mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
d7119a656b | ||
|
|
89ae1d94ea | ||
|
|
dfc7fed325 | ||
|
|
65ce9a171b | ||
|
|
5e50ed119f | ||
|
|
d0a07997c1 |
21
CHANGELOG.md
21
CHANGELOG.md
@@ -1,3 +1,24 @@
|
||||
## [0.5.33](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.32...v0.5.33) (2023-11-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **cryptpad:** Update security context ([89ae1d9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/89ae1d94ea4c4e8a15a395a80847a7f235365747))
|
||||
|
||||
## [0.5.32](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.31...v0.5.32) (2023-11-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Resource definitions ([65ce9a1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/65ce9a171b7c8ebc453fb6bbe96743c8516da2c6))
|
||||
|
||||
## [0.5.31](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.30...v0.5.31) (2023-11-08)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Update optional UMS preview state ([d0a0799](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d0a07997c12ddb9731a0dfed0d6fa71d9a3790e7))
|
||||
|
||||
## [0.5.30](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.29...v0.5.30) (2023-11-06)
|
||||
|
||||
|
||||
|
||||
@@ -385,7 +385,7 @@ This list gives you an overview of default security settings and if they comply
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| CryptPad | cryptpad | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 4001 |
|
||||
| CryptPad | cryptpad | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
|
||||
@@ -29,14 +29,16 @@ podSecurityContext:
|
||||
fsGroup: 4001
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 4001
|
||||
runAsGroup: 4001
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
|
||||
@@ -34,7 +34,7 @@ keycloakConfigCli:
|
||||
- name: "LDAP_USERS_DN"
|
||||
value: "cn=users,dc=swp-ldap,dc=internal"
|
||||
- name: "LDAP_SERVER_URL"
|
||||
value: "univention-corporate-container"
|
||||
value: "{{ .Values.global.ldap.host }}"
|
||||
- name: "IDENTIFIER"
|
||||
value: "souvap"
|
||||
- name: "THEME"
|
||||
|
||||
@@ -36,6 +36,7 @@ config:
|
||||
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||
|
||||
ldapSearch:
|
||||
host: "{{ .Values.global.ldap.host }}"
|
||||
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}"
|
||||
|
||||
smtp:
|
||||
|
||||
@@ -13,7 +13,4 @@ config:
|
||||
|
||||
cryptpad:
|
||||
enabled: true
|
||||
|
||||
ldapSearch:
|
||||
host: "univention-corporate-container"
|
||||
...
|
||||
|
||||
@@ -19,6 +19,7 @@ dovecot:
|
||||
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||
ldap:
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
host: "{{ .Values.global.ldap.host }}"
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
|
||||
|
||||
@@ -7,7 +7,6 @@ containerSecurityContext:
|
||||
dovecot:
|
||||
ldap:
|
||||
enabled: true
|
||||
host: "univention-corporate-container"
|
||||
port: 389
|
||||
base: "dc=swp-ldap,dc=internal"
|
||||
|
||||
|
||||
@@ -8,6 +8,10 @@ appsuite:
|
||||
secretYAMLFiles:
|
||||
ldap-client-config.yml:
|
||||
contactsLdapClient:
|
||||
pool:
|
||||
host:
|
||||
address: "{{ .Values.global.ldap.host }}"
|
||||
port: 389
|
||||
auth:
|
||||
adminDN:
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
|
||||
@@ -16,9 +16,6 @@ appsuite:
|
||||
contactsLdapClient:
|
||||
pool:
|
||||
type: "simple"
|
||||
host:
|
||||
address: "univention-corporate-container"
|
||||
port: 389
|
||||
auth:
|
||||
type: "adminDN"
|
||||
adminDN:
|
||||
|
||||
@@ -83,6 +83,7 @@ appsuite:
|
||||
propertiesFiles:
|
||||
"/opt/open-xchange/etc/ldapauth.properties":
|
||||
bindDNPassword: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
java.naming.provider.url: "ldap://{{ .Values.global.ldap.host }}:389/dc=swp-ldap,dc=internal"
|
||||
uiSettings:
|
||||
"io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
||||
"io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
||||
|
||||
@@ -111,7 +111,6 @@ appsuite:
|
||||
/opt/open-xchange/etc/system.properties:
|
||||
SERVER_NAME: "oxserver"
|
||||
/opt/open-xchange/etc/ldapauth.properties:
|
||||
java.naming.provider.url: "ldap://univention-corporate-container:389/dc=swp-ldap,dc=internal"
|
||||
bindOnly: "false"
|
||||
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
|
||||
|
||||
@@ -54,6 +54,9 @@ environment:
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: "{{ .Values.global.ldap.host }}"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__DOMAIN: "{{ .Values.global.domain }}"
|
||||
|
||||
@@ -55,9 +55,6 @@ environment:
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: "univention-corporate-container"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
|
||||
|
||||
@@ -19,6 +19,8 @@ persistence:
|
||||
|
||||
oxConnector:
|
||||
domainName: "{{ .Values.global.domain }}"
|
||||
ldapHost: "{{ .Values.global.ldap.host }}"
|
||||
notifierServer: "{{ .Values.global.ldap.notifierHost }}"
|
||||
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
|
||||
oxMasterAdmin: "admin"
|
||||
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
|
||||
@@ -5,11 +5,9 @@ ingress:
|
||||
enabled: false
|
||||
|
||||
oxConnector:
|
||||
ldapHost: "univention-corporate-container"
|
||||
# ldapHostIp: ""
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
notifierServer: "univention-corporate-container"
|
||||
tlsMode: "off"
|
||||
# current static password for UCC
|
||||
ldapPassword: "ucctempldapstring"
|
||||
|
||||
@@ -11,11 +11,29 @@ repositories:
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
|
||||
# VMWare Bitnami
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# TODO: Interim, until the UMS stack has a stack umbrella chart and provides a solution
|
||||
{{- if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}
|
||||
- name: "ums-stack-gateway"
|
||||
chart: "bitnami-repo/nginx"
|
||||
version: "15.3.5"
|
||||
values:
|
||||
- "values-ums-stack-gateway.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
{{- end }}
|
||||
- name: "ums-store-dav"
|
||||
chart: "ums-repo/store-dav"
|
||||
version: "0.2.0"
|
||||
version: "0.5.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -23,7 +41,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-server"
|
||||
chart: "ums-repo/ldap-server"
|
||||
version: "0.1.0"
|
||||
version: "0.4.1"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -31,7 +49,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-notifier"
|
||||
chart: "ums-repo/ldap-notifier"
|
||||
version: "0.1.0"
|
||||
version: "0.4.1"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -40,7 +58,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-udm-rest-api"
|
||||
chart: "ums-repo/udm-rest-api"
|
||||
version: "0.1.0"
|
||||
version: "0.3.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -48,7 +66,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-ums"
|
||||
chart: "ums-repo/stack-data-ums"
|
||||
version: "0.1.0"
|
||||
version: "0.15.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -56,7 +74,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-swp"
|
||||
chart: "ums-repo/stack-data-swp"
|
||||
version: "0.1.0"
|
||||
version: "0.15.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -64,7 +82,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-server"
|
||||
chart: "ums-repo/portal-server"
|
||||
version: "0.1.0"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -72,7 +90,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-notifications-api"
|
||||
chart: "ums-repo/notifications-api"
|
||||
version: "0.1.0"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -81,7 +99,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-listener"
|
||||
chart: "ums-repo/portal-listener"
|
||||
version: "0.1.0"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -90,28 +108,36 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-frontend"
|
||||
chart: "ums-repo/portal-frontend"
|
||||
version: "0.1.0"
|
||||
version: "0.3.4"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-frontend.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-frontend-custom"
|
||||
# TODO: Replace with our own Nginx chart.
|
||||
chart: "bitnami-repo/nginx"
|
||||
version: "15.3.5"
|
||||
values:
|
||||
- "values-portal-frontend-custom.yaml"
|
||||
- "values-portal-frontend-custom.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-gateway"
|
||||
chart: "ums-repo/umc-gateway"
|
||||
version: "0.1.0"
|
||||
version: "0.3.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-umc-gateway.gotmpl"
|
||||
- "values-umc-gateway.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-server"
|
||||
chart: "ums-repo/umc-server"
|
||||
version: "0.1.0"
|
||||
version: "0.3.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-umc-server.gotmpl"
|
||||
- "values-umc-server.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
commonLabels:
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
|
||||
host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
|
||||
@@ -1,6 +1,10 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
configMapUcrDefaults: "ums-stack-data-ums-ucr"
|
||||
configMapUcr: "ums-stack-data-swp-ucr"
|
||||
configMapUcrForced: null
|
||||
|
||||
istio:
|
||||
enabled: false
|
||||
|
||||
@@ -14,10 +14,9 @@ ldapServer:
|
||||
# dhParam: ""
|
||||
tlsMode: "off"
|
||||
|
||||
# TODO: SAML integration
|
||||
# samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
|
||||
# samlMetadataUrlInternal: "http://keycloak.default/realms/ucs/protocol/saml/descriptor"
|
||||
# serviceProviders: "http://localhost:8000/univention/saml/metadata,http://localhost:8000/auth/realms/ucs"
|
||||
samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: null
|
||||
serviceProviders: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
@@ -29,6 +28,12 @@ image:
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
|
||||
waitForDependency:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.umsWaitForDependency.repository }}"
|
||||
imagePullPolicy: "Always"
|
||||
tag: "{{ .Values.images.umsWaitForDependency.tag }}"
|
||||
|
||||
# TODO: Pending upstream support, #199
|
||||
persistence:
|
||||
data:
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
ingressClassName: "nginx"
|
||||
annotations:
|
||||
nginx.org/mergeable-ingress-type: "minion"
|
||||
tls: false
|
||||
|
||||
pathType: Exact
|
||||
path: /favicon.ico
|
||||
|
||||
extraPaths:
|
||||
- pathType: Exact
|
||||
path: /univention/portal/css/custom.css
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/icons/logo.svg
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/icons/logo_small_border.svg
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/custom/portal_background_image.png
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
- pathType: Exact
|
||||
path: /univention/portal/custom/portal_background_image.svg
|
||||
backend:
|
||||
service:
|
||||
name: ums-portal-frontend-custom-nginx
|
||||
port:
|
||||
name: http
|
||||
|
||||
...
|
||||
@@ -0,0 +1,33 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
service:
|
||||
type: "ClusterIP"
|
||||
|
||||
extraVolumes:
|
||||
- name: "opendesk-branding"
|
||||
configMap:
|
||||
name: "ums-stack-data-swp-branding"
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/favicon.ico"
|
||||
subPath: "favicon.ico"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/css/custom.css"
|
||||
subPath: "custom.css"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/icons/logo.svg"
|
||||
subPath: "logo.svg"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/icons/logo_small_border.svg"
|
||||
subPath: "logo_small_border.svg"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/custom/portal_background_image.png"
|
||||
subPath: "portal_background_image.png"
|
||||
- name: "opendesk-branding"
|
||||
mountPath: "/app/univention/portal/custom/portal_background_image.svg"
|
||||
subPath: "portal_background_image.svg"
|
||||
|
||||
...
|
||||
@@ -16,11 +16,12 @@ image:
|
||||
|
||||
extraIngresses:
|
||||
redirects:
|
||||
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
|
||||
# The TLS configuration is on the "master" Ingress, see below.
|
||||
tls:
|
||||
enabled: false
|
||||
master:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
enabled: {{ if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}false{{ else }}{{ .Values.ingress.enabled }}{{ end }}
|
||||
tls:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
@@ -13,7 +13,7 @@ portalListener:
|
||||
umcSessionUrl: "http://ums-umc-server/get/session-info"
|
||||
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapHost: "{{ .Values.global.ldap.host }}"
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
|
||||
@@ -7,7 +7,7 @@ portalServer:
|
||||
adminGroup: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
|
||||
authMode: "saml"
|
||||
environment: "staging"
|
||||
editable: "true"
|
||||
editable: "false"
|
||||
logLevel: "DEBUG"
|
||||
ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
|
||||
umcGetUrl: "http://ums-umc-server/get"
|
||||
|
||||
@@ -4,22 +4,29 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
stackDataSwp:
|
||||
udmApiUsername: "cn=admin"
|
||||
udmApiUser: "cn=admin"
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
ldapSearchUsers:
|
||||
{{- range $k, $v := .Values.secrets.univentionCorporateServer.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $k | quote }}
|
||||
password: {{ $v | quote }}
|
||||
lastname: {{ "LDAP-Search-User" }}
|
||||
{{- end }}
|
||||
|
||||
externalDomainName: "{{ .Values.global.domain }}"
|
||||
externalMailDomain: "{{ .Values.global.domain }}"
|
||||
|
||||
portalGroupwareLinkBase: "https://webmail.{{ .Values.istio.domain }}"
|
||||
portalFileshareLinkBase: "https://fs.{{ .Values.global.domain }}"
|
||||
portalRealtimeCollaborationLinkBase: "https://chat.{{ .Values.global.domain }}"
|
||||
portalRealtimeVideoconferenceLinkBase: "https://meet.{{ .Values.global.domain }}"
|
||||
portalManagementProjectLinkBase: "https://project.{{ .Values.global.domain }}"
|
||||
portalManagementKnowledgeLinkBase: "https://wiki.{{ .Values.global.domain }}"
|
||||
portalGroupwareLinkBase: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
portalFileshareLinkBase: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
portalRealtimeCollaborationLinkBase: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
|
||||
portalRealtimeVideoconferenceLinkBase: "https://{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
|
||||
portalManagementProjectLinkBase: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
portalManagementKnowledgeLinkBase: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
|
||||
oxDefaultContext: "10"
|
||||
|
||||
|
||||
@@ -10,8 +10,22 @@ stackDataUms:
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
externalMailDomain: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ldapHost: "{{ .Values.global.ldap.host }}"
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }}
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
|
||||
|
||||
samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: null
|
||||
samlSpServer: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
samlSchemes: "https"
|
||||
ssoFqdn: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
|
||||
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
|
||||
|
||||
# The SWP configuration brings its own UMC policies.
|
||||
installUmcPolicies: false
|
||||
|
||||
@@ -4,29 +4,15 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
udmRestApi:
|
||||
apiLogLevel: "4"
|
||||
authGroups:
|
||||
dcBackup: "cn=DC Backup Hosts,cn=groups,dc=swp-ldap,dc=internal"
|
||||
dcSlaves: "cn=DC Slave Hosts,cn=groups,dc=swp-ldap,dc=internal"
|
||||
domainAdmins: "cn=Domain Admins,cn=groups,dc=swp-ldap,dc=internal"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
machineSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: why do we need this many subprocesses?
|
||||
numberOfSubprocesses: 8
|
||||
# TODO: Stub value currently
|
||||
caCert: ""
|
||||
# TODO: This should not be part of the udm-rest-api anymore
|
||||
loadJoinData:
|
||||
enabled: true
|
||||
# TODO: configurable
|
||||
tlsMode: "off"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -4,9 +4,17 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
umcGateway:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ssoFqdn: "localhost:8097"
|
||||
|
||||
extraVolumes:
|
||||
- name: "entrypoint-swp-patches"
|
||||
configMap:
|
||||
name: "ums-stack-data-swp-umc-gateway-entrypoint"
|
||||
defaultMode: 0555
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: "entrypoint-swp-patches"
|
||||
mountPath: "/entrypoint.d/90-swp.sh"
|
||||
subPath: "90-swp.sh"
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
umcGateway:
|
||||
showCookieBanner: true
|
||||
cookieBannerTitleDE: "Cookie Zustimmung"
|
||||
cookieBannerTitleEN: "Cookie Consent"
|
||||
cookieBannerTextDE: >-
|
||||
Die Nutzung dieses Angebots ist nur möglich, wenn Cookies gespeichert und
|
||||
verarbeitet werden können (essenzielle Cookies). Dafür benötigen wir Ihre
|
||||
Zustimmung. Bitte akzeptieren Sie um fortzufahren oder schließen Sie die
|
||||
Seite.
|
||||
cookieBannerTextEN: >-
|
||||
Usage of this site is only possible by storing and processing cookie
|
||||
information (essential cookies). We require your consent. Please accept to
|
||||
continue or close the page.
|
||||
|
||||
...
|
||||
@@ -4,24 +4,6 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
umcServer:
|
||||
domainname: "{{ .Values.global.domain }}"
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}"
|
||||
ldapHost: "ums-ldap-server"
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
# TODO: This should not be required, the machine account is not there
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
|
||||
enforceSessionCookie: "true"
|
||||
|
||||
# TODO: The keycloak integration is pending
|
||||
samlEnabled: false
|
||||
samlMetadataUrl: "http://localhost:8097/realms/ucs/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: "http://keycloak/realms/ucs/protocol/saml/descriptor"
|
||||
samlSpServer: "localhost:8000"
|
||||
samlSchemes: "http"
|
||||
|
||||
tlsMode: "off"
|
||||
|
||||
# TODO: Secret should be entered without b64enc
|
||||
ldapSecret: "{{ .Values.secrets.univentionManagementStack.ldapSecret | b64enc }}"
|
||||
# TODO: Secret should be entered without b64enc
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
umcServer:
|
||||
certPemFile: "/var/secrets/ssl/tls.crt"
|
||||
privateKeyFile: "/var/secrets/ssl/tls.key"
|
||||
|
||||
extraVolumes:
|
||||
- name: "certificates"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-tls"
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: "certificates"
|
||||
mountPath: "/var/secrets/ssl"
|
||||
|
||||
...
|
||||
@@ -0,0 +1,173 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
hostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls: false
|
||||
extraTls:
|
||||
- hosts:
|
||||
- "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
service:
|
||||
type: "ClusterIP"
|
||||
|
||||
# The content of the "serverBlock" does resemble the Ingress configuration of
|
||||
# the UMS components. The "location" entries do intentionally reflect precisely
|
||||
# the respective paths which are configured.
|
||||
serverBlock: |
|
||||
server {
|
||||
listen 8080;
|
||||
|
||||
## portal-frontend
|
||||
# The frontend does not own "/univention/portal", only these two bits
|
||||
location = /univention/portal/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80/;
|
||||
}
|
||||
location = /univention/portal/index.html {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80/;
|
||||
}
|
||||
|
||||
# The following prefixes are owned by the frontend
|
||||
location /univention/portal/css/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/fonts/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/i18n/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/media/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/js/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/portal/oidc/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
|
||||
|
||||
## frontend redirects
|
||||
|
||||
location = / {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
location = /univention {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
location = /univention/ {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
location = /univention/portal {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
|
||||
|
||||
## portal-server
|
||||
location = /univention/portal/portal.json {
|
||||
proxy_pass http://ums-portal-server:80;
|
||||
}
|
||||
location = /univention/portal/navigation.json {
|
||||
proxy_pass http://ums-portal-server:80;
|
||||
}
|
||||
|
||||
|
||||
## store-dav
|
||||
location /univention/portal/icons/entries/ {
|
||||
rewrite ^/univention/portal(/icons/entries/.*)$ /portal-assets$1 break;
|
||||
proxy_pass http://ums-store-dav:80;
|
||||
}
|
||||
location /univention/portal/icons/logos/ {
|
||||
rewrite ^/univention/portal(/icons/logos/.*)$ /portal-assets$1 break;
|
||||
proxy_pass http://ums-store-dav:80;
|
||||
}
|
||||
|
||||
|
||||
## udm-rest-api
|
||||
location /univention/udm/ {
|
||||
rewrite ^/univention(/udm/.*)$ $1 break;
|
||||
proxy_pass http://ums-udm-rest-api:80;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
}
|
||||
|
||||
|
||||
## umc-gateway
|
||||
location = /univention/languages.json {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location = /univention/meta.json {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location = /univention/theme.css {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/js/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/login/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/management/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
location /univention/themes/ {
|
||||
proxy_pass http://ums-umc-gateway:80;
|
||||
}
|
||||
|
||||
|
||||
## umc-server
|
||||
location = /univention/auth {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/logout/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/saml/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/get/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/set/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/command/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/upload/ {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
|
||||
|
||||
## notifications-api
|
||||
|
||||
location /univention/portal/notifications-api/ {
|
||||
rewrite ^/univention/portal/notifications-api(/.*)$ $1 break;
|
||||
proxy_pass http://ums-notifications-api:80;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -18,7 +18,7 @@ customConfigs:
|
||||
"xwiki.cfg":
|
||||
"xwiki.superadminpassword": "{{ .Values.secrets.xwiki.superadminpassword }}"
|
||||
## LDAP Server configuration
|
||||
xwiki.authentication.ldap.server: "univention-corporate-container"
|
||||
xwiki.authentication.ldap.server: "{{ .Values.global.ldap.host }}"
|
||||
xwiki.authentication.ldap.port: 389
|
||||
## Authentication to the LDAP server
|
||||
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
|
||||
|
||||
@@ -11,6 +11,12 @@ global:
|
||||
#
|
||||
domain: {{ env "DOMAIN" | default "souvap.cloud" }}
|
||||
|
||||
|
||||
## Define LDAP service (supports "ums_eval" from the CI pipeline)
|
||||
ldap:
|
||||
host: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-server" {{ else }} "univention-corporate-container" {{ end }}
|
||||
notifierHost: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-notifier" {{ else }} "univention-corporate-container" {{ end }}
|
||||
|
||||
## Define docker registry address.
|
||||
#
|
||||
imageRegistry: {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace" }}
|
||||
|
||||
@@ -213,67 +213,67 @@ images:
|
||||
umsConfigHtpasswd:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "latest"
|
||||
tag: "0.5.2"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "latest"
|
||||
tag: "0.15.2"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||
tag: "latest"
|
||||
tag: "0.4.1"
|
||||
# @supplier: "Univention"
|
||||
umsLdapServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-server"
|
||||
tag: "latest"
|
||||
tag: "0.4.1"
|
||||
# @supplier: "Univention"
|
||||
umsNotificationsApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "latest"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "latest"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "latest"
|
||||
tag: "0.3.5"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "latest"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "latest"
|
||||
tag: "0.3.4"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "latest"
|
||||
tag: "0.5.2"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "latest"
|
||||
tag: "0.3.2"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "latest"
|
||||
tag: "0.3.2"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "latest"
|
||||
tag: "0.3.2"
|
||||
# @supplier: "Univention"
|
||||
wellKnown:
|
||||
repository: "library/nginx"
|
||||
|
||||
@@ -11,11 +11,11 @@ resources:
|
||||
memory: "2Gi"
|
||||
collabora:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 4
|
||||
memory: "4Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "16Mi"
|
||||
cpu: 0.5
|
||||
memory: "1Gi"
|
||||
cryptpad:
|
||||
limits:
|
||||
cpu: 2
|
||||
|
||||
Reference in New Issue
Block a user