chore(release): 0.5.3 [skip ci]

## [0.5.3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.2...v0.5.3) (2023-09-28) ### Bug Fixes * **open-xchange:** Rollback MariaDB version to fix OX Guard initialization ([e33acd3](e33acd33e7))
fix(open-xchange): Rollback MariaDB version to fix OX Guard initialization
2025-12-06 15:31:38 +01:00 · 2023-09-28 16:38:21 +00:00 · 2023-09-28 16:36:28 +00:00 · 2023-09-28 09:06:20 +00:00 · 2023-09-28 10:01:01 +02:00 · 2023-09-28 07:23:23 +00:00
34 changed files with 338 additions and 79 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -183,8 +183,16 @@ env-cleanup:
          $ENV_STOP_BEFORE != "no"
      when: "always"
  script:
-    - "helmfile destroy --namespace ${NAMESPACE}"
+    - |
-    - "kubectl delete pvc --all --namespace ${NAMESPACE}"
+      if [ "${OPENDESK_SLEDGEHAMMER_DESTROY_ENABLED}" = "yes" ]; then
        for OPENDESK_RELEASE in $(helm ls -n ${NAMESPACE} -aq); do
          helm uninstall -n ${NAMESPACE} ${OPENDESK_RELEASE};
        done
        kubectl delete pvc --all --namespace ${NAMESPACE};
        kubectl delete jobs --all --namespace ${NAMESPACE};
      else
        helmfile destroy --namespace ${NAMESPACE};
      fi
  stage: "env-cleanup"
 env-start:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,68 @@
 ## [0.5.3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.2...v0.5.3) (2023-09-28)
 ### Bug Fixes
 * **open-xchange:** Rollback MariaDB version to fix OX Guard initialization ([e33acd3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e33acd33e79740144e8fe318fe34dc705834ddf3))
 ## [0.5.2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.1...v0.5.2) (2023-09-28)
 ### Bug Fixes
 * **ci:** Add Gitlab-CI sledgehammer deployment removal ([6fd655a](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6fd655a0b1afd40303ac11130692202146bab215))
 ## [0.5.1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.0...v0.5.1) (2023-09-28)
 ### Bug Fixes
 * **docs:** Add 'Helm Chart Trust Chain' section ([b6b4972](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b6b4972a5dd426bcc8fa00137d7e7b60056376c8))
 * **docs:** Highlight that Helmfile >= 0.157.0 is required ([d86f516](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d86f516747323d117f620658c4368408926c507a))
 * **element:** Use OCI registry and verify chart signatures ([a41b9a6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a41b9a699c79bf90163bbb3c233c805b8d0a999e))
 * **helmfile:** Add cleanup flag for job resources ([0f01b94](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0f01b94aa19b40b4774ba11d9886fe6f12090e73))
 * **helmfile:** Create directory for gpg pubkeys ([4c5731e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4c5731e6bb057cb272f660b4df0369b67709c203))
 * **intercom-service:** Use OCI registry and verify chart signatures ([74b3d41](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/74b3d41381474efd2fbc5a9f3a0f1c0713811106))
 * **jitsi:** Verify chart signatures ([1dd6582](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1dd6582ec7d742250ba08f69eba9a4679984b1ae))
 * **keycloak-bootstrap:** Use OCI registry and verify chart signatures ([ca5d5f8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ca5d5f82800ea6d7ecfa38eb2b5d8b85e709bb9f))
 * **keycloak:** Use OCI registry and verify chart signatures ([095059c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/095059c7e53bbe8a874773f574cc6794ef8af6e4))
 * **nextcloud:** Use OCI registry and verify chart signatures ([41dfdc0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/41dfdc0c8f83e3d79fa5a763ac449f6edfc76676))
 * **open-xchange:** Use OCI registry and verify chart signatures ([2d5d370](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2d5d3708f7f45600961c22ce11e750561de1fd27))
 * **open-xchange:** Use renamed istio gateway ([65d2642](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/65d2642d34c1c21a00a29278f7e1143f7fabb2aa))
 * **openproject:** Use OCI registry and verify chart signatures ([5343840](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5343840bed01992b3132eace362f91588c705a98))
 * **services:** Add wildcard certifcate request support ([15ad8ca](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/15ad8ca7ab34b079252f7b69219ede81ad43aa1c))
 * **services:** Bump opendesk-certificates to 2.1.0 ([4372f06](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4372f063e0a27d5156da963d44d3ed4e72490fc4))
 * **services:** Only create istio gateway with webmail domain ([6a39011](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/6a390112dab11afaca06118a0ca7a18afe633a30))
 * **services:** Use OCI registry for all services and add gpg verify mechanism ([892920b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/892920b0487b41a35b5a96596c61101827e8dd6d))
 * **univention-corporate-container:** Use OCI registry and verify chart signatures ([424317e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/424317ed585f7bd5036259d7e3d77d081d2aec1b))
 # [0.5.0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.9...v0.5.0) (2023-09-27)
 ### Bug Fixes
 * **element:** Move the static configuration into the values.yaml ([f22619b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f22619bd8ef11cb43147ef19dcff2c02d9fe0503))
 * **element:** Specify resources for the guest module init container ([275798c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/275798c1d6aa47ef33fbb0da3bb03a86d3e4b0ee))
 ### Features
 * **element:** Activate the guest module ([5ad25ac](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5ad25acafd54d19dd2ed330b19f7860aff5d49f4))
 ## [0.4.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.8...v0.4.9) (2023-09-27)
 ### Bug Fixes
 * **nextcloud:** Bump Helm chart to add app "groupfolders" ([62b767e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/62b767ef38c8eae2874b20a9aa51e85d2a3fe5a3))
 ## [0.4.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.7...v0.4.8) (2023-09-26)
 ### Bug Fixes
 * **openproject:** Digest rollback ([9acce08](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/9acce081397c06426820b61f39c9aa0dcc1234a5))
 ## [0.4.7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.6...v0.4.7) (2023-09-26)
--- a/README.md
+++ b/README.md
@@ -66,11 +66,12 @@ up your own instance for development purposes. Please see the project
 These are the requirements of the Sovereign Workplace deployment:
- Vanilla K8s cluster
+- K8s cluster >= 1.24, [CNCF Certified Kubernetes Distro](https://www.cncf.io/certification/software-conformance/)
 - Domain and DNS Service
 - Ingress controller (supported are nginx-ingress, ingress-nginx, HAProxy)
- [Helm](https://helm.sh/), [HelmFile](https://helmfile.readthedocs.io/en/latest/) and
+- [Helm](https://helm.sh/) >= v3.9.0
-[HelmDiff](https://github.com/databus23/helm-diff)
+- [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= **v0.157.0**
 - [HelmDiff](https://github.com/databus23/helm-diff) >= 3.6.0
 - Volume provisioner supporting RWO (read-write-once)
 - Certificate handling with [cert-manager](https://cert-manager.io/)
 - [Istio](https://istio.io/) is currently required to deploy and operate OX AppSuite8, we are talking to Open-Xchange and will try to get rid of this dependency.
@@ -155,6 +156,12 @@ and wait a little. After the deployment is finished some bootstrapping is
 executed which might take some more minutes before you can log in your new
 instance.
 Deployments can be removed with:
 ```shell
 helmfile destroy -n <NAMESPACE>
 ```
 ## Offline deployment
 Before executing a [local deployment](#local-deployment), you can set following
@@ -336,6 +343,10 @@ turn:
 ## Security
 This section summarizes various aspects of security and compliance aspects.
 ### Kubernetes Security Enforcements
 This list gives you an overview of default security settings and if they comply with security standards:
@@ -365,6 +376,39 @@ This list gives you an overview of default security settings and if they comply
 | PostgreSQL | postgresql               | :white_check_mark: |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |       :white_check_mark:        |  :white_check_mark:   |   1001    |    1001    |  1001   |
 ### Helm Chart Trust Chain
 Helm Charts which are released via openDesk CI/CD process are always signed. The public GPG keys are present in
 `pubkey.gpg` file and are validated during helmfile installation.
 | Repository                           | OCI |     Verifiable     |
 |--------------------------------------|:---:|:------------------:|
 | bitnami-repo                         | yes |        :x:         |
 | clamav-repo                          | yes | :white_check_mark: |
 | collabora-online-repo                | no  |        :x:         |
 | intercom-service-repo                | yes | :white_check_mark: |
 | istio-resources-repo                 | yes | :white_check_mark: |
 | jitsi-repo                           | yes | :white_check_mark: |
 | keycloak-extensions-repo             | no  |        :x:         |
 | keycloak-theme-repo                  | yes | :white_check_mark: |
 | mariadb-repo                         | yes | :white_check_mark: |
 | nextcloud-repo                       | no  |        :x:         |
 | opendesk-certificates-repo           | yes | :white_check_mark: |
 | opendesk-dovecot-repo                | yes | :white_check_mark: |
 | opendesk-element-repo                | yes | :white_check_mark: |
 | opendesk-keycloak-bootstrap-repo     | yes | :white_check_mark: |
 | opendesk-nextcloud-bootstrap-repo    | yes | :white_check_mark: |
 | opendesk-open-xchange-bootstrap-repo | yes | :white_check_mark: |
 | openproject-repo                     | no  |        :x:         |
 | openxchange-repo                     | yes |        :x:         |
 | ox-connector-repo                    | no  |        :x:         |
 | postfix-repo                         | yes | :white_check_mark: |
 | postgresql-repo                      | yes | :white_check_mark: |
 | univention-corporate-container-repo  | yes | :white_check_mark: |
 | ums-repo                             | no  |        :x:         |
 | xwiki-repo                           | no  |        :x:         |
 # Component integration
 ## Functional use cases
--- a/helmfile/apps/collabora/helmfile.yaml
+++ b/helmfile/apps/collabora/helmfile.yaml
@@ -2,6 +2,8 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # Collabora Online
  # Source: https://github.com/CollaboraOnline/online
  - name: "collabora-online-repo"
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
--- a/helmfile/apps/element/helmfile.yaml
+++ b/helmfile/apps/element/helmfile.yaml
@@ -2,15 +2,22 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # openDesk Element
  # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/sovereign-workplace-element
  - name: "opendesk-element-repo"
    oci: true
    # yamllint disable rule:line-length
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable" }}
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" }}
    # yamllint enable rule:line-length
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
 releases:
  - name: "opendesk-element"
    chart: "opendesk-element-repo/opendesk-element"
-    version: "2.0.1"
+    version: "2.2.0"
    values:
      - "values-element.yaml"
      - "values-element.gotmpl"
@@ -18,7 +25,7 @@ releases:
  - name: "opendesk-well-known"
    chart: "opendesk-element-repo/opendesk-well-known"
-    version: "2.0.1"
+    version: "2.2.0"
    values:
      - "values-well-known.yaml"
      - "values-well-known.gotmpl"
@@ -26,7 +33,7 @@ releases:
  - name: "opendesk-synapse-web"
    chart: "opendesk-element-repo/opendesk-synapse-web"
-    version: "2.0.1"
+    version: "2.2.0"
    values:
      - "values-synapse-web.yaml"
      - "values-synapse-web.gotmpl"
@@ -34,7 +41,7 @@ releases:
  - name: "opendesk-synapse"
    chart: "opendesk-element-repo/opendesk-synapse"
-    version: "2.0.1"
+    version: "2.2.0"
    values:
      - "values-synapse.yaml"
      - "values-synapse.gotmpl"
--- a/helmfile/apps/element/values-synapse.gotmpl
+++ b/helmfile/apps/element/values-synapse.gotmpl
@@ -41,6 +41,13 @@ configuration:
          port: {{ .Values.turn.server.port }}
          transport: {{ .Values.turn.transport }}
        {{- end }}
    guestModule:
      image:
        imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
        registry: "{{ .Values.global.imageRegistry }}"
        repository: "{{ .Values.images.synapseGuestModule.repository }}"
        tag: "{{ .Values.images.synapseGuestModule.tag }}"
 persistence:
  size: "{{ .Values.persistence.size.synapse }}"
--- a/helmfile/apps/element/values-synapse.yaml
+++ b/helmfile/apps/element/values-synapse.yaml
@@ -1,6 +1,11 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
 configuration:
  homeserver:
    guestModule:
      enabled: false
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
--- a/helmfile/apps/intercom-service/helmfile.yaml
+++ b/helmfile/apps/intercom-service/helmfile.yaml
@@ -2,10 +2,15 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # Intercom Service
  # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
  - name: "intercom-service-repo"
    oci: true
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/66/packages/helm/stable" }}
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/intercom-service" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
 releases:
  - name: "intercom-service"
--- a/helmfile/apps/jitsi/helmfile.yaml
+++ b/helmfile/apps/jitsi/helmfile.yaml
@@ -2,11 +2,16 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # openDesk Jitsi
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-jitsi
  - name: "jitsi-repo"
    oci: true
    url: >-
      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
 releases:
  - name: "jitsi"
    chart: "jitsi-repo/sovereign-workplace-jitsi"
--- a/helmfile/apps/jitsi/values-jitsi.gotmpl
+++ b/helmfile/apps/jitsi/values-jitsi.gotmpl
@@ -11,6 +11,9 @@ global:
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 cleanup:
  deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
 image:
  imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
  registry: "{{ .Values.global.imageRegistry }}"
--- a/helmfile/apps/keycloak-bootstrap/helmfile.yaml
+++ b/helmfile/apps/keycloak-bootstrap/helmfile.yaml
@@ -2,14 +2,21 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-keycloak-bootstrap-repo"
+  # openDesk Keycloak Bootstrap
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-bootstrap
  - name: "opendesk-keycloak-bootstrap-repo"
    oci: true
    # yamllint disable rule:line-length
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable" }}
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" }}
    # yamllint enable rule:line-length
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
 releases:
-  - name: "sovereign-workplace-keycloak-bootstrap"
+  - name: "opendesk-keycloak-bootstrap"
-    chart: "sovereign-workplace-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
+    chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
    version: "1.1.11"
    values:
      - "values-bootstrap.gotmpl"
--- a/helmfile/apps/keycloak-bootstrap/values-bootstrap.gotmpl
+++ b/helmfile/apps/keycloak-bootstrap/values-bootstrap.gotmpl
@@ -11,6 +11,10 @@ global:
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 cleanup:
  deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
  keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
 config:
  administrator:
    password: "{{ .Values.secrets.keycloak.adminPassword }}"
--- a/helmfile/apps/keycloak-bootstrap/values-bootstrap.yaml
+++ b/helmfile/apps/keycloak-bootstrap/values-bootstrap.yaml
@@ -4,7 +4,4 @@
 config:
  administrator:
    username: "kcadmin"
 cleanup:
  deletePodsOnSuccess: true
 ...
--- a/helmfile/apps/keycloak/helmfile.yaml
+++ b/helmfile/apps/keycloak/helmfile.yaml
@@ -2,15 +2,25 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # VMWare Bitnami
  # Source: https://github.com/bitnami/charts/
  - name: "bitnami-repo"
    oci: true
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
         default "registry-1.docker.io/bitnamicharts" }}
    # Bitnami charts are not signed, see https://github.com/bitnami/charts/issues/14491
    verify: false
  # openDesk Keycloak Theme
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-theme
  - name: "keycloak-theme-repo"
    oci: true
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/96/packages/helm/stable" }}
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/keycloak-theme" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # openDesk Keycloak Extensions
  - name: "keycloak-extensions-repo"
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
@@ -18,8 +28,8 @@ repositories:
 releases:
  - name: "keycloak-theme"
-    chart: "keycloak-theme-repo/sovereign-workplace-theme"
+    chart: "keycloak-theme-repo/opendesk-keycloak-theme"
-    version: "1.1.0"
+    version: "2.0.0"
    values:
      - "values-theme.gotmpl"
    condition: "keycloak.enabled"
--- a/helmfile/apps/nextcloud/helmfile.yaml
+++ b/helmfile/apps/nextcloud/helmfile.yaml
@@ -2,6 +2,9 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # openDesk Keycloak Bootstrap
  # Source:
  #  https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/sovereign-workplace-nextcloud-bootstrap
  - name: "opendesk-nextcloud-bootstrap-repo"
    oci: true
    # yamllint disable rule:line-length
@@ -9,6 +12,10 @@ repositories:
      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }}
    # yamllint enable rule:line-length
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # Nextcloud
  # Source: https://github.com/nextcloud/helm/
  - name: "nextcloud-repo"
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
@@ -17,7 +24,7 @@ repositories:
 releases:
  - name: "opendesk-nextcloud-bootstrap"
    chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
-    version: "3.1.1"
+    version: "3.1.2"
    wait: true
    waitForJobs: true
    values:
--- a/helmfile/apps/nextcloud/values-bootstrap.gotmpl
+++ b/helmfile/apps/nextcloud/values-bootstrap.gotmpl
@@ -43,6 +43,11 @@ config:
    username: "{{ .Values.smtp.username }}"
    password: "{{ .Values.smtp.password }}"
 cleanup:
  deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
  deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
  keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
 image:
  imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
  registry: "{{ .Values.global.imageRegistry }}"
--- a/helmfile/apps/nextcloud/values-bootstrap.yaml
+++ b/helmfile/apps/nextcloud/values-bootstrap.yaml
@@ -13,7 +13,4 @@ config:
  ldapSearch:
    host: "univention-corporate-container"
 cleanup:
  deletePodsOnSuccess: false
 ...
--- a/helmfile/apps/open-xchange/helmfile.yaml
+++ b/helmfile/apps/open-xchange/helmfile.yaml
@@ -2,23 +2,35 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "dovecot-repo"
+  # openDesk Dovecot
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-dovecot
  - name: "opendesk-dovecot-repo"
    oci: true
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         default "https://gitlab.souvap-univention.de/api/v4/projects/80/packages/helm/stable" }}
+         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/dovecot" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # Open-Xchange
  - name: "openxchange-repo"
    oci: true
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
-         default "registry.open-xchange.com" }}
+  # openDesk Open-Xchange Bootstrap
-  - name: "sovereign-workplace-open-xchange-bootstrap-repo"
+  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-open-xchange-bootstrap
  - name: "opendesk-open-xchange-bootstrap-repo"
    oci: true
    # yamllint disable rule:line-length
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         default "https://gitlab.souvap-univention.de/api/v4/projects/139/packages/helm/stable" }}
+         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" }}
    # yamllint enable rule:line-length
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
 releases:
  - name: "dovecot"
-    chart: "dovecot-repo/dovecot"
+    chart: "opendesk-dovecot-repo/dovecot"
    version: "1.3.1"
    values:
      - "values-dovecot.yaml"
@@ -37,11 +49,11 @@ releases:
    condition: "oxAppsuite.enabled"
    timeout: 900
-  - name: "sovereign-workplace-open-xchange-bootstrap"
+  - name: "opendesk-open-xchange-bootstrap"
-    chart: "sovereign-workplace-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
+    chart: "opendesk-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
    version: "1.3.1"
    values:
-      - "values-openxchange-bootstrap.yaml"
+      - "values-openxchange-bootstrap.gotmpl"
    condition: "oxAppsuite.enabled"
    timeout: 900
--- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.gotmpl
@@ -3,6 +3,10 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 cleanup:
  deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
  deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
 image:
  registry: "{{ .Values.global.imageRegistry }}"
  url: "{{ .Values.images.openxchangeBootstrap.repository }}"
--- a/helmfile/apps/open-xchange/values-openxchange.yaml
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml
@@ -4,7 +4,7 @@
 appsuite:
  istio:
    ingressGateway:
-      name: "sovereign-workplace-gateway-istio-gateway"
+      name: "opendesk-gateway-istio-gateway"
  core-mw:
    enabled: true
--- a/helmfile/apps/openproject/helmfile.yaml
+++ b/helmfile/apps/openproject/helmfile.yaml
@@ -2,6 +2,8 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # OpenProject
  # Source: https://github.com/opf/helm-charts
  - name: "openproject-repo"
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
--- a/helmfile/apps/provisioning/helmfile.yaml
+++ b/helmfile/apps/provisioning/helmfile.yaml
@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # OX Connector
  - name: "ox-connector-repo"
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
--- a/helmfile/apps/services/helmfile.yaml
+++ b/helmfile/apps/services/helmfile.yaml
@@ -2,43 +2,76 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
-  - name: "sovereign-workplace-certificates-repo"
+  # openDesk Certificates
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-certificates
  - name: "opendesk-certificates-repo"
    oci: true
    # yamllint disable rule:line-length
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/133/packages/helm/stable" }}
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" }}
    # yamllint enable rule:line-length
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # openDesk PostgreSQL
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postgresql
  - name: "postgresql-repo"
    oci: true
    url: >-
      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postgresql" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # openDesk MariaDB
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-mariadb
  - name: "mariadb-repo"
    oci: true
    url: >-
      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/mariadb" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # openDesk Postfix
  # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postfix
  - name: "postfix-repo"
    oci: true
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/85/packages/helm/stable" }}
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postfix" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # openDesk Istio Resources
  # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-istio-resources
  - name: "istio-resources-repo"
    oci: true
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/69/packages/helm/stable" }}
+         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/istio-ressources" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # openDesk ClamAV
  # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-clamav
  - name: "clamav-repo"
    oci: true
    url: >-
      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/clamav" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # VMWare Bitnami
  # Source: https://github.com/bitnami/charts/
  - name: "bitnami-repo"
    oci: true
    url: >-
      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
         default "registry-1.docker.io/bitnamicharts" }}
    # Bitnami charts are not signed, see https://github.com/bitnami/charts/issues/14491
    verify: false
 releases:
-  - name: "sovereign-workplace-certificates"
+  - name: "opendesk-certificates"
-    chart: "sovereign-workplace-certificates-repo/sovereign-workplace-certificates"
+    chart: "opendesk-certificates-repo/opendesk-certificates"
-    version: "1.2.2"
+    version: "2.1.0"
    values:
      - "values-certificates.gotmpl"
    condition: "certificates.enabled"
@@ -59,7 +92,7 @@ releases:
    timeout: 900
  - name: "mariadb"
    chart: "mariadb-repo/mariadb"
-    version: "2.1.0"
+    version: "2.0.2"
    values:
      - "values-mariadb.yaml"
      - "values-mariadb.gotmpl"
@@ -86,9 +119,9 @@ releases:
      - "values-clamav-simple.yaml"
      - "values-clamav-simple.gotmpl"
    condition: "clamavSimple.enabled"
-  - name: "sovereign-workplace-gateway"
+  - name: "opendesk-gateway"
    chart: "istio-resources-repo/istio-gateway"
-    version: "1.1.2"
+    version: "2.0.0"
    values:
      - "values-istio-gateway.yaml"
      - "values-istio-gateway.gotmpl"
--- a/helmfile/apps/services/values-certificates.gotmpl
+++ b/helmfile/apps/services/values-certificates.gotmpl
@@ -18,4 +18,9 @@ istio:
  issuerRef:
    name: "{{ .Values.istio.issuerRef.name }}"
 {{- end }}
 cleanup:
  keepRessourceOnDelete: {{ .Values.cleanup.keepRessourceOnDelete }}
 wildcard: {{ .Values.certificate.wildcard }}
 ...
--- a/helmfile/apps/services/values-istio-gateway.gotmpl
+++ b/helmfile/apps/services/values-istio-gateway.gotmpl
@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
 global:
  domain: "{{ .Values.istio.domain }}"
  hosts:
-    {{ .Values.global.hosts | toYaml | nindent 4 }}
+    openxchange: "{{ .Values.global.hosts.openxchange }}"
 tls:
  secretName: "{{ .Values.istio.domain }}-tls"
--- a/helmfile/apps/univention-corporate-container/helmfile.yaml
+++ b/helmfile/apps/univention-corporate-container/helmfile.yaml
@@ -2,10 +2,16 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # openDesk Univention Corporate Server (as eval Container)
  - name: "univention-corporate-container-repo"
    oci: true
    # yamllint disable rule:line-length
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         default "https://gitlab.souvap-univention.de/api/v4/projects/132/packages/helm/stable" }}
+         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/univention-corporate-container" }}
    # yamllint enable rule:line-length
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
 releases:
  - name: "univention-corporate-container"
--- a/helmfile/apps/univention-management-stack/helmfile.yaml
+++ b/helmfile/apps/univention-management-stack/helmfile.yaml
@@ -5,14 +5,15 @@ bases:
  - "../../bases/environments.yaml"
 repositories:
-  - name: "univention"
+  # Univention Management Stack
  - name: "ums-repo"
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
         default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
 releases:
  - name: "ums-store-dav"
-    chart: "univention/store-dav"
+    chart: "ums-repo/store-dav"
    version: "0.2.0"
    values:
      - "values-common.gotmpl"
@@ -20,7 +21,7 @@ releases:
      - "values-store-dav.gotmpl"
    condition: "univentionManagementStack.enabled"
  - name: "ums-ldap-server"
-    chart: "univention/ldap-server"
+    chart: "ums-repo/ldap-server"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -28,7 +29,7 @@ releases:
      - "values-ldap-server.gotmpl"
    condition: "univentionManagementStack.enabled"
  - name: "ums-ldap-notifier"
-    chart: "univention/ldap-notifier"
+    chart: "ums-repo/ldap-notifier"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -37,7 +38,7 @@ releases:
      - "values-ldap-notifier.yaml"
    condition: "univentionManagementStack.enabled"
  - name: "ums-udm-rest-api"
-    chart: "univention/udm-rest-api"
+    chart: "ums-repo/udm-rest-api"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -45,7 +46,7 @@ releases:
      - "values-udm-rest-api.gotmpl"
    condition: "univentionManagementStack.enabled"
  - name: "ums-stack-data-ums"
-    chart: "univention/stack-data-ums"
+    chart: "ums-repo/stack-data-ums"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -53,7 +54,7 @@ releases:
      - "values-stack-data-ums.gotmpl"
    condition: "univentionManagementStack.enabled"
  - name: "ums-stack-data-swp"
-    chart: "univention/stack-data-swp"
+    chart: "ums-repo/stack-data-swp"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -61,7 +62,7 @@ releases:
      - "values-stack-data-swp.gotmpl"
    condition: "univentionManagementStack.enabled"
  - name: "ums-portal-server"
-    chart: "univention/portal-server"
+    chart: "ums-repo/portal-server"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -69,7 +70,7 @@ releases:
      - "values-portal-server.gotmpl"
    condition: "univentionManagementStack.enabled"
  - name: "ums-notifications-api"
-    chart: "univention/notifications-api"
+    chart: "ums-repo/notifications-api"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -78,7 +79,7 @@ releases:
      - "values-notifications-api.yaml"
    condition: "univentionManagementStack.enabled"
  - name: "ums-portal-listener"
-    chart: "univention/portal-listener"
+    chart: "ums-repo/portal-listener"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -87,7 +88,7 @@ releases:
      - "values-portal-listener.yaml"
    condition: "univentionManagementStack.enabled"
  - name: "ums-portal-frontend"
-    chart: "univention/portal-frontend"
+    chart: "ums-repo/portal-frontend"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -95,7 +96,7 @@ releases:
      - "values-portal-frontend.gotmpl"
    condition: "univentionManagementStack.enabled"
  - name: "ums-umc-gateway"
-    chart: "univention/umc-gateway"
+    chart: "ums-repo/umc-gateway"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
@@ -104,7 +105,7 @@ releases:
      - "values-umc-gateway.yaml"
    condition: "univentionManagementStack.enabled"
  - name: "ums-umc-server"
-    chart: "univention/umc-server"
+    chart: "ums-repo/umc-server"
    version: "0.1.0"
    values:
      - "values-common.gotmpl"
--- a/helmfile/apps/xwiki/helmfile.yaml
+++ b/helmfile/apps/xwiki/helmfile.yaml
@@ -2,6 +2,8 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
  # XWiki
  # Source: https://github.com/xwiki-contrib/xwiki-helm
  - name: "xwiki-repo"
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
--- a/helmfile/environments/default/certificate.yaml
+++ b/helmfile/environments/default/certificate.yaml
@@ -4,4 +4,5 @@
 certificate:
  issuerRef:
    name: "letsencrypt-prod"
  wildcard: false
 ...
--- a/helmfile/environments/default/debug.yaml
+++ b/helmfile/environments/default/debug.yaml
@@ -0,0 +1,13 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
 cleanup:
  # Keep Pods/Job logs after successful run.
  deletePodsOnSuccess: true
  # When deletePodsOnSuccess is enabled, the pod will be deleted after configured seconds.
  deletePodsOnSuccessTimeout: 60
  # Keep persistence on deletion of this release.
  keepPVCOnDelete: false
  # Keep additional resources, like certificates on deletion of this release.
  keepRessourceOnDelete: true
 ...
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -16,7 +16,7 @@ images:
    # @supplier: "Open-Xchange"
  element:
    repository: "souvap/tooling/images/element-web"
-    tag: "latest@sha256:16506bba9da546b1bf5896892f6f4afefea3d0f1d8ed93eae511212627a029b9"
+    tag: "1.1.0@sha256:4fc2df523090cf012b50a681c92482f61231baf4cce67de467dd9f79c181bc93"
    # @supplier: "Element"
  freshclam:
    repository: "clamav/clamav"
@@ -72,7 +72,8 @@ images:
    # @supplier: "Univention"
  mariadb:
    repository: "mariadb"
-    tag: "11.1.2-jammy@sha256:b6440c4f4e1471bdcee202e4c4e21c1f93af87421f6d33028363dd224e54f481"
+    # For upgrades at least confirm compatibility of target version with OX (regarding AS Guard)
    tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
    # @supplier: "openDesk DevSecOps"
  memcached:
    repository: "bitnami/memcached"
@@ -87,8 +88,8 @@ images:
    tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
    # @supplier: "Nextcloud Community"
  openproject:
-    repository: "souvap/tooling/images/openproject/open_desk"
+    repository: "souvap/tooling/images/openproject/souvap"
-    tag: "dev@sha256:4d8371dd2577847c9288d296e865abccb5891464a3a435f9a6098c32e60c9a52"
+    tag: "dev@sha256:03eb1eacc0c0c4e9e7d0f0c3d265fd0c15fd01cda33bc4f89cbc487ad53474a8"
    # @supplier: "OpenProject"
  openxchangeBootstrap:
    repository: "alpine/k8s"
@@ -156,6 +157,10 @@ images:
    repository: "matrixdotorg/synapse"
    tag: "v1.91.2@sha256:1d19508db417bb2b911c8e086bd3dc3b719ee75c6f6194d58af59b4c32b11322"
    # @supplier: "Element"
  synapseGuestModule:
    repository: "nordeck/synapse-guest-module"
    tag: "1.0.0@sha256:e9c736d84a77df93b2dbe3e3afa7b0ca3efcbc4457677adaac5df3cc79a85923"
    # @supplier: "Nordeck"
  synapseWeb:
    repository: "rapidfort/haproxy-official"
    tag: "2.6.6-bullseye@sha256:bf22cfb1301aae433213f5f8c687bc5d9ecc6b86daf1084be5f7a339bd27cadd"
--- a/helmfile/environments/default/ingress.yaml
+++ b/helmfile/environments/default/ingress.yaml
@@ -6,5 +6,5 @@ ingress:
  ingressClassName: ""
  tls:
    enabled: true
-    secretName: "sovereign-workplace-certificates-tls"
+    secretName: "opendesk-certificates-tls"
 ...
--- a/helmfile/files/gpg-pubkeys/souvap-univention-de.gpg
+++ b/helmfile/files/gpg-pubkeys/souvap-univention-de.gpg
--- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml
+++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml
@@ -1,6 +1,2 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
 cleanup:
  deletePodsOnSuccess: true
 ...
Author	SHA1	Message	Date
Thorsten Roßner	1d8a0ccf1a	chore(release): 0.5.3 [skip ci] ## [0.5.3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.2...v0.5.3) (2023-09-28) ### Bug Fixes * open-xchange: Rollback MariaDB version to fix OX Guard initialization ([`e33acd3`](`e33acd33e7`))	2023-09-28 16:38:21 +00:00
Thorsten Rossner	e33acd33e7	fix(open-xchange): Rollback MariaDB version to fix OX Guard initialization	2023-09-28 16:36:28 +00:00
Thorsten Roßner	74e206694e	chore(release): 0.5.2 [skip ci] ## [0.5.2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.1...v0.5.2) (2023-09-28) ### Bug Fixes * ci: Add Gitlab-CI sledgehammer deployment removal ([`6fd655a`](`6fd655a0b1`))	2023-09-28 09:06:20 +00:00
Dominik Kaminski	6fd655a0b1	fix(ci): Add Gitlab-CI sledgehammer deployment removal	2023-09-28 10:01:01 +02:00
Thorsten Roßner	d4c39025b6	chore(release): 0.5.1 [skip ci] ## [0.5.1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.0...v0.5.1) (2023-09-28) ### Bug Fixes * docs: Add 'Helm Chart Trust Chain' section ([`b6b4972`](`b6b4972a5d`)) * docs: Highlight that Helmfile >= 0.157.0 is required ([`d86f516`](`d86f516747`)) * element: Use OCI registry and verify chart signatures ([`a41b9a6`](`a41b9a699c`)) * helmfile: Add cleanup flag for job resources ([`0f01b94`](`0f01b94aa1`)) * helmfile: Create directory for gpg pubkeys ([`4c5731e`](`4c5731e6bb`)) * intercom-service: Use OCI registry and verify chart signatures ([`74b3d41`](`74b3d41381`)) * jitsi: Verify chart signatures ([`1dd6582`](`1dd6582ec7`)) * keycloak-bootstrap: Use OCI registry and verify chart signatures ([`ca5d5f8`](`ca5d5f8280`)) * keycloak: Use OCI registry and verify chart signatures ([`095059c`](`095059c7e5`)) * nextcloud: Use OCI registry and verify chart signatures ([`41dfdc0`](`41dfdc0c8f`)) * open-xchange: Use OCI registry and verify chart signatures ([`2d5d370`](`2d5d3708f7`)) * open-xchange: Use renamed istio gateway ([`65d2642`](`65d2642d34`)) * openproject: Use OCI registry and verify chart signatures ([`5343840`](`5343840bed`)) * services: Add wildcard certifcate request support ([`15ad8ca`](`15ad8ca7ab`)) * services: Bump opendesk-certificates to 2.1.0 ([`4372f06`](`4372f063e0`)) * services: Only create istio gateway with webmail domain ([`6a39011`](`6a390112da`)) * services: Use OCI registry for all services and add gpg verify mechanism ([`892920b`](`892920b048`)) * univention-corporate-container: Use OCI registry and verify chart signatures ([`424317e`](`424317ed58`))	2023-09-28 07:23:23 +00:00
Dominik Kaminski	d86f516747	fix(docs): Highlight that Helmfile >= 0.157.0 is required	2023-09-28 09:00:34 +02:00
Dominik Kaminski	4c5731e6bb	fix(helmfile): Create directory for gpg pubkeys	2023-09-28 08:41:49 +02:00
Dominik Kaminski	6a390112da	fix(services): Only create istio gateway with webmail domain	2023-09-27 22:13:39 +02:00
Dominik Kaminski	65d2642d34	fix(open-xchange): Use renamed istio gateway	2023-09-27 22:03:41 +02:00
Dominik Kaminski	55f73924df	chore(univention-corporate-container): Add missing OCI flag	2023-09-27 21:49:13 +02:00
Dominik Kaminski	11cc708f6e	chore(open-xchange): Remove duplicate default key	2023-09-27 21:48:55 +02:00
Dominik Kaminski	b6b4972a5d	fix(docs): Add 'Helm Chart Trust Chain' section	2023-09-27 20:55:41 +02:00
Dominik Kaminski	2e3f5f6e53	chore(xwiki): Add source to repo description	2023-09-27 20:55:41 +02:00
Dominik Kaminski	3da2aaaed9	chore(univention-management-stack): Rename repostory to ums-repo	2023-09-27 20:55:41 +02:00
Dominik Kaminski	424317ed58	fix(univention-corporate-container): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	b335bc4c3b	chore(provisioning): Add respository comment	2023-09-27 20:55:40 +02:00
Dominik Kaminski	5343840bed	fix(openproject): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	2d5d3708f7	fix(open-xchange): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	41dfdc0c8f	fix(nextcloud): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	ca5d5f8280	fix(keycloak-bootstrap): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	095059c7e5	fix(keycloak): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	1dd6582ec7	fix(jitsi): Verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	74b3d41381	fix(intercom-service): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	a41b9a699c	fix(element): Use OCI registry and verify chart signatures	2023-09-27 20:55:40 +02:00
Dominik Kaminski	0b4cd739fc	chore(collabora): Add souce link to repository	2023-09-27 20:55:40 +02:00
Dominik Kaminski	4372f063e0	fix(services): Bump opendesk-certificates to 2.1.0	2023-09-27 20:55:40 +02:00
Dominik Kaminski	15ad8ca7ab	fix(services): Add wildcard certifcate request support	2023-09-27 20:55:40 +02:00
Dominik Kaminski	1884a90e6f	chore(helmfile): Quote string and fix line endings	2023-09-27 20:55:40 +02:00
Dominik Kaminski	0997f2e4a7	chore(helmfile): Add license for gpg key	2023-09-27 20:55:40 +02:00
Dominik Kaminski	0f01b94aa1	fix(helmfile): Add cleanup flag for job resources	2023-09-27 20:55:40 +02:00
Dominik Kaminski	892920b048	fix(services): Use OCI registry for all services and add gpg verify mechanism	2023-09-27 20:55:40 +02:00
Thorsten Roßner	5c3568871b	chore(release): 0.5.0 [skip ci] # [0.5.0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.9...v0.5.0) (2023-09-27) ### Bug Fixes * element: Move the static configuration into the values.yaml ([`f22619b`](`f22619bd8e`)) * element: Specify resources for the guest module init container ([`275798c`](`275798c1d6`)) ### Features * element: Activate the guest module ([`5ad25ac`](`5ad25acafd`))	2023-09-27 14:37:23 +00:00
Dominik Henneke	f22619bd8e	fix(element): Move the static configuration into the values.yaml	2023-09-27 16:33:22 +02:00
Dominik Henneke	275798c1d6	fix(element): Specify resources for the guest module init container	2023-09-27 16:33:22 +02:00
Dominik Henneke	5ad25acafd	feat(element): Activate the guest module	2023-09-27 16:18:00 +02:00
Thorsten Roßner	437633cda6	chore(release): 0.4.9 [skip ci] ## [0.4.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.8...v0.4.9) (2023-09-27) ### Bug Fixes * nextcloud: Bump Helm chart to add app "groupfolders" ([`62b767e`](`62b767ef38`))	2023-09-27 13:47:20 +00:00
Thorsten Rossner	62b767ef38	fix(nextcloud): Bump Helm chart to add app "groupfolders"	2023-09-27 13:44:47 +00:00
Thorsten Roßner	02be7c15bb	chore(release): 0.4.8 [skip ci] ## [0.4.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.4.7...v0.4.8) (2023-09-26) ### Bug Fixes * openproject: Digest rollback ([`9acce08`](`9acce08139`))	2023-09-26 16:11:15 +00:00
Thorsten Roßner	9acce08139	fix(openproject): Digest rollback	2023-09-26 18:02:31 +02:00