chore(release): 0.5.30 [skip ci]

## [0.5.30](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.29...v0.5.30) (2023-11-06)

### Bug Fixes

* **collabora:** Init monitoring in defaults and in collabora (for prometheus-monitor, -rules and grafana dashboard) ([0ad0434](0ad043406b))
* **helmfile:** Add monitoring.yaml for optional monitoring ([385d81b](385d81b9a9))

CHANGELOG.md

@@ -1,3 +1,18 @@
+## [0.5.30](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.29...v0.5.30) (2023-11-06)
+
+
+### Bug Fixes
+
+* **collabora:** Init monitoring in defaults and in collabora (for prometheus-monitor, -rules and grafana dashboard) ([0ad0434](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0ad043406bef7bb10d561ef1418b58cbd8714d43))
+* **helmfile:** Add monitoring.yaml for optional monitoring ([385d81b](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/385d81b9a9e1ec319706493c51629c8e48822aa7))
+
+## [0.5.29](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.28...v0.5.29) (2023-11-06)
+
+
+### Bug Fixes
+
+* **xwiki:** Update XWiki Helm configuration to enable LDAP and OIDC user synchronization ([7c56c72](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7c56c7244f3862b6b21627661430a94d804c6974))
+
 ## [0.5.28](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.27...v0.5.28) (2023-11-06)
 
 

README.md

@@ -441,6 +441,50 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
 | xwiki-repo                           | no  |        :x:         |
 
 
+## Monitoring
+Together with 
+[kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) into
+you can monitor openDesk components with Prometheus and Grafana.
+
+Before enabling the following options, you need to install the respective CRDs from the kube-prometheus-stack 
+repository.
+
+
+### Metrics
+To deploy podMonitor and serviceMonitor custom resources, enable it by:
+
+```yaml
+prometheus:
+  serviceMonitors:
+    enabled: true
+  podMonitors:
+    enabled: true
+```
+
+### Alerts
+Some helm-charts provide a default set of prometheusRules for alerting, enable it by:
+
+```yaml
+prometheus:
+  prometheusRules:
+    enabled: true
+```
+
+### Dashboards for Grafana
+To deploy optional ConfigMaps with Grafana dashboards, enable it by:
+
+```yaml
+grafana:
+  dashboards:
+    enabled: true
+```
+
+### Components
+| Component   | Metrics (pod- or serviceMonitor)  | Alerts (prometheusRule) | Dashboard (Grafana) |
+|:------------|-----------------------------------|-------------------------|---------------------|
+| Collabora   | :white_check_mark:                | :white_check_mark:      | :white_check_mark:  |
+
+
 # Component integration
 
 ## Functional use cases

helmfile/apps/collabora/values.gotmpl

@@ -38,4 +38,23 @@ replicaCount: {{ .Values.replicas.collabora }}
 
 resources:
   {{ .Values.resources.collabora | toYaml | nindent 2 }}
+
+prometheus:
+  servicemonitor:
+    enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
+    labels:
+      {{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }}
+  rules:
+    enabled: {{ .Values.prometheus.prometheusRules.enabled }}
+    additionalLabels:
+      {{- toYaml .Values.prometheus.prometheusRules.labels | nindent 6 }}
+
+grafana:
+  dashboards:
+    enabled: {{ .Values.grafana.dashboards.enabled }}
+    labels:
+      {{- toYaml .Values.grafana.dashboards.labels | nindent 6 }}
+    annotations:
+      {{- toYaml .Values.grafana.dashboards.annotations | nindent 6 }}
+
 ...

helmfile/apps/xwiki/values.gotmpl

@@ -18,13 +18,13 @@ customConfigs:
   "xwiki.cfg":
     "xwiki.superadminpassword": "{{ .Values.secrets.xwiki.superadminpassword }}"
     ## LDAP Server configuration
-    # "xwiki.authentication.ldap.server": "univention-corporate-container"
-    # xwiki.authentication.ldap.port: 389
+    xwiki.authentication.ldap.server: "univention-corporate-container"
+    xwiki.authentication.ldap.port: 389
     ## Authentication to the LDAP server
-    # xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
-    # xwiki.authentication.ldap.bind_pass: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}"
+    xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
+    xwiki.authentication.ldap.bind_pass: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}"
     ## Base DN used for searching for users
-    # xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
+    xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
 
   "xwiki.properties":
     "oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
@@ -43,8 +43,8 @@ properties:
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": "{{ .Values.theme.colors.white }}"
   "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": "{{ .Values.theme.colors.secondaryGreyLight }}"
   ## Link LDAP users and users authenticated through OIDC
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
 
 ingress:
   enabled: {{ .Values.ingress.enabled }}

helmfile/apps/xwiki/values.yaml

@@ -8,7 +8,7 @@ customConfigs:
   xwiki.cfg:
     xwiki.url.protocol: "https"
     ## Indicate the LDAP field defining the user UID
-    # xwiki.authentication.ldap.UID_attr: "uid"
+    xwiki.authentication.ldap.UID_attr: "uid"
     ## Indicate the LDAP field defining the user profile picture
     # xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
     ## Enable the synchronization of the LDAP profile picture
@@ -17,8 +17,8 @@ customConfigs:
   xwiki.properties:
     oidc.scope: "openid,profile,email,address,phoenix"
     oidc.endpoint.userinfo.method: "GET"
-    oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
-    oidc.user.subjectFormater: "${oidc.user.subject}"
+    oidc.user.nameFormater: "${oidc.user.phoenixusername._clean._lowerCase}"
+    oidc.user.subjectFormater: "${oidc.user.phoenixusername._lowerCase}"
     # yamllint disable-line rule:line-length
     oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
     oidc.clientid: "xwiki"
@@ -67,21 +67,18 @@ properties:
 
   "property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"
   ## Fields to search in when importing users from the administration UI (not completely in scope for now)
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes":
-  #   "sn,givenname,uid"
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes": "sn,givenname,uid"
   ## Restrict user import in the UI to global administrators
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin"
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin"
   ## Enable group and user synchronization
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate":
-  #   1
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate": 1
   ## Base DN under which groups should be searched for
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
-  #  "dc=swp-ldap,dc=internal"
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN": "dc=swp-ldap,dc=internal"
   ## LDAP filter to only synchronize some groups
-  # "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
-  #   "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
+  "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
+    "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
 
 securityContext:
   enabled: true

helmfile/environments/default/images.yaml

@@ -281,6 +281,6 @@ images:
     # @supplier: "Element"
   xwiki:
     repository: "xwikisas/swp/xwiki"
-    tag: "0.11-mariadb-jetty-alpine@sha256:a334e18d171458ed41ef356e82580561f48b0edf60b4979dc4ed9503eb497c59"
+    tag: "0.12-mariadb-jetty-alpine@sha256:c195d8baf38b6c6b0c533a3216e726cd863a6c2ba0e65f18036402592bb72896"
     # @supplier: "XWiki"
 ...

helmfile/environments/default/monitoring.yaml

@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+prometheus:
+  serviceMonitors:
+    enabled: false
+    labels:
+      release: "kube-prometheus-stack"
+  podMonitors:
+    enabled: false
+    labels:
+      release: "kube-prometheus-stack"
+  prometheusRules:
+    enabled: false
+    labels:
+      release: "kube-prometheus-stack"
+
+
+grafana:
+  dashboards:
+    enabled: false
+    labels:
+      grafana_dashboard: "1"
+    annotations:
+...