chore(release): 0.2.1 [skip ci]

## [0.2.1](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.2.0...v0.2.1) (2023-08-16)

### Bug Fixes

* **keycloak:** Increase proxy-buffer-size for ingress-nginx ([d8adcc4](d8adcc463a))

CHANGELOG.md

@@ -1,3 +1,37 @@
+## [0.2.1](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.2.0...v0.2.1) (2023-08-16)
+
+
+### Bug Fixes
+
+* **keycloak:** Increase proxy-buffer-size for ingress-nginx ([d8adcc4](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/d8adcc463adc8bec5a793a97977dddd89d7363cc))
+
+# [0.2.0](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.2...v0.2.0) (2023-08-15)
+
+
+### Bug Fixes
+
+* **helmfile:** Replace bitnami repositories with OCI ([4c21fd2](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/4c21fd228654520bb71d56dc1bda96332334002b))
+
+
+### Features
+
+* **helmfile:** Implement private image/chart registry variables ([5788323](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/57883236219811d2a5fc422649b4f9b042a0ac22))
+
+## [0.1.2](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.1...v0.1.2) (2023-08-15)
+
+
+### Bug Fixes
+
+* **jitsi:** Update support for NodePort setups with different ingress/egress ips ([de25789](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/de257893d4ff2b3e8ea1d6988c6bdde5ed1eae9a))
+
+## [0.1.1](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.0...v0.1.1) (2023-08-14)
+
+
+### Bug Fixes
+
+* **open-xchange:** Bump dovecot and sovereign-workplace-open-xchange-bootstrap to 1.3.0 with image digest support ([53796da](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/53796dae660463207a460b387b6f3dd23ce20cd0))
+* **open-xchange:** Bump sovereign-workplace-open-xchange-bootstrap to 1.3.1 ([390f2de](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/390f2dee5226b83855a6cca8bf1c0d0f5647ee34))
+
 # [0.1.0](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.0.6...v0.1.0) (2023-08-14)
 
 

README.md

@@ -149,6 +149,16 @@ and wait a little. After the deployment is finished some bootstrapping is
 executed which might take some more minutes before you can log in your new
 instance.
 
+## Offline deployment
+
+Before executing a [local deployment](#local-deployment), you can set following
+environment variables to use your own container image and helm chart registry:
+
+| name                         | description                    |
+|------------------------------|--------------------------------|
+| PRIVATE_CHART_REPOSITORY_URL | Your helm chart repository url |
+| PRIVATE_IMAGE_REGISTRY_URL   | Your image registry url        |
+
 ## Logging in
 
 When successfully deployed the SWP, all K8s jobs from the deployment should be

helmfile/apps/collabora/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "collabora-online"
+  - name: "collabora-online-repo"
-    url: "https://collaboraonline.github.io/online"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://collaboraonline.github.io/online" }}
 
 releases:
   - name: "collabora-online"
-    chart: "collabora-online/collabora-online"
+    chart: "collabora-online-repo/collabora-online"
     version: "1.0.2"
     values:
       - "values.yaml"

helmfile/apps/element/helmfile.yaml

@@ -2,33 +2,35 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-element"
+  - name: "sovereign-workplace-element-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable" }}
 
 releases:
   - name: "sovereign-workplace-element"
-    chart: "sovereign-workplace-element/sovereign-workplace-element"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-element"
     version: "1.1.2"
     values:
       - "values-element.gotmpl"
     condition: "element.enabled"
 
   - name: "sovereign-workplace-well-known"
-    chart: "sovereign-workplace-element/sovereign-workplace-well-known"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-well-known"
     version: "1.1.2"
     values:
       - "values-well-known.gotmpl"
     condition: "element.enabled"
 
   - name: "sovereign-workplace-synapse-web"
-    chart: "sovereign-workplace-element/sovereign-workplace-synapse-web"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-synapse-web"
     version: "1.1.2"
     values:
       - "values-synapse-web.gotmpl"
     condition: "element.enabled"
 
   - name: "sovereign-workplace-synapse"
-    chart: "sovereign-workplace-element/sovereign-workplace-synapse"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-synapse"
     version: "1.1.2"
     values:
       - "values-synapse.gotmpl"

helmfile/apps/intercom-service/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "intercom-service"
+  - name: "intercom-service-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable" }}
 
 releases:
   - name: "intercom-service"
-    chart: "intercom-service/intercom-service"
+    chart: "intercom-service-repo/intercom-service"
     version: "1.1.3"
     values:
       - "values.yaml"

helmfile/apps/jitsi/helmfile.yaml

@@ -2,13 +2,15 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "jitsi"
+  - name: "jitsi-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/137/packages/helm/stable"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/137/packages/helm/stable" }}
 
 releases:
   - name: "jitsi"
-    chart: "jitsi/sovereign-workplace-jitsi"
+    chart: "jitsi-repo/sovereign-workplace-jitsi"
-    version: "1.1.3"
+    version: "1.2.1"
     values:
       - "values-jitsi.gotmpl"
     condition: "jitsi.enabled"

helmfile/apps/jitsi/values-jitsi.gotmpl

@@ -51,7 +51,7 @@ jitsi:
     {{- end }}
     extraEnvs:
       - name: "AUTH_TYPE"
-        value: "jwt"
+        value: "hybrid_matrix_token"
       - name: "JWT_APP_ID"
         value: "myappid"
       - name: "JWT_APP_SECRET"
@@ -111,6 +111,8 @@ jitsi:
   {{- end }}
 
 patchJVB:
+  configuration:
+    staticLoadbalancerIP: "{{ .Values.cluster.networking.ingressGatewayIP }}"
   image:
     registry: "{{ .Values.global.imageRegistry }}"
     repository: "{{ .Values.images.jitsiPatchJVB.repository }}"

helmfile/apps/keycloak-bootstrap/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-keycloak-bootstrap"
+  - name: "sovereign-workplace-keycloak-bootstrap-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable" }}
 
 releases:
   - name: "sovereign-workplace-keycloak-bootstrap"
-    chart: "sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap"
+    chart: "sovereign-workplace-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
     version: "1.1.11"
     values:
       - "values-bootstrap.gotmpl"

helmfile/apps/keycloak/helmfile.yaml

@@ -2,22 +2,29 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "bitnami"
+  - name: "bitnami-repo"
-    url: "https://charts.bitnami.com/bitnami"
+    oci: true
-  - name: "keycloak-theme"
+    url: >-
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable"
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-  - name: "keycloak-extensions"
+         default "registry-1.docker.io/bitnamicharts" }}
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable"
+  - name: "keycloak-theme-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable" }}
+  - name: "keycloak-extensions-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }}
 
 releases:
   - name: "keycloak-theme"
-    chart: "keycloak-theme/sovereign-workplace-theme"
+    chart: "keycloak-theme-repo/sovereign-workplace-theme"
     version: "1.0.0"
     values:
       - "values-theme.gotmpl"
     condition: "keycloak.enabled"
   - name: "keycloak"
-    chart: "bitnami/keycloak"
+    chart: "bitnami-repo/keycloak"
     version: "12.2.0"
     values:
       - "values-keycloak.gotmpl"
@@ -26,7 +33,7 @@ releases:
     wait: true
     condition: "keycloak.enabled"
   - name: "keycloak-extensions"
-    chart: "keycloak-extensions/keycloak-extensions"
+    chart: "keycloak-extensions-repo/keycloak-extensions"
     version: "0.1.0"
     needs:
       - "keycloak"

helmfile/apps/keycloak/values-extensions.gotmpl

@@ -46,6 +46,7 @@ proxy:
     ingressClassName: "{{ .Values.ingress.ingressClassName }}"
     annotations:
       nginx.org/proxy-buffer-size: "8k"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
     host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
     tls:
       enabled: "{{ .Values.ingress.tls.enabled }}"

helmfile/apps/nextcloud/helmfile.yaml

@@ -2,14 +2,18 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-nextcloud-bootstrap"
+  - name: "sovereign-workplace-nextcloud-bootstrap-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/130/packages/helm/stable"
+    url: >-
-  - name: "nextcloud"
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-    url: "https://nextcloud.github.io/helm/"
+         default "https://gitlab.souvap-univention.de/api/v4/projects/130/packages/helm/stable" }}
+  - name: "nextcloud-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://nextcloud.github.io/helm/" }}
 
 releases:
   - name: "sovereign-workplace-nextcloud-bootstrap"
-    chart: "sovereign-workplace-nextcloud-bootstrap/sovereign-workplace-nextcloud-bootstrap"
+    chart: "sovereign-workplace-nextcloud-bootstrap-repo/sovereign-workplace-nextcloud-bootstrap"
     version: "2.2.0"
     wait: true
     waitForJobs: true
@@ -20,7 +24,7 @@ releases:
     timeout: 1800
 
   - name: "nextcloud"
-    chart: "nextcloud/nextcloud"
+    chart: "nextcloud-repo/nextcloud"
     version: "3.5.19"
     needs:
       - "sovereign-workplace-nextcloud-bootstrap"

helmfile/apps/open-xchange/helmfile.yaml

@@ -2,32 +2,38 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "dovecot"
+  - name: "dovecot-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable"
+    url: >-
-  - name: "openxchange"
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-    url: "registry.open-xchange.com"
+         default "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable" }}
+  - name: "openxchange-repo"
     oci: true
-  - name: "sovereign-workplace-open-xchange-bootstrap"
+    url: >-
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable"
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "registry.open-xchange.com" }}
+  - name: "sovereign-workplace-open-xchange-bootstrap-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable" }}
 
 releases:
   - name: "dovecot"
-    chart: "dovecot/dovecot"
+    chart: "dovecot-repo/dovecot"
     version: "1.3.1"
     values:
       - "values-dovecot.yaml"
       - "values-dovecot.gotmpl"
     condition: "dovecot.enabled"
   - name: "open-xchange"
-    chart: "openxchange/appsuite-public-sector/charts/appsuite-public-sector"
+    chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
     version: "1.2.13"
     values:
       - "values-openxchange.yaml"
       - "values-openxchange.gotmpl"
     condition: "oxAppsuite.enabled"
   - name: "sovereign-workplace-open-xchange-bootstrap"
-    chart: "sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap"
+    chart: "sovereign-workplace-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
-    version: "1.2.2"
+    version: "1.3.1"
     values:
       - "values-openxchange-bootstrap.yaml"
     condition: "oxAppsuite.enabled"

helmfile/apps/open-xchange/values-dovecot.gotmpl

@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
 image:
   registry: "{{ .Values.global.imageRegistry }}"
   url: "{{ .Values.images.dovecot.repository }}"
-  tag: "{{ .Values.images.dovecot.tag }}"
+  digest: "{{ .Values.images.dovecot.digest }}"
 
 imagePullSecrets:
 {{- range .Values.global.imagePullSecrets }}

helmfile/apps/open-xchange/values-openxchange-bootstrap.gotmpl

@@ -0,0 +1,15 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+image:
+  registry: "{{ .Values.global.imageRegistry }}"
+  url: "{{ .Values.images.openxchangeBootstrap.repository }}"
+  digest: "{{ .Values.images.openxchangeBootstrap.digest }}"
+
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+...

helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml

@@ -2,22 +2,5 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 cleanup:
-  deletePodsOnSuccess: false
+  deletePodsOnSuccess: true
-
-# resources:
-#   limits:
-#     # The max amount of CPUs to consume.
-#     cpu: 1
-#     # The max amount of RAM to consume.
-#     memory: "1Gi"
-#   requests:
-#     # The amount of CPUs which has to be available on the scheduled node.
-#     cpu: 1
-#     # The amount of RAM which has to be available on the scheduled node.
-#     memory: "256Mi"
-
-# Keep default values:
-# coreMiddleware:
-#   statefulSet: "open-xchange-core-mw-default-0"
-#   pod: "open-xchange-core-mw-default-0"
 ...

helmfile/apps/openproject/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "openproject"
+  - name: "openproject-repo"
-    url: "https://charts.openproject.org"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://charts.openproject.org" }}
 
 releases:
   - name: "openproject"
-    chart: "openproject/openproject"
+    chart: "openproject-repo/openproject"
     version: "1.8.0"
     values:
       - "values.yaml"

helmfile/apps/provisioning/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "ox-connector"
+  - name: "ox-connector-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }}
 
 releases:
   - name: "ox-connector"
-    chart: "ox-connector/ox-connector"
+    chart: "ox-connector-repo/ox-connector"
     version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
     values:
       - "values-oxconnector.yaml"

helmfile/apps/services/helmfile.yaml

@@ -2,70 +2,85 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-certificates"
+  - name: "sovereign-workplace-certificates-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable"
+    url: >-
-  - name: "postgresql"
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/83/packages/helm/stable"
+         default "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable" }}
-  - name: "mariadb"
+  - name: "postgresql-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/86/packages/helm/stable"
+    url: >-
-  - name: "postfix"
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable"
+         default "https://gitlab.souvap-univention.de/api/v4/projects/83/packages/helm/stable" }}
-  - name: "istio-resources"
+  - name: "mariadb-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable"
+    url: >-
-  - name: "clamav"
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/73/packages/helm/stable"
+         default "https://gitlab.souvap-univention.de/api/v4/projects/86/packages/helm/stable" }}
-  - name: "bitnami"
+  - name: "postfix-repo"
-    url: "https://charts.bitnami.com/bitnami"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable" }}
+  - name: "istio-resources-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable" }}
+  - name: "clamav-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/73/packages/helm/stable" }}
+  - name: "bitnami-repo"
+    oci: true
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "registry-1.docker.io/bitnamicharts" }}
 
 releases:
   - name: "sovereign-workplace-certificates"
-    chart: "sovereign-workplace-certificates/sovereign-workplace-certificates"
+    chart: "sovereign-workplace-certificates-repo/sovereign-workplace-certificates"
     version: "1.2.2"
     values:
       - "values-certificates.gotmpl"
     condition: "certificates.enabled"
   - name: "redis"
-    chart: "bitnami/redis"
+    chart: "bitnami-repo/redis"
     version: "^17.9.3"
     values:
       - "values-redis.gotmpl"
       - "values-redis.yaml"
     condition: "redis.enabled"
   - name: "postgresql"
-    chart: "postgresql/postgresql"
+    chart: "postgresql-repo/postgresql"
     version: "2.0.0"
     values:
       - "values-postgresql.yaml"
       - "values-postgresql.gotmpl"
     condition: "postgresql.enabled"
   - name: "mariadb"
-    chart: "mariadb/mariadb"
+    chart: "mariadb-repo/mariadb"
     version: "2.0.0"
     values:
       - "values-mariadb.yaml"
       - "values-mariadb.gotmpl"
     condition: "mariadb.enabled"
   - name: "postfix"
-    chart: "postfix/postfix"
+    chart: "postfix-repo/postfix"
     version: "1.13.0"
     values:
       - "values-postfix.yaml"
       - "values-postfix.gotmpl"
     condition: "postfix.enabled"
   - name: "clamav"
-    chart: "clamav/sovereign-workplace-clamav"
+    chart: "clamav-repo/sovereign-workplace-clamav"
     version: "2.1.0"
     values:
       - "values-clamav-distributed.gotmpl"
     condition: "clamavDistributed.enabled"
   - name: "clamav-simple"
-    chart: "clamav/clamav-simple"
+    chart: "clamav-repo/clamav-simple"
     version: "2.1.0"
     values:
       - "values-clamav-simple.gotmpl"
     condition: "clamavSimple.enabled"
   - name: "sovereign-workplace-gateway"
-    chart: "istio-resources/istio-gateway"
+    chart: "istio-resources-repo/istio-gateway"
     version: "1.1.2"
     values:
       - "values-istio-gateway.gotmpl"

helmfile/apps/univention-corporate-container/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "univention-corporate-container"
+  - name: "univention-corporate-container-repo"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable" }}
 
 releases:
   - name: "univention-corporate-container"
-    chart: "univention-corporate-container/univention-corporate-container"
+    chart: "univention-corporate-container-repo/univention-corporate-container"
     version: "1.0.10"
     values:
       - "values.yaml"

helmfile/apps/xwiki/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "xwiki"
+  - name: "xwiki-repo"
-    url: "https://xwiki-contrib.github.io/xwiki-helm"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://xwiki-contrib.github.io/xwiki-helm" }}
 
 releases:
   - name: "xwiki"
-    chart: "xwiki/xwiki"
+    chart: "xwiki-repo/xwiki"
     version: "1.1.1"
     wait: true
     timeout: 600

helmfile/apps/xwiki/values-init.gotmpl

@@ -1,20 +0,0 @@
-{{/*
-SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-SPDX-License-Identifier: Apache-2.0
-*/}}
----
-global:
-  imageRegistry: "{{ .Values.global.imageRegistry }}"
-  imagePullSecrets:
-    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
-
-xwiki:
-  url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/"
-  superadmin:
-    username: "superadmin"
-    password: {{ .Values.secrets.xwiki.superadminpassword | quote }}
-
-image:
-  repository: "{{ .Values.images.xwikiInit.repository }}"
-  tag: "{{ .Values.images.xwikiInit.tag }}"
-...

helmfile/environments/default/cluster.gotmpl

@@ -19,6 +19,10 @@ cluster:
     domain: "cluster.local"
     # Kubernetes cluster network CIDR.
     cidr: "10.0.0.0/8"
+    # Ingress-gateway IP - only relevant for "NodePort" cluster services.
+    # When ingress and egress gateway use different ips, which results that pods can't self-discover their incoming ip,
+    # you need to provide the public (load-balanced) ingress gateways ip address.
+    ingressGatewayIP: ""
 
   container:
     # Used container engine in kubernetes cluster.

helmfile/environments/default/global.gotmpl

@@ -36,21 +36,11 @@ global:
 
   ## Define docker registry address.
   #
-  imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace"
+  imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" }}
 
   ## Credentials to fetch images from private registry
   ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
   #
   imagePullSecrets:
     - "external-registry"
-
-  ## Define internal kubernetes domain, usually svc.cluster.local
-  ## Workaround for calico with postfix
-  #
-  internalDomain: "svc.cluster.local"
-
-  ## Define internal kubernetes network for postfix
-  ## Attention: Mail from this network can be sent without authentication!
-  #
-  internalNetwork: "10.0.0.0/8"
 ...

helmfile/environments/default/images.gotmpl

@@ -12,7 +12,7 @@ images:
     tag: "23.05.2.2.1"
   dovecot:
     repository: "dovecot/dovecot"
-    tag: "2.3.20"
+    digest: "sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7"
   element:
     repository: "vectorim/element-web"
     tag: "v1.11.35"
@@ -71,6 +71,9 @@ images:
   openproject:
     repository: "souvap/tooling/images/openproject/souvap"
     tag: "dev"
+  openxchangeBootstrap:
+    repository: "alpine/k8s"
+    digest: "sha256:199a4457602b4e260d9781358cd2e342f63c177f4bcfa8053493be01e57beddf"
   openxchangeCoreGuidedtours:
     repository: "appsuite-public-sector/core-guidedtours"
     tag: "8.5.0"
@@ -125,7 +128,4 @@ images:
   xwiki:
     repository: "xwikisas/swp/xwiki"
     tag: "0.8-mariadb-tomcat"
-  xwikiInit:
-    repository: "curlimages/curl"
-    tag: "8.1.2"
 ...