.registry }}
+      repository: {{ .Values.images.nubusUmcServerProxy.repository }}
+      tag: {{ .Values.images.nubusUmcServerProxy.tag }}

 nubusWaitForDependency:
  image:
--- a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
@@ -388,60 +388,6 @@ config:
          backchannel.logout.session.required: false
        defaultClientScopes:
          - "opendesk-dovecot-scope"
-      - name: "opendesk-intercom"
-        clientId: "opendesk-intercom"
-        protocol: "openid-connect"
-        clientAuthenticatorType: "client-secret"
-        secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
-        redirectUris:
-          - "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
-        consentRequired: false
-        frontchannelLogout: false
-        publicClient: false
-        authorizationServicesEnabled: false
-        attributes:
-          backchannel.logout.session.required: true
-          backchannel.logout.revoke.offline.tokens: true
-          backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
-        protocolMappers:
-          - name: "intercom-audience"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "opendesk-intercom"
-              id.token.claim: false
-              access.token.claim: true
-          # temporary additional claim while entryuuid is a hardcoded attribute in IntercomService and we cannot set
-          # it to `opendesk_useruuid` standard claim. For reference:
-          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/app.js#L89
-          - name: "entryuuid_temp"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "entryUUID"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "entryuuid"
-              jsonType.label: "String"
-          # temporary additional claim while phoenixusername is a hardcoded attribute in IntercomService and we cannot
-          # set it to `opendesk_username` standard claim. For reference:
-          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/routes/navigation.js#L27
-          - name: "phoenixusername_temp"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "uid"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "phoenixusername"
-              jsonType.label: "String"
-        defaultClientScopes:
-          - "offline_access"
      - name: "opendesk-jitsi"
        clientId: "opendesk-jitsi"
        protocol: "openid-connect"
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -107,11 +107,11 @@ charts:
    # upstreamRepository: "nubus/charts/intercom-service"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["2", "0", "1"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/charts"
    name: "intercom-service"
-    version: "2.0.1"
-    verify: true
+    version: "0.8.0"
+    verify: false
  jitsi:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -200,7 +200,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
    name: "opendesk-migrations"
-    version: "1.2.1"
+    version: "1.2.2"
    verify: true
  minio:
    # providerCategory: "Community"
@@ -249,10 +249,12 @@ charts:
    # upstreamRepository: "nubus/charts/nubus"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "19", "3"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus-dev/charts"
    name: "nubus"
-    version: "0.33.0"
+    version: "0.39.1-pre-acaceres-update-provisioning-and-stack-data"
    verify: true
  opendeskKeycloakBootstrap:
    # providerCategory: "Platform"
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -71,9 +71,11 @@ images:
    # upstreamRepository: "univention/intercom-service"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["1", "6"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
-    tag: "1.6@sha256:f32c1e52fa132e9dc6973e9f8ed36a98c5c3e0bcd51c60f9a683e7e528dd2306"
+    #registry: "registry.opencode.de"
+    #repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/intercom-service"
+    tag: "0.8.0@sha256:2e5e303c947aca687530244af5856cc4ba2b7cd880ff8348e922ac36c5f11167"
  jibri:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
@@ -205,7 +207,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.2.0@sha256:42ebe655680466fd4b1647719752f1a4e7482eb2bc44abff806c4ac69fcda3e8"
+    tag: "1.2.1@sha256:241561c51dee3ccd4d54cf732020634291f124025946e6be983f850bbf4eb1d3"
  milter:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
@@ -219,9 +221,11 @@ images:
    # providerResponsible: "openDesk"
    # upstreamRegistry: "https://registry-1.docker.io"
    # upstreamRepository: "bitnami/minio"
-    registry: "registry-1.docker.io"
+    # registry: "registry-1.docker.io"
+    # repository: "bitnami/minio"
+    registry: "docker.io"
    repository: "bitnami/minio"
-    tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7"
+    tag: "2024.8.3-debian-12-r1"
  nextcloudApache2:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -261,9 +265,11 @@ images:
    # upstreamRepository: "nubus/images/data-loader"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "41", "5"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
-    tag: "0.60.0@sha256:9b43a66c32f4f66143db00b71cc62966df6ed809ec023a0d573a015f5d15305a"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/data-loader"
+    tag: "0.62.0@sha256:3780fe8c2733dfb20aa582ad6d2f5fc0e5cefdd40c51926da73f23d56a191f06"
  nubusGuardianAuthorizationApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -301,9 +307,11 @@ images:
    # upstreamRepository: "nubus/images/guardian-init"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "3", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
-    tag: "0.9.1@sha256:6006fb1c2779b906e7725df524f2587b2a610cc442793bf8f16b2b4b8c0494fb"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/guardian-init"
+    tag: "0.11.0@sha256:c691aecaf2074a9f1cc6ec5277a70792642bd677f0ff58a6278041b2d99c9d51"
  nubusKeycloak:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -323,7 +331,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "1", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
-    tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2"
+    tag: "0.1.2@sha256:ea462e3e40843215814bddae0668dc56102864d99127ad3c8d9816d741886ac0"
  nubusKeycloakExtensionHandler:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -331,9 +339,11 @@ images:
    # upstreamRepository: "nubus/images/keycloak-handler"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
-    tag: "0.9.4@sha256:247182a965cc56fe2a891d42a7cfe84205804a9e58dd8f0a8191726a68cb9db1"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/keycloak-handler"
+    tag: "0.10.0@sha256:7aa5bac4821c9226fd74c6a2883f7c24d214b4610d516574866cf933ee1be080"
  nubusKeycloakExtensionProxy:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -341,9 +351,11 @@ images:
    # upstreamRepository: "nubus/images/keycloak-proxy"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
-    tag: "0.9.4@sha256:a572fe076a2ef5966433fec478c92cffade816e71f2b4661bd8dbcb9e60c8c2f"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/keycloak-proxy"
+    tag: "0.10.0@sha256:a5f6ae65732f7fb9d7ceae11f1c412b109d230e197075d8a8e1d989c87a0309d"
  nubusLdapNotifier:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -351,9 +363,11 @@ images:
    # upstreamRepository: "nubus/images/ldap-notifier"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "8", "2"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
-    tag: "0.15.2@sha256:1f2a9d2136c8e87a4c4a59a94a2235d00e969c98bd7bfe75707a299918f271b5"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/ldap-notifier"
+    tag: "0.20.0@sha256:d891fe11075740ff0fe1694b2c5fb72c43ac6d823904af8593e0ab359b9175e0"
  nubusLdapServer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -362,8 +376,8 @@ images:
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "8", "2"]
    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
-    tag: "0.17.1@sha256:5b7b629b9655c7bb2857013f3399cefe5bdd3963d568bbf77d6d488c005e3b3b"
+    repository: "bmi/opendesk/components/platform-development/images/temp-nubus-ldap-2.5-upgrade"
+    tag: "1.1.20@sha256:90f46b8817fa05e6e3ac3b2f053911198675805fb82db8240bfa41239d7e7c61"
  nubusLdapServerDhInitContainer:
    # providerCategory: 'Community'
    # providerResponsible: 'Univention'
@@ -403,9 +417,11 @@ images:
    # upstreamRepository: "nubus/images/notifications-api"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
-    tag: "0.27.0@sha256:d99173199f20c701b29b8a3c1a46465085a873b37f413882e7d2e106e258c35a"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/notifications-api"
+    tag: "0.33.0@sha256:0ddb81d4789b2f43b55ded46ff88db4b99a68e7b1006e35877f582aac875c9ad"
  nubusOpenPolicyAgent:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -423,9 +439,11 @@ images:
    # upstreamRepository: "nubus/images/ox-extension"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "10", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
-    tag: "0.10.0@sha256:f6f32ce0486594eca9c8682b10f60e9d174a526d5acd2ba4d0abcb8f522539b9"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/ox-extension"
+    tag: "0.11.0"
  nubusPortalConsumer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -443,9 +461,11 @@ images:
    # upstreamRepository: "nubus/images/portal-extension"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "28", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
-    tag: "0.28.0@sha256:1ec467bebc402265e1c24b3d441c211faad1a025ded41afe8dd4687b7ad5a9a4"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/portal-extension"
+    tag: "0.28.0"
  nubusPortalFrontend:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -453,9 +473,11 @@ images:
    # upstreamRepository: "nubus/images/portal-frontend"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
-    tag: "0.29.0@sha256:3af3d5d24f690557b4a644d5720113dca0c802465b0e43466b49db27acd37939"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/portal-frontend"
+    tag: "0.33.0@sha256:9cce16009cc478ece11704521347fc4938a3ac5ee4570ac439dd50b08452a3ff"
  nubusPortalListener:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -473,9 +495,11 @@ images:
    # upstreamRepository: "nubus/images/portal-server"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
-    tag: "0.27.0@sha256:e1ad659feb4a1948d07e6e7d99b94b6bdbd4525d96f4cf9a010b75189f0082fc"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus-dev/images/portal-server"
+    tag: "0.33.1@sha256:82e9002786a9d1ec524c0f386838ac4ee1fa9a581b66d2e353ea57cc01e26a95"
  nubusProvisioningDispatcher:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -493,9 +517,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-events-and-consumer-api"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
-    tag: "0.28.3@sha256:5b0a2c52d715fde613ecfedb3a3f5e47b9eb73cdcf4c373a9cc58248a919f2bf"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-events-and-consumer-api"
+    tag: "0.37.0@sha256:44cb1f2a4dd5f4b82e13982026bb442504dc1121904977e0358ad61ee30d2266"
  nubusProvisioningPrefill:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -503,9 +529,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-prefill"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
-    tag: "0.28.3@sha256:a98bce46144a6ff943b0432b66277393b7b476b8969b221b9069c708d3380f5d"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-prefill"
+    tag: "0.37.0@sha256:36772f35b268fb598dee0e8e737fb27a292aa38df5c7ff04448ea2a4acbd0728"
  nubusProvisioningUdmListener:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -513,9 +541,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-udm-listener"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
-    tag: "0.28.3@sha256:b9c452e55e6716f93309bef0af7d401e218cd1e6ea9ad3d2819fb10dd631aecd"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-udm-listener"
+    tag: "0.36.0@sha256:8a960db9ff94b3c8a63be1588e47ccc1f62f3071abdce7ee2ef89afbe2674eed"
  nubusProvisioningUdmTransformer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -523,9 +553,11 @@ images:
    # upstreamRepository: "nubus/images/provisioning-udm-transformer"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
-    tag: "0.29.0@sha256:68e27eb9560d2729e9065da3573f28073c5e53fedabac4d19562c4b8c6c1d1f3"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-udm-transformer"
+    tag: "0.37.0@sha256:0b4c428587df160a82f17a26a635cb7ad838b244d2261b3a2bf9f5402e69c63f"
  nubusSelfserviceInvitation:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -561,9 +593,11 @@ images:
    # upstreamRepository: "nubus/images/udm-rest-api"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "9", "3"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
-    tag: "0.19.0@sha256:41482c459655afa36eaf9ec21354ff8417e4da5e3a787ec2f865730952f6bb61"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/udm-rest-api"
+    tag: "0.21.0@sha256:f3d189dd0ca619778c907569ddedbdf8772fba26f26cf9e6b8cde2a62618da63"
  nubusUmcGateway:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -571,9 +605,11 @@ images:
    # upstreamRepository: "nubus/images/umc-gateway"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "7", "3"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
-    tag: "0.22.2@sha256:fe4d2c148946da6f5e92201f398ebd0d5a72795c50648993bd220ea1e228658d"
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/umc-gateway"
+    tag: "0.27.0@sha256:f0d5831061d9e8c9a47e724d00eeb8902b08f2380d4ca298812e9c1870ff4697"
  nubusUmcServer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -581,9 +617,21 @@ images:
    # upstreamRepository: "nubus/images/umc-server"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["0", "7", "3"]
+    # registry: "registry.opencode.de"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/umc-server"
+    tag: "0.27.0@sha256:fa552aa595f75d54b216af4390bd5ea3d5385e6a9a5f558804da3aae9f700acf"
+  nubusUmcServerProxy:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Univention"
+    # upstreamRegistry: "https://artifacts.software-univention.de"
+    # upstreamRepository: "library/traefik"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["3", "0"]
    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
-    tag: "0.22.2@sha256:474497f561c3532b37b7d5e77ec36bd1fefc4fbeaab9747b481533b0da086586"
+    repository: "bmi/opendesk/components/supplier/univention/images-mirror/traefik"
+    tag: "3.0@sha256:9214fcecc5833b4df2bfe6bf92714f35220d79a4c5c626931701dbbdb555f86b"
  nubusWaitForDependency:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -611,7 +659,7 @@ images:
    # upstreamMirrorStartFrom: ["13", "1", "1"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
-    tag: "14.3.0@sha256:922621b394c1a60e1c427b866284ac636b35717f03bde89302131ad369fbf9ad"
+    tag: "14.4.0@sha256:0c1ee5467b5c7888f38eae88a712c2eec6c96995b85f09e0c27705c09f450a70"
  openprojectBootstrap:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -1,62 +1,138 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
-# Before increasing the replicas of components, please consult the scaling documentation at "docs/scaling.md" to ensure
-# that scaling of the respective component is possible and has the desired effect.
+# This file contains annotations to (later) generate parts of "docs/scaling.md".
+# When adding new components in here, do not forget to add them as well to
+# `../test/values.yaml.gotmpl` to ensure their linting coverage.
 replicas:
-  # clamav-simple
+  # -- component: Antivirus (ClamAV)
+  # -- scalable: true
+  # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
  clamav: 1
-  # clamav-distributed
+  # -- scalable: true
+  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  clamd: 1
-  collabora: 1
-  cryptpad: 1
-  dovecot: 1
-  element: 1
-  # clamav-distributed
+  # -- scalable: true
+  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files centrally an should be a singleton.
  freshclam: 1
-  # clamav-distributed
+  # -- scalable: true
+  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  icap: 1
-  intercomService: 1
-  jibri: 1
-  jicofo: 1
-  jitsi: 1
-  jitsiKeycloakAdapter: 1
-  jvb: 1
-  keycloak: 1
-  mariadb: 1
-  matrixNeoBoardWidget: 1
-  matrixNeoChoiceWidget: 1
-  matrixNeoDateFixBot: 1
-  matrixNeoDateFixWidget: 1
-  matrixUserVerificationService: 1
-  memcached: 1
-  # clamav-distributed
+  # -- scalable: true
+  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  milter: 1
-  minio: 1
-  nextcloudApache2: 1
-  nextcloudExporter: 1
-  nextcloudPHP: 1
-  openprojectWeb: 1
-  openprojectWorker: 1
-  oxConnector: 1
+
+  # -- component: Weboffice (Collabora)
+  # -- scalable: true
+  collabora: 1
+
+  # -- component: Pad (CryptPad)
+  # -- scalable: false
+  cryptpad: 1
+
+  # -- component: Groupware (OX AppSuite, OX Dovecot etc.)
+  # -- scalable: false
+  # -- comment: Scalable in openDesk Enterprise only
+  dovecot: 1
+  # -- scalable: false
  postfix: 1
-  postgres: 1
-  redis: 1
+
+  # -- component: Chat (Element, Synapse)
+  # -- scalable: true
+  element: 1
+  # -- scalable: tbd
+  matrixNeoBoardWidget: 1
+  # -- scalable: tbd
+  matrixNeoChoiceWidget: 1
+  # -- scalable: tbd
+  matrixNeoDateFixBot: 1
+  # -- scalable: tbd
+  matrixNeoDateFixWidget: 1
+  # -- scalable: tbd
+  matrixUserVerificationService: 1
+  # -- scalable: tbd
  synapse: 1
+  # -- scalable: true
  synapseWeb: 1
-  umsKeycloakExtensionsHandler: 1
-  umsKeycloakExtensionsProxy: 1
-  umsLdapNotifier: 1
-  umsLdapServer: 1
-  umsNotificationsApi: 1
-  umsPortalFrontend: 1
-  umsPortalListener: 1
-  umsPortalServer: 1
-  umsSelfserviceListener: 1
-  umsStackGateway: 1
-  umsUdmRestApi: 1
-  umsUmcGateway: 1
-  umsUmcServer: 1
+  # -- scalable: true
  wellKnown: 1
+
+  # -- component: IAM (Nubus)
+  # -- scalable: true
+  intercomService: 1
+  # -- scalable: true
+  keycloak: 1
+  # -- scalable: false
+  # -- comment: Will be removed soon.
+  oxConnector: 1
+  # -- scalable: false
+  # -- comment: Should not be scaled, is an async process.
+  umsKeycloakExtensionsHandler: 1
+  # -- scalable: true
+  umsKeycloakExtensionsProxy: 1
+  # -- scalable: tbd
+  umsLdapNotifier: 1
+  # -- scalable: tbd
+  umsLdapServer: 1
+  # -- scalable: tbd
+  umsNotificationsApi: 1
+  # -- scalable: true
+  umsPortalFrontend: 1
+  # -- scalable: tbd
+  umsPortalListener: 1
+  # -- scalable: true
+  umsPortalServer: 1
+  # -- scalable: tbd
+  umsSelfserviceListener: 1
+  # -- scalable: tbd
+  umsStackGateway: 1
+  # -- scalable: true
+  umsUdmRestApi: 1
+  # -- scalable: tbd
+  umsUmcGateway: 1
+  # -- scalable: tbd
+  umsUmcServer: 1
+
+  # -- component: Video conference (Jitsi)
+  # -- scalable: tbd
+  jibri: 1
+  # -- scalable: tbd
+  jicofo: 1
+  # -- scalable: tbd
+  jitsi: 1
+  # -- scalable: tbd
+  jitsiKeycloakAdapter: 1
+  # -- scalable: tbd
+  jvb: 1
+
+  # -- component: Persistence Layer
+  # -- scalable: false
+  mariadb: 1
+  # -- scalable: false
+  memcached: 1
+  # -- scalable: true
+  minio: 1
+  # -- scalable: false
+  postgres: 1
+  # -- scalable: tbd
+  redis: 1
+
+  # -- component: Filestore (Nextcloud)
+  # -- scalable: true
+  nextcloudApache2: 1
+  # -- scalable: true
+  nextcloudExporter: 1
+  # -- scalable: true
+  nextcloudPHP: 1
+
+  # -- component: Project management (OpenProject)
+  # -- scalable: true
+  openprojectWeb: 1
+  # -- scalable: tdb
+  # -- comment: Async process that usually has no need for scaling
+  openprojectWorker: 1
+
+  # -- component: Knowledge management (XWiki)
+  # -- scalable: false
  xwiki: 1
 ...
--- a/helmfile/environments/test/values.yaml.gotmpl
+++ b/helmfile/environments/test/values.yaml.gotmpl
@@ -35,17 +35,13 @@ ingress:
    enabled: true
    secretName: "kyverno-tls"
 replicas:
-  # clamav-simple
  clamav: 42
-  # clamav-distributed
  clamd: 42
  collabora: 42
  cryptpad: 42
  dovecot: 42
  element: 42
-  # clamav-distributed
  freshclam: 42
-  # clamav-distributed
  icap: 42
  intercomService: 42
  jibri: 42
@@ -61,7 +57,6 @@ replicas:
  matrixNeoDateFixWidget: 42
  matrixUserVerificationService: 42
  memcached: 42
-  # clamav-distributed
  milter: 42
  minio: 42
  nextcloudApache2: 42
Author	SHA1	Message	Date
Nubus CI Bot	b4e4947ea7	feat(nubus): Update chart to version 0.39.1-pre-acaceres-update-provisioning-and-stack-data	2024-08-22 08:54:36 +00:00
Juan Pedro Torres	390c041196	fix(nubus): Fixup readonly user	2024-08-21 22:49:14 +02:00
Juan Pedro Torres	9709fef962	fix(nubus): Change registry to opendesk mirrors	2024-08-21 10:37:44 +02:00
Juan Pedro Torres	b062f373dd	feat(nubus): OpenDesk UDM loader	2024-08-20 10:32:28 +02:00
Juan Pedro Torres	6d1a6b149a	fix(nubus): Skip verify intercom service chart	2024-08-20 10:23:21 +02:00
Jaime Conde	d8a493453a	feat(nubus): Bump chart version for UMC scalability	2024-08-20 10:23:21 +02:00
Jaime Conde	0a93abc21d	feat(nubus): UMC server scaling	2024-08-20 10:23:21 +02:00
Nubus CI Bot	8f102ad4c1	feat(nubus): Update chart to version 0.34.0, keycloak provisioning	2024-08-19 10:18:02 +02:00
Jaime Conde	d8b0e3c27b	fix(nubus): Drop umc-gateway menu unused patches	2024-08-19 08:07:46 +00:00
Oliver Günther	e1d15e4bc6	chore(openproject): Bump version to 14.4	2024-08-16 09:04:32 +02:00
Thorsten Roßner	c63e725525	fix(nubus): Update LDAP to openLDAP 2.5.	2024-08-14 19:05:53 +02:00
Thorsten Roßner	45715a2059	fix(docs): Update `replicas.yaml` and `docs/scaling.md`.	2024-08-14 13:15:05 +02:00