mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
117 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
fbbf3f253b | ||
|
|
2703615dff | ||
|
|
85ad5ecd6d | ||
|
|
ae3d0daa11 | ||
|
|
0a17976aca | ||
|
|
ce7e5f670a | ||
|
|
917f9fb452 | ||
|
|
f46c8a9a5f | ||
|
|
c2b44da34e | ||
|
|
41b9afb364 | ||
|
|
63bdcf594b | ||
|
|
a99c088361 | ||
|
|
8d09aa02f9 | ||
|
|
1514678db0 | ||
|
|
b7254cf5dc | ||
|
|
7ab1cb5c7e | ||
|
|
0ba71f2749 | ||
|
|
77e362f6bc | ||
|
|
09079a1303 | ||
|
|
15db5dcbba | ||
|
|
d3c439038a | ||
|
|
9409ad829a | ||
|
|
a4bab4068d | ||
|
|
90019e3ef6 | ||
|
|
4835a2beec | ||
|
|
12c931fcff | ||
|
|
2f8a298925 | ||
|
|
ec3f1d96ac | ||
|
|
16c08f82c9 | ||
|
|
edb25bd765 | ||
|
|
c840608112 | ||
|
|
320da3bec3 | ||
|
|
c61b1b8281 | ||
|
|
96097e4704 | ||
|
|
5e1a7b19e2 | ||
|
|
13bcd785e8 | ||
|
|
c54bab165b | ||
|
|
836f491766 | ||
|
|
fe0e0cdce4 | ||
|
|
a74d662404 | ||
|
|
471a2fa262 | ||
|
|
5f79763e2b | ||
|
|
e120f5fb9a | ||
|
|
a799db03c4 | ||
|
|
d725b93798 | ||
|
|
e1070eeb06 | ||
|
|
c7fc187f14 | ||
|
|
89ac783dc3 | ||
|
|
882f1fbc93 | ||
|
|
b5583caec1 | ||
|
|
6d23534ee0 | ||
|
|
d2e7ac9348 | ||
|
|
2125037a3c | ||
|
|
ed7e5e428e | ||
|
|
d28a425673 | ||
|
|
a6fa846afc | ||
|
|
4380e78981 | ||
|
|
be82243966 | ||
|
|
f9886448b6 | ||
|
|
0eceb85e7d | ||
|
|
1ef4a861ac | ||
|
|
3b90533063 | ||
|
|
1349181d80 | ||
|
|
e1b84898c5 | ||
|
|
63a1e2568e | ||
|
|
ca4b1da84f | ||
|
|
ff462ab0dc | ||
|
|
4f2a8aeee4 | ||
|
|
c5ab1b81fe | ||
|
|
9d7866480c | ||
|
|
9a6d2409a6 | ||
|
|
f758293241 | ||
|
|
6321ff50a0 | ||
|
|
5fbf86b6bc | ||
|
|
6e68f7f28c | ||
|
|
41d40c9b73 | ||
|
|
cef11acbae | ||
|
|
6e5ef639c2 | ||
|
|
65b0ca5480 | ||
|
|
39565c7cfd | ||
|
|
0d374c1fea | ||
|
|
387bd8715c | ||
|
|
f219c42afa | ||
|
|
4d3bc2799c | ||
|
|
0f59736c5d | ||
|
|
7e9d39cc7f | ||
|
|
6ab4fa078b | ||
|
|
05361276c0 | ||
|
|
cda237a655 | ||
|
|
ea77d1712e | ||
|
|
2a61b5f2a6 | ||
|
|
f4dbdfb321 | ||
|
|
3d4d45f711 | ||
|
|
86fdb34735 | ||
|
|
7c9c6f9000 | ||
|
|
7f7eae8f99 | ||
|
|
c9953299cc | ||
|
|
a14c42f6ed | ||
|
|
c520b0047c | ||
|
|
7491582c28 | ||
|
|
06dc7a115d | ||
|
|
b9c895b357 | ||
|
|
d8adcc463a | ||
|
|
83aeb4ece2 | ||
|
|
4c21fd2286 | ||
|
|
5788323621 | ||
|
|
3cad4ce886 | ||
|
|
de257893d4 | ||
|
|
dcbb9981f5 | ||
|
|
390f2dee52 | ||
|
|
53796dae66 | ||
|
|
2d376b35ed | ||
|
|
bcee05d537 | ||
|
|
ee684a7891 | ||
|
|
5f0ca92a05 | ||
|
|
152b4fb7b5 | ||
|
|
53948eae76 |
293
.gitlab-ci.yml
293
.gitlab-ci.yml
@@ -2,13 +2,15 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
include:
|
||||
- project: "souvap/tooling/gitlab-config"
|
||||
- project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
|
||||
ref: "main"
|
||||
file:
|
||||
- "ci/common/lint.yml"
|
||||
- "ci/release-automation/semantic-release.yml"
|
||||
- project: "souvap/devops/sovereign-workplace-env"
|
||||
- project: "${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}"
|
||||
file: "gitlab/environments.yaml"
|
||||
rules:
|
||||
- if: "$INCLUDE_ENVIRONMENTS_ENABLED != 'false'"
|
||||
|
||||
stages:
|
||||
- ".pre"
|
||||
@@ -20,22 +22,17 @@ stages:
|
||||
- "component-deploy-stage-2"
|
||||
- "tests"
|
||||
- "env-stop"
|
||||
- "post"
|
||||
- "generate-release-assets"
|
||||
- ".post"
|
||||
|
||||
variables:
|
||||
NAMESPACE:
|
||||
description: "The name of namespaces to deploy to."
|
||||
value: ""
|
||||
CLUSTER:
|
||||
description: "Define which cluster to use"
|
||||
value: "develop"
|
||||
options:
|
||||
- "dev"
|
||||
- "qa"
|
||||
- "ref"
|
||||
- "develop"
|
||||
- "hubble"
|
||||
- "prototype"
|
||||
description: "Define which cluster to use. Cluster must be defined in gitlab/environments.yaml of
|
||||
sovereign-workplace-env included above."
|
||||
value: "dev"
|
||||
BASE_DOMAIN:
|
||||
description: "Define the Cluster Base Domain."
|
||||
value: "souvap.cloud"
|
||||
@@ -61,10 +58,13 @@ variables:
|
||||
- "yes"
|
||||
- "no"
|
||||
DEPLOY_UCS:
|
||||
description: "Enable Univention Corporate Server deployment."
|
||||
description: >-
|
||||
Enable Univention Corporate Server deployment.
|
||||
"ums-eval" does deploy the Univention Management Stack instead of the UCS container.
|
||||
value: "no"
|
||||
options:
|
||||
- "yes"
|
||||
- "ums-eval"
|
||||
- "no"
|
||||
DEPLOY_PROVISIONING:
|
||||
description: "Enable Provisioning Components."
|
||||
@@ -78,6 +78,12 @@ variables:
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
DEPLOY_ELEMENT:
|
||||
description: "Enable Element deployment."
|
||||
value: "no"
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
DEPLOY_KEYCLOAK:
|
||||
description: "Enable Keycloak deployment."
|
||||
value: "no"
|
||||
@@ -126,9 +132,18 @@ variables:
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
TESTS_PROJECT_URL:
|
||||
description: "URL of the E2E-test gitlab project API with project ID."
|
||||
value: "gitlab.souvap-univention.de/api/v4/projects/6"
|
||||
TESTS_BRANCH:
|
||||
description: "Branch of E2E-tests on which the test pipeline is triggered"
|
||||
value: "main"
|
||||
RUN_UMS_TESTS:
|
||||
description: "Run E2E test suite of SouvAP Dev team"
|
||||
value: "no"
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
UMS_TESTS_BRANCH:
|
||||
description: "Branch of E2E test suite of SouvAP Dev team"
|
||||
value: "main"
|
||||
# please use the following set of variables with normalized names:
|
||||
DOMAIN: "${NAMESPACE}.${CLUSTER}.${BASE_DOMAIN}"
|
||||
ISTIO_DOMAIN: "${NAMESPACE}.istio.${CLUSTER}.${BASE_DOMAIN}"
|
||||
@@ -138,23 +153,6 @@ variables:
|
||||
dependencies: []
|
||||
extends: ".environments"
|
||||
image: "registry.souvap-univention.de/souvap/tooling/images/helm:latest"
|
||||
secrets:
|
||||
SMTP_PASSWORD:
|
||||
vault:
|
||||
engine:
|
||||
name: "kv-v2"
|
||||
path: "swp"
|
||||
path: "accounts/brained/mail/relay@souvap-univention.de"
|
||||
field: "password"
|
||||
file: false
|
||||
TURN_CREDENTIALS:
|
||||
vault:
|
||||
engine:
|
||||
name: "kv-v2"
|
||||
path: "swp"
|
||||
path: "accounts/souvap-univention.de/develop/turn/secret"
|
||||
field: "credentials"
|
||||
file: false
|
||||
script:
|
||||
- "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
|
||||
# MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
|
||||
@@ -192,7 +190,7 @@ env-cleanup:
|
||||
env-start:
|
||||
environment:
|
||||
name: "${NAMESPACE}"
|
||||
url: "https://portal.${NAMESPACE}.${SWP_DOMAIN}"
|
||||
url: "https://portal.${DOMAIN}"
|
||||
on_stop: "env-stop"
|
||||
extends: ".deploy-common"
|
||||
image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6"
|
||||
@@ -233,7 +231,7 @@ ucs-deploy:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no")
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS == "yes")
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "univention-corporate-container"
|
||||
@@ -250,6 +248,18 @@ provisioning-deploy:
|
||||
variables:
|
||||
COMPONENT: "provisioning"
|
||||
|
||||
ums-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
$DEPLOY_UCS == "ums-eval"
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "univention-management-stack"
|
||||
|
||||
keycloak-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
@@ -278,6 +288,7 @@ keycloak-bootstrap-deploy:
|
||||
ox-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
timeout: "30m"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
@@ -359,6 +370,18 @@ jitsi-deploy:
|
||||
variables:
|
||||
COMPONENT: "jitsi"
|
||||
|
||||
element-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ELEMENT != "no")
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "element"
|
||||
|
||||
env-stop:
|
||||
extends: ".deploy-common"
|
||||
environment:
|
||||
@@ -393,67 +416,183 @@ run-tests:
|
||||
when: "always"
|
||||
script:
|
||||
- |
|
||||
COMPONENTS="login or portal or profile or navigation"
|
||||
if [ "${DEPLOY_ALL_COMPONENTS}" != "no" ]; then
|
||||
COMPONENTS="${COMPONENTS} or collabora or ics or jitsi or keycloak or nextcloud or openproject or ox or ucs \
|
||||
or xwiki"
|
||||
else
|
||||
[ "${DEPLOY_COLLABORA}" != "no" ] && COMPONENTS="${COMPONENTS} or collabora"
|
||||
[ "${DEPLOY_ICS}" != "no" ] && COMPONENTS="${COMPONENTS} or ics"
|
||||
[ "${DEPLOY_JITSI}" != "no" ] && COMPONENTS="${COMPONENTS} or jitsi"
|
||||
[ "${DEPLOY_KEYCLOAK}" != "no" ] && COMPONENTS="${COMPONENTS} or keycloak"
|
||||
[ "${DEPLOY_NEXTCLOUD}" != "no" ] && COMPONENTS="${COMPONENTS} or nextcloud"
|
||||
[ "${DEPLOY_OPENPROJECT}" != "no" ] && COMPONENTS="${COMPONENTS} or openproject"
|
||||
[ "${DEPLOY_OX}" != "no" ] && COMPONENTS="${COMPONENTS} or ox"
|
||||
[ "${DEPLOY_UCS}" != "no" ] && COMPONENTS="${COMPONENTS} or ucs"
|
||||
[ "${DEPLOY_XWIKI}" != "no" ] && COMPONENTS="${COMPONENTS} or xwiki"
|
||||
fi
|
||||
|
||||
echo "Gathering passwords from UCS container ..."
|
||||
UCS_CONTAINER_NAME=$( \
|
||||
kubectl -n ${NAMESPACE} get pods --no-headers \
|
||||
--selector 'app.kubernetes.io/instance=univention-corporate-container' \
|
||||
| awk '{print $1}' \
|
||||
kubectl -n ${NAMESPACE} get pods --no-headers --selector \
|
||||
'app.kubernetes.io/instance=univention-corporate-container' \
|
||||
| grep Running \
|
||||
| awk '{print $1}' \
|
||||
)
|
||||
echo "UCS_CONTAINER_NAME: ${UCS_CONTAINER_NAME}"
|
||||
DEFAULT_USER_PASSWORD=$( \
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_USER_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
DEFAULT_ADMIN_PASSWORD=$( \
|
||||
DEFAULT_ADMIN_PASSWORD=$(
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_ADMIN_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
|
||||
echo "triggering test pipeline ..."
|
||||
curl -X POST \
|
||||
-F "ref=main" \
|
||||
-F "token=${CI_JOB_TOKEN}" \
|
||||
-F "variables[url]=https://portal.${DOMAIN}" \
|
||||
-F "variables[user_name]=${DEFAULT_USER_NAME}" \
|
||||
-F "variables[user_password]=${DEFAULT_USER_PASSWORD}" \
|
||||
-F "variables[admin_name]=${DEFAULT_ADMIN_NAME}" \
|
||||
-F "variables[admin_password]=${DEFAULT_ADMIN_PASSWORD}" \
|
||||
-F "variables[components]=\"${COMPONENTS}\"" \
|
||||
https://${TESTS_PROJECT_URL}/trigger/pipeline
|
||||
curl --request POST \
|
||||
--header "Content-Type: application/json" \
|
||||
--data "{ \
|
||||
\"ref\": \"${TESTS_BRANCH}\", \
|
||||
\"token\": \"${CI_JOB_TOKEN}\", \
|
||||
\"variables\": { \
|
||||
\"url\": \"https://portal.${DOMAIN}\", \
|
||||
\"user_name\": \"${DEFAULT_USER_NAME}\", \
|
||||
\"user_password\": \"${DEFAULT_USER_PASSWORD}\", \
|
||||
\"admin_name\": \"${DEFAULT_ADMIN_NAME}\", \
|
||||
\"admin_password\": \"${DEFAULT_ADMIN_PASSWORD}\", \
|
||||
\"DEPLOY_ALL_COMPONENTS\": \"${DEPLOY_ALL_COMPONENTS}\", \
|
||||
\"DEPLOY_COLLABORA\": \"${DEPLOY_COLLABORA}\", \
|
||||
\"DEPLOY_ELEMENT\": \"${DEPLOY_ELEMENT}\", \
|
||||
\"DEPLOY_ICS\": \"${DEPLOY_ICS}\", \
|
||||
\"DEPLOY_JITSI\": \"${DEPLOY_JITSI}\", \
|
||||
\"DEPLOY_KEYCLOAK\": \"${DEPLOY_KEYCLOAK}\", \
|
||||
\"DEPLOY_NEXTCLOUD\": \"${DEPLOY_NEXTCLOUD}\", \
|
||||
\"DEPLOY_OPENPROJECT\": \"${DEPLOY_OPENPROJECT}\", \
|
||||
\"DEPLOY_OX\": \"${DEPLOY_OX}\", \
|
||||
\"DEPLOY_SERVICES\": \"${DEPLOY_SERVICES}\", \
|
||||
\"DEPLOY_UCS\": \"${DEPLOY_UCS}\", \
|
||||
\"DEPLOY_XWIKI\": \"${DEPLOY_XWIKI}\", \
|
||||
\"DEPLOY_PROVISIONING\": \"${DEPLOY_PROVISIONING}\" \
|
||||
} \
|
||||
}" \
|
||||
"https://${TESTS_PROJECT_URL}/trigger/pipeline"
|
||||
|
||||
run-souvap-dev-tests:
|
||||
extends: ".deploy-common"
|
||||
environment:
|
||||
name: "${NAMESPACE}"
|
||||
tags:
|
||||
- "docker"
|
||||
- "kubernetes"
|
||||
- "${CLUSTER}"
|
||||
stage: "tests"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_UMS_TESTS == "yes"
|
||||
when: "always"
|
||||
script:
|
||||
- |
|
||||
UCS_CONTAINER_NAME=$( \
|
||||
kubectl -n ${NAMESPACE} get pods --no-headers --selector \
|
||||
'app.kubernetes.io/instance=univention-corporate-container' \
|
||||
| grep Running \
|
||||
| awk '{print $1}' \
|
||||
)
|
||||
DEFAULT_USER_PASSWORD=$( \
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_USER_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
DEFAULT_ADMIN_PASSWORD=$(
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_ADMIN_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
|
||||
curl --request POST \
|
||||
--header "Content-Type: application/json" \
|
||||
--data "{ \
|
||||
\"ref\": \"${UMS_TESTS_BRANCH}\", \
|
||||
\"token\": \"${CI_JOB_TOKEN}\", \
|
||||
\"variables\": { \
|
||||
\"portal_base_url\": \"https://portal.${DOMAIN}\", \
|
||||
\"username\": \"${DEFAULT_USER_NAME}\", \
|
||||
\"password\": \"${DEFAULT_USER_PASSWORD}\", \
|
||||
\"admin_username\": \"${DEFAULT_ADMIN_NAME}\", \
|
||||
\"admin_password\": \"${DEFAULT_ADMIN_PASSWORD}\", \
|
||||
\"keycloak_base_url\": \"https://id.${DOMAIN}\" \
|
||||
} \
|
||||
}" \
|
||||
"https://${UMS_TESTS_PROJECT_URL}/trigger/pipeline"
|
||||
|
||||
generate-release-assets:
|
||||
stage: "generate-release-assets"
|
||||
image: "registry.souvap-univention.de/souvap/tooling/images/ansible:4.10.0"
|
||||
rules:
|
||||
- if: "$JOB_RELEASE_ENABLED != 'false' && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
|
||||
when: "always"
|
||||
- when: "never"
|
||||
script:
|
||||
- |
|
||||
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/${ASSET_GENERATOR_REPO_PATH}
|
||||
cd opendesk-asset-generator
|
||||
export OPENDESK_DEPLOYMENT_AUTOMATION_PATH=${CI_PROJECT_DIR}
|
||||
./opendesk_asset_generator.py
|
||||
mv ./build_artefacts ${CI_PROJECT_DIR}
|
||||
cd ..
|
||||
rm -rf opendesk-asset-generator
|
||||
ls -l ./build_artefacts
|
||||
artifacts:
|
||||
paths:
|
||||
- "./build_artefacts/chart-index.json"
|
||||
- "./build_artefacts/image-index.json"
|
||||
tags: []
|
||||
variables:
|
||||
ASSET_GENERATOR_REPO_PATH: "bmi/souveraener_arbeitsplatz/tooling/opendesk-asset-generator"
|
||||
|
||||
|
||||
# Declare .environments which is in environments repository and only loaded when INCLUDE_ENVIRONMENTS_ENABLED not false.
|
||||
# 'cache' is used because job must contain at least one key, so cache is just a dummy key.
|
||||
.environments:
|
||||
cache: {}
|
||||
|
||||
# Overwrite shared settings
|
||||
.common-semantic-release:
|
||||
image: "registry.souvap-univention.de/souvap/tooling/images/semantic-release-patched:latest"
|
||||
except:
|
||||
- "tags"
|
||||
- "web"
|
||||
tags: []
|
||||
|
||||
common-yaml-linter:
|
||||
except:
|
||||
- "tags"
|
||||
- "web"
|
||||
rules:
|
||||
- if: "$JOB_COMMON_YAML_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|triggers|web|merge_request_event'"
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
reuse-linter:
|
||||
allow_failure: false
|
||||
except:
|
||||
- "tags"
|
||||
- "web"
|
||||
rules:
|
||||
- if: "$JOB_REUSE_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|triggers|web|merge_request_event'"
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
generate-release-version:
|
||||
rules:
|
||||
- if: "$JOB_RELEASE_ENABLED != 'false'"
|
||||
when: "always"
|
||||
|
||||
release:
|
||||
dependencies:
|
||||
- "generate-release-assets"
|
||||
rules:
|
||||
- if: "$JOB_RELEASE_ENABLED != 'false' && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
|
||||
when: "always"
|
||||
script:
|
||||
- |
|
||||
cat << 'EOF' > ${CI_PROJECT_DIR}/.releaserc
|
||||
{
|
||||
"branches": ["main"],
|
||||
"plugins": [
|
||||
["@semantic-release/gitlab",
|
||||
{
|
||||
"assets": [
|
||||
{ "path": "./build_artefacts/chart-index.json",
|
||||
"label": "Chart Index JSON" },
|
||||
{ "path": "./build_artefacts/image-index.json",
|
||||
"label": "Image Index JSON" },
|
||||
]
|
||||
}
|
||||
],
|
||||
"@semantic-release/release-notes-generator",
|
||||
"@semantic-release/changelog",
|
||||
["@semantic-release/git", {
|
||||
"assets": ["charts/**/Chart.yaml", "CHANGELOG.md", "charts/**/README.md"],
|
||||
"message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
|
||||
}]
|
||||
]
|
||||
}
|
||||
EOF
|
||||
- "semantic-release"
|
||||
...
|
||||
|
||||
8
.reuse/dep5
Normal file
8
.reuse/dep5
Normal file
@@ -0,0 +1,8 @@
|
||||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: openDesk
|
||||
Upstream-Contact: <git+bmi-souveraener-arbeitsplatz-cla-1339-29pr0g9pj4or9yi6wfly6pbhg-issue@opencode.de>
|
||||
Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace
|
||||
|
||||
Files: helmfile/environments/default/theme/*
|
||||
Copyright: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
License: Apache-2.0
|
||||
264
CHANGELOG.md
264
CHANGELOG.md
@@ -1,3 +1,267 @@
|
||||
## [0.4.5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.4...v0.4.5) (2023-09-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Streamline timeouts ([2703615](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2703615dffb2ba5c70704a4f08bb0485629218f3))
|
||||
|
||||
## [0.4.4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.3...v0.4.4) (2023-09-25)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Updates for mail templates and mail export ([ae3d0da](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ae3d0daa117d3d0ff307f379590394914a757546))
|
||||
|
||||
## [0.4.3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.2...v0.4.3) (2023-09-25)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Update image to 27.1.1 ([ce7e5f6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ce7e5f670a4dbc980eb8be73e5f7d15b27e8b1de))
|
||||
|
||||
## [0.4.2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.1...v0.4.2) (2023-09-21)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Add Nextcloud app for OpenProject integration; Bump Collabora Image ([f46c8a9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f46c8a9a5f4f9778cb171d65e9a0280e4ce61c16))
|
||||
|
||||
## [0.4.1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.0...v0.4.1) (2023-09-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Remove doublette triple dashes in helmfile.yaml ([41b9afb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/41b9afb3648a0e1fddc5aa4337cc1501756b370c))
|
||||
|
||||
# [0.4.0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.3.2...v0.4.0) (2023-09-18)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **ci:** Optionally trigger E2E tests of the SouvAP Dev team ([a99c088](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a99c088361b95b2bb7ee2b161e3a254f02bcd9ae))
|
||||
|
||||
## [0.3.2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.3.1...v0.3.2) (2023-09-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Fix linter issues ([1514678](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1514678db00d32c1463d8fc496c0e6d1c2a2df96))
|
||||
* **univention-management-stack:** Add "commonLabels" into helmfile ([16c08f8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/16c08f82c9b4934567bb3b9c7fccab754bfad494))
|
||||
* **univention-management-stack:** Add Helm charts ([a74d662](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a74d66240423fd5ba87854cc2b71132f11271ec7))
|
||||
* **univention-management-stack:** Add switch "univentionManagementStack.enabled" ([471a2fa](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/471a2fa26205b8ca3afb5eeeb4524897a57f5c20))
|
||||
* **univention-management-stack:** Adjust Ingress configuration for portal-server ([13bcd78](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/13bcd785e8f7db22d20903020e0cdd28094309a9))
|
||||
* **univention-management-stack:** Adjust Ingress configuration for umc ([320da3b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/320da3bec3a49d974765e567878d5c2f2b4e93ef))
|
||||
* **univention-management-stack:** Adjust Ingress configuration of notifications-api ([5e1a7b1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5e1a7b19e278147d010c48dac2da111f828dd115))
|
||||
* **univention-management-stack:** Adjust ingress configuration of the portal-frontend ([c54bab1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c54bab165bf81854471d790200781b4181eba22a))
|
||||
* **univention-management-stack:** Adjust Ingress configuration of udm-rest-api ([c61b1b8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c61b1b828150caa8d2fe1a5b9f0a862b2fbef4f1))
|
||||
* **univention-management-stack:** Adjust Ingress conifguration of store-dav ([96097e4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/96097e470483a5251acd81eb772da70ad7f55137))
|
||||
* **univention-management-stack:** Configure cookie banner data ([12c931f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/12c931fcff5536116af11df1c9c0468429949fe2))
|
||||
* **univention-management-stack:** Define resource requests and limits ([2f8a298](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2f8a2989250ea0f3b50dd3417f214a8864fe62d0))
|
||||
* **univention-management-stack:** Disable istio for the stack ([4835a2b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4835a2beec408ec6267177f82257edd9ccb0d937))
|
||||
* **univention-management-stack:** Prepare persistence configuration ([7ab1cb5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7ab1cb5c7e7bca85394eae2ed17141e513dd5a42))
|
||||
* **univention-management-stack:** Process bases before releases ([ec3f1d9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ec3f1d96ac17cf1fb9d34ab692240460d5bd4ba1))
|
||||
* **univention-management-stack:** Set externalDomainName for bootstrapping the stack ([0ba71f2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0ba71f2749eaf51b09429a5f3c705bd0075c1efa))
|
||||
* **univention-management-stack:** Split templated from static values ([09079a1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/09079a13031be7894a34bf92945bd25a040c2290))
|
||||
* **univention-management-stack:** Split values into templated and static ([d3c4390](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d3c439038a2551ec90324ab8659d24b65b223d4f))
|
||||
* **univention-management-stack:** Update portal-listener to leverage dependency waiting ([c840608](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c84060811229bb131bcd473a9e4668dfa73f97d7))
|
||||
* **univention-management-stack:** Use global secrets to fill initialPasswordAdministrator ([a4bab40](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a4bab4068dc298056ed864e60a244d49a2934c8b))
|
||||
* **univention-management-stack:** Use global secrets to populate ldap related secrets ([9409ad8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/9409ad829a725c84ebc3de5d1c4d42fe735e9d0c))
|
||||
* **univention-management-stack:** Use global secrets to set store-dav related passwords ([90019e3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/90019e3ef6de5e4ed1742ee9ddc3bbb256cd3dec))
|
||||
* **univention-management-stack:** Use ldap base DN "dc=swp-ldap,dc=internal" ([77e362f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/77e362f6bc053c5d456bf65649f15130ce53547c))
|
||||
* **univention-management-stack:** Use postgresql service for notifications-api ([fe0e0cd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fe0e0cdce4622352afbf74875adcae8324d769a3))
|
||||
* **univention-management-stack:** Use the prefix "ums-" for all releases ([edb25bd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/edb25bd7655beeefa73a62fb9a8c85e076c4cc2f))
|
||||
* **univention-management-stack:** Use the value "global.imagePullPolicy" ([15db5dc](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/15db5dcbba33c39f752499f2d73c77cac32d1e8c))
|
||||
|
||||
## [0.3.1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.3.0...v0.3.1) (2023-09-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Update Ingress annotations and set securityContext ([b5583ca](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b5583caec10c24e3bfb312edcb2800e6a60a9b10))
|
||||
* **element:** Improve default container security settings ([882f1fb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/882f1fbc93ceb4ac33683d445e100e445798b202))
|
||||
* **element:** Update opendesk element version to 2.0.1 ([d725b93](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d725b937989987ffacf87d7a9ee05803dcdd4c93))
|
||||
* **helmfile:** Remove default SMTP credentials and create docs for SMTP/TURN ([e120f5f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e120f5fb9a91b80ba71ce78eace99852b4da5fda))
|
||||
* **helmfile:** Update images and use a tag and digest together ([c7fc187](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c7fc187f14b78cdcc698abbbaec1ba0bbfc718a1))
|
||||
* **services:** Explicitly set securityContexts ([a799db0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a799db03c4115ba69303be1c265f7aefef95d659))
|
||||
* **services:** Update Postfix to 2.0.2 fixing security gaining ([e1070ee](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e1070eeb0602523c240a91dae1b0869a7cc42a78))
|
||||
|
||||
# [0.3.0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.10...v0.3.0) (2023-09-12)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **ci:** Selective tests ([d2e7ac9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d2e7ac93481249e9eb7e5e1a41a6c6e333abe2dc))
|
||||
|
||||
## [0.2.10](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.9...v0.2.10) (2023-09-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add imagePullPolicy default env variable ([f988644](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f9886448b60bbbd917b5ba04d188401275293eec))
|
||||
* **helmfile:** Update images and add jitsi, keycloak to security section in docs ([0eceb85](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0eceb85e7df7455fa61cb17a854807069fbcf51a))
|
||||
* **jitsi:** Update chart to 1.4.2 with improved security and fixed change on each deployment ([1349181](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1349181d802ccb80d9e48cf50fe39f1505116c8e))
|
||||
* **jitsi:** Update jitsi to 1.5.1 and fix prosody image ([ed7e5e4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ed7e5e428e5d9213a92f97dc03d72fa3e04334c2))
|
||||
* **keycloak:** Improve default security settings ([3b90533](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/3b90533063c151a9f3cdc9861a115481f6dc440a))
|
||||
* **nextcloud:** Fix yamllint disable comment ([4380e78](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4380e789814ec2b0458fb2c341c8160ab2743afc))
|
||||
* **services:** Disable https redirect in istio to fix cert-manager issues ([1ef4a86](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1ef4a861acc955e2e85715c62f715a6629ada940))
|
||||
* **services:** Fix capabilities of postifix ([a6fa846](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a6fa846afc9744f2b399c37cc754f878b6b9e90b))
|
||||
* **services:** Fix OCI registry address of postgresql, mariadb ([be82243](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/be822439661f766c4db6044fd3581db0cce214bb))
|
||||
|
||||
## [0.2.10](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.9...v0.2.10) (2023-09-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add imagePullPolicy default env variable ([f988644](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f9886448b60bbbd917b5ba04d188401275293eec))
|
||||
* **helmfile:** Update images and add jitsi, keycloak to security section in docs ([0eceb85](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0eceb85e7df7455fa61cb17a854807069fbcf51a))
|
||||
* **jitsi:** Update chart to 1.4.2 with improved security and fixed change on each deployment ([1349181](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1349181d802ccb80d9e48cf50fe39f1505116c8e))
|
||||
* **keycloak:** Improve default security settings ([3b90533](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/3b90533063c151a9f3cdc9861a115481f6dc440a))
|
||||
* **nextcloud:** Fix yamllint disable comment ([4380e78](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4380e789814ec2b0458fb2c341c8160ab2743afc))
|
||||
* **services:** Disable https redirect in istio to fix cert-manager issues ([1ef4a86](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1ef4a861acc955e2e85715c62f715a6629ada940))
|
||||
* **services:** Fix capabilities of postifix ([a6fa846](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a6fa846afc9744f2b399c37cc754f878b6b9e90b))
|
||||
* **services:** Fix OCI registry address of postgresql, mariadb ([be82243](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/be822439661f766c4db6044fd3581db0cce214bb))
|
||||
|
||||
## [0.2.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.8...v0.2.9) (2023-09-05)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Add websocket support for NGINX Inc. Ingress ([6e5ef63](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6e5ef639c22aad93fd2d0eb75f7a1ffc00d6cc9a))
|
||||
* **docs:** Add security part in README ([ff462ab](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ff462ab0dc2252cc7b517874f5337427b8d19053))
|
||||
* **docs:** Update scaling docs ([63a1e25](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/63a1e2568e8c5ff62081c6e6594d2019c1aa4b74))
|
||||
* **helmfile:** Reduce icap resources in default enviroment ([c5ab1b8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c5ab1b81fecbce46788c50b282ed6d1770124fa5))
|
||||
* **helmfile:** Update clamav and nextcloud images in default environment ([4f2a8ae](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4f2a8aeee4ee6c3d27b1c8a99bad14f603486be5))
|
||||
* **nextcloud:** Add support for up to 4G large upload for Ingress NGINX and NGINX Inc. Ingress ([6e68f7f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6e68f7f28c937319d93f8afe1dbb302012f77233))
|
||||
* **nextcloud:** Rename sovereign-workplace-nextcloud-bootstrap to opendesk-nextcloud-bootstrap and use OCI ([cef11ac](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/cef11acbae28510809f9bfa13224dc3a6996207f))
|
||||
* **nextcloud:** Use clamav-icap when clamavDistributed is activated ([41d40c9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/41d40c9b731b866da2666fa4ffa8cb6493737112))
|
||||
* **services:** Enable security context and use default increased security settings ([9a6d240](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/9a6d2409a697f7e9811a0f4f8d31bb18bac1b926))
|
||||
* **services:** Fix image registry templates for postfix ([6321ff5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6321ff50a00203abbfb7f5822e67a3c0e00d4b01))
|
||||
* **services:** Replace image digest by tag ([f758293](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f7582932412f13b1a087d40459e97cf633b1a97e))
|
||||
* **services:** Set readOnlyRootFilesystem to true on master ([5fbf86b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5fbf86b6bc7b63c81b3ac07c5e0fa8cd464fdad1))
|
||||
* **services:** Update clamav to 4.0.0, redis to 18.0.0, postgresql to 2.0.2, mariadb to 2.0.2 and use OCI registries ([9d78664](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/9d7866480cee889fd3b3003b2eea313a6ed73344))
|
||||
|
||||
## [0.2.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.7...v0.2.8) (2023-08-31)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Update images and Helm chart ([39565c7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/39565c7cfd89a8d1c2e645e3ecea28fba703ccc1))
|
||||
|
||||
## [0.2.7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.6...v0.2.7) (2023-08-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **jitsi:** Update Jitsi Helm chart to set the user's display name as default ([387bd87](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/387bd8715c5a1cf54733c6642cf57c6ef9a44316))
|
||||
|
||||
## [0.2.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.5...v0.2.6) (2023-08-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **ci:** Change path of asset_generator ([6ab4fa0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6ab4fa078b0bb3939c54f46d6475770fa9901936))
|
||||
* **ci:** Include deployment environments ([0f59736](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0f59736c5dcff905400ae2e1bbf7ae496ffb9b2c))
|
||||
* **ci:** Release artefacts ([2a61b5f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2a61b5f2a66bf1dc1ad06f7111ef7ecaf9247b39))
|
||||
|
||||
## [0.2.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.5...v0.2.6) (2023-08-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **ci:** Change path of asset_generator ([6ab4fa0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6ab4fa078b0bb3939c54f46d6475770fa9901936))
|
||||
* **ci:** Include deployment environments ([0f59736](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0f59736c5dcff905400ae2e1bbf7ae496ffb9b2c))
|
||||
* **ci:** Release artefacts ([2a61b5f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2a61b5f2a66bf1dc1ad06f7111ef7ecaf9247b39))
|
||||
|
||||
## [0.2.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.2.5...v0.2.6) (2023-08-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **ci:** Change path of asset_generator ([6ab4fa0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6ab4fa078b0bb3939c54f46d6475770fa9901936))
|
||||
* **ci:** Release artefacts ([2a61b5f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2a61b5f2a66bf1dc1ad06f7111ef7ecaf9247b39))
|
||||
|
||||
## [0.2.5](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.2.4...v0.2.5) (2023-08-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **xwiki:** Theming and language of central navigation ([3d4d45f](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/3d4d45f7114e6e3bc353b8d6c5fdbcac4cb2460f))
|
||||
|
||||
## [0.2.4](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.2.3...v0.2.4) (2023-08-29)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Apply the global theme to Element ([7f7eae8](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/7f7eae8f99a6d8ad8085ad99c63af27b858ff9b7))
|
||||
|
||||
## [0.2.3](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.2.2...v0.2.3) (2023-08-29)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **ci:** Add central branding information ([a14c42f](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/a14c42f6ed2e3d8e12af5d04cae1a4bb1336fb3d))
|
||||
|
||||
## [0.2.2](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.2.1...v0.2.2) (2023-08-16)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **jitsi:** Allow configuration of LoadBalancer status field for patchJVB job ([7491582](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/7491582c28c21e83a0bc6349fb68045472146aad))
|
||||
* **open-xchange:** Explicitly disable core-ui-middleware ingress ([06dc7a1](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/06dc7a115d36841f1109f9e75aac844d934c2f4c))
|
||||
|
||||
## [0.2.1](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.2.0...v0.2.1) (2023-08-16)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **keycloak:** Increase proxy-buffer-size for ingress-nginx ([d8adcc4](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/d8adcc463adc8bec5a793a97977dddd89d7363cc))
|
||||
|
||||
# [0.2.0](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.2...v0.2.0) (2023-08-15)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Replace bitnami repositories with OCI ([4c21fd2](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/4c21fd228654520bb71d56dc1bda96332334002b))
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **helmfile:** Implement private image/chart registry variables ([5788323](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/57883236219811d2a5fc422649b4f9b042a0ac22))
|
||||
|
||||
## [0.1.2](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.1...v0.1.2) (2023-08-15)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **jitsi:** Update support for NodePort setups with different ingress/egress ips ([de25789](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/de257893d4ff2b3e8ea1d6988c6bdde5ed1eae9a))
|
||||
|
||||
## [0.1.1](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.0...v0.1.1) (2023-08-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Bump dovecot and sovereign-workplace-open-xchange-bootstrap to 1.3.0 with image digest support ([53796da](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/53796dae660463207a460b387b6f3dd23ce20cd0))
|
||||
* **open-xchange:** Bump sovereign-workplace-open-xchange-bootstrap to 1.3.1 ([390f2de](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/390f2dee5226b83855a6cca8bf1c0d0f5647ee34))
|
||||
|
||||
# [0.1.0](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.0.6...v0.1.0) (2023-08-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **docs:** Typo ([ee684a7](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/ee684a78910ce721ea834e9ec2f4222ed37572c6))
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **element:** Add element component ([5f0ca92](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/5f0ca92a058e51a27aa56e35ebcf2048bad88671))
|
||||
|
||||
## [0.0.6](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.0.5...v0.0.6) (2023-08-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Functional mailboxes auth settings update in AppSuite and Dovecot ([53948ea](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/53948eae7648cc9785d2b8a813fc7e40b36aa3aa))
|
||||
|
||||
## [0.0.5](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.0.4...v0.0.5) (2023-08-11)
|
||||
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ Functional components are the core of the SWP as they provide it's rich function
|
||||
|
||||
## File & Share - Nextcloud
|
||||
|
||||
## Kollaboration - dOnlineZusammenarbeit 2.0
|
||||
## Kollaboration - Element
|
||||
|
||||
## Videokonferenzen - Jitsi
|
||||
|
||||
@@ -25,4 +25,4 @@ Functional components are the core of the SWP as they provide it's rich function
|
||||
|
||||
## Project Management - OpenProject
|
||||
|
||||
## IAM - Univention Corporate Services
|
||||
## Portal & IAM - Univention Corporate Services
|
||||
|
||||
@@ -42,7 +42,7 @@ This service is used by:
|
||||
|
||||
## TURN Server
|
||||
|
||||
- dOZ 2.0
|
||||
This services is used by:
|
||||
- Jitsi
|
||||
|
||||
## NFS
|
||||
|
||||
@@ -9,17 +9,17 @@ Please read the [project's overall CONTRIBUTING.md](https://gitlab.opencode.de/b
|
||||
|
||||
# How to contribute?
|
||||
|
||||
When providing contributes to this project, please adhere to the standards and conventions described in further down in this document. Doing so please feel free to create merge requests.
|
||||
When providing contributes to this project, please adhere to the standards and conventions described further down in this document. Doing so please feel free to create merge requests.
|
||||
|
||||
# Standards and conventions
|
||||
|
||||
## Branching
|
||||
|
||||
We use of [Github flow](https://docs.github.com/en/get-started/quickstart/github-flow).
|
||||
We use [Github flow](https://docs.github.com/en/get-started/quickstart/github-flow).
|
||||
|
||||
## Verified commits
|
||||
|
||||
We only allow verify commits:
|
||||
We only allow verified commits:
|
||||
- https://docs.gitlab.com/ee/user/project/repository/ssh_signed_commits/
|
||||
- https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/
|
||||
- https://docs.gitlab.com/ee/user/project/repository/x509_signed_commits/
|
||||
@@ -80,7 +80,7 @@ Due to DVS requirements:
|
||||
- we should avoid stand alone Manifests.
|
||||
- we do not use Operators and CRDs.
|
||||
|
||||
In order to align the Helm files from various sources into an unified deployment of the SWP we make use of to [Helmfile](https://github.com/helmfile/helmfile).
|
||||
In order to align the Helm files from various sources into an unified deployment of the SWP we make use of [Helmfile](https://github.com/helmfile/helmfile).
|
||||
|
||||
## Tooling
|
||||
|
||||
|
||||
198
README.md
198
README.md
@@ -8,10 +8,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
# Disclaimer August 2023
|
||||
|
||||
The current state of the Sovereign Workplace misses the component
|
||||
_Element Starter Edition_ because it is not generally available yet.
|
||||
|
||||
Also does the Sovereign Workplace contain components that are going to be
|
||||
The current state of the Sovereign Workplace contains components that are going to be
|
||||
replaced. Like for example the UCS dev container monolith will be substituted by
|
||||
multiple Univention Management Stack containers.
|
||||
|
||||
@@ -48,6 +45,15 @@ repository please use the [issues within this project](https://gitlab.opencode.d
|
||||
If you want to address other topics, please check the section
|
||||
["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
|
||||
|
||||
# Releases
|
||||
|
||||
All technical releases are created using [Semantic Versioning](https://semver.org/lang/de/).
|
||||
|
||||
Gitlab provides an [overview on the releases](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/releases) of this project.
|
||||
|
||||
The following release artefacts are provided beside the default source code assets:
|
||||
- `chart-index.json`: An overview of all Helm charts used by the release.
|
||||
- `image-index.json`: An overview of all container images used by the release.
|
||||
# Deployment
|
||||
|
||||
**Note for project members:** You can use the project's `dev` K8s cluster to set
|
||||
@@ -67,8 +73,7 @@ These are the requirements of the Sovereign Workplace deployment:
|
||||
[HelmDiff](https://github.com/databus23/helm-diff)
|
||||
- Volume provisioner supporting RWO (read-write-once)
|
||||
- Certificate handling with [cert-manager](https://cert-manager.io/)
|
||||
- [Istio](https://istio.io/) is currently required to deploy and operate OX AppSuite8, we are
|
||||
working with Open-Xchange to get rid of this dependency.
|
||||
- [Istio](https://istio.io/) is currently required to deploy and operate OX AppSuite8, we are talking to Open-Xchange and will try to get rid of this dependency.
|
||||
|
||||
#### TLS Certificate
|
||||
|
||||
@@ -86,8 +91,6 @@ installation.
|
||||
| `DOMAIN` | `souvap.cloud` | External reachable domain |
|
||||
| `ISTIO_DOMAIN` | `istio.souvap.cloud` | External reachable domain for Istio Gateway |
|
||||
| `MASTER_PASSWORD` | `sovereign-workplace` | The password that seeds the autogenerated secrets |
|
||||
| `SMTP_PASSWORD` | | Password for SMTP relay gateway |
|
||||
| `TURN_CREDENTIALS` | | Credentials for coturn server |
|
||||
|
||||
Please ensure that you set the DNS records pointing to the loadbalancer/IP for
|
||||
`DOMAIN` and `ISTIO_DOMAIN`.
|
||||
@@ -152,6 +155,16 @@ and wait a little. After the deployment is finished some bootstrapping is
|
||||
executed which might take some more minutes before you can log in your new
|
||||
instance.
|
||||
|
||||
## Offline deployment
|
||||
|
||||
Before executing a [local deployment](#local-deployment), you can set following
|
||||
environment variables to use your own container image and helm chart registry:
|
||||
|
||||
| name | description |
|
||||
|------------------------------|--------------------------------|
|
||||
| PRIVATE_CHART_REPOSITORY_URL | Your helm chart repository url |
|
||||
| PRIVATE_IMAGE_REGISTRY_URL | Your image registry url |
|
||||
|
||||
## Logging in
|
||||
|
||||
When successfully deployed the SWP, all K8s jobs from the deployment should be
|
||||
@@ -183,26 +196,28 @@ for development and evaluation purposes only - they need to be replaced in
|
||||
production deployments. These components are grouped together in the
|
||||
subdirectory `/helmfile/apps/services`.
|
||||
|
||||
| Component | Name | Default | Description | Type |
|
||||
|-----------------------------|-------------------------------------|---------|------------------------------|------------|
|
||||
| Certificates | `certificates.enabled` | `true` | TLS certificates | Eval |
|
||||
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval |
|
||||
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval |
|
||||
| Collabora | `collabora.enabled` | `true` | Weboffice | Functional |
|
||||
| Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional |
|
||||
| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional |
|
||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional |
|
||||
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
|
||||
| MariaDB | `mariadb.enabled` | `true` | Database | Eval |
|
||||
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
|
||||
| OpenProject | `openproject.enabled` | `true` | Project management | Functional |
|
||||
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
|
||||
| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | Functional |
|
||||
| Postfix | `postfix.enabled` | `true` | MTA | Eval |
|
||||
| PostgreSQL | `postgresql.enabled` | `true` | Database | Eval |
|
||||
| Redis | `redis.enabled` | `true` | Cache Database | Eval |
|
||||
| Univention Corporate Server | `univentionCorporateServer.enabled` | `true` | Identity Management & Portal | Functional |
|
||||
| XWiki | `xwiki.enabled` | `true` | Knowledgebase | Functional |
|
||||
| Component | Name | Default | Description | Type |
|
||||
|-----------------------------|-------------------------------------|---------|--------------------------------|------------|
|
||||
| Certificates | `certificates.enabled` | `true` | TLS certificates | Eval |
|
||||
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval |
|
||||
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval |
|
||||
| Collabora | `collabora.enabled` | `true` | Weboffice | Functional |
|
||||
| Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional |
|
||||
| Element | `element.enabled` | `true` | Secure communications platform | Functional |
|
||||
| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional |
|
||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional |
|
||||
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
|
||||
| MariaDB | `mariadb.enabled` | `true` | Database | Eval |
|
||||
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
|
||||
| OpenProject | `openproject.enabled` | `true` | Project management | Functional |
|
||||
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
|
||||
| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | Functional |
|
||||
| Postfix | `postfix.enabled` | `true` | MTA | Eval |
|
||||
| PostgreSQL | `postgresql.enabled` | `true` | Database | Eval |
|
||||
| Redis | `redis.enabled` | `true` | Cache Database | Eval |
|
||||
| Univention Corporate Server | `univentionCorporateServer.enabled` | `true` | Identity Management & Portal | Functional |
|
||||
| Univention Management Stack | `univentionManagementStack.enabled` | `false` | Identity Management & Portal | Eval |
|
||||
| XWiki | `xwiki.enabled` | `true` | Knowledgebase | Functional |
|
||||
|
||||
|
||||
#### Cluster capabilities
|
||||
@@ -221,6 +236,12 @@ the application to your own database instances.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------|
|
||||
| Element | Synapse | PostgreSQL | | | |
|
||||
| | | | Name | `databases.synapse.name` | `matrix` |
|
||||
| | | | Host | `databases.synapse.host` | `postgresql` |
|
||||
| | | | Port | `databases.synapse.port` | `5432` |
|
||||
| | | | Username | `databases.synapse.username` | `matrix_user` |
|
||||
| | | | Password | `databases.synapse.password` | |
|
||||
| Keycloak | Keycloak | PostgreSQL | | | |
|
||||
| | | | Name | `databases.keycloak.name` | `keycloak` |
|
||||
| | | | Host | `databases.keycloak.host` | `postgresql` |
|
||||
@@ -258,26 +279,90 @@ the application to your own database instances.
|
||||
### Scaling
|
||||
|
||||
The Replicas of components can be increased, while we still have to look in the
|
||||
actual scalability of the components (see column `Scales at least to 2`).
|
||||
actual scalability of the components (see column `Scaling (verified)`).
|
||||
|
||||
| Component | Name | Default | Service | Scaling | Scales at least to 2 |
|
||||
|-------------|------------------------|---------|--------------------|--------------------|----------------------|
|
||||
| ClamAV | `replicas.clamav` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| | `replicas.clamd` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| | `replicas.freshclam` | `1` | :white_check_mark: | :x: | not tested |
|
||||
| | `replicas.icap` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| | `replicas.milter` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| Collabora | `replicas.collabora` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| Dovecot | `replicas.dovecot` | `1` | :white_check_mark: | :x: | not tested |
|
||||
| Jitsi | `replicas.jibri` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| | `replicas.jicofo` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| | `replicas.jitsi ` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| | `replicas.jvb ` | `1` | :white_check_mark: | :x: | tested |
|
||||
| Keycloak | `replicas.keycloak` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| Nextcloud | `replicas.nextcloud` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| OpenProject | `replicas.openproject` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| Postfix | `replicas.postfix` | `1` | :white_check_mark: | :x: | not tested |
|
||||
| XWiki | `replicas.xwiki` | `1` | :white_check_mark: | :white_check_mark: | not tested |
|
||||
| Component | Name | Scaling (effective) | Scaling (verified) |
|
||||
|-------------|------------------------|:-------------------:|:------------------:|
|
||||
| ClamAV | `replicas.clamav` | :white_check_mark: | :white_check_mark: |
|
||||
| | `replicas.clamd` | :white_check_mark: | :white_check_mark: |
|
||||
| | `replicas.freshclam` | :x: | :x: |
|
||||
| | `replicas.icap` | :white_check_mark: | :white_check_mark: |
|
||||
| | `replicas.milter` | :white_check_mark: | :white_check_mark: |
|
||||
| Collabora | `replicas.collabora` | :white_check_mark: | :gear: |
|
||||
| Dovecot | `replicas.dovecot` | :x: | :gear: |
|
||||
| Element | `replicas.element` | :white_check_mark: | :white_check_mark: |
|
||||
| | `replicas.synapse` | :x: | :gear: |
|
||||
| | `replicas.synapseWeb` | :white_check_mark: | :white_check_mark: |
|
||||
| | `replicas.wellKnown` | :white_check_mark: | :white_check_mark: |
|
||||
| Jitsi | `replicas.jibri` | :white_check_mark: | :gear: |
|
||||
| | `replicas.jicofo` | :white_check_mark: | :gear: |
|
||||
| | `replicas.jitsi ` | :white_check_mark: | :gear: |
|
||||
| | `replicas.jvb ` | :x: | :x: |
|
||||
| Keycloak | `replicas.keycloak` | :white_check_mark: | :gear: |
|
||||
| Nextcloud | `replicas.nextcloud` | :white_check_mark: | :gear: |
|
||||
| OpenProject | `replicas.openproject` | :white_check_mark: | :gear: |
|
||||
| Postfix | `replicas.postfix` | :x: | :gear: |
|
||||
| XWiki | `replicas.xwiki` | :white_check_mark: | :gear: |
|
||||
|
||||
|
||||
### Mail/SMTP configuration
|
||||
|
||||
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
|
||||
the whole subdomain.
|
||||
|
||||
```yaml
|
||||
smtp:
|
||||
host: # your SMTP host or IP-address
|
||||
username: # username/email for authentication
|
||||
password: # password for authentication, or via environment variable SMTP_PASSWORD
|
||||
```
|
||||
|
||||
### TURN configuration
|
||||
|
||||
Some components (Jitsi, Element) use for direct communication a TURN server.
|
||||
You can configure your own TURN server with these options:
|
||||
|
||||
```yaml
|
||||
turn:
|
||||
transport: # "udp" or "tcp"
|
||||
credentials: # turn credential string
|
||||
server: # configuration for unsecure connections
|
||||
host: # your TURN host or IP-address
|
||||
port: # server port
|
||||
tls: # configuration for secure connections
|
||||
host: # your TURN host or IP-address
|
||||
port: # server port
|
||||
```
|
||||
|
||||
## Security
|
||||
|
||||
This list gives you an overview of default security settings and if they comply with security standards:
|
||||
|
||||
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
|
||||
|
||||
# Component integration
|
||||
@@ -354,7 +439,7 @@ flowchart TD
|
||||
A[OX AppSuite]-->L
|
||||
D[OX Dovecot]-->L
|
||||
P[Portal/Admin]-->L
|
||||
O[OpenProject]-->|in 2023|L
|
||||
O[OpenProject]-->L
|
||||
X[XWiki]-->|in 2023|L
|
||||
A-->K
|
||||
N-->K
|
||||
@@ -408,17 +493,14 @@ components we are going to cover various aspects:
|
||||
|
||||
## Tests
|
||||
|
||||
There is a frontend end-to-end test suite that can get triggered if the
|
||||
deployment is performed via a Gitlab pipeline.
|
||||
The gitlab-ci pipeline contains a job named `run-tests` that can trigger a test suite pipeline on another gitlab project.
|
||||
The `DEPLOY_`-variables are used to determine which components should be tested.
|
||||
In order for the trigger to work, the variable `TESTS_PROJECT_URL` has to be set on this gitlab project's CI variables
|
||||
that can be found at `Settings` -> `CI/CD` -> `Variables`. The variable should have this format:
|
||||
`<domain of gitlab>/api/v4/projects/<id>`.
|
||||
|
||||
Currently, the test suite is in progress to be published, so right now it is
|
||||
only usable by project members. But that will change soon, and it could be used
|
||||
to create custom tests and perform them after deployment.
|
||||
|
||||
The deployment pipeline provides a variable named `TESTS_PROJECT_URL` that
|
||||
points to the test pipeline residing in another Gitlab repository. At the end of
|
||||
the deployment the test pipeline is triggered. Tests are just performed for
|
||||
components that have been deployed prior.
|
||||
If the branch of the test pipeline is not `main` this can be set with the .gitlab-ci.yml variable
|
||||
`TESTS_BRANCH` while creating a new pipeline.
|
||||
|
||||
|
||||
# Footnotes
|
||||
|
||||
@@ -9,12 +9,14 @@ helmfiles:
|
||||
- path: "helmfile/apps/services/helmfile.yaml"
|
||||
- path: "helmfile/apps/keycloak/helmfile.yaml"
|
||||
- path: "helmfile/apps/univention-corporate-container/helmfile.yaml"
|
||||
- path: "helmfile/apps/univention-management-stack/helmfile.yaml"
|
||||
- path: "helmfile/apps/keycloak-bootstrap/helmfile.yaml"
|
||||
- path: "helmfile/apps/intercom-service/helmfile.yaml"
|
||||
- path: "helmfile/apps/open-xchange/helmfile.yaml"
|
||||
- path: "helmfile/apps/nextcloud/helmfile.yaml"
|
||||
- path: "helmfile/apps/collabora/helmfile.yaml"
|
||||
- path: "helmfile/apps/jitsi/helmfile.yaml"
|
||||
- path: "helmfile/apps/element/helmfile.yaml"
|
||||
- path: "helmfile/apps/openproject/helmfile.yaml"
|
||||
- path: "helmfile/apps/xwiki/helmfile.yaml"
|
||||
- path: "helmfile/apps/provisioning/helmfile.yaml"
|
||||
@@ -31,12 +33,15 @@ environments:
|
||||
default:
|
||||
values:
|
||||
- "helmfile/environments/default/*.gotmpl"
|
||||
- "helmfile/environments/default/*.yaml"
|
||||
dev:
|
||||
values:
|
||||
- "helmfile/environments/default/*.gotmpl"
|
||||
- "helmfile/environments/default/*.yaml"
|
||||
- "helmfile/environments/dev/values.yaml"
|
||||
prod:
|
||||
values:
|
||||
- "helmfile/environments/default/*.gotmpl"
|
||||
- "helmfile/environments/default/*.yaml"
|
||||
- "helmfile/environments/prod/values.yaml"
|
||||
...
|
||||
|
||||
@@ -2,12 +2,14 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "collabora-online"
|
||||
url: "https://collaboraonline.github.io/online"
|
||||
- name: "collabora-online-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://collaboraonline.github.io/online" }}
|
||||
|
||||
releases:
|
||||
- name: "collabora-online"
|
||||
chart: "collabora-online/collabora-online"
|
||||
chart: "collabora-online-repo/collabora-online"
|
||||
version: "1.0.2"
|
||||
values:
|
||||
- "values.yaml"
|
||||
|
||||
@@ -6,6 +6,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.collabora.repository }}"
|
||||
tag: "{{ .Values.images.collabora.tag }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
@@ -32,14 +33,9 @@ collabora:
|
||||
aliasgroups:
|
||||
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
|
||||
|
||||
{{- if not (eq .Values.cluster.container.engine "containerd") }}
|
||||
# In case of issues with "Failed to exec command '/usr/bin/loolforkit' (EPERM: Operation not permitted)...", activate:
|
||||
# Ref.: https://github.com/CollaboraOnline/online/issues/2800
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- "MKNOD"
|
||||
{{- end }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.collabora }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.collabora | toYaml | nindent 2 }}
|
||||
...
|
||||
|
||||
@@ -14,19 +14,74 @@ collabora:
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
# nginx
|
||||
# Ingress NGINX
|
||||
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/server-snippet: |
|
||||
# block admin and metrics endpoint from outside by default
|
||||
location /cool/getMetrics { deny all; return 403; }
|
||||
location /cool/adminws/ { deny all; return 403; }
|
||||
location /browser/dist/admin/admin.html { deny all; return 403; }
|
||||
# NGINX
|
||||
nginx.org/websocket-services: "collabora"
|
||||
nginx.org/lb-method: "hash $arg_WOPISrc consistent"
|
||||
nginx.org/proxy-read-timeout: "600"
|
||||
nginx.org/proxy-send-timeout: "600"
|
||||
nginx.org/client-max-body-size: "0"
|
||||
nginx.org/server-snippets: |
|
||||
# block admin and metrics endpoint from outside by default
|
||||
location /cool/getMetrics { deny all; return 403; }
|
||||
location /cool/adminws/ { deny all; return 403; }
|
||||
location /browser/dist/admin/admin.html { deny all; return 403; }
|
||||
# HAProxy
|
||||
haproxy.org/timeout-tunnel: "3600s"
|
||||
haproxy.org/backend-config-snippet: |
|
||||
mode http
|
||||
balance leastconn
|
||||
stick-table type string len 2048 size 1k store conn_cur
|
||||
http-request set-var(txn.wopisrcconns) url_param(WOPISrc),table_conn_cur()
|
||||
http-request track-sc1 url_param(WOPISrc)
|
||||
stick match url_param(WOPISrc) if { var(txn.wopisrcconns) -m int gt 0 }
|
||||
stick store-request url_param(WOPISrc)
|
||||
|
||||
balance url_param WOPISrc check_post
|
||||
hash-type consistent
|
||||
# HAProxy - Community: https://haproxy-ingress.github.io/
|
||||
haproxy-ingress.github.io/timeout-tunnel: "3600s"
|
||||
haproxy-ingress.github.io/balance-algorithm: "url_param WOPISrc check_post"
|
||||
haproxy-ingress.github.io/config-backend: |
|
||||
hash-type consistent
|
||||
# block admin urls from outside
|
||||
acl admin_url path_beg /cool/getMetrics
|
||||
acl admin_url path_beg /cool/adminws/
|
||||
acl admin_url path_beg /browser/dist/admin/admin.html
|
||||
http-request deny if admin_url
|
||||
autoscaling:
|
||||
enabled: false
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
runAsUser: 100
|
||||
runAsGroup: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
- "MKNOD"
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 100
|
||||
...
|
||||
|
||||
49
helmfile/apps/element/helmfile.yaml
Normal file
49
helmfile/apps/element/helmfile.yaml
Normal file
@@ -0,0 +1,49 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "opendesk-element-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "opendesk-element"
|
||||
chart: "opendesk-element-repo/opendesk-element"
|
||||
version: "2.0.1"
|
||||
values:
|
||||
- "values-element.yaml"
|
||||
- "values-element.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "opendesk-well-known"
|
||||
chart: "opendesk-element-repo/opendesk-well-known"
|
||||
version: "2.0.1"
|
||||
values:
|
||||
- "values-well-known.yaml"
|
||||
- "values-well-known.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "opendesk-synapse-web"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||
version: "2.0.1"
|
||||
values:
|
||||
- "values-synapse-web.yaml"
|
||||
- "values-synapse-web.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "opendesk-synapse"
|
||||
chart: "opendesk-element-repo/opendesk-synapse"
|
||||
version: "2.0.1"
|
||||
values:
|
||||
- "values-synapse.yaml"
|
||||
- "values-synapse.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "element"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
39
helmfile/apps/element/values-element.gotmpl
Normal file
39
helmfile/apps/element/values-element.gotmpl
Normal file
@@ -0,0 +1,39 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
configuration:
|
||||
additionalConfiguration:
|
||||
logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.element.repository }}"
|
||||
tag: "{{ .Values.images.element.tag }}"
|
||||
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.element }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.element | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-element.yaml
Normal file
21
helmfile/apps/element/values-element.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
32
helmfile/apps/element/values-synapse-web.gotmpl
Normal file
32
helmfile/apps/element/values-synapse-web.gotmpl
Normal file
@@ -0,0 +1,32 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.synapseWeb.repository }}"
|
||||
tag: "{{ .Values.images.synapseWeb.tag }}"
|
||||
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.synapseWeb }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.synapseWeb | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-synapse-web.yaml
Normal file
21
helmfile/apps/element/values-synapse-web.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
53
helmfile/apps/element/values-synapse.gotmpl
Normal file
53
helmfile/apps/element/values-synapse.gotmpl
Normal file
@@ -0,0 +1,53 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.synapse.repository }}"
|
||||
tag: "{{ .Values.images.synapse.tag }}"
|
||||
|
||||
configuration:
|
||||
database:
|
||||
host: "{{ .Values.databases.synapse.host }}"
|
||||
name: "{{ .Values.databases.synapse.name }}"
|
||||
user: "{{ .Values.databases.synapse.username }}"
|
||||
password: "{{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser }}"
|
||||
|
||||
homeserver:
|
||||
oidc:
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix }}
|
||||
issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
|
||||
turn:
|
||||
sharedSecret: {{ .Values.turn.credentials }}
|
||||
servers:
|
||||
{{- if .Values.turn.tls.host }}
|
||||
- server: {{ .Values.turn.tls.host }}
|
||||
port: {{ .Values.turn.tls.port }}
|
||||
transport: {{ .Values.turn.transport }}
|
||||
{{- else if .Values.turn.server.host }}
|
||||
- server: {{ .Values.turn.server.host }}
|
||||
port: {{ .Values.turn.server.port }}
|
||||
transport: {{ .Values.turn.transport }}
|
||||
{{- end }}
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.synapse }}"
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.synapse }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.synapse | toYaml | nindent 2 }}
|
||||
...
|
||||
20
helmfile/apps/element/values-synapse.yaml
Normal file
20
helmfile/apps/element/values-synapse.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 10991
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 10991
|
||||
...
|
||||
32
helmfile/apps/element/values-well-known.gotmpl
Normal file
32
helmfile/apps/element/values-well-known.gotmpl
Normal file
@@ -0,0 +1,32 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.wellKnown.repository }}"
|
||||
tag: "{{ .Values.images.wellKnown.tag }}"
|
||||
|
||||
ingress:
|
||||
host: "{{ .Values.global.domain }}"
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.wellKnown }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.wellKnown | toYaml | nindent 2 }}
|
||||
...
|
||||
25
helmfile/apps/element/values-well-known.yaml
Normal file
25
helmfile/apps/element/values-well-known.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
e2ee:
|
||||
forceDisable: true
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -2,12 +2,14 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "intercom-service"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable"
|
||||
- name: "intercom-service-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "intercom-service"
|
||||
chart: "intercom-service/intercom-service"
|
||||
chart: "intercom-service-repo/intercom-service"
|
||||
version: "1.1.3"
|
||||
values:
|
||||
- "values.yaml"
|
||||
|
||||
@@ -29,6 +29,7 @@ ics:
|
||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.intercom.repository }}"
|
||||
tag: "{{ .Values.images.intercom.tag }}"
|
||||
|
||||
@@ -2,16 +2,19 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "jitsi"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/137/packages/helm/stable"
|
||||
|
||||
- name: "jitsi-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" }}
|
||||
releases:
|
||||
- name: "jitsi"
|
||||
chart: "jitsi/sovereign-workplace-jitsi"
|
||||
version: "1.1.0"
|
||||
chart: "jitsi-repo/sovereign-workplace-jitsi"
|
||||
version: "1.5.1"
|
||||
values:
|
||||
- "values-jitsi.gotmpl"
|
||||
condition: "jitsi.enabled"
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
|
||||
@@ -12,15 +12,19 @@ global:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.jitsiKeycloakAdapter.repository }}"
|
||||
tag: "{{ .Values.images.jitsiKeycloakAdapter.tag }}"
|
||||
|
||||
settings:
|
||||
jwtAppSecret: "{{ .Values.secrets.jitsiPlain.jwtAppSecret }}"
|
||||
jwtAppSecret: "{{ .Values.secrets.jitsi.jwtAppSecret }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
jitsi:
|
||||
publicURL: "https://{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}"
|
||||
publicURL: "https://{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
|
||||
web:
|
||||
replicaCount: {{ .Values.replicas.jitsi }}
|
||||
image:
|
||||
@@ -30,13 +34,13 @@ jitsi:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
hosts:
|
||||
- host: "{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}"
|
||||
- host: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
|
||||
paths:
|
||||
- "/"
|
||||
tls:
|
||||
- secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}"
|
||||
- "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
|
||||
extraEnvs:
|
||||
TURN_ENABLE: "1"
|
||||
resources:
|
||||
@@ -51,11 +55,11 @@ jitsi:
|
||||
{{- end }}
|
||||
extraEnvs:
|
||||
- name: "AUTH_TYPE"
|
||||
value: "jwt"
|
||||
value: "hybrid_matrix_token"
|
||||
- name: "JWT_APP_ID"
|
||||
value: "myappid"
|
||||
- name: "JWT_APP_SECRET"
|
||||
value: "{{ .Values.secrets.jitsiPlain.jwtAppSecret }}"
|
||||
value: "{{ .Values.secrets.jitsi.jwtAppSecret }}"
|
||||
- name: TURNS_HOST
|
||||
value: "{{ .Values.turn.tls.host }}"
|
||||
- name: TURNS_PORT
|
||||
@@ -79,8 +83,8 @@ jitsi:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
|
||||
tag: "{{ .Values.images.jicofo.tag }}"
|
||||
xmpp:
|
||||
password: "{{ .Values.secrets.jitsiPlain.jicofoAuthPassword }}"
|
||||
componentSecret: "{{ .Values.secrets.jitsiPlain.jicofoComponentPassword }}"
|
||||
password: "{{ .Values.secrets.jitsi.jicofoAuthPassword }}"
|
||||
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}"
|
||||
resources:
|
||||
{{ .Values.resources.jicofo | toYaml | nindent 6 }}
|
||||
jvb:
|
||||
@@ -89,7 +93,7 @@ jitsi:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jvb.repository }}"
|
||||
tag: "{{ .Values.images.jvb.tag }}"
|
||||
xmpp:
|
||||
password: "{{ .Values.secrets.jitsiPlain.jvbAuthPassword }}"
|
||||
password: "{{ .Values.secrets.jitsi.jvbAuthPassword }}"
|
||||
resources:
|
||||
{{ .Values.resources.jvb | toYaml | nindent 6 }}
|
||||
service:
|
||||
@@ -100,9 +104,9 @@ jitsi:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jibri.repository }}"
|
||||
tag: "{{ .Values.images.jibri.tag }}"
|
||||
recorder:
|
||||
password: "{{ .Values.secrets.jitsiPlain.jibriRecorderPassword }}"
|
||||
password: "{{ .Values.secrets.jitsi.jibriRecorderPassword }}"
|
||||
xmpp:
|
||||
password: "{{ .Values.secrets.jitsiPlain.jibriXmppPassword }}"
|
||||
password: "{{ .Values.secrets.jitsi.jibriXmppPassword }}"
|
||||
resources:
|
||||
{{ .Values.resources.jibri | toYaml | nindent 6 }}
|
||||
imagePullSecrets:
|
||||
@@ -111,7 +115,11 @@ jitsi:
|
||||
{{- end }}
|
||||
|
||||
patchJVB:
|
||||
configuration:
|
||||
staticLoadbalancerIP: "{{ .Values.cluster.networking.ingressGatewayIP }}"
|
||||
loadbalancerStatusField: "{{ .Values.cluster.networking.loadBalancerStatusField }}"
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.jitsiPatchJVB.repository }}"
|
||||
tag: "{{ .Values.images.jitsiPatchJVB.tag }}"
|
||||
|
||||
@@ -2,12 +2,14 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "sovereign-workplace-keycloak-bootstrap"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable"
|
||||
- name: "sovereign-workplace-keycloak-bootstrap-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "sovereign-workplace-keycloak-bootstrap"
|
||||
chart: "sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap"
|
||||
chart: "sovereign-workplace-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
|
||||
version: "1.1.11"
|
||||
values:
|
||||
- "values-bootstrap.gotmpl"
|
||||
|
||||
@@ -19,6 +19,7 @@ image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.keycloakBootstrap.repository }}"
|
||||
tag: "{{ .Values.images.keycloakBootstrap.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.keycloakBootstrap | toYaml | nindent 2 }}
|
||||
|
||||
@@ -2,22 +2,29 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "bitnami"
|
||||
url: "https://charts.bitnami.com/bitnami"
|
||||
- name: "keycloak-theme"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable"
|
||||
- name: "keycloak-extensions"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable"
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "registry-1.docker.io/bitnamicharts" }}
|
||||
- name: "keycloak-theme-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable" }}
|
||||
- name: "keycloak-extensions-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "keycloak-theme"
|
||||
chart: "keycloak-theme/sovereign-workplace-theme"
|
||||
version: "1.0.0"
|
||||
chart: "keycloak-theme-repo/sovereign-workplace-theme"
|
||||
version: "1.1.0"
|
||||
values:
|
||||
- "values-theme.gotmpl"
|
||||
condition: "keycloak.enabled"
|
||||
- name: "keycloak"
|
||||
chart: "bitnami/keycloak"
|
||||
chart: "bitnami-repo/keycloak"
|
||||
version: "12.2.0"
|
||||
values:
|
||||
- "values-keycloak.gotmpl"
|
||||
@@ -26,7 +33,7 @@ releases:
|
||||
wait: true
|
||||
condition: "keycloak.enabled"
|
||||
- name: "keycloak-extensions"
|
||||
chart: "keycloak-extensions/keycloak-extensions"
|
||||
chart: "keycloak-extensions-repo/keycloak-extensions"
|
||||
version: "0.1.0"
|
||||
needs:
|
||||
- "keycloak"
|
||||
|
||||
@@ -18,12 +18,8 @@ handler:
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.keycloakExtensionHandler.repository }}"
|
||||
{{- if .Values.images.keycloakExtensionHandler.digest }}
|
||||
sha256: "{{ .Values.images.keycloakExtensionHandler.digest}}"
|
||||
{{- else if .Values.images.keycloakExtensionHandler.tag }}
|
||||
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "Always"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
appConfig:
|
||||
smtpPassword: "{{ .Values.smtp.password }}"
|
||||
smtpHost: "{{ .Values.smtp.host }}"
|
||||
@@ -35,17 +31,11 @@ proxy:
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.keycloakExtensionProxy.repository }}"
|
||||
{{- if .Values.images.keycloakExtensionProxy.digest }}
|
||||
sha256: "{{ .Values.images.keycloakExtensionProxy.digest}}"
|
||||
{{- else if .Values.images.keycloakExtensionProxy.tag }}
|
||||
tag: "{{ .Values.images.keycloakExtensionProxy.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "Always"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
annotations:
|
||||
nginx.org/proxy-buffer-size: "8k"
|
||||
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
|
||||
@@ -11,11 +11,35 @@ global:
|
||||
handler:
|
||||
appConfig:
|
||||
captchaProtectionEnable: "False"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
proxy:
|
||||
image:
|
||||
tag: "latest"
|
||||
ingress:
|
||||
annotations:
|
||||
nginx.org/proxy-buffer-size: "8k"
|
||||
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
...
|
||||
|
||||
@@ -116,9 +116,9 @@ keycloakConfigCli:
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"secret": "$(CLIENT_SECRET_JITSI_PLAIN_PASSWORD)",
|
||||
"secret": "$(CLIENT_SECRET_JITSI_PASSWORD)",
|
||||
"redirectUris": [
|
||||
"https://$(JITSI_PLAIN_DOMAIN)/*"
|
||||
"https://$(JITSI_DOMAIN)/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
"*"
|
||||
@@ -135,7 +135,7 @@ keycloakConfigCli:
|
||||
"frontchannelLogout": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"post.logout.redirect.uris": "https://$(JITSI_PLAIN_DOMAIN)/*##https://$(UNIVENTION_CORPORATE_SERVER_DOMAIN)/*"
|
||||
"post.logout.redirect.uris": "https://$(JITSI_DOMAIN)/*##https://$(UNIVENTION_CORPORATE_SERVER_DOMAIN)/*"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
"fullScopeAllowed": true,
|
||||
|
||||
@@ -13,7 +13,7 @@ image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.keycloak.repository }}"
|
||||
tag: "{{ .Values.images.keycloak.tag }}"
|
||||
digest: "{{ .Values.images.keycloak.digest }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
externalDatabase:
|
||||
host: "{{ .Values.databases.keycloak.host }}"
|
||||
@@ -55,8 +55,8 @@ keycloakConfigCli:
|
||||
value: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
- name: "MATRIX_DOMAIN"
|
||||
value: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
||||
- name: "JITSI_PLAIN_DOMAIN"
|
||||
value: "{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}"
|
||||
- name: "JITSI_DOMAIN"
|
||||
value: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
|
||||
- name: "ELEMENT_DOMAIN"
|
||||
value: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
|
||||
- name: "INTERCOM_SERVICE_DOMAIN"
|
||||
@@ -65,8 +65,8 @@ keycloakConfigCli:
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.intercom }}
|
||||
- name: "CLIENT_SECRET_MATRIX_PASSWORD"
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.matrix }}
|
||||
- name: "CLIENT_SECRET_JITSI_PLAIN_PASSWORD"
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.jitsiPlain }}
|
||||
- name: "CLIENT_SECRET_JITSI_PASSWORD"
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.jitsi }}
|
||||
- name: "CLIENT_SECRET_NCOIDC_PASSWORD"
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc }}
|
||||
- name: "CLIENT_SECRET_OPENPROJECT_PASSWORD"
|
||||
@@ -81,6 +81,8 @@ keycloakConfigCli:
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak }}
|
||||
- name: "LDAPSEARCH_USERNAME"
|
||||
value: "ldapsearch_keycloak"
|
||||
resources:
|
||||
{{ .Values.resources.keycloak | toYaml | nindent 4 }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.keycloak | toYaml | nindent 2 }}
|
||||
|
||||
@@ -54,5 +54,32 @@ keycloakConfigCli:
|
||||
- "--import.var-substitution.enabled=true"
|
||||
cache:
|
||||
enabled: false
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 1001
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
...
|
||||
|
||||
@@ -7,4 +7,7 @@ global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
...
|
||||
|
||||
@@ -2,33 +2,40 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "sovereign-workplace-nextcloud-bootstrap"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/130/packages/helm/stable"
|
||||
- name: "nextcloud"
|
||||
url: "https://nextcloud.github.io/helm/"
|
||||
- name: "opendesk-nextcloud-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
- name: "nextcloud-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://nextcloud.github.io/helm/" }}
|
||||
|
||||
releases:
|
||||
- name: "sovereign-workplace-nextcloud-bootstrap"
|
||||
chart: "sovereign-workplace-nextcloud-bootstrap/sovereign-workplace-nextcloud-bootstrap"
|
||||
version: "2.2.0"
|
||||
- name: "opendesk-nextcloud-bootstrap"
|
||||
chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
|
||||
version: "3.1.1"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values-bootstrap.gotmpl"
|
||||
- "values-bootstrap.yaml"
|
||||
condition: "nextcloud.enabled"
|
||||
timeout: 1800
|
||||
timeout: 900
|
||||
|
||||
- name: "nextcloud"
|
||||
chart: "nextcloud/nextcloud"
|
||||
chart: "nextcloud-repo/nextcloud"
|
||||
version: "3.5.19"
|
||||
needs:
|
||||
- "sovereign-workplace-nextcloud-bootstrap"
|
||||
- "opendesk-nextcloud-bootstrap"
|
||||
values:
|
||||
- "values-nextcloud.gotmpl"
|
||||
- "values-nextcloud.yaml"
|
||||
condition: "nextcloud.enabled"
|
||||
timeout: 1800
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
|
||||
@@ -18,7 +18,7 @@ config:
|
||||
|
||||
antivirus:
|
||||
{{- if .Values.clamavDistributed.enabled }}
|
||||
host: "clamav-sovereign-workplace-icap"
|
||||
host: "clamav-icap"
|
||||
{{- else if .Values.clamavSimple.enabled }}
|
||||
host: "clamav-simple"
|
||||
{{- end }}
|
||||
@@ -44,6 +44,7 @@ config:
|
||||
password: "{{ .Values.smtp.password }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.nextcloud.repository }}"
|
||||
tag: "{{ .Values.images.nextcloud.tag }}"
|
||||
@@ -64,4 +65,7 @@ persistence:
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.nextcloud | toYaml | nindent 2 }}
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
...
|
||||
|
||||
@@ -11,6 +11,9 @@ config:
|
||||
userOidc:
|
||||
username: "ncoidc"
|
||||
|
||||
ldapSearch:
|
||||
host: "univention-corporate-container"
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: false
|
||||
...
|
||||
|
||||
@@ -25,7 +25,7 @@ ingress:
|
||||
- "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.nextcloud.repository }}"
|
||||
pullPolicy: "Always"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.nextcloud.tag }}"
|
||||
pullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
@@ -21,6 +21,11 @@ cronjob:
|
||||
sed -i "s/\*\/5 \* \* \* \* php -f \/var\/www\/html\/cron.php/\*\/1 \* \* \* \* php -f
|
||||
\/var\/www\/html\/cron.php/g" /var/spool/cron/crontabs/www-data
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "4G"
|
||||
nginx.org/client-max-body-size: "4G"
|
||||
|
||||
internalDatabase:
|
||||
enabled: false
|
||||
postgresql:
|
||||
|
||||
@@ -2,35 +2,48 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "dovecot"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable"
|
||||
- name: "openxchange"
|
||||
url: "registry.open-xchange.com"
|
||||
- name: "dovecot-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable" }}
|
||||
- name: "openxchange-repo"
|
||||
oci: true
|
||||
- name: "sovereign-workplace-open-xchange-bootstrap"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "registry.open-xchange.com" }}
|
||||
- name: "sovereign-workplace-open-xchange-bootstrap-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "dovecot"
|
||||
chart: "dovecot/dovecot"
|
||||
version: "1.2.0"
|
||||
chart: "dovecot-repo/dovecot"
|
||||
version: "1.3.1"
|
||||
values:
|
||||
- "values-dovecot.yaml"
|
||||
- "values-dovecot.gotmpl"
|
||||
condition: "dovecot.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "open-xchange"
|
||||
chart: "openxchange/appsuite-public-sector/charts/appsuite-public-sector"
|
||||
version: "1.2.13"
|
||||
chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
|
||||
version: "2.0.4"
|
||||
values:
|
||||
- "values-openxchange.yaml"
|
||||
- "values-openxchange.gotmpl"
|
||||
- "values-openxchange-enterprise-contact-picker.yaml"
|
||||
- "values-openxchange-enterprise-contact-picker.gotmpl"
|
||||
condition: "oxAppsuite.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "sovereign-workplace-open-xchange-bootstrap"
|
||||
chart: "sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap"
|
||||
version: "1.2.2"
|
||||
chart: "sovereign-workplace-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
|
||||
version: "1.3.1"
|
||||
values:
|
||||
- "values-openxchange-bootstrap.yaml"
|
||||
condition: "oxAppsuite.enabled"
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
|
||||
@@ -7,6 +7,7 @@ image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.dovecot.repository }}"
|
||||
tag: "{{ .Values.images.dovecot.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.openxchangeBootstrap.repository }}"
|
||||
tag: "{{ .Values.images.openxchangeBootstrap.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
...
|
||||
@@ -2,22 +2,5 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: false
|
||||
|
||||
# resources:
|
||||
# limits:
|
||||
# # The max amount of CPUs to consume.
|
||||
# cpu: 1
|
||||
# # The max amount of RAM to consume.
|
||||
# memory: "1Gi"
|
||||
# requests:
|
||||
# # The amount of CPUs which has to be available on the scheduled node.
|
||||
# cpu: 1
|
||||
# # The amount of RAM which has to be available on the scheduled node.
|
||||
# memory: "256Mi"
|
||||
|
||||
# Keep default values:
|
||||
# coreMiddleware:
|
||||
# statefulSet: "open-xchange-core-mw-default-0"
|
||||
# pod: "open-xchange-core-mw-default-0"
|
||||
deletePodsOnSuccess: true
|
||||
...
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
appsuite:
|
||||
core-mw:
|
||||
secretYAMLFiles:
|
||||
ldap-client-config.yml:
|
||||
contactsLdapClient:
|
||||
auth:
|
||||
adminDN:
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
...
|
||||
@@ -0,0 +1,349 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
appsuite:
|
||||
core-mw:
|
||||
|
||||
properties:
|
||||
# Enterprise contact picker
|
||||
com.openexchange.contacts.ldap.accounts: "opendesk"
|
||||
com.openexchange.admin.bypassAccessCombinationChecks: "true"
|
||||
ENABLE_INTERNAL_USER_EDIT: "false"
|
||||
|
||||
# Enterprise contact picker (see also gotmpl)
|
||||
secretYAMLFiles:
|
||||
ldap-client-config.yml:
|
||||
contactsLdapClient:
|
||||
pool:
|
||||
type: "simple"
|
||||
host:
|
||||
address: "univention-corporate-container"
|
||||
port: 389
|
||||
auth:
|
||||
type: "adminDN"
|
||||
adminDN:
|
||||
dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
|
||||
uiSettings:
|
||||
# Enterprise contact picker
|
||||
io.ox/core//features/enterprisePicker/enabled: "true"
|
||||
|
||||
yamlFiles:
|
||||
contacts-provider-ldap.yml:
|
||||
# Example definitions of available LDAP contact providers, together with their corresponding configuration,
|
||||
# referenced LDAP client connection settings and attribute mappings.
|
||||
#
|
||||
# This template contains examples and will be overwritten during updates. To use, copy this file to
|
||||
# /opt/open-xchange/etc/contacts-provider-ldap.yml and configure as needed.
|
||||
#
|
||||
# Each configured contacts provider can be enabled for users using the corresponding identifier used in this
|
||||
# .yml file. For this purpose, the config-cascade-enabled setting "com.openexchange.contacts.provider.ldap"
|
||||
# is available.
|
||||
#
|
||||
# Besides the provider configuration in this file, also accompanying LDAP client and contact property mappings
|
||||
# need to be referenced.
|
||||
#
|
||||
# See also https://documentation.open-xchange.com/latest/middleware/contacts/contacts_provider_ldap.html
|
||||
# for further details and a complete list of available configuration options.
|
||||
#
|
||||
|
||||
# Key will be used as identifier for the contact provider
|
||||
opendesk:
|
||||
|
||||
# The display name of this contacts provider.
|
||||
name: "Example Address Lists"
|
||||
|
||||
# Configures the identifier of the LDAP client configuration settings to use, as defined in
|
||||
# 'ldap-client-config.yml'. There, all further connection-related properties to access the LDAP server can
|
||||
# be specified.
|
||||
ldapClientId: "contactsLdapClient"
|
||||
|
||||
# A reference to the contact property <-> LDAP attribute mapping definitions to use, referencing the
|
||||
# corresponding entry in the file 'contact-provider-ldap-mappings.yml'.
|
||||
mappings: "ucs"
|
||||
|
||||
# Specifies if support for querying deleted objects is enabled or not. When enabled, deleted objects are
|
||||
# identified with the filter 'isDeleted=TRUE', which is usually only available in Active Directory (as
|
||||
# control with OID 1.2.840.113556.1.4.417). If disabled, no results are available for folders from this
|
||||
# provider for the 'deleted' API call, and therefore no incremental synchronizations are possible. See also
|
||||
# 'usedForSync' folders property. Defaults to "false".
|
||||
isDeletedSupport: false
|
||||
|
||||
# Specifies the requested maximum size for paged results. "0" disables paged results. This should be
|
||||
# configured, especially when the there are server-side restrictions towards the maximum result size.
|
||||
# Defaults to "500".
|
||||
maxPageSize: 500
|
||||
|
||||
# Optionally enables a local cache that holds certain properties of all of the provider's contacts in
|
||||
# memory to speed up access. Can only be used if no individual authentication is used to access the
|
||||
# LDAP server.
|
||||
cache:
|
||||
useCache: false
|
||||
|
||||
# Definition of addressbook folders of the contacts provider. Different folder modes are possible, each
|
||||
# one with its specific configuration settings. The template contains examples for all possible modes,
|
||||
# however, only the one specified through 'mode' property is actually used.
|
||||
folders:
|
||||
|
||||
# Configures in which mode addressbook folders are provided by the contacts provider. Possible modes
|
||||
# are "fixedAttributes" to have a common search filter per folder that varies by a fixed set of possible
|
||||
# attribute values, "dynamicAttributes" to use a common filter and retrieve all possible values
|
||||
# dynamically, or "static" to have a static search filter associated with each contact folder.
|
||||
# The corresponding mode-specific section needs to be configured as well.
|
||||
mode: "dynamicAttributes"
|
||||
|
||||
# Configures if the addressbook folders can be synchronized to external clients via CardDAV or not.
|
||||
# If set to "false", the folders are only available in the web client. If set to "true", folders can
|
||||
# be activated for synchronization. Should only be enabled if attribute mappings for the 'changing_date'
|
||||
# and 'uid' contact properties are available, and the LDAP server supports the special
|
||||
# "LDAP Show Deleted Control" to query tombstone entries via 'isDeleted=TRUE'. The 'protected' flag
|
||||
# controls whether the default value can be changed by the client or not.
|
||||
usedForSync:
|
||||
protected: true
|
||||
defaultValue: false
|
||||
|
||||
# Defines whether addressbook folders will be available in the contact picker dialog of App Suite.
|
||||
# If enabled, contacts from this provider can be looked up through this dialog, otherwise they are
|
||||
# hidden. The 'protected' flag controls whether the default value can be changed by the client or not.
|
||||
usedInPicker:
|
||||
protected: false
|
||||
defaultValue: true
|
||||
|
||||
# Defines whether addressbook folders will be shown as 'subscribed' folders in the tree or not.
|
||||
# If enabled, the folders will appear in the contacts module of App Suite as regular, subscribed folder.
|
||||
# Otherwise, they're treated as hidden, unsubscribed folders. The 'protected' flag controls whether
|
||||
# the default value can be changed by the client or not.
|
||||
shownInTree:
|
||||
protected: false
|
||||
defaultValue: true
|
||||
|
||||
# In "static" folder mode, a fixed list of folder definitions is used, each one with its own contact
|
||||
# filter and name (the names must be unique). Additionally, a "commonContactFilter" needs to be
|
||||
# defined, which is used for operations that are not bound to
|
||||
# a specific folder, like lookups across all visible folders.
|
||||
# The filter's search scopes relative to the LDAP client's 'baseDN' can be configured as "one"
|
||||
# (only immediate subordinates) or "sub" (base entry itself and any subordinate entries to any depth),
|
||||
# and all default to "sub" unless specified otherwise.
|
||||
static:
|
||||
commonContactFilter: "(|(objectClass=person)(objectClass=groupOfNames))"
|
||||
commonContactSearchScope: "sub"
|
||||
folders:
|
||||
- name: "Cupertino"
|
||||
contactFilter: "(&(|(objectClass=person)(objectClass=groupOfNames))(l=Cupertino))"
|
||||
contactSearchScope: "sub"
|
||||
- name: "San Mateo"
|
||||
contactFilter: "(&(|(objectClass=person)(objectClass=groupOfNames))(l=San Mateo))"
|
||||
contactSearchScope: "sub"
|
||||
- name: "Redwood Shores"
|
||||
contactFilter: "(&(|(objectClass=person)(objectClass=groupOfNames))(l=Redwood Shores))"
|
||||
contactSearchScope: "sub"
|
||||
- name: "Armonk"
|
||||
contactFilter: "(&(|(objectClass=person)(objectClass=groupOfNames))(l=Armonk))"
|
||||
contactSearchScope: "sub"
|
||||
|
||||
# With mode "dynamic attributes", all possible values for one attribute are fetched periodically and
|
||||
# serve as folders. The list of values is fetched by querying all entries that match the
|
||||
# "contactFilterTemplate" (with the wildcard "*" as value) and "contactSearchScope" ("one"/"sub").
|
||||
# Then, the folders are derived based on all distinct attribute values found, with the value as name.
|
||||
# Depending on the configured authentication mode, this is either done per user individually, or globally.
|
||||
# Therefore, per-user authentication is not recommend in this mode.
|
||||
# The "refreshInterval" determines how often the list of attributes is refreshed, and can be defined
|
||||
# using units of measurement:
|
||||
# "D" (=days), "W" (=weeks), "H" (=hours) and "m" (=minutes). Defaults to "1h". The optional "sortOrder"
|
||||
# allows to sort the attributes lexicographically, either "ascending" or "descending".
|
||||
dynamicAttributes:
|
||||
attributeName: "o"
|
||||
contactFilterTemplate: "(&(univentionObjectType=users/user)(o=[value]))"
|
||||
contactSearchScope: "sub"
|
||||
# refreshInterval: 1h
|
||||
refreshInterval: "5m"
|
||||
sortOrder: "ascending"
|
||||
|
||||
# With mode "fixed attributes", all entries matching a filter and having an attribute set to one of the
|
||||
# defined values do form a folder. Works similar to "dynamic attributes", but with a static list of
|
||||
# possible values.
|
||||
# All items defined in the "attributeValues" array are used as folder (with the value as name). When
|
||||
# listing the contents of a specific folder, this folder's specific attribute value is inserted in the
|
||||
# configured "contactFilterTemplate", using the "contactSearchScope" ("one"/"sub").
|
||||
fixedAttributes:
|
||||
contactFilterTemplate: "(&(|(objectClass=person)(objectClass=groupOfNames))(ou=[value]))"
|
||||
contactSearchScope: "sub"
|
||||
attributeValues:
|
||||
- "Janitorial"
|
||||
- "Product Development"
|
||||
- "Management"
|
||||
- "Human Resources"
|
||||
|
||||
contacts-provider-ldap-mappings.yml:
|
||||
# Example definitions of contact property <-> LDAP attribute mappings.
|
||||
#
|
||||
# This template contains examples and will be overwritten during updates. To use, copy this file to
|
||||
# /opt/open-xchange/etc/contacts-provider-ldap-mappings.yml and configure as needed.
|
||||
#
|
||||
# Each configured set of mappings can be used for an LDAP contact provider (as defined through separate
|
||||
# file contacts-provider-ldap.yml), by using the corresponding identifier used in this .yml file.
|
||||
#
|
||||
# Generally, contact properties are set based on an entry's value of the mapped LDAP attribute name.
|
||||
# Empty mappings are ignored. It's possible to define a second LDAP attribute name for a property that is
|
||||
# used as fall-back if the first one is empty in an LDAP result, e.g. to define multiple attributes for a
|
||||
# display name, or to have multiple mappings for contacts and distribution lists.
|
||||
#
|
||||
# For the data-types, each LDAP attribute value is converted/parsed to the type necessary on the server
|
||||
# (Strings, Numbers, Booleans). Dates are assumed to be in UTC and parsed using the pattern 'yyyyMMddHHmmss'.
|
||||
# Binary properties may be indicated by appending ';binary' to the LDAP attribute name. In order to assign
|
||||
# the internal user- and context identifier based on attributes yielding the corresponding
|
||||
# login information (username / contextname), the special appendix ';logininfo' can be used.
|
||||
# Boolean properties may also be set based on a comparison with the LDAP attribute value, which is defined
|
||||
# by the syntax '[LDAP_ATTRIBUTE_NAME]=[EXPECTED_VALUE]', e.g. to set the 'mark_as_distribution_list'
|
||||
# property based on a specific 'objectClass' value.
|
||||
# Alternatively, a Boolean value may also be assigned based on the the existence of any attribute value
|
||||
# using '*'.
|
||||
#
|
||||
# See also https://documentation.open-xchange.com/latest/middleware/contacts/contacts_provider_ldap.html
|
||||
# for further details and a complete list of available configuration options.
|
||||
#
|
||||
|
||||
# Mappings for a typical OpenLDAP server.
|
||||
ucs:
|
||||
# == ID Mappings =======================================================
|
||||
# The object ID is always required and must be unique for the LDAP server. Will use the DN of the entry
|
||||
# unless overridden.
|
||||
# The 'guid' flag can be passed along to properly decode a Microsoft GUID. For 'regular' UUIDs, the
|
||||
# flag 'binary' should be used.
|
||||
objectid: "uidNumber,gidNumber"
|
||||
# The user and context identifiers can be mapped to certain LDAP attributes to aid resolving contact
|
||||
# entries to internal users, e.g. in scenarios where the default global addressbook folder is disabled.
|
||||
# Will only be considered if an entry's context identifier matches the one from the actual session of
|
||||
# the requesting operation.
|
||||
# If used, they should be mapped to attributes that provide the matching rules "integerMatch" for
|
||||
# "EQUALITY" as well as "integerOrderingMatch" for "ORDERING".
|
||||
# Alternatively, if no internal context- or user identifier is available, also attributes yielding
|
||||
# the corresponding login information (username / contextname) can be used by appending ';logininfo'
|
||||
# to the attribute name.
|
||||
internal_userid: "uid;logininfo"
|
||||
contextid: "oxContextIDNum"
|
||||
# The 'guid' flag can be passed along properly decode a Microsoft GUID. For 'regular' UUIDs in binary
|
||||
# format, the flag 'binary' should be used.
|
||||
# uid : entryUUID;binary;logininfo
|
||||
|
||||
# == String Mappings ===================================================
|
||||
displayname: "oxDisplayName,displayName,name"
|
||||
file_as: "oxDisplayName,displayName,name"
|
||||
givenname: "givenName"
|
||||
surname: "sn"
|
||||
email1: "mailPrimaryAddress"
|
||||
department: "oxDepartment,department"
|
||||
company: "oxCompany,o"
|
||||
branches: "oxBranches"
|
||||
# business_category :
|
||||
postal_code_business: "postalCode"
|
||||
state_business: "oxStateBusiness,st"
|
||||
street_business: "streetAddress"
|
||||
# telephone_callback :
|
||||
city_home: "oxCityHome"
|
||||
commercial_register: "oxCommercialRegister"
|
||||
country_home: "oxCountryHome"
|
||||
email2: "oxEmail2"
|
||||
email3: "oxEmail3"
|
||||
employeetype: "employeeType"
|
||||
fax_business: "oxFaxBusiness,facsimileTelehoneNumber"
|
||||
fax_home: "oxFaxHome"
|
||||
fax_other: "oxFaxOther"
|
||||
instant_messenger1: "oxInstantMessenger1"
|
||||
instant_messenger2: "oxInstantMessenger2"
|
||||
telephone_ip: "oxTelephoneIp"
|
||||
telephone_isdn: "internationaliSDNNumber"
|
||||
marital_status: "oxMaritalStatus"
|
||||
cellular_telephone1: "mobile"
|
||||
# cellular_telephone2 :
|
||||
nickname: "oxNickName"
|
||||
number_of_children: "oxNumOfChildren"
|
||||
number_of_employee: "employeeNumber"
|
||||
note: "oxNote,description"
|
||||
telephone_pager: "oxTelephonePager,pager"
|
||||
telephone_assistant: "oxTelephoneAssistant"
|
||||
telephone_business1: "oxTelephoneBusiness1,telephoneNumber"
|
||||
telephone_business2: "oxTelephoneBusiness2"
|
||||
telephone_car: "oxTelephoneCar"
|
||||
telephone_company: "oxTelephoneCompany"
|
||||
telephone_home1: "oxTelephoneHome1,homePhone"
|
||||
telephone_home2: "oxTelephoneHome2"
|
||||
telephone_other: "oxTelephoneOther"
|
||||
postal_code_home: "oxPostalCodeHome"
|
||||
# telephone_radio :
|
||||
room_number: "roomNumber"
|
||||
sales_volume: "oxSalesVolume"
|
||||
city_other: "oxCityOther"
|
||||
country_other: "oxCountryOther"
|
||||
middle_name: "oxMiddleName,middleName"
|
||||
postal_code_other: "oxPostalCodeOther"
|
||||
state_other: "oxStateOther"
|
||||
street_other: "oxStreetOther"
|
||||
spouse_name: "oxSpouseName"
|
||||
state_home: "oxStateHome"
|
||||
street_home: "oxStreetHome"
|
||||
suffix: "oxSuffix"
|
||||
tax_id: "oxTaxId"
|
||||
telephone_telex: "oxTelephoneTelex,telexNumber"
|
||||
telephone_ttytdd: "oxTelephoneTtydd"
|
||||
url: "oxUrl,wWWHome"
|
||||
userfield01: "oxUserfiels01"
|
||||
userfield02: "oxUserfiels02"
|
||||
userfield03: "oxUserfiels03"
|
||||
userfield04: "oxUserfiels04"
|
||||
userfield05: "oxUserfiels05"
|
||||
userfield06: "oxUserfiels06"
|
||||
userfield07: "oxUserfiels07"
|
||||
userfield08: "oxUserfiels08"
|
||||
userfield09: "oxUserfiels09"
|
||||
userfield10: "oxUserfiels10"
|
||||
userfield11: "oxUserfiels11"
|
||||
userfield12: "oxUserfiels12"
|
||||
userfield13: "oxUserfiels13"
|
||||
userfield14: "oxUserfiels14"
|
||||
userfield15: "oxUserfiels15"
|
||||
userfield16: "oxUserfiels16"
|
||||
userfield17: "oxUserfiels17"
|
||||
userfield18: "oxUserfiels18"
|
||||
userfield19: "oxUserfiels19"
|
||||
userfield20: "oxUserfiels20"
|
||||
city_business: "l"
|
||||
country_business: "oxCountryBusiness,country"
|
||||
# telephone_primary :
|
||||
# categories :
|
||||
title: "title"
|
||||
position: "oxPosition"
|
||||
profession: "oxProfession"
|
||||
|
||||
# == Date Mappings =====================================================
|
||||
birthday: "oxBirthday"
|
||||
anniversary: "oxAnniversary"
|
||||
# The last-modified and creation dates are required by the groupware server, therefore an implicit
|
||||
# default date is assumed when no LDAP attribute is mapped here, and no results are available for this
|
||||
# folder for the 'modified' and 'deleted' API calls. Therefore, any synchronization-based usage will
|
||||
# not be available.
|
||||
lastmodified: "modifyTimestamp"
|
||||
creationdate: "createTimestamp"
|
||||
|
||||
# == Misc Mappings =====================================================
|
||||
# Distribution list members are resolved dynamically using the DNs found in the mapped LDAP attribute.
|
||||
# Alternatively, if the attribute value does not denote a DN reference, the value is assumed to be the
|
||||
# plain email address of the member.
|
||||
distributionlist: "memberUid"
|
||||
# Special mapping where the value is evaluated using a string comparison with, or the existence of
|
||||
# the attribute value.
|
||||
markasdistributionlist: "objectClass=posixGroup"
|
||||
# The values for the for assistant- and manager name mappings are either used as-is, or get resolved
|
||||
# dynamically using the DNs found
|
||||
# in the mapped LDAP attribute.
|
||||
assistant_name: "secretary"
|
||||
manager_name: "oxManagerName,manager"
|
||||
# Contact image, binary format is expected.
|
||||
image1: "jpegPhoto"
|
||||
# Special mapping where the value is evaluated using a string comparison with, or the existence of
|
||||
# the attribute value.
|
||||
number_of_images: "jpegPhoto=*"
|
||||
# Will be set internally if not defined.
|
||||
# image_last_modified :
|
||||
# Will be set automatically to "image/jpeg" if not defined.
|
||||
# image1_content_type :
|
||||
@@ -34,6 +34,7 @@ public-sector-ui:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
appsuite:
|
||||
istio:
|
||||
@@ -52,6 +53,15 @@ appsuite:
|
||||
core-mw:
|
||||
masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
gotenberg:
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
image:
|
||||
repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}
|
||||
tag: {{ .Values.images.openxchangeGotenberg.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
properties:
|
||||
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
|
||||
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
@@ -76,6 +86,16 @@ appsuite:
|
||||
uiSettings:
|
||||
"io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
||||
"io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
||||
# Dynamic theme
|
||||
io.ox/dynamic-theme//mainColor: "{{ .Values.theme.colors.primary }}"
|
||||
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
io.ox/dynamic-theme//topbarBackground: "{{ .Values.theme.colors.white }}"
|
||||
io.ox/dynamic-theme//topbarColor: "{{ .Values.theme.colors.black }}"
|
||||
io.ox/dynamic-theme//listSelected: "{{ .Values.theme.colors.primary15 }}"
|
||||
io.ox/dynamic-theme//listHover: "{{ .Values.theme.colors.secondaryGreyLight }}"
|
||||
io.ox/dynamic-theme//folderBackground: "{{ .Values.theme.colors.white }}"
|
||||
io.ox/dynamic-theme//folderSelected: "{{ .Values.theme.colors.primary15 }}"
|
||||
io.ox/dynamic-theme//folderHover: "{{ .Values.theme.colors.secondaryGreyLight }}"
|
||||
secretETCFiles:
|
||||
# Format of the OX Guard master key:
|
||||
# MC+base64(20 random bytes)
|
||||
@@ -86,6 +106,7 @@ appsuite:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreMW.repository }}
|
||||
tag: {{ .Values.images.openxchangeCoreMW.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
update:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreMW.repository }}
|
||||
@@ -103,11 +124,13 @@ appsuite:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreUI.repository }}
|
||||
tag: {{ .Values.images.openxchangeCoreUI.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
core-ui-middleware:
|
||||
ingress:
|
||||
hosts:
|
||||
- host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
enabled: false
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
@@ -115,6 +138,7 @@ appsuite:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository }}
|
||||
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
core-guidedtours:
|
||||
imagePullSecrets:
|
||||
@@ -124,6 +148,7 @@ appsuite:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository }}
|
||||
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
guard-ui:
|
||||
imagePullSecrets:
|
||||
@@ -133,11 +158,13 @@ appsuite:
|
||||
image:
|
||||
repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}
|
||||
tag: {{ .Values.images.openxchangeGuardUI.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
core-user-guide:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreUserGuide.repository }}
|
||||
tag: {{ .Values.images.openxchangeCoreUserGuide.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
|
||||
@@ -9,6 +9,8 @@ appsuite:
|
||||
core-mw:
|
||||
enabled: true
|
||||
masterAdmin: "admin"
|
||||
gotenberg:
|
||||
enabled: true
|
||||
features:
|
||||
status:
|
||||
# enable admin pack
|
||||
@@ -22,6 +24,13 @@ appsuite:
|
||||
open-xchange-authentication-oauth: "enabled"
|
||||
properties:
|
||||
com.openexchange.UIWebPath: "/appsuite/"
|
||||
# PDF Export
|
||||
com.openexchange.capability.mail_export_pdf: "true"
|
||||
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.pdfa.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.url: "http://collabora:9980"
|
||||
com.openexchange.mail.exportpdf.gotenberg.url: "http://open-xchange-gotenberg:3000"
|
||||
# OIDC
|
||||
com.openexchange.oidc.enabled: "true"
|
||||
com.openexchange.oidc.autologinCookieMode: "ox_direct"
|
||||
@@ -55,16 +64,23 @@ appsuite:
|
||||
com.openexchange.mail.filter.server: "dovecot"
|
||||
com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
|
||||
# Capabilities
|
||||
# Old capability can be used to toggle all integrations with a single switch
|
||||
com.openexchange.capability.public-sector: "true"
|
||||
# New capabilities in 2.0
|
||||
com.openexchange.capability.public-sector-element: "false"
|
||||
com.openexchange.capability.public-sector-navigation: "true"
|
||||
com.openexchange.capability.client-onboarding: "true"
|
||||
com.openexchange.capability.dynamic-theme: "true"
|
||||
com.openexchange.capability.filestorage_nextcloud: "true"
|
||||
com.openexchange.capability.filestorage_nextcloud_oauth: "true"
|
||||
com.openexchange.capability.guard: "true"
|
||||
com.openexchange.capability.guard-mail: "true"
|
||||
com.openexchange.capability.public-sector: "true"
|
||||
com.openexchange.capability.smime: "true"
|
||||
com.openexchange.capability.share_links: "false"
|
||||
com.openexchange.capability.invite_guests: "false"
|
||||
# Secondary Accounts
|
||||
com.openexchange.mail.secondary.authType: "XOAUTH2"
|
||||
com.openexchange.mail.transport.secondary.authType: "xoauth2"
|
||||
# Nextcloud integration
|
||||
com.openexchange.file.storage.nextcloud.oauth.url: "http://nextcloud/"
|
||||
com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user"
|
||||
@@ -92,6 +108,13 @@ appsuite:
|
||||
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
|
||||
uiSettings:
|
||||
# Show the Enterprise Picker in the top right corner instead of the launcher drop-down
|
||||
io.ox/core//features/enterprisePicker/showLauncher: "false"
|
||||
io.ox/core//features/enterprisePicker/showTopRightLauncher: "true"
|
||||
# Text and icon color in the topbar
|
||||
io.ox/dynamic-theme//topbarColor: "#000"
|
||||
io.ox/dynamic-theme//logoWidth: "82"
|
||||
io.ox/dynamic-theme//topbarHover: "rgba(0, 0, 0, 0.1)"
|
||||
# Resources
|
||||
io.ox/core//features/resourceCalendars: "true"
|
||||
io.ox/core//features/managedResources: "true"
|
||||
@@ -106,18 +129,8 @@ appsuite:
|
||||
# io.ox.public-sector//ics/url: "https://ics.<DOMAIN>/"
|
||||
io.ox/core//apps/quickLaunchCount: "0"
|
||||
io.ox/core//coloredIcons: "false"
|
||||
# Dynamic theme
|
||||
io.ox/dynamic-theme//mainColor: "#004B76"
|
||||
io.ox/dynamic-theme//logoURL: "io.ox.public-sector/logo.svg"
|
||||
io.ox/dynamic-theme//logoWidth: "80"
|
||||
io.ox/dynamic-theme//topbarBackground: "#fff"
|
||||
io.ox/dynamic-theme//topbarColor: "#1f1f1f"
|
||||
io.ox/dynamic-theme//topbarHover: "rgba(0, 0, 0, 0.1)"
|
||||
io.ox/dynamic-theme//listSelected: "#ADC8F0"
|
||||
io.ox/dynamic-theme//listHover: "#ddd"
|
||||
io.ox/dynamic-theme//folderBackground: "#fff"
|
||||
io.ox/dynamic-theme//folderSelected: "#ADC8F0"
|
||||
io.ox/dynamic-theme//folderHover: "#ddd"
|
||||
# Mail templates
|
||||
io.ox/core//features/templates: "true"
|
||||
|
||||
asConfig:
|
||||
default:
|
||||
|
||||
@@ -2,12 +2,14 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "openproject"
|
||||
url: "https://charts.openproject.org"
|
||||
- name: "openproject-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://charts.openproject.org" }}
|
||||
|
||||
releases:
|
||||
- name: "openproject"
|
||||
chart: "openproject/openproject"
|
||||
chart: "openproject-repo/openproject"
|
||||
version: "1.8.0"
|
||||
values:
|
||||
- "values.yaml"
|
||||
|
||||
@@ -10,7 +10,7 @@ global:
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.openproject.repository }}"
|
||||
pullPolicy: "Always"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.openproject.tag }}"
|
||||
|
||||
memcached:
|
||||
@@ -59,6 +59,8 @@ environment:
|
||||
OPENPROJECT_SMTP__PORT: "587" # (default=587)
|
||||
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
||||
OPENPROJECT_SMTP__ADDRESS: "{{ .Values.smtp.host }}"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}"
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.openproject }}"
|
||||
@@ -68,4 +70,5 @@ replicaCount: {{ .Values.replicas.openproject }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.openproject | toYaml | nindent 2 }}
|
||||
|
||||
...
|
||||
|
||||
@@ -40,5 +40,24 @@ environment:
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: "univention-corporate-container"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementUser)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SYNC__USERS: "true"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_LOGIN__MAPPING: "uid"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_FIRSTNAME__MAPPING: "givenName"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_LASTNAME__MAPPING: "sn"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_MAIL__MAPPING: "mailPrimaryAddress"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_ADMIN__MAPPING: "opendeskProjectmanagementAdmin"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn"
|
||||
|
||||
...
|
||||
|
||||
@@ -2,12 +2,14 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "ox-connector"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable"
|
||||
- name: "ox-connector-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "ox-connector"
|
||||
chart: "ox-connector/ox-connector"
|
||||
chart: "ox-connector-repo/ox-connector"
|
||||
version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
|
||||
values:
|
||||
- "values-oxconnector.yaml"
|
||||
|
||||
@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.oxConnector.repository }}"
|
||||
pullPolicy: "Always"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.oxConnector.tag }}"
|
||||
|
||||
imagePullSecrets:
|
||||
|
||||
@@ -2,72 +2,93 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "sovereign-workplace-certificates"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable"
|
||||
- name: "postgresql"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/83/packages/helm/stable"
|
||||
- name: "mariadb"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/86/packages/helm/stable"
|
||||
- name: "postfix"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable"
|
||||
- name: "istio-resources"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable"
|
||||
- name: "clamav"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/73/packages/helm/stable"
|
||||
- name: "bitnami"
|
||||
url: "https://charts.bitnami.com/bitnami"
|
||||
- name: "sovereign-workplace-certificates-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable" }}
|
||||
- name: "postgresql-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postgresql" }}
|
||||
- name: "mariadb-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/mariadb" }}
|
||||
- name: "postfix-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable" }}
|
||||
- name: "istio-resources-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable" }}
|
||||
- name: "clamav-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/clamav" }}
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "registry-1.docker.io/bitnamicharts" }}
|
||||
|
||||
releases:
|
||||
- name: "sovereign-workplace-certificates"
|
||||
chart: "sovereign-workplace-certificates/sovereign-workplace-certificates"
|
||||
version: "1.2.1"
|
||||
chart: "sovereign-workplace-certificates-repo/sovereign-workplace-certificates"
|
||||
version: "1.2.2"
|
||||
values:
|
||||
- "values-certificates.gotmpl"
|
||||
condition: "certificates.enabled"
|
||||
- name: "redis"
|
||||
chart: "bitnami/redis"
|
||||
version: "^17.9.3"
|
||||
chart: "bitnami-repo/redis"
|
||||
version: "18.0.4"
|
||||
values:
|
||||
- "values-redis.gotmpl"
|
||||
- "values-redis.yaml"
|
||||
condition: "redis.enabled"
|
||||
- name: "postgresql"
|
||||
chart: "postgresql/postgresql"
|
||||
version: "2.0.0"
|
||||
chart: "postgresql-repo/postgresql"
|
||||
version: "2.0.2"
|
||||
values:
|
||||
- "values-postgresql.yaml"
|
||||
- "values-postgresql.gotmpl"
|
||||
condition: "postgresql.enabled"
|
||||
- name: "mariadb"
|
||||
chart: "mariadb/mariadb"
|
||||
version: "2.0.0"
|
||||
chart: "mariadb-repo/mariadb"
|
||||
version: "2.1.0"
|
||||
values:
|
||||
- "values-mariadb.yaml"
|
||||
- "values-mariadb.gotmpl"
|
||||
condition: "mariadb.enabled"
|
||||
- name: "postfix"
|
||||
chart: "postfix/postfix"
|
||||
version: "1.13.0"
|
||||
chart: "postfix-repo/postfix"
|
||||
version: "2.0.3"
|
||||
values:
|
||||
- "values-postfix.yaml"
|
||||
- "values-postfix.gotmpl"
|
||||
condition: "postfix.enabled"
|
||||
- name: "clamav"
|
||||
chart: "clamav/sovereign-workplace-clamav"
|
||||
version: "2.1.0"
|
||||
chart: "clamav-repo/opendesk-clamav"
|
||||
version: "4.0.0"
|
||||
values:
|
||||
- "values-clamav-distributed.yaml"
|
||||
- "values-clamav-distributed.gotmpl"
|
||||
condition: "clamavDistributed.enabled"
|
||||
- name: "clamav-simple"
|
||||
chart: "clamav/clamav-simple"
|
||||
version: "2.1.0"
|
||||
chart: "clamav-repo/clamav-simple"
|
||||
version: "4.0.0"
|
||||
values:
|
||||
- "values-clamav-simple.yaml"
|
||||
- "values-clamav-simple.gotmpl"
|
||||
condition: "clamavSimple.enabled"
|
||||
- name: "sovereign-workplace-gateway"
|
||||
chart: "istio-resources/istio-gateway"
|
||||
chart: "istio-resources-repo/istio-gateway"
|
||||
version: "1.1.2"
|
||||
values:
|
||||
- "values-istio-gateway.yaml"
|
||||
- "values-istio-gateway.gotmpl"
|
||||
condition: "istio.enabled"
|
||||
|
||||
|
||||
@@ -5,25 +5,23 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
clamd:
|
||||
podSecurityContext:
|
||||
{{/* Disabled until NFS Provisioner on IONOS is fixed */}}
|
||||
enabled: false
|
||||
replicaCount: {{ .Values.replicas.clamd }}
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.clamd.repository }}"
|
||||
tag: "{{ .Values.images.clamd.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
resources:
|
||||
{{ .Values.resources.clamd | toYaml | nindent 4 }}
|
||||
|
||||
freshclam:
|
||||
podSecurityContext:
|
||||
{{/* Disabled until NFS Provisioner on IONOS is fixed */}}
|
||||
enabled: false
|
||||
replicaCount: {{ .Values.replicas.freshclam }}
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.freshclam.repository }}"
|
||||
tag: "{{ .Values.images.freshclam.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
resources:
|
||||
{{ .Values.resources.freshclam | toYaml | nindent 4 }}
|
||||
|
||||
@@ -37,18 +35,18 @@ icap:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.icap.repository }}"
|
||||
tag: "{{ .Values.images.icap.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
resources:
|
||||
{{ .Values.resources.icap | toYaml | nindent 4 }}
|
||||
|
||||
milter:
|
||||
podSecurityContext:
|
||||
{{/* Disabled until NFS Provisioner on IONOS is fixed */}}
|
||||
enabled: false
|
||||
replicaCount: {{ .Values.replicas.milter }}
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.milter.repository }}"
|
||||
tag: "{{ .Values.images.milter.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
resources:
|
||||
{{ .Values.resources.milter | toYaml | nindent 4 }}
|
||||
|
||||
|
||||
80
helmfile/apps/services/values-clamav-distributed.yaml
Normal file
80
helmfile/apps/services/values-clamav-distributed.yaml
Normal file
@@ -0,0 +1,80 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
enabled: true
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
clamd:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 100
|
||||
runAsGroup: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
fsGroupChangePolicy: "Always"
|
||||
|
||||
freshclam:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 100
|
||||
runAsGroup: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
fsGroupChangePolicy: "Always"
|
||||
|
||||
icap:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 100
|
||||
runAsGroup: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
fsGroupChangePolicy: "Always"
|
||||
|
||||
milter:
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 100
|
||||
runAsGroup: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
fsGroupChangePolicy: "Always"
|
||||
...
|
||||
@@ -3,11 +3,6 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
|
||||
podSecurityContext:
|
||||
{{/* Disabled until NFS Provisioner on IONOS is fixed */}}
|
||||
enabled: false
|
||||
|
||||
replicaCount: {{ .Values.replicas.clamav }}
|
||||
|
||||
image:
|
||||
@@ -15,10 +10,12 @@ image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.clamd.repository }}"
|
||||
tag: "{{ .Values.images.clamd.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
icap:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.icap.repository }}"
|
||||
tag: "{{ .Values.images.icap.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.clamd | toYaml | nindent 4 }}
|
||||
|
||||
19
helmfile/apps/services/values-clamav-simple.yaml
Normal file
19
helmfile/apps/services/values-clamav-simple.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 100
|
||||
runAsGroup: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
fsGroupChangePolicy: "Always"
|
||||
...
|
||||
6
helmfile/apps/services/values-istio-gateway.yaml
Normal file
6
helmfile/apps/services/values-istio-gateway.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
tls:
|
||||
httpsRedirect: false
|
||||
...
|
||||
@@ -11,7 +11,10 @@ global:
|
||||
image:
|
||||
repository: "{{ .Values.images.mariadb.repository }}"
|
||||
tag: "{{ .Values.images.mariadb.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
# Open-Xchange and XWiki require the permission to create database schemas, so they use the `root` account anyway.
|
||||
# Please refer to `databases.yaml` for details.
|
||||
job:
|
||||
users:
|
||||
- username: "xwiki_user"
|
||||
|
||||
@@ -1,6 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
job:
|
||||
enabled: true
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
...
|
||||
|
||||
@@ -3,14 +3,16 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
image:
|
||||
url: "{{ .Values.global.imageRegistry }}/{{ .Values.images.postfix.repository }}"
|
||||
digest: "{{ .Values.images.postfix.digest }}"
|
||||
global:
|
||||
registry: {{ .Values.global.imageRegistry }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry }}
|
||||
repository: "{{ .Values.images.postfix.repository }}"
|
||||
tag: "{{ .Values.images.postfix.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
certificate:
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
@@ -5,6 +5,19 @@ certificate:
|
||||
request:
|
||||
enabled: false
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities: {}
|
||||
enabled: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
|
||||
postfix:
|
||||
hostname: "postfix"
|
||||
inetProtocols: "ipv4"
|
||||
|
||||
@@ -11,6 +11,7 @@ global:
|
||||
image:
|
||||
repository: "{{ .Values.images.postgresql.repository }}"
|
||||
tag: "{{ .Values.images.postgresql.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
job:
|
||||
users:
|
||||
|
||||
@@ -1,11 +1,29 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
enabled: true
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
job:
|
||||
image:
|
||||
digest: "sha256:de7451b563ef79eb6acb2851dbadd18388e6436cd757b65d275a3dc60dbb0b73"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
|
||||
postgres:
|
||||
user: "postgres"
|
||||
...
|
||||
|
||||
@@ -16,6 +16,7 @@ image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.redis.repository }}"
|
||||
tag: "{{ .Values.images.redis.tag }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
master:
|
||||
persistence:
|
||||
|
||||
@@ -8,4 +8,8 @@ sentinel:
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
master:
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
...
|
||||
|
||||
@@ -2,12 +2,14 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "univention-corporate-container"
|
||||
url: "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable"
|
||||
- name: "univention-corporate-container-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "univention-corporate-container"
|
||||
chart: "univention-corporate-container/univention-corporate-container"
|
||||
chart: "univention-corporate-container-repo/univention-corporate-container"
|
||||
version: "1.0.10"
|
||||
values:
|
||||
- "values.yaml"
|
||||
|
||||
@@ -13,7 +13,7 @@ global:
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullPolicy: "Always"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.univentionCorporateServer.repository }}"
|
||||
tag: "{{ .Values.images.univentionCorporateServer.tag }}"
|
||||
|
||||
|
||||
117
helmfile/apps/univention-management-stack/helmfile.yaml
Normal file
117
helmfile/apps/univention-management-stack/helmfile.yaml
Normal file
@@ -0,0 +1,117 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
repositories:
|
||||
- name: "univention"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
- name: "ums-store-dav"
|
||||
chart: "univention/store-dav"
|
||||
version: "0.2.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-store-dav.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-ldap-server"
|
||||
chart: "univention/ldap-server"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-ldap-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-ldap-notifier"
|
||||
chart: "univention/ldap-notifier"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-ldap-notifier.gotmpl"
|
||||
- "values-ldap-notifier.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-udm-rest-api"
|
||||
chart: "univention/udm-rest-api"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-udm-rest-api.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-stack-data-ums"
|
||||
chart: "univention/stack-data-ums"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-ums.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-stack-data-swp"
|
||||
chart: "univention/stack-data-swp"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-swp.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-portal-server"
|
||||
chart: "univention/portal-server"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-notifications-api"
|
||||
chart: "univention/notifications-api"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-notifications-api.gotmpl"
|
||||
- "values-notifications-api.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-portal-listener"
|
||||
chart: "univention/portal-listener"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-listener.gotmpl"
|
||||
- "values-portal-listener.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-portal-frontend"
|
||||
chart: "univention/portal-frontend"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-frontend.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-umc-gateway"
|
||||
chart: "univention/umc-gateway"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-umc-gateway.gotmpl"
|
||||
- "values-umc-gateway.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- name: "ums-umc-server"
|
||||
chart: "univention/umc-server"
|
||||
version: "0.1.0"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-umc-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "univention-management-stack"
|
||||
@@ -0,0 +1,14 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
# The TLS configuration is on the "master" Ingress, see "portal-frontend"
|
||||
enabled: false
|
||||
secretName: ""
|
||||
@@ -0,0 +1,6 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
istio:
|
||||
enabled: false
|
||||
@@ -0,0 +1,20 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsLdapNotifier.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsLdapNotifier.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsLdapNotifier | toYaml | nindent 2 }}
|
||||
|
||||
...
|
||||
@@ -0,0 +1,10 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
volumes:
|
||||
claims:
|
||||
shared-data: "shared-data-ums-ldap-server-0"
|
||||
shared-run: "shared-run-ums-ldap-server-0"
|
||||
|
||||
...
|
||||
@@ -0,0 +1,44 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
ldapServer:
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
|
||||
# TODO: Certificates handling
|
||||
# caCert: ""
|
||||
# certPem: ""
|
||||
# privateKey: ""
|
||||
# dhParam: ""
|
||||
tlsMode: "off"
|
||||
|
||||
# TODO: SAML integration
|
||||
# samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
|
||||
# samlMetadataUrlInternal: "http://keycloak.default/realms/ucs/protocol/saml/descriptor"
|
||||
# serviceProviders: "http://localhost:8000/univention/saml/metadata,http://localhost:8000/auth/realms/ucs"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsLdapServer.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsLdapServer.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
# TODO: Pending upstream support, #199
|
||||
persistence:
|
||||
data:
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
size: "{{ .Values.persistence.size.univentionManagementStack.ldapServerData }}"
|
||||
shared:
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
size: "{{ .Values.persistence.size.univentionManagementStack.ldapServerShared }}"
|
||||
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsLdapServer | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,28 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
postgresql:
|
||||
bundled: false
|
||||
connection:
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
auth:
|
||||
username: "notificationsapi_user"
|
||||
database: "notificationsapi"
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsNotificationsApi.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsNotificationsApi.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsNotificationsApi | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,12 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
notificationsapi:
|
||||
apply_database_migrations: "True"
|
||||
dev_mode: "False"
|
||||
environment: "staging"
|
||||
log_level: "DEBUG"
|
||||
sql_echo: "False"
|
||||
api_prefix: "/univention/portal/notifications-api"
|
||||
|
||||
...
|
||||
@@ -0,0 +1,31 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsPortalFrontend.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsPortalFrontend.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
extraIngresses:
|
||||
redirects:
|
||||
# The TLS configuration is on the "master" Ingress, see below.
|
||||
tls:
|
||||
enabled: false
|
||||
master:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
tls:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }}
|
||||
|
||||
...
|
||||
@@ -0,0 +1,54 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
portalListener:
|
||||
adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
|
||||
environment: "staging"
|
||||
debugLevel: "4"
|
||||
assetsRoot: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-assets/"
|
||||
ucsInternalUrl: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-data/"
|
||||
umcGetUrl: "http://ums-umc-server/get"
|
||||
umcSessionUrl: "http://ums-umc-server/get/session-info"
|
||||
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
notifierServer: "ums-ldap-notifier"
|
||||
portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal"
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
udmApiUsername: "cn=admin"
|
||||
|
||||
tlsMode: "off"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsPortalListener.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsPortalListener.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
waitForDependency:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsWaitForDependency.repository }}"
|
||||
imagePullPolicy: "Always"
|
||||
tag: "{{ .Values.images.umsWaitForDependency.tag }}"
|
||||
|
||||
# TODO: Pending upstream support, #200
|
||||
persistence:
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
size: "{{ .Values.persistence.size.univentionManagementStack.portalListener }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalListener | toYaml | nindent 2 }}
|
||||
|
||||
resourcesDependencyWaiter:
|
||||
{{ .Values.resources.umsPortalListenerDependencies | toYaml | nindent 2 }}
|
||||
|
||||
...
|
||||
@@ -0,0 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
store-dav:
|
||||
bundled: false
|
||||
|
||||
...
|
||||
@@ -0,0 +1,28 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
portalServer:
|
||||
adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
|
||||
authMode: "saml"
|
||||
environment: "staging"
|
||||
editable: "true"
|
||||
logLevel: "DEBUG"
|
||||
ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
|
||||
umcGetUrl: "http://ums-umc-server/get"
|
||||
umcSessionUrl: "http://ums-umc-server/get/session-info"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsPortalServer.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsPortalServer.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsPortalServer | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,38 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
stackDataSwp:
|
||||
udmApiUsername: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
externalDomainName: "{{ .Values.global.domain }}"
|
||||
externalMailDomain: "{{ .Values.global.domain }}"
|
||||
|
||||
portalGroupwareLinkBase: "https://webmail.{{ .Values.istio.domain }}"
|
||||
portalFileshareLinkBase: "https://fs.{{ .Values.global.domain }}"
|
||||
portalRealtimeCollaborationLinkBase: "https://chat.{{ .Values.global.domain }}"
|
||||
portalRealtimeVideoconferenceLinkBase: "https://meet.{{ .Values.global.domain }}"
|
||||
portalManagementProjectLinkBase: "https://project.{{ .Values.global.domain }}"
|
||||
portalManagementKnowledgeLinkBase: "https://wiki.{{ .Values.global.domain }}"
|
||||
|
||||
oxDefaultContext: "10"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsDataLoader.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsDataLoader.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsStackDataSwp | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,31 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
stackDataUms:
|
||||
udmApiUser: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
|
||||
|
||||
# The SWP configuration brings its own UMC policies.
|
||||
installUmcPolicies: false
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsDataLoader.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsDataLoader.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsStackDataUms | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,39 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
storeDav:
|
||||
auth:
|
||||
basicAuth:
|
||||
portal-listener: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}"
|
||||
portal-server: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}"
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsStoreDav.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsStoreDav.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
configHtpasswd:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsConfigHtpasswd.repository }}"
|
||||
pullPolicy: "Always"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsConfigHtpasswd.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
# TODO: Pending upstream support, #201
|
||||
persistence:
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
size: "{{ .Values.persistence.size.univentionManagementStack.storeDav }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsStoreDav | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,44 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
udmRestApi:
|
||||
apiLogLevel: "4"
|
||||
authGroups:
|
||||
dcBackup: "cn=DC Backup Hosts,cn=groups,dc=swp-ldap,dc=internal"
|
||||
dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=swp-ldap,dc=internal"
|
||||
domainAdmins: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: why do we need this many subprocesses?
|
||||
numberOfSubprocesses: 8
|
||||
# TODO: Stub value currently
|
||||
caCert: ""
|
||||
# TODO: This should not be part of the udm-rest-api anymore
|
||||
loadJoinData:
|
||||
enabled: true
|
||||
# TODO: configurable
|
||||
tlsMode: "off"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsUdmRestApi.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsUdmRestApi.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsUdmRestApi | toYaml | nindent 2 }}
|
||||
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
umcGateway:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ssoFqdn: "localhost:8097"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsUmcGateway.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsUmcGateway.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsUmcGateway | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,18 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
umcGateway:
|
||||
showCookieBanner: true
|
||||
cookieBannerTitleDE: "Cookie Zustimmung"
|
||||
cookieBannerTitleEN: "Cookie Consent"
|
||||
cookieBannerTextDE: >-
|
||||
Die Nutzung dieses Angebots ist nur möglich, wenn Cookies gespeichert und
|
||||
verarbeitet werden können (essenzielle Cookies). Dafür benötigen wir Ihre
|
||||
Zustimmung. Bitte akzeptieren Sie um fortzufahren oder schließen Sie die
|
||||
Seite.
|
||||
cookieBannerTextEN: >-
|
||||
Usage of this site is only possible by storing and processing cookie
|
||||
information (essential cookies). We require your consent. Please accept to
|
||||
continue or close the page.
|
||||
|
||||
...
|
||||
@@ -0,0 +1,42 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
umcServer:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
|
||||
enforceSessionCookie: "true"
|
||||
|
||||
# TODO: The keycloak integration is pending
|
||||
samlEnabled: false
|
||||
samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: "http://keycloak/realms/ucs/protocol/saml/descriptor"
|
||||
samlSpServer: "localhost:8000"
|
||||
samlSchemes: "http"
|
||||
|
||||
tlsMode: "off"
|
||||
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsUmcServer.repository }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
tag: "{{ .Values.images.umsUmcServer.tag }}"
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsUmcServer | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -2,19 +2,21 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
repositories:
|
||||
- name: "xwiki"
|
||||
url: "https://xwiki-contrib.github.io/xwiki-helm"
|
||||
- name: "xwiki-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://xwiki-contrib.github.io/xwiki-helm" }}
|
||||
|
||||
releases:
|
||||
- name: "xwiki"
|
||||
chart: "xwiki/xwiki"
|
||||
version: "1.1.1"
|
||||
chart: "xwiki-repo/xwiki"
|
||||
version: "1.1.3"
|
||||
wait: true
|
||||
timeout: 600
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "xwiki.enabled"
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
|
||||
@@ -1,20 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
xwiki:
|
||||
url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/"
|
||||
superadmin:
|
||||
username: "superadmin"
|
||||
password: {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
||||
|
||||
image:
|
||||
repository: "{{ .Values.images.xwikiInit.repository }}"
|
||||
tag: "{{ .Values.images.xwikiInit.tag }}"
|
||||
...
|
||||
@@ -6,16 +6,26 @@ SPDX-License-Identifier: Apache-2.0
|
||||
image:
|
||||
name: "{{ .Values.global.imageRegistry }}/{{ .Values.images.xwiki.repository }}"
|
||||
tag: "{{ .Values.images.xwiki.tag }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
externalDB:
|
||||
password: "{{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.xwikiUser }}"
|
||||
password: "{{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
database: "{{ .Values.databases.xwiki.name }}"
|
||||
user: "{{ .Values.databases.xwiki.username }}"
|
||||
host: "{{ .Values.databases.xwiki.host }}"
|
||||
|
||||
customConfigs:
|
||||
"xwiki.cfg":
|
||||
"xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
||||
"xwiki.superadminpassword": "{{ .Values.secrets.xwiki.superadminpassword }}"
|
||||
## LDAP Server configuration
|
||||
# "xwiki.authentication.ldap.server": "univention-corporate-container"
|
||||
# xwiki.authentication.ldap.port: 389
|
||||
## Authentication to the LDAP server
|
||||
# xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
|
||||
# xwiki.authentication.ldap.bind_pass: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}"
|
||||
## Base DN used for searching for users
|
||||
# xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||
|
||||
"xwiki.properties":
|
||||
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
|
||||
"oidc.endpoint.token": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token"
|
||||
@@ -25,10 +35,16 @@ customConfigs:
|
||||
"url.trustedDomains": "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
"workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
|
||||
"workplaceServices.base": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
"workplaceServices.portalSecret": {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
"workplaceServices.portalSecret": "{{ .Values.secrets.centralnavigation.apiKey }}"
|
||||
|
||||
properties:
|
||||
"attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
"attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": "{{ .Values.theme.colors.primary }}"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "{{ .Values.theme.colors.white }}"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "{{ .Values.theme.colors.secondaryGreyLight }}"
|
||||
## Link LDAP users and users authenticated through OIDC
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
|
||||
@@ -2,9 +2,7 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
image:
|
||||
name: "git.xwikisas.com:5050/xwikisas/swp/xwiki"
|
||||
tag: "0.4-mariadb-tomcat"
|
||||
pullPolicy: "Always"
|
||||
pullPolicy: "IfNotPresent"
|
||||
|
||||
ingress:
|
||||
# enabled: true
|
||||
@@ -32,9 +30,9 @@ mariadb:
|
||||
|
||||
properties:
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.colorTheme": "FlamingoThemes.Iceberg"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": "#004B76"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de_DE"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.timezone": "Europe/Berlin"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de_DE"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.link-color": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary"
|
||||
@@ -43,15 +41,37 @@ properties:
|
||||
"@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color":
|
||||
"@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "#fff"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "#fff"
|
||||
# yamllint disable-line rule:line-length
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "'@list-group-active-border: @list-group-border; @gray-light: #727272; @text-muted: @gray; @xwiki-drawer-menu-item-hover-bg: @list-group-hover-bg; @xwiki-drawer-menu-item-hover-color: @list-group-link-hover-color; @well-bg: @body-bg; .navbar-default { border-bottom: 3px solid @brand-primary !important; } #menuview .navbar-brand img { padding: 5px; }'"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": " li#tmWorkplaceServices { padding-left: 16px; padding-top: 5px; } .navbar-right { padding-top: 8px; } .navbar { border-bottom: 1px solid #ddd; height: 64px; } div#companylogo { width: 90px; height: auto; padding-top: 7px; padding-left: 9px; }"
|
||||
|
||||
"property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"
|
||||
## Fields to search in when importing users from the administration UI (not completely in scope for now)
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes":
|
||||
# "sn,givenname,uid"
|
||||
## Restrict user import in the UI to global administrators
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin"
|
||||
## Enable group and user synchronization
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate":
|
||||
# 1
|
||||
## Base DN under which groups should be searched for
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
||||
# "dc=swp-ldap,dc=internal"
|
||||
## LDAP filter to only synchronize some groups
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
|
||||
customConfigs:
|
||||
xwiki.cfg:
|
||||
xwiki.url.protocol: "https"
|
||||
## Indicate the LDAP field defining the user UID
|
||||
# xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
oidc.endpoint.userinfo.method: "GET"
|
||||
|
||||
@@ -5,12 +5,15 @@ environments:
|
||||
default:
|
||||
values:
|
||||
- "../../environments/default/*.gotmpl"
|
||||
- "../../environments/default/*.yaml"
|
||||
dev:
|
||||
values:
|
||||
- "../../environments/default/*.gotmpl"
|
||||
- "../../environments/default/*.yaml"
|
||||
- "../../environments/dev/values.yaml"
|
||||
prod:
|
||||
values:
|
||||
- "../../environments/default/*.gotmpl"
|
||||
- "../../environments/default/*.yaml"
|
||||
- "../../environments/prod/values.yaml"
|
||||
...
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
certificate:
|
||||
issuerRef:
|
||||
name: "letsencrypt-prod"
|
||||
...
|
||||
7
helmfile/environments/default/certificate.yaml
Normal file
7
helmfile/environments/default/certificate.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
certificate:
|
||||
issuerRef:
|
||||
name: "letsencrypt-prod"
|
||||
...
|
||||
@@ -1,26 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
cluster:
|
||||
service:
|
||||
# Based on the available Implementations of your cluster, choose the type of Service.
|
||||
# Choose out of "ClusterIP", "NodePort" or "LoadBalancer.
|
||||
type: "LoadBalancer"
|
||||
|
||||
persistence:
|
||||
# Enable if ReadWriteMany (RWX) storage is available (f.e. CephFS, NFS, ...).
|
||||
readWriteMany:
|
||||
enabled: false
|
||||
|
||||
networking:
|
||||
# Kubernetes internal cluster domain.
|
||||
domain: "cluster.local"
|
||||
# Kubernetes cluster network CIDR.
|
||||
cidr: "10.0.0.0/8"
|
||||
|
||||
container:
|
||||
# Used container engine in kubernetes cluster.
|
||||
engine: "cri-o"
|
||||
...
|
||||
33
helmfile/environments/default/cluster.yaml
Normal file
33
helmfile/environments/default/cluster.yaml
Normal file
@@ -0,0 +1,33 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cluster:
|
||||
service:
|
||||
# Based on the available Implementations of your cluster, choose the type of Service.
|
||||
# Choose out of "ClusterIP", "NodePort" or "LoadBalancer.
|
||||
type: "LoadBalancer"
|
||||
|
||||
persistence:
|
||||
# Enable if ReadWriteMany (RWX) storage is available (f.e. CephFS, NFS, ...).
|
||||
readWriteMany:
|
||||
enabled: false
|
||||
|
||||
networking:
|
||||
# Kubernetes internal cluster domain.
|
||||
domain: "cluster.local"
|
||||
# Kubernetes cluster network CIDR.
|
||||
cidr: "10.0.0.0/8"
|
||||
# Ingress-gateway IP - only relevant for "NodePort" cluster services.
|
||||
# When ingress and egress gateway use different ips, which results that pods can't self-discover their incoming ip,
|
||||
# you need to provide the public (load-balanced) ingress gateways ip address.
|
||||
ingressGatewayIP: ""
|
||||
# LoadBalancer status fiel - only relevant for "LoadBalancer" cluster services.
|
||||
# The IP/DNS of your load-balancer will be fetched for some components from 'status' map of services.
|
||||
# Most providers use '.status.loadBalancer.ingress[0].ip' to store public ip. You can modify the chosen field here.
|
||||
loadBalancerStatusField: "ip"
|
||||
|
||||
container:
|
||||
# Used container engine in kubernetes cluster.
|
||||
engine: "cri-o"
|
||||
|
||||
...
|
||||
@@ -1,7 +1,5 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
databases:
|
||||
keycloak:
|
||||
@@ -32,9 +30,15 @@ databases:
|
||||
name: "CONFIGDB"
|
||||
username: "root"
|
||||
password: ""
|
||||
synapse:
|
||||
host: "postgresql"
|
||||
name: "matrix"
|
||||
username: "matrix_user"
|
||||
password: ""
|
||||
port: 5432
|
||||
xwiki:
|
||||
name: "xwiki"
|
||||
host: "mariadb"
|
||||
username: "xwiki_user"
|
||||
username: "root"
|
||||
password: ""
|
||||
...
|
||||
@@ -7,52 +7,12 @@ SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
global:
|
||||
|
||||
## Define ingress/virtualservice host.
|
||||
#
|
||||
hosts:
|
||||
collabora: "collabora"
|
||||
dimension: "integration"
|
||||
element: "ucc"
|
||||
etherpad: "etherpad"
|
||||
intercomService: "ics"
|
||||
jitsi: "av"
|
||||
jitsiPlain: "jitsi"
|
||||
keycloak: "id"
|
||||
meetingWidgetsBot: "meeting-widgets-bot"
|
||||
meetingWidgets: "meeting-widgets"
|
||||
newWorkBoardWidget: "whiteboard-widget"
|
||||
moodle: "learn"
|
||||
nextcloud: "fs"
|
||||
openproject: "project"
|
||||
openxchange: "webmail"
|
||||
openxchangeProvisioning: "ox-provisioning"
|
||||
pollWidget: "poll-widget"
|
||||
synapse: "matrix"
|
||||
univentionCorporateServer: "portal"
|
||||
whiteboard: "whiteboard"
|
||||
xwiki: "wiki"
|
||||
|
||||
## Define host
|
||||
#
|
||||
domain: {{ env "DOMAIN" | default "souvap.cloud" }}
|
||||
|
||||
## Define docker registry address.
|
||||
#
|
||||
imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace"
|
||||
imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" }}
|
||||
|
||||
## Credentials to fetch images from private registry
|
||||
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
#
|
||||
imagePullSecrets:
|
||||
- "external-registry"
|
||||
|
||||
## Define internal kubernetes domain, usually svc.cluster.local
|
||||
## Workaround for calico with postfix
|
||||
#
|
||||
internalDomain: "svc.cluster.local"
|
||||
|
||||
## Define internal kubernetes network for postfix
|
||||
## Attention: Mail from this network can be sent without authentication!
|
||||
#
|
||||
internalNetwork: "10.0.0.0/8"
|
||||
...
|
||||
|
||||
47
helmfile/environments/default/global.yaml
Normal file
47
helmfile/environments/default/global.yaml
Normal file
@@ -0,0 +1,47 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
## The global properties are used to configure multiple charts at once.
|
||||
#
|
||||
global:
|
||||
|
||||
## Define ingress/virtualservice host.
|
||||
#
|
||||
hosts:
|
||||
collabora: "collabora"
|
||||
dimension: "integration"
|
||||
element: "chat"
|
||||
etherpad: "etherpad"
|
||||
intercomService: "ics"
|
||||
jitsi: "meet"
|
||||
keycloak: "id"
|
||||
meetingWidgetsBot: "meeting-widgets-bot"
|
||||
meetingWidgets: "meeting-widgets"
|
||||
newWorkBoardWidget: "whiteboard-widget"
|
||||
nextcloud: "fs"
|
||||
openproject: "project"
|
||||
openxchange: "webmail"
|
||||
openxchangeProvisioning: "ox-provisioning"
|
||||
pollWidget: "poll-widget"
|
||||
synapse: "matrix"
|
||||
univentionCorporateServer: "portal"
|
||||
univentionManagementStack: "portal"
|
||||
whiteboard: "whiteboard"
|
||||
xwiki: "wiki"
|
||||
|
||||
|
||||
## Define docker registry address.
|
||||
#
|
||||
imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace"
|
||||
|
||||
## Credentials to fetch images from private registry
|
||||
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
#
|
||||
imagePullSecrets:
|
||||
- "external-registry"
|
||||
|
||||
## Define the policy to pull container images.
|
||||
## Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
|
||||
#
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
...
|
||||
@@ -1,119 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
images:
|
||||
clamd:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.0_base"
|
||||
collabora:
|
||||
repository: "collabora/code"
|
||||
tag: "23.05.2.2.1"
|
||||
dovecot:
|
||||
repository: "dovecot/dovecot"
|
||||
tag: "2.3.20"
|
||||
freshclam:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.0_base"
|
||||
jibri:
|
||||
repository: "jitsi/jibri"
|
||||
tag: "stable-8615"
|
||||
jicofo:
|
||||
repository: "jitsi/jicofo"
|
||||
tag: "stable-8615"
|
||||
jitsi:
|
||||
repository: "jitsi/web"
|
||||
tag: "stable-8615"
|
||||
jitsiKeycloakAdapter:
|
||||
repository: "nordeck/jitsi-keycloak-adapter"
|
||||
tag: "v20230425"
|
||||
jitsiPatchJVB:
|
||||
repository: "bitnami/kubectl"
|
||||
tag: "1.26.6"
|
||||
jvb:
|
||||
repository: "jitsi/jvb"
|
||||
tag: "stable-8615"
|
||||
icap:
|
||||
repository: "souvap/tooling/images/c-icap/c-icap-clamav"
|
||||
tag: "1.0.4"
|
||||
intercom:
|
||||
repository: "univention/intercom-service"
|
||||
tag: "1.4-kubernetes"
|
||||
keycloak:
|
||||
repository: "bitnami/keycloak"
|
||||
tag: "19.0.3-debian-11-r15"
|
||||
digest: ""
|
||||
keycloakBootstrap:
|
||||
repository: "souvap/tooling/images/ansible"
|
||||
tag: "4.10.0"
|
||||
keycloakExtensionHandler:
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler"
|
||||
digest: "cdaaab8fb1b658ee2ca45557e76570153bb306c43061db5b5ee0f418c40e2200"
|
||||
keycloakExtensionProxy:
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-proxy"
|
||||
digest: "15ad665620368178d98721c0bd91744dd9c965c2e470abc3838e353fff530093"
|
||||
mariadb:
|
||||
repository: "mariadb"
|
||||
tag: "10"
|
||||
memcached:
|
||||
repository: "bitnami/memcached"
|
||||
tag: "1.6.21-debian-11-r4"
|
||||
milter:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.0_base"
|
||||
nextcloud:
|
||||
repository: "nextcloud"
|
||||
tag: "26.0.1-apache"
|
||||
openproject:
|
||||
repository: "souvap/tooling/images/openproject/souvap"
|
||||
tag: "dev"
|
||||
openxchangeCoreGuidedtours:
|
||||
repository: "appsuite-public-sector/core-guidedtours"
|
||||
tag: "8.5.0"
|
||||
openxchangeCoreMW:
|
||||
repository: "appsuite-public-sector/middleware-public-sector"
|
||||
tag: "8.15.43"
|
||||
openxchangeCoreUI:
|
||||
repository: "appsuite-public-sector/core-ui"
|
||||
tag: "8.15.2"
|
||||
openxchangeCoreUIMiddleware:
|
||||
repository: "appsuite-public-sector/core-ui-middleware"
|
||||
tag: "1.8.3"
|
||||
openxchangeCoreUserGuide:
|
||||
repository: "appsuite-public-sector/core-user-guide"
|
||||
tag: "8.15.702039"
|
||||
openxchangeGuardUI:
|
||||
repository: "appsuite-public-sector/guard-ui"
|
||||
tag: "4.0.5"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
repository: "appsuite-public-sector/nextcloud-integration-ui"
|
||||
tag: "1.0.2"
|
||||
openxchangePublicSectorUI:
|
||||
repository: "appsuite-public-sector/public-sector-ui"
|
||||
tag: "1.0.3"
|
||||
oxConnector:
|
||||
repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
|
||||
tag: "branch-jconde-listener-entrypoint-chaining"
|
||||
postfix:
|
||||
repository: "souvap/tooling/images/postfix"
|
||||
digest: "sha256:69e0c53ade77ffb89673672f5c8183ec2edfc81d4e990aca3ec594f33c55a7ac"
|
||||
postgresql:
|
||||
repository: "postgres"
|
||||
tag: "15-alpine"
|
||||
prosody:
|
||||
repository: "jitsi/prosody"
|
||||
tag: "stable-8615"
|
||||
redis:
|
||||
repository: "bitnami/redis"
|
||||
tag: "7.0.12-debian-11-r0"
|
||||
univentionCorporateServer:
|
||||
repository: "souvap/tooling/images/univention-corporate-server-swp/ucs"
|
||||
tag: "20230806T234258"
|
||||
xwiki:
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.8-mariadb-tomcat"
|
||||
xwikiInit:
|
||||
repository: "curlimages/curl"
|
||||
tag: "8.1.2"
|
||||
...
|
||||
227
helmfile/environments/default/images.yaml
Normal file
227
helmfile/environments/default/images.yaml
Normal file
@@ -0,0 +1,227 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
images:
|
||||
clamd:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
collabora:
|
||||
repository: "souvap/tooling/images/collabora"
|
||||
tag: "23.05.4.2.1@sha256:ee9ce83811700f1ff57e1218d22388dbaca96306df33f82aa14b334c5302285a"
|
||||
# @supplier: "Collabora"
|
||||
dovecot:
|
||||
repository: "dovecot/dovecot"
|
||||
tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7"
|
||||
# @supplier: "Open-Xchange"
|
||||
element:
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
tag: "latest@sha256:16506bba9da546b1bf5896892f6f4afefea3d0f1d8ed93eae511212627a029b9"
|
||||
# @supplier: "Element"
|
||||
freshclam:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
jibri:
|
||||
repository: "jitsi/jibri"
|
||||
tag: "stable-8922@sha256:87aa176b44b745b13769f13b8e2d22ddd6f6ba624244d5354c8dd3664787e936"
|
||||
# @supplier: "Nordeck"
|
||||
jicofo:
|
||||
repository: "jitsi/jicofo"
|
||||
tag: "stable-8922@sha256:820fcd4b072b29f42c1c37389fbefda1065f1e9654694941485dc08123c8a93b"
|
||||
# @supplier: "Nordeck"
|
||||
jitsi:
|
||||
repository: "jitsi/web"
|
||||
tag: "stable-8922@sha256:24bd4179998fe01ace1be74e53fea5308f4d91722953bb4334611e6886753f46"
|
||||
# @supplier: "Nordeck"
|
||||
jitsiKeycloakAdapter:
|
||||
repository: "nordeck/jitsi-keycloak-adapter"
|
||||
tag: "v20230906@sha256:54d45ee1a1205f98641810ffb171bd92e6478e2957a349ee4ff599359239fbf2"
|
||||
# @supplier: "Nordeck"
|
||||
jitsiPatchJVB:
|
||||
repository: "bitnami/kubectl"
|
||||
tag: "1.26.8@sha256:c6902a1fdce0a24c9f93ac8d1f317039b206a4b307d8fc76cab4a92911345757"
|
||||
# @supplier: "Nordeck"
|
||||
jvb:
|
||||
repository: "jitsi/jvb"
|
||||
tag: "stable-8922@sha256:75dd613807e19cbbd440d071b60609fa9e4ee50a1396b14deb0ed779d882a554"
|
||||
# @supplier: "Nordeck"
|
||||
icap:
|
||||
repository: "souvap/tooling/images/c-icap"
|
||||
tag: "0.5.10@sha256:cd665e77a42460bb1e6df4282bc1d8737be241fc9f4143d43509e31de3a7993d"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
intercom:
|
||||
repository: "univention/intercom-service"
|
||||
tag: "1.4-kubernetes@sha256:e4fa2e0df49595bf9ba5bf73e36a50e8f1b44334a1a326a43488b8f9c8bbcb9c"
|
||||
# @supplier: "Univention"
|
||||
keycloak:
|
||||
repository: "bitnami/keycloak"
|
||||
tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e"
|
||||
# @supplier: "Univention"
|
||||
keycloakBootstrap:
|
||||
repository: "souvap/tooling/images/ansible"
|
||||
tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
|
||||
# @supplier: "Univention"
|
||||
keycloakExtensionHandler:
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler"
|
||||
tag: "latest@sha256:e67bdfc655e43b7fb83b025e13f949b04fdd98e089b33401275d03e340e03e2e"
|
||||
# @supplier: "Univention"
|
||||
keycloakExtensionProxy:
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-proxy"
|
||||
tag: "latest@sha256:57026fb4ba7d4579461e7ddd4b1b8ce9585d1cac4adbe64040f5e1063c80a6ba"
|
||||
# @supplier: "Univention"
|
||||
mariadb:
|
||||
repository: "mariadb"
|
||||
tag: "11.1.2-jammy@sha256:b6440c4f4e1471bdcee202e4c4e21c1f93af87421f6d33028363dd224e54f481"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
memcached:
|
||||
repository: "bitnami/memcached"
|
||||
tag: "1.6.21-debian-11-r84@sha256:81747acd297d3fcd05706ea771d441a6f01b28d722c366a06f922b6b7d4033dd"
|
||||
# @supplier: "OpenProject"
|
||||
milter:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
nextcloud:
|
||||
repository: "nextcloud"
|
||||
tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
|
||||
# @supplier: "Nextcloud Community"
|
||||
openproject:
|
||||
repository: "souvap/tooling/images/openproject/souvap"
|
||||
tag: "dev@sha256:03eb1eacc0c0c4e9e7d0f0c3d265fd0c15fd01cda33bc4f89cbc487ad53474a8"
|
||||
# @supplier: "OpenProject"
|
||||
openxchangeBootstrap:
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreGuidedtours:
|
||||
repository: "appsuite-public-sector/core-guidedtours"
|
||||
tag: "8.5.1@sha256:469457562a378cca50460e08d9437a954fc6f19622f18128fa74979f7905ecd9"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreMW:
|
||||
repository: "appsuite-public-sector/middleware-public-sector"
|
||||
tag: "8.16.60@sha256:269c5b72f380c49ba1888c4300c409745d2ce757ca0b269afe1e8ac9bb26f028"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUI:
|
||||
repository: "appsuite-public-sector/core-ui"
|
||||
tag: "8.16.5@sha256:4f4dd4e36fb8a1b493c195e38e2f13b87c9582bfcdc3d23b646698fce2ffef8c"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUIMiddleware:
|
||||
repository: "appsuite-public-sector/core-ui-middleware"
|
||||
tag: "1.8.4@sha256:c707fbd5496c894f201dab8f4e78aad98f1ad80c8058778f04dfa5e6e201ed64"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUserGuide:
|
||||
repository: "appsuite-public-sector/core-user-guide"
|
||||
tag: "8.16.727397@sha256:5d8dbf9a91456dea59a235b495dcd002b971e2b23ef6c3a2ea5fd2071664e2a4"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeGuardUI:
|
||||
repository: "appsuite-public-sector/guard-ui"
|
||||
tag: "4.0.6@sha256:7bb8fdf944228dd78a5c33bbd8d0019d5a9e4ce1c35bda674166f2febc5d9a02"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
repository: "appsuite-public-sector/nextcloud-integration-ui"
|
||||
tag: "1.0.5@sha256:cad4ecba431f84b8627d2e541cfea773d5ef54b65d847fa8f7e3fd0d63156497"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangePublicSectorUI:
|
||||
repository: "appsuite-public-sector/public-sector-ui"
|
||||
tag: "2.0.1@sha256:8df90f6dfb59008567d8ded0dbd17b8f92f409c78ba2cf4ab2a39e1b23e34d3b"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeGotenberg:
|
||||
repository: "appsuite-public-sector/3rdparty/gotenberg"
|
||||
tag: "7.8.2@sha256:34af7b6d21c02b8183785177f5f3f1731633d72ec69e1f2ecdb8b43747887f62"
|
||||
# @supplier: "Open-Xchange"
|
||||
oxConnector:
|
||||
repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
|
||||
tag:
|
||||
"branch-jconde-listener-entrypoint-chaining\
|
||||
@sha256:54748d49e37d52529d4a857ff834d1217bd2cb8c89c7eed25c0873159ed6853c"
|
||||
# @supplier: "Univention"
|
||||
postfix:
|
||||
repository: "souvap/tooling/images/postfix"
|
||||
tag: "1.0.0@sha256:69e0c53ade77ffb89673672f5c8183ec2edfc81d4e990aca3ec594f33c55a7ac"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
postgresql:
|
||||
repository: "postgres"
|
||||
tag: "15.4-alpine3.18@sha256:f36c528a2dc8747ea40b4cb8578da69fa75c5063fd6a71dcea3e3b2a6404ff7b"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
prosody:
|
||||
repository: "jitsi/prosody"
|
||||
tag: "stable-8922@sha256:243547f24ae7d686d1f0c18ee230cf93119a66f095dda282bacbf45d4bb69f77"
|
||||
# @supplier: "Nordeck"
|
||||
redis:
|
||||
repository: "bitnami/redis"
|
||||
tag: "7.2.1-debian-11-r5@sha256:e664fa63dfe88cd099180c32f2c9a109a958f053b75d195beb48b06ffd8a0b5b"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
synapse:
|
||||
repository: "matrixdotorg/synapse"
|
||||
tag: "v1.91.2@sha256:1d19508db417bb2b911c8e086bd3dc3b719ee75c6f6194d58af59b4c32b11322"
|
||||
# @supplier: "Element"
|
||||
synapseWeb:
|
||||
repository: "rapidfort/haproxy-official"
|
||||
tag: "2.6.6-bullseye@sha256:bf22cfb1301aae433213f5f8c687bc5d9ecc6b86daf1084be5f7a339bd27cadd"
|
||||
# @supplier: "Element"
|
||||
univentionCorporateServer:
|
||||
repository: "souvap/tooling/images/univention-corporate-server-swp/ucs"
|
||||
tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8"
|
||||
# @supplier: "Univention"
|
||||
umsConfigHtpasswd:
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "latest@sha256:24c5e218baa62b169e7222d8ee4d3951ddc8622cd359def6b660bb23a1052f9e"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "latest@sha256:857837c1810f82362d441544dc32bd2c1d6fe358bbb5ae0e2c60b7f8f4092190"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||
tag: "latest@sha256:6eccf86fe78926247ec9b59d7ba83c53271bc3ca7d0195863c0489e22c836002"
|
||||
# @supplier: "Univention"
|
||||
umsLdapServer:
|
||||
repository: "souvap/tooling/images/univention/ldap-server"
|
||||
tag: "latest@sha256:4a7c44b37c727cdc03e4043c88e3dbf6b1f119772c5c1904eaed3298bdd49a3d"
|
||||
# @supplier: "Univention"
|
||||
umsNotificationsApi:
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "latest@sha256:87a047c2d0669fcbb3501ef94192812e17e09aecabc1edd2e4b92afbb7ea4b20"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "latest@sha256:bcf48d108bc2f1afd745659a1d4f11f1dd0d8ada034899aa401dfea32a29c87a"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "latest@sha256:a1b11db009e992d91cfef2bc60a5022cd4498c38908194020c881ef6dd325bae"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "latest@sha256:eb0b032c4cf4b207f78b80c69f3e593e01e577779d877e16908902f19b4fc2ee"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "latest@sha256:5d8d5e9ed55af2d12fef25856e5e61c7d13081458e4b14e6a01b10488b8067d3"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "latest@sha256:d65f705e46a497ba58e7373f19973835f731796baeace16a32d6331469bf0068"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "latest@sha256:dce4322646749692c5d4692ccd7ff55df080a4af3485585a50c82871715e0cae"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "latest@sha256:18172ee4317a9259291f251c0cc1d2be05e003558cbd18d6dc062098a127cc8d"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "latest@sha256:6cbb1708109c5a0c13f3ee433989094d04cecfb8b32975e723d0f5a2e526f8db"
|
||||
# @supplier: "Univention"
|
||||
wellKnown:
|
||||
repository: "library/nginx"
|
||||
tag: "1.25.2-bookworm@sha256:9504f3f64a3f16f0eaf9adca3542ff8b2a6880e6abfb13e478cca23f6380080a"
|
||||
# @supplier: "Element"
|
||||
xwiki:
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.10-mariadb-tomcat@sha256:02f0ff6407ccdd8dab17814202e28991fe0aa8d44fa106ba171cff5249eaf58f"
|
||||
# @supplier: "XWiki"
|
||||
...
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user