sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: sheppy:v0.5.18
Branches Tags
sheppy:develop sheppy:renovate/univention sheppy:renovate/openxchange sheppy:trossner/gpg-keys sheppy:trossner/mail_doc sheppy:tkaltenbrunner/fix-milter sheppy:ntretkowski/intercom-update sheppy:b1-boekhorst/nc_testing_encryption_bfp_nginx sheppy:trossner/ox_deputy sheppy:kuntke/size-profiles sheppy:trossner/misc_1.11.0 sheppy:feat/openproject/bump-16-6-2 sheppy:renovate/opf-helm-charts-openproject-11.x sheppy:rohland/selfsigned sheppy:sschmidt/feat_update_otterize sheppy:sell/opendesk-exporter sheppy:trossner/coco-update sheppy:renovate/lasuite-impress-y-provider-4.x sheppy:renovate/opf-helm-charts-openproject-10.x sheppy:renovate/openproject sheppy:renovate/nordeck sheppy:renovate/element sheppy:renovate/collabora sheppy:lender/test-externalsecrets sheppy:rfischer/baseline_requirements_update_2025 sheppy:chore/kyverno-sec sheppy:sell/pythonic-charts-local sheppy:trossner/ox-jitsi sheppy:irondesk-preview sheppy:chore/open-xchange/update-8.43 sheppy:b1-boekhorst/nc_basicauth_testing sheppy:lluerenbaum/develop sheppy:rfischer/nc_sharereview_app sheppy:tkaltenbrunner/fix/new-element-chart sheppy:vpracht/demo sheppy:main sheppy:b1-boekhorst/nc_status_php sheppy:gaberb1/postfix-sasl-security-options sheppy:ntretkowski/nubus-v1.15.0 sheppy:ntretkowski/ox-connector-v0.32.2 sheppy:sschmidt/feat_add_otterize_chart sheppy:b1-boekhorst/nc_bfp sheppy:trossner/nc_31-0-9 sheppy:trossner/token_exchange sheppy:boekhorst/nc_31-0-10_testing sheppy:ntretkowski/nubus-v1.14.1 sheppy:tkaltenbrunner/fix/dovecot-migration sheppy:tkaltenbrunner/fix/dovecot-caches sheppy:tkaltenbrunner/fix/postfix-transport sheppy:chore/open-xchange/update-8.42 sheppy:dkaminski/ca_certs sheppy:dpapoutsis/bundled-keycloak-secrets sheppy:boekhorst/favicon_resize sheppy:irondesk sheppy:boekhorst/nc_31-0-9 sheppy:migration_test sheppy:sschmidt/fix_services_otterize_intents sheppy:mmeschter/nats-secrets-refactor sheppy:sccon_2025 sheppy:jtorres/ox-test sheppy:lender/feat-externalsecrets-xwiki sheppy:sschmidt/fix_nubus_opendesk_keycloak_bootstrap_annotation sheppy:ntretkowski/nubus-2fa-upgrade-fix sheppy:jlohmer/ox-connector-helm-unittests sheppy:mmeschter/develop sheppy:tkaltenbrunner/fix/ox-push-notification sheppy:cgarcia/develop sheppy:trossner/fix_storageclassnames sheppy:jconde/ox-groups-deletion sheppy:ntretkowski/nubus-v1.13.1 sheppy:jtorres/develop sheppy:tkaltenbrunner/fix/opendesk-impress-customization sheppy:jconde/develop sheppy:mgcm/test/mas-upstream sheppy:document-nordeck-widgets sheppy:trossner/upd_jitsi_10431 sheppy:chaack/feat_add_jitsi_patchJVB_backoffLimit sheppy:trossner/xwiki_solr_image sheppy:1.7+harbor-fixes sheppy:lender/feat-externalsecrets-notes sheppy:tkaltenbrunner/fix/dovecot-fts sheppy:lender/feat-externalsecrets-postfix-dovecot sheppy:heading-capitalization-harmonization sheppy:lender/feat-externalsecrets-minio sheppy:jconde/debug-no-portal-tiles sheppy:hermann/feat-support-nginx-security-defaults sheppy:jtorres/ox-connector-manager-tests sheppy:jtorres/1.12.0-kc-bootstrap sheppy:sell/prometheus-nats-exporter sheppy:jconde/ics-secret-refactor sheppy:tkaltenbrunner/fix/postfix-submissions sheppy:jconde/debug-ics-with-keycloak-26.3 sheppy:data_storage_doc sheppy:tkaltenbrunner/fix/coco-internal sheppy:sell/keycloak-metrics sheppy:jconde/ox-connector-fixes sheppy:jlohmer/ox-connector-test sheppy:gaberb1/wip-ci sheppy:weber/update-notes sheppy:lender/feat-externalsecrets-redis sheppy:lender/feat-externalsecrets-opendesk-services sheppy:lender/feat-externalsecrets-collabora sheppy:lender/feat-externalsecrets-cassandra sheppy:lender/feat-externalsecrets-nextcloud sheppy:lender/feat-externalsecrets-openproject-bootstrap sheppy:thollwed/doc-bawue-migration-dev sheppy:1.5+nats-fix sheppy:trossner/nc_31.0.5 sheppy:sell/nubus-liveness-customization sheppy:integration-opendesk-family sheppy:gsautner/fix_nc_custom_baseDn sheppy:tkaltenbrunner/fix/ox-external-secrets sheppy:tlatz/portal_update sheppy:jbornhold/tmp-portal-update sheppy:trossner/temp_kc26.2.2_preview sheppy:yschmidt/nubus-v1.9.1-twofa-helpdesk sheppy:mmoura/phone-dial-in sheppy:lender/feat-externalsecrets-mariadb sheppy:lender/feat-externalsecrets-postgresql sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap-1725.191 sheppy:ys/dev-helpdesk sheppy:tkaltenbrunner/fix/dovecot-acls sheppy:ox-vpracht/dovecot-conf sheppy:renovate/major-openproject sheppy:renovate/major-platform sheppy:renovate/lasuite-impress-y-provider-3.x sheppy:renovate/lasuite-impress-y-provider-2.x sheppy:renovate/xwiki sheppy:trossner/nc_notifypush sheppy:cnegrini/load sheppy:nic/feat/ZO-155_dialin_docs sheppy:feat/dovecot-config sheppy:yschmidt/s3-region-example sheppy:trossner/nubus_ox_consumer sheppy:yschmidt/s3-region-vars sheppy:jschulz/fix_nubus-consumer-pvc-size sheppy:el/t3chguy/element-web-modules sheppy:jahlers/2fa-helpdesk sheppy:trossner/notes_guest_access sheppy:thollwed/nubus-v1.6.0-integration sheppy:jschulz/fix_set_jitsi_element_antiaffinity sheppy:jbornhold/nubus-v1.6.0-s3-ingress sheppy:chore/open-xchange/release-8.34 sheppy:jconde/test-ox-packaging sheppy:jtorres/ox-extension-integration sheppy:jschulz/feat_helmfile-enable-intents sheppy:chore/openproject/15-3-changes sheppy:nc-main sheppy:fischer/review-apps sheppy:jconde/fix-intercom-element sheppy:trossner/nc_notify_push sheppy:docs/nubus-version sheppy:schneemann/ingress-nginx-max-version sheppy:jlohmer/configurable-udm-listener-password sheppy:jtorres/hotfix-ics-secret sheppy:jtorres/ics-redis-ssl sheppy:dkaminski/feat/annotations sheppy:trossner/fix/openproject sheppy:jconde/ox-connector-kyverno sheppy:jconde/ics-kyverno-changes sheppy:chore/open-xchange/bump-8-31 sheppy:mmoura/feat_test sheppy:dkaminski/fix/nubus-v0.72.0 sheppy:jconde/ics-filepicker-fix sheppy:trossner/update_migrs sheppy:nic/qa/develop sheppy:nic/fix/widgets-no-guests sheppy:uv-jconde/plain-nubus sheppy:nubus/main sheppy:uv-jbornhold/preview-fe sheppy:nic/fix/undo-439-add-widgets sheppy:jtorres/bump-0.60-cache-http sheppy:acaceres/develop sheppy:fix/trossner/dominiks_improvements sheppy:uv-jbornhold/plain-nubus-3 sheppy:nubus-update-2024-09-16-backup sheppy:trossner/nubus-update-2024-09-16-ldap-mig sheppy:nic/feat/matrix-neoboard-widget-1.19.1 sheppy:jconde/integrate-ox-connector sheppy:jbornhold/include-ldap-migration-script sheppy:acaceres/integrate-ox-connector sheppy:uv-jbornhold/plain-nubus-2 sheppy:jtorres/clients-fixup sheppy:jconde/system-information sheppy:jtorres/remove-admin-credentials sheppy:jbornhold/develop sheppy:chore/openproject/bump-14-5-0 sheppy:temp/trossner/kcupd-fr sheppy:nubus/fix-domain-configuration sheppy:uv-fix/default-service-loglevel sheppy:uv-jlohmer/consumer-race-condition sheppy:uv-jconde/umc-plain-login sheppy:uv-jconde/statefulset-keycloak sheppy:jlohmer/develop sheppy:fix/tkaltenbrunner/oxmonitoring sheppy:jtorres/udm-loader sheppy:nubus/tkintscher/fix-fsnotify-load sheppy:nubus/wip-jbornhold-test sheppy:jbornhold/small-fixes sheppy:nubus/jconde-test-users sheppy:feat/nubus-updates sheppy:uv-jlohmer/manual-deploy-jobs sheppy:uv-jtorres/login-tiles sheppy:uv-jbornhold/fix-e2e-test-configuration sheppy:uv-jlohmer/fix-feature-flag-typo sheppy:uv-jbornhold/fix-e2e-test-configuration-test sheppy:uv-acaceres/register-ox-connector sheppy:uv-jtorres/keycloak-upgrade sheppy:uv-jtorres/create-readonly-user sheppy:uv-acaceres/update-provisioning-and-stack-data sheppy:uv-jlohmer/selfservice-consumer sheppy:uv-jlohmer/provisioning-consumer-feature-flag sheppy:uv-jconde/test-email-e2e-tests sheppy:jlohmer/nubus-updates-provisioning sheppy:nubus/provisioning-consumer-integration sheppy:uv-dkaminski/cert-manager-support sheppy:uv-jbornhold/update-portal-frontend sheppy:uv-provisioning-consumer-integration sheppy:uv-jtorres/opendesk-udm-loader sheppy:uv-jtorres/ox-extensions-to-data-loader sheppy:uv-jbornhold/update-stack-data sheppy:uv-maildev-ci-setup sheppy:uv-jconde/umc-server-session-stickyness sheppy:uv-jbornhold/cleanup sheppy:uv-dtroeder/raise-helm-timeout sheppy:uv-dtroeder/prov-int-biscet sheppy:uv-spike-plain-nubus sheppy:jtorres/univention-keycloak-provisioning sheppy:fix/trossner/proxy_ips sheppy:uv-jlohmer/provisioning-consumer-integration sheppy:uv-jconde/menu-patches sheppy:jconde/use-nubus-umbrella sheppy:jconde/udm-rest-api-fix sheppy:sandersen/develop sheppy:b1-demo1 sheppy:jbornhold/tmp-test-od-main-0.9.0 sheppy:feat/use-nubus-umbrella-2 sheppy:OC000007901454-main-patch-76476 sheppy:jtorres/allow-theme-configuration sheppy:acaceres/debug-ox-error sheppy:101-add-configmap-checksum-check-to-postfix-helm-chart sheppy:trossner/fix/op_guests sheppy:renovate/platform sheppy:feat/ldap-scalability sheppy:jlohmer/split-provisioning-listener sheppy:feat/update-keycloak-related-charts sheppy:acaceres/update-selfservice-to-use-provisioning sheppy:feat/nubus-keycloak-extensions sheppy:feat/nubus-keycloak-bootstrap sheppy:feat/nubus-provisioning-with-selfservice sheppy:refactor/ums-umbrella-values sheppy:54-issue-with-invitation-password-reset-mails sheppy:nic/fix/ew-1.11.59-widget-sync sheppy:trossner/fix/renovate sheppy:nic/test/ew-1.11.59 sheppy:feat/mon-redis sheppy:feat/mon-jitsi sheppy:feat/mon-ox sheppy:feat/mon-xwiki sheppy:v0.5.74-patch1
sheppy:v1.10.0 sheppy:v1.9.0 sheppy:v1.8.0 sheppy:v1.7.1 sheppy:v1.7.0 sheppy:v1.6.0 sheppy:v1.5.0 sheppy:v1.4.1 sheppy:v1.4.0 sheppy:v1.3.2 sheppy:v1.3.1 sheppy:v1.3.0 sheppy:v1.2.1 sheppy:v1.2.0 sheppy:v1.1.2 sheppy:v1.1.1 sheppy:v1.1.0 sheppy:v1.0.0 sheppy:v0.9.0 sheppy:v0.8.1 sheppy:v0.8.0 sheppy:v0.7.1 sheppy:v0.7.0 sheppy:v0.6.0 sheppy:v0.5.81 sheppy:v0.5.80 sheppy:v0.5.79 sheppy:v0.5.78 sheppy:v0.5.74 sheppy:24.03 sheppy:v0.5.77 sheppy:v0.5.76 sheppy:v0.5.75 sheppy:v0.5.73 sheppy:v0.5.72 sheppy:v0.5.71 sheppy:v0.5.70 sheppy:v0.5.69 sheppy:v0.5.68 sheppy:v0.5.67 sheppy:v0.5.66 sheppy:v0.5.65 sheppy:v0.5.64 sheppy:v0.5.63 sheppy:v0.5.62 sheppy:v0.5.61 sheppy:v0.5.60 sheppy:v0.5.59 sheppy:v0.5.58 sheppy:v0.5.57 sheppy:v0.5.56 sheppy:v0.5.55 sheppy:v0.5.54 sheppy:v0.5.53 sheppy:v0.5.52 sheppy:v0.5.51 sheppy:v0.5.50 sheppy:v0.5.49 sheppy:v0.5.48 sheppy:v0.5.47 sheppy:v0.5.46 sheppy:v0.5.45 sheppy:v0.5.44 sheppy:v0.5.43 sheppy:v0.5.42 sheppy:v0.5.41 sheppy:v0.5.40 sheppy:v0.5.39 sheppy:v0.5.38 sheppy:23.12 sheppy:v0.5.37 sheppy:v0.5.36 sheppy:v0.5.35 sheppy:v0.5.34 sheppy:v0.5.33 sheppy:v0.5.32 sheppy:v0.5.31 sheppy:v0.5.30 sheppy:v0.5.29 sheppy:v0.5.28 sheppy:v0.5.27 sheppy:v0.5.26 sheppy:v0.5.25 sheppy:v0.5.24 sheppy:v0.5.23 sheppy:v0.5.22 sheppy:v0.5.21 sheppy:v0.5.20 sheppy:v0.5.19 sheppy:v0.5.18 sheppy:v0.5.17 sheppy:v0.5.16 sheppy:v0.5.15 sheppy:v0.5.14 sheppy:v0.5.13 sheppy:v0.5.12 sheppy:v0.5.11 sheppy:v0.5.10 sheppy:v0.5.9 sheppy:v0.5.8 sheppy:v0.5.7 sheppy:v0.5.6 sheppy:v0.5.5 sheppy:v0.5.4 sheppy:v0.5.3 sheppy:v0.5.2 sheppy:v0.5.1 sheppy:v0.5.0 sheppy:v0.4.9 sheppy:v0.4.8 sheppy:v0.4.7 sheppy:v0.4.6 sheppy:v0.4.5 sheppy:v0.4.4 sheppy:v0.4.3 sheppy:v0.4.2 sheppy:v0.4.1 sheppy:v0.4.0 sheppy:v0.3.2 sheppy:v0.3.1 sheppy:v0.3.0 sheppy:v0.2.10 sheppy:v0.2.9 sheppy:v0.2.8 sheppy:v0.2.7 sheppy:v0.2.6 sheppy:v0.2.5 sheppy:v0.2.4 sheppy:v0.2.3 sheppy:v0.2.2 sheppy:v0.2.1 sheppy:v0.2.0 sheppy:v0.1.2 sheppy:v0.1.1 sheppy:v0.1.0 sheppy:v0.0.6 sheppy:v0.0.5 sheppy:v0.0.4 sheppy:v0.0.3 sheppy:v0.0.2 sheppy:v0.0.1
...
compare: sheppy:v0.5.38
Branches Tags
sheppy:renovate/univention sheppy:renovate/openxchange sheppy:trossner/gpg-keys sheppy:trossner/mail_doc sheppy:tkaltenbrunner/fix-milter sheppy:ntretkowski/intercom-update sheppy:b1-boekhorst/nc_testing_encryption_bfp_nginx sheppy:trossner/ox_deputy sheppy:kuntke/size-profiles sheppy:trossner/misc_1.11.0 sheppy:feat/openproject/bump-16-6-2 sheppy:renovate/opf-helm-charts-openproject-11.x sheppy:rohland/selfsigned sheppy:sschmidt/feat_update_otterize sheppy:sell/opendesk-exporter sheppy:trossner/coco-update sheppy:renovate/lasuite-impress-y-provider-4.x sheppy:renovate/opf-helm-charts-openproject-10.x sheppy:renovate/openproject sheppy:renovate/nordeck sheppy:renovate/element sheppy:renovate/collabora sheppy:lender/test-externalsecrets sheppy:develop sheppy:rfischer/baseline_requirements_update_2025 sheppy:chore/kyverno-sec sheppy:sell/pythonic-charts-local sheppy:trossner/ox-jitsi sheppy:irondesk-preview sheppy:chore/open-xchange/update-8.43 sheppy:b1-boekhorst/nc_basicauth_testing sheppy:lluerenbaum/develop sheppy:rfischer/nc_sharereview_app sheppy:tkaltenbrunner/fix/new-element-chart sheppy:vpracht/demo sheppy:main sheppy:b1-boekhorst/nc_status_php sheppy:gaberb1/postfix-sasl-security-options sheppy:ntretkowski/nubus-v1.15.0 sheppy:ntretkowski/ox-connector-v0.32.2 sheppy:sschmidt/feat_add_otterize_chart sheppy:b1-boekhorst/nc_bfp sheppy:trossner/nc_31-0-9 sheppy:trossner/token_exchange sheppy:boekhorst/nc_31-0-10_testing sheppy:ntretkowski/nubus-v1.14.1 sheppy:tkaltenbrunner/fix/dovecot-migration sheppy:tkaltenbrunner/fix/dovecot-caches sheppy:tkaltenbrunner/fix/postfix-transport sheppy:chore/open-xchange/update-8.42 sheppy:dkaminski/ca_certs sheppy:dpapoutsis/bundled-keycloak-secrets sheppy:boekhorst/favicon_resize sheppy:irondesk sheppy:boekhorst/nc_31-0-9 sheppy:migration_test sheppy:sschmidt/fix_services_otterize_intents sheppy:mmeschter/nats-secrets-refactor sheppy:sccon_2025 sheppy:jtorres/ox-test sheppy:lender/feat-externalsecrets-xwiki sheppy:sschmidt/fix_nubus_opendesk_keycloak_bootstrap_annotation sheppy:ntretkowski/nubus-2fa-upgrade-fix sheppy:jlohmer/ox-connector-helm-unittests sheppy:mmeschter/develop sheppy:tkaltenbrunner/fix/ox-push-notification sheppy:cgarcia/develop sheppy:trossner/fix_storageclassnames sheppy:jconde/ox-groups-deletion sheppy:ntretkowski/nubus-v1.13.1 sheppy:jtorres/develop sheppy:tkaltenbrunner/fix/opendesk-impress-customization sheppy:jconde/develop sheppy:mgcm/test/mas-upstream sheppy:document-nordeck-widgets sheppy:trossner/upd_jitsi_10431 sheppy:chaack/feat_add_jitsi_patchJVB_backoffLimit sheppy:trossner/xwiki_solr_image sheppy:1.7+harbor-fixes sheppy:lender/feat-externalsecrets-notes sheppy:tkaltenbrunner/fix/dovecot-fts sheppy:lender/feat-externalsecrets-postfix-dovecot sheppy:heading-capitalization-harmonization sheppy:lender/feat-externalsecrets-minio sheppy:jconde/debug-no-portal-tiles sheppy:hermann/feat-support-nginx-security-defaults sheppy:jtorres/ox-connector-manager-tests sheppy:jtorres/1.12.0-kc-bootstrap sheppy:sell/prometheus-nats-exporter sheppy:jconde/ics-secret-refactor sheppy:tkaltenbrunner/fix/postfix-submissions sheppy:jconde/debug-ics-with-keycloak-26.3 sheppy:data_storage_doc sheppy:tkaltenbrunner/fix/coco-internal sheppy:sell/keycloak-metrics sheppy:jconde/ox-connector-fixes sheppy:jlohmer/ox-connector-test sheppy:gaberb1/wip-ci sheppy:weber/update-notes sheppy:lender/feat-externalsecrets-redis sheppy:lender/feat-externalsecrets-opendesk-services sheppy:lender/feat-externalsecrets-collabora sheppy:lender/feat-externalsecrets-cassandra sheppy:lender/feat-externalsecrets-nextcloud sheppy:lender/feat-externalsecrets-openproject-bootstrap sheppy:thollwed/doc-bawue-migration-dev sheppy:1.5+nats-fix sheppy:trossner/nc_31.0.5 sheppy:sell/nubus-liveness-customization sheppy:integration-opendesk-family sheppy:gsautner/fix_nc_custom_baseDn sheppy:tkaltenbrunner/fix/ox-external-secrets sheppy:tlatz/portal_update sheppy:jbornhold/tmp-portal-update sheppy:trossner/temp_kc26.2.2_preview sheppy:yschmidt/nubus-v1.9.1-twofa-helpdesk sheppy:mmoura/phone-dial-in sheppy:lender/feat-externalsecrets-mariadb sheppy:lender/feat-externalsecrets-postgresql sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap-1725.191 sheppy:ys/dev-helpdesk sheppy:tkaltenbrunner/fix/dovecot-acls sheppy:ox-vpracht/dovecot-conf sheppy:renovate/major-openproject sheppy:renovate/major-platform sheppy:renovate/lasuite-impress-y-provider-3.x sheppy:renovate/lasuite-impress-y-provider-2.x sheppy:renovate/xwiki sheppy:trossner/nc_notifypush sheppy:cnegrini/load sheppy:nic/feat/ZO-155_dialin_docs sheppy:feat/dovecot-config sheppy:yschmidt/s3-region-example sheppy:trossner/nubus_ox_consumer sheppy:yschmidt/s3-region-vars sheppy:jschulz/fix_nubus-consumer-pvc-size sheppy:el/t3chguy/element-web-modules sheppy:jahlers/2fa-helpdesk sheppy:trossner/notes_guest_access sheppy:thollwed/nubus-v1.6.0-integration sheppy:jschulz/fix_set_jitsi_element_antiaffinity sheppy:jbornhold/nubus-v1.6.0-s3-ingress sheppy:chore/open-xchange/release-8.34 sheppy:jconde/test-ox-packaging sheppy:jtorres/ox-extension-integration sheppy:jschulz/feat_helmfile-enable-intents sheppy:chore/openproject/15-3-changes sheppy:nc-main sheppy:fischer/review-apps sheppy:jconde/fix-intercom-element sheppy:trossner/nc_notify_push sheppy:docs/nubus-version sheppy:schneemann/ingress-nginx-max-version sheppy:jlohmer/configurable-udm-listener-password sheppy:jtorres/hotfix-ics-secret sheppy:jtorres/ics-redis-ssl sheppy:dkaminski/feat/annotations sheppy:trossner/fix/openproject sheppy:jconde/ox-connector-kyverno sheppy:jconde/ics-kyverno-changes sheppy:chore/open-xchange/bump-8-31 sheppy:mmoura/feat_test sheppy:dkaminski/fix/nubus-v0.72.0 sheppy:jconde/ics-filepicker-fix sheppy:trossner/update_migrs sheppy:nic/qa/develop sheppy:nic/fix/widgets-no-guests sheppy:uv-jconde/plain-nubus sheppy:nubus/main sheppy:uv-jbornhold/preview-fe sheppy:nic/fix/undo-439-add-widgets sheppy:jtorres/bump-0.60-cache-http sheppy:acaceres/develop sheppy:fix/trossner/dominiks_improvements sheppy:uv-jbornhold/plain-nubus-3 sheppy:nubus-update-2024-09-16-backup sheppy:trossner/nubus-update-2024-09-16-ldap-mig sheppy:nic/feat/matrix-neoboard-widget-1.19.1 sheppy:jconde/integrate-ox-connector sheppy:jbornhold/include-ldap-migration-script sheppy:acaceres/integrate-ox-connector sheppy:uv-jbornhold/plain-nubus-2 sheppy:jtorres/clients-fixup sheppy:jconde/system-information sheppy:jtorres/remove-admin-credentials sheppy:jbornhold/develop sheppy:chore/openproject/bump-14-5-0 sheppy:temp/trossner/kcupd-fr sheppy:nubus/fix-domain-configuration sheppy:uv-fix/default-service-loglevel sheppy:uv-jlohmer/consumer-race-condition sheppy:uv-jconde/umc-plain-login sheppy:uv-jconde/statefulset-keycloak sheppy:jlohmer/develop sheppy:fix/tkaltenbrunner/oxmonitoring sheppy:jtorres/udm-loader sheppy:nubus/tkintscher/fix-fsnotify-load sheppy:nubus/wip-jbornhold-test sheppy:jbornhold/small-fixes sheppy:nubus/jconde-test-users sheppy:feat/nubus-updates sheppy:uv-jlohmer/manual-deploy-jobs sheppy:uv-jtorres/login-tiles sheppy:uv-jbornhold/fix-e2e-test-configuration sheppy:uv-jlohmer/fix-feature-flag-typo sheppy:uv-jbornhold/fix-e2e-test-configuration-test sheppy:uv-acaceres/register-ox-connector sheppy:uv-jtorres/keycloak-upgrade sheppy:uv-jtorres/create-readonly-user sheppy:uv-acaceres/update-provisioning-and-stack-data sheppy:uv-jlohmer/selfservice-consumer sheppy:uv-jlohmer/provisioning-consumer-feature-flag sheppy:uv-jconde/test-email-e2e-tests sheppy:jlohmer/nubus-updates-provisioning sheppy:nubus/provisioning-consumer-integration sheppy:uv-dkaminski/cert-manager-support sheppy:uv-jbornhold/update-portal-frontend sheppy:uv-provisioning-consumer-integration sheppy:uv-jtorres/opendesk-udm-loader sheppy:uv-jtorres/ox-extensions-to-data-loader sheppy:uv-jbornhold/update-stack-data sheppy:uv-maildev-ci-setup sheppy:uv-jconde/umc-server-session-stickyness sheppy:uv-jbornhold/cleanup sheppy:uv-dtroeder/raise-helm-timeout sheppy:uv-dtroeder/prov-int-biscet sheppy:uv-spike-plain-nubus sheppy:jtorres/univention-keycloak-provisioning sheppy:fix/trossner/proxy_ips sheppy:uv-jlohmer/provisioning-consumer-integration sheppy:uv-jconde/menu-patches sheppy:jconde/use-nubus-umbrella sheppy:jconde/udm-rest-api-fix sheppy:sandersen/develop sheppy:b1-demo1 sheppy:jbornhold/tmp-test-od-main-0.9.0 sheppy:feat/use-nubus-umbrella-2 sheppy:OC000007901454-main-patch-76476 sheppy:jtorres/allow-theme-configuration sheppy:acaceres/debug-ox-error sheppy:101-add-configmap-checksum-check-to-postfix-helm-chart sheppy:trossner/fix/op_guests sheppy:renovate/platform sheppy:feat/ldap-scalability sheppy:jlohmer/split-provisioning-listener sheppy:feat/update-keycloak-related-charts sheppy:acaceres/update-selfservice-to-use-provisioning sheppy:feat/nubus-keycloak-extensions sheppy:feat/nubus-keycloak-bootstrap sheppy:feat/nubus-provisioning-with-selfservice sheppy:refactor/ums-umbrella-values sheppy:54-issue-with-invitation-password-reset-mails sheppy:nic/fix/ew-1.11.59-widget-sync sheppy:trossner/fix/renovate sheppy:nic/test/ew-1.11.59 sheppy:feat/mon-redis sheppy:feat/mon-jitsi sheppy:feat/mon-ox sheppy:feat/mon-xwiki sheppy:v0.5.74-patch1
sheppy:v1.10.0 sheppy:v1.9.0 sheppy:v1.8.0 sheppy:v1.7.1 sheppy:v1.7.0 sheppy:v1.6.0 sheppy:v1.5.0 sheppy:v1.4.1 sheppy:v1.4.0 sheppy:v1.3.2 sheppy:v1.3.1 sheppy:v1.3.0 sheppy:v1.2.1 sheppy:v1.2.0 sheppy:v1.1.2 sheppy:v1.1.1 sheppy:v1.1.0 sheppy:v1.0.0 sheppy:v0.9.0 sheppy:v0.8.1 sheppy:v0.8.0 sheppy:v0.7.1 sheppy:v0.7.0 sheppy:v0.6.0 sheppy:v0.5.81 sheppy:v0.5.80 sheppy:v0.5.79 sheppy:v0.5.78 sheppy:v0.5.74 sheppy:24.03 sheppy:v0.5.77 sheppy:v0.5.76 sheppy:v0.5.75 sheppy:v0.5.73 sheppy:v0.5.72 sheppy:v0.5.71 sheppy:v0.5.70 sheppy:v0.5.69 sheppy:v0.5.68 sheppy:v0.5.67 sheppy:v0.5.66 sheppy:v0.5.65 sheppy:v0.5.64 sheppy:v0.5.63 sheppy:v0.5.62 sheppy:v0.5.61 sheppy:v0.5.60 sheppy:v0.5.59 sheppy:v0.5.58 sheppy:v0.5.57 sheppy:v0.5.56 sheppy:v0.5.55 sheppy:v0.5.54 sheppy:v0.5.53 sheppy:v0.5.52 sheppy:v0.5.51 sheppy:v0.5.50 sheppy:v0.5.49 sheppy:v0.5.48 sheppy:v0.5.47 sheppy:v0.5.46 sheppy:v0.5.45 sheppy:v0.5.44 sheppy:v0.5.43 sheppy:v0.5.42 sheppy:v0.5.41 sheppy:v0.5.40 sheppy:v0.5.39 sheppy:v0.5.38 sheppy:23.12 sheppy:v0.5.37 sheppy:v0.5.36 sheppy:v0.5.35 sheppy:v0.5.34 sheppy:v0.5.33 sheppy:v0.5.32 sheppy:v0.5.31 sheppy:v0.5.30 sheppy:v0.5.29 sheppy:v0.5.28 sheppy:v0.5.27 sheppy:v0.5.26 sheppy:v0.5.25 sheppy:v0.5.24 sheppy:v0.5.23 sheppy:v0.5.22 sheppy:v0.5.21 sheppy:v0.5.20 sheppy:v0.5.19 sheppy:v0.5.18 sheppy:v0.5.17 sheppy:v0.5.16 sheppy:v0.5.15 sheppy:v0.5.14 sheppy:v0.5.13 sheppy:v0.5.12 sheppy:v0.5.11 sheppy:v0.5.10 sheppy:v0.5.9 sheppy:v0.5.8 sheppy:v0.5.7 sheppy:v0.5.6 sheppy:v0.5.5 sheppy:v0.5.4 sheppy:v0.5.3 sheppy:v0.5.2 sheppy:v0.5.1 sheppy:v0.5.0 sheppy:v0.4.9 sheppy:v0.4.8 sheppy:v0.4.7 sheppy:v0.4.6 sheppy:v0.4.5 sheppy:v0.4.4 sheppy:v0.4.3 sheppy:v0.4.2 sheppy:v0.4.1 sheppy:v0.4.0 sheppy:v0.3.2 sheppy:v0.3.1 sheppy:v0.3.0 sheppy:v0.2.10 sheppy:v0.2.9 sheppy:v0.2.8 sheppy:v0.2.7 sheppy:v0.2.6 sheppy:v0.2.5 sheppy:v0.2.4 sheppy:v0.2.3 sheppy:v0.2.2 sheppy:v0.2.1 sheppy:v0.2.0 sheppy:v0.1.2 sheppy:v0.1.1 sheppy:v0.1.0 sheppy:v0.0.6 sheppy:v0.0.5 sheppy:v0.0.4 sheppy:v0.0.3 sheppy:v0.0.2 sheppy:v0.0.1

45 Commits
v0.5.18 ... v0.5.38

Author SHA1 Message Date
openDesk
f98c48616b chore(release): 0.5.38 [skip ci] 
## [0.5.38](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.37...v0.5.38) (2023-11-13)

### Bug Fixes

* **collabora:** Update image to 23.05.5.4.1 ([c460467](c460467d74))
 2023-11-13 16:14:05 +00:00
Thorsten Rossner
c460467d74 fix(collabora): Update image to 23.05.5.4.1 2023-11-13 16:12:04 +00:00
openDesk
3f7faf88fb chore(release): 0.5.37 [skip ci] 
## [0.5.37](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.36...v0.5.37) (2023-11-12)

### Bug Fixes

* **openproject:** Add bootstrapping of Nextcloud filestore ([1971dfb](1971dfbded))
 2023-11-12 15:54:06 +00:00
Thorsten Rossner
1971dfbded fix(openproject): Add bootstrapping of Nextcloud filestore 2023-11-12 15:52:22 +00:00
openDesk
b50e5c982b chore(release): 0.5.36 [skip ci] 
## [0.5.36](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.35...v0.5.36) (2023-11-10)

### Bug Fixes

* **element:** Update Element and Widgets ([97034a5](97034a556f))
 2023-11-10 11:57:05 +00:00
Milton Moura
97034a556f fix(element): Update Element and Widgets 2023-11-10 11:54:48 +00:00
openDesk
8b87432317 chore(release): 0.5.35 [skip ci] 
## [0.5.35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.34...v0.5.35) (2023-11-10)

### Bug Fixes

* **helmfile:** Eliminate some yamllint errors ([1d03a6e](1d03a6e11f))
* **helmfile:** Move ldap host variable into helpers ([08811de](08811decd9))
* **helmfile:** Update charts to use proper quoting ([69ea840](69ea840517))
* **services:** Add minio as service and consume by OpenProject ([baa5827](baa5827de3))
 2023-11-10 01:35:55 +00:00
Robin Rush
baa5827de3 fix(services): Add minio as service and consume by OpenProject 2023-11-09 19:15:46 -06:00
Dominik Kaminski
1d03a6e11f fix(helmfile): Eliminate some yamllint errors 2023-11-09 17:01:17 -06:00
Dominik Kaminski
08811decd9 fix(helmfile): Move ldap host variable into helpers 2023-11-09 16:25:21 -06:00
Thomas Kaltenbrunner
69ea840517 fix(helmfile): Update charts to use proper quoting 2023-11-09 22:01:21 +00:00
openDesk
ea5bd0a6b7 chore(release): 0.5.34 [skip ci] 
## [0.5.34](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.33...v0.5.34) (2023-11-09)

### Bug Fixes

* **openproject:** Bump helmchart and properly template OP's initdb image ([0d8e92f](0d8e92fc5a))
 2023-11-09 16:23:55 +00:00
Thorsten Rossner
0d8e92fc5a fix(openproject): Bump helmchart and properly template OP's initdb image 2023-11-09 16:21:30 +00:00
openDesk
d7119a656b chore(release): 0.5.33 [skip ci] 
## [0.5.33](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.32...v0.5.33) (2023-11-09)

### Bug Fixes

* **cryptpad:** Update security context ([89ae1d9](89ae1d94ea))
 2023-11-09 08:54:47 +00:00
Thomas Kaltenbrunner
89ae1d94ea fix(cryptpad): Update security context 2023-11-09 08:52:55 +00:00
openDesk
dfc7fed325 chore(release): 0.5.32 [skip ci] 
## [0.5.32](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.31...v0.5.32) (2023-11-09)

### Bug Fixes

* **collabora:** Resource definitions ([65ce9a1](65ce9a171b))
 2023-11-09 06:44:45 +00:00
Thorsten Roßner
65ce9a171b fix(collabora): Resource definitions 2023-11-08 21:01:11 +01:00
openDesk
5e50ed119f chore(release): 0.5.31 [skip ci] 
## [0.5.31](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.30...v0.5.31) (2023-11-08)

### Bug Fixes

* **univention-management-stack:** Update optional UMS preview state ([d0a0799](d0a07997c1))
 2023-11-08 13:43:13 +00:00
Johannes Bornhold
d0a07997c1 fix(univention-management-stack): Update optional UMS preview state 2023-11-08 13:41:22 +00:00
openDesk
985df5906f chore(release): 0.5.30 [skip ci] 
## [0.5.30](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.29...v0.5.30) (2023-11-06)

### Bug Fixes

* **collabora:** Init monitoring in defaults and in collabora (for prometheus-monitor, -rules and grafana dashboard) ([0ad0434](0ad043406b))
* **helmfile:** Add monitoring.yaml for optional monitoring ([385d81b](385d81b9a9))
 2023-11-06 23:26:23 +00:00
Dominik Kaminski
385d81b9a9 fix(helmfile): Add monitoring.yaml for optional monitoring 2023-11-06 17:12:53 -06:00
Martin Müller
0ad043406b fix(collabora): Init monitoring in defaults and in collabora (for prometheus-monitor, -rules and grafana dashboard) 2023-11-06 16:12:15 -06:00
openDesk
4a79728f01 chore(release): 0.5.29 [skip ci] 
## [0.5.29](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.28...v0.5.29) (2023-11-06)

### Bug Fixes

* **xwiki:** Update XWiki Helm configuration to enable LDAP and OIDC user synchronization ([7c56c72](7c56c7244f))
 2023-11-06 19:34:52 +00:00
Clément Aubin
7c56c7244f fix(xwiki): Update XWiki Helm configuration to enable LDAP and OIDC user synchronization 2023-11-06 15:41:23 +00:00
openDesk
e0fce6631b chore(release): 0.5.28 [skip ci] 
## [0.5.28](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.27...v0.5.28) (2023-11-06)

### Bug Fixes

* **open-xchange:** Add Document- and ImageConverter, improve LDAP address book filters ([899a8c5](899a8c5af9))
 2023-11-06 15:40:22 +00:00
Viktor Pracht
899a8c5af9 fix(open-xchange): Add Document- and ImageConverter, improve LDAP address book filters 2023-11-06 15:38:35 +00:00
openDesk
6cee2c878b chore(release): 0.5.27 [skip ci] 
## [0.5.27](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.26...v0.5.27) (2023-11-04)

### Bug Fixes

* **docs:** Re-include release artefacts ([4359b21](4359b21f1c))
 2023-11-04 12:21:17 +00:00
Thorsten Rossner
4359b21f1c fix(docs): Re-include release artefacts 2023-11-04 12:19:45 +00:00
openDesk
d8b2bd3af0 chore(release): 0.5.26 [skip ci] 
## [0.5.26](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.25...v0.5.26) (2023-11-02)

### Bug Fixes

* **element:** Enables user directory search for all users ([8fafd90](8fafd906a3))
 2023-11-02 14:32:46 +00:00
Milton Moura
8fafd906a3 fix(element): Enables user directory search for all users 2023-11-02 11:45:05 -01:00
openDesk
fece4ace87 chore(release): 0.5.25 [skip ci] 
## [0.5.25](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.24...v0.5.25) (2023-11-01)

### Bug Fixes

* **cryptpad:** Add CryptPad to support editing of diagrams.net files from within Nextcloud ([ab6014f](ab6014f8c6))
 2023-11-01 17:25:13 +00:00
Thomas Kaltenbrunner
ab6014f8c6 fix(cryptpad): Add CryptPad to support editing of diagrams.net files from within Nextcloud 2023-11-01 17:23:21 +00:00
openDesk
fecd13612b chore(release): 0.5.24 [skip ci] 
## [0.5.24](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.23...v0.5.24) (2023-11-01)

### Bug Fixes

* **collabora:** Update image to 23.05.5.3.1 ([38336d0](38336d0240))
 2023-11-01 16:27:49 +00:00
Thorsten Roßner
38336d0240 fix(collabora): Update image to 23.05.5.3.1 2023-11-01 08:53:27 +01:00
openDesk
9f9e4e9521 chore(release): 0.5.23 [skip ci] 
## [0.5.23](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.22...v0.5.23) (2023-11-01)

### Bug Fixes

* **element:** Update Element Web to latest release ([b47de62](b47de62f98))
 2023-11-01 14:29:33 +00:00
Mikhail Aheichyk
b47de62f98 fix(element): Update Element Web to latest release 2023-11-01 16:55:14 +03:00
openDesk
9e54299917 chore(release): 0.5.22 [skip ci] 
## [0.5.22](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.21...v0.5.22) (2023-10-31)

### Bug Fixes

* **openproject:** Nextcloud integration within K8s instances ([d249d0e](d249d0e3ce))
 2023-10-31 14:04:35 +00:00
Oliver Günther
d249d0e3ce fix(openproject): Nextcloud integration within K8s instances 2023-10-31 14:02:40 +00:00
Thorsten Roßner
fbe7de3c56 chore(release): 0.5.21 [skip ci] 
## [0.5.21](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.20...v0.5.21) (2023-10-30)

### Bug Fixes

* **helmfile:** Deinstall components if disabled ([7feaadf](7feaadf7f8))
* **helmfile:** Put enviroments in first document inside of a yaml ([034e98c](034e98c850))
 2023-10-30 17:01:00 +00:00
Martin Müller
034e98c850 fix(helmfile): Put enviroments in first document inside of a yaml 
see: https://helmfile.readthedocs.io/en/latest/#environment
 2023-10-30 17:55:26 +01:00
Martin Müller
7feaadf7f8 fix(helmfile): Deinstall components if disabled 2023-10-30 17:42:35 +01:00
Thorsten Roßner
a7fef3afff chore(release): 0.5.20 [skip ci] 
## [0.5.20](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.19...v0.5.20) (2023-10-30)

### Bug Fixes

* **helmfile:** Remove old XWiki image, set explicit timeout for OP deployment, bump Jitsi Helm chart to enable chat for stand-alone Jitsi ([5d01f8c](5d01f8ca46))
 2023-10-30 15:41:11 +00:00
Thorsten Rossner
5d01f8ca46 fix(helmfile): Remove old XWiki image, set explicit timeout for OP deployment, bump Jitsi Helm chart to enable chat for stand-alone Jitsi 2023-10-30 15:38:48 +00:00
Thorsten Roßner
7093022ec4 chore(release): 0.5.19 [skip ci] 
## [0.5.19](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.18...v0.5.19) (2023-10-30)

### Bug Fixes

* **element:** Update Element Web and Nordeck Widgets to latest releases ([2313f75](2313f75dbe))
 2023-10-30 14:46:49 +00:00
Milton Moura
2313f75dbe fix(element): Update Element Web and Nordeck Widgets to latest releases 2023-10-30 14:43:46 +00:00
106 changed files with 2083 additions and 891 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,6 +2,7 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
.vscode .vscode
.idea .idea
.yamllint
# Ignore changes to sample environments # Ignore changes to sample environments
helmfile/environments/dev/values.yaml helmfile/environments/dev/values.yaml

30
.gitlab-ci.yml
View File

@@ -78,6 +78,12 @@ variables:
options: options:
- "yes" - "yes"
- "no" - "no"
DEPLOY_CRYPTPAD:
description: "Enable CryptPad deployment."
value: "no"
options:
- "yes"
- "no"
DEPLOY_ELEMENT: DEPLOY_ELEMENT:
description: "Enable Element deployment." description: "Enable Element deployment."
value: "no" value: "no"
@@ -342,6 +348,18 @@ collabora-deploy:
variables: variables:
COMPONENT: "collabora" COMPONENT: "collabora"
cryptpad-deploy:
stage: "component-deploy-stage-1"
extends: ".deploy-common"
rules:
- if: >
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
$NAMESPACE =~ /.+/ &&
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_CRYPTPAD != "no")
when: "always"
variables:
COMPONENT: "cryptpad"
nextcloud-deploy: nextcloud-deploy:
stage: "component-deploy-stage-1" stage: "component-deploy-stage-1"
extends: ".deploy-common" extends: ".deploy-common"
@@ -366,6 +384,18 @@ openproject-deploy:
variables: variables:
COMPONENT: "openproject" COMPONENT: "openproject"
openproject-bootstrap-deploy:
stage: "component-deploy-stage-2"
extends: ".deploy-common"
rules:
- if: >
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
$NAMESPACE =~ /.+/ &&
($DEPLOY_ALL_COMPONENTS != "no" || ($DEPLOY_OPENPROJECT != "no" && $DEPLOY_NEXTCLOUD != "no"))
when: "always"
variables:
COMPONENT: "openproject-bootstrap"
jitsi-deploy: jitsi-deploy:
stage: "component-deploy-stage-1" stage: "component-deploy-stage-1"
extends: ".deploy-common" extends: ".deploy-common"

145
CHANGELOG.md
View File

@@ -1,3 +1,148 @@
## [0.5.38](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.37...v0.5.38) (2023-11-13)
### Bug Fixes
* **collabora:** Update image to 23.05.5.4.1 ([c460467](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c460467d7449b107134562b785e95f6280e3473d))
## [0.5.37](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.36...v0.5.37) (2023-11-12)
### Bug Fixes
* **openproject:** Add bootstrapping of Nextcloud filestore ([1971dfb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1971dfbded21d16909e889ba6d19ff9cf3e4cb20))
## [0.5.36](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.35...v0.5.36) (2023-11-10)
### Bug Fixes
* **element:** Update Element and Widgets ([97034a5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/97034a556f4cdcc447f61003ad9cd036c186bc3b))
## [0.5.35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.34...v0.5.35) (2023-11-10)
### Bug Fixes
* **helmfile:** Eliminate some yamllint errors ([1d03a6e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1d03a6e11f368fd81dd10b91b0d9d7fc29c0cb24))
* **helmfile:** Move ldap host variable into helpers ([08811de](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/08811decd92e7fd7802d0eba2644046512ec58a4))
* **helmfile:** Update charts to use proper quoting ([69ea840](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/69ea84051721f3aaf36a5dbafdfb37dd86b66dbb))
* **services:** Add minio as service and consume by OpenProject ([baa5827](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/baa5827de3e1e368abf238a932a5849f169af723))
## [0.5.34](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.33...v0.5.34) (2023-11-09)
### Bug Fixes
* **openproject:** Bump helmchart and properly template OP's initdb image ([0d8e92f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0d8e92fc5a4729ff7649e5a10e629b962a9b671b))
## [0.5.33](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.32...v0.5.33) (2023-11-09)
### Bug Fixes
* **cryptpad:** Update security context ([89ae1d9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/89ae1d94ea4c4e8a15a395a80847a7f235365747))
## [0.5.32](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.31...v0.5.32) (2023-11-09)
### Bug Fixes
* **collabora:** Resource definitions ([65ce9a1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/65ce9a171b7c8ebc453fb6bbe96743c8516da2c6))
## [0.5.31](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.30...v0.5.31) (2023-11-08)
### Bug Fixes
* **univention-management-stack:** Update optional UMS preview state ([d0a0799](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d0a07997c12ddb9731a0dfed0d6fa71d9a3790e7))
## [0.5.30](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.29...v0.5.30) (2023-11-06)
### Bug Fixes
* **collabora:** Init monitoring in defaults and in collabora (for prometheus-monitor, -rules and grafana dashboard) ([0ad0434](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0ad043406bef7bb10d561ef1418b58cbd8714d43))
* **helmfile:** Add monitoring.yaml for optional monitoring ([385d81b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/385d81b9a9e1ec319706493c51629c8e48822aa7))
## [0.5.29](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.28...v0.5.29) (2023-11-06)
### Bug Fixes
* **xwiki:** Update XWiki Helm configuration to enable LDAP and OIDC user synchronization ([7c56c72](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7c56c7244f3862b6b21627661430a94d804c6974))
## [0.5.28](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.27...v0.5.28) (2023-11-06)
### Bug Fixes
* **open-xchange:** Add Document- and ImageConverter, improve LDAP address book filters ([899a8c5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/899a8c5af9052634b98d9876dfbaea517d89ad49))
## [0.5.27](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.26...v0.5.27) (2023-11-04)
### Bug Fixes
* **docs:** Re-include release artefacts ([4359b21](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/4359b21f1cdae91a87b87ad2b270d67a2b1eda21))
## [0.5.26](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.25...v0.5.26) (2023-11-02)
### Bug Fixes
* **element:** Enables user directory search for all users ([8fafd90](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/8fafd906a3b0efa7e4164b357656d7903fc55371))
## [0.5.25](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.24...v0.5.25) (2023-11-01)
### Bug Fixes
* **cryptpad:** Add CryptPad to support editing of diagrams.net files from within Nextcloud ([ab6014f](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ab6014f8c6285785be5c56cd656fe0636df4434c))
## [0.5.24](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.23...v0.5.24) (2023-11-01)
### Bug Fixes
* **collabora:** Update image to 23.05.5.3.1 ([38336d0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/38336d024033f4fe1a28b0f76f9c63ecdb076156))
## [0.5.23](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.22...v0.5.23) (2023-11-01)
### Bug Fixes
* **element:** Update Element Web to latest release ([b47de62](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b47de62f987e8778878fee55ecda3032beb55f3d))
## [0.5.22](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.21...v0.5.22) (2023-10-31)
### Bug Fixes
* **openproject:** Nextcloud integration within K8s instances ([d249d0e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d249d0e3ce3ee0966033e870ea5c4d9e1928f045))
## [0.5.21](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.20...v0.5.21) (2023-10-30)
### Bug Fixes
* **helmfile:** Deinstall components if disabled ([7feaadf](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7feaadf7f8830d8d0d5df752733c9b8f47315df6))
* **helmfile:** Put enviroments in first document inside of a yaml ([034e98c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/034e98c850fa1f67300c04883904737a69448a25))
## [0.5.20](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.19...v0.5.20) (2023-10-30)
### Bug Fixes
* **helmfile:** Remove old XWiki image, set explicit timeout for OP deployment, bump Jitsi Helm chart to enable chat for stand-alone Jitsi ([5d01f8c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5d01f8ca46384d63d69dab0119998c4bb3183084))
## [0.5.19](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.18...v0.5.19) (2023-10-30)
### Bug Fixes
* **element:** Update Element Web and Nordeck Widgets to latest releases ([2313f75](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2313f75dbe32d855b0c440944bd0de51c8e104ca))
## [0.5.18](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.17...v0.5.18) (2023-10-28) ## [0.5.18](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.17...v0.5.18) (2023-10-28)

3
COMPONENTS-SERVICE.md
View File

@@ -60,3 +60,6 @@ This service is used by
- Open-Xchange - Open-Xchange
## Objectstore - MinIO ## Objectstore - MinIO
This services is used by:
- OpenProject (attachment storage)

84
README.md
View File

@@ -6,11 +6,20 @@ SPDX-License-Identifier: Apache-2.0
[[_TOC_]] [[_TOC_]]
# Disclaimer August 2023 # Disclaimer
The current state of the Sovereign Workplace contains components that are going to be openDesk will face breaking changes in the near future without upgrade paths.
replaced. Like for example the UCS dev container monolith will be substituted by
multiple Univention Management Stack containers. While most components support upgrades, major configuration or component changes
may occur, therefore we recommend always installing from scratch.
Components that are going to be replaced soon are:
- The UCS dev container monolith will be substituted by multiple Univention
Management Stack containers,
- the Nextcloud community container is going to be replaced by an openDesk
specific Nextcloud distroless container and
- Dovecot Community is going to be replaced by a Dovecot container tailored for the
needs of the public sector.
In the next months we not only expect upstream updates of the functional In the next months we not only expect upstream updates of the functional
components within their feature scope, but we are also going to address components within their feature scope, but we are also going to address
@@ -19,8 +28,6 @@ operational issues like monitoring and network policies.
Of course, further development also includes enhancing the documentation. Of course, further development also includes enhancing the documentation.
The first release of the Sovereign Workplace is scheduled for December 2023. The first release of the Sovereign Workplace is scheduled for December 2023.
Before that release there will be breaking changes in the deployment.
# The Sovereign Workplace (SWP) # The Sovereign Workplace (SWP)
@@ -209,6 +216,7 @@ subdirectory `/helmfile/apps/services`.
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval | | ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval |
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval | | ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval |
| Collabora | `collabora.enabled` | `true` | Weboffice | Functional | | Collabora | `collabora.enabled` | `true` | Weboffice | Functional |
| CryptPad | `cryptpad.enabled` | `true` | Weboffice | Functional |
| Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional | | Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional |
| Element | `element.enabled` | `true` | Secure communications platform | Functional | | Element | `element.enabled` | `true` | Secure communications platform | Functional |
| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional | | Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional |
@@ -216,6 +224,7 @@ subdirectory `/helmfile/apps/services`.
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional | | Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
| MariaDB | `mariadb.enabled` | `true` | Database | Eval | | MariaDB | `mariadb.enabled` | `true` | Database | Eval |
| Memcached | `memcached.enabled` | `true` | Cache Database | Eval | | Memcached | `memcached.enabled` | `true` | Cache Database | Eval |
| MinIO | `minio.enabled` | `true` | Object Storage | Eval |
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional | | Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
| OpenProject | `openproject.enabled` | `true` | Project management | Functional | | OpenProject | `openproject.enabled` | `true` | Project management | Functional |
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional | | OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
@@ -315,6 +324,7 @@ actual scalability of the components (see column `Scaling (verified)`).
| | `replicas.icap` | :white_check_mark: | :white_check_mark: | | | `replicas.icap` | :white_check_mark: | :white_check_mark: |
| | `replicas.milter` | :white_check_mark: | :white_check_mark: | | | `replicas.milter` | :white_check_mark: | :white_check_mark: |
| Collabora | `replicas.collabora` | :white_check_mark: | :gear: | | Collabora | `replicas.collabora` | :white_check_mark: | :gear: |
| CryptPad | `replicas.cryptpad` | :white_check_mark: | :gear: |
| Dovecot | `replicas.dovecot` | :x: | :gear: | | Dovecot | `replicas.dovecot` | :x: | :gear: |
| Element | `replicas.element` | :white_check_mark: | :white_check_mark: | | Element | `replicas.element` | :white_check_mark: | :white_check_mark: |
| | `replicas.synapse` | :x: | :gear: | | | `replicas.synapse` | :x: | :gear: |
@@ -333,7 +343,7 @@ actual scalability of the components (see column `Scaling (verified)`).
### Mail/SMTP configuration ### Mail/SMTP configuration
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
the whole subdomain. the whole subdomain.
```yaml ```yaml
@@ -376,10 +386,11 @@ This list gives you an overview of default security settings and if they comply
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | | | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | | | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 | | Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 | | CryptPad | cryptpad | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 | | Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 | | | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 | | | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - | | Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - | | | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - | | | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
@@ -407,6 +418,7 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
| bitnami-repo (openDesk build) | yes | :white_check_mark: | | bitnami-repo (openDesk build) | yes | :white_check_mark: |
| clamav-repo | yes | :white_check_mark: | | clamav-repo | yes | :white_check_mark: |
| collabora-online-repo | no | :x: | | collabora-online-repo | no | :x: |
| cryptpad-online-repo | no | :x: |
| intercom-service-repo | yes | :white_check_mark: | | intercom-service-repo | yes | :white_check_mark: |
| istio-resources-repo | yes | :white_check_mark: | | istio-resources-repo | yes | :white_check_mark: |
| jitsi-repo | yes | :white_check_mark: | | jitsi-repo | yes | :white_check_mark: |
@@ -430,6 +442,50 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
| xwiki-repo | no | :x: | | xwiki-repo | no | :x: |
## Monitoring
Together with
[kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) into
you can monitor openDesk components with Prometheus and Grafana.
Before enabling the following options, you need to install the respective CRDs from the kube-prometheus-stack
repository.
### Metrics
To deploy podMonitor and serviceMonitor custom resources, enable it by:
```yaml
prometheus:
serviceMonitors:
enabled: true
podMonitors:
enabled: true
```
### Alerts
Some helm-charts provide a default set of prometheusRules for alerting, enable it by:
```yaml
prometheus:
prometheusRules:
enabled: true
```
### Dashboards for Grafana
To deploy optional ConfigMaps with Grafana dashboards, enable it by:
```yaml
grafana:
dashboards:
enabled: true
```
### Components
| Component | Metrics (pod- or serviceMonitor) | Alerts (prometheusRule) | Dashboard (Grafana) |
|:------------|-----------------------------------|-------------------------|---------------------|
| Collabora | :white_check_mark: | :white_check_mark: | :white_check_mark: |
# Component integration # Component integration
## Functional use cases ## Functional use cases
@@ -516,6 +572,7 @@ flowchart TD
J[Jitsi]-->K J[Jitsi]-->K
I[IntercomService]-->K I[IntercomService]-->K
C[Collabora]-->N C[Collabora]-->N
R[CryptPad]-->N
F[Postfix]-->D F[Postfix]-->D
``` ```
@@ -567,6 +624,11 @@ that can be found at `Settings` -> `CI/CD` -> `Variables`. The variable should h
If the branch of the test pipeline is not `main` this can be set with the .gitlab-ci.yml variable If the branch of the test pipeline is not `main` this can be set with the .gitlab-ci.yml variable
`TESTS_BRANCH` while creating a new pipeline. `TESTS_BRANCH` while creating a new pipeline.
# License
This project uses the following license: Apache-2.0
# Copyright
Copyright (C) 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# Footnotes # Footnotes

1
helmfile.yaml
View File

@@ -20,6 +20,7 @@ helmfiles:
- path: "helmfile/apps/openproject/helmfile.yaml" - path: "helmfile/apps/openproject/helmfile.yaml"
- path: "helmfile/apps/xwiki/helmfile.yaml" - path: "helmfile/apps/xwiki/helmfile.yaml"
- path: "helmfile/apps/provisioning/helmfile.yaml" - path: "helmfile/apps/provisioning/helmfile.yaml"
- path: "helmfile/apps/openproject-bootstrap/helmfile.yaml"
missingFileHandler: "Error" missingFileHandler: "Error"

9
helmfile/apps/collabora/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# Collabora Online # Collabora Online
@@ -16,12 +20,9 @@ releases:
values: values:
- "values.yaml" - "values.yaml"
- "values.gotmpl" - "values.gotmpl"
condition: "collabora.enabled" installed: {{ .Values.collabora.enabled }}
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "collabora" component: "collabora"
bases:
- "../../bases/environments.yaml"
... ...

30
helmfile/apps/collabora/values.gotmpl
View File

@@ -5,24 +5,24 @@ SPDX-License-Identifier: Apache-2.0
--- ---
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.collabora.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.collabora.repository }}"
tag: "{{ .Values.images.collabora.tag }}" tag: {{ .Values.images.collabora.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
className: "{{ .Values.ingress.ingressClassName }}" className: {{ .Values.ingress.ingressClassName | quote }}
hosts: hosts:
- host: "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}" - host: "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
paths: paths:
- path: "/" - path: "/"
pathType: "Prefix" pathType: "Prefix"
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
@@ -33,9 +33,27 @@ collabora:
aliasgroups: aliasgroups:
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443" - host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
replicaCount: {{ .Values.replicas.collabora }} replicaCount: {{ .Values.replicas.collabora }}
resources: resources:
{{ .Values.resources.collabora | toYaml | nindent 2 }} {{ .Values.resources.collabora | toYaml | nindent 2 }}
prometheus:
servicemonitor:
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
labels:
{{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }}
rules:
enabled: {{ .Values.prometheus.prometheusRules.enabled }}
additionalLabels:
{{- toYaml .Values.prometheus.prometheusRules.labels | nindent 6 }}
grafana:
dashboards:
enabled: {{ .Values.grafana.dashboards.enabled }}
labels:
{{- toYaml .Values.grafana.dashboards.labels | nindent 6 }}
annotations:
{{- toYaml .Values.grafana.dashboards.annotations | nindent 6 }}
... ...

28
helmfile/apps/cryptpad/helmfile.yaml Normal file
View File

@@ -0,0 +1,28 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
---
repositories:
# CryptPad
# Source: https://github.com/cryptpad/helm
- name: "cryptpad-online-repo"
url: >-
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
default "https://cryptpad.github.io/helm" }}
releases:
- name: "cryptpad"
chart: "cryptpad-online-repo/cryptpad"
version: "0.0.13"
values:
- "values.yaml"
- "values.gotmpl"
installed: {{ .Values.cryptpad.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "cryptpad"
...

33
helmfile/apps/cryptpad/values.gotmpl Normal file
View File

@@ -0,0 +1,33 @@
{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.cryptpad.repository }}"
tag: {{ .Values.images.cryptpad.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
ingress:
enabled: {{ .Values.ingress.enabled }}
className: {{ .Values.ingress.ingressClassName | quote }}
hosts:
- host: "{{ .Values.global.hosts.cryptpad }}.{{ .Values.global.domain }}"
paths:
- path: "/"
pathType: "ImplementationSpecific"
tls:
- secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts:
- "{{ .Values.global.hosts.cryptpad }}.{{ .Values.global.domain }}"
replicaCount: {{ .Values.replicas.cryptpad }}
resources:
{{ .Values.resources.cryptpad | toYaml | nindent 2 }}
...

47
helmfile/apps/cryptpad/values.yaml Normal file
View File

@@ -0,0 +1,47 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/README.md or
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/values.yaml
# Disable registration and access to unregistered users:
# (https://docs.cryptpad.org/en/admin_guide/customization.html#application-config)
application_config:
availablePadTypes:
- "diagram"
# Deactivating public access breaks nextcloud plugin!
# registeredOnlyTypes:
# - "diagram"
autoscaling:
enabled: false
enableEmbedding: true
fullnameOverride: "cryptpad"
persistence:
enabled: false
podSecurityContext:
fsGroup: 4001
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
seccompProfile:
type: "RuntimeDefault"
# readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 4001
runAsGroup: 4001
serviceAccount:
create: true
workloadStateful: false
...

48
helmfile/apps/element/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# openDesk Element # openDesk Element
@@ -33,7 +37,8 @@ releases:
values: values:
- "values-element.yaml" - "values-element.yaml"
- "values-element.gotmpl" - "values-element.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-well-known" - name: "opendesk-well-known"
chart: "opendesk-element-repo/opendesk-well-known" chart: "opendesk-element-repo/opendesk-well-known"
@@ -41,7 +46,8 @@ releases:
values: values:
- "values-well-known.yaml" - "values-well-known.yaml"
- "values-well-known.gotmpl" - "values-well-known.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-synapse-web" - name: "opendesk-synapse-web"
chart: "opendesk-element-repo/opendesk-synapse-web" chart: "opendesk-element-repo/opendesk-synapse-web"
@@ -49,7 +55,8 @@ releases:
values: values:
- "values-synapse-web.yaml" - "values-synapse-web.yaml"
- "values-synapse-web.gotmpl" - "values-synapse-web.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-synapse" - name: "opendesk-synapse"
chart: "opendesk-element-repo/opendesk-synapse" chart: "opendesk-element-repo/opendesk-synapse"
@@ -57,7 +64,8 @@ releases:
values: values:
- "values-synapse.yaml" - "values-synapse.yaml"
- "values-synapse.gotmpl" - "values-synapse.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-matrix-user-verification-service-bootstrap" - name: "opendesk-matrix-user-verification-service-bootstrap"
chart: "opendesk-element-repo/opendesk-synapse-create-account" chart: "opendesk-element-repo/opendesk-synapse-create-account"
@@ -65,7 +73,8 @@ releases:
values: values:
- "values-matrix-user-verification-service-bootstrap.yaml" - "values-matrix-user-verification-service-bootstrap.yaml"
- "values-matrix-user-verification-service-bootstrap.gotmpl" - "values-matrix-user-verification-service-bootstrap.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "opendesk-matrix-user-verification-service" - name: "opendesk-matrix-user-verification-service"
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service" chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
@@ -73,31 +82,35 @@ releases:
values: values:
- "values-matrix-user-verification-service.yaml" - "values-matrix-user-verification-service.yaml"
- "values-matrix-user-verification-service.gotmpl" - "values-matrix-user-verification-service.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neoboard-widget" - name: "matrix-neoboard-widget"
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget" chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
version: "3.1.0" version: "3.2.0"
values: values:
- "values-matrix-neoboard-widget.yaml" - "values-matrix-neoboard-widget.yaml"
- "values-matrix-neoboard-widget.gotmpl" - "values-matrix-neoboard-widget.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neochoice-widget" - name: "matrix-neochoice-widget"
chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget" chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
version: "3.1.0" version: "3.2.0"
values: values:
- "values-matrix-neochoice-widget.yaml" - "values-matrix-neochoice-widget.yaml"
- "values-matrix-neochoice-widget.gotmpl" - "values-matrix-neochoice-widget.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-widget" - name: "matrix-neodatefix-widget"
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget" chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
version: "3.1.0" version: "3.2.0"
values: values:
- "values-matrix-neodatefix-widget.yaml" - "values-matrix-neodatefix-widget.yaml"
- "values-matrix-neodatefix-widget.gotmpl" - "values-matrix-neodatefix-widget.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-bot-bootstrap" - name: "matrix-neodatefix-bot-bootstrap"
chart: "opendesk-element-repo/opendesk-synapse-create-account" chart: "opendesk-element-repo/opendesk-synapse-create-account"
@@ -105,20 +118,19 @@ releases:
values: values:
- "values-matrix-neodatefix-bot-bootstrap.yaml" - "values-matrix-neodatefix-bot-bootstrap.yaml"
- "values-matrix-neodatefix-bot-bootstrap.gotmpl" - "values-matrix-neodatefix-bot-bootstrap.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
- name: "matrix-neodatefix-bot" - name: "matrix-neodatefix-bot"
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot" chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
version: "3.1.0" version: "3.2.0"
values: values:
- "values-matrix-neodatefix-bot.yaml" - "values-matrix-neodatefix-bot.yaml"
- "values-matrix-neodatefix-bot.gotmpl" - "values-matrix-neodatefix-bot.gotmpl"
condition: "element.enabled" installed: {{ .Values.element.enabled }}
timeout: 900
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "element" component: "element"
bases:
- "../../bases/environments.yaml"
... ...

32
helmfile/apps/element/values-element.gotmpl
View File

@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
@@ -17,12 +17,16 @@ configuration:
"net.nordeck.element_web.module.opendesk": "net.nordeck.element_web.module.opendesk":
config: config:
ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json" banner:
ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent" ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/" portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/"
custom_css_variables: custom_css_variables:
--cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }} --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
widget_types:
- jitsi
- net.nordeck
"net.nordeck.element_web.module.widget_lifecycle": "net.nordeck.element_web.module.widget_lifecycle":
widget_permissions: widget_permissions:
@@ -103,18 +107,18 @@ configuration:
welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}" welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}"
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.element.repository }}" repository: {{ .Values.images.element.repository | quote }}
tag: "{{ .Values.images.element.tag }}" tag: {{ .Values.images.element.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

18
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoBoardWidget.repository }}" repository: {{ .Values.images.matrixNeoBoardWidget.repository | quote }}
tag: "{{ .Values.images.matrixNeoBoardWidget.tag }}" tag: {{ .Values.images.matrixNeoBoardWidget.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

18
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoChoiceWidget.repository }}" repository: {{ .Values.images.matrixNeoChoiceWidget.repository | quote }}
tag: "{{ .Values.images.matrixNeoChoiceWidget.tag }}" tag: {{ .Values.images.matrixNeoChoiceWidget.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

10
helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -16,8 +16,8 @@ configuration:
password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }} password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.synapseCreateUser.repository }}" url: {{ .Values.images.synapseCreateUser.repository | quote }}
tag: "{{ .Values.images.synapseCreateUser.tag }}" tag: {{ .Values.images.synapseCreateUser.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
... ...

22
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
View File

@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
@@ -15,20 +15,20 @@ configuration:
openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}" openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoDateFixBot.repository }}" repository: {{ .Values.images.matrixNeoDateFixBot.repository | quote }}
tag: "{{ .Values.images.matrixNeoDateFixBot.tag }}" tag: {{ .Values.images.matrixNeoDateFixBot.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
persistence: persistence:
size: "{{ .Values.persistence.size.matrixNeoDateFixBot }}" size: {{ .Values.persistence.size.matrixNeoDateFixBot | quote }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }} replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}

18
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixNeoDateFixWidget.repository }}" repository: {{ .Values.images.matrixNeoDateFixWidget.repository | quote }}
tag: "{{ .Values.images.matrixNeoDateFixWidget.tag }}" tag: {{ .Values.images.matrixNeoDateFixWidget.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}

12
helmfile/apps/element/values-matrix-user-verification-service-bootstrap.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -13,11 +13,11 @@ cleanup:
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }} deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
configuration: configuration:
password: {{ .Values.secrets.matrixUserVerificationService.password }} password: {{ .Values.secrets.matrixUserVerificationService.password | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.synapseCreateUser.repository }}" url: {{ .Values.images.synapseCreateUser.repository | quote }}
tag: "{{ .Values.images.synapseCreateUser.tag }}" tag: {{ .Values.images.synapseCreateUser.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
... ...

10
helmfile/apps/element/values-matrix-user-verification-service.gotmpl
View File

@@ -4,17 +4,17 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.matrixUserVerificationService.repository }}" repository: {{ .Values.images.matrixUserVerificationService.repository | quote }}
tag: "{{ .Values.images.matrixUserVerificationService.tag }}" tag: {{ .Values.images.matrixUserVerificationService.tag | quote }}
replicaCount: {{ .Values.replicas.matrixUserVerificationService }} replicaCount: {{ .Values.replicas.matrixUserVerificationService }}

20
helmfile/apps/element/values-synapse-web.gotmpl
View File

@@ -4,26 +4,26 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.synapseWeb.repository }}" repository: {{ .Values.images.synapseWeb.repository | quote }}
tag: "{{ .Values.images.synapseWeb.tag }}" tag: {{ .Values.images.synapseWeb.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
replicaCount: {{ .Values.replicas.synapseWeb }} replicaCount: {{ .Values.replicas.synapseWeb }}

42
helmfile/apps/element/values-synapse.gotmpl
View File

@@ -4,24 +4,24 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.synapse.repository }}" repository: {{ .Values.images.synapse.repository | quote }}
tag: "{{ .Values.images.synapse.tag }}" tag: {{ .Values.images.synapse.tag | quote }}
configuration: configuration:
database: database:
host: "{{ .Values.databases.synapse.host }}" host: {{ .Values.databases.synapse.host | quote }}
name: "{{ .Values.databases.synapse.name }}" name: {{ .Values.databases.synapse.name | quote }}
user: "{{ .Values.databases.synapse.username }}" user: {{ .Values.databases.synapse.username | quote }}
password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }} password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
homeserver: homeserver:
@@ -37,32 +37,32 @@ configuration:
sender_localpart: intercom-service sender_localpart: intercom-service
oidc: oidc:
clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix }} clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
turn: turn:
sharedSecret: {{ .Values.turn.credentials }} sharedSecret: {{ .Values.turn.credentials | quote }}
servers: servers:
{{- if .Values.turn.tls.host }} {{- if .Values.turn.tls.host }}
- server: {{ .Values.turn.tls.host }} - server: {{ .Values.turn.tls.host | quote }}
port: {{ .Values.turn.tls.port }} port: {{ .Values.turn.tls.port }}
transport: {{ .Values.turn.transport }} transport: {{ .Values.turn.transport | quote }}
{{- else if .Values.turn.server.host }} {{- else if .Values.turn.server.host }}
- server: {{ .Values.turn.server.host }} - server: {{ .Values.turn.server.host | quote }}
port: {{ .Values.turn.server.port }} port: {{ .Values.turn.server.port }}
transport: {{ .Values.turn.transport }} transport: {{ .Values.turn.transport | quote }}
{{- end }} {{- end }}
guestModule: guestModule:
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.synapseGuestModule.repository }}" repository: {{ .Values.images.synapseGuestModule.repository | quote }}
tag: "{{ .Values.images.synapseGuestModule.tag }}" tag: {{ .Values.images.synapseGuestModule.tag | quote }}
persistence: persistence:
size: "{{ .Values.persistence.size.synapse }}" size: {{ .Values.persistence.size.synapse | quote }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
replicaCount: {{ .Values.replicas.synapse }} replicaCount: {{ .Values.replicas.synapse }}

3
helmfile/apps/element/values-synapse.yaml
View File

@@ -3,6 +3,9 @@
--- ---
configuration: configuration:
additionalConfiguration: additionalConfiguration:
user_directory:
enabled: true
search_all_users: true
room_prejoin_state: room_prejoin_state:
additional_event_types: additional_event_types:
- "m.space.parent" - "m.space.parent"

22
helmfile/apps/element/values-well-known.gotmpl
View File

@@ -4,26 +4,26 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.wellKnown.repository }}" repository: {{ .Values.images.wellKnown.repository | quote }}
tag: "{{ .Values.images.wellKnown.tag }}" tag: {{ .Values.images.wellKnown.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.domain }}" host: {{ .Values.global.domain | quote }}
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
replicaCount: {{ .Values.replicas.wellKnown }} replicaCount: {{ .Values.replicas.wellKnown }}

11
helmfile/apps/intercom-service/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# Intercom Service # Intercom Service
@@ -15,15 +19,12 @@ repositories:
releases: releases:
- name: "intercom-service" - name: "intercom-service"
chart: "intercom-service-repo/intercom-service" chart: "intercom-service-repo/intercom-service"
version: "2.0.0" version: "2.0.1"
values: values:
- "values.gotmpl" - "values.gotmpl"
condition: "intercom.enabled" installed: {{ .Values.intercom.enabled }}
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "intercom-service" component: "intercom-service"
bases:
- "../../bases/environments.yaml"
... ...

32
helmfile/apps/intercom-service/values.gotmpl
View File

@@ -4,46 +4,46 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ics: ics:
secret: {{ .Values.secrets.intercom.secret }} secret: {{ .Values.secrets.intercom.secret | quote }}
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}" originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}"
default: default:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
oidc: oidc:
secret: {{ .Values.secrets.keycloak.clientSecret.intercom }} secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
matrix: matrix:
asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }} asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
subdomain: {{ .Values.global.hosts.synapse }} subdomain: {{ .Values.global.hosts.synapse | quote }}
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
nordeck: nordeck:
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot }} subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
portal: portal:
apiKey: {{ .Values.secrets.centralnavigation.apiKey }} apiKey: {{ .Values.secrets.centralnavigation.apiKey | quote }}
redis: redis:
host: {{ .Values.cache.intercomService.host }} host: {{ .Values.cache.intercomService.host | quote }}
port: {{ .Values.cache.intercomService.port }} port: {{ .Values.cache.intercomService.port }}
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }} password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
openxchange: openxchange:
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}" url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.intercom.repository }}" repository: {{ .Values.images.intercom.repository | quote }}
tag: "{{ .Values.images.intercom.tag }}" tag: {{ .Values.images.intercom.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
... ...

11
helmfile/apps/jitsi/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# openDesk Jitsi # openDesk Jitsi
@@ -15,16 +19,13 @@ repositories:
releases: releases:
- name: "jitsi" - name: "jitsi"
chart: "jitsi-repo/sovereign-workplace-jitsi" chart: "jitsi-repo/sovereign-workplace-jitsi"
version: "1.5.1" version: "1.7.1"
values: values:
- "values-jitsi.gotmpl" - "values-jitsi.gotmpl"
condition: "jitsi.enabled" installed: {{ .Values.jitsi.enabled }}
timeout: 900 timeout: 900
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "jitsi" component: "jitsi"
bases:
- "../../bases/environments.yaml"
... ...

74
helmfile/apps/jitsi/values-jitsi.gotmpl
View File

@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets: imagePullSecrets:
@@ -15,13 +15,13 @@ cleanup:
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.jitsiKeycloakAdapter.repository }}" repository: {{ .Values.images.jitsiKeycloakAdapter.repository | quote }}
tag: "{{ .Values.images.jitsiKeycloakAdapter.tag }}" tag: {{ .Values.images.jitsiKeycloakAdapter.tag | quote }}
settings: settings:
jwtAppSecret: "{{ .Values.secrets.jitsi.jwtAppSecret }}" jwtAppSecret: {{ .Values.secrets.jitsi.jwtAppSecret | quote }}
theme: theme:
{{ .Values.theme | toYaml | nindent 2 }} {{ .Values.theme | toYaml | nindent 2 }}
@@ -32,16 +32,16 @@ jitsi:
replicaCount: {{ .Values.replicas.jitsi }} replicaCount: {{ .Values.replicas.jitsi }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jitsi.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jitsi.repository }}"
tag: "{{ .Values.images.jitsi.tag }}" tag: {{ .Values.images.jitsi.tag | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
hosts: hosts:
- host: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" - host: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
paths: paths:
- "/" - "/"
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
extraEnvs: extraEnvs:
@@ -51,10 +51,10 @@ jitsi:
prosody: prosody:
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.prosody.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.prosody.repository }}"
tag: "{{ .Values.images.prosody.tag }}" tag: {{ .Values.images.prosody.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
extraEnvs: extraEnvs:
- name: "AUTH_TYPE" - name: "AUTH_TYPE"
@@ -62,74 +62,74 @@ jitsi:
- name: "JWT_APP_ID" - name: "JWT_APP_ID"
value: "myappid" value: "myappid"
- name: "JWT_APP_SECRET" - name: "JWT_APP_SECRET"
value: "{{ .Values.secrets.jitsi.jwtAppSecret }}" value: {{ .Values.secrets.jitsi.jwtAppSecret | quote }}
- name: "MATRIX_UVS_SYNC_POWER_LEVELS" - name: "MATRIX_UVS_SYNC_POWER_LEVELS"
value: "true" value: "true"
- name: "MATRIX_UVS_URL" - name: "MATRIX_UVS_URL"
value: "http://opendesk-matrix-user-verification-service.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}" value: "http://opendesk-matrix-user-verification-service.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
- name: TURNS_HOST - name: TURNS_HOST
value: "{{ .Values.turn.tls.host }}" value: {{ .Values.turn.tls.host | quote }}
- name: TURNS_PORT - name: TURNS_PORT
value: "{{ .Values.turn.tls.port }}" value: {{ .Values.turn.tls.port | quote }}
- name: TURN_HOST - name: TURN_HOST
value: "{{ .Values.turn.server.host }}" value: {{ .Values.turn.server.host | quote }}
- name: TURN_PORT - name: TURN_PORT
value: "{{ .Values.turn.server.port }}" value: {{ .Values.turn.server.port | quote }}
- name: TURN_TRANSPORT - name: TURN_TRANSPORT
value: "{{ .Values.turn.transport }}" value: {{ .Values.turn.transport | quote }}
- name: TURN_CREDENTIALS - name: TURN_CREDENTIALS
value: "{{ .Values.turn.credentials }}" value: {{ .Values.turn.credentials | quote }}
resources: resources:
{{ .Values.resources.prosody | toYaml | nindent 6 }} {{ .Values.resources.prosody | toYaml | nindent 6 }}
persistence: persistence:
size: "{{ .Values.persistence.size.prosody }}" size: {{ .Values.persistence.size.prosody | quote }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
jicofo: jicofo:
replicaCount: {{ .Values.replicas.jicofo }} replicaCount: {{ .Values.replicas.jicofo }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
tag: "{{ .Values.images.jicofo.tag }}" tag: {{ .Values.images.jicofo.tag | quote }}
xmpp: xmpp:
password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }} password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }}
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}" componentSecret: {{ .Values.secrets.jitsi.jicofoComponentPassword | quote }}
resources: resources:
{{ .Values.resources.jicofo | toYaml | nindent 6 }} {{ .Values.resources.jicofo | toYaml | nindent 6 }}
jvb: jvb:
replicaCount: {{ .Values.replicas.jvb }} replicaCount: {{ .Values.replicas.jvb }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jvb.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jvb.repository }}"
tag: "{{ .Values.images.jvb.tag }}" tag: {{ .Values.images.jvb.tag | quote }}
xmpp: xmpp:
password: "{{ .Values.secrets.jitsi.jvbAuthPassword }}" password: {{ .Values.secrets.jitsi.jvbAuthPassword | quote }}
resources: resources:
{{ .Values.resources.jvb | toYaml | nindent 6 }} {{ .Values.resources.jvb | toYaml | nindent 6 }}
service: service:
type: "{{ .Values.cluster.service.type }}" type: {{ .Values.cluster.service.type | quote }}
jibri: jibri:
replicaCount: {{ .Values.replicas.jibri }} replicaCount: {{ .Values.replicas.jibri }}
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jibri.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jibri.repository }}"
tag: "{{ .Values.images.jibri.tag }}" tag: {{ .Values.images.jibri.tag | quote }}
recorder: recorder:
password: "{{ .Values.secrets.jitsi.jibriRecorderPassword }}" password: {{ .Values.secrets.jitsi.jibriRecorderPassword | quote }}
xmpp: xmpp:
password: "{{ .Values.secrets.jitsi.jibriXmppPassword }}" password: {{ .Values.secrets.jitsi.jibriXmppPassword | quote }}
resources: resources:
{{ .Values.resources.jibri | toYaml | nindent 6 }} {{ .Values.resources.jibri | toYaml | nindent 6 }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
patchJVB: patchJVB:
configuration: configuration:
staticLoadbalancerIP: "{{ .Values.cluster.networking.ingressGatewayIP }}" staticLoadbalancerIP: {{ .Values.cluster.networking.ingressGatewayIP | quote }}
loadbalancerStatusField: "{{ .Values.cluster.networking.loadBalancerStatusField }}" loadbalancerStatusField: {{ .Values.cluster.networking.loadBalancerStatusField | quote }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.jitsiPatchJVB.repository }}" repository: {{ .Values.images.jitsiPatchJVB.repository | quote }}
tag: "{{ .Values.images.jitsiPatchJVB.tag }}" tag: {{ .Values.images.jitsiPatchJVB.tag | quote }}
replicaCount: {{ .Values.replicas.jitsiKeycloakAdapter }} replicaCount: {{ .Values.replicas.jitsiKeycloakAdapter }}
resources: resources:

11
helmfile/apps/keycloak-bootstrap/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# openDesk Keycloak Bootstrap # openDesk Keycloak Bootstrap
@@ -17,18 +21,15 @@ repositories:
releases: releases:
- name: "opendesk-keycloak-bootstrap" - name: "opendesk-keycloak-bootstrap"
chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap" chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
version: "1.1.11" version: "1.1.12"
values: values:
- "values-bootstrap.gotmpl" - "values-bootstrap.gotmpl"
- "values-bootstrap.yaml" - "values-bootstrap.yaml"
condition: "keycloak.enabled" installed: {{ .Values.keycloak.enabled }}
# as we have seen some slow clusters we want to ensure we not just fail due to a timeout. # as we have seen some slow clusters we want to ensure we not just fail due to a timeout.
timeout: 1800 timeout: 1800
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "keycloak-bootstrap" component: "keycloak-bootstrap"
bases:
- "../../bases/environments.yaml"
... ...

12
helmfile/apps/keycloak-bootstrap/values-bootstrap.gotmpl
View File

@@ -4,10 +4,10 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -20,10 +20,10 @@ config:
password: {{ .Values.secrets.keycloak.adminPassword | quote }} password: {{ .Values.secrets.keycloak.adminPassword | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloakBootstrap.repository }}" repository: {{ .Values.images.keycloakBootstrap.repository | quote }}
tag: "{{ .Values.images.keycloakBootstrap.tag }}" tag: {{ .Values.images.keycloakBootstrap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.keycloakBootstrap | toYaml | nindent 2 }} {{ .Values.resources.keycloakBootstrap | toYaml | nindent 2 }}

13
helmfile/apps/keycloak/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# VMWare Bitnami # VMWare Bitnami
@@ -32,7 +36,7 @@ releases:
version: "2.0.0" version: "2.0.0"
values: values:
- "values-theme.gotmpl" - "values-theme.gotmpl"
condition: "keycloak.enabled" installed: {{ .Values.keycloak.enabled }}
- name: "keycloak" - name: "keycloak"
chart: "bitnami-repo/keycloak" chart: "bitnami-repo/keycloak"
version: "12.1.5" version: "12.1.5"
@@ -41,7 +45,7 @@ releases:
- "values-keycloak.yaml" - "values-keycloak.yaml"
- "values-keycloak-idp.yaml" - "values-keycloak-idp.yaml"
wait: true wait: true
condition: "keycloak.enabled" installed: {{ .Values.keycloak.enabled }}
- name: "keycloak-extensions" - name: "keycloak-extensions"
chart: "keycloak-extensions-repo/keycloak-extensions" chart: "keycloak-extensions-repo/keycloak-extensions"
version: "0.1.0" version: "0.1.0"
@@ -50,12 +54,9 @@ releases:
values: values:
- "values-extensions.yaml" - "values-extensions.yaml"
- "values-extensions.gotmpl" - "values-extensions.gotmpl"
condition: "keycloak.enabled" installed: {{ .Values.keycloak.enabled }}
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "keycloak" component: "keycloak"
bases:
- "../../bases/environments.yaml"
... ...

37
helmfile/apps/keycloak/values-extensions.gotmpl
View File

@@ -8,39 +8,38 @@ global:
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }} adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
postgresql: postgresql:
connection: connection:
host: "{{ .Values.databases.keycloakExtension.host }}" host: {{ .Values.databases.keycloakExtension.host | quote }}
port: "{{ .Values.databases.keycloakExtension.port }}" port: {{ .Values.databases.keycloakExtension.port }}
auth: auth:
database: "{{ .Values.databases.keycloakExtension.name }}" database: {{ .Values.databases.keycloakExtension.name | quote }}
username: "{{ .Values.databases.keycloakExtension.username }}" username: {{ .Values.databases.keycloakExtension.username | quote }}
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
handler: handler:
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloakExtensionHandler.repository }}" repository: {{ .Values.images.keycloakExtensionHandler.repository | quote }}
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}" tag: {{ .Values.images.keycloakExtensionHandler.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
appConfig: appConfig:
smtpPassword: {{ .Values.smtp.password | quote }} smtpPassword: {{ .Values.smtp.password | quote }}
smtpHost: "{{ .Values.smtp.host }}" smtpHost: {{ .Values.smtp.host | quote }}
smtpUsername: "{{ .Values.smtp.username }}" smtpUsername: {{ .Values.smtp.username | quote }}
mailFrom: "noreply@{{ .Values.global.domain }}" mailFrom: "noreply@{{ .Values.global.domain }}"
resources: resources:
{{ .Values.resources.keycloakExtension | toYaml | nindent 4 }} {{ .Values.resources.keycloakExtension | toYaml | nindent 4 }}
proxy: proxy:
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloakExtensionProxy.repository }}" repository: {{ .Values.images.keycloakExtensionProxy.repository | quote }}
tag: "{{ .Values.images.keycloakExtensionProxy.tag }}" tag: {{ .Values.images.keycloakExtensionProxy.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
ingress: ingress:
enabled: "{{ .Values.ingress.enabled }}" enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
tls: tls:
enabled: "{{ .Values.ingress.tls.enabled }}" enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
resources: resources:
{{ .Values.resources.keycloakProxy | toYaml | nindent 4 }} {{ .Values.resources.keycloakProxy | toYaml | nindent 4 }}
... ...

36
helmfile/apps/keycloak/values-keycloak.gotmpl
View File

@@ -4,22 +4,22 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.keycloak.repository }}" repository: {{ .Values.images.keycloak.repository | quote }}
tag: "{{ .Values.images.keycloak.tag }}" tag: {{ .Values.images.keycloak.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
externalDatabase: externalDatabase:
host: "{{ .Values.databases.keycloak.host }}" host: {{ .Values.databases.keycloak.host | quote }}
port: {{ .Values.databases.keycloak.port }} port: {{ .Values.databases.keycloak.port }}
user: "{{ .Values.databases.keycloak.username }}" user: {{ .Values.databases.keycloak.username | quote }}
database: "{{ .Values.databases.keycloak.name }}" database: {{ .Values.databases.keycloak.name | quote }}
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }} password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
auth: auth:
@@ -34,7 +34,7 @@ keycloakConfigCli:
- name: "LDAP_USERS_DN" - name: "LDAP_USERS_DN"
value: "cn=users,dc=swp-ldap,dc=internal" value: "cn=users,dc=swp-ldap,dc=internal"
- name: "LDAP_SERVER_URL" - name: "LDAP_SERVER_URL"
value: "univention-corporate-container" value: {{ .Values.ldap.host | quote }}
- name: "IDENTIFIER" - name: "IDENTIFIER"
value: "souvap" value: "souvap"
- name: "THEME" - name: "THEME"
@@ -62,23 +62,23 @@ keycloakConfigCli:
- name: "INTERCOM_SERVICE_DOMAIN" - name: "INTERCOM_SERVICE_DOMAIN"
value: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}" value: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
- name: "CLIENT_SECRET_INTERCOM_PASSWORD" - name: "CLIENT_SECRET_INTERCOM_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.intercom }} value: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
- name: "CLIENT_SECRET_MATRIX_PASSWORD" - name: "CLIENT_SECRET_MATRIX_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.matrix }} value: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
- name: "CLIENT_SECRET_JITSI_PASSWORD" - name: "CLIENT_SECRET_JITSI_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.jitsi }} value: {{ .Values.secrets.keycloak.clientSecret.jitsi | quote }}
- name: "CLIENT_SECRET_NCOIDC_PASSWORD" - name: "CLIENT_SECRET_NCOIDC_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc }} value: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
- name: "CLIENT_SECRET_OPENPROJECT_PASSWORD" - name: "CLIENT_SECRET_OPENPROJECT_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.openproject }} value: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
- name: "CLIENT_SECRET_XWIKI_PASSWORD" - name: "CLIENT_SECRET_XWIKI_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.xwiki }} value: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
- name: "CLIENT_SECRET_AS8OIDC_PASSWORD" - name: "CLIENT_SECRET_AS8OIDC_PASSWORD"
value: {{ .Values.secrets.keycloak.clientSecret.as8oidc }} value: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
- name: "KEYCLOAK_STORAGEPROVICER_UCSLDAP_NAME" - name: "KEYCLOAK_STORAGEPROVICER_UCSLDAP_NAME"
value: "storage_provider_ucsldap" value: "storage_provider_ucsldap"
- name: "LDAPSEARCH_PASSWORD" - name: "LDAPSEARCH_PASSWORD"
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak }} value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
- name: "LDAPSEARCH_USERNAME" - name: "LDAPSEARCH_USERNAME"
value: "ldapsearch_keycloak" value: "ldapsearch_keycloak"
resources: resources:

2
helmfile/apps/keycloak/values-theme.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}

11
helmfile/apps/nextcloud/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# openDesk Keycloak Bootstrap # openDesk Keycloak Bootstrap
@@ -30,7 +34,7 @@ releases:
values: values:
- "values-bootstrap.gotmpl" - "values-bootstrap.gotmpl"
- "values-bootstrap.yaml" - "values-bootstrap.yaml"
condition: "nextcloud.enabled" installed: {{ .Values.nextcloud.enabled }}
timeout: 900 timeout: 900
- name: "nextcloud" - name: "nextcloud"
@@ -41,13 +45,10 @@ releases:
values: values:
- "values-nextcloud.gotmpl" - "values-nextcloud.gotmpl"
- "values-nextcloud.yaml" - "values-nextcloud.yaml"
condition: "nextcloud.enabled" installed: {{ .Values.nextcloud.enabled }}
timeout: 900 timeout: 900
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "nextcloud" component: "nextcloud"
bases:
- "../../bases/environments.yaml"
... ...

37
helmfile/apps/nextcloud/values-bootstrap.gotmpl
View File

@@ -4,11 +4,11 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
istioDomain: "{{ .Values.istio.domain }}" istioDomain: {{ .Values.istio.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -30,18 +30,19 @@ config:
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }} password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
database: database:
host: "{{ .Values.databases.nextcloud.host }}" host: {{ .Values.databases.nextcloud.host | quote }}
name: "{{ .Values.databases.nextcloud.name }}" name: {{ .Values.databases.nextcloud.name | quote }}
user: "{{ .Values.databases.nextcloud.username }}" user: {{ .Values.databases.nextcloud.username | quote }}
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
ldapSearch: ldapSearch:
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}" host: {{ .Values.ldap.host | quote }}
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
smtp: smtp:
host: "{{ .Values.smtp.host }}" host: {{ .Values.smtp.host | quote }}
username: "{{ .Values.smtp.username }}" username: {{ .Values.smtp.username | quote }}
password: "{{ .Values.smtp.password }}" password: {{ .Values.smtp.password | quote }}
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
@@ -49,24 +50,24 @@ cleanup:
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }} keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.nextcloud.repository }}" repository: {{ .Values.images.nextcloud.repository | quote }}
tag: "{{ .Values.images.nextcloud.tag }}" tag: {{ .Values.images.nextcloud.tag | quote }}
persistence: persistence:
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
accessModes: accessModes:
- "ReadWriteMany" - "ReadWriteMany"
storageClass: "{{ .Values.persistence.storageClassNames.RWX }}" storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }}
{{- else }} {{- else }}
accessModes: accessModes:
- "ReadWriteOnce" - "ReadWriteOnce"
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
{{- end }} {{- end }}
size: size:
main: "{{ .Values.persistence.size.nextcloud.main }}" main: {{ .Values.persistence.size.nextcloud.main | quote }}
data: "{{ .Values.persistence.size.nextcloud.data }}" data: {{ .Values.persistence.size.nextcloud.data | quote }}
resources: resources:
{{ .Values.resources.nextcloud | toYaml | nindent 2 }} {{ .Values.resources.nextcloud | toYaml | nindent 2 }}

4
helmfile/apps/nextcloud/values-bootstrap.yaml
View File

@@ -11,6 +11,6 @@ config:
userOidc: userOidc:
username: "ncoidc" username: "ncoidc"
ldapSearch: cryptpad:
host: "univention-corporate-container" enabled: true
... ...

16
helmfile/apps/nextcloud/values-nextcloud.gotmpl
View File

@@ -8,9 +8,9 @@ nextcloud:
username: "nextcloud" username: "nextcloud"
password: {{ .Values.secrets.nextcloud.adminPassword | quote }} password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
externalDatabase: externalDatabase:
database: "{{ .Values.databases.nextcloud.name }}" database: {{ .Values.databases.nextcloud.name | quote }}
user: "{{ .Values.databases.nextcloud.username }}" user: {{ .Values.databases.nextcloud.username | quote }}
host: "{{ .Values.databases.nextcloud.host }}" host: {{ .Values.databases.nextcloud.host | quote }}
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
extraEnv: extraEnv:
REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }} REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }}
@@ -22,20 +22,20 @@ redis:
password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }} password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
className: {{ .Values.ingress.ingressClassName }} className: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
image: image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.nextcloud.repository }}" repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.nextcloud.repository }}"
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.nextcloud.tag }}" tag: {{ .Values.images.nextcloud.tag | quote }}
pullSecrets: pullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
metrics: metrics:
token: "{{ .Values.secrets.nextcloud.metricsToken }}" token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
replicaCount: {{ .Values.replicas.nextcloud }} replicaCount: {{ .Values.replicas.nextcloud }}

17
helmfile/apps/open-xchange/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# openDesk Dovecot # openDesk Dovecot
@@ -31,22 +35,22 @@ repositories:
releases: releases:
- name: "dovecot" - name: "dovecot"
chart: "opendesk-dovecot-repo/dovecot" chart: "opendesk-dovecot-repo/dovecot"
version: "1.3.1" version: "1.3.4"
values: values:
- "values-dovecot.yaml" - "values-dovecot.yaml"
- "values-dovecot.gotmpl" - "values-dovecot.gotmpl"
condition: "dovecot.enabled" installed: {{ .Values.dovecot.enabled }}
timeout: 900 timeout: 900
- name: "open-xchange" - name: "open-xchange"
chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector" chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
version: "2.0.4" version: "2.1.1"
values: values:
- "values-openxchange.yaml" - "values-openxchange.yaml"
- "values-openxchange.gotmpl" - "values-openxchange.gotmpl"
- "values-openxchange-enterprise-contact-picker.yaml" - "values-openxchange-enterprise-contact-picker.yaml"
- "values-openxchange-enterprise-contact-picker.gotmpl" - "values-openxchange-enterprise-contact-picker.gotmpl"
condition: "oxAppsuite.enabled" installed: {{ .Values.oxAppsuite.enabled }}
timeout: 900 timeout: 900
- name: "opendesk-open-xchange-bootstrap" - name: "opendesk-open-xchange-bootstrap"
@@ -54,13 +58,10 @@ releases:
version: "1.3.1" version: "1.3.1"
values: values:
- "values-openxchange-bootstrap.gotmpl" - "values-openxchange-bootstrap.gotmpl"
condition: "oxAppsuite.enabled" installed: {{ .Values.oxAppsuite.enabled }}
timeout: 900 timeout: 900
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "open-xchange" component: "open-xchange"
bases:
- "../../bases/environments.yaml"
... ...

25
helmfile/apps/open-xchange/values-dovecot.gotmpl
View File

@@ -4,30 +4,31 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.dovecot.repository }}" url: {{ .Values.images.dovecot.repository | quote }}
tag: "{{ .Values.images.dovecot.tag }}" tag: {{ .Values.images.dovecot.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
dovecot: dovecot:
mailDomain: "{{ .Values.global.domain }}" mailDomain: {{ .Values.global.domain | quote }}
password: {{ .Values.secrets.dovecot.doveadm | quote }} password: {{ .Values.secrets.dovecot.doveadm | quote }}
ldap: ldap:
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal" dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
host: {{ .Values.ldap.host | quote }}
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }} password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
oidc: oidc:
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect" introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc }} clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
clientID: "as8oidc" clientID: "as8oidc"
loginTrustedNetworks: "{{ .Values.cluster.networking.cidr }}" loginTrustedNetworks: {{ .Values.cluster.networking.cidr | quote }}
certificate: certificate:
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
replicaCount: {{ .Values.replicas.dovecot }} replicaCount: {{ .Values.replicas.dovecot }}
@@ -37,15 +38,15 @@ replicaCount: 1
persistence: persistence:
{{- if .Values.cluster.persistence.readWriteMany.enabled }} {{- if .Values.cluster.persistence.readWriteMany.enabled }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWX }}" storageClassName: {{ .Values.persistence.storageClassNames.RWX | quote }}
accessModes: accessModes:
- "ReadWriteMany" - "ReadWriteMany"
{{- else }} {{- else }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
accessModes: accessModes:
- "ReadWriteOnce" - "ReadWriteOnce"
{{- end }} {{- end }}
size: "{{ .Values.persistence.size.dovecot }}" size: {{ .Values.persistence.size.dovecot | quote }}
resources: resources:
{{ .Values.resources.dovecot | toYaml | nindent 2 }} {{ .Values.resources.dovecot | toYaml | nindent 2 }}

1
helmfile/apps/open-xchange/values-dovecot.yaml
View File

@@ -7,7 +7,6 @@ containerSecurityContext:
dovecot: dovecot:
ldap: ldap:
enabled: true enabled: true
host: "univention-corporate-container"
port: 389 port: 389
base: "dc=swp-ldap,dc=internal" base: "dc=swp-ldap,dc=internal"

10
helmfile/apps/open-xchange/values-openxchange-bootstrap.gotmpl
View File

@@ -8,13 +8,13 @@ cleanup:
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }} deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
url: "{{ .Values.images.openxchangeBootstrap.repository }}" url: {{ .Values.images.openxchangeBootstrap.repository | quote }}
tag: "{{ .Values.images.openxchangeBootstrap.tag }}" tag: {{ .Values.images.openxchangeBootstrap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
... ...

4
helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.gotmpl
View File

@@ -8,6 +8,10 @@ appsuite:
secretYAMLFiles: secretYAMLFiles:
ldap-client-config.yml: ldap-client-config.yml:
contactsLdapClient: contactsLdapClient:
pool:
host:
address: {{ .Values.ldap.host | quote }}
port: 389
auth: auth:
adminDN: adminDN:
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }} password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}

55
helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml
View File

@@ -6,7 +6,7 @@ appsuite:
properties: properties:
# Enterprise contact picker # Enterprise contact picker
com.openexchange.contacts.ldap.accounts: "opendesk" com.openexchange.contacts.ldap.accounts: "opendesk,other,functional"
com.openexchange.admin.bypassAccessCombinationChecks: "true" com.openexchange.admin.bypassAccessCombinationChecks: "true"
ENABLE_INTERNAL_USER_EDIT: "false" ENABLE_INTERNAL_USER_EDIT: "false"
@@ -16,9 +16,6 @@ appsuite:
contactsLdapClient: contactsLdapClient:
pool: pool:
type: "simple" type: "simple"
host:
address: "univention-corporate-container"
port: 389
auth: auth:
type: "adminDN" type: "adminDN"
adminDN: adminDN:
@@ -153,7 +150,7 @@ appsuite:
# allows to sort the attributes lexicographically, either "ascending" or "descending". # allows to sort the attributes lexicographically, either "ascending" or "descending".
dynamicAttributes: dynamicAttributes:
attributeName: "o" attributeName: "o"
contactFilterTemplate: "(&(univentionObjectType=users/user)(o=[value]))" contactFilterTemplate: "(&(univentionObjectType=users/user)(isOxUser=OK)(o=[value]))"
contactSearchScope: "sub" contactSearchScope: "sub"
# refreshInterval: 1h # refreshInterval: 1h
refreshInterval: "5m" refreshInterval: "5m"
@@ -174,6 +171,48 @@ appsuite:
- "Management" - "Management"
- "Human Resources" - "Human Resources"
other:
name: "Other contacts"
ldapClientId: "contactsLdapClient"
mappings: "ucs"
folders:
mode: "static"
usedForSync:
protected: true
defaultValue: false
usedInPicker:
protected: false
defaultValue: true
shownInTree:
protected: false
defaultValue: true
static:
commonContactFilter: "(&(univentionObjectType=users/user)(isOxUser=OK)(!(o=*)))"
folders:
- name: "Ohne Organisation"
contactFilter: "(&(univentionObjectType=users/user)(isOxUser=OK)(!(o=*)))"
functional:
name: "Functional mailboxes"
ldapClientId: "contactsLdapClient"
mappings: "functional"
folders:
mode: "static"
usedForSync:
protected: true
defaultValue: false
usedInPicker:
protected: false
defaultValue: true
shownInTree:
protected: false
defaultValue: true
static:
commonContactFilter: "(univentionObjectType=oxmail/functional_account)"
folders:
- name: "Funktionale Postfächer"
contactFilter: "(univentionObjectType=oxmail/functional_account)"
contacts-provider-ldap-mappings.yml: contacts-provider-ldap-mappings.yml:
# Example definitions of contact property <-> LDAP attribute mappings. # Example definitions of contact property <-> LDAP attribute mappings.
# #
@@ -347,3 +386,9 @@ appsuite:
# image_last_modified : # image_last_modified :
# Will be set automatically to "image/jpeg" if not defined. # Will be set automatically to "image/jpeg" if not defined.
# image1_content_type : # image1_content_type :
functional:
objectid: "mailPrimaryAddress"
displayname: "oxPersonal,cn,mailPrimaryAddress"
file_as: "oxPersonal,cn,mailPrimaryAddress"
email1: "mailPrimaryAddress"

117
helmfile/apps/open-xchange/values-openxchange.gotmpl
View File

@@ -4,13 +4,13 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}" hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
mysql: mysql:
host: "{{ .Values.databases.oxAppsuite.host }}" host: {{ .Values.databases.oxAppsuite.host | quote }}
database: "{{ .Values.databases.oxAppsuite.name }}" database: {{ .Values.databases.oxAppsuite.name | quote }}
auth: auth:
user: "{{ .Values.databases.oxAppsuite.username }}" user: {{ .Values.databases.oxAppsuite.username | quote }}
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
@@ -19,22 +19,22 @@ istio:
nextcloud-integration-ui: nextcloud-integration-ui:
image: image:
repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository }} repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }}
tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag }} tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
public-sector-ui: public-sector-ui:
image: image:
repository: {{ .Values.images.openxchangePublicSectorUI.repository }} repository: {{ .Values.images.openxchangePublicSectorUI.repository | quote }}
tag: {{ .Values.images.openxchangePublicSectorUI.tag }} tag: {{ .Values.images.openxchangePublicSectorUI.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
appsuite: appsuite:
istio: istio:
@@ -56,12 +56,12 @@ appsuite:
gotenberg: gotenberg:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }} repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
tag: {{ .Values.images.openxchangeGotenberg.tag }} tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
properties: properties:
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs" "com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" "com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
@@ -83,19 +83,20 @@ appsuite:
propertiesFiles: propertiesFiles:
"/opt/open-xchange/etc/ldapauth.properties": "/opt/open-xchange/etc/ldapauth.properties":
bindDNPassword: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }} bindDNPassword: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal"
uiSettings: uiSettings:
"io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/" "io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
"io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/" "io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
# Dynamic theme # Dynamic theme
io.ox/dynamic-theme//mainColor: "{{ .Values.theme.colors.primary }}" io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }}
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
io.ox/dynamic-theme//topbarBackground: "{{ .Values.theme.colors.white }}" io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }}
io.ox/dynamic-theme//topbarColor: "{{ .Values.theme.colors.black }}" io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }}
io.ox/dynamic-theme//listSelected: "{{ .Values.theme.colors.primary15 }}" io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }}
io.ox/dynamic-theme//listHover: "{{ .Values.theme.colors.secondaryGreyLight }}" io.ox/dynamic-theme//listHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
io.ox/dynamic-theme//folderBackground: "{{ .Values.theme.colors.white }}" io.ox/dynamic-theme//folderBackground: {{ .Values.theme.colors.white | quote }}
io.ox/dynamic-theme//folderSelected: "{{ .Values.theme.colors.primary15 }}" io.ox/dynamic-theme//folderSelected: {{ .Values.theme.colors.primary15 | quote }}
io.ox/dynamic-theme//folderHover: "{{ .Values.theme.colors.secondaryGreyLight }}" io.ox/dynamic-theme//folderHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
secretETCFiles: secretETCFiles:
# Format of the OX Guard master key: # Format of the OX Guard master key:
# MC+base64(20 random bytes) # MC+base64(20 random bytes)
@@ -103,28 +104,31 @@ appsuite:
oxguardpass: | oxguardpass: |
{{ .Values.secrets.oxAppsuite.oxguardMC }} {{ .Values.secrets.oxAppsuite.oxguardMC }}
{{ .Values.secrets.oxAppsuite.oxguardRC }} {{ .Values.secrets.oxAppsuite.oxguardRC }}
redis:
auth:
password: {{ .Values.secrets.redis.password | quote }}
image: image:
repository: {{ .Values.images.openxchangeCoreMW.repository }} repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
tag: {{ .Values.images.openxchangeCoreMW.tag }} tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
update: update:
image: image:
repository: {{ .Values.images.openxchangeCoreMW.repository }} repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
tag: {{ .Values.images.openxchangeCoreMW.tag }} tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
core-ui: core-ui:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.images.openxchangeCoreUI.repository }} repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUI.tag }} tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
core-ui-middleware: core-ui-middleware:
ingress: ingress:
@@ -133,40 +137,55 @@ appsuite:
enabled: false enabled: false
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository }} repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag }} tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
redis:
auth:
password: {{ .Values.secrets.redis.password | quote }}
core-documentconverter:
image:
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
resources:
{{- .Values.resources.oxDocumentConverter | toYaml | nindent 6 }}
core-guidedtours: core-guidedtours:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository }} repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag }} tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
core-imageconverter:
image:
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
guard-ui: guard-ui:
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
image: image:
repository: {{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }} repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
tag: {{ .Values.images.openxchangeGuardUI.tag }} tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
core-user-guide: core-user-guide:
image: image:
repository: {{ .Values.images.openxchangeCoreUserGuide.repository }} repository: {{ .Values.images.openxchangeCoreUserGuide.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUserGuide.tag }} tag: {{ .Values.images.openxchangeCoreUserGuide.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
... ...

48
helmfile/apps/open-xchange/values-openxchange.yaml
View File

@@ -6,6 +6,9 @@ appsuite:
ingressGateway: ingressGateway:
name: "opendesk-gateway-istio-gateway" name: "opendesk-gateway-istio-gateway"
switchboard:
enabled: false
core-mw: core-mw:
enabled: true enabled: true
masterAdmin: "admin" masterAdmin: "admin"
@@ -63,6 +66,8 @@ appsuite:
com.openexchange.mail.filter.credentialSource: "mail" com.openexchange.mail.filter.credentialSource: "mail"
com.openexchange.mail.filter.server: "dovecot" com.openexchange.mail.filter.server: "dovecot"
com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2" com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
# Dovecot
com.openexchange.imap.attachmentMarker.enabled: "true"
# Capabilities # Capabilities
# Old capability can be used to toggle all integrations with a single switch # Old capability can be used to toggle all integrations with a single switch
com.openexchange.capability.public-sector: "true" com.openexchange.capability.public-sector: "true"
@@ -78,6 +83,7 @@ appsuite:
com.openexchange.capability.smime: "true" com.openexchange.capability.smime: "true"
com.openexchange.capability.share_links: "false" com.openexchange.capability.share_links: "false"
com.openexchange.capability.invite_guests: "false" com.openexchange.capability.invite_guests: "false"
com.openexchange.capability.document_preview: "true"
# Secondary Accounts # Secondary Accounts
com.openexchange.mail.secondary.authType: "XOAUTH2" com.openexchange.mail.secondary.authType: "XOAUTH2"
com.openexchange.mail.transport.secondary.authType: "xoauth2" com.openexchange.mail.transport.secondary.authType: "xoauth2"
@@ -89,6 +95,8 @@ appsuite:
com.openexchange.gdpr.dataexport.enabled: "false" com.openexchange.gdpr.dataexport.enabled: "false"
com.openexchange.gdpr.dataexport.active: "false" com.openexchange.gdpr.dataexport.active: "false"
# Guard # Guard
com.openexchange.guard.storage.file.fileStorageType: "file"
com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/"
com.openexchange.guard.guestSMTPServer: "postfix" com.openexchange.guard.guestSMTPServer: "postfix"
# S/MIME # S/MIME
# Usage (in browser console after login): # Usage (in browser console after login):
@@ -103,7 +111,6 @@ appsuite:
/opt/open-xchange/etc/system.properties: /opt/open-xchange/etc/system.properties:
SERVER_NAME: "oxserver" SERVER_NAME: "oxserver"
/opt/open-xchange/etc/ldapauth.properties: /opt/open-xchange/etc/ldapauth.properties:
java.naming.provider.url: "ldap://univention-corporate-container:389/dc=swp-ldap,dc=internal"
bindOnly: "false" bindOnly: "false"
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
@@ -139,10 +146,31 @@ appsuite:
oidcLogin: true oidcLogin: true
oidcPath: "/oidc" oidcPath: "/oidc"
redis:
enabled: true
mode: "standalone"
hosts:
- "redis-master"
hooks:
beforeAppsuiteStart:
create-guard-dir.sh: |
mkdir -p /opt/open-xchange/guard-files
chown open-xchange:open-xchange /opt/open-xchange/guard-files
core-ui: core-ui:
enabled: true enabled: true
core-ui-middleware: core-ui-middleware:
enabled: true enabled: true
overrides: {}
redis:
mode: "standalone"
hosts:
- "redis-master:6379"
auth:
enabled: true
core-guidedtours: core-guidedtours:
enabled: true enabled: true
guard-ui: guard-ui:
@@ -151,12 +179,26 @@ appsuite:
enabled: false enabled: false
core-user-guide: core-user-guide:
enabled: true enabled: true
core-imageconverter: core-imageconverter:
enabled: false enabled: true
objectCache:
s3ObjectStores:
- id: -1
endpoint: "."
accessKey: "."
secretKey: "."
core-spellcheck: core-spellcheck:
enabled: false enabled: false
core-documentconverter: core-documentconverter:
enabled: false enabled: true
documentConverter:
cache:
remoteCache:
enabled: false
core-documents-collaboration: core-documents-collaboration:
enabled: false enabled: false
office-web: office-web:

36
helmfile/apps/openproject-bootstrap/helmfile.yaml Normal file
View File

@@ -0,0 +1,36 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
---
repositories:
# openDesk OpenProject Bootstrap
# Source: Set when repo is managed on Open CoDE
- name: "opendesk-openproject-bootstrap-repo"
oci: true
# yamllint disable rule:line-length
url: >-
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" }}
# yamllint enable rule:line-length
verify: true
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
releases:
- name: "opendesk-openproject-bootstrap"
chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap"
version: "1.2.1"
wait: true
waitForJobs: true
values:
- "values.yaml"
- "values.gotmpl"
installed: {{ .Values.openproject.enabled }}
timeout: 900
commonLabels:
deploy-stage: "component-2"
component: "opendesk-openproject-bootstrap"
...

34
helmfile/apps/openproject-bootstrap/values.gotmpl Normal file
View File

@@ -0,0 +1,34 @@
{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: "{{ .Values.global.domain }}"
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
registry: "{{ .Values.global.imageRegistry }}"
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image:
registry: {{ .Values.global.imageRegistry }}
repository: "{{ .Values.images.openprojectBootstrap.repository }}"
tag: "{{ .Values.images.openprojectBootstrap.tag }}"
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
cleanup:
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
config:
openproject:
fileshareName: "Nextcloud at {{ .Values.global.domain }}"
admin:
username: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
password: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
nextcloud:
admin:
username: "nextcloud"
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
...

25
helmfile/apps/openproject-bootstrap/values.yaml Normal file
View File

@@ -0,0 +1,25 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 1000
runAsGroup: 1000
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
job:
enabled: true
podSecurityContext:
enabled: true
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
...

12
helmfile/apps/openproject/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# OpenProject # OpenProject
@@ -12,18 +16,16 @@ repositories:
releases: releases:
- name: "openproject" - name: "openproject"
chart: "openproject-repo/openproject" chart: "openproject-repo/openproject"
version: "2.0.4" version: "2.4.0"
wait: true wait: true
waitForJobs: true waitForJobs: true
values: values:
- "values.yaml" - "values.yaml"
- "values.gotmpl" - "values.gotmpl"
condition: "openproject.enabled" installed: {{ .Values.openproject.enabled }}
timeout: 900
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "openproject" component: "openproject"
bases:
- "../../bases/environments.yaml"
... ...

64
helmfile/apps/openproject/values.gotmpl
View File

@@ -8,34 +8,41 @@ global:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.openproject.repository }}" repository: {{ .Values.images.openproject.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.openproject.tag }}" tag: {{ .Values.images.openproject.tag | quote }}
initdb:
image:
registry: "{{ .Values.global.imageRegistry }}"
repository: "{{ .Values.images.openprojectInitDb.repository }}"
tag: "{{ .Values.images.openprojectInitDb.tag }}"
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
memcached: memcached:
connection: connection:
host: "{{ .Values.cache.openproject.host }}" host: {{ .Values.cache.openproject.host | quote }}
port: {{ .Values.cache.openproject.port }} port: {{ .Values.cache.openproject.port }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.memcached.repository }}" repository: {{ .Values.images.memcached.repository | quote }}
tag: "{{ .Values.images.memcached.tag }}" tag: {{ .Values.images.memcached.tag | quote }}
postgresql: postgresql:
auth: auth:
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }} password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
username: "{{ .Values.databases.openproject.username }}" username: {{ .Values.databases.openproject.username | quote }}
database: "{{ .Values.databases.openproject.name }}" database: {{ .Values.databases.openproject.name | quote }}
connection: connection:
host: "{{ .Values.databases.openproject.host }}" host: {{ .Values.databases.openproject.host | quote }}
port: "{{ .Values.databases.openproject.port }}" port: {{ .Values.databases.openproject.port }}
openproject: openproject:
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
# Will only be set on initial seed / installation # Will only be set on initial seed / installation
admin_user: admin_user:
name: "OpenProject Interal Admin" name: "OpenProject Internal Admin"
mail: "openproject-admin@swp-domain.internal" mail: "openproject-admin@swp-domain.internal"
password_reset: "false" password_reset: "false"
password: {{ .Values.secrets.openproject.adminPassword | quote }} password: {{ .Values.secrets.openproject.adminPassword | quote }}
@@ -43,36 +50,39 @@ openproject:
ingress: ingress:
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: {{ .Values.ingress.tls.enabled }} enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
environment: environment:
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: {{ .Values.secrets.keycloak.clientSecret.openproject }} OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }}
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }} OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}" OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
OPENPROJECT_SMTP__DOMAIN: "{{ .Values.global.domain }}" OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.domain | quote }}
OPENPROJECT_SMTP__USER__NAME: "{{ .Values.smtp.username }}" OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }}
OPENPROJECT_SMTP__PASSWORD: "{{ .Values.smtp.password }}" OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }}
OPENPROJECT_SMTP__PORT: "{{ .Values.smtp.port }}" OPENPROJECT_SMTP__PORT: {{ .Values.smtp.port | quote }}
OPENPROJECT_SMTP__SSL: "false" # (default=false) OPENPROJECT_SMTP__SSL: "false" # (default=false)
OPENPROJECT_SMTP__ADDRESS: "{{ .Values.smtp.host }}" OPENPROJECT_SMTP__ADDRESS: {{ .Values.smtp.host | quote }}
OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}" OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}" OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
OPENPROJECT_FOG_CREDENTIALS_HOST: "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
persistence: OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: "https://{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
size: "{{ .Values.persistence.size.openproject }}" OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.secrets.minio.openprojectUser | quote }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWX }}"
replicaCount: {{ .Values.replicas.openproject }} replicaCount: {{ .Values.replicas.openproject }}
resources: resources:
{{ .Values.resources.openproject | toYaml | nindent 2 }} {{ .Values.resources.openproject | toYaml | nindent 2 }}
... ...

16
helmfile/apps/openproject/values.yaml
View File

@@ -37,8 +37,10 @@ securityContext:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
persistence: persistence:
accessModes: enabled: false
- "ReadWriteMany"
s3:
enabled: true
# For more details and more options see # For more details and more options see
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/ # https://www.openproject.org/docs/installation-and-operations/configuration/environment/
@@ -55,9 +57,6 @@ environment:
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true" OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer" OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc" OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc"
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: "univention-corporate-container"
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap" OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal" OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal" OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
@@ -74,5 +73,10 @@ environment:
"(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))" "(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))"
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true" OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true"
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn" OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn"
# Details: https://www.openproject.org/docs/installation-and-operations/configuration/#attachments-storage
OPENPROJECT_ATTACHMENTS__STORAGE: "fog"
OPENPROJECT_FOG_DIRECTORY: "openproject"
OPENPROJECT_FOG_CREDENTIALS_PROVIDER: "AWS"
OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: "openproject_user"
... ...

9
helmfile/apps/provisioning/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# OX Connector # OX Connector
@@ -15,12 +19,9 @@ releases:
values: values:
- "values-oxconnector.yaml" - "values-oxconnector.yaml"
- "values-oxconnector.gotmpl" - "values-oxconnector.gotmpl"
condition: "oxConnector.enabled" installed: {{ .Values.oxConnector.enabled }}
commonLabels: commonLabels:
deploy-stage: "component-2" deploy-stage: "component-2"
component: "provisioning" component: "provisioning"
bases:
- "../../bases/environments.yaml"
... ...

16
helmfile/apps/provisioning/values-oxconnector.gotmpl
View File

@@ -4,21 +4,23 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.oxConnector.repository }}" repository: {{ .Values.images.oxConnector.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.oxConnector.tag }}" tag: {{ .Values.images.oxConnector.tag | quote }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
oxConnector: oxConnector:
domainName: "{{ .Values.global.domain }}" domainName: {{ .Values.global.domain | quote }}
ldapHost: {{ .Values.ldap.host | quote }}
notifierServer: {{ .Values.ldap.notifierHost | quote }}
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))" #oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
oxMasterAdmin: "admin" oxMasterAdmin: "admin"
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}

2
helmfile/apps/provisioning/values-oxconnector.yaml
View File

@@ -5,11 +5,9 @@ ingress:
enabled: false enabled: false
oxConnector: oxConnector:
ldapHost: "univention-corporate-container"
# ldapHostIp: "" # ldapHostIp: ""
ldapBaseDn: "dc=swp-ldap,dc=internal" ldapBaseDn: "dc=swp-ldap,dc=internal"
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal" ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
notifierServer: "univention-corporate-container"
tlsMode: "off" tlsMode: "off"
# current static password for UCC # current static password for UCC
ldapPassword: "ucctempldapstring" ldapPassword: "ucctempldapstring"

38
helmfile/apps/services/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# openDesk Certificates # openDesk Certificates
@@ -74,70 +78,74 @@ releases:
version: "2.1.0" version: "2.1.0"
values: values:
- "values-certificates.gotmpl" - "values-certificates.gotmpl"
condition: "certificates.enabled" installed: {{ .Values.certificates.enabled }}
- name: "redis" - name: "redis"
chart: "bitnami-repo/redis" chart: "bitnami-repo/redis"
version: "18.1.2" version: "18.1.2"
values: values:
- "values-redis.gotmpl" - "values-redis.gotmpl"
- "values-redis.yaml" - "values-redis.yaml"
condition: "redis.enabled" installed: {{ .Values.redis.enabled }}
- name: "memcached" - name: "memcached"
chart: "bitnami-repo/memcached" chart: "bitnami-repo/memcached"
version: "6.6.2" version: "6.6.2"
values: values:
- "values-memcached.yaml" - "values-memcached.yaml"
- "values-memcached.gotmpl" - "values-memcached.gotmpl"
condition: "memcached.enabled" installed: {{ .Values.memcached.enabled }}
- name: "postgresql" - name: "postgresql"
chart: "postgresql-repo/postgresql" chart: "postgresql-repo/postgresql"
version: "2.0.2" version: "2.0.3"
values: values:
- "values-postgresql.yaml" - "values-postgresql.yaml"
- "values-postgresql.gotmpl" - "values-postgresql.gotmpl"
condition: "postgresql.enabled" installed: {{ .Values.postgresql.enabled }}
timeout: 900 timeout: 900
- name: "mariadb" - name: "mariadb"
chart: "mariadb-repo/mariadb" chart: "mariadb-repo/mariadb"
version: "2.0.2" version: "2.1.1"
values: values:
- "values-mariadb.yaml" - "values-mariadb.yaml"
- "values-mariadb.gotmpl" - "values-mariadb.gotmpl"
condition: "mariadb.enabled" installed: {{ .Values.mariadb.enabled }}
timeout: 900 timeout: 900
- name: "postfix" - name: "postfix"
chart: "postfix-repo/postfix" chart: "postfix-repo/postfix"
version: "2.0.3" version: "2.0.4"
values: values:
- "values-postfix.yaml" - "values-postfix.yaml"
- "values-postfix.gotmpl" - "values-postfix.gotmpl"
condition: "postfix.enabled" installed: {{ .Values.postfix.enabled }}
- name: "clamav" - name: "clamav"
chart: "clamav-repo/opendesk-clamav" chart: "clamav-repo/opendesk-clamav"
version: "4.0.0" version: "4.0.0"
values: values:
- "values-clamav-distributed.yaml" - "values-clamav-distributed.yaml"
- "values-clamav-distributed.gotmpl" - "values-clamav-distributed.gotmpl"
condition: "clamavDistributed.enabled" installed: {{ .Values.clamavDistributed.enabled }}
- name: "clamav-simple" - name: "clamav-simple"
chart: "clamav-repo/clamav-simple" chart: "clamav-repo/clamav-simple"
version: "4.0.0" version: "4.0.0"
values: values:
- "values-clamav-simple.yaml" - "values-clamav-simple.yaml"
- "values-clamav-simple.gotmpl" - "values-clamav-simple.gotmpl"
condition: "clamavSimple.enabled" installed: {{ .Values.clamavSimple.enabled }}
- name: "opendesk-gateway" - name: "opendesk-gateway"
chart: "istio-resources-repo/istio-gateway" chart: "istio-resources-repo/istio-gateway"
version: "2.0.0" version: "2.0.0"
values: values:
- "values-istio-gateway.yaml" - "values-istio-gateway.yaml"
- "values-istio-gateway.gotmpl" - "values-istio-gateway.gotmpl"
condition: "istio.enabled" installed: {{ .Values.istio.enabled }}
- name: "minio"
chart: "bitnami-repo/minio"
version: "12.8.19"
values:
- "values-minio.yaml"
- "values-minio.gotmpl"
installed: {{ .Values.minio.enabled }}
commonLabels: commonLabels:
deploy-stage: "services" deploy-stage: "services"
component: "services" component: "services"
bases:
- "../../bases/environments.yaml"
... ...

8
helmfile/apps/services/values-certificates.gotmpl
View File

@@ -4,19 +4,19 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
issuerRef: issuerRef:
name: "{{ .Values.certificate.issuerRef.name }}" name: {{ .Values.certificate.issuerRef.name | quote }}
{{- if .Values.istio.enabled }} {{- if .Values.istio.enabled }}
istio: istio:
enabled: {{ .Values.istio.enabled }} enabled: {{ .Values.istio.enabled }}
domain: {{ .Values.istio.domain }} domain: {{ .Values.istio.domain | quote }}
issuerRef: issuerRef:
name: "{{ .Values.istio.issuerRef.name }}" name: {{ .Values.istio.issuerRef.name | quote }}
{{- end }} {{- end }}
cleanup: cleanup:

36
helmfile/apps/services/values-clamav-distributed.gotmpl
View File

@@ -7,10 +7,10 @@ clamd:
podSecurityContext: podSecurityContext:
replicaCount: {{ .Values.replicas.clamd }} replicaCount: {{ .Values.replicas.clamd }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.clamd.repository }}" repository: {{ .Values.images.clamd.repository | quote }}
tag: "{{ .Values.images.clamd.tag }}" tag: {{ .Values.images.clamd.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.clamd | toYaml | nindent 4 }} {{ .Values.resources.clamd | toYaml | nindent 4 }}
@@ -18,10 +18,10 @@ freshclam:
podSecurityContext: podSecurityContext:
replicaCount: {{ .Values.replicas.freshclam }} replicaCount: {{ .Values.replicas.freshclam }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.freshclam.repository }}" repository: {{ .Values.images.freshclam.repository | quote }}
tag: "{{ .Values.images.freshclam.tag }}" tag: {{ .Values.images.freshclam.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.freshclam | toYaml | nindent 4 }} {{ .Values.resources.freshclam | toYaml | nindent 4 }}
@@ -32,10 +32,10 @@ global:
icap: icap:
replicaCount: {{ .Values.replicas.icap }} replicaCount: {{ .Values.replicas.icap }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.icap.repository }}" repository: {{ .Values.images.icap.repository | quote }}
tag: "{{ .Values.images.icap.tag }}" tag: {{ .Values.images.icap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.icap | toYaml | nindent 4 }} {{ .Values.resources.icap | toYaml | nindent 4 }}
@@ -43,14 +43,14 @@ milter:
podSecurityContext: podSecurityContext:
replicaCount: {{ .Values.replicas.milter }} replicaCount: {{ .Values.replicas.milter }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.milter.repository }}" repository: {{ .Values.images.milter.repository | quote }}
tag: "{{ .Values.images.milter.tag }}" tag: {{ .Values.images.milter.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.milter | toYaml | nindent 4 }} {{ .Values.resources.milter | toYaml | nindent 4 }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWX }}" storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }}
size: "{{ .Values.persistence.size.clamav }}" size: {{ .Values.persistence.size.clamav | quote }}
... ...

20
helmfile/apps/services/values-clamav-simple.gotmpl
View File

@@ -7,15 +7,15 @@ replicaCount: {{ .Values.replicas.clamav }}
image: image:
clamav: clamav:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.clamd.repository }}" repository: {{ .Values.images.clamd.repository | quote }}
tag: "{{ .Values.images.clamd.tag }}" tag: {{ .Values.images.clamd.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
icap: icap:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.icap.repository }}" repository: {{ .Values.images.icap.repository | quote }}
tag: "{{ .Values.images.icap.tag }}" tag: {{ .Values.images.icap.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.clamd | toYaml | nindent 4 }} {{ .Values.resources.clamd | toYaml | nindent 4 }}
@@ -25,6 +25,6 @@ global:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.clamav }}" size: {{ .Values.persistence.size.clamav | quote }}
... ...

4
helmfile/apps/services/values-istio-gateway.gotmpl
View File

@@ -4,9 +4,9 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.istio.domain }}" domain: {{ .Values.istio.domain | quote }}
hosts: hosts:
openxchange: "{{ .Values.global.hosts.openxchange }}" openxchange: {{ .Values.global.hosts.openxchange | quote }}
tls: tls:
secretName: "{{ .Values.istio.domain }}-tls" secretName: "{{ .Values.istio.domain }}-tls"

12
helmfile/apps/services/values-mariadb.gotmpl
View File

@@ -4,14 +4,14 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
repository: "{{ .Values.images.mariadb.repository }}" repository: {{ .Values.images.mariadb.repository | quote }}
tag: "{{ .Values.images.mariadb.tag }}" tag: {{ .Values.images.mariadb.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
# Open-Xchange and XWiki require the permission to create database schemas, so they use the `root` account anyway. # Open-Xchange and XWiki require the permission to create database schemas, so they use the `root` account anyway.
# Please refer to `databases.yaml` for details. # Please refer to `databases.yaml` for details.
@@ -35,8 +35,8 @@ mariadb:
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }} rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.mariadb }}" size: {{ .Values.persistence.size.mariadb | quote }}
resources: resources:
{{ .Values.resources.mariadb | toYaml | nindent 2 }} {{ .Values.resources.mariadb | toYaml | nindent 2 }}

10
helmfile/apps/services/values-memcached.gotmpl
View File

@@ -4,15 +4,15 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.memcached.repository }}" repository: {{ .Values.images.memcached.repository | quote }}
tag: "{{ .Values.images.memcached.tag }}" tag: {{ .Values.images.memcached.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.memcached | toYaml | nindent 2 }} {{ .Values.resources.memcached | toYaml | nindent 2 }}

80
helmfile/apps/services/values-minio.gotmpl Normal file
View File

@@ -0,0 +1,80 @@
{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
registry: "{{ .Values.global.imageRegistry }}"
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image:
registry: "{{ .Values.global.imageRegistry }}"
repository: "{{ .Values.images.minio.repository }}"
tag: "{{ .Values.images.minio.tag }}"
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
auth:
rootPassword: {{ .Values.secrets.minio.rootPassword | quote }}
statefulset:
replicaCount: {{ .Values.replicas.minioDistributed }}
resources:
{{ .Values.resources.minio | toYaml | nindent 2 }}
ingress:
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
hostname: "{{ .Values.global.hosts.minioConsole }}.{{ .Values.global.domain }}"
extraTls:
- hosts:
- "{{ .Values.global.hosts.minioConsole }}.{{ .Values.global.domain }}"
secretName: "{{ .Values.ingress.tls.secretName }}"
apiIngress:
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
hostname: "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
extraTls:
- hosts:
- "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
secretName: "{{ .Values.ingress.tls.secretName }}"
metrics:
serviceMonitor:
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
prometheusRule:
enabled: {{ .Values.prometheus.prometheusRules.enabled }}
persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
size: "{{ .Values.persistence.size.minio }}"
provisioning:
users:
- username: "openproject_user"
password: {{ .Values.secrets.minio.openprojectUser | quote }}
disabled: false
policies:
- "openproject-bucket-policy"
setPolicies: true
- username: "openxchange_user"
password: {{ .Values.secrets.minio.openxchangeUser | quote }}
disabled: false
policies:
- "openxchange-bucket-policy"
setPolicies: true
- username: "ums_user"
password: {{ .Values.secrets.minio.umsUser | quote }}
disabled: false
policies:
- "ums-bucket-policy"
setPolicies: true
- username: "nextcloud_user"
password: {{ .Values.secrets.minio.nextcloudUser | quote }}
disabled: false
policies:
- "nextcloud-bucket-policy"
setPolicies: true
...

114
helmfile/apps/services/values-minio.yaml Normal file
View File

@@ -0,0 +1,114 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
mode: "standalone"
podSecurityContext:
enabled: true
fsGroup: 1000
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
runAsUser: 1000
runAsNonRoot: true
seccompProfile:
type: "RuntimeDefault"
ingress:
annotations:
nginx.org/websocket-services: "minio"
networkPolicy:
enabled: false
defaultBuckets: "openproject,openxchange,ums,nextcloud"
provisioning:
enabled: true
cleanupAfterFinished:
enabled: true
buckets:
- name: "openproject"
versioning: true
withLock: false
- name: "openxchange"
versioning: true
withLock: false
- name: "ums"
versioning: true
withLock: false
- name: "nextcloud"
versioning: true
withLock: false
policies:
- name: "openproject-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::openproject"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::openproject/*"
effect: "Allow"
actions:
- "s3:*"
- name: "openxchange-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::openxchange"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::openxchange/*"
effect: "Allow"
actions:
- "s3:*"
- name: "ums-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::ums"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::ums/*"
effect: "Allow"
actions:
- "s3:*"
- name: "nextcloud-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::nextcloud"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::nextcloud/*"
effect: "Allow"
actions:
- "s3:*"
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 10
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 10
startupProbe:
enabled: true
periodSeconds: 10
timeoutSeconds: 10
...

26
helmfile/apps/services/values-postfix.gotmpl
View File

@@ -4,28 +4,28 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
registry: {{ .Values.global.imageRegistry }} registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: {{ .Values.global.imageRegistry }} registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.postfix.repository }}" repository: {{ .Values.images.postfix.repository | quote }}
tag: "{{ .Values.images.postfix.tag }}" tag: {{ .Values.images.postfix.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
certificate: certificate:
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
postfix: postfix:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
virtualMailboxDomains: "{{ .Values.global.domain }}" virtualMailboxDomains: {{ .Values.global.domain | quote }}
overrides: overrides:
- fileName: "sasl_passwd.map" - fileName: "sasl_passwd.map"
content: content:
- "{{ .Values.smtp.host }} {{ .Values.smtp.username }}:{{ .Values.smtp.password }}" - {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
relayHost: "[{{ .Values.smtp.host }}]:587" relayHost: {{ printf "[%s]:587" .Values.smtp.host | quote }}
relayNets: {{ .Values.cluster.networking.cidr }} relayNets: {{ .Values.cluster.networking.cidr | quote}}
virtualTransport: "lmtps:dovecot:24" virtualTransport: "lmtps:dovecot:24"
smtpdSASLPath: "inet:dovecot:3659" smtpdSASLPath: "inet:dovecot:3659"
{{- if .Values.clamavDistributed.enabled }} {{- if .Values.clamavDistributed.enabled }}
@@ -35,8 +35,8 @@ postfix:
{{- end }} {{- end }}
persistence: persistence:
size: "{{ .Values.persistence.size.postfix }}" size: {{ .Values.persistence.size.postfix | quote }}
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote}}
replicaCount: {{ .Values.replicas.postfix }} replicaCount: {{ .Values.replicas.postfix }}

12
helmfile/apps/services/values-postgresql.gotmpl
View File

@@ -4,14 +4,14 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
registry: {{ .Values.global.imageRegistry }} registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
repository: "{{ .Values.images.postgresql.repository }}" repository: {{ .Values.images.postgresql.repository | quote }}
tag: "{{ .Values.images.postgresql.tag }}" tag: {{ .Values.images.postgresql.tag | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
job: job:
users: users:
@@ -39,8 +39,8 @@ job:
user: "notificationsapi_user" user: "notificationsapi_user"
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.postgresql }}" size: {{ .Values.persistence.size.postgresql | quote }}
postgres: postgres:
password: {{ .Values.secrets.postgresql.postgresUser | quote }} password: {{ .Values.secrets.postgresql.postgresUser | quote }}

14
helmfile/apps/services/values-redis.gotmpl
View File

@@ -7,20 +7,20 @@ auth:
password: {{ .Values.secrets.redis.password | quote }} password: {{ .Values.secrets.redis.password | quote }}
global: global:
imageRegistry: "{{ .Values.global.imageRegistry }}" imageRegistry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.redis.repository }}" repository: {{ .Values.images.redis.repository | quote }}
tag: "{{ .Values.images.redis.tag }}" tag: {{ .Values.images.redis.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
master: master:
persistence: persistence:
size: "{{ .Values.persistence.size.redis }}" size: {{ .Values.persistence.size.redis | quote }}
resources: resources:
{{ .Values.resources.redis | toYaml | nindent 4 }} {{ .Values.resources.redis | toYaml | nindent 4 }}

9
helmfile/apps/univention-corporate-container/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# openDesk Univention Corporate Server (as eval Container) # openDesk Univention Corporate Server (as eval Container)
@@ -20,12 +24,9 @@ releases:
values: values:
- "values.yaml" - "values.yaml"
- "values.gotmpl" - "values.gotmpl"
condition: "univentionCorporateServer.enabled" installed: {{ .Values.univentionCorporateServer.enabled }}
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "univention-corporate-container" component: "univention-corporate-container"
bases:
- "../../bases/environments.yaml"
... ...

24
helmfile/apps/univention-corporate-container/values.gotmpl
View File

@@ -4,36 +4,36 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: {{ .Values.global.domain | quote }}
hosts: hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }} {{ .Values.global.hosts | toYaml | nindent 4 }}
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
repository: "{{ .Values.images.univentionCorporateServer.repository }}" repository: {{ .Values.images.univentionCorporateServer.repository | quote }}
tag: "{{ .Values.images.univentionCorporateServer.tag }}" tag: {{ .Values.images.univentionCorporateServer.tag | quote }}
ingress: ingress:
host: "{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
enabled: {{ .Values.ingress.tls.enabled }} enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
persistence: persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionCorporateServer }}" size: {{ .Values.persistence.size.univentionCorporateServer | quote }}
extraEnvVars: extraEnvVars:
- name: ISTIO_DOMAIN - name: ISTIO_DOMAIN
value: {{ .Values.istio.domain }} value: {{ .Values.istio.domain | quote }}
- name: CENTRALNAVIGATION_API_SECRET - name: CENTRALNAVIGATION_API_SECRET
value: {{ .Values.secrets.centralnavigation.apiKey }} value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
- name: LDAPSEARCH_OX_USERNAME - name: LDAPSEARCH_OX_USERNAME
value: "ldapsearch_ox" value: "ldapsearch_ox"
- name: LDAPSEARCH_OX_PASSWORD - name: LDAPSEARCH_OX_PASSWORD

78
helmfile/apps/univention-management-stack/helmfile.yaml
View File

@@ -4,115 +4,143 @@
bases: bases:
- "../../bases/environments.yaml" - "../../bases/environments.yaml"
---
repositories: repositories:
# Univention Management Stack # Univention Management Stack
- name: "ums-repo" - name: "ums-repo"
url: >- url: >-
{{ env "PRIVATE_CHART_REPOSITORY_URL" | {{ env "PRIVATE_CHART_REPOSITORY_URL" |
default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }} default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
# VMWare Bitnami
# Source: https://github.com/bitnami/charts/
- name: "bitnami-repo"
oci: true
url: >-
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
verify: true
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
releases: releases:
# TODO: Interim, until the UMS stack has a stack umbrella chart and provides a solution
# {{- if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}
- name: "ums-stack-gateway"
chart: "bitnami-repo/nginx"
version: "15.3.5"
values:
- "values-ums-stack-gateway.gotmpl"
installed: {{ .Values.univentionManagementStack.enabled }}
# {{- end }}
- name: "ums-store-dav" - name: "ums-store-dav"
chart: "ums-repo/store-dav" chart: "ums-repo/store-dav"
version: "0.2.0" version: "0.5.2"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-store-dav.gotmpl" - "values-store-dav.gotmpl"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-ldap-server" - name: "ums-ldap-server"
chart: "ums-repo/ldap-server" chart: "ums-repo/ldap-server"
version: "0.1.0" version: "0.4.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-ldap-server.gotmpl" - "values-ldap-server.gotmpl"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-ldap-notifier" - name: "ums-ldap-notifier"
chart: "ums-repo/ldap-notifier" chart: "ums-repo/ldap-notifier"
version: "0.1.0" version: "0.4.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-ldap-notifier.gotmpl" - "values-ldap-notifier.gotmpl"
- "values-ldap-notifier.yaml" - "values-ldap-notifier.yaml"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-udm-rest-api" - name: "ums-udm-rest-api"
chart: "ums-repo/udm-rest-api" chart: "ums-repo/udm-rest-api"
version: "0.1.0" version: "0.3.2"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-udm-rest-api.gotmpl" - "values-udm-rest-api.gotmpl"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-stack-data-ums" - name: "ums-stack-data-ums"
chart: "ums-repo/stack-data-ums" chart: "ums-repo/stack-data-ums"
version: "0.1.0" version: "0.15.2"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-stack-data-ums.gotmpl" - "values-stack-data-ums.gotmpl"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-stack-data-swp" - name: "ums-stack-data-swp"
chart: "ums-repo/stack-data-swp" chart: "ums-repo/stack-data-swp"
version: "0.1.0" version: "0.15.2"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-stack-data-swp.gotmpl" - "values-stack-data-swp.gotmpl"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-portal-server" - name: "ums-portal-server"
chart: "ums-repo/portal-server" chart: "ums-repo/portal-server"
version: "0.1.0" version: "0.3.4"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-portal-server.gotmpl" - "values-portal-server.gotmpl"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-notifications-api" - name: "ums-notifications-api"
chart: "ums-repo/notifications-api" chart: "ums-repo/notifications-api"
version: "0.1.0" version: "0.3.4"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-notifications-api.gotmpl" - "values-notifications-api.gotmpl"
- "values-notifications-api.yaml" - "values-notifications-api.yaml"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-portal-listener" - name: "ums-portal-listener"
chart: "ums-repo/portal-listener" chart: "ums-repo/portal-listener"
version: "0.1.0" version: "0.3.4"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-portal-listener.gotmpl" - "values-portal-listener.gotmpl"
- "values-portal-listener.yaml" - "values-portal-listener.yaml"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-portal-frontend" - name: "ums-portal-frontend"
chart: "ums-repo/portal-frontend" chart: "ums-repo/portal-frontend"
version: "0.1.0" version: "0.3.4"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-portal-frontend.gotmpl" - "values-portal-frontend.gotmpl"
condition: "univentionManagementStack.enabled" installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-portal-frontend-custom"
# TODO: Replace with our own Nginx chart.
chart: "bitnami-repo/nginx"
version: "15.3.5"
values:
- "values-portal-frontend-custom.yaml"
- "values-portal-frontend-custom.gotmpl"
installed: {{ .Values.univentionManagementStack.enabled }}
- name: "ums-umc-gateway" - name: "ums-umc-gateway"
chart: "ums-repo/umc-gateway" chart: "ums-repo/umc-gateway"
version: "0.1.0" version: "0.3.2"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-umc-gateway.gotmpl" - "values-umc-gateway.gotmpl"
- "values-umc-gateway.yaml" installed: {{ .Values.univentionManagementStack.enabled }}
condition: "univentionManagementStack.enabled"
- name: "ums-umc-server" - name: "ums-umc-server"
chart: "ums-repo/umc-server" chart: "ums-repo/umc-server"
version: "0.1.0" version: "0.3.2"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
- "values-umc-server.gotmpl" - "values-umc-server.gotmpl"
condition: "univentionManagementStack.enabled" - "values-umc-server.yaml"
installed: {{ .Values.univentionManagementStack.enabled }}
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "univention-management-stack" component: "univention-management-stack"
...

6
helmfile/apps/univention-management-stack/values-common.gotmpl
View File

@@ -3,12 +3,12 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0 SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
ingressClassName: "{{ .Values.ingress.ingressClassName }}" ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls: tls:
# The TLS configuration is on the "master" Ingress, see "portal-frontend" # The TLS configuration is on the "master" Ingress, see "portal-frontend"
enabled: false enabled: false
secretName: "" secretName: ""
...

4
helmfile/apps/univention-management-stack/values-common.yaml
View File

@@ -1,6 +1,10 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
global:
configMapUcrDefaults: "ums-stack-data-ums-ucr"
configMapUcr: "ums-stack-data-swp-ucr"
configMapUcrForced: null
istio: istio:
enabled: false enabled: false

12
helmfile/apps/univention-management-stack/values-ldap-notifier.gotmpl
View File

@@ -3,18 +3,16 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0 SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsLdapNotifier.repository }}" repository: {{ .Values.images.umsLdapNotifier.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsLdapNotifier.tag }}" tag: {{ .Values.images.umsLdapNotifier.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:
{{ .Values.resources.umsLdapNotifier | toYaml | nindent 2 }} {{ .Values.resources.umsLdapNotifier | toYaml | nindent 2 }}
... ...

34
helmfile/apps/univention-management-stack/values-ldap-server.gotmpl
View File

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
ldapServer: ldapServer:
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
ldapBaseDn: "dc=swp-ldap,dc=internal" ldapBaseDn: "dc=swp-ldap,dc=internal"
# TODO: Certificates handling # TODO: Certificates handling
@@ -14,30 +14,34 @@ ldapServer:
# dhParam: "" # dhParam: ""
tlsMode: "off" tlsMode: "off"
# TODO: SAML integration samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
# samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor" samlMetadataUrlInternal: null
# samlMetadataUrlInternal: "http://keycloak.default/realms/ucs/protocol/saml/descriptor" serviceProviders: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata"
# serviceProviders: "http://localhost:8000/univention/saml/metadata,http://localhost:8000/auth/realms/ucs"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsLdapServer.repository }}" repository: {{ .Values.images.umsLdapServer.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsLdapServer.tag }}" tag: {{ .Values.images.umsLdapServer.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
waitForDependency:
registry: "{{ .Values.global.imageRegistry }}"
repository: "{{ .Values.images.umsWaitForDependency.repository }}"
imagePullPolicy: "Always"
tag: "{{ .Values.images.umsWaitForDependency.tag }}"
# TODO: Pending upstream support, #199 # TODO: Pending upstream support, #199
persistence: persistence:
data: data:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.ldapServerData }}" size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
shared: shared:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.ldapServerShared }}" size: {{ .Values.persistence.size.univentionManagementStack.ldapServerShared | quote }}
resources: resources:
{{ .Values.resources.umsLdapServer | toYaml | nindent 2 }} {{ .Values.resources.umsLdapServer | toYaml | nindent 2 }}

10
helmfile/apps/univention-management-stack/values-notifications-api.gotmpl
View File

@@ -14,13 +14,13 @@ postgresql:
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }} password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry }}
repository: "{{ .Values.images.umsNotificationsApi.repository }}" repository: {{ .Values.images.umsNotificationsApi.repository }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy }}
tag: "{{ .Values.images.umsNotificationsApi.tag }}" tag: {{ .Values.images.umsNotificationsApi.tag }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

53
helmfile/apps/univention-management-stack/values-portal-frontend-custom.gotmpl Normal file
View File

@@ -0,0 +1,53 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
ingress:
enabled: true
hostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
ingressClassName: "nginx"
annotations:
nginx.org/mergeable-ingress-type: "minion"
tls: false
pathType: Exact
path: /favicon.ico
extraPaths:
- pathType: Exact
path: /univention/portal/css/custom.css
backend:
service:
name: ums-portal-frontend-custom-nginx
port:
name: http
- pathType: Exact
path: /univention/portal/icons/logo.svg
backend:
service:
name: ums-portal-frontend-custom-nginx
port:
name: http
- pathType: Exact
path: /univention/portal/icons/logo_small_border.svg
backend:
service:
name: ums-portal-frontend-custom-nginx
port:
name: http
- pathType: Exact
path: /univention/portal/custom/portal_background_image.png
backend:
service:
name: ums-portal-frontend-custom-nginx
port:
name: http
- pathType: Exact
path: /univention/portal/custom/portal_background_image.svg
backend:
service:
name: ums-portal-frontend-custom-nginx
port:
name: http
...

33
helmfile/apps/univention-management-stack/values-portal-frontend-custom.yaml Normal file
View File

@@ -0,0 +1,33 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
service:
type: "ClusterIP"
extraVolumes:
- name: "opendesk-branding"
configMap:
name: "ums-stack-data-swp-branding"
extraVolumeMounts:
- name: "opendesk-branding"
mountPath: "/app/favicon.ico"
subPath: "favicon.ico"
- name: "opendesk-branding"
mountPath: "/app/univention/portal/css/custom.css"
subPath: "custom.css"
- name: "opendesk-branding"
mountPath: "/app/univention/portal/icons/logo.svg"
subPath: "logo.svg"
- name: "opendesk-branding"
mountPath: "/app/univention/portal/icons/logo_small_border.svg"
subPath: "logo_small_border.svg"
- name: "opendesk-branding"
mountPath: "/app/univention/portal/custom/portal_background_image.png"
subPath: "portal_background_image.png"
- name: "opendesk-branding"
mountPath: "/app/univention/portal/custom/portal_background_image.svg"
subPath: "portal_background_image.svg"
...

17
helmfile/apps/univention-management-stack/values-portal-frontend.gotmpl
View File

@@ -3,29 +3,28 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0 SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsPortalFrontend.repository }}" repository: {{ .Values.images.umsPortalFrontend.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsPortalFrontend.tag }}" tag: {{ .Values.images.umsPortalFrontend.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
extraIngresses: extraIngresses:
redirects: redirects:
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
# The TLS configuration is on the "master" Ingress, see below. # The TLS configuration is on the "master" Ingress, see below.
tls: tls:
enabled: false enabled: false
master: master:
enabled: {{ .Values.ingress.enabled }} enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
tls: tls:
enabled: {{ .Values.ingress.tls.enabled }} enabled: {{ .Values.ingress.tls.enabled }}
secretName: "{{ .Values.ingress.tls.secretName }}" secretName: {{ .Values.ingress.tls.secretName | quote }}
resources: resources:
{{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }} {{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }}
... ...

27
helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
View File

@@ -13,10 +13,10 @@ portalListener:
umcSessionUrl: "http://ums-umc-server/get/session-info" umcSessionUrl: "http://ums-umc-server/get/session-info"
ldapBaseDn: "dc=swp-ldap,dc=internal" ldapBaseDn: "dc=swp-ldap,dc=internal"
ldapHost: "ums-ldap-server" ldapHost: "{{ .Values.ldap.host }}"
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal" ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}" machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
notifierServer: "ums-ldap-notifier" notifierServer: "ums-ldap-notifier"
portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal" portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal"
udmApiUrl: "http://ums-udm-rest-api/udm/" udmApiUrl: "http://ums-udm-rest-api/udm/"
@@ -25,30 +25,29 @@ portalListener:
tlsMode: "off" tlsMode: "off"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsPortalListener.repository }}" repository: {{ .Values.images.umsPortalListener.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsPortalListener.tag }}" tag: {{ .Values.images.umsPortalListener.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
waitForDependency: waitForDependency:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsWaitForDependency.repository }}" repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
imagePullPolicy: "Always" imagePullPolicy: "Always"
tag: "{{ .Values.images.umsWaitForDependency.tag }}" tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
# TODO: Pending upstream support, #200 # TODO: Pending upstream support, #200
persistence: persistence:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.portalListener }}" size: {{ .Values.persistence.size.univentionManagementStack.portalListener | quote }}
resources: resources:
{{ .Values.resources.umsPortalListener | toYaml | nindent 2 }} {{ .Values.resources.umsPortalListener | toYaml | nindent 2 }}
resourcesDependencyWaiter: resourcesDependencyWaiter:
{{ .Values.resources.umsPortalListenerDependencies | toYaml | nindent 2 }} {{ .Values.resources.umsPortalListenerDependencies | toYaml | nindent 2 }}
... ...

12
helmfile/apps/univention-management-stack/values-portal-server.gotmpl
View File

@@ -7,20 +7,20 @@ portalServer:
adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal" adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
authMode: "saml" authMode: "saml"
environment: "staging" environment: "staging"
editable: "true" editable: "false"
logLevel: "DEBUG" logLevel: "DEBUG"
ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data" ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
umcGetUrl: "http://ums-umc-server/get" umcGetUrl: "http://ums-umc-server/get"
umcSessionUrl: "http://ums-umc-server/get/session-info" umcSessionUrl: "http://ums-umc-server/get/session-info"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsPortalServer.repository }}" repository: {{ .Values.images.umsPortalServer.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsPortalServer.tag }}" tag: {{ .Values.images.umsPortalServer.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

31
helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
View File

@@ -4,33 +4,40 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
stackDataSwp: stackDataSwp:
udmApiUsername: "cn=admin" udmApiUser: "cn=admin"
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
udmApiUrl: "http://ums-udm-rest-api/udm/" udmApiUrl: "http://ums-udm-rest-api/udm/"
loadDevData: true loadDevData: true
stackDataContext: stackDataContext:
ldapBase: "dc=swp-ldap,dc=internal" ldapBase: "dc=swp-ldap,dc=internal"
ldapSearchUsers:
{{- range $k, $v := .Values.secrets.univentionCorporateServer.ldapSearch }}
- username: {{ printf "ldapsearch_%s" $k | quote }}
password: {{ $v | quote }}
lastname: {{ "LDAP-Search-User" }}
{{- end }}
externalDomainName: "{{ .Values.global.domain }}" externalDomainName: "{{ .Values.global.domain }}"
externalMailDomain: "{{ .Values.global.domain }}" externalMailDomain: "{{ .Values.global.domain }}"
portalGroupwareLinkBase: "https://webmail.{{ .Values.istio.domain }}" portalGroupwareLinkBase: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
portalFileshareLinkBase: "https://fs.{{ .Values.global.domain }}" portalFileshareLinkBase: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
portalRealtimeCollaborationLinkBase: "https://chat.{{ .Values.global.domain }}" portalRealtimeCollaborationLinkBase: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
portalRealtimeVideoconferenceLinkBase: "https://meet.{{ .Values.global.domain }}" portalRealtimeVideoconferenceLinkBase: "https://{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
portalManagementProjectLinkBase: "https://project.{{ .Values.global.domain }}" portalManagementProjectLinkBase: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
portalManagementKnowledgeLinkBase: "https://wiki.{{ .Values.global.domain }}" portalManagementKnowledgeLinkBase: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
oxDefaultContext: "10" oxDefaultContext: "10"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsDataLoader.repository }}" repository: {{ .Values.images.umsDataLoader.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsDataLoader.tag }}" tag: {{ .Values.images.umsDataLoader.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

26
helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
View File

@@ -10,20 +10,34 @@ stackDataUms:
loadDevData: true loadDevData: true
stackDataContext: stackDataContext:
domainname: "{{ .Values.global.domain }}"
externalMailDomain: "{{ .Values.global.domain }}"
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
ldapHost: "{{ .Values.ldap.host }}"
ldapBase: "dc=swp-ldap,dc=internal" ldapBase: "dc=swp-ldap,dc=internal"
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }} # TODO: This should not be required, the machine account is not there
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
samlMetadataUrlInternal: null
samlSpServer: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
samlSchemes: "https"
ssoFqdn: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
# The SWP configuration brings its own UMC policies. # The SWP configuration brings its own UMC policies.
installUmcPolicies: false installUmcPolicies: false
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsDataLoader.repository }}" repository: {{ .Values.images.umsDataLoader.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsDataLoader.tag }}" tag: {{ .Values.images.umsDataLoader.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

28
helmfile/apps/univention-management-stack/values-store-dav.gotmpl
View File

@@ -6,33 +6,33 @@ SPDX-License-Identifier: Apache-2.0
storeDav: storeDav:
auth: auth:
basicAuth: basicAuth:
portal-listener: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}" portal-listener: {{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener | quote }}
portal-server: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}" portal-server: {{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsStoreDav.repository }}" repository: {{ .Values.images.umsStoreDav.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsStoreDav.tag }}" tag: {{ .Values.images.umsStoreDav.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
configHtpasswd: configHtpasswd:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsConfigHtpasswd.repository }}" repository: {{ .Values.images.umsConfigHtpasswd.repository | quote }}
pullPolicy: "Always" pullPolicy: "Always"
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsConfigHtpasswd.tag }}" tag: {{ .Values.images.umsConfigHtpasswd.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
# TODO: Pending upstream support, #201 # TODO: Pending upstream support, #201
persistence: persistence:
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}" storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
size: "{{ .Values.persistence.size.univentionManagementStack.storeDav }}" size: {{ .Values.persistence.size.univentionManagementStack.storeDav | quote }}
resources: resources:
{{ .Values.resources.umsStoreDav | toYaml | nindent 2 }} {{ .Values.resources.umsStoreDav | toYaml | nindent 2 }}

27
helmfile/apps/univention-management-stack/values-udm-rest-api.gotmpl
View File

@@ -4,41 +4,26 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
udmRestApi: udmRestApi:
apiLogLevel: "4"
authGroups:
dcBackup: "cn=DC Backup Hosts,cn=groups,dc=swp-ldap,dc=internal"
dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=swp-ldap,dc=internal"
domainAdmins: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
ldapHost: "ums-ldap-server"
ldapBaseDn: "dc=swp-ldap,dc=internal"
# TODO: This should not be required, the machine account is not there
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
# TODO: why do we need this many subprocesses?
numberOfSubprocesses: 8
# TODO: Stub value currently # TODO: Stub value currently
caCert: "" caCert: ""
# TODO: This should not be part of the udm-rest-api anymore # TODO: This should not be part of the udm-rest-api anymore
loadJoinData: loadJoinData:
enabled: true enabled: true
# TODO: configurable
tlsMode: "off"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsUdmRestApi.repository }}" repository: {{ .Values.images.umsUdmRestApi.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsUdmRestApi.tag }}" tag: {{ .Values.images.umsUdmRestApi.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:
{{ .Values.resources.umsUdmRestApi | toYaml | nindent 2 }} {{ .Values.resources.umsUdmRestApi | toYaml | nindent 2 }}
... ...

24
helmfile/apps/univention-management-stack/values-umc-gateway.gotmpl
View File

@@ -4,18 +4,26 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
umcGateway: umcGateway:
domainname: "{{ .Values.global.domain }}"
hostname: "{{ .Values.global.hosts.univentionManagementStack }}" extraVolumes:
ssoFqdn: "localhost:8097" - name: "entrypoint-swp-patches"
configMap:
name: "ums-stack-data-swp-umc-gateway-entrypoint"
defaultMode: 0555
extraVolumeMounts:
- name: "entrypoint-swp-patches"
mountPath: "/entrypoint.d/90-swp.sh"
subPath: "90-swp.sh"
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsUmcGateway.repository }}" repository: {{ .Values.images.umsUmcGateway.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsUmcGateway.tag }}" tag: {{ .Values.images.umsUmcGateway.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

18
helmfile/apps/univention-management-stack/values-umc-gateway.yaml
View File

@@ -1,18 +0,0 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
umcGateway:
showCookieBanner: true
cookieBannerTitleDE: "Cookie Zustimmung"
cookieBannerTitleEN: "Cookie Consent"
cookieBannerTextDE: >-
Die Nutzung dieses Angebots ist nur möglich, wenn Cookies gespeichert und
verarbeitet werden können (essenzielle Cookies). Dafür benötigen wir Ihre
Zustimmung. Bitte akzeptieren Sie um fortzufahren oder schließen Sie die
Seite.
cookieBannerTextEN: >-
Usage of this site is only possible by storing and processing cookie
information (essential cookies). We require your consent. Please accept to
continue or close the page.
...

32
helmfile/apps/univention-management-stack/values-umc-server.gotmpl
View File

@@ -4,37 +4,19 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
umcServer: umcServer:
domainname: "{{ .Values.global.domain }}"
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
ldapHost: "ums-ldap-server"
ldapBaseDn: "dc=swp-ldap,dc=internal"
# TODO: This should not be required, the machine account is not there
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
enforceSessionCookie: "true"
# TODO: The keycloak integration is pending
samlEnabled: false
samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
samlMetadataUrlInternal: "http://keycloak/realms/ucs/protocol/saml/descriptor"
samlSpServer: "localhost:8000"
samlSchemes: "http"
tlsMode: "off"
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
# TODO: Secret should be entered without b64enc # TODO: Secret should be entered without b64enc
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}" machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc | quote }}
image: image:
registry: "{{ .Values.global.imageRegistry }}" registry: {{ .Values.global.imageRegistry | quote }}
repository: "{{ .Values.images.umsUmcServer.repository }}" repository: {{ .Values.images.umsUmcServer.repository | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: "{{ .Values.images.umsUmcServer.tag }}" tag: {{ .Values.images.umsUmcServer.tag | quote }}
pullSecrets: pullSecrets:
{{- range .Values.global.imagePullSecrets }} {{- range .Values.global.imagePullSecrets }}
- name: {{ . }} - name: {{ . | quote }}
{{- end }} {{- end }}
resources: resources:

17
helmfile/apps/univention-management-stack/values-umc-server.yaml Normal file
View File

@@ -0,0 +1,17 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
umcServer:
certPemFile: "/var/secrets/ssl/tls.crt"
privateKeyFile: "/var/secrets/ssl/tls.key"
extraVolumes:
- name: "certificates"
secret:
secretName: "opendesk-certificates-tls"
extraVolumeMounts:
- name: "certificates"
mountPath: "/var/secrets/ssl"
...

173
helmfile/apps/univention-management-stack/values-ums-stack-gateway.gotmpl Normal file
View File

@@ -0,0 +1,173 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
ingress:
enabled: true
hostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
tls: false
extraTls:
- hosts:
- "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
secretName: "{{ .Values.ingress.tls.secretName }}"
service:
type: "ClusterIP"
# The content of the "serverBlock" does resemble the Ingress configuration of
# the UMS components. The "location" entries do intentionally reflect precisely
# the respective paths which are configured.
serverBlock: |
server {
listen 8080;
## portal-frontend
# The frontend does not own "/univention/portal", only these two bits
location = /univention/portal/ {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80/;
}
location = /univention/portal/index.html {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80/;
}
# The following prefixes are owned by the frontend
location /univention/portal/css/ {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/portal/fonts/ {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/portal/i18n/ {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/portal/media/ {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/portal/js/ {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/portal/oidc/ {
rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
## frontend redirects
location = / {
absolute_redirect off;
return 302 /univention/portal/;
}
location = /univention {
absolute_redirect off;
return 302 /univention/portal/;
}
location = /univention/ {
absolute_redirect off;
return 302 /univention/portal/;
}
location = /univention/portal {
absolute_redirect off;
return 302 /univention/portal/;
}
## portal-server
location = /univention/portal/portal.json {
proxy_pass http://ums-portal-server:80;
}
location = /univention/portal/navigation.json {
proxy_pass http://ums-portal-server:80;
}
## store-dav
location /univention/portal/icons/entries/ {
rewrite ^/univention/portal(/icons/entries/.*)$ /portal-assets$1 break;
proxy_pass http://ums-store-dav:80;
}
location /univention/portal/icons/logos/ {
rewrite ^/univention/portal(/icons/logos/.*)$ /portal-assets$1 break;
proxy_pass http://ums-store-dav:80;
}
## udm-rest-api
location /univention/udm/ {
rewrite ^/univention(/udm/.*)$ $1 break;
proxy_pass http://ums-udm-rest-api:80;
proxy_set_header X-Forwarded-Host $host;
}
## umc-gateway
location = /univention/languages.json {
proxy_pass http://ums-umc-gateway:80;
}
location = /univention/meta.json {
proxy_pass http://ums-umc-gateway:80;
}
location = /univention/theme.css {
proxy_pass http://ums-umc-gateway:80;
}
location /univention/js/ {
proxy_pass http://ums-umc-gateway:80;
}
location /univention/login/ {
proxy_pass http://ums-umc-gateway:80;
}
location /univention/management/ {
proxy_pass http://ums-umc-gateway:80;
}
location /univention/themes/ {
proxy_pass http://ums-umc-gateway:80;
}
## umc-server
location = /univention/auth {
rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80;
}
location /univention/logout/ {
rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80;
}
location /univention/saml/ {
rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80;
}
location /univention/get/ {
rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80;
}
location /univention/set/ {
rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80;
}
location /univention/command/ {
rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80;
}
location /univention/upload/ {
rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80;
}
## notifications-api
location /univention/portal/notifications-api/ {
rewrite ^/univention/portal/notifications-api(/.*)$ $1 break;
proxy_pass http://ums-notifications-api:80;
}
}

9
helmfile/apps/xwiki/helmfile.yaml
View File

@@ -1,5 +1,9 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
--- ---
repositories: repositories:
# XWiki # XWiki
@@ -17,13 +21,10 @@ releases:
values: values:
- "values.yaml" - "values.yaml"
- "values.gotmpl" - "values.gotmpl"
condition: "xwiki.enabled" installed: {{ .Values.xwiki.enabled }}
timeout: 900 timeout: 900
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "xwiki" component: "xwiki"
bases:
- "../../bases/environments.yaml"
... ...

44
helmfile/apps/xwiki/values.gotmpl
View File

@@ -5,50 +5,50 @@ SPDX-License-Identifier: Apache-2.0
--- ---
image: image:
name: "{{ .Values.global.imageRegistry }}/{{ .Values.images.xwiki.repository }}" name: "{{ .Values.global.imageRegistry }}/{{ .Values.images.xwiki.repository }}"
tag: "{{ .Values.images.xwiki.tag }}" tag: {{ .Values.images.xwiki.tag | quote }}
pullPolicy: "{{ .Values.global.imagePullPolicy }}" pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
externalDB: externalDB:
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }} password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
database: "{{ .Values.databases.xwiki.name }}" database: {{ .Values.databases.xwiki.name | quote }}
user: "{{ .Values.databases.xwiki.username }}" user: {{ .Values.databases.xwiki.username | quote }}
host: "{{ .Values.databases.xwiki.host }}" host: {{ .Values.databases.xwiki.host | quote }}
customConfigs: customConfigs:
"xwiki.cfg": "xwiki.cfg":
"xwiki.superadminpassword": "{{ .Values.secrets.xwiki.superadminpassword }}" "xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
## LDAP Server configuration ## LDAP Server configuration
# "xwiki.authentication.ldap.server": "univention-corporate-container" xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
# xwiki.authentication.ldap.port: 389 xwiki.authentication.ldap.port: 389
## Authentication to the LDAP server ## Authentication to the LDAP server
# xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
# xwiki.authentication.ldap.bind_pass: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}" xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
## Base DN used for searching for users ## Base DN used for searching for users
# xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
"xwiki.properties": "xwiki.properties":
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth" "oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
"oidc.endpoint.token": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token" "oidc.endpoint.token": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token"
"oidc.endpoint.userinfo": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/userinfo" "oidc.endpoint.userinfo": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/userinfo"
"oidc.endpoint.logout": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout" "oidc.endpoint.logout": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
"oidc.secret": {{ .Values.secrets.keycloak.clientSecret.xwiki }} "oidc.secret": {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
"url.trustedDomains": "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" "url.trustedDomains": "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
"workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json" "workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
"workplaceServices.base": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}" "workplaceServices.base": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
"workplaceServices.portalSecret": "{{ .Values.secrets.centralnavigation.apiKey }}" "workplaceServices.portalSecret": {{ .Values.secrets.centralnavigation.apiKey | quote }}
properties: properties:
"attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}" "attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}"
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": "{{ .Values.theme.colors.primary }}" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": {{ .Values.theme.colors.primary | quote }}
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "{{ .Values.theme.colors.white }}" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": {{ .Values.theme.colors.white | quote }}
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "{{ .Values.theme.colors.secondaryGreyLight }}" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": {{ .Values.theme.colors.secondaryGreyLight | quote }}
## Link LDAP users and users authenticated through OIDC ## Link LDAP users and users authenticated through OIDC
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1 "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
ingress: ingress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
className: "{{ .Values.ingress.ingressClassName }}" className: {{ .Values.ingress.ingressClassName | quote }}
annotations: annotations:
haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
hosts: hosts:
@@ -57,13 +57,13 @@ ingress:
- path: / - path: /
pathType: "ImplementationSpecific" pathType: "ImplementationSpecific"
tls: tls:
- secretName: "{{ .Values.ingress.tls.secretName }}" - secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts: hosts:
- "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" - "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
persistence: persistence:
size: "{{ .Values.persistence.size.xwiki }}" size: {{ .Values.persistence.size.xwiki | quote }}
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
replicaCount: {{ .Values.replicas.xwiki }} replicaCount: {{ .Values.replicas.xwiki }}

28
helmfile/apps/xwiki/values.yaml
View File

@@ -8,7 +8,7 @@ customConfigs:
xwiki.cfg: xwiki.cfg:
xwiki.url.protocol: "https" xwiki.url.protocol: "https"
## Indicate the LDAP field defining the user UID ## Indicate the LDAP field defining the user UID
# xwiki.authentication.ldap.UID_attr: "uid" xwiki.authentication.ldap.UID_attr: "uid"
## Indicate the LDAP field defining the user profile picture ## Indicate the LDAP field defining the user profile picture
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto" # xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
## Enable the synchronization of the LDAP profile picture ## Enable the synchronization of the LDAP profile picture
@@ -17,8 +17,8 @@ customConfigs:
xwiki.properties: xwiki.properties:
oidc.scope: "openid,profile,email,address,phoenix" oidc.scope: "openid,profile,email,address,phoenix"
oidc.endpoint.userinfo.method: "GET" oidc.endpoint.userinfo.method: "GET"
oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}" oidc.user.nameFormater: "${oidc.user.phoenixusername._clean._lowerCase}"
oidc.user.subjectFormater: "${oidc.user.subject}" oidc.user.subjectFormater: "${oidc.user.phoenixusername._lowerCase}"
# yamllint disable-line rule:line-length # yamllint disable-line rule:line-length
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype" oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
oidc.clientid: "xwiki" oidc.clientid: "xwiki"
@@ -67,21 +67,21 @@ properties:
"property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc" "property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"
## Fields to search in when importing users from the administration UI (not completely in scope for now) ## Fields to search in when importing users from the administration UI (not completely in scope for now)
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes": "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes":
# "sn,givenname,uid" "sn,givenname,uid"
## Restrict user import in the UI to global administrators ## Restrict user import in the UI to global administrators
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin" "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin"
## Enable group and user synchronization ## Enable group and user synchronization
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1 "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1 "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate": "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate":
# 1 1
## Base DN under which groups should be searched for ## Base DN under which groups should be searched for
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN": "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
# "dc=swp-ldap,dc=internal" "dc=swp-ldap,dc=internal"
## LDAP filter to only synchronize some groups ## LDAP filter to only synchronize some groups
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter": "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))" "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
securityContext: securityContext:
enabled: true enabled: true

10
helmfile/environments/default/_helper.gotmpl Normal file
View File

@@ -0,0 +1,10 @@
{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
## Define LDAP service (supports "ums_eval" from the CI pipeline)
ldap:
host: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-server" {{ else }} "univention-corporate-container" {{ end }}
notifierHost: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-notifier" {{ else }} "univention-corporate-container" {{ end }}
...

2
helmfile/environments/default/database.yaml
View File

@@ -27,7 +27,7 @@ databases:
password: "" password: ""
oxAppsuite: oxAppsuite:
host: "mariadb" host: "mariadb"
name: "CONFIGDB" name: "configdb"
username: "root" username: "root"
password: "" password: ""
synapse: synapse:

5
helmfile/environments/default/global.gotmpl
View File

@@ -9,10 +9,9 @@ global:
## Define host ## Define host
# #
domain: {{ env "DOMAIN" | default "souvap.cloud" }} domain: {{ env "DOMAIN" | default "souvap.cloud" | quote }}
## Define docker registry address. ## Define docker registry address.
# #
imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" }} imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" | quote }}
... ...

5
helmfile/environments/default/global.yaml
View File

@@ -4,11 +4,11 @@
## The global properties are used to configure multiple charts at once. ## The global properties are used to configure multiple charts at once.
# #
global: global:
## Define ingress/virtualservice host. ## Define ingress/virtualservice host.
# #
hosts: hosts:
collabora: "collabora" collabora: "collabora"
cryptpad: "cryptpad"
dimension: "integration" dimension: "integration"
element: "chat" element: "chat"
etherpad: "etherpad" etherpad: "etherpad"
@@ -19,6 +19,8 @@ global:
matrixNeoChoiceWidget: "matrix-neochoice-widget" matrixNeoChoiceWidget: "matrix-neochoice-widget"
matrixNeoDateFixBot: "matrix-neodatefix-bot" matrixNeoDateFixBot: "matrix-neodatefix-bot"
matrixNeoDateFixWidget: "matrix-neodatefix-widget" matrixNeoDateFixWidget: "matrix-neodatefix-widget"
minioApi: "minio"
minioConsole: "minio-console"
nextcloud: "fs" nextcloud: "fs"
openproject: "project" openproject: "project"
openxchange: "webmail" openxchange: "webmail"
@@ -29,7 +31,6 @@ global:
whiteboard: "whiteboard" whiteboard: "whiteboard"
xwiki: "wiki" xwiki: "wiki"
## Define docker registry address. ## Define docker registry address.
# #
imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace" imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace"

130
helmfile/environments/default/images.yaml
View File

@@ -8,20 +8,32 @@ images:
# @supplier: "openDesk DevSecOps" # @supplier: "openDesk DevSecOps"
collabora: collabora:
repository: "souvap/tooling/images/collabora" repository: "souvap/tooling/images/collabora"
tag: "23.05.4.2.1@sha256:ee9ce83811700f1ff57e1218d22388dbaca96306df33f82aa14b334c5302285a" tag: "23.05.5.4.1@sha256:ff48ec379f0d63e50b7714d1fa0f8f8de4247595dfa78754c44786a79c4968e4"
# @supplier: "Collabora" # @supplier: "Collabora"
cryptpad:
repository: "cryptpad/cryptpad"
tag: "opendesk-20231020@sha256:b0bfe09601d8c8064e1b174d21a225ddb10aaa4103892fdfdf3d216726c26dde"
# @supplier: "XWiki"
dovecot: dovecot:
repository: "dovecot/dovecot" repository: "dovecot/dovecot"
tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7" tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
element: element:
repository: "souvap/tooling/images/element-web" repository: "souvap/tooling/images/element-web"
tag: "1.3.0@sha256:25bd7d731dc501cd00fac61c9db8807b635d1150a99067137b7fb290981ec8f8" tag: "1.6.0@sha256:a71cbd75ee88471e3df59f26a2a37b9b8ff83d2f71f726053acd381ecd87e234"
# @supplier: "Element" # @supplier: "Element"
freshclam: freshclam:
repository: "clamav/clamav" repository: "clamav/clamav"
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f" tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
# @supplier: "openDesk DevSecOps" # @supplier: "openDesk DevSecOps"
icap:
repository: "souvap/tooling/images/c-icap"
tag: "0.5.10@sha256:cd665e77a42460bb1e6df4282bc1d8737be241fc9f4143d43509e31de3a7993d"
# @supplier: "openDesk DevSecOps"
intercom:
repository: "univention/intercom-service"
tag: "1.4-kubernetes@sha256:e4fa2e0df49595bf9ba5bf73e36a50e8f1b44334a1a326a43488b8f9c8bbcb9c"
# @supplier: "Univention"
jibri: jibri:
repository: "jitsi/jibri" repository: "jitsi/jibri"
tag: "stable-8922@sha256:87aa176b44b745b13769f13b8e2d22ddd6f6ba624244d5354c8dd3664787e936" tag: "stable-8922@sha256:87aa176b44b745b13769f13b8e2d22ddd6f6ba624244d5354c8dd3664787e936"
@@ -46,14 +58,6 @@ images:
repository: "jitsi/jvb" repository: "jitsi/jvb"
tag: "stable-8922@sha256:75dd613807e19cbbd440d071b60609fa9e4ee50a1396b14deb0ed779d882a554" tag: "stable-8922@sha256:75dd613807e19cbbd440d071b60609fa9e4ee50a1396b14deb0ed779d882a554"
# @supplier: "Nordeck" # @supplier: "Nordeck"
icap:
repository: "souvap/tooling/images/c-icap"
tag: "0.5.10@sha256:cd665e77a42460bb1e6df4282bc1d8737be241fc9f4143d43509e31de3a7993d"
# @supplier: "openDesk DevSecOps"
intercom:
repository: "univention/intercom-service"
tag: "1.4-kubernetes@sha256:e4fa2e0df49595bf9ba5bf73e36a50e8f1b44334a1a326a43488b8f9c8bbcb9c"
# @supplier: "Univention"
keycloak: keycloak:
repository: "bitnami/keycloak" repository: "bitnami/keycloak"
tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e" tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e"
@@ -66,7 +70,7 @@ images:
keycloakBootstrap: keycloakBootstrap:
repository: "souvap/tooling/images/ansible" repository: "souvap/tooling/images/ansible"
tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac" tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
# @supplier: "Univention" # @supplier: "openDesk DevSecOps"
keycloakExtensionHandler: keycloakExtensionHandler:
repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler" repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler"
tag: "latest@sha256:e67bdfc655e43b7fb83b025e13f949b04fdd98e089b33401275d03e340e03e2e" tag: "latest@sha256:e67bdfc655e43b7fb83b025e13f949b04fdd98e089b33401275d03e340e03e2e"
@@ -82,19 +86,19 @@ images:
# @supplier: "openDesk DevSecOps" # @supplier: "openDesk DevSecOps"
matrixNeoBoardWidget: matrixNeoBoardWidget:
repository: "nordeck/matrix-neoboard-widget" repository: "nordeck/matrix-neoboard-widget"
tag: "0.4.0@sha256:c5e72409a0edc1962e9be618fcb83acce19e64c0c645075d8ff0ccde06e93fc7" tag: "1.0.0@sha256:584b9c18ea3dfd4b7f1e73f3e114bc1dcd5731b400a8d037576bf2a797c8b086"
# @supplier: "Nordeck" # @supplier: "Nordeck"
matrixNeoChoiceWidget: matrixNeoChoiceWidget:
repository: "nordeck/matrix-poll-widget" repository: "nordeck/matrix-poll-widget"
tag: "1.2.0@sha256:0abcf7c368c91721413c96deaa1e87f095b6afbe864ea5f042c9a370c38fb07b" tag: "1.3.0@sha256:19d2c8c7a15fe7d12c4a83a89310831da12323fd45ff0280cce808f1be0c7e0b"
# @supplier: "Nordeck" # @supplier: "Nordeck"
matrixNeoDateFixBot: matrixNeoDateFixBot:
repository: "nordeck/matrix-meetings-bot" repository: "nordeck/matrix-meetings-bot"
tag: "2.4.0@sha256:d6560841c3708bd8b55623ef70dd55bf4792da6ed6cd5026c37a5e4df7c8a3a3" tag: "2.4.2@sha256:f5b3362560255470076f3e6c95a0dd93a8f781398afb992c1e1212764fa87297"
# @supplier: "Nordeck" # @supplier: "Nordeck"
matrixNeoDateFixWidget: matrixNeoDateFixWidget:
repository: "nordeck/matrix-meetings-widget" repository: "nordeck/matrix-meetings-widget"
tag: "1.5.1@sha256:a518c194fa1b8cf2886c02623d883810f166f27259ce7d4e0138b962dea565e7" tag: "1.5.3@sha256:918b1eb28cefb08bfdaae57607f0889b454111f2ba80b5ec9bb3c750f8599913"
# @supplier: "Nordeck" # @supplier: "Nordeck"
matrixUserVerificationService: matrixUserVerificationService:
repository: "matrixdotorg/matrix-user-verification-service" repository: "matrixdotorg/matrix-user-verification-service"
@@ -108,60 +112,79 @@ images:
repository: "clamav/clamav" repository: "clamav/clamav"
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f" tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
# @supplier: "openDesk DevSecOps" # @supplier: "openDesk DevSecOps"
minio:
repository: "bitnami/minio"
tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7"
# @supplier: "openDesk DevSecOps"
nextcloud: nextcloud:
repository: "nextcloud" repository: "nextcloud"
tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39" tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
# @supplier: "Nextcloud Community" # @supplier: "Nextcloud Community"
openproject: openproject:
repository: "openproject/open_desk" repository: "openproject/open_desk"
tag: "dev@sha256:e907515ebbc758ea93b7efd9209c27a449e99adc0a3fc725a73c89508140a2f4" tag: "dev@sha256:732b5d0efe9fc64fe411c9d8143ec3f4a3c731d03c0caddb5fa4c614ff426e8d"
# @supplier: "OpenProject" # @supplier: "OpenProject"
openprojectInitDb:
repository: "postgres"
tag: "13@sha256:ced3ba927f4cf06e03eac7760f426a95367076fb31fe4e31b679f82d119a3519"
# @supplier: "OpenProject"
openprojectBootstrap:
repository: "souvap/tooling/images/opendesk-openproject-bootstrap"
tag: "1.1.1@sha256:09da76a9b645b3dbe5c181061f7829f82f239e7d17f7e115218a32870f7a955e"
# @supplier: "openDesk DevSecOps"
openxchangeBootstrap: openxchangeBootstrap:
repository: "alpine/k8s" repository: "alpine/k8s"
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec" tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
openxchangeCoreGuidedtours: openxchangeCoreGuidedtours:
repository: "appsuite-public-sector/core-guidedtours" repository: "appsuite-public-sector/core-guidedtours"
tag: "8.5.1@sha256:469457562a378cca50460e08d9437a954fc6f19622f18128fa74979f7905ecd9" tag: "8.6.0@sha256:6c20780f8c609636f2182c41709e2ee26586b4a23679fd13b15875a5f443445b"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
openxchangeCoreMW: openxchangeCoreMW:
repository: "appsuite-public-sector/middleware-public-sector" repository: "appsuite-public-sector/middleware-public-sector"
tag: "8.16.60@sha256:269c5b72f380c49ba1888c4300c409745d2ce757ca0b269afe1e8ac9bb26f028" tag: "8.19.33@sha256:369c44369d727e4172f10c25137dbb00d936d20dd844cdca3a34f7f31273ea05"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
openxchangeCoreUI: openxchangeCoreUI:
repository: "appsuite-public-sector/core-ui" repository: "appsuite-public-sector/core-ui"
tag: "8.16.5@sha256:4f4dd4e36fb8a1b493c195e38e2f13b87c9582bfcdc3d23b646698fce2ffef8c" tag: "8.19.0@sha256:7fdd73f78fd7094f2968f6fcaaae175e60824f9ef68f9e7e70418de6a2b623e9"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
openxchangeCoreUIMiddleware: openxchangeCoreUIMiddleware:
repository: "appsuite-public-sector/core-ui-middleware" repository: "appsuite-public-sector/core-ui-middleware"
tag: "1.8.4@sha256:c707fbd5496c894f201dab8f4e78aad98f1ad80c8058778f04dfa5e6e201ed64" tag: "2.0.0@sha256:8082edf30498a3ac1715f2d9b3e406f240ea586e2616b97f40c207ef55dff11f"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
openxchangeCoreUserGuide: openxchangeCoreUserGuide:
repository: "appsuite-public-sector/core-user-guide" repository: "appsuite-public-sector/core-user-guide"
tag: "8.16.727397@sha256:5d8dbf9a91456dea59a235b495dcd002b971e2b23ef6c3a2ea5fd2071664e2a4" tag: "8.19.771856@sha256:e00ed8f94c3c42cd288dd03f7fb18d228eb516b5e5ebd318825289b1c4ed17ab"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
openxchangeGuardUI: openxchangeDocumentConverter:
repository: "appsuite-public-sector/guard-ui" repository: "appsuite-public-sector/documentconverter"
tag: "4.0.6@sha256:7bb8fdf944228dd78a5c33bbd8d0019d5a9e4ce1c35bda674166f2febc5d9a02" tag: "8.19.32@sha256:82354e858b6aeeae7f0ebaf66ad106f8e9ae46e605e97bb1d2d14e6ce1c3d708"
# @supplier: "Open-Xchange"
openxchangeNextcloudIntegrationUI:
repository: "appsuite-public-sector/nextcloud-integration-ui"
tag: "1.0.5@sha256:cad4ecba431f84b8627d2e541cfea773d5ef54b65d847fa8f7e3fd0d63156497"
# @supplier: "Open-Xchange"
openxchangePublicSectorUI:
repository: "appsuite-public-sector/public-sector-ui"
tag: "2.0.1@sha256:8df90f6dfb59008567d8ded0dbd17b8f92f409c78ba2cf4ab2a39e1b23e34d3b"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
openxchangeGotenberg: openxchangeGotenberg:
repository: "appsuite-public-sector/3rdparty/gotenberg" repository: "appsuite-public-sector/3rdparty/gotenberg"
tag: "7.8.2@sha256:34af7b6d21c02b8183785177f5f3f1731633d72ec69e1f2ecdb8b43747887f62" tag: "7.9.2@sha256:c97c1adb971d149222062ec46c5d749d710b38ad153c5c6ed954023e2401c9d0"
# @supplier: "Open-Xchange"
openxchangeGuardUI:
repository: "appsuite-public-sector/guard-ui"
tag: "4.0.7@sha256:8c9fa5d6aed055c0e84042ab28b3f0e9add94390362266ad440da4f90b8c93a8"
# @supplier: "Open-Xchange"
openxchangeImageConverter:
repository: "appsuite-public-sector/imageconverter"
tag: "8.19.33@sha256:9543c1409a129567bd6e4a657a353819842a4b1e1807ab86a1ea2e7f73f8c18e"
# @supplier: "Open-Xchange"
openxchangeNextcloudIntegrationUI:
repository: "appsuite-public-sector/nextcloud-integration-ui"
tag: "1.1.0@sha256:82cecb5adac63806ab41546e6b49090a93a5f4645750bb3967d87585b60df2e1"
# @supplier: "Open-Xchange"
openxchangePublicSectorUI:
repository: "appsuite-public-sector/public-sector-ui"
tag: "2.1.0@sha256:ed56730add8afdb08bef8b43a114aba406fd86d83c7fd7af93dc16bb002fa233"
# @supplier: "Open-Xchange" # @supplier: "Open-Xchange"
oxConnector: oxConnector:
repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
tag:
"branch-jconde-listener-entrypoint-chaining\
@sha256:54748d49e37d52529d4a857ff834d1217bd2cb8c89c7eed25c0873159ed6853c"
# @supplier: "Univention" # @supplier: "Univention"
repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
tag: "branch-jconde-listener-entrypoint-chaining\
@sha256:54748d49e37d52529d4a857ff834d1217bd2cb8c89c7eed25c0873159ed6853c"
postfix: postfix:
repository: "souvap/tooling/images/postfix" repository: "souvap/tooling/images/postfix"
tag: "1.0.0@sha256:69e0c53ade77ffb89673672f5c8183ec2edfc81d4e990aca3ec594f33c55a7ac" tag: "1.0.0@sha256:69e0c53ade77ffb89673672f5c8183ec2edfc81d4e990aca3ec594f33c55a7ac"
@@ -201,67 +224,67 @@ images:
umsConfigHtpasswd: umsConfigHtpasswd:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/config-htpasswd" repository: "souvap/tooling/images/univention/config-htpasswd"
tag: "latest" tag: "0.5.2"
# @supplier: "Univention" # @supplier: "Univention"
umsDataLoader: umsDataLoader:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/data-loader" repository: "souvap/tooling/images/univention/data-loader"
tag: "latest" tag: "0.15.2"
# @supplier: "Univention" # @supplier: "Univention"
umsLdapNotifier: umsLdapNotifier:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/ldap-notifier" repository: "souvap/tooling/images/univention/ldap-notifier"
tag: "latest" tag: "0.4.1"
# @supplier: "Univention" # @supplier: "Univention"
umsLdapServer: umsLdapServer:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/ldap-server" repository: "souvap/tooling/images/univention/ldap-server"
tag: "latest" tag: "0.4.1"
# @supplier: "Univention" # @supplier: "Univention"
umsNotificationsApi: umsNotificationsApi:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/notifications-api" repository: "souvap/tooling/images/univention/notifications-api"
tag: "latest" tag: "0.3.4"
# @supplier: "Univention" # @supplier: "Univention"
umsPortalListener: umsPortalListener:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/portal-listener" repository: "souvap/tooling/images/univention/portal-listener"
tag: "latest" tag: "0.3.4"
# @supplier: "Univention" # @supplier: "Univention"
umsPortalFrontend: umsPortalFrontend:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/portal-frontend" repository: "souvap/tooling/images/univention/portal-frontend"
tag: "latest" tag: "0.3.5"
# @supplier: "Univention" # @supplier: "Univention"
umsPortalServer: umsPortalServer:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/portal-server" repository: "souvap/tooling/images/univention/portal-server"
tag: "latest" tag: "0.3.4"
# @supplier: "Univention" # @supplier: "Univention"
umsWaitForDependency: umsWaitForDependency:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/wait-for-dependency" repository: "souvap/tooling/images/univention/wait-for-dependency"
tag: "latest" tag: "0.3.4"
# @supplier: "Univention" # @supplier: "Univention"
umsStoreDav: umsStoreDav:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/store-dav" repository: "souvap/tooling/images/univention/store-dav"
tag: "latest" tag: "0.5.2"
# @supplier: "Univention" # @supplier: "Univention"
umsUdmRestApi: umsUdmRestApi:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/udm-rest-api" repository: "souvap/tooling/images/univention/udm-rest-api"
tag: "latest" tag: "0.3.2"
# @supplier: "Univention" # @supplier: "Univention"
umsUmcGateway: umsUmcGateway:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/umc-gateway" repository: "souvap/tooling/images/univention/umc-gateway"
tag: "latest" tag: "0.3.2"
# @supplier: "Univention" # @supplier: "Univention"
umsUmcServer: umsUmcServer:
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/umc-server" repository: "souvap/tooling/images/univention/umc-server"
tag: "latest" tag: "0.3.2"
# @supplier: "Univention" # @supplier: "Univention"
wellKnown: wellKnown:
repository: "library/nginx" repository: "library/nginx"
@@ -269,11 +292,6 @@ images:
# @supplier: "Element" # @supplier: "Element"
xwiki: xwiki:
repository: "xwikisas/swp/xwiki" repository: "xwikisas/swp/xwiki"
tag: "0.11-mariadb-jetty-alpine@sha256:a334e18d171458ed41ef356e82580561f48b0edf60b4979dc4ed9503eb497c59" tag: "0.12-mariadb-jetty-alpine@sha256:c195d8baf38b6c6b0c533a3216e726cd863a6c2ba0e65f18036402592bb72896"
# @supplier: "XWiki"
xwikiTomcat:
# This is legacy and not part of the standard deployment.
repository: "xwikisas/swp/xwiki"
tag: "0.10-mariadb-tomcat@sha256:02f0ff6407ccdd8dab17814202e28991fe0aa8d44fa106ba171cff5249eaf58f"
# @supplier: "XWiki" # @supplier: "XWiki"
... ...

2
helmfile/environments/default/istio.gotmpl
View File

@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
--- ---
istio: istio:
enabled: true enabled: true
domain: {{ env "ISTIO_DOMAIN" | default "souvap.cloud" }} domain: {{ env "ISTIO_DOMAIN" | default "souvap.cloud" | quote }}
virtualService: virtualService:
enabled: false enabled: false
gateway: gateway:

25
helmfile/environments/default/monitoring.yaml Normal file
View File

@@ -0,0 +1,25 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
prometheus:
serviceMonitors:
enabled: false
labels:
release: "kube-prometheus-stack"
podMonitors:
enabled: false
labels:
release: "kube-prometheus-stack"
prometheusRules:
enabled: false
labels:
release: "kube-prometheus-stack"
grafana:
dashboards:
enabled: false
labels:
grafana_dashboard: "1"
annotations:
...

4
helmfile/environments/default/persistence.yaml
View File

@@ -10,10 +10,10 @@ persistence:
dovecot: "1Gi" dovecot: "1Gi"
mariadb: "1Gi" mariadb: "1Gi"
matrixNeoDateFixBot: "1Gi" matrixNeoDateFixBot: "1Gi"
minio: "1Gi"
nextcloud: nextcloud:
main: "1.2Gi" main: "2Gi"
data: "10Gi" data: "10Gi"
openproject: "1Gi"
postfix: "1Gi" postfix: "1Gi"
postgresql: "1Gi" postgresql: "1Gi"
prosody: "1Gi" prosody: "1Gi"

Some files were not shown because too many files have changed in this diff Show More