chore(release): 0.2.0 [skip ci]

# [0.2.0](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.2...v0.2.0) (2023-08-15)

### Bug Fixes

* **helmfile:** Replace bitnami repositories with OCI ([4c21fd2](4c21fd2286))

### Features

* **helmfile:** Implement private image/chart registry variables ([5788323](5788323621))

CHANGELOG.md

@@ -1,3 +1,22 @@
+# [0.2.0](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.2...v0.2.0) (2023-08-15)
+
+
+### Bug Fixes
+
+* **helmfile:** Replace bitnami repositories with OCI ([4c21fd2](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/4c21fd228654520bb71d56dc1bda96332334002b))
+
+
+### Features
+
+* **helmfile:** Implement private image/chart registry variables ([5788323](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/57883236219811d2a5fc422649b4f9b042a0ac22))
+
+## [0.1.2](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.1...v0.1.2) (2023-08-15)
+
+
+### Bug Fixes
+
+* **jitsi:** Update support for NodePort setups with different ingress/egress ips ([de25789](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/de257893d4ff2b3e8ea1d6988c6bdde5ed1eae9a))
+
 ## [0.1.1](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/compare/v0.1.0...v0.1.1) (2023-08-14)
 
 

README.md

@@ -149,6 +149,16 @@ and wait a little. After the deployment is finished some bootstrapping is
 executed which might take some more minutes before you can log in your new
 instance.
 
+## Offline deployment
+
+Before executing a [local deployment](#local-deployment), you can set following
+environment variables to use your own container image and helm chart registry:
+
+| name                         | description                    |
+|------------------------------|--------------------------------|
+| PRIVATE_CHART_REPOSITORY_URL | Your helm chart repository url |
+| PRIVATE_IMAGE_REGISTRY_URL   | Your image registry url        |
+
 ## Logging in
 
 When successfully deployed the SWP, all K8s jobs from the deployment should be

helmfile/apps/collabora/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "collabora-online"
-    url: "https://collaboraonline.github.io/online"
+  - name: "collabora-online-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://collaboraonline.github.io/online" }}
 
 releases:
   - name: "collabora-online"
-    chart: "collabora-online/collabora-online"
+    chart: "collabora-online-repo/collabora-online"
     version: "1.0.2"
     values:
       - "values.yaml"

helmfile/apps/element/helmfile.yaml

@@ -2,33 +2,35 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-element"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable"
+  - name: "sovereign-workplace-element-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable" }}
 
 releases:
   - name: "sovereign-workplace-element"
-    chart: "sovereign-workplace-element/sovereign-workplace-element"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-element"
     version: "1.1.2"
     values:
       - "values-element.gotmpl"
     condition: "element.enabled"
 
   - name: "sovereign-workplace-well-known"
-    chart: "sovereign-workplace-element/sovereign-workplace-well-known"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-well-known"
     version: "1.1.2"
     values:
       - "values-well-known.gotmpl"
     condition: "element.enabled"
 
   - name: "sovereign-workplace-synapse-web"
-    chart: "sovereign-workplace-element/sovereign-workplace-synapse-web"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-synapse-web"
     version: "1.1.2"
     values:
       - "values-synapse-web.gotmpl"
     condition: "element.enabled"
 
   - name: "sovereign-workplace-synapse"
-    chart: "sovereign-workplace-element/sovereign-workplace-synapse"
+    chart: "sovereign-workplace-element-repo/sovereign-workplace-synapse"
     version: "1.1.2"
     values:
       - "values-synapse.gotmpl"

helmfile/apps/intercom-service/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "intercom-service"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable"
+  - name: "intercom-service-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable" }}
 
 releases:
   - name: "intercom-service"
-    chart: "intercom-service/intercom-service"
+    chart: "intercom-service-repo/intercom-service"
     version: "1.1.3"
     values:
       - "values.yaml"

helmfile/apps/jitsi/helmfile.yaml

@@ -2,13 +2,15 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "jitsi"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/137/packages/helm/stable"
+  - name: "jitsi-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/137/packages/helm/stable" }}
 
 releases:
   - name: "jitsi"
-    chart: "jitsi/sovereign-workplace-jitsi"
-    version: "1.1.3"
+    chart: "jitsi-repo/sovereign-workplace-jitsi"
+    version: "1.2.1"
     values:
       - "values-jitsi.gotmpl"
     condition: "jitsi.enabled"

helmfile/apps/jitsi/values-jitsi.gotmpl

@@ -51,7 +51,7 @@ jitsi:
     {{- end }}
     extraEnvs:
       - name: "AUTH_TYPE"
-        value: "jwt"
+        value: "hybrid_matrix_token"
       - name: "JWT_APP_ID"
         value: "myappid"
       - name: "JWT_APP_SECRET"
@@ -111,6 +111,8 @@ jitsi:
   {{- end }}
 
 patchJVB:
+  configuration:
+    staticLoadbalancerIP: "{{ .Values.cluster.networking.ingressGatewayIP }}"
   image:
     registry: "{{ .Values.global.imageRegistry }}"
     repository: "{{ .Values.images.jitsiPatchJVB.repository }}"

helmfile/apps/keycloak-bootstrap/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-keycloak-bootstrap"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable"
+  - name: "sovereign-workplace-keycloak-bootstrap-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable" }}
 
 releases:
   - name: "sovereign-workplace-keycloak-bootstrap"
-    chart: "sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap"
+    chart: "sovereign-workplace-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
     version: "1.1.11"
     values:
       - "values-bootstrap.gotmpl"

helmfile/apps/keycloak/helmfile.yaml

@@ -2,22 +2,29 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "bitnami"
-    url: "https://charts.bitnami.com/bitnami"
-  - name: "keycloak-theme"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable"
-  - name: "keycloak-extensions"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable"
+  - name: "bitnami-repo"
+    oci: true
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "registry-1.docker.io/bitnamicharts" }}
+  - name: "keycloak-theme-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable" }}
+  - name: "keycloak-extensions-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }}
 
 releases:
   - name: "keycloak-theme"
-    chart: "keycloak-theme/sovereign-workplace-theme"
+    chart: "keycloak-theme-repo/sovereign-workplace-theme"
     version: "1.0.0"
     values:
       - "values-theme.gotmpl"
     condition: "keycloak.enabled"
   - name: "keycloak"
-    chart: "bitnami/keycloak"
+    chart: "bitnami-repo/keycloak"
     version: "12.2.0"
     values:
       - "values-keycloak.gotmpl"
@@ -26,7 +33,7 @@ releases:
     wait: true
     condition: "keycloak.enabled"
   - name: "keycloak-extensions"
-    chart: "keycloak-extensions/keycloak-extensions"
+    chart: "keycloak-extensions-repo/keycloak-extensions"
     version: "0.1.0"
     needs:
       - "keycloak"

helmfile/apps/nextcloud/helmfile.yaml

@@ -2,14 +2,18 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-nextcloud-bootstrap"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/130/packages/helm/stable"
-  - name: "nextcloud"
-    url: "https://nextcloud.github.io/helm/"
+  - name: "sovereign-workplace-nextcloud-bootstrap-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/130/packages/helm/stable" }}
+  - name: "nextcloud-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://nextcloud.github.io/helm/" }}
 
 releases:
   - name: "sovereign-workplace-nextcloud-bootstrap"
-    chart: "sovereign-workplace-nextcloud-bootstrap/sovereign-workplace-nextcloud-bootstrap"
+    chart: "sovereign-workplace-nextcloud-bootstrap-repo/sovereign-workplace-nextcloud-bootstrap"
     version: "2.2.0"
     wait: true
     waitForJobs: true
@@ -20,7 +24,7 @@ releases:
     timeout: 1800
 
   - name: "nextcloud"
-    chart: "nextcloud/nextcloud"
+    chart: "nextcloud-repo/nextcloud"
     version: "3.5.19"
     needs:
       - "sovereign-workplace-nextcloud-bootstrap"

helmfile/apps/open-xchange/helmfile.yaml

@@ -2,31 +2,37 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "dovecot"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable"
-  - name: "openxchange"
-    url: "registry.open-xchange.com"
+  - name: "dovecot-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable" }}
+  - name: "openxchange-repo"
     oci: true
-  - name: "sovereign-workplace-open-xchange-bootstrap"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "registry.open-xchange.com" }}
+  - name: "sovereign-workplace-open-xchange-bootstrap-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable" }}
 
 releases:
   - name: "dovecot"
-    chart: "dovecot/dovecot"
+    chart: "dovecot-repo/dovecot"
     version: "1.3.1"
     values:
       - "values-dovecot.yaml"
       - "values-dovecot.gotmpl"
     condition: "dovecot.enabled"
   - name: "open-xchange"
-    chart: "openxchange/appsuite-public-sector/charts/appsuite-public-sector"
+    chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
     version: "1.2.13"
     values:
       - "values-openxchange.yaml"
       - "values-openxchange.gotmpl"
     condition: "oxAppsuite.enabled"
   - name: "sovereign-workplace-open-xchange-bootstrap"
-    chart: "sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap"
+    chart: "sovereign-workplace-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
     version: "1.3.1"
     values:
       - "values-openxchange-bootstrap.yaml"

helmfile/apps/openproject/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "openproject"
-    url: "https://charts.openproject.org"
+  - name: "openproject-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://charts.openproject.org" }}
 
 releases:
   - name: "openproject"
-    chart: "openproject/openproject"
+    chart: "openproject-repo/openproject"
     version: "1.8.0"
     values:
       - "values.yaml"

helmfile/apps/provisioning/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "ox-connector"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable"
+  - name: "ox-connector-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }}
 
 releases:
   - name: "ox-connector"
-    chart: "ox-connector/ox-connector"
+    chart: "ox-connector-repo/ox-connector"
     version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
     values:
       - "values-oxconnector.yaml"

helmfile/apps/services/helmfile.yaml

@@ -2,70 +2,85 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-certificates"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable"
-  - name: "postgresql"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/83/packages/helm/stable"
-  - name: "mariadb"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/86/packages/helm/stable"
-  - name: "postfix"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable"
-  - name: "istio-resources"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable"
-  - name: "clamav"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/73/packages/helm/stable"
-  - name: "bitnami"
-    url: "https://charts.bitnami.com/bitnami"
+  - name: "sovereign-workplace-certificates-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable" }}
+  - name: "postgresql-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/83/packages/helm/stable" }}
+  - name: "mariadb-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/86/packages/helm/stable" }}
+  - name: "postfix-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable" }}
+  - name: "istio-resources-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable" }}
+  - name: "clamav-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/73/packages/helm/stable" }}
+  - name: "bitnami-repo"
+    oci: true
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "registry-1.docker.io/bitnamicharts" }}
 
 releases:
   - name: "sovereign-workplace-certificates"
-    chart: "sovereign-workplace-certificates/sovereign-workplace-certificates"
+    chart: "sovereign-workplace-certificates-repo/sovereign-workplace-certificates"
     version: "1.2.2"
     values:
       - "values-certificates.gotmpl"
     condition: "certificates.enabled"
   - name: "redis"
-    chart: "bitnami/redis"
+    chart: "bitnami-repo/redis"
     version: "^17.9.3"
     values:
       - "values-redis.gotmpl"
       - "values-redis.yaml"
     condition: "redis.enabled"
   - name: "postgresql"
-    chart: "postgresql/postgresql"
+    chart: "postgresql-repo/postgresql"
     version: "2.0.0"
     values:
       - "values-postgresql.yaml"
       - "values-postgresql.gotmpl"
     condition: "postgresql.enabled"
   - name: "mariadb"
-    chart: "mariadb/mariadb"
+    chart: "mariadb-repo/mariadb"
     version: "2.0.0"
     values:
       - "values-mariadb.yaml"
       - "values-mariadb.gotmpl"
     condition: "mariadb.enabled"
   - name: "postfix"
-    chart: "postfix/postfix"
+    chart: "postfix-repo/postfix"
     version: "1.13.0"
     values:
       - "values-postfix.yaml"
       - "values-postfix.gotmpl"
     condition: "postfix.enabled"
   - name: "clamav"
-    chart: "clamav/sovereign-workplace-clamav"
+    chart: "clamav-repo/sovereign-workplace-clamav"
     version: "2.1.0"
     values:
       - "values-clamav-distributed.gotmpl"
     condition: "clamavDistributed.enabled"
   - name: "clamav-simple"
-    chart: "clamav/clamav-simple"
+    chart: "clamav-repo/clamav-simple"
     version: "2.1.0"
     values:
       - "values-clamav-simple.gotmpl"
     condition: "clamavSimple.enabled"
   - name: "sovereign-workplace-gateway"
-    chart: "istio-resources/istio-gateway"
+    chart: "istio-resources-repo/istio-gateway"
     version: "1.1.2"
     values:
       - "values-istio-gateway.gotmpl"

helmfile/apps/univention-corporate-container/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "univention-corporate-container"
-    url: "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable"
+  - name: "univention-corporate-container-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable" }}
 
 releases:
   - name: "univention-corporate-container"
-    chart: "univention-corporate-container/univention-corporate-container"
+    chart: "univention-corporate-container-repo/univention-corporate-container"
     version: "1.0.10"
     values:
       - "values.yaml"

helmfile/apps/xwiki/helmfile.yaml

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "xwiki"
-    url: "https://xwiki-contrib.github.io/xwiki-helm"
+  - name: "xwiki-repo"
+    url: >-
+      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+         default "https://xwiki-contrib.github.io/xwiki-helm" }}
 
 releases:
   - name: "xwiki"
-    chart: "xwiki/xwiki"
+    chart: "xwiki-repo/xwiki"
     version: "1.1.1"
     wait: true
     timeout: 600

helmfile/environments/default/cluster.gotmpl

@@ -19,6 +19,10 @@ cluster:
     domain: "cluster.local"
     # Kubernetes cluster network CIDR.
     cidr: "10.0.0.0/8"
+    # Ingress-gateway IP - only relevant for "NodePort" cluster services.
+    # When ingress and egress gateway use different ips, which results that pods can't self-discover their incoming ip,
+    # you need to provide the public (load-balanced) ingress gateways ip address.
+    ingressGatewayIP: ""
 
   container:
     # Used container engine in kubernetes cluster.

helmfile/environments/default/global.gotmpl

@@ -36,21 +36,11 @@ global:
 
   ## Define docker registry address.
   #
-  imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace"
+  imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" }}
 
   ## Credentials to fetch images from private registry
   ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
   #
   imagePullSecrets:
     - "external-registry"
-
-  ## Define internal kubernetes domain, usually svc.cluster.local
-  ## Workaround for calico with postfix
-  #
-  internalDomain: "svc.cluster.local"
-
-  ## Define internal kubernetes network for postfix
-  ## Attention: Mail from this network can be sent without authentication!
-  #
-  internalNetwork: "10.0.0.0/8"
 ...