mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
a7fef3afff | ||
|
|
5d01f8ca46 | ||
|
|
7093022ec4 | ||
|
|
2313f75dbe | ||
|
|
af9caea726 | ||
|
|
b39986907c |
21
CHANGELOG.md
21
CHANGELOG.md
@@ -1,3 +1,24 @@
|
||||
## [0.5.20](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.19...v0.5.20) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Remove old XWiki image, set explicit timeout for OP deployment, bump Jitsi Helm chart to enable chat for stand-alone Jitsi ([5d01f8c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5d01f8ca46384d63d69dab0119998c4bb3183084))
|
||||
|
||||
## [0.5.19](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.18...v0.5.19) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Update Element Web and Nordeck Widgets to latest releases ([2313f75](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2313f75dbe32d855b0c440944bd0de51c8e104ca))
|
||||
|
||||
## [0.5.18](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.17...v0.5.18) (2023-10-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **xwiki:** Switch to Alpine/Jetty slim image ([b399869](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b39986907cece3cec06012531a55b2699d131f90))
|
||||
|
||||
## [0.5.17](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.16...v0.5.17) (2023-10-28)
|
||||
|
||||
|
||||
|
||||
15
README.md
15
README.md
@@ -333,7 +333,7 @@ actual scalability of the components (see column `Scaling (verified)`).
|
||||
|
||||
### Mail/SMTP configuration
|
||||
|
||||
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
|
||||
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
|
||||
the whole subdomain.
|
||||
|
||||
```yaml
|
||||
@@ -376,10 +376,10 @@ This list gives you an overview of default security settings and if they comply
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
@@ -567,6 +567,11 @@ that can be found at `Settings` -> `CI/CD` -> `Variables`. The variable should h
|
||||
If the branch of the test pipeline is not `main` this can be set with the .gitlab-ci.yml variable
|
||||
`TESTS_BRANCH` while creating a new pipeline.
|
||||
|
||||
# License
|
||||
This project uses the following license: Apache-2.0
|
||||
|
||||
# Copyright
|
||||
Copyright (C) 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
|
||||
# Footnotes
|
||||
|
||||
|
||||
@@ -34,6 +34,7 @@ releases:
|
||||
- "values-element.yaml"
|
||||
- "values-element.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-well-known"
|
||||
chart: "opendesk-element-repo/opendesk-well-known"
|
||||
@@ -42,6 +43,7 @@ releases:
|
||||
- "values-well-known.yaml"
|
||||
- "values-well-known.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-synapse-web"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||
@@ -50,6 +52,7 @@ releases:
|
||||
- "values-synapse-web.yaml"
|
||||
- "values-synapse-web.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-synapse"
|
||||
chart: "opendesk-element-repo/opendesk-synapse"
|
||||
@@ -58,6 +61,7 @@ releases:
|
||||
- "values-synapse.yaml"
|
||||
- "values-synapse.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
@@ -66,6 +70,7 @@ releases:
|
||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service"
|
||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||
@@ -74,6 +79,7 @@ releases:
|
||||
- "values-matrix-user-verification-service.yaml"
|
||||
- "values-matrix-user-verification-service.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neoboard-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
|
||||
@@ -82,6 +88,7 @@ releases:
|
||||
- "values-matrix-neoboard-widget.yaml"
|
||||
- "values-matrix-neoboard-widget.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neochoice-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
|
||||
@@ -90,6 +97,7 @@ releases:
|
||||
- "values-matrix-neochoice-widget.yaml"
|
||||
- "values-matrix-neochoice-widget.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
|
||||
@@ -98,6 +106,7 @@ releases:
|
||||
- "values-matrix-neodatefix-widget.yaml"
|
||||
- "values-matrix-neodatefix-widget.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-bot-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
@@ -106,6 +115,7 @@ releases:
|
||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-bot"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
|
||||
@@ -114,6 +124,7 @@ releases:
|
||||
- "values-matrix-neodatefix-bot.yaml"
|
||||
- "values-matrix-neodatefix-bot.gotmpl"
|
||||
condition: "element.enabled"
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
|
||||
@@ -15,7 +15,7 @@ repositories:
|
||||
releases:
|
||||
- name: "jitsi"
|
||||
chart: "jitsi-repo/sovereign-workplace-jitsi"
|
||||
version: "1.5.1"
|
||||
version: "1.7.1"
|
||||
values:
|
||||
- "values-jitsi.gotmpl"
|
||||
condition: "jitsi.enabled"
|
||||
|
||||
@@ -19,6 +19,7 @@ releases:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "openproject.enabled"
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
|
||||
@@ -12,7 +12,7 @@ repositories:
|
||||
releases:
|
||||
- name: "xwiki"
|
||||
chart: "xwiki-repo/xwiki"
|
||||
version: "1.1.3"
|
||||
version: "1.2.3"
|
||||
wait: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
|
||||
@@ -1,6 +1,31 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
|
||||
customConfigs:
|
||||
xwiki.cfg:
|
||||
xwiki.url.protocol: "https"
|
||||
## Indicate the LDAP field defining the user UID
|
||||
# xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
oidc.endpoint.userinfo.method: "GET"
|
||||
oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
|
||||
oidc.user.subjectFormater: "${oidc.user.subject}"
|
||||
# yamllint disable-line rule:line-length
|
||||
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
|
||||
oidc.clientid: "xwiki"
|
||||
oidc.endpoint.token.auth_method: "client_secret_basic"
|
||||
oidc.skipped: false
|
||||
oidc.logoutMechanism: "rpInitiated"
|
||||
|
||||
image:
|
||||
pullPolicy: "IfNotPresent"
|
||||
|
||||
@@ -15,9 +40,8 @@ ingress:
|
||||
istio:
|
||||
enabled: false
|
||||
|
||||
service:
|
||||
externalPort: 80
|
||||
enabled: true
|
||||
mariadb:
|
||||
enabled: false
|
||||
|
||||
mysql:
|
||||
enabled: false
|
||||
@@ -25,14 +49,11 @@ mysql:
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
mariadb:
|
||||
enabled: false
|
||||
|
||||
properties:
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.colorTheme": "FlamingoThemes.Iceberg"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de_DE"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.timezone": "Europe/Berlin"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de_DE"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.link-color": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary"
|
||||
@@ -62,25 +83,13 @@ properties:
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
|
||||
customConfigs:
|
||||
xwiki.cfg:
|
||||
xwiki.url.protocol: "https"
|
||||
## Indicate the LDAP field defining the user UID
|
||||
# xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
securityContext:
|
||||
enabled: true
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
oidc.endpoint.userinfo.method: "GET"
|
||||
oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
|
||||
oidc.user.subjectFormater: "${oidc.user.subject}"
|
||||
# yamllint disable-line rule:line-length
|
||||
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
|
||||
oidc.clientid: "xwiki"
|
||||
oidc.endpoint.token.auth_method: "client_secret_basic"
|
||||
oidc.skipped: false
|
||||
oidc.logoutMechanism: "rpInitiated"
|
||||
service:
|
||||
externalPort: 80
|
||||
enabled: true
|
||||
|
||||
volumePermissions:
|
||||
enabled: true
|
||||
...
|
||||
|
||||
@@ -16,7 +16,7 @@ images:
|
||||
# @supplier: "Open-Xchange"
|
||||
element:
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
tag: "1.3.0@sha256:25bd7d731dc501cd00fac61c9db8807b635d1150a99067137b7fb290981ec8f8"
|
||||
tag: "1.4.0@sha256:81fd60c8feba4cfc65de3cf950d4b5ca724cabcc46da279edec74af192ecff00"
|
||||
# @supplier: "Element"
|
||||
freshclam:
|
||||
repository: "clamav/clamav"
|
||||
@@ -82,7 +82,7 @@ images:
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
matrixNeoBoardWidget:
|
||||
repository: "nordeck/matrix-neoboard-widget"
|
||||
tag: "0.4.0@sha256:c5e72409a0edc1962e9be618fcb83acce19e64c0c645075d8ff0ccde06e93fc7"
|
||||
tag: "1.0.0@sha256:584b9c18ea3dfd4b7f1e73f3e114bc1dcd5731b400a8d037576bf2a797c8b086"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoChoiceWidget:
|
||||
repository: "nordeck/matrix-poll-widget"
|
||||
@@ -90,11 +90,11 @@ images:
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixBot:
|
||||
repository: "nordeck/matrix-meetings-bot"
|
||||
tag: "2.4.0@sha256:d6560841c3708bd8b55623ef70dd55bf4792da6ed6cd5026c37a5e4df7c8a3a3"
|
||||
tag: "2.4.2@sha256:f5b3362560255470076f3e6c95a0dd93a8f781398afb992c1e1212764fa87297"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixWidget:
|
||||
repository: "nordeck/matrix-meetings-widget"
|
||||
tag: "1.5.1@sha256:a518c194fa1b8cf2886c02623d883810f166f27259ce7d4e0138b962dea565e7"
|
||||
tag: "1.5.2@sha256:cc9e2592c9159cc8f6bed96dae0be6e6fe599977dbef64cbdb1c1b84db85a2bb"
|
||||
# @supplier: "Nordeck"
|
||||
matrixUserVerificationService:
|
||||
repository: "matrixdotorg/matrix-user-verification-service"
|
||||
@@ -269,12 +269,6 @@ images:
|
||||
# @supplier: "Element"
|
||||
xwiki:
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.10-mariadb-tomcat@sha256:02f0ff6407ccdd8dab17814202e28991fe0aa8d44fa106ba171cff5249eaf58f"
|
||||
tag: "0.11-mariadb-jetty-alpine@sha256:a334e18d171458ed41ef356e82580561f48b0edf60b4979dc4ed9503eb497c59"
|
||||
# @supplier: "XWiki"
|
||||
xwikiJetty:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.11-SNAPSHOT-mariadb-jetty-alpine"
|
||||
# @supplier: "XWiki"
|
||||
|
||||
...
|
||||
|
||||
Reference in New Issue
Block a user