mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
Compare commits
129 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
5e50ed119f | ||
|
|
d0a07997c1 | ||
|
|
985df5906f | ||
|
|
385d81b9a9 | ||
|
|
0ad043406b | ||
|
|
4a79728f01 | ||
|
|
7c56c7244f | ||
|
|
e0fce6631b | ||
|
|
899a8c5af9 | ||
|
|
6cee2c878b | ||
|
|
4359b21f1c | ||
|
|
d8b2bd3af0 | ||
|
|
8fafd906a3 | ||
|
|
fece4ace87 | ||
|
|
ab6014f8c6 | ||
|
|
fecd13612b | ||
|
|
38336d0240 | ||
|
|
9f9e4e9521 | ||
|
|
b47de62f98 | ||
|
|
9e54299917 | ||
|
|
d249d0e3ce | ||
|
|
fbe7de3c56 | ||
|
|
034e98c850 | ||
|
|
7feaadf7f8 | ||
|
|
a7fef3afff | ||
|
|
5d01f8ca46 | ||
|
|
7093022ec4 | ||
|
|
2313f75dbe | ||
|
|
af9caea726 | ||
|
|
b39986907c | ||
|
|
a02d7c6085 | ||
|
|
a046deaf17 | ||
|
|
c76e960446 | ||
|
|
535823e0a8 | ||
|
|
9966bf640e | ||
|
|
8e376bb4a5 | ||
|
|
7c0e4aa9a6 | ||
|
|
e609b75cc7 | ||
|
|
20d26a069b | ||
|
|
59d58e320e | ||
|
|
49b71aafb4 | ||
|
|
cbe514176a | ||
|
|
0898d96571 | ||
|
|
7f7c364071 | ||
|
|
fd9e04d992 | ||
|
|
86657b139a | ||
|
|
cdffbe1298 | ||
|
|
82a037ec7c | ||
|
|
1a4eced998 | ||
|
|
06dcdd78af | ||
|
|
f564efd97f | ||
|
|
16f2ac464e | ||
|
|
30405d182d | ||
|
|
785989e91d | ||
|
|
27b6796639 | ||
|
|
7756d35fa1 | ||
|
|
5afd2339c2 | ||
|
|
b7f220a6b6 | ||
|
|
fb7dba787c | ||
|
|
72e3afdffd | ||
|
|
85b8fcaab5 | ||
|
|
c3129f1443 | ||
|
|
000be8b032 | ||
|
|
da1bf3581c | ||
|
|
4d0011d957 | ||
|
|
74f9ec28e4 | ||
|
|
b1d4b2d8ea | ||
|
|
711d29e374 | ||
|
|
0ba7be2a5f | ||
|
|
d4c751d29f | ||
|
|
70744d04c6 | ||
|
|
e4e6d2d60a | ||
|
|
e42feb4c26 | ||
|
|
f12c2ed0c2 | ||
|
|
7dbcbfe723 | ||
|
|
1d8a0ccf1a | ||
|
|
e33acd33e7 | ||
|
|
74e206694e | ||
|
|
6fd655a0b1 | ||
|
|
d4c39025b6 | ||
|
|
d86f516747 | ||
|
|
4c5731e6bb | ||
|
|
6a390112da | ||
|
|
65d2642d34 | ||
|
|
55f73924df | ||
|
|
11cc708f6e | ||
|
|
b6b4972a5d | ||
|
|
2e3f5f6e53 | ||
|
|
3da2aaaed9 | ||
|
|
424317ed58 | ||
|
|
b335bc4c3b | ||
|
|
5343840bed | ||
|
|
2d5d3708f7 | ||
|
|
41dfdc0c8f | ||
|
|
ca5d5f8280 | ||
|
|
095059c7e5 | ||
|
|
1dd6582ec7 | ||
|
|
74b3d41381 | ||
|
|
a41b9a699c | ||
|
|
0b4cd739fc | ||
|
|
4372f063e0 | ||
|
|
15ad8ca7ab | ||
|
|
1884a90e6f | ||
|
|
0997f2e4a7 | ||
|
|
0f01b94aa1 | ||
|
|
892920b048 | ||
|
|
5c3568871b | ||
|
|
f22619bd8e | ||
|
|
275798c1d6 | ||
|
|
5ad25acafd | ||
|
|
437633cda6 | ||
|
|
62b767ef38 | ||
|
|
02be7c15bb | ||
|
|
9acce08139 | ||
|
|
3f8bffbcf3 | ||
|
|
98ec02f230 | ||
|
|
b340373133 | ||
|
|
6456f68b7b | ||
|
|
a37faf3b57 | ||
|
|
fbbf3f253b | ||
|
|
2703615dff | ||
|
|
85ad5ecd6d | ||
|
|
ae3d0daa11 | ||
|
|
0a17976aca | ||
|
|
ce7e5f670a | ||
|
|
917f9fb452 | ||
|
|
f46c8a9a5f | ||
|
|
c2b44da34e | ||
|
|
41b9afb364 |
4
.gitignore
vendored
4
.gitignore
vendored
@@ -5,4 +5,8 @@
|
||||
|
||||
# Ignore changes to sample environments
|
||||
helmfile/environments/dev/values.yaml
|
||||
helmfile/environments/dev/values.gotmpl
|
||||
helmfile/environments/test/values.yaml
|
||||
helmfile/environments/test/values.gotmpl
|
||||
helmfile/environments/prod/values.yaml
|
||||
helmfile/environments/prod/values.gotmpl
|
||||
|
||||
@@ -78,6 +78,12 @@ variables:
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
DEPLOY_CRYPTPAD:
|
||||
description: "Enable CryptPad deployment."
|
||||
value: "no"
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
DEPLOY_ELEMENT:
|
||||
description: "Enable Element deployment."
|
||||
value: "no"
|
||||
@@ -183,8 +189,16 @@ env-cleanup:
|
||||
$ENV_STOP_BEFORE != "no"
|
||||
when: "always"
|
||||
script:
|
||||
- "helmfile destroy --namespace ${NAMESPACE}"
|
||||
- "kubectl delete pvc --all --namespace ${NAMESPACE}"
|
||||
- |
|
||||
if [ "${OPENDESK_SLEDGEHAMMER_DESTROY_ENABLED}" = "yes" ]; then
|
||||
for OPENDESK_RELEASE in $(helm ls -n ${NAMESPACE} -aq); do
|
||||
helm uninstall -n ${NAMESPACE} ${OPENDESK_RELEASE};
|
||||
done
|
||||
kubectl delete pvc --all --namespace ${NAMESPACE};
|
||||
kubectl delete jobs --all --namespace ${NAMESPACE};
|
||||
else
|
||||
helmfile destroy --namespace ${NAMESPACE};
|
||||
fi
|
||||
stage: "env-cleanup"
|
||||
|
||||
env-start:
|
||||
@@ -334,6 +348,18 @@ collabora-deploy:
|
||||
variables:
|
||||
COMPONENT: "collabora"
|
||||
|
||||
cryptpad-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_CRYPTPAD != "no")
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "cryptpad"
|
||||
|
||||
nextcloud-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
|
||||
334
CHANGELOG.md
334
CHANGELOG.md
@@ -1,3 +1,332 @@
|
||||
## [0.5.31](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.30...v0.5.31) (2023-11-08)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Update optional UMS preview state ([d0a0799](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d0a07997c12ddb9731a0dfed0d6fa71d9a3790e7))
|
||||
|
||||
## [0.5.30](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.29...v0.5.30) (2023-11-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Init monitoring in defaults and in collabora (for prometheus-monitor, -rules and grafana dashboard) ([0ad0434](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0ad043406bef7bb10d561ef1418b58cbd8714d43))
|
||||
* **helmfile:** Add monitoring.yaml for optional monitoring ([385d81b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/385d81b9a9e1ec319706493c51629c8e48822aa7))
|
||||
|
||||
## [0.5.29](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.28...v0.5.29) (2023-11-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **xwiki:** Update XWiki Helm configuration to enable LDAP and OIDC user synchronization ([7c56c72](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7c56c7244f3862b6b21627661430a94d804c6974))
|
||||
|
||||
## [0.5.28](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.27...v0.5.28) (2023-11-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Add Document- and ImageConverter, improve LDAP address book filters ([899a8c5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/899a8c5af9052634b98d9876dfbaea517d89ad49))
|
||||
|
||||
## [0.5.27](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.26...v0.5.27) (2023-11-04)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **docs:** Re-include release artefacts ([4359b21](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4359b21f1cdae91a87b87ad2b270d67a2b1eda21))
|
||||
|
||||
## [0.5.26](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.25...v0.5.26) (2023-11-02)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Enables user directory search for all users ([8fafd90](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/8fafd906a3b0efa7e4164b357656d7903fc55371))
|
||||
|
||||
## [0.5.25](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.24...v0.5.25) (2023-11-01)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **cryptpad:** Add CryptPad to support editing of diagrams.net files from within Nextcloud ([ab6014f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ab6014f8c6285785be5c56cd656fe0636df4434c))
|
||||
|
||||
## [0.5.24](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.23...v0.5.24) (2023-11-01)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Update image to 23.05.5.3.1 ([38336d0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/38336d024033f4fe1a28b0f76f9c63ecdb076156))
|
||||
|
||||
## [0.5.23](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.22...v0.5.23) (2023-11-01)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Update Element Web to latest release ([b47de62](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b47de62f987e8778878fee55ecda3032beb55f3d))
|
||||
|
||||
## [0.5.22](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.21...v0.5.22) (2023-10-31)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Nextcloud integration within K8s instances ([d249d0e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d249d0e3ce3ee0966033e870ea5c4d9e1928f045))
|
||||
|
||||
## [0.5.21](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.20...v0.5.21) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Deinstall components if disabled ([7feaadf](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7feaadf7f8830d8d0d5df752733c9b8f47315df6))
|
||||
* **helmfile:** Put enviroments in first document inside of a yaml ([034e98c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/034e98c850fa1f67300c04883904737a69448a25))
|
||||
|
||||
## [0.5.20](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.19...v0.5.20) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Remove old XWiki image, set explicit timeout for OP deployment, bump Jitsi Helm chart to enable chat for stand-alone Jitsi ([5d01f8c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5d01f8ca46384d63d69dab0119998c4bb3183084))
|
||||
|
||||
## [0.5.19](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.18...v0.5.19) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Update Element Web and Nordeck Widgets to latest releases ([2313f75](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2313f75dbe32d855b0c440944bd0de51c8e104ca))
|
||||
|
||||
## [0.5.18](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.17...v0.5.18) (2023-10-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **xwiki:** Switch to Alpine/Jetty slim image ([b399869](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b39986907cece3cec06012531a55b2699d131f90))
|
||||
|
||||
## [0.5.17](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.16...v0.5.17) (2023-10-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Update swp_integration app and prepare CryptPad integration ([a046dea](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a046deaf173ab41029c2ab5e3161bd89e0fdabcb))
|
||||
|
||||
## [0.5.16](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.15...v0.5.16) (2023-10-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Slim container with upgraded helm-chart ([535823e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/535823e0a8b2bde72d159835248b2287fd136af7))
|
||||
|
||||
## [0.5.15](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.14...v0.5.15) (2023-10-25)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add XWiki Jetty and UniventionKeycloak to image.yaml for Compliance checks. They are not yet part of standard deployment. ([8e376bb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/8e376bb4a5e37e16d76ea527cd02a5f614cdfe3d))
|
||||
|
||||
## [0.5.14](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.13...v0.5.14) (2023-10-20)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Support for openDesk top bar with central navigation ([e609b75](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e609b75cc7fcbb7f03997cb5e26dd9cf4628f77d))
|
||||
|
||||
## [0.5.13](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.12...v0.5.13) (2023-10-20)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Configure rights and roles ([59d58e3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/59d58e320e503727e42dbfe0b027ba7948275ac6))
|
||||
|
||||
## [0.5.12](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.11...v0.5.12) (2023-10-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Add an application service for the intercom-service ([1a4eced](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1a4eced998998faa7ac862b8c409bbd743b16ec0))
|
||||
* **element:** Add the Matrix NeoBoard Widget deployment ([5afd233](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5afd2339c20a0be41078ae4c3ce703c62f332557))
|
||||
* **element:** Add the Matrix NeoChoice Widget deployment ([7756d35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7756d35fa156b36ed50ba8f837273db56323f45f))
|
||||
* **element:** Add the Matrix NeoDateFix Bot deployment ([785989e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/785989e91df5547ab5ac60914b82bc99c4f1a790))
|
||||
* **element:** Add the Matrix NeoDateFix Widget deployment ([27b6796](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/27b6796639f37dbd6c26f21fd54502153398aed0))
|
||||
* **element:** Add the Matrix User Verification Service deployment ([30405d1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/30405d182d44a5586a4070738dfbe1c141841d19))
|
||||
* **element:** Upgrade Element to v1.11.46 ([82a037e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/82a037ec7c25baf41bd0542c3ded47402adc2844))
|
||||
* **element:** Upgrade the opendesk-element charts to 2.3.0 ([fd9e04d](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fd9e04d9922b949d0f213016169a9024a66a1ded))
|
||||
* **element:** Upgrade the opendesk-matrix-widgets charts to 2.3.0 ([cbe5141](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/cbe514176a4d86d166db248d7297d215409016d2))
|
||||
* **element:** Use a separate image configuration for the bootstrap tasks ([7f7c364](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7f7c364071072b01d485d3e248a3f8de49a07309))
|
||||
* **intercom-service:** Allow access from the non-istio domain and reference to the correct synapse hostname ([16f2ac4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/16f2ac464eb7267f1c4d87c3ccaca2c91a7ecc1b))
|
||||
* **intercom-service:** Fix the nordeck configuration ([06dcdd7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/06dcdd78afe0e6514c1f30d24924d3e7077ae6da))
|
||||
* **jitsi:** Use template for the cluster networking domain ([0898d96](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0898d9657145d66fd4c52fe6036c955ad58a0cfe))
|
||||
* **keycloak:** Use the correct backchannel logout configuration for element ([86657b1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/86657b139a6d8f4ff3f921b8755e04cb790c3786))
|
||||
* **open-xchange:** Enable Element calendar integration ([f564efd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f564efd97f8db39cffaea317e36db3825fc9121e))
|
||||
|
||||
## [0.5.11](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.10...v0.5.11) (2023-10-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Quote all password template strings ([fb7dba7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fb7dba787c232c402aa9c989c0e8ace51869d534))
|
||||
* **services:** Add memcached service ([72e3afd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/72e3afdffdeb6f88f8e926426dbc26adf4b54e7a))
|
||||
|
||||
## [0.5.10](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.9...v0.5.10) (2023-10-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **intercom-service:** Update intercom-service chart to v2.0.0 ([c3129f1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c3129f14437728be890187bb7c4a1bfc42d90958))
|
||||
|
||||
## [0.5.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.8...v0.5.9) (2023-10-10)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Enable the guest module in Synapse ([da1bf35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/da1bf3581c5790786601948cabcef8a1d1c680ad))
|
||||
|
||||
## [0.5.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.7...v0.5.8) (2023-10-10)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add default port for SMTP in environment ([74f9ec2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/74f9ec28e401f7caeefc4e50ac0a7e95fea41a53))
|
||||
|
||||
## [0.5.7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.6...v0.5.7) (2023-10-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Mail sender address ([711d29e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/711d29e374d13a3c8b7bcdf3e8440d03e0ef2b7d))
|
||||
|
||||
## [0.5.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.5...v0.5.6) (2023-10-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Use signed bitnami charts from openDesk Mirror Builds ([70744d0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/70744d04c66f32d65dc968c8570ed7a397f4efcc))
|
||||
* **services:** Bump redis chart to 18.1.2 ([d4c751d](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d4c751d29f15c718957f6bc388a99347e2923c87))
|
||||
|
||||
## [0.5.5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.4...v0.5.5) (2023-10-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Switch image to fix central navigation; set email sender address ([e42feb4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e42feb4c260fc24692bc2742c97754230f8e2857))
|
||||
|
||||
## [0.5.4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.3...v0.5.4) (2023-10-02)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add third environment (test) ([7dbcbfe](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7dbcbfe7237b365cf53f4c850b149e8b95149901))
|
||||
|
||||
## [0.5.3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.2...v0.5.3) (2023-09-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Rollback MariaDB version to fix OX Guard initialization ([e33acd3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e33acd33e79740144e8fe318fe34dc705834ddf3))
|
||||
|
||||
## [0.5.2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.1...v0.5.2) (2023-09-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **ci:** Add Gitlab-CI sledgehammer deployment removal ([6fd655a](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6fd655a0b1afd40303ac11130692202146bab215))
|
||||
|
||||
## [0.5.1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.0...v0.5.1) (2023-09-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **docs:** Add 'Helm Chart Trust Chain' section ([b6b4972](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b6b4972a5dd426bcc8fa00137d7e7b60056376c8))
|
||||
* **docs:** Highlight that Helmfile >= 0.157.0 is required ([d86f516](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d86f516747323d117f620658c4368408926c507a))
|
||||
* **element:** Use OCI registry and verify chart signatures ([a41b9a6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a41b9a699c79bf90163bbb3c233c805b8d0a999e))
|
||||
* **helmfile:** Add cleanup flag for job resources ([0f01b94](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0f01b94aa19b40b4774ba11d9886fe6f12090e73))
|
||||
* **helmfile:** Create directory for gpg pubkeys ([4c5731e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4c5731e6bb057cb272f660b4df0369b67709c203))
|
||||
* **intercom-service:** Use OCI registry and verify chart signatures ([74b3d41](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/74b3d41381474efd2fbc5a9f3a0f1c0713811106))
|
||||
* **jitsi:** Verify chart signatures ([1dd6582](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1dd6582ec7d742250ba08f69eba9a4679984b1ae))
|
||||
* **keycloak-bootstrap:** Use OCI registry and verify chart signatures ([ca5d5f8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ca5d5f82800ea6d7ecfa38eb2b5d8b85e709bb9f))
|
||||
* **keycloak:** Use OCI registry and verify chart signatures ([095059c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/095059c7e53bbe8a874773f574cc6794ef8af6e4))
|
||||
* **nextcloud:** Use OCI registry and verify chart signatures ([41dfdc0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/41dfdc0c8f83e3d79fa5a763ac449f6edfc76676))
|
||||
* **open-xchange:** Use OCI registry and verify chart signatures ([2d5d370](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2d5d3708f7f45600961c22ce11e750561de1fd27))
|
||||
* **open-xchange:** Use renamed istio gateway ([65d2642](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/65d2642d34c1c21a00a29278f7e1143f7fabb2aa))
|
||||
* **openproject:** Use OCI registry and verify chart signatures ([5343840](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5343840bed01992b3132eace362f91588c705a98))
|
||||
* **services:** Add wildcard certifcate request support ([15ad8ca](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/15ad8ca7ab34b079252f7b69219ede81ad43aa1c))
|
||||
* **services:** Bump opendesk-certificates to 2.1.0 ([4372f06](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4372f063e0a27d5156da963d44d3ed4e72490fc4))
|
||||
* **services:** Only create istio gateway with webmail domain ([6a39011](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6a390112dab11afaca06118a0ca7a18afe633a30))
|
||||
* **services:** Use OCI registry for all services and add gpg verify mechanism ([892920b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/892920b0487b41a35b5a96596c61101827e8dd6d))
|
||||
* **univention-corporate-container:** Use OCI registry and verify chart signatures ([424317e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/424317ed585f7bd5036259d7e3d77d081d2aec1b))
|
||||
|
||||
# [0.5.0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.9...v0.5.0) (2023-09-27)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Move the static configuration into the values.yaml ([f22619b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f22619bd8ef11cb43147ef19dcff2c02d9fe0503))
|
||||
* **element:** Specify resources for the guest module init container ([275798c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/275798c1d6aa47ef33fbb0da3bb03a86d3e4b0ee))
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **element:** Activate the guest module ([5ad25ac](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5ad25acafd54d19dd2ed330b19f7860aff5d49f4))
|
||||
|
||||
## [0.4.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.8...v0.4.9) (2023-09-27)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Bump Helm chart to add app "groupfolders" ([62b767e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/62b767ef38c8eae2874b20a9aa51e85d2a3fe5a3))
|
||||
|
||||
## [0.4.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.7...v0.4.8) (2023-09-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Digest rollback ([9acce08](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/9acce081397c06426820b61f39c9aa0dcc1234a5))
|
||||
|
||||
## [0.4.7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.6...v0.4.7) (2023-09-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add timeout for database services ([98ec02f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/98ec02f230f1691eb8c17d8d3552fceda329bf7c))
|
||||
* **openproject:** Image digest ([b340373](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b340373133ad973cfd6a3632adc9a74a23419cc7))
|
||||
|
||||
## [0.4.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.5...v0.4.6) (2023-09-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Use renamed registry open_desk ([a37faf3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a37faf3b5769aea9944ffa7626096c16296dcc85))
|
||||
|
||||
## [0.4.5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.4...v0.4.5) (2023-09-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Streamline timeouts ([2703615](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2703615dffb2ba5c70704a4f08bb0485629218f3))
|
||||
|
||||
## [0.4.4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.3...v0.4.4) (2023-09-25)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Updates for mail templates and mail export ([ae3d0da](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ae3d0daa117d3d0ff307f379590394914a757546))
|
||||
|
||||
## [0.4.3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.2...v0.4.3) (2023-09-25)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Update image to 27.1.1 ([ce7e5f6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ce7e5f670a4dbc980eb8be73e5f7d15b27e8b1de))
|
||||
|
||||
## [0.4.2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.1...v0.4.2) (2023-09-21)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Add Nextcloud app for OpenProject integration; Bump Collabora Image ([f46c8a9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f46c8a9a5f4f9778cb171d65e9a0280e4ce61c16))
|
||||
|
||||
## [0.4.1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.0...v0.4.1) (2023-09-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Remove doublette triple dashes in helmfile.yaml ([41b9afb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/41b9afb3648a0e1fddc5aa4337cc1501756b370c))
|
||||
|
||||
# [0.4.0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.3.2...v0.4.0) (2023-09-18)
|
||||
|
||||
|
||||
@@ -294,3 +623,8 @@
|
||||
* **open-xchange:** OX AppSuite 8 within SWP is now publicly available ([6dc470f](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/6dc470fd67edbb9711e406acb067569ca357b989))
|
||||
* **services:** Add clamav-simple deployment ([505f25c](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/505f25c5493ebb9e0181233ed5b7d8018e3a315d))
|
||||
* **sovereign-workplace:** Initial commit ([533c504](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/533c5040faebd91f4012b604d0f4779ea1510424))
|
||||
|
||||
<!--
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
198
README.md
198
README.md
@@ -6,11 +6,20 @@ SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
[[_TOC_]]
|
||||
|
||||
# Disclaimer August 2023
|
||||
# Disclaimer
|
||||
|
||||
The current state of the Sovereign Workplace contains components that are going to be
|
||||
replaced. Like for example the UCS dev container monolith will be substituted by
|
||||
multiple Univention Management Stack containers.
|
||||
openDesk will face breaking changes in the near future without upgrade paths.
|
||||
|
||||
While most components support upgrades, major configuration or component changes
|
||||
may occur, therefore we recommend always installing from scratch.
|
||||
|
||||
Components that are going to be replaced soon are:
|
||||
- The UCS dev container monolith will be substituted by multiple Univention
|
||||
Management Stack containers,
|
||||
- the Nextcloud community container is going to be replaced by an openDesk
|
||||
specific Nextcloud distroless container and
|
||||
- Dovecot Community is going to be replaced by a Dovecot container tailored for the
|
||||
needs of the public sector.
|
||||
|
||||
In the next months we not only expect upstream updates of the functional
|
||||
components within their feature scope, but we are also going to address
|
||||
@@ -19,8 +28,6 @@ operational issues like monitoring and network policies.
|
||||
Of course, further development also includes enhancing the documentation.
|
||||
|
||||
The first release of the Sovereign Workplace is scheduled for December 2023.
|
||||
Before that release there will be breaking changes in the deployment.
|
||||
|
||||
|
||||
# The Sovereign Workplace (SWP)
|
||||
|
||||
@@ -66,11 +73,12 @@ up your own instance for development purposes. Please see the project
|
||||
|
||||
These are the requirements of the Sovereign Workplace deployment:
|
||||
|
||||
- Vanilla K8s cluster
|
||||
- K8s cluster >= 1.24, [CNCF Certified Kubernetes Distro](https://www.cncf.io/certification/software-conformance/)
|
||||
- Domain and DNS Service
|
||||
- Ingress controller (supported are nginx-ingress, ingress-nginx, HAProxy)
|
||||
- [Helm](https://helm.sh/), [HelmFile](https://helmfile.readthedocs.io/en/latest/) and
|
||||
[HelmDiff](https://github.com/databus23/helm-diff)
|
||||
- [Helm](https://helm.sh/) >= v3.9.0
|
||||
- [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= **v0.157.0**
|
||||
- [HelmDiff](https://github.com/databus23/helm-diff) >= 3.6.0
|
||||
- Volume provisioner supporting RWO (read-write-once)
|
||||
- Certificate handling with [cert-manager](https://cert-manager.io/)
|
||||
- [Istio](https://istio.io/) is currently required to deploy and operate OX AppSuite8, we are talking to Open-Xchange and will try to get rid of this dependency.
|
||||
@@ -155,6 +163,12 @@ and wait a little. After the deployment is finished some bootstrapping is
|
||||
executed which might take some more minutes before you can log in your new
|
||||
instance.
|
||||
|
||||
Deployments can be removed with:
|
||||
|
||||
```shell
|
||||
helmfile destroy -n <NAMESPACE>
|
||||
```
|
||||
|
||||
## Offline deployment
|
||||
|
||||
Before executing a [local deployment](#local-deployment), you can set following
|
||||
@@ -202,12 +216,14 @@ subdirectory `/helmfile/apps/services`.
|
||||
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval |
|
||||
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval |
|
||||
| Collabora | `collabora.enabled` | `true` | Weboffice | Functional |
|
||||
| CryptPad | `cryptpad.enabled` | `true` | Weboffice | Functional |
|
||||
| Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional |
|
||||
| Element | `element.enabled` | `true` | Secure communications platform | Functional |
|
||||
| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional |
|
||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional |
|
||||
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
|
||||
| MariaDB | `mariadb.enabled` | `true` | Database | Eval |
|
||||
| Memcached | `memcached.enabled` | `true` | Cache Database | Eval |
|
||||
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
|
||||
| OpenProject | `openproject.enabled` | `true` | Project management | Functional |
|
||||
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
|
||||
@@ -231,8 +247,8 @@ subdirectory `/helmfile/apps/services`.
|
||||
|
||||
#### Databases
|
||||
|
||||
In case you don't got for a develop or evaluation environment you want to point
|
||||
the application to your own database instances.
|
||||
When deploying this suite to production, you need to configure the applications to use your production grade database
|
||||
service.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------|
|
||||
@@ -276,6 +292,24 @@ the application to your own database instances.
|
||||
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
|
||||
| | | | Password | `databases.xwiki.password` | |
|
||||
|
||||
#### Cache
|
||||
|
||||
When deploying this suite to production, you need to configure the applications to use your production grade cache
|
||||
service.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|------------------|------------------|-----------|-----------|------------------------------|------------------|
|
||||
| Intercom Service | Intercom Service | Redis | | | |
|
||||
| | | | Host | `cache.intercomService.host` | `redis-headless` |
|
||||
| | | | Port | `cache.intercomService.port` | `6379` |
|
||||
| Nextcloud | Nextcloud | Redis | | | |
|
||||
| | | | Host | `cache.nextcloud.host` | `redis-headless` |
|
||||
| | | | Port | `cache.nextcloud.port` | `6379` |
|
||||
| OpenProject | OpenProject | Memcached | | | |
|
||||
| | | | Host | `cache.openproject.host` | `memcached` |
|
||||
| | | | Port | `cache.openproject.port` | `11211` |
|
||||
|
||||
|
||||
### Scaling
|
||||
|
||||
The Replicas of components can be increased, while we still have to look in the
|
||||
@@ -289,6 +323,7 @@ actual scalability of the components (see column `Scaling (verified)`).
|
||||
| | `replicas.icap` | :white_check_mark: | :white_check_mark: |
|
||||
| | `replicas.milter` | :white_check_mark: | :white_check_mark: |
|
||||
| Collabora | `replicas.collabora` | :white_check_mark: | :gear: |
|
||||
| CryptPad | `replicas.cryptpad` | :white_check_mark: | :gear: |
|
||||
| Dovecot | `replicas.dovecot` | :x: | :gear: |
|
||||
| Element | `replicas.element` | :white_check_mark: | :white_check_mark: |
|
||||
| | `replicas.synapse` | :x: | :gear: |
|
||||
@@ -307,7 +342,7 @@ actual scalability of the components (see column `Scaling (verified)`).
|
||||
|
||||
### Mail/SMTP configuration
|
||||
|
||||
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
|
||||
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
|
||||
the whole subdomain.
|
||||
|
||||
```yaml
|
||||
@@ -336,33 +371,118 @@ turn:
|
||||
|
||||
## Security
|
||||
|
||||
This section summarizes various aspects of security and compliance aspects.
|
||||
|
||||
### Kubernetes Security Enforcements
|
||||
|
||||
This list gives you an overview of default security settings and if they comply with security standards:
|
||||
|
||||
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|-------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| CryptPad | cryptpad | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 4001 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
|
||||
|
||||
### Helm Chart Trust Chain
|
||||
|
||||
Helm Charts which are released via openDesk CI/CD process are always signed. The public GPG keys are present in
|
||||
`pubkey.gpg` file and are validated during helmfile installation.
|
||||
|
||||
| Repository | OCI | Verifiable |
|
||||
|--------------------------------------|:---:|:------------------:|
|
||||
| bitnami-repo (openDesk build) | yes | :white_check_mark: |
|
||||
| clamav-repo | yes | :white_check_mark: |
|
||||
| collabora-online-repo | no | :x: |
|
||||
| cryptpad-online-repo | no | :x: |
|
||||
| intercom-service-repo | yes | :white_check_mark: |
|
||||
| istio-resources-repo | yes | :white_check_mark: |
|
||||
| jitsi-repo | yes | :white_check_mark: |
|
||||
| keycloak-extensions-repo | no | :x: |
|
||||
| keycloak-theme-repo | yes | :white_check_mark: |
|
||||
| mariadb-repo | yes | :white_check_mark: |
|
||||
| nextcloud-repo | no | :x: |
|
||||
| opendesk-certificates-repo | yes | :white_check_mark: |
|
||||
| opendesk-dovecot-repo | yes | :white_check_mark: |
|
||||
| opendesk-element-repo | yes | :white_check_mark: |
|
||||
| opendesk-keycloak-bootstrap-repo | yes | :white_check_mark: |
|
||||
| opendesk-nextcloud-bootstrap-repo | yes | :white_check_mark: |
|
||||
| opendesk-open-xchange-bootstrap-repo | yes | :white_check_mark: |
|
||||
| openproject-repo | no | :x: |
|
||||
| openxchange-repo | yes | :x: |
|
||||
| ox-connector-repo | no | :x: |
|
||||
| postfix-repo | yes | :white_check_mark: |
|
||||
| postgresql-repo | yes | :white_check_mark: |
|
||||
| univention-corporate-container-repo | yes | :white_check_mark: |
|
||||
| ums-repo | no | :x: |
|
||||
| xwiki-repo | no | :x: |
|
||||
|
||||
|
||||
## Monitoring
|
||||
Together with
|
||||
[kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) into
|
||||
you can monitor openDesk components with Prometheus and Grafana.
|
||||
|
||||
Before enabling the following options, you need to install the respective CRDs from the kube-prometheus-stack
|
||||
repository.
|
||||
|
||||
|
||||
### Metrics
|
||||
To deploy podMonitor and serviceMonitor custom resources, enable it by:
|
||||
|
||||
```yaml
|
||||
prometheus:
|
||||
serviceMonitors:
|
||||
enabled: true
|
||||
podMonitors:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
### Alerts
|
||||
Some helm-charts provide a default set of prometheusRules for alerting, enable it by:
|
||||
|
||||
```yaml
|
||||
prometheus:
|
||||
prometheusRules:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
### Dashboards for Grafana
|
||||
To deploy optional ConfigMaps with Grafana dashboards, enable it by:
|
||||
|
||||
```yaml
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: true
|
||||
```
|
||||
|
||||
### Components
|
||||
| Component | Metrics (pod- or serviceMonitor) | Alerts (prometheusRule) | Dashboard (Grafana) |
|
||||
|:------------|-----------------------------------|-------------------------|---------------------|
|
||||
| Collabora | :white_check_mark: | :white_check_mark: | :white_check_mark: |
|
||||
|
||||
|
||||
# Component integration
|
||||
@@ -451,6 +571,7 @@ flowchart TD
|
||||
J[Jitsi]-->K
|
||||
I[IntercomService]-->K
|
||||
C[Collabora]-->N
|
||||
R[CryptPad]-->N
|
||||
F[Postfix]-->D
|
||||
```
|
||||
|
||||
@@ -502,6 +623,11 @@ that can be found at `Settings` -> `CI/CD` -> `Variables`. The variable should h
|
||||
If the branch of the test pipeline is not `main` this can be set with the .gitlab-ci.yml variable
|
||||
`TESTS_BRANCH` while creating a new pipeline.
|
||||
|
||||
# License
|
||||
This project uses the following license: Apache-2.0
|
||||
|
||||
# Copyright
|
||||
Copyright (C) 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
|
||||
# Footnotes
|
||||
|
||||
|
||||
@@ -29,6 +29,7 @@ missingFileHandler: "Error"
|
||||
# - Installing a single release from root via helmfile apply -f helmfile/apps/<app>/helmfile.yaml
|
||||
# - Installing a single release from app directory via helmfile apply
|
||||
# Issue: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues/2
|
||||
|
||||
environments:
|
||||
default:
|
||||
values:
|
||||
@@ -39,9 +40,17 @@ environments:
|
||||
- "helmfile/environments/default/*.gotmpl"
|
||||
- "helmfile/environments/default/*.yaml"
|
||||
- "helmfile/environments/dev/values.yaml"
|
||||
- "helmfile/environments/dev/values.gotmpl"
|
||||
test:
|
||||
values:
|
||||
- "helmfile/environments/default/*.gotmpl"
|
||||
- "helmfile/environments/default/*.yaml"
|
||||
- "helmfile/environments/test/values.yaml"
|
||||
- "helmfile/environments/test/values.gotmpl"
|
||||
prod:
|
||||
values:
|
||||
- "helmfile/environments/default/*.gotmpl"
|
||||
- "helmfile/environments/default/*.yaml"
|
||||
- "helmfile/environments/prod/values.yaml"
|
||||
- "helmfile/environments/prod/values.gotmpl"
|
||||
...
|
||||
|
||||
@@ -1,7 +1,13 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Collabora Online
|
||||
# Source: https://github.com/CollaboraOnline/online
|
||||
- name: "collabora-online-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
@@ -14,12 +20,9 @@ releases:
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "collabora.enabled"
|
||||
installed: {{ .Values.collabora.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "collabora"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -29,7 +29,7 @@ ingress:
|
||||
collabora:
|
||||
# Admin Console Credentials: https://CODE-domain/browser/dist/admin/admin.html
|
||||
username: "collabora-internal-admin"
|
||||
password: {{ .Values.secrets.collabora.adminPassword }}
|
||||
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
||||
aliasgroups:
|
||||
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
|
||||
|
||||
@@ -38,4 +38,23 @@ replicaCount: {{ .Values.replicas.collabora }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.collabora | toYaml | nindent 2 }}
|
||||
|
||||
prometheus:
|
||||
servicemonitor:
|
||||
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||
labels:
|
||||
{{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }}
|
||||
rules:
|
||||
enabled: {{ .Values.prometheus.prometheusRules.enabled }}
|
||||
additionalLabels:
|
||||
{{- toYaml .Values.prometheus.prometheusRules.labels | nindent 6 }}
|
||||
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: {{ .Values.grafana.dashboards.enabled }}
|
||||
labels:
|
||||
{{- toYaml .Values.grafana.dashboards.labels | nindent 6 }}
|
||||
annotations:
|
||||
{{- toYaml .Values.grafana.dashboards.annotations | nindent 6 }}
|
||||
|
||||
...
|
||||
|
||||
28
helmfile/apps/cryptpad/helmfile.yaml
Normal file
28
helmfile/apps/cryptpad/helmfile.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# CryptPad
|
||||
# Source: https://github.com/cryptpad/helm
|
||||
- name: "cryptpad-online-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://cryptpad.github.io/helm" }}
|
||||
|
||||
releases:
|
||||
- name: "cryptpad"
|
||||
chart: "cryptpad-online-repo/cryptpad"
|
||||
version: "0.0.13"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
installed: {{ .Values.cryptpad.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "cryptpad"
|
||||
...
|
||||
33
helmfile/apps/cryptpad/values.gotmpl
Normal file
33
helmfile/apps/cryptpad/values.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.cryptpad.repository }}"
|
||||
tag: {{ .Values.images.cryptpad.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName | quote }}
|
||||
hosts:
|
||||
- host: "{{ .Values.global.hosts.cryptpad }}.{{ .Values.global.domain }}"
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: "ImplementationSpecific"
|
||||
tls:
|
||||
- secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.cryptpad }}.{{ .Values.global.domain }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.cryptpad }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.cryptpad | toYaml | nindent 2 }}
|
||||
...
|
||||
45
helmfile/apps/cryptpad/values.yaml
Normal file
45
helmfile/apps/cryptpad/values.yaml
Normal file
@@ -0,0 +1,45 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/README.md or
|
||||
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/values.yaml
|
||||
|
||||
# Disable registration and access to unregistered users:
|
||||
# (https://docs.cryptpad.org/en/admin_guide/customization.html#application-config)
|
||||
|
||||
application_config:
|
||||
availablePadTypes:
|
||||
- "diagram"
|
||||
|
||||
# Deactivating public access breaks nextcloud plugin!
|
||||
# registeredOnlyTypes:
|
||||
# - "diagram"
|
||||
|
||||
autoscaling:
|
||||
enabled: false
|
||||
|
||||
enableEmbedding: true
|
||||
|
||||
fullnameOverride: "cryptpad"
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 4001
|
||||
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
|
||||
workloadStateful: false
|
||||
...
|
||||
@@ -1,49 +1,136 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Element
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/sovereign-workplace-element
|
||||
- name: "opendesk-element-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
# openDesk Matrix Widgets
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets
|
||||
- name: "opendesk-matrix-widgets-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "opendesk-element"
|
||||
chart: "opendesk-element-repo/opendesk-element"
|
||||
version: "2.0.1"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-element.yaml"
|
||||
- "values-element.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-well-known"
|
||||
chart: "opendesk-element-repo/opendesk-well-known"
|
||||
version: "2.0.1"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-well-known.yaml"
|
||||
- "values-well-known.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-synapse-web"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||
version: "2.0.1"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-synapse-web.yaml"
|
||||
- "values-synapse-web.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-synapse"
|
||||
chart: "opendesk-element-repo/opendesk-synapse"
|
||||
version: "2.0.1"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-synapse.yaml"
|
||||
- "values-synapse.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service"
|
||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-user-verification-service.yaml"
|
||||
- "values-matrix-user-verification-service.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neoboard-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neoboard-widget.yaml"
|
||||
- "values-matrix-neoboard-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neochoice-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neochoice-widget.yaml"
|
||||
- "values-matrix-neochoice-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-widget.yaml"
|
||||
- "values-matrix-neodatefix-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-bot-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-bot"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot.yaml"
|
||||
- "values-matrix-neodatefix-bot.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "element"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -15,6 +15,93 @@ configuration:
|
||||
additionalConfiguration:
|
||||
logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
|
||||
"net.nordeck.element_web.module.opendesk":
|
||||
config:
|
||||
ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
|
||||
ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
|
||||
portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/"
|
||||
custom_css_variables:
|
||||
--cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
|
||||
|
||||
"net.nordeck.element_web.module.widget_lifecycle":
|
||||
widget_permissions:
|
||||
"https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
|
||||
identity_approved: true
|
||||
"https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
|
||||
- org.matrix.msc2762.send.state_event:m.room.power_levels#
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels#
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
|
||||
- org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
|
||||
- org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
|
||||
- town.robin.msc3846.turn_servers
|
||||
"https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2762.send.event:net.nordeck.poll.vote
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.poll.vote
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll.settings
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll.group
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll.group
|
||||
- org.matrix.msc2762.send.event:net.nordeck.poll.start
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.poll.start
|
||||
"https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
identity_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2931.navigate
|
||||
- org.matrix.msc2762.timeline:*
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels
|
||||
- org.matrix.msc2762.receive.event:m.reaction
|
||||
- org.matrix.msc2762.receive.state_event:m.room.create
|
||||
- org.matrix.msc2762.receive.state_event:m.room.tombstone
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.send.state_event:m.room.member
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.receive.state_event:m.room.topic
|
||||
- org.matrix.msc2762.receive.state_event:m.space.parent
|
||||
- org.matrix.msc2762.receive.state_event:m.space.child
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata
|
||||
- org.matrix.msc2762.receive.state_event:im.vector.modular.widgets
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message
|
||||
- org.matrix.msc3973.user_directory_search
|
||||
|
||||
welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
33
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoBoardWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoBoardWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-matrix-neoboard-widget.yaml
Normal file
21
helmfile/apps/element/values-matrix-neoboard-widget.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
33
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoChoiceWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoChoiceWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoChoiceWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-matrix-neochoice-widget.yaml
Normal file
21
helmfile/apps/element/values-matrix-neochoice-widget.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.synapseCreateUser.repository }}"
|
||||
tag: "{{ .Values.images.synapseCreateUser.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
...
|
||||
@@ -0,0 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
username: "meetings-bot"
|
||||
pod: "opendesk-synapse-0"
|
||||
secretName: "matrix-neodatefix-bot-account"
|
||||
...
|
||||
37
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
Normal file
37
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
Normal file
@@ -0,0 +1,37 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
configuration:
|
||||
openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoDateFixBot.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoDateFixBot.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.matrixNeoDateFixBot }}"
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoDateFixBot | toYaml | nindent 2 }}
|
||||
...
|
||||
50
helmfile/apps/element/values-matrix-neodatefix-bot.yaml
Normal file
50
helmfile/apps/element/values-matrix-neodatefix-bot.yaml
Normal file
@@ -0,0 +1,50 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
bot:
|
||||
username: "meetings-bot"
|
||||
displayname: "Terminplaner Bot"
|
||||
|
||||
strings:
|
||||
breakoutSessionWidgetName: "Breakoutsessions"
|
||||
calendarRoomName: "Terminplaner"
|
||||
calendarWidgetName: "Terminplaner"
|
||||
cockpitWidgetName: "Meeting Steuerung"
|
||||
jitsiWidgetName: "Videokonferenz"
|
||||
matrixNeoBoardWidgetName: "Whiteboard"
|
||||
matrixNeoChoiceWidgetName: "Abstimmungen"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
extraEnvVars:
|
||||
- name: "ACCESS_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "matrix-neodatefix-bot-account"
|
||||
key: "access_token"
|
||||
|
||||
# TODO: The health endpoint does not work with the haproxy configuration, yet
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
|
||||
# TODO: The health endpoint does not work with the haproxy configuration, yet
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
...
|
||||
33
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoDateFixWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoDateFixWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoDateFixWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoDateFixWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
25
helmfile/apps/element/values-matrix-neodatefix-widget.yaml
Normal file
25
helmfile/apps/element/values-matrix-neodatefix-widget.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
bot:
|
||||
username: "meetings-bot"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
password: {{ .Values.secrets.matrixUserVerificationService.password }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.synapseCreateUser.repository }}"
|
||||
tag: "{{ .Values.images.synapseCreateUser.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
...
|
||||
@@ -0,0 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
username: "uvs"
|
||||
pod: "opendesk-synapse-0"
|
||||
secretName: "opendesk-matrix-user-verification-service-account"
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixUserVerificationService.repository }}"
|
||||
tag: "{{ .Values.images.matrixUserVerificationService.tag }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixUserVerificationService }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixUserVerificationService | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,29 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
# TODO: the service can't run with read only filesystem or as non-root
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsGroup: 101
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
extraEnvVars:
|
||||
- name: "UVS_ACCESS_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "opendesk-matrix-user-verification-service-account"
|
||||
key: "access_token"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -22,9 +22,20 @@ configuration:
|
||||
host: "{{ .Values.databases.synapse.host }}"
|
||||
name: "{{ .Values.databases.synapse.name }}"
|
||||
user: "{{ .Values.databases.synapse.username }}"
|
||||
password: "{{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser }}"
|
||||
password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
|
||||
|
||||
homeserver:
|
||||
appServiceConfigs:
|
||||
- as_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
hs_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
id: intercom-service
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: false
|
||||
regex: "@.*"
|
||||
url: null
|
||||
sender_localpart: intercom-service
|
||||
|
||||
oidc:
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix }}
|
||||
issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
@@ -42,6 +53,13 @@ configuration:
|
||||
transport: {{ .Values.turn.transport }}
|
||||
{{- end }}
|
||||
|
||||
guestModule:
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.synapseGuestModule.repository }}"
|
||||
tag: "{{ .Values.images.synapseGuestModule.tag }}"
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.synapse }}"
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
@@ -1,6 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
additionalConfiguration:
|
||||
user_directory:
|
||||
enabled: true
|
||||
search_all_users: true
|
||||
room_prejoin_state:
|
||||
additional_event_types:
|
||||
- "m.space.parent"
|
||||
- "net.nordeck.meetings.metadata"
|
||||
- "m.room.power_levels"
|
||||
|
||||
homeserver:
|
||||
guestModule:
|
||||
enabled: true
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
||||
@@ -1,25 +1,30 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Intercom Service
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
|
||||
- name: "intercom-service-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/intercom-service" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "intercom-service"
|
||||
chart: "intercom-service-repo/intercom-service"
|
||||
version: "1.1.3"
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "intercom.enabled"
|
||||
installed: {{ .Values.intercom.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "intercom-service"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -4,6 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
@@ -13,24 +14,28 @@ global:
|
||||
ics:
|
||||
secret: {{ .Values.secrets.intercom.secret }}
|
||||
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
originRegex: "{{ .Values.istio.domain }}"
|
||||
originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}"
|
||||
default:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
oidc:
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.intercom }}
|
||||
matrix:
|
||||
asSecret: {{ .Values.secrets.jitsi.synapseAsToken }}
|
||||
serverName: "matrix.{{ .Values.global.domain }}"
|
||||
asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
subdomain: {{ .Values.global.hosts.synapse }}
|
||||
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
||||
nordeck:
|
||||
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot }}
|
||||
portal:
|
||||
apiKey: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
redis:
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
host: {{ .Values.cache.intercomService.host }}
|
||||
port: {{ .Values.cache.intercomService.port }}
|
||||
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
||||
openxchange:
|
||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.intercom.repository }}"
|
||||
tag: "{{ .Values.images.intercom.tag }}"
|
||||
|
||||
|
||||
@@ -1,24 +1,31 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Jitsi
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-jitsi
|
||||
- name: "jitsi-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "jitsi"
|
||||
chart: "jitsi-repo/sovereign-workplace-jitsi"
|
||||
version: "1.5.1"
|
||||
version: "1.7.1"
|
||||
values:
|
||||
- "values-jitsi.gotmpl"
|
||||
condition: "jitsi.enabled"
|
||||
installed: {{ .Values.jitsi.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "jitsi"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -11,6 +11,9 @@ global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
@@ -60,6 +63,10 @@ jitsi:
|
||||
value: "myappid"
|
||||
- name: "JWT_APP_SECRET"
|
||||
value: "{{ .Values.secrets.jitsi.jwtAppSecret }}"
|
||||
- name: "MATRIX_UVS_SYNC_POWER_LEVELS"
|
||||
value: "true"
|
||||
- name: "MATRIX_UVS_URL"
|
||||
value: "http://opendesk-matrix-user-verification-service.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
|
||||
- name: TURNS_HOST
|
||||
value: "{{ .Values.turn.tls.host }}"
|
||||
- name: TURNS_PORT
|
||||
@@ -83,7 +90,7 @@ jitsi:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
|
||||
tag: "{{ .Values.images.jicofo.tag }}"
|
||||
xmpp:
|
||||
password: "{{ .Values.secrets.jitsi.jicofoAuthPassword }}"
|
||||
password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }}
|
||||
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}"
|
||||
resources:
|
||||
{{ .Values.resources.jicofo | toYaml | nindent 6 }}
|
||||
|
||||
@@ -1,27 +1,35 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
- name: "sovereign-workplace-keycloak-bootstrap-repo"
|
||||
# openDesk Keycloak Bootstrap
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-bootstrap
|
||||
- name: "opendesk-keycloak-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "sovereign-workplace-keycloak-bootstrap"
|
||||
chart: "sovereign-workplace-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
|
||||
- name: "opendesk-keycloak-bootstrap"
|
||||
chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
|
||||
version: "1.1.11"
|
||||
values:
|
||||
- "values-bootstrap.gotmpl"
|
||||
- "values-bootstrap.yaml"
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
# as we have seen some slow clusters we want to ensure we not just fail due to a timeout.
|
||||
timeout: 1800
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "keycloak-bootstrap"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -11,9 +11,13 @@ global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
administrator:
|
||||
password: "{{ .Values.secrets.keycloak.adminPassword }}"
|
||||
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -4,7 +4,4 @@
|
||||
config:
|
||||
administrator:
|
||||
username: "kcadmin"
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: true
|
||||
...
|
||||
|
||||
@@ -1,16 +1,30 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# VMWare Bitnami
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "registry-1.docker.io/bitnamicharts" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk Keycloak Theme
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-theme
|
||||
- name: "keycloak-theme-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/keycloak-theme" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk Keycloak Extensions
|
||||
- name: "keycloak-extensions-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
@@ -18,20 +32,20 @@ repositories:
|
||||
|
||||
releases:
|
||||
- name: "keycloak-theme"
|
||||
chart: "keycloak-theme-repo/sovereign-workplace-theme"
|
||||
version: "1.1.0"
|
||||
chart: "keycloak-theme-repo/opendesk-keycloak-theme"
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values-theme.gotmpl"
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
- name: "keycloak"
|
||||
chart: "bitnami-repo/keycloak"
|
||||
version: "12.2.0"
|
||||
version: "12.1.5"
|
||||
values:
|
||||
- "values-keycloak.gotmpl"
|
||||
- "values-keycloak.yaml"
|
||||
- "values-keycloak-idp.yaml"
|
||||
wait: true
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
- name: "keycloak-extensions"
|
||||
chart: "keycloak-extensions-repo/keycloak-extensions"
|
||||
version: "0.1.0"
|
||||
@@ -40,12 +54,9 @@ releases:
|
||||
values:
|
||||
- "values-extensions.yaml"
|
||||
- "values-extensions.gotmpl"
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "keycloak"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
keycloak:
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
postgresql:
|
||||
connection:
|
||||
host: "{{ .Values.databases.keycloakExtension.host }}"
|
||||
@@ -13,7 +13,7 @@ global:
|
||||
auth:
|
||||
database: "{{ .Values.databases.keycloakExtension.name }}"
|
||||
username: "{{ .Values.databases.keycloakExtension.username }}"
|
||||
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser }}
|
||||
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
handler:
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
@@ -21,7 +21,7 @@ handler:
|
||||
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
appConfig:
|
||||
smtpPassword: "{{ .Values.smtp.password }}"
|
||||
smtpPassword: {{ .Values.smtp.password | quote }}
|
||||
smtpHost: "{{ .Values.smtp.host }}"
|
||||
smtpUsername: "{{ .Values.smtp.username }}"
|
||||
mailFrom: "noreply@{{ .Values.global.domain }}"
|
||||
|
||||
@@ -181,7 +181,7 @@ keycloakConfigCli:
|
||||
"attributes": {
|
||||
"backchannel.logout.revoke.offline.tokens": "true",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"backchannel.logout.url": "https://$(ELEMENT_DOMAIN)/_synapse/client/oidc/backchannel_logout",
|
||||
"backchannel.logout.url": "https://$(MATRIX_DOMAIN)/_synapse/client/oidc/backchannel_logout",
|
||||
"post.logout.redirect.uris": "https://$(ELEMENT_DOMAIN)/*##https://$(MATRIX_DOMAIN)/*##https://$(UNIVENTION_CORPORATE_SERVER_DOMAIN)/*"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
|
||||
@@ -20,10 +20,10 @@ externalDatabase:
|
||||
port: {{ .Values.databases.keycloak.port }}
|
||||
user: "{{ .Values.databases.keycloak.username }}"
|
||||
database: "{{ .Values.databases.keycloak.name }}"
|
||||
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser }}
|
||||
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
|
||||
auth:
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.keycloak }}
|
||||
|
||||
@@ -34,7 +34,7 @@ keycloakConfigCli:
|
||||
- name: "LDAP_USERS_DN"
|
||||
value: "cn=users,dc=swp-ldap,dc=internal"
|
||||
- name: "LDAP_SERVER_URL"
|
||||
value: "univention-corporate-container"
|
||||
value: "{{ .Values.global.ldap.host }}"
|
||||
- name: "IDENTIFIER"
|
||||
value: "souvap"
|
||||
- name: "THEME"
|
||||
|
||||
@@ -1,7 +1,14 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Keycloak Bootstrap
|
||||
# Source:
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/sovereign-workplace-nextcloud-bootstrap
|
||||
- name: "opendesk-nextcloud-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
@@ -9,6 +16,10 @@ repositories:
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# Nextcloud
|
||||
# Source: https://github.com/nextcloud/helm/
|
||||
- name: "nextcloud-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
@@ -17,14 +28,14 @@ repositories:
|
||||
releases:
|
||||
- name: "opendesk-nextcloud-bootstrap"
|
||||
chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
|
||||
version: "3.0.0"
|
||||
version: "3.2.2"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values-bootstrap.gotmpl"
|
||||
- "values-bootstrap.yaml"
|
||||
condition: "nextcloud.enabled"
|
||||
timeout: 1800
|
||||
installed: {{ .Values.nextcloud.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "nextcloud"
|
||||
chart: "nextcloud-repo/nextcloud"
|
||||
@@ -34,13 +45,10 @@ releases:
|
||||
values:
|
||||
- "values-nextcloud.gotmpl"
|
||||
- "values-nextcloud.yaml"
|
||||
condition: "nextcloud.enabled"
|
||||
timeout: 1800
|
||||
installed: {{ .Values.nextcloud.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "nextcloud"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -14,7 +14,7 @@ global:
|
||||
|
||||
config:
|
||||
administrator:
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
|
||||
antivirus:
|
||||
{{- if .Values.clamavDistributed.enabled }}
|
||||
@@ -25,17 +25,18 @@ config:
|
||||
|
||||
apps:
|
||||
integrationSwp:
|
||||
password: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
password: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
userOidc:
|
||||
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc }}
|
||||
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||
|
||||
database:
|
||||
host: "{{ .Values.databases.nextcloud.host }}"
|
||||
name: "{{ .Values.databases.nextcloud.name }}"
|
||||
user: "{{ .Values.databases.nextcloud.username }}"
|
||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||
|
||||
ldapSearch:
|
||||
host: "{{ .Values.global.ldap.host }}"
|
||||
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}"
|
||||
|
||||
smtp:
|
||||
@@ -43,6 +44,11 @@ config:
|
||||
username: "{{ .Values.smtp.username }}"
|
||||
password: "{{ .Values.smtp.password }}"
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -11,9 +11,6 @@ config:
|
||||
userOidc:
|
||||
username: "ncoidc"
|
||||
|
||||
ldapSearch:
|
||||
host: "univention-corporate-container"
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: false
|
||||
cryptpad:
|
||||
enabled: true
|
||||
...
|
||||
|
||||
@@ -6,16 +6,20 @@ SPDX-License-Identifier: Apache-2.0
|
||||
nextcloud:
|
||||
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
username: "nextcloud"
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
externalDatabase:
|
||||
database: "{{ .Values.databases.nextcloud.name }}"
|
||||
user: "{{ .Values.databases.nextcloud.username }}"
|
||||
host: "{{ .Values.databases.nextcloud.host }}"
|
||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||
extraEnv:
|
||||
REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }}
|
||||
REDIS_HOST_PORT: {{ .Values.cache.nextcloud.port | quote }}
|
||||
REDIS_HOST_PASSWORD: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||
redis:
|
||||
auth:
|
||||
enabled: true
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
|
||||
@@ -44,6 +44,18 @@ externalDatabase:
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
nextcloud:
|
||||
configs:
|
||||
mimetypealiases.json: |-
|
||||
{
|
||||
"application/x-drawio": "image"
|
||||
}
|
||||
|
||||
mimetypemapping.json: |-
|
||||
{
|
||||
"drawio": ["application/x-drawio"]
|
||||
}
|
||||
|
||||
# this is not documented but can be found in values.yaml
|
||||
service:
|
||||
port: "80"
|
||||
|
||||
@@ -1,49 +1,67 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
- name: "dovecot-repo"
|
||||
# openDesk Dovecot
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-dovecot
|
||||
- name: "opendesk-dovecot-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/dovecot" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# Open-Xchange
|
||||
- name: "openxchange-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "registry.open-xchange.com" }}
|
||||
- name: "sovereign-workplace-open-xchange-bootstrap-repo"
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
|
||||
# openDesk Open-Xchange Bootstrap
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-open-xchange-bootstrap
|
||||
- name: "opendesk-open-xchange-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "dovecot"
|
||||
chart: "dovecot-repo/dovecot"
|
||||
chart: "opendesk-dovecot-repo/dovecot"
|
||||
version: "1.3.1"
|
||||
values:
|
||||
- "values-dovecot.yaml"
|
||||
- "values-dovecot.gotmpl"
|
||||
condition: "dovecot.enabled"
|
||||
installed: {{ .Values.dovecot.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "open-xchange"
|
||||
chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
|
||||
version: "2.0.3"
|
||||
version: "2.1.1"
|
||||
values:
|
||||
- "values-openxchange.yaml"
|
||||
- "values-openxchange.gotmpl"
|
||||
- "values-openxchange-enterprise-contact-picker.yaml"
|
||||
- "values-openxchange-enterprise-contact-picker.gotmpl"
|
||||
condition: "oxAppsuite.enabled"
|
||||
- name: "sovereign-workplace-open-xchange-bootstrap"
|
||||
chart: "sovereign-workplace-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-open-xchange-bootstrap"
|
||||
chart: "opendesk-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
|
||||
version: "1.3.1"
|
||||
values:
|
||||
- "values-openxchange-bootstrap.yaml"
|
||||
condition: "oxAppsuite.enabled"
|
||||
- "values-openxchange-bootstrap.gotmpl"
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "open-xchange"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -16,10 +16,11 @@ imagePullSecrets:
|
||||
|
||||
dovecot:
|
||||
mailDomain: "{{ .Values.global.domain }}"
|
||||
password: {{ .Values.secrets.dovecot.doveadm }}
|
||||
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||
ldap:
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
||||
host: "{{ .Values.global.ldap.host }}"
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc }}
|
||||
|
||||
@@ -7,7 +7,6 @@ containerSecurityContext:
|
||||
dovecot:
|
||||
ldap:
|
||||
enabled: true
|
||||
host: "univention-corporate-container"
|
||||
port: 389
|
||||
base: "dc=swp-ldap,dc=internal"
|
||||
|
||||
|
||||
@@ -3,6 +3,10 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.openxchangeBootstrap.repository }}"
|
||||
|
||||
@@ -8,6 +8,10 @@ appsuite:
|
||||
secretYAMLFiles:
|
||||
ldap-client-config.yml:
|
||||
contactsLdapClient:
|
||||
pool:
|
||||
host:
|
||||
address: "{{ .Values.global.ldap.host }}"
|
||||
port: 389
|
||||
auth:
|
||||
adminDN:
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
|
||||
@@ -6,7 +6,7 @@ appsuite:
|
||||
|
||||
properties:
|
||||
# Enterprise contact picker
|
||||
com.openexchange.contacts.ldap.accounts: "opendesk"
|
||||
com.openexchange.contacts.ldap.accounts: "opendesk,other,functional"
|
||||
com.openexchange.admin.bypassAccessCombinationChecks: "true"
|
||||
ENABLE_INTERNAL_USER_EDIT: "false"
|
||||
|
||||
@@ -16,9 +16,6 @@ appsuite:
|
||||
contactsLdapClient:
|
||||
pool:
|
||||
type: "simple"
|
||||
host:
|
||||
address: "univention-corporate-container"
|
||||
port: 389
|
||||
auth:
|
||||
type: "adminDN"
|
||||
adminDN:
|
||||
@@ -153,7 +150,7 @@ appsuite:
|
||||
# allows to sort the attributes lexicographically, either "ascending" or "descending".
|
||||
dynamicAttributes:
|
||||
attributeName: "o"
|
||||
contactFilterTemplate: "(&(univentionObjectType=users/user)(o=[value]))"
|
||||
contactFilterTemplate: "(&(univentionObjectType=users/user)(isOxUser=OK)(o=[value]))"
|
||||
contactSearchScope: "sub"
|
||||
# refreshInterval: 1h
|
||||
refreshInterval: "5m"
|
||||
@@ -174,6 +171,48 @@ appsuite:
|
||||
- "Management"
|
||||
- "Human Resources"
|
||||
|
||||
other:
|
||||
name: "Other contacts"
|
||||
ldapClientId: "contactsLdapClient"
|
||||
mappings: "ucs"
|
||||
folders:
|
||||
mode: "static"
|
||||
usedForSync:
|
||||
protected: true
|
||||
defaultValue: false
|
||||
usedInPicker:
|
||||
protected: false
|
||||
defaultValue: true
|
||||
shownInTree:
|
||||
protected: false
|
||||
defaultValue: true
|
||||
static:
|
||||
commonContactFilter: "(&(univentionObjectType=users/user)(isOxUser=OK)(!(o=*)))"
|
||||
folders:
|
||||
- name: "Ohne Organisation"
|
||||
contactFilter: "(&(univentionObjectType=users/user)(isOxUser=OK)(!(o=*)))"
|
||||
|
||||
functional:
|
||||
name: "Functional mailboxes"
|
||||
ldapClientId: "contactsLdapClient"
|
||||
mappings: "functional"
|
||||
folders:
|
||||
mode: "static"
|
||||
usedForSync:
|
||||
protected: true
|
||||
defaultValue: false
|
||||
usedInPicker:
|
||||
protected: false
|
||||
defaultValue: true
|
||||
shownInTree:
|
||||
protected: false
|
||||
defaultValue: true
|
||||
static:
|
||||
commonContactFilter: "(univentionObjectType=oxmail/functional_account)"
|
||||
folders:
|
||||
- name: "Funktionale Postfächer"
|
||||
contactFilter: "(univentionObjectType=oxmail/functional_account)"
|
||||
|
||||
contacts-provider-ldap-mappings.yml:
|
||||
# Example definitions of contact property <-> LDAP attribute mappings.
|
||||
#
|
||||
@@ -347,3 +386,9 @@ appsuite:
|
||||
# image_last_modified :
|
||||
# Will be set automatically to "image/jpeg" if not defined.
|
||||
# image1_content_type :
|
||||
|
||||
functional:
|
||||
objectid: "mailPrimaryAddress"
|
||||
displayname: "oxPersonal,cn,mailPrimaryAddress"
|
||||
file_as: "oxPersonal,cn,mailPrimaryAddress"
|
||||
email1: "mailPrimaryAddress"
|
||||
|
||||
@@ -11,8 +11,8 @@ global:
|
||||
database: "{{ .Values.databases.oxAppsuite.name }}"
|
||||
auth:
|
||||
user: "{{ .Values.databases.oxAppsuite.username }}"
|
||||
password: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
rootPassword: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
istio:
|
||||
enabled: {{ .Values.istio.enabled }}
|
||||
@@ -53,6 +53,15 @@ appsuite:
|
||||
core-mw:
|
||||
masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
gotenberg:
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
image:
|
||||
repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}
|
||||
tag: {{ .Values.images.openxchangeGotenberg.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
properties:
|
||||
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
|
||||
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
@@ -74,6 +83,7 @@ appsuite:
|
||||
propertiesFiles:
|
||||
"/opt/open-xchange/etc/ldapauth.properties":
|
||||
bindDNPassword: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
java.naming.provider.url: "ldap://{{ .Values.global.ldap.host }}:389/dc=swp-ldap,dc=internal"
|
||||
uiSettings:
|
||||
"io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
||||
"io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
||||
@@ -94,6 +104,9 @@ appsuite:
|
||||
oxguardpass: |
|
||||
{{ .Values.secrets.oxAppsuite.oxguardMC }}
|
||||
{{ .Values.secrets.oxAppsuite.oxguardRC }}
|
||||
redis:
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreMW.repository }}
|
||||
tag: {{ .Values.images.openxchangeCoreMW.tag }}
|
||||
@@ -130,6 +143,16 @@ appsuite:
|
||||
repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository }}
|
||||
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
redis:
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
|
||||
core-documentconverter:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeDocumentConverter.repository }}
|
||||
tag: {{ .Values.images.openxchangeDocumentConverter.tag }}
|
||||
resources:
|
||||
{{- .Values.resources.oxDocumentConverter | toYaml | nindent 6 }}
|
||||
|
||||
core-guidedtours:
|
||||
imagePullSecrets:
|
||||
@@ -141,6 +164,11 @@ appsuite:
|
||||
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag }}
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
core-imageconverter:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeImageConverter.repository }}
|
||||
tag: {{ .Values.images.openxchangeImageConverter.tag }}
|
||||
|
||||
guard-ui:
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
|
||||
@@ -4,11 +4,16 @@
|
||||
appsuite:
|
||||
istio:
|
||||
ingressGateway:
|
||||
name: "sovereign-workplace-gateway-istio-gateway"
|
||||
name: "opendesk-gateway-istio-gateway"
|
||||
|
||||
switchboard:
|
||||
enabled: false
|
||||
|
||||
core-mw:
|
||||
enabled: true
|
||||
masterAdmin: "admin"
|
||||
gotenberg:
|
||||
enabled: true
|
||||
features:
|
||||
status:
|
||||
# enable admin pack
|
||||
@@ -22,6 +27,13 @@ appsuite:
|
||||
open-xchange-authentication-oauth: "enabled"
|
||||
properties:
|
||||
com.openexchange.UIWebPath: "/appsuite/"
|
||||
# PDF Export
|
||||
com.openexchange.capability.mail_export_pdf: "true"
|
||||
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.pdfa.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.url: "http://collabora:9980"
|
||||
com.openexchange.mail.exportpdf.gotenberg.url: "http://open-xchange-gotenberg:3000"
|
||||
# OIDC
|
||||
com.openexchange.oidc.enabled: "true"
|
||||
com.openexchange.oidc.autologinCookieMode: "ox_direct"
|
||||
@@ -54,11 +66,13 @@ appsuite:
|
||||
com.openexchange.mail.filter.credentialSource: "mail"
|
||||
com.openexchange.mail.filter.server: "dovecot"
|
||||
com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
|
||||
# Dovecot
|
||||
com.openexchange.imap.attachmentMarker.enabled: "true"
|
||||
# Capabilities
|
||||
# Old capability can be used to toggle all integrations with a single switch
|
||||
com.openexchange.capability.public-sector: "true"
|
||||
# New capabilities in 2.0
|
||||
com.openexchange.capability.public-sector-element: "false"
|
||||
com.openexchange.capability.public-sector-element: "true"
|
||||
com.openexchange.capability.public-sector-navigation: "true"
|
||||
com.openexchange.capability.client-onboarding: "true"
|
||||
com.openexchange.capability.dynamic-theme: "true"
|
||||
@@ -69,6 +83,7 @@ appsuite:
|
||||
com.openexchange.capability.smime: "true"
|
||||
com.openexchange.capability.share_links: "false"
|
||||
com.openexchange.capability.invite_guests: "false"
|
||||
com.openexchange.capability.document_preview: "true"
|
||||
# Secondary Accounts
|
||||
com.openexchange.mail.secondary.authType: "XOAUTH2"
|
||||
com.openexchange.mail.transport.secondary.authType: "xoauth2"
|
||||
@@ -80,6 +95,8 @@ appsuite:
|
||||
com.openexchange.gdpr.dataexport.enabled: "false"
|
||||
com.openexchange.gdpr.dataexport.active: "false"
|
||||
# Guard
|
||||
com.openexchange.guard.storage.file.fileStorageType: "file"
|
||||
com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/"
|
||||
com.openexchange.guard.guestSMTPServer: "postfix"
|
||||
# S/MIME
|
||||
# Usage (in browser console after login):
|
||||
@@ -94,7 +111,6 @@ appsuite:
|
||||
/opt/open-xchange/etc/system.properties:
|
||||
SERVER_NAME: "oxserver"
|
||||
/opt/open-xchange/etc/ldapauth.properties:
|
||||
java.naming.provider.url: "ldap://univention-corporate-container:389/dc=swp-ldap,dc=internal"
|
||||
bindOnly: "false"
|
||||
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
|
||||
@@ -120,6 +136,8 @@ appsuite:
|
||||
# io.ox.public-sector//ics/url: "https://ics.<DOMAIN>/"
|
||||
io.ox/core//apps/quickLaunchCount: "0"
|
||||
io.ox/core//coloredIcons: "false"
|
||||
# Mail templates
|
||||
io.ox/core//features/templates: "true"
|
||||
|
||||
asConfig:
|
||||
default:
|
||||
@@ -128,10 +146,31 @@ appsuite:
|
||||
oidcLogin: true
|
||||
oidcPath: "/oidc"
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
mode: "standalone"
|
||||
hosts:
|
||||
- "redis-master"
|
||||
|
||||
hooks:
|
||||
beforeAppsuiteStart:
|
||||
create-guard-dir.sh: |
|
||||
mkdir -p /opt/open-xchange/guard-files
|
||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||
|
||||
core-ui:
|
||||
enabled: true
|
||||
|
||||
core-ui-middleware:
|
||||
enabled: true
|
||||
overrides: {}
|
||||
redis:
|
||||
mode: "standalone"
|
||||
hosts:
|
||||
- "redis-master:6379"
|
||||
auth:
|
||||
enabled: true
|
||||
|
||||
core-guidedtours:
|
||||
enabled: true
|
||||
guard-ui:
|
||||
@@ -140,12 +179,26 @@ appsuite:
|
||||
enabled: false
|
||||
core-user-guide:
|
||||
enabled: true
|
||||
|
||||
core-imageconverter:
|
||||
enabled: false
|
||||
enabled: true
|
||||
objectCache:
|
||||
s3ObjectStores:
|
||||
- id: -1
|
||||
endpoint: "."
|
||||
accessKey: "."
|
||||
secretKey: "."
|
||||
|
||||
core-spellcheck:
|
||||
enabled: false
|
||||
|
||||
core-documentconverter:
|
||||
enabled: false
|
||||
enabled: true
|
||||
documentConverter:
|
||||
cache:
|
||||
remoteCache:
|
||||
enabled: false
|
||||
|
||||
core-documents-collaboration:
|
||||
enabled: false
|
||||
office-web:
|
||||
|
||||
@@ -1,7 +1,13 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# OpenProject
|
||||
# Source: https://github.com/opf/helm-charts
|
||||
- name: "openproject-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
@@ -10,16 +16,16 @@ repositories:
|
||||
releases:
|
||||
- name: "openproject"
|
||||
chart: "openproject-repo/openproject"
|
||||
version: "1.8.0"
|
||||
version: "2.0.4"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "openproject.enabled"
|
||||
installed: {{ .Values.openproject.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "openproject"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -14,6 +14,9 @@ image:
|
||||
tag: "{{ .Values.images.openproject.tag }}"
|
||||
|
||||
memcached:
|
||||
connection:
|
||||
host: "{{ .Values.cache.openproject.host }}"
|
||||
port: {{ .Values.cache.openproject.port }}
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.memcached.repository }}"
|
||||
@@ -21,7 +24,7 @@ memcached:
|
||||
|
||||
postgresql:
|
||||
auth:
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser }}
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
username: "{{ .Values.databases.openproject.username }}"
|
||||
database: "{{ .Values.databases.openproject.name }}"
|
||||
connection:
|
||||
@@ -35,7 +38,7 @@ openproject:
|
||||
name: "OpenProject Interal Admin"
|
||||
mail: "openproject-admin@swp-domain.internal"
|
||||
password_reset: "false"
|
||||
password: "{{ .Values.secrets.openproject.adminPassword }}"
|
||||
password: {{ .Values.secrets.openproject.adminPassword | quote }}
|
||||
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
@@ -51,20 +54,24 @@ environment:
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: "{{ .Values.global.ldap.host }}"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__DOMAIN: "{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__USER__NAME: "{{ .Values.smtp.username }}"
|
||||
OPENPROJECT_SMTP__PASSWORD: "{{ .Values.smtp.password }}"
|
||||
OPENPROJECT_SMTP__PORT: "587" # (default=587)
|
||||
OPENPROJECT_SMTP__PORT: "{{ .Values.smtp.port }}"
|
||||
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
||||
OPENPROJECT_SMTP__ADDRESS: "{{ .Values.smtp.host }}"
|
||||
OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}"
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.openproject }}"
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWX }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.openproject }}
|
||||
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
image:
|
||||
registry: "registry.souvap-univention.de"
|
||||
|
||||
memcached:
|
||||
bundled: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
initialDelaySeconds: 300
|
||||
@@ -27,6 +30,16 @@ openproject:
|
||||
# seed will only be executed on initial installation
|
||||
seed_locale: "de"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
persistence:
|
||||
accessModes:
|
||||
- "ReadWriteMany"
|
||||
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
environment:
|
||||
@@ -34,15 +47,14 @@ environment:
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_LOGIN: "phoenixusername"
|
||||
OPENPROJECT_LOGIN__REQUIRED: "true"
|
||||
OPENPROJECT_OAUTH__ALLOW__REMAPPING__OF__EXISTING__USERS: "true"
|
||||
OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER: "keycloak"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_DISPLAY__NAME: "Keycloak"
|
||||
OPENPROJECT_PER__PAGE__OPTIONS: "20, 50, 100, 200"
|
||||
OPENPROJECT_EMAIL__DELIVERY__METHOD: "smtp"
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: "univention-corporate-container"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
|
||||
OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
|
||||
|
||||
@@ -1,7 +1,12 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# OX Connector
|
||||
- name: "ox-connector-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
@@ -14,12 +19,9 @@ releases:
|
||||
values:
|
||||
- "values-oxconnector.yaml"
|
||||
- "values-oxconnector.gotmpl"
|
||||
condition: "oxConnector.enabled"
|
||||
installed: {{ .Values.oxConnector.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-2"
|
||||
component: "provisioning"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -19,9 +19,11 @@ persistence:
|
||||
|
||||
oxConnector:
|
||||
domainName: "{{ .Values.global.domain }}"
|
||||
ldapHost: "{{ .Values.global.ldap.host }}"
|
||||
notifierServer: "{{ .Values.global.ldap.notifierHost }}"
|
||||
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
|
||||
oxMasterAdmin: "admin"
|
||||
oxMasterPassword: "{{ .Values.secrets.oxAppsuite.adminPassword }}"
|
||||
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
oxDefaultContext: "1"
|
||||
|
||||
|
||||
@@ -5,11 +5,9 @@ ingress:
|
||||
enabled: false
|
||||
|
||||
oxConnector:
|
||||
ldapHost: "univention-corporate-container"
|
||||
# ldapHostIp: ""
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
notifierServer: "univention-corporate-container"
|
||||
tlsMode: "off"
|
||||
# current static password for UCC
|
||||
ldapPassword: "ucctempldapstring"
|
||||
|
||||
@@ -1,101 +1,144 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
- name: "sovereign-workplace-certificates-repo"
|
||||
# openDesk Certificates
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-certificates
|
||||
- name: "opendesk-certificates-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk PostgreSQL
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postgresql
|
||||
- name: "postgresql-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postgresql" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk MariaDB
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-mariadb
|
||||
- name: "mariadb-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/mariadb" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk Postfix
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postfix
|
||||
- name: "postfix-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable" }}
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postfix" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk Istio Resources
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-istio-resources
|
||||
- name: "istio-resources-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/istio-ressources" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk ClamAV
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-clamav
|
||||
- name: "clamav-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/clamav" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# VMWare Bitnami
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "registry-1.docker.io/bitnamicharts" }}
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "sovereign-workplace-certificates"
|
||||
chart: "sovereign-workplace-certificates-repo/sovereign-workplace-certificates"
|
||||
version: "1.2.2"
|
||||
- name: "opendesk-certificates"
|
||||
chart: "opendesk-certificates-repo/opendesk-certificates"
|
||||
version: "2.1.0"
|
||||
values:
|
||||
- "values-certificates.gotmpl"
|
||||
condition: "certificates.enabled"
|
||||
installed: {{ .Values.certificates.enabled }}
|
||||
- name: "redis"
|
||||
chart: "bitnami-repo/redis"
|
||||
version: "18.0.4"
|
||||
version: "18.1.2"
|
||||
values:
|
||||
- "values-redis.gotmpl"
|
||||
- "values-redis.yaml"
|
||||
condition: "redis.enabled"
|
||||
installed: {{ .Values.redis.enabled }}
|
||||
- name: "memcached"
|
||||
chart: "bitnami-repo/memcached"
|
||||
version: "6.6.2"
|
||||
values:
|
||||
- "values-memcached.yaml"
|
||||
- "values-memcached.gotmpl"
|
||||
installed: {{ .Values.memcached.enabled }}
|
||||
- name: "postgresql"
|
||||
chart: "postgresql-repo/postgresql"
|
||||
version: "2.0.2"
|
||||
values:
|
||||
- "values-postgresql.yaml"
|
||||
- "values-postgresql.gotmpl"
|
||||
condition: "postgresql.enabled"
|
||||
installed: {{ .Values.postgresql.enabled }}
|
||||
timeout: 900
|
||||
- name: "mariadb"
|
||||
chart: "mariadb-repo/mariadb"
|
||||
version: "2.1.0"
|
||||
version: "2.0.2"
|
||||
values:
|
||||
- "values-mariadb.yaml"
|
||||
- "values-mariadb.gotmpl"
|
||||
condition: "mariadb.enabled"
|
||||
installed: {{ .Values.mariadb.enabled }}
|
||||
timeout: 900
|
||||
- name: "postfix"
|
||||
chart: "postfix-repo/postfix"
|
||||
version: "2.0.3"
|
||||
values:
|
||||
- "values-postfix.yaml"
|
||||
- "values-postfix.gotmpl"
|
||||
condition: "postfix.enabled"
|
||||
installed: {{ .Values.postfix.enabled }}
|
||||
- name: "clamav"
|
||||
chart: "clamav-repo/opendesk-clamav"
|
||||
version: "4.0.0"
|
||||
values:
|
||||
- "values-clamav-distributed.yaml"
|
||||
- "values-clamav-distributed.gotmpl"
|
||||
condition: "clamavDistributed.enabled"
|
||||
installed: {{ .Values.clamavDistributed.enabled }}
|
||||
- name: "clamav-simple"
|
||||
chart: "clamav-repo/clamav-simple"
|
||||
version: "4.0.0"
|
||||
values:
|
||||
- "values-clamav-simple.yaml"
|
||||
- "values-clamav-simple.gotmpl"
|
||||
condition: "clamavSimple.enabled"
|
||||
- name: "sovereign-workplace-gateway"
|
||||
installed: {{ .Values.clamavSimple.enabled }}
|
||||
- name: "opendesk-gateway"
|
||||
chart: "istio-resources-repo/istio-gateway"
|
||||
version: "1.1.2"
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values-istio-gateway.yaml"
|
||||
- "values-istio-gateway.gotmpl"
|
||||
condition: "istio.enabled"
|
||||
installed: {{ .Values.istio.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "services"
|
||||
component: "services"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -18,4 +18,9 @@ istio:
|
||||
issuerRef:
|
||||
name: "{{ .Values.istio.issuerRef.name }}"
|
||||
{{- end }}
|
||||
|
||||
cleanup:
|
||||
keepRessourceOnDelete: {{ .Values.cleanup.keepRessourceOnDelete }}
|
||||
|
||||
wildcard: {{ .Values.certificate.wildcard }}
|
||||
...
|
||||
|
||||
@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
global:
|
||||
domain: "{{ .Values.istio.domain }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
openxchange: "{{ .Values.global.hosts.openxchange }}"
|
||||
|
||||
tls:
|
||||
secretName: "{{ .Values.istio.domain }}-tls"
|
||||
|
||||
@@ -18,11 +18,11 @@ image:
|
||||
job:
|
||||
users:
|
||||
- username: "xwiki_user"
|
||||
password: "{{ .Values.secrets.mariadb.xwikiUser }}"
|
||||
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
|
||||
- username: "openxchange_user"
|
||||
password: "{{ .Values.secrets.mariadb.openxchangeUser }}"
|
||||
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
|
||||
- username: "nextcloud_user"
|
||||
password: "{{ .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
|
||||
databases:
|
||||
- name: "xwiki"
|
||||
user: "xwiki_user"
|
||||
@@ -32,7 +32,7 @@ job:
|
||||
user: "openxchange_user"
|
||||
|
||||
mariadb:
|
||||
rootPassword: "{{ .Values.secrets.mariadb.rootPassword }}"
|
||||
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
persistence:
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
@@ -0,0 +1,19 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.memcached.repository }}"
|
||||
tag: "{{ .Values.images.memcached.tag }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.memcached | toYaml | nindent 2 }}
|
||||
...
|
||||
18
helmfile/apps/services/values-memcached.yaml
Normal file
18
helmfile/apps/services/values-memcached.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
...
|
||||
@@ -16,15 +16,15 @@ image:
|
||||
job:
|
||||
users:
|
||||
- username: "keycloak_user"
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
- username: "openproject_user"
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser }}
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
- username: "keycloak_extensions_user"
|
||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
- username: "matrix_user"
|
||||
password: {{ .Values.secrets.postgresql.matrixUser }}
|
||||
password: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
||||
- username: "notificationsapi_user"
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||
databases:
|
||||
- name: "keycloak"
|
||||
user: "keycloak_user"
|
||||
@@ -43,7 +43,7 @@ persistence:
|
||||
size: "{{ .Values.persistence.size.postgresql }}"
|
||||
|
||||
postgres:
|
||||
password: {{ .Values.secrets.postgresql.postgresUser }}
|
||||
password: {{ .Values.secrets.postgresql.postgresUser | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
|
||||
|
||||
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -1,11 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Univention Corporate Server (as eval Container)
|
||||
- name: "univention-corporate-container-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable" }}
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/univention-corporate-container" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "univention-corporate-container"
|
||||
@@ -14,12 +24,9 @@ releases:
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "univentionCorporateServer.enabled"
|
||||
installed: {{ .Values.univentionCorporateServer.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "univention-corporate-container"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -37,31 +37,31 @@ extraEnvVars:
|
||||
- name: LDAPSEARCH_OX_USERNAME
|
||||
value: "ldapsearch_ox"
|
||||
- name: LDAPSEARCH_OX_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
- name: LDAPSEARCH_DOVECOT_USERNAME
|
||||
value: "ldapsearch_dovecot"
|
||||
- name: LDAPSEARCH_DOVECOT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
- name: LDAPSEARCH_KEYCLOAK_USERNAME
|
||||
value: "ldapsearch_keycloak"
|
||||
- name: LDAPSEARCH_KEYCLOAK_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
|
||||
- name: LDAPSEARCH_NEXTCLOUD_USERNAME
|
||||
value: "ldapsearch_nextcloud"
|
||||
- name: LDAPSEARCH_NEXTCLOUD_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
||||
- name: LDAPSEARCH_OPENPROJECT_USERNAME
|
||||
value: "ldapsearch_openproject"
|
||||
- name: LDAPSEARCH_OPENPROJECT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
|
||||
- name: LDAPSEARCH_XWIKI_USERNAME
|
||||
value: "ldapsearch_xwiki"
|
||||
- name: LDAPSEARCH_XWIKI_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||
- name: DEFAULT_ACCOUNT_USER_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword | quote }}
|
||||
- name: DEFAULT_ACCOUNT_ADMIN_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.univentionCorporateServer | toYaml | nindent 2 }}
|
||||
|
||||
@@ -3,116 +3,144 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
---
|
||||
|
||||
---
|
||||
repositories:
|
||||
- name: "univention"
|
||||
# Univention Management Stack
|
||||
- name: "ums-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
|
||||
# VMWare Bitnami
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# TODO: Interim, until the UMS stack has a stack umbrella chart and provides a solution
|
||||
{{- if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}
|
||||
- name: "ums-stack-gateway"
|
||||
chart: "bitnami-repo/nginx"
|
||||
version: "15.3.5"
|
||||
values:
|
||||
- "values-ums-stack-gateway.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
{{- end }}
|
||||
- name: "ums-store-dav"
|
||||
chart: "univention/store-dav"
|
||||
version: "0.2.0"
|
||||
chart: "ums-repo/store-dav"
|
||||
version: "0.5.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-store-dav.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-server"
|
||||
chart: "univention/ldap-server"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/ldap-server"
|
||||
version: "0.4.1"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-ldap-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-notifier"
|
||||
chart: "univention/ldap-notifier"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/ldap-notifier"
|
||||
version: "0.4.1"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-ldap-notifier.gotmpl"
|
||||
- "values-ldap-notifier.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-udm-rest-api"
|
||||
chart: "univention/udm-rest-api"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/udm-rest-api"
|
||||
version: "0.3.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-udm-rest-api.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-ums"
|
||||
chart: "univention/stack-data-ums"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/stack-data-ums"
|
||||
version: "0.15.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-ums.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-swp"
|
||||
chart: "univention/stack-data-swp"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/stack-data-swp"
|
||||
version: "0.15.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-swp.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-server"
|
||||
chart: "univention/portal-server"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/portal-server"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-notifications-api"
|
||||
chart: "univention/notifications-api"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/notifications-api"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-notifications-api.gotmpl"
|
||||
- "values-notifications-api.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-listener"
|
||||
chart: "univention/portal-listener"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/portal-listener"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-listener.gotmpl"
|
||||
- "values-portal-listener.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-frontend"
|
||||
chart: "univention/portal-frontend"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/portal-frontend"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-frontend.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-frontend-custom"
|
||||
# TODO: Replace with our own Nginx chart.
|
||||
chart: "bitnami-repo/nginx"
|
||||
version: "15.3.5"
|
||||
values:
|
||||
- "values-portal-frontend-custom.yaml"
|
||||
- "values-portal-frontend-custom.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-gateway"
|
||||
chart: "univention/umc-gateway"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/umc-gateway"
|
||||
version: "0.3.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-umc-gateway.gotmpl"
|
||||
- "values-umc-gateway.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-server"
|
||||
chart: "univention/umc-server"
|
||||
version: "0.1.0"
|
||||
chart: "ums-repo/umc-server"
|
||||
version: "0.3.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-umc-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
- "values-umc-server.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "univention-management-stack"
|
||||
...
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
|
||||
host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
|
||||
@@ -1,6 +1,10 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
configMapUcrDefaults: "ums-stack-data-ums-ucr"
|
||||
configMapUcr: "ums-stack-data-swp-ucr"
|
||||
configMapUcrForced: null
|
||||
|
||||
istio:
|
||||
enabled: false
|
||||
|
||||
@@ -14,10 +14,9 @@ ldapServer:
|
||||
# dhParam: ""
|
||||
tlsMode: "off"
|
||||
|
||||
# TODO: SAML integration
|
||||
# samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
|
||||
# samlMetadataUrlInternal: "http://keycloak.default/realms/ucs/protocol/saml/descriptor"
|
||||
# serviceProviders: "http://localhost:8000/univention/saml/metadata,http://localhost:8000/auth/realms/ucs"
|
||||
samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: null
|
||||
serviceProviders: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
@@ -29,6 +28,12 @@ image:
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
waitForDependency:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsWaitForDependency.repository }}"
|
||||
imagePullPolicy: "Always"
|
||||
tag: "{{ .Values.images.umsWaitForDependency.tag }}"
|
||||
|
||||
# TODO: Pending upstream support, #199
|
||||
persistence:
|
||||
data:
|
||||
|
||||
@@ -11,7 +11,7 @@ postgresql:
|
||||
auth:
|
||||
username: "notificationsapi_user"
|
||||
database: "notificationsapi"
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
ingressClassName: "nginx"
|
||||
annotations:
|
||||
nginx.org/mergeable-ingress-type: "minion"
|
||||
tls: false
|
||||
|
||||
pathType: Exact
|
||||
path: /favicon.ico
|
||||
|
||||
extraPaths:
|
||||
- pathType: Exact
|
||||
path: /univention/portal/css/custom.css
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/icons/logo.svg
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/icons/logo_small_border.svg
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/custom/portal_background_image.png
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/custom/portal_background_image.svg
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
|
||||
...
|
||||
@@ -0,0 +1,33 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
service:
|
||||
type: "ClusterIP"
|
||||
|
||||
extraVolumes:
|
||||
- name: "opendesk-branding"
|
||||
configMap:
|
||||
name: "ums-stack-data-swp-branding"
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/favicon.ico"
|
||||
subPath: "favicon.ico"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/css/custom.css"
|
||||
subPath: "custom.css"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/icons/logo.svg"
|
||||
subPath: "logo.svg"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/icons/logo_small_border.svg"
|
||||
subPath: "logo_small_border.svg"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/custom/portal_background_image.png"
|
||||
subPath: "portal_background_image.png"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/custom/portal_background_image.svg"
|
||||
subPath: "portal_background_image.svg"
|
||||
|
||||
...
|
||||
@@ -16,11 +16,12 @@ image:
|
||||
|
||||
extraIngresses:
|
||||
redirects:
|
||||
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
|
||||
# The TLS configuration is on the "master" Ingress, see below.
|
||||
tls:
|
||||
enabled: false
|
||||
master:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
|
||||
tls:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
@@ -13,7 +13,7 @@ portalListener:
|
||||
umcSessionUrl: "http://ums-umc-server/get/session-info"
|
||||
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapHost: "{{ .Values.global.ldap.host }}"
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
|
||||
@@ -7,7 +7,7 @@ portalServer:
|
||||
adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
|
||||
authMode: "saml"
|
||||
environment: "staging"
|
||||
editable: "true"
|
||||
editable: "false"
|
||||
logLevel: "DEBUG"
|
||||
ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
|
||||
umcGetUrl: "http://ums-umc-server/get"
|
||||
|
||||
@@ -4,22 +4,29 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
stackDataSwp:
|
||||
udmApiUsername: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiUser: "cn=admin"
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
ldapSearchUsers:
|
||||
{{- range $k, $v := .Values.secrets.univentionCorporateServer.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $k | quote }}
|
||||
password: {{ $v | quote }}
|
||||
lastname: {{ "LDAP-Search-User" }}
|
||||
{{- end }}
|
||||
|
||||
externalDomainName: "{{ .Values.global.domain }}"
|
||||
externalMailDomain: "{{ .Values.global.domain }}"
|
||||
|
||||
portalGroupwareLinkBase: "https://webmail.{{ .Values.istio.domain }}"
|
||||
portalFileshareLinkBase: "https://fs.{{ .Values.global.domain }}"
|
||||
portalRealtimeCollaborationLinkBase: "https://chat.{{ .Values.global.domain }}"
|
||||
portalRealtimeVideoconferenceLinkBase: "https://meet.{{ .Values.global.domain }}"
|
||||
portalManagementProjectLinkBase: "https://project.{{ .Values.global.domain }}"
|
||||
portalManagementKnowledgeLinkBase: "https://wiki.{{ .Values.global.domain }}"
|
||||
portalGroupwareLinkBase: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
portalFileshareLinkBase: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
portalRealtimeCollaborationLinkBase: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
|
||||
portalRealtimeVideoconferenceLinkBase: "https://{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
|
||||
portalManagementProjectLinkBase: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
portalManagementKnowledgeLinkBase: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
|
||||
oxDefaultContext: "10"
|
||||
|
||||
|
||||
@@ -5,12 +5,26 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
stackDataUms:
|
||||
udmApiUser: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
externalMailDomain: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ldapHost: "{{ .Values.global.ldap.host }}"
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
|
||||
|
||||
samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: null
|
||||
samlSpServer: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
samlSchemes: "https"
|
||||
ssoFqdn: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
|
||||
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
|
||||
|
||||
# The SWP configuration brings its own UMC policies.
|
||||
|
||||
@@ -4,29 +4,15 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
udmRestApi:
|
||||
apiLogLevel: "4"
|
||||
authGroups:
|
||||
dcBackup: "cn=DC Backup Hosts,cn=groups,dc=swp-ldap,dc=internal"
|
||||
dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=swp-ldap,dc=internal"
|
||||
domainAdmins: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: why do we need this many subprocesses?
|
||||
numberOfSubprocesses: 8
|
||||
# TODO: Stub value currently
|
||||
caCert: ""
|
||||
# TODO: This should not be part of the udm-rest-api anymore
|
||||
loadJoinData:
|
||||
enabled: true
|
||||
# TODO: configurable
|
||||
tlsMode: "off"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -4,9 +4,17 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
umcGateway:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ssoFqdn: "localhost:8097"
|
||||
|
||||
extraVolumes:
|
||||
- name: "entrypoint-swp-patches"
|
||||
configMap:
|
||||
name: "ums-stack-data-swp-umc-gateway-entrypoint"
|
||||
defaultMode: 0555
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: "entrypoint-swp-patches"
|
||||
mountPath: "/entrypoint.d/90-swp.sh"
|
||||
subPath: "90-swp.sh"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
umcGateway:
|
||||
showCookieBanner: true
|
||||
cookieBannerTitleDE: "Cookie Zustimmung"
|
||||
cookieBannerTitleEN: "Cookie Consent"
|
||||
cookieBannerTextDE: >-
|
||||
Die Nutzung dieses Angebots ist nur möglich, wenn Cookies gespeichert und
|
||||
verarbeitet werden können (essenzielle Cookies). Dafür benötigen wir Ihre
|
||||
Zustimmung. Bitte akzeptieren Sie um fortzufahren oder schließen Sie die
|
||||
Seite.
|
||||
cookieBannerTextEN: >-
|
||||
Usage of this site is only possible by storing and processing cookie
|
||||
information (essential cookies). We require your consent. Please accept to
|
||||
continue or close the page.
|
||||
|
||||
...
|
||||
@@ -4,24 +4,6 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
umcServer:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
|
||||
enforceSessionCookie: "true"
|
||||
|
||||
# TODO: The keycloak integration is pending
|
||||
samlEnabled: false
|
||||
samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: "http://keycloak/realms/ucs/protocol/saml/descriptor"
|
||||
samlSpServer: "localhost:8000"
|
||||
samlSchemes: "http"
|
||||
|
||||
tlsMode: "off"
|
||||
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
umcServer:
|
||||
certPemFile: "/var/secrets/ssl/tls.crt"
|
||||
privateKeyFile: "/var/secrets/ssl/tls.key"
|
||||
|
||||
extraVolumes:
|
||||
- name: "certificates"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-tls"
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: "certificates"
|
||||
mountPath: "/var/secrets/ssl"
|
||||
|
||||
...
|
||||
@@ -0,0 +1,173 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls: false
|
||||
extraTls:
|
||||
- hosts:
|
||||
- "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
service:
|
||||
type: "ClusterIP"
|
||||
|
||||
# The content of the "serverBlock" does resemble the Ingress configuration of
|
||||
# the UMS components. The "location" entries do intentionally reflect precisely
|
||||
# the respective paths which are configured.
|
||||
serverBlock: |
|
||||
server {
|
||||
listen 8080;
|
||||
|
||||
## portal-frontend
|
||||
# The frontend does not own "/univention/portal", only these two bits
|
||||
location = /univention/portal/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80/;
|
||||
}
|
||||
location = /univention/portal/index.html {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80/;
|
||||
}
|
||||
|
||||
# The following prefixes are owned by the frontend
|
||||
location /univention/portal/css/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/fonts/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/i18n/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/media/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/js/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/oidc/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
|
||||
|
||||
## frontend redirects
|
||||
|
||||
location = / {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
location = /univention {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
location = /univention/ {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
location = /univention/portal {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
|
||||
|
||||
## portal-server
|
||||
location = /univention/portal/portal.json {
|
||||
proxy_pass http://ums-portal-server:80;
|
||||
}
|
||||
location = /univention/portal/navigation.json {
|
||||
proxy_pass http://ums-portal-server:80;
|
||||
}
|
||||
|
||||
|
||||
## store-dav
|
||||
location /univention/portal/icons/entries/ {
|
||||
rewrite ^/univention/portal(/icons/entries/.*)$ /portal-assets$1 break;
|
||||
proxy_pass http://ums-store-dav:80;
|
||||
}
|
||||
location /univention/portal/icons/logos/ {
|
||||
rewrite ^/univention/portal(/icons/logos/.*)$ /portal-assets$1 break;
|
||||
proxy_pass http://ums-store-dav:80;
|
||||
}
|
||||
|
||||
|
||||
## udm-rest-api
|
||||
location /univention/udm/ {
|
||||
rewrite ^/univention(/udm/.*)$ $1 break;
|
||||
proxy_pass http://ums-udm-rest-api:80;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
}
|
||||
|
||||
|
||||
## umc-gateway
|
||||
location = /univention/languages.json {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location = /univention/meta.json {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location = /univention/theme.css {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/js/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/login/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/management/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/themes/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
|
||||
|
||||
## umc-server
|
||||
location = /univention/auth {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/logout/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/saml/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/get/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/set/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/command/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/upload/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
|
||||
|
||||
## notifications-api
|
||||
|
||||
location /univention/portal/notifications-api/ {
|
||||
rewrite ^/univention/portal/notifications-api(/.*)$ $1 break;
|
||||
proxy_pass http://ums-notifications-api:80;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,7 +1,13 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# XWiki
|
||||
# Source: https://github.com/xwiki-contrib/xwiki-helm
|
||||
- name: "xwiki-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
@@ -10,18 +16,15 @@ repositories:
|
||||
releases:
|
||||
- name: "xwiki"
|
||||
chart: "xwiki-repo/xwiki"
|
||||
version: "1.1.3"
|
||||
version: "1.2.3"
|
||||
wait: true
|
||||
timeout: 600
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "xwiki.enabled"
|
||||
installed: {{ .Values.xwiki.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "xwiki"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -9,7 +9,7 @@ image:
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
externalDB:
|
||||
password: "{{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
database: "{{ .Values.databases.xwiki.name }}"
|
||||
user: "{{ .Values.databases.xwiki.username }}"
|
||||
host: "{{ .Values.databases.xwiki.host }}"
|
||||
@@ -18,13 +18,13 @@ customConfigs:
|
||||
"xwiki.cfg":
|
||||
"xwiki.superadminpassword": "{{ .Values.secrets.xwiki.superadminpassword }}"
|
||||
## LDAP Server configuration
|
||||
# "xwiki.authentication.ldap.server": "univention-corporate-container"
|
||||
# xwiki.authentication.ldap.port: 389
|
||||
xwiki.authentication.ldap.server: "{{ .Values.global.ldap.host }}"
|
||||
xwiki.authentication.ldap.port: 389
|
||||
## Authentication to the LDAP server
|
||||
# xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
|
||||
# xwiki.authentication.ldap.bind_pass: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}"
|
||||
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
|
||||
xwiki.authentication.ldap.bind_pass: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}"
|
||||
## Base DN used for searching for users
|
||||
# xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||
|
||||
"xwiki.properties":
|
||||
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
|
||||
@@ -43,8 +43,8 @@ properties:
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "{{ .Values.theme.colors.white }}"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "{{ .Values.theme.colors.secondaryGreyLight }}"
|
||||
## Link LDAP users and users authenticated through OIDC
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
|
||||
@@ -1,6 +1,31 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
|
||||
customConfigs:
|
||||
xwiki.cfg:
|
||||
xwiki.url.protocol: "https"
|
||||
## Indicate the LDAP field defining the user UID
|
||||
xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
oidc.endpoint.userinfo.method: "GET"
|
||||
oidc.user.nameFormater: "${oidc.user.phoenixusername._clean._lowerCase}"
|
||||
oidc.user.subjectFormater: "${oidc.user.phoenixusername._lowerCase}"
|
||||
# yamllint disable-line rule:line-length
|
||||
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
|
||||
oidc.clientid: "xwiki"
|
||||
oidc.endpoint.token.auth_method: "client_secret_basic"
|
||||
oidc.skipped: false
|
||||
oidc.logoutMechanism: "rpInitiated"
|
||||
|
||||
image:
|
||||
pullPolicy: "IfNotPresent"
|
||||
|
||||
@@ -15,9 +40,8 @@ ingress:
|
||||
istio:
|
||||
enabled: false
|
||||
|
||||
service:
|
||||
externalPort: 80
|
||||
enabled: true
|
||||
mariadb:
|
||||
enabled: false
|
||||
|
||||
mysql:
|
||||
enabled: false
|
||||
@@ -25,14 +49,11 @@ mysql:
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
mariadb:
|
||||
enabled: false
|
||||
|
||||
properties:
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.colorTheme": "FlamingoThemes.Iceberg"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de_DE"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.timezone": "Europe/Berlin"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de_DE"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.link-color": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary"
|
||||
@@ -46,41 +67,26 @@ properties:
|
||||
|
||||
"property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"
|
||||
## Fields to search in when importing users from the administration UI (not completely in scope for now)
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes":
|
||||
# "sn,givenname,uid"
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes": "sn,givenname,uid"
|
||||
## Restrict user import in the UI to global administrators
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin"
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin"
|
||||
## Enable group and user synchronization
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate":
|
||||
# 1
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate": 1
|
||||
## Base DN under which groups should be searched for
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
||||
# "dc=swp-ldap,dc=internal"
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN": "dc=swp-ldap,dc=internal"
|
||||
## LDAP filter to only synchronize some groups
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
|
||||
customConfigs:
|
||||
xwiki.cfg:
|
||||
xwiki.url.protocol: "https"
|
||||
## Indicate the LDAP field defining the user UID
|
||||
# xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
securityContext:
|
||||
enabled: true
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
oidc.endpoint.userinfo.method: "GET"
|
||||
oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
|
||||
oidc.user.subjectFormater: "${oidc.user.subject}"
|
||||
# yamllint disable-line rule:line-length
|
||||
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
|
||||
oidc.clientid: "xwiki"
|
||||
oidc.endpoint.token.auth_method: "client_secret_basic"
|
||||
oidc.skipped: false
|
||||
oidc.logoutMechanism: "rpInitiated"
|
||||
service:
|
||||
externalPort: 80
|
||||
enabled: true
|
||||
|
||||
volumePermissions:
|
||||
enabled: true
|
||||
...
|
||||
|
||||
@@ -11,9 +11,17 @@ environments:
|
||||
- "../../environments/default/*.gotmpl"
|
||||
- "../../environments/default/*.yaml"
|
||||
- "../../environments/dev/values.yaml"
|
||||
- "../../environments/dev/values.gotmpl"
|
||||
test:
|
||||
values:
|
||||
- "../../environments/default/*.gotmpl"
|
||||
- "../../environments/default/*.yaml"
|
||||
- "../../environments/test/values.yaml"
|
||||
- "../../environments/test/values.gotmpl"
|
||||
prod:
|
||||
values:
|
||||
- "../../environments/default/*.gotmpl"
|
||||
- "../../environments/default/*.yaml"
|
||||
- "../../environments/prod/values.yaml"
|
||||
- "../../environments/prod/values.gotmpl"
|
||||
...
|
||||
|
||||
16
helmfile/environments/default/cache.yaml
Normal file
16
helmfile/environments/default/cache.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cache:
|
||||
intercomService:
|
||||
host: "redis-headless"
|
||||
port: 6379
|
||||
password: ""
|
||||
nextcloud:
|
||||
host: "redis-headless"
|
||||
port: 6379
|
||||
password: ""
|
||||
openproject:
|
||||
host: "memcached"
|
||||
port: 11211
|
||||
...
|
||||
@@ -4,4 +4,5 @@
|
||||
certificate:
|
||||
issuerRef:
|
||||
name: "letsencrypt-prod"
|
||||
wildcard: false
|
||||
...
|
||||
|
||||
@@ -27,7 +27,7 @@ databases:
|
||||
password: ""
|
||||
oxAppsuite:
|
||||
host: "mariadb"
|
||||
name: "CONFIGDB"
|
||||
name: "configdb"
|
||||
username: "root"
|
||||
password: ""
|
||||
synapse:
|
||||
|
||||
13
helmfile/environments/default/debug.yaml
Normal file
13
helmfile/environments/default/debug.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cleanup:
|
||||
# Keep Pods/Job logs after successful run.
|
||||
deletePodsOnSuccess: true
|
||||
# When deletePodsOnSuccess is enabled, the pod will be deleted after configured seconds.
|
||||
deletePodsOnSuccessTimeout: 60
|
||||
# Keep persistence on deletion of this release.
|
||||
keepPVCOnDelete: false
|
||||
# Keep additional resources, like certificates on deletion of this release.
|
||||
keepRessourceOnDelete: true
|
||||
...
|
||||
@@ -11,6 +11,12 @@ global:
|
||||
#
|
||||
domain: {{ env "DOMAIN" | default "souvap.cloud" }}
|
||||
|
||||
|
||||
## Define LDAP service (supports "ums_eval" from the CI pipeline)
|
||||
ldap:
|
||||
host: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-server" {{ else }} "univention-corporate-container" {{ end }}
|
||||
notifierHost: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-notifier" {{ else }} "univention-corporate-container" {{ end }}
|
||||
|
||||
## Define docker registry address.
|
||||
#
|
||||
imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" }}
|
||||
|
||||
@@ -9,20 +9,21 @@ global:
|
||||
#
|
||||
hosts:
|
||||
collabora: "collabora"
|
||||
cryptpad: "cryptpad"
|
||||
dimension: "integration"
|
||||
element: "chat"
|
||||
etherpad: "etherpad"
|
||||
intercomService: "ics"
|
||||
jitsi: "meet"
|
||||
keycloak: "id"
|
||||
meetingWidgetsBot: "meeting-widgets-bot"
|
||||
meetingWidgets: "meeting-widgets"
|
||||
newWorkBoardWidget: "whiteboard-widget"
|
||||
matrixNeoBoardWidget: "matrix-neoboard-widget"
|
||||
matrixNeoChoiceWidget: "matrix-neochoice-widget"
|
||||
matrixNeoDateFixBot: "matrix-neodatefix-bot"
|
||||
matrixNeoDateFixWidget: "matrix-neodatefix-widget"
|
||||
nextcloud: "fs"
|
||||
openproject: "project"
|
||||
openxchange: "webmail"
|
||||
openxchangeProvisioning: "ox-provisioning"
|
||||
pollWidget: "poll-widget"
|
||||
synapse: "matrix"
|
||||
univentionCorporateServer: "portal"
|
||||
univentionManagementStack: "portal"
|
||||
|
||||
@@ -5,165 +5,282 @@ images:
|
||||
clamd:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
collabora:
|
||||
repository: "souvap/tooling/images/collabora"
|
||||
tag: "23.05.3.1.1@sha256:f1248a50e67940e3be3dfa58dc37eca73267cf73a679b459707d2520cee7720e"
|
||||
tag: "23.05.5.3.1@sha256:496c913527ce83feb3fe2383d710851aa3781ffa56d200c75def74904d32adc3"
|
||||
# @supplier: "Collabora"
|
||||
cryptpad:
|
||||
repository: "cryptpad/cryptpad"
|
||||
tag: "opendesk-20231020@sha256:b0bfe09601d8c8064e1b174d21a225ddb10aaa4103892fdfdf3d216726c26dde"
|
||||
# @supplier: "XWiki"
|
||||
dovecot:
|
||||
repository: "dovecot/dovecot"
|
||||
tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7"
|
||||
# @supplier: "Open-Xchange"
|
||||
element:
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
tag: "latest@sha256:16506bba9da546b1bf5896892f6f4afefea3d0f1d8ed93eae511212627a029b9"
|
||||
tag: "1.5.0@sha256:d690c485c971f52ba2ab8e1011aa039a2e32ec1ffb504826f4fa050aa989067a"
|
||||
# @supplier: "Element"
|
||||
freshclam:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
jibri:
|
||||
repository: "jitsi/jibri"
|
||||
tag: "stable-8922@sha256:87aa176b44b745b13769f13b8e2d22ddd6f6ba624244d5354c8dd3664787e936"
|
||||
# @supplier: "Nordeck"
|
||||
jicofo:
|
||||
repository: "jitsi/jicofo"
|
||||
tag: "stable-8922@sha256:820fcd4b072b29f42c1c37389fbefda1065f1e9654694941485dc08123c8a93b"
|
||||
# @supplier: "Nordeck"
|
||||
jitsi:
|
||||
repository: "jitsi/web"
|
||||
tag: "stable-8922@sha256:24bd4179998fe01ace1be74e53fea5308f4d91722953bb4334611e6886753f46"
|
||||
# @supplier: "Nordeck"
|
||||
jitsiKeycloakAdapter:
|
||||
repository: "nordeck/jitsi-keycloak-adapter"
|
||||
tag: "v20230906@sha256:54d45ee1a1205f98641810ffb171bd92e6478e2957a349ee4ff599359239fbf2"
|
||||
# @supplier: "Nordeck"
|
||||
jitsiPatchJVB:
|
||||
repository: "bitnami/kubectl"
|
||||
tag: "1.26.8@sha256:c6902a1fdce0a24c9f93ac8d1f317039b206a4b307d8fc76cab4a92911345757"
|
||||
# @supplier: "Nordeck"
|
||||
jvb:
|
||||
repository: "jitsi/jvb"
|
||||
tag: "stable-8922@sha256:75dd613807e19cbbd440d071b60609fa9e4ee50a1396b14deb0ed779d882a554"
|
||||
# @supplier: "Nordeck"
|
||||
icap:
|
||||
repository: "souvap/tooling/images/c-icap"
|
||||
tag: "0.5.10@sha256:cd665e77a42460bb1e6df4282bc1d8737be241fc9f4143d43509e31de3a7993d"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
intercom:
|
||||
repository: "univention/intercom-service"
|
||||
tag: "1.4-kubernetes@sha256:e4fa2e0df49595bf9ba5bf73e36a50e8f1b44334a1a326a43488b8f9c8bbcb9c"
|
||||
# @supplier: "Univention"
|
||||
keycloak:
|
||||
repository: "bitnami/keycloak"
|
||||
tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e"
|
||||
# @supplier: "Univention"
|
||||
keycloakUnivention:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/keycloak-app-on-use-base-manpub-tr"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
keycloakBootstrap:
|
||||
repository: "souvap/tooling/images/ansible"
|
||||
tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
|
||||
# @supplier: "Univention"
|
||||
keycloakExtensionHandler:
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler"
|
||||
tag: "latest@sha256:e67bdfc655e43b7fb83b025e13f949b04fdd98e089b33401275d03e340e03e2e"
|
||||
# @supplier: "Univention"
|
||||
keycloakExtensionProxy:
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-proxy"
|
||||
tag: "latest@sha256:57026fb4ba7d4579461e7ddd4b1b8ce9585d1cac4adbe64040f5e1063c80a6ba"
|
||||
# @supplier: "Univention"
|
||||
mariadb:
|
||||
repository: "mariadb"
|
||||
tag: "11.1.2-jammy@sha256:b6440c4f4e1471bdcee202e4c4e21c1f93af87421f6d33028363dd224e54f481"
|
||||
# For upgrades at least confirm compatibility of target version with OX (regarding AS Guard)
|
||||
tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
matrixNeoBoardWidget:
|
||||
repository: "nordeck/matrix-neoboard-widget"
|
||||
tag: "1.0.0@sha256:584b9c18ea3dfd4b7f1e73f3e114bc1dcd5731b400a8d037576bf2a797c8b086"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoChoiceWidget:
|
||||
repository: "nordeck/matrix-poll-widget"
|
||||
tag: "1.2.0@sha256:0abcf7c368c91721413c96deaa1e87f095b6afbe864ea5f042c9a370c38fb07b"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixBot:
|
||||
repository: "nordeck/matrix-meetings-bot"
|
||||
tag: "2.4.2@sha256:f5b3362560255470076f3e6c95a0dd93a8f781398afb992c1e1212764fa87297"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixWidget:
|
||||
repository: "nordeck/matrix-meetings-widget"
|
||||
tag: "1.5.2@sha256:cc9e2592c9159cc8f6bed96dae0be6e6fe599977dbef64cbdb1c1b84db85a2bb"
|
||||
# @supplier: "Nordeck"
|
||||
matrixUserVerificationService:
|
||||
repository: "matrixdotorg/matrix-user-verification-service"
|
||||
tag: "v3.0.0@sha256:25e685d595785e2a72e75a525dac78cf8c782445454f8ac090d3702431c38008"
|
||||
# @supplier: "Element"
|
||||
memcached:
|
||||
repository: "bitnami/memcached"
|
||||
tag: "1.6.21-debian-11-r84@sha256:81747acd297d3fcd05706ea771d441a6f01b28d722c366a06f922b6b7d4033dd"
|
||||
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
milter:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
nextcloud:
|
||||
repository: "nextcloud"
|
||||
tag: "26.0.5-apache@sha256:2a129ba3258300424319e7023e8e60c28d79178ae4143e7ba2d41148646c30e1"
|
||||
tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
|
||||
# @supplier: "Nextcloud Community"
|
||||
openproject:
|
||||
repository: "souvap/tooling/images/openproject/souvap"
|
||||
tag: "dev@sha256:03eb1eacc0c0c4e9e7d0f0c3d265fd0c15fd01cda33bc4f89cbc487ad53474a8"
|
||||
repository: "openproject/open_desk"
|
||||
tag: "dev@sha256:ca5b843fd7f0687617ce3038a52fd6ac73fb4e9db7b762b8ac7d5090f168f0b1"
|
||||
# @supplier: "OpenProject"
|
||||
openxchangeBootstrap:
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreGuidedtours:
|
||||
repository: "appsuite-public-sector/core-guidedtours"
|
||||
tag: "8.5.1@sha256:469457562a378cca50460e08d9437a954fc6f19622f18128fa74979f7905ecd9"
|
||||
tag: "8.6.0@sha256:6c20780f8c609636f2182c41709e2ee26586b4a23679fd13b15875a5f443445b"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreMW:
|
||||
repository: "appsuite-public-sector/middleware-public-sector"
|
||||
tag: "8.16.55@sha256:11317124714725d61204188ebfebc2220f295fd59b245adcef0b6c3186a68fd3"
|
||||
tag: "8.19.33@sha256:369c44369d727e4172f10c25137dbb00d936d20dd844cdca3a34f7f31273ea05"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUI:
|
||||
repository: "appsuite-public-sector/core-ui"
|
||||
tag: "8.16.5@sha256:4f4dd4e36fb8a1b493c195e38e2f13b87c9582bfcdc3d23b646698fce2ffef8c"
|
||||
tag: "8.19.0@sha256:7fdd73f78fd7094f2968f6fcaaae175e60824f9ef68f9e7e70418de6a2b623e9"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUIMiddleware:
|
||||
repository: "appsuite-public-sector/core-ui-middleware"
|
||||
tag: "1.8.4@sha256:c707fbd5496c894f201dab8f4e78aad98f1ad80c8058778f04dfa5e6e201ed64"
|
||||
tag: "2.0.0@sha256:8082edf30498a3ac1715f2d9b3e406f240ea586e2616b97f40c207ef55dff11f"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUserGuide:
|
||||
repository: "appsuite-public-sector/core-user-guide"
|
||||
tag: "8.16.727397@sha256:5d8dbf9a91456dea59a235b495dcd002b971e2b23ef6c3a2ea5fd2071664e2a4"
|
||||
tag: "8.19.771856@sha256:e00ed8f94c3c42cd288dd03f7fb18d228eb516b5e5ebd318825289b1c4ed17ab"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeDocumentConverter:
|
||||
repository: "appsuite-public-sector/documentconverter"
|
||||
tag: "8.19.32@sha256:82354e858b6aeeae7f0ebaf66ad106f8e9ae46e605e97bb1d2d14e6ce1c3d708"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeGotenberg:
|
||||
repository: "appsuite-public-sector/3rdparty/gotenberg"
|
||||
tag: "7.9.2@sha256:c97c1adb971d149222062ec46c5d749d710b38ad153c5c6ed954023e2401c9d0"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeGuardUI:
|
||||
repository: "appsuite-public-sector/guard-ui"
|
||||
tag: "4.0.6@sha256:7bb8fdf944228dd78a5c33bbd8d0019d5a9e4ce1c35bda674166f2febc5d9a02"
|
||||
tag: "4.0.7@sha256:8c9fa5d6aed055c0e84042ab28b3f0e9add94390362266ad440da4f90b8c93a8"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeImageConverter:
|
||||
repository: "appsuite-public-sector/imageconverter"
|
||||
tag: "8.19.33@sha256:9543c1409a129567bd6e4a657a353819842a4b1e1807ab86a1ea2e7f73f8c18e"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
repository: "appsuite-public-sector/nextcloud-integration-ui"
|
||||
tag: "1.0.3@sha256:193fd07a8b83164d175cd55f7e28fb7ec6d81f1037945035ca709825725c038e"
|
||||
tag: "1.1.0@sha256:82cecb5adac63806ab41546e6b49090a93a5f4645750bb3967d87585b60df2e1"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangePublicSectorUI:
|
||||
repository: "appsuite-public-sector/public-sector-ui"
|
||||
tag: "2.0.1@sha256:8df90f6dfb59008567d8ded0dbd17b8f92f409c78ba2cf4ab2a39e1b23e34d3b"
|
||||
tag: "2.1.0@sha256:ed56730add8afdb08bef8b43a114aba406fd86d83c7fd7af93dc16bb002fa233"
|
||||
# @supplier: "Open-Xchange"
|
||||
oxConnector:
|
||||
repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
|
||||
tag:
|
||||
"branch-jconde-listener-entrypoint-chaining\
|
||||
@sha256:54748d49e37d52529d4a857ff834d1217bd2cb8c89c7eed25c0873159ed6853c"
|
||||
# @supplier: "Univention"
|
||||
postfix:
|
||||
repository: "souvap/tooling/images/postfix"
|
||||
tag: "1.0.0@sha256:69e0c53ade77ffb89673672f5c8183ec2edfc81d4e990aca3ec594f33c55a7ac"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
postgresql:
|
||||
repository: "postgres"
|
||||
tag: "15.4-alpine3.18@sha256:f36c528a2dc8747ea40b4cb8578da69fa75c5063fd6a71dcea3e3b2a6404ff7b"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
prosody:
|
||||
repository: "jitsi/prosody"
|
||||
tag: "stable-8922@sha256:243547f24ae7d686d1f0c18ee230cf93119a66f095dda282bacbf45d4bb69f77"
|
||||
# @supplier: "Nordeck"
|
||||
redis:
|
||||
repository: "bitnami/redis"
|
||||
tag: "7.2.1-debian-11-r5@sha256:e664fa63dfe88cd099180c32f2c9a109a958f053b75d195beb48b06ffd8a0b5b"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
synapse:
|
||||
repository: "matrixdotorg/synapse"
|
||||
tag: "v1.91.2@sha256:1d19508db417bb2b911c8e086bd3dc3b719ee75c6f6194d58af59b4c32b11322"
|
||||
# @supplier: "Element"
|
||||
synapseCreateUser:
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
# @supplier: "Nordeck"
|
||||
synapseGuestModule:
|
||||
repository: "nordeck/synapse-guest-module"
|
||||
tag: "1.0.0@sha256:e9c736d84a77df93b2dbe3e3afa7b0ca3efcbc4457677adaac5df3cc79a85923"
|
||||
# @supplier: "Nordeck"
|
||||
synapseWeb:
|
||||
repository: "rapidfort/haproxy-official"
|
||||
tag: "2.6.6-bullseye@sha256:bf22cfb1301aae433213f5f8c687bc5d9ecc6b86daf1084be5f7a339bd27cadd"
|
||||
# @supplier: "Element"
|
||||
univentionCorporateServer:
|
||||
repository: "souvap/tooling/images/univention-corporate-server-swp/ucs"
|
||||
tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8"
|
||||
# @supplier: "Univention"
|
||||
umsConfigHtpasswd:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "latest@sha256:24c5e218baa62b169e7222d8ee4d3951ddc8622cd359def6b660bb23a1052f9e"
|
||||
tag: "0.5.2"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "latest@sha256:857837c1810f82362d441544dc32bd2c1d6fe358bbb5ae0e2c60b7f8f4092190"
|
||||
tag: "0.15.2"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||
tag: "latest@sha256:6eccf86fe78926247ec9b59d7ba83c53271bc3ca7d0195863c0489e22c836002"
|
||||
tag: "0.4.1"
|
||||
# @supplier: "Univention"
|
||||
umsLdapServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-server"
|
||||
tag: "latest@sha256:4a7c44b37c727cdc03e4043c88e3dbf6b1f119772c5c1904eaed3298bdd49a3d"
|
||||
tag: "0.4.1"
|
||||
# @supplier: "Univention"
|
||||
umsNotificationsApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "latest@sha256:87a047c2d0669fcbb3501ef94192812e17e09aecabc1edd2e4b92afbb7ea4b20"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "latest@sha256:bcf48d108bc2f1afd745659a1d4f11f1dd0d8ada034899aa401dfea32a29c87a"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "latest@sha256:a1b11db009e992d91cfef2bc60a5022cd4498c38908194020c881ef6dd325bae"
|
||||
tag: "0.3.5"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "latest@sha256:eb0b032c4cf4b207f78b80c69f3e593e01e577779d877e16908902f19b4fc2ee"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "latest@sha256:5d8d5e9ed55af2d12fef25856e5e61c7d13081458e4b14e6a01b10488b8067d3"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "latest@sha256:d65f705e46a497ba58e7373f19973835f731796baeace16a32d6331469bf0068"
|
||||
tag: "0.5.2"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "latest@sha256:dce4322646749692c5d4692ccd7ff55df080a4af3485585a50c82871715e0cae"
|
||||
tag: "0.3.2"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "latest@sha256:18172ee4317a9259291f251c0cc1d2be05e003558cbd18d6dc062098a127cc8d"
|
||||
tag: "0.3.2"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "latest@sha256:6cbb1708109c5a0c13f3ee433989094d04cecfb8b32975e723d0f5a2e526f8db"
|
||||
tag: "0.3.2"
|
||||
# @supplier: "Univention"
|
||||
wellKnown:
|
||||
repository: "library/nginx"
|
||||
tag: "1.25.2-bookworm@sha256:9504f3f64a3f16f0eaf9adca3542ff8b2a6880e6abfb13e478cca23f6380080a"
|
||||
# @supplier: "Element"
|
||||
xwiki:
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.10-mariadb-tomcat@sha256:02f0ff6407ccdd8dab17814202e28991fe0aa8d44fa106ba171cff5249eaf58f"
|
||||
tag: "0.12-mariadb-jetty-alpine@sha256:c195d8baf38b6c6b0c533a3216e726cd863a6c2ba0e65f18036402592bb72896"
|
||||
# @supplier: "XWiki"
|
||||
...
|
||||
|
||||
@@ -6,5 +6,5 @@ ingress:
|
||||
ingressClassName: ""
|
||||
tls:
|
||||
enabled: true
|
||||
secretName: "sovereign-workplace-certificates-tls"
|
||||
secretName: "opendesk-certificates-tls"
|
||||
...
|
||||
|
||||
25
helmfile/environments/default/monitoring.yaml
Normal file
25
helmfile/environments/default/monitoring.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
prometheus:
|
||||
serviceMonitors:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
podMonitors:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
prometheusRules:
|
||||
enabled: false
|
||||
labels:
|
||||
release: "kube-prometheus-stack"
|
||||
|
||||
|
||||
grafana:
|
||||
dashboards:
|
||||
enabled: false
|
||||
labels:
|
||||
grafana_dashboard: "1"
|
||||
annotations:
|
||||
...
|
||||
@@ -9,8 +9,9 @@ persistence:
|
||||
clamav: "1Gi"
|
||||
dovecot: "1Gi"
|
||||
mariadb: "1Gi"
|
||||
matrixNeoDateFixBot: "1Gi"
|
||||
nextcloud:
|
||||
main: "1Gi"
|
||||
main: "1.2Gi"
|
||||
data: "10Gi"
|
||||
openproject: "1Gi"
|
||||
postfix: "1Gi"
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user