mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
52 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
fbe7de3c56 | ||
|
|
034e98c850 | ||
|
|
7feaadf7f8 | ||
|
|
a7fef3afff | ||
|
|
5d01f8ca46 | ||
|
|
7093022ec4 | ||
|
|
2313f75dbe | ||
|
|
af9caea726 | ||
|
|
b39986907c | ||
|
|
a02d7c6085 | ||
|
|
a046deaf17 | ||
|
|
c76e960446 | ||
|
|
535823e0a8 | ||
|
|
9966bf640e | ||
|
|
8e376bb4a5 | ||
|
|
7c0e4aa9a6 | ||
|
|
e609b75cc7 | ||
|
|
20d26a069b | ||
|
|
59d58e320e | ||
|
|
49b71aafb4 | ||
|
|
cbe514176a | ||
|
|
0898d96571 | ||
|
|
7f7c364071 | ||
|
|
fd9e04d992 | ||
|
|
86657b139a | ||
|
|
cdffbe1298 | ||
|
|
82a037ec7c | ||
|
|
1a4eced998 | ||
|
|
06dcdd78af | ||
|
|
f564efd97f | ||
|
|
16f2ac464e | ||
|
|
30405d182d | ||
|
|
785989e91d | ||
|
|
27b6796639 | ||
|
|
7756d35fa1 | ||
|
|
5afd2339c2 | ||
|
|
b7f220a6b6 | ||
|
|
fb7dba787c | ||
|
|
72e3afdffd | ||
|
|
85b8fcaab5 | ||
|
|
c3129f1443 | ||
|
|
000be8b032 | ||
|
|
da1bf3581c | ||
|
|
4d0011d957 | ||
|
|
74f9ec28e4 | ||
|
|
b1d4b2d8ea | ||
|
|
711d29e374 | ||
|
|
0ba7be2a5f | ||
|
|
d4c751d29f | ||
|
|
70744d04c6 | ||
|
|
e4e6d2d60a | ||
|
|
e42feb4c26 |
141
CHANGELOG.md
141
CHANGELOG.md
@@ -1,3 +1,139 @@
|
||||
## [0.5.21](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.20...v0.5.21) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Deinstall components if disabled ([7feaadf](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7feaadf7f8830d8d0d5df752733c9b8f47315df6))
|
||||
* **helmfile:** Put enviroments in first document inside of a yaml ([034e98c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/034e98c850fa1f67300c04883904737a69448a25))
|
||||
|
||||
## [0.5.20](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.19...v0.5.20) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Remove old XWiki image, set explicit timeout for OP deployment, bump Jitsi Helm chart to enable chat for stand-alone Jitsi ([5d01f8c](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5d01f8ca46384d63d69dab0119998c4bb3183084))
|
||||
|
||||
## [0.5.19](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.18...v0.5.19) (2023-10-30)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Update Element Web and Nordeck Widgets to latest releases ([2313f75](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/2313f75dbe32d855b0c440944bd0de51c8e104ca))
|
||||
|
||||
## [0.5.18](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.17...v0.5.18) (2023-10-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **xwiki:** Switch to Alpine/Jetty slim image ([b399869](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/b39986907cece3cec06012531a55b2699d131f90))
|
||||
|
||||
## [0.5.17](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.16...v0.5.17) (2023-10-28)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Update swp_integration app and prepare CryptPad integration ([a046dea](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a046deaf173ab41029c2ab5e3161bd89e0fdabcb))
|
||||
|
||||
## [0.5.16](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.15...v0.5.16) (2023-10-26)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Slim container with upgraded helm-chart ([535823e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/535823e0a8b2bde72d159835248b2287fd136af7))
|
||||
|
||||
## [0.5.15](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.14...v0.5.15) (2023-10-25)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add XWiki Jetty and UniventionKeycloak to image.yaml for Compliance checks. They are not yet part of standard deployment. ([8e376bb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/8e376bb4a5e37e16d76ea527cd02a5f614cdfe3d))
|
||||
|
||||
## [0.5.14](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.13...v0.5.14) (2023-10-20)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Support for openDesk top bar with central navigation ([e609b75](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e609b75cc7fcbb7f03997cb5e26dd9cf4628f77d))
|
||||
|
||||
## [0.5.13](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.12...v0.5.13) (2023-10-20)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Configure rights and roles ([59d58e3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/59d58e320e503727e42dbfe0b027ba7948275ac6))
|
||||
|
||||
## [0.5.12](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.11...v0.5.12) (2023-10-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Add an application service for the intercom-service ([1a4eced](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1a4eced998998faa7ac862b8c409bbd743b16ec0))
|
||||
* **element:** Add the Matrix NeoBoard Widget deployment ([5afd233](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5afd2339c20a0be41078ae4c3ce703c62f332557))
|
||||
* **element:** Add the Matrix NeoChoice Widget deployment ([7756d35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7756d35fa156b36ed50ba8f837273db56323f45f))
|
||||
* **element:** Add the Matrix NeoDateFix Bot deployment ([785989e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/785989e91df5547ab5ac60914b82bc99c4f1a790))
|
||||
* **element:** Add the Matrix NeoDateFix Widget deployment ([27b6796](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/27b6796639f37dbd6c26f21fd54502153398aed0))
|
||||
* **element:** Add the Matrix User Verification Service deployment ([30405d1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/30405d182d44a5586a4070738dfbe1c141841d19))
|
||||
* **element:** Upgrade Element to v1.11.46 ([82a037e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/82a037ec7c25baf41bd0542c3ded47402adc2844))
|
||||
* **element:** Upgrade the opendesk-element charts to 2.3.0 ([fd9e04d](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fd9e04d9922b949d0f213016169a9024a66a1ded))
|
||||
* **element:** Upgrade the opendesk-matrix-widgets charts to 2.3.0 ([cbe5141](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/cbe514176a4d86d166db248d7297d215409016d2))
|
||||
* **element:** Use a separate image configuration for the bootstrap tasks ([7f7c364](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7f7c364071072b01d485d3e248a3f8de49a07309))
|
||||
* **intercom-service:** Allow access from the non-istio domain and reference to the correct synapse hostname ([16f2ac4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/16f2ac464eb7267f1c4d87c3ccaca2c91a7ecc1b))
|
||||
* **intercom-service:** Fix the nordeck configuration ([06dcdd7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/06dcdd78afe0e6514c1f30d24924d3e7077ae6da))
|
||||
* **jitsi:** Use template for the cluster networking domain ([0898d96](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0898d9657145d66fd4c52fe6036c955ad58a0cfe))
|
||||
* **keycloak:** Use the correct backchannel logout configuration for element ([86657b1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/86657b139a6d8f4ff3f921b8755e04cb790c3786))
|
||||
* **open-xchange:** Enable Element calendar integration ([f564efd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f564efd97f8db39cffaea317e36db3825fc9121e))
|
||||
|
||||
## [0.5.11](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.10...v0.5.11) (2023-10-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Quote all password template strings ([fb7dba7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fb7dba787c232c402aa9c989c0e8ace51869d534))
|
||||
* **services:** Add memcached service ([72e3afd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/72e3afdffdeb6f88f8e926426dbc26adf4b54e7a))
|
||||
|
||||
## [0.5.10](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.9...v0.5.10) (2023-10-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **intercom-service:** Update intercom-service chart to v2.0.0 ([c3129f1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c3129f14437728be890187bb7c4a1bfc42d90958))
|
||||
|
||||
## [0.5.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.8...v0.5.9) (2023-10-10)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Enable the guest module in Synapse ([da1bf35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/da1bf3581c5790786601948cabcef8a1d1c680ad))
|
||||
|
||||
## [0.5.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.7...v0.5.8) (2023-10-10)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add default port for SMTP in environment ([74f9ec2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/74f9ec28e401f7caeefc4e50ac0a7e95fea41a53))
|
||||
|
||||
## [0.5.7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.6...v0.5.7) (2023-10-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Mail sender address ([711d29e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/711d29e374d13a3c8b7bcdf3e8440d03e0ef2b7d))
|
||||
|
||||
## [0.5.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.5...v0.5.6) (2023-10-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Use signed bitnami charts from openDesk Mirror Builds ([70744d0](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/70744d04c66f32d65dc968c8570ed7a397f4efcc))
|
||||
* **services:** Bump redis chart to 18.1.2 ([d4c751d](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/d4c751d29f15c718957f6bc388a99347e2923c87))
|
||||
|
||||
## [0.5.5](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.4...v0.5.5) (2023-10-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Switch image to fix central navigation; set email sender address ([e42feb4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e42feb4c260fc24692bc2742c97754230f8e2857))
|
||||
|
||||
## [0.5.4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.3...v0.5.4) (2023-10-02)
|
||||
|
||||
|
||||
@@ -416,3 +552,8 @@
|
||||
* **open-xchange:** OX AppSuite 8 within SWP is now publicly available ([6dc470f](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/6dc470fd67edbb9711e406acb067569ca357b989))
|
||||
* **services:** Add clamav-simple deployment ([505f25c](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/505f25c5493ebb9e0181233ed5b7d8018e3a315d))
|
||||
* **sovereign-workplace:** Initial commit ([533c504](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/533c5040faebd91f4012b604d0f4779ea1510424))
|
||||
|
||||
<!--
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
82
README.md
82
README.md
@@ -215,6 +215,7 @@ subdirectory `/helmfile/apps/services`.
|
||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional |
|
||||
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
|
||||
| MariaDB | `mariadb.enabled` | `true` | Database | Eval |
|
||||
| Memcached | `memcached.enabled` | `true` | Cache Database | Eval |
|
||||
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
|
||||
| OpenProject | `openproject.enabled` | `true` | Project management | Functional |
|
||||
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
|
||||
@@ -238,8 +239,8 @@ subdirectory `/helmfile/apps/services`.
|
||||
|
||||
#### Databases
|
||||
|
||||
In case you don't got for a develop or evaluation environment you want to point
|
||||
the application to your own database instances.
|
||||
When deploying this suite to production, you need to configure the applications to use your production grade database
|
||||
service.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------|
|
||||
@@ -283,6 +284,24 @@ the application to your own database instances.
|
||||
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
|
||||
| | | | Password | `databases.xwiki.password` | |
|
||||
|
||||
#### Cache
|
||||
|
||||
When deploying this suite to production, you need to configure the applications to use your production grade cache
|
||||
service.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|------------------|------------------|-----------|-----------|------------------------------|------------------|
|
||||
| Intercom Service | Intercom Service | Redis | | | |
|
||||
| | | | Host | `cache.intercomService.host` | `redis-headless` |
|
||||
| | | | Port | `cache.intercomService.port` | `6379` |
|
||||
| Nextcloud | Nextcloud | Redis | | | |
|
||||
| | | | Host | `cache.nextcloud.host` | `redis-headless` |
|
||||
| | | | Port | `cache.nextcloud.port` | `6379` |
|
||||
| OpenProject | OpenProject | Memcached | | | |
|
||||
| | | | Host | `cache.openproject.host` | `memcached` |
|
||||
| | | | Port | `cache.openproject.port` | `11211` |
|
||||
|
||||
|
||||
### Scaling
|
||||
|
||||
The Replicas of components can be increased, while we still have to look in the
|
||||
@@ -314,7 +333,7 @@ actual scalability of the components (see column `Scaling (verified)`).
|
||||
|
||||
### Mail/SMTP configuration
|
||||
|
||||
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
|
||||
To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from
|
||||
the whole subdomain.
|
||||
|
||||
```yaml
|
||||
@@ -350,30 +369,32 @@ This section summarizes various aspects of security and compliance aspects.
|
||||
This list gives you an overview of default security settings and if they comply with security standards:
|
||||
|
||||
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|-------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
|
||||
|
||||
### Helm Chart Trust Chain
|
||||
@@ -383,7 +404,7 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
|
||||
|
||||
| Repository | OCI | Verifiable |
|
||||
|--------------------------------------|:---:|:------------------:|
|
||||
| bitnami-repo | yes | :x: |
|
||||
| bitnami-repo (openDesk build) | yes | :white_check_mark: |
|
||||
| clamav-repo | yes | :white_check_mark: |
|
||||
| collabora-online-repo | no | :x: |
|
||||
| intercom-service-repo | yes | :white_check_mark: |
|
||||
@@ -546,6 +567,11 @@ that can be found at `Settings` -> `CI/CD` -> `Variables`. The variable should h
|
||||
If the branch of the test pipeline is not `main` this can be set with the .gitlab-ci.yml variable
|
||||
`TESTS_BRANCH` while creating a new pipeline.
|
||||
|
||||
# License
|
||||
This project uses the following license: Apache-2.0
|
||||
|
||||
# Copyright
|
||||
Copyright (C) 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
|
||||
# Footnotes
|
||||
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Collabora Online
|
||||
@@ -16,12 +20,9 @@ releases:
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "collabora.enabled"
|
||||
installed: {{ .Values.collabora.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "collabora"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -29,7 +29,7 @@ ingress:
|
||||
collabora:
|
||||
# Admin Console Credentials: https://CODE-domain/browser/dist/admin/admin.html
|
||||
username: "collabora-internal-admin"
|
||||
password: {{ .Values.secrets.collabora.adminPassword }}
|
||||
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
||||
aliasgroups:
|
||||
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
|
||||
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Element
|
||||
@@ -14,43 +18,119 @@ repositories:
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
# openDesk Matrix Widgets
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets
|
||||
- name: "opendesk-matrix-widgets-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "opendesk-element"
|
||||
chart: "opendesk-element-repo/opendesk-element"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-element.yaml"
|
||||
- "values-element.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-well-known"
|
||||
chart: "opendesk-element-repo/opendesk-well-known"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-well-known.yaml"
|
||||
- "values-well-known.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-synapse-web"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-synapse-web.yaml"
|
||||
- "values-synapse-web.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-synapse"
|
||||
chart: "opendesk-element-repo/opendesk-synapse"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-synapse.yaml"
|
||||
- "values-synapse.gotmpl"
|
||||
condition: "element.enabled"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service"
|
||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-user-verification-service.yaml"
|
||||
- "values-matrix-user-verification-service.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neoboard-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neoboard-widget.yaml"
|
||||
- "values-matrix-neoboard-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neochoice-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neochoice-widget.yaml"
|
||||
- "values-matrix-neochoice-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-widget.yaml"
|
||||
- "values-matrix-neodatefix-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-bot-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neodatefix-bot"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot.yaml"
|
||||
- "values-matrix-neodatefix-bot.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "element"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -15,6 +15,93 @@ configuration:
|
||||
additionalConfiguration:
|
||||
logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
|
||||
"net.nordeck.element_web.module.opendesk":
|
||||
config:
|
||||
ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
|
||||
ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
|
||||
portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/"
|
||||
custom_css_variables:
|
||||
--cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
|
||||
|
||||
"net.nordeck.element_web.module.widget_lifecycle":
|
||||
widget_permissions:
|
||||
"https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
|
||||
identity_approved: true
|
||||
"https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
|
||||
- org.matrix.msc2762.send.state_event:m.room.power_levels#
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels#
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
|
||||
- org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
|
||||
- org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
|
||||
- town.robin.msc3846.turn_servers
|
||||
"https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2762.send.event:net.nordeck.poll.vote
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.poll.vote
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll.settings
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll.group
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll.group
|
||||
- org.matrix.msc2762.send.event:net.nordeck.poll.start
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.poll.start
|
||||
"https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
identity_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2931.navigate
|
||||
- org.matrix.msc2762.timeline:*
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels
|
||||
- org.matrix.msc2762.receive.event:m.reaction
|
||||
- org.matrix.msc2762.receive.state_event:m.room.create
|
||||
- org.matrix.msc2762.receive.state_event:m.room.tombstone
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.send.state_event:m.room.member
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.receive.state_event:m.room.topic
|
||||
- org.matrix.msc2762.receive.state_event:m.space.parent
|
||||
- org.matrix.msc2762.receive.state_event:m.space.child
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata
|
||||
- org.matrix.msc2762.receive.state_event:im.vector.modular.widgets
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message
|
||||
- org.matrix.msc3973.user_directory_search
|
||||
|
||||
welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
33
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoBoardWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoBoardWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-matrix-neoboard-widget.yaml
Normal file
21
helmfile/apps/element/values-matrix-neoboard-widget.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
33
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoChoiceWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoChoiceWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoChoiceWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-matrix-neochoice-widget.yaml
Normal file
21
helmfile/apps/element/values-matrix-neochoice-widget.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.synapseCreateUser.repository }}"
|
||||
tag: "{{ .Values.images.synapseCreateUser.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
...
|
||||
@@ -1,8 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
istio:
|
||||
enabled: false
|
||||
virtualService:
|
||||
enabled: false
|
||||
configuration:
|
||||
username: "meetings-bot"
|
||||
pod: "opendesk-synapse-0"
|
||||
secretName: "matrix-neodatefix-bot-account"
|
||||
...
|
||||
37
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
Normal file
37
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
Normal file
@@ -0,0 +1,37 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
configuration:
|
||||
openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoDateFixBot.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoDateFixBot.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.matrixNeoDateFixBot }}"
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoDateFixBot | toYaml | nindent 2 }}
|
||||
...
|
||||
50
helmfile/apps/element/values-matrix-neodatefix-bot.yaml
Normal file
50
helmfile/apps/element/values-matrix-neodatefix-bot.yaml
Normal file
@@ -0,0 +1,50 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
bot:
|
||||
username: "meetings-bot"
|
||||
displayname: "Terminplaner Bot"
|
||||
|
||||
strings:
|
||||
breakoutSessionWidgetName: "Breakoutsessions"
|
||||
calendarRoomName: "Terminplaner"
|
||||
calendarWidgetName: "Terminplaner"
|
||||
cockpitWidgetName: "Meeting Steuerung"
|
||||
jitsiWidgetName: "Videokonferenz"
|
||||
matrixNeoBoardWidgetName: "Whiteboard"
|
||||
matrixNeoChoiceWidgetName: "Abstimmungen"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
extraEnvVars:
|
||||
- name: "ACCESS_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "matrix-neodatefix-bot-account"
|
||||
key: "access_token"
|
||||
|
||||
# TODO: The health endpoint does not work with the haproxy configuration, yet
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
|
||||
# TODO: The health endpoint does not work with the haproxy configuration, yet
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
...
|
||||
33
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoDateFixWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoDateFixWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoDateFixWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoDateFixWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
25
helmfile/apps/element/values-matrix-neodatefix-widget.yaml
Normal file
25
helmfile/apps/element/values-matrix-neodatefix-widget.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
bot:
|
||||
username: "meetings-bot"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
password: {{ .Values.secrets.matrixUserVerificationService.password }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.synapseCreateUser.repository }}"
|
||||
tag: "{{ .Values.images.synapseCreateUser.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
...
|
||||
@@ -0,0 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
username: "uvs"
|
||||
pod: "opendesk-synapse-0"
|
||||
secretName: "opendesk-matrix-user-verification-service-account"
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixUserVerificationService.repository }}"
|
||||
tag: "{{ .Values.images.matrixUserVerificationService.tag }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixUserVerificationService }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixUserVerificationService | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,29 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
# TODO: the service can't run with read only filesystem or as non-root
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsGroup: 101
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
extraEnvVars:
|
||||
- name: "UVS_ACCESS_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "opendesk-matrix-user-verification-service-account"
|
||||
key: "access_token"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -22,9 +22,20 @@ configuration:
|
||||
host: "{{ .Values.databases.synapse.host }}"
|
||||
name: "{{ .Values.databases.synapse.name }}"
|
||||
user: "{{ .Values.databases.synapse.username }}"
|
||||
password: "{{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser }}"
|
||||
password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
|
||||
|
||||
homeserver:
|
||||
appServiceConfigs:
|
||||
- as_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
hs_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
id: intercom-service
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: false
|
||||
regex: "@.*"
|
||||
url: null
|
||||
sender_localpart: intercom-service
|
||||
|
||||
oidc:
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix }}
|
||||
issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
@@ -41,7 +52,7 @@ configuration:
|
||||
port: {{ .Values.turn.server.port }}
|
||||
transport: {{ .Values.turn.transport }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
guestModule:
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
@@ -2,9 +2,16 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
additionalConfiguration:
|
||||
room_prejoin_state:
|
||||
additional_event_types:
|
||||
- "m.space.parent"
|
||||
- "net.nordeck.meetings.metadata"
|
||||
- "m.room.power_levels"
|
||||
|
||||
homeserver:
|
||||
guestModule:
|
||||
enabled: false
|
||||
enabled: true
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Intercom Service
|
||||
@@ -15,16 +19,12 @@ repositories:
|
||||
releases:
|
||||
- name: "intercom-service"
|
||||
chart: "intercom-service-repo/intercom-service"
|
||||
version: "1.1.3"
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "intercom.enabled"
|
||||
installed: {{ .Values.intercom.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "intercom-service"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -4,6 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
@@ -13,24 +14,28 @@ global:
|
||||
ics:
|
||||
secret: {{ .Values.secrets.intercom.secret }}
|
||||
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
originRegex: "{{ .Values.istio.domain }}"
|
||||
originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}"
|
||||
default:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
oidc:
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.intercom }}
|
||||
matrix:
|
||||
asSecret: {{ .Values.secrets.jitsi.synapseAsToken }}
|
||||
serverName: "matrix.{{ .Values.global.domain }}"
|
||||
asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
subdomain: {{ .Values.global.hosts.synapse }}
|
||||
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
||||
nordeck:
|
||||
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot }}
|
||||
portal:
|
||||
apiKey: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
redis:
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
host: {{ .Values.cache.intercomService.host }}
|
||||
port: {{ .Values.cache.intercomService.port }}
|
||||
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
||||
openxchange:
|
||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.intercom.repository }}"
|
||||
tag: "{{ .Values.images.intercom.tag }}"
|
||||
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Jitsi
|
||||
@@ -15,16 +19,13 @@ repositories:
|
||||
releases:
|
||||
- name: "jitsi"
|
||||
chart: "jitsi-repo/sovereign-workplace-jitsi"
|
||||
version: "1.5.1"
|
||||
version: "1.7.1"
|
||||
values:
|
||||
- "values-jitsi.gotmpl"
|
||||
condition: "jitsi.enabled"
|
||||
installed: {{ .Values.jitsi.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "jitsi"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -63,6 +63,10 @@ jitsi:
|
||||
value: "myappid"
|
||||
- name: "JWT_APP_SECRET"
|
||||
value: "{{ .Values.secrets.jitsi.jwtAppSecret }}"
|
||||
- name: "MATRIX_UVS_SYNC_POWER_LEVELS"
|
||||
value: "true"
|
||||
- name: "MATRIX_UVS_URL"
|
||||
value: "http://opendesk-matrix-user-verification-service.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
|
||||
- name: TURNS_HOST
|
||||
value: "{{ .Values.turn.tls.host }}"
|
||||
- name: TURNS_PORT
|
||||
@@ -86,7 +90,7 @@ jitsi:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
|
||||
tag: "{{ .Values.images.jicofo.tag }}"
|
||||
xmpp:
|
||||
password: "{{ .Values.secrets.jitsi.jicofoAuthPassword }}"
|
||||
password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }}
|
||||
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}"
|
||||
resources:
|
||||
{{ .Values.resources.jicofo | toYaml | nindent 6 }}
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Keycloak Bootstrap
|
||||
@@ -21,14 +25,11 @@ releases:
|
||||
values:
|
||||
- "values-bootstrap.gotmpl"
|
||||
- "values-bootstrap.yaml"
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
# as we have seen some slow clusters we want to ensure we not just fail due to a timeout.
|
||||
timeout: 1800
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "keycloak-bootstrap"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -17,7 +17,7 @@ cleanup:
|
||||
|
||||
config:
|
||||
administrator:
|
||||
password: "{{ .Values.secrets.keycloak.adminPassword }}"
|
||||
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# VMWare Bitnami
|
||||
@@ -7,10 +11,10 @@ repositories:
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "registry-1.docker.io/bitnamicharts" }}
|
||||
# Bitnami charts are not signed, see https://github.com/bitnami/charts/issues/14491
|
||||
verify: false
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk Keycloak Theme
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-theme
|
||||
- name: "keycloak-theme-repo"
|
||||
@@ -32,16 +36,16 @@ releases:
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values-theme.gotmpl"
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
- name: "keycloak"
|
||||
chart: "bitnami-repo/keycloak"
|
||||
version: "12.2.0"
|
||||
version: "12.1.5"
|
||||
values:
|
||||
- "values-keycloak.gotmpl"
|
||||
- "values-keycloak.yaml"
|
||||
- "values-keycloak-idp.yaml"
|
||||
wait: true
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
- name: "keycloak-extensions"
|
||||
chart: "keycloak-extensions-repo/keycloak-extensions"
|
||||
version: "0.1.0"
|
||||
@@ -50,12 +54,9 @@ releases:
|
||||
values:
|
||||
- "values-extensions.yaml"
|
||||
- "values-extensions.gotmpl"
|
||||
condition: "keycloak.enabled"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "keycloak"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
keycloak:
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
postgresql:
|
||||
connection:
|
||||
host: "{{ .Values.databases.keycloakExtension.host }}"
|
||||
@@ -13,7 +13,7 @@ global:
|
||||
auth:
|
||||
database: "{{ .Values.databases.keycloakExtension.name }}"
|
||||
username: "{{ .Values.databases.keycloakExtension.username }}"
|
||||
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser }}
|
||||
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
handler:
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
@@ -21,7 +21,7 @@ handler:
|
||||
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
appConfig:
|
||||
smtpPassword: "{{ .Values.smtp.password }}"
|
||||
smtpPassword: {{ .Values.smtp.password | quote }}
|
||||
smtpHost: "{{ .Values.smtp.host }}"
|
||||
smtpUsername: "{{ .Values.smtp.username }}"
|
||||
mailFrom: "noreply@{{ .Values.global.domain }}"
|
||||
|
||||
@@ -181,7 +181,7 @@ keycloakConfigCli:
|
||||
"attributes": {
|
||||
"backchannel.logout.revoke.offline.tokens": "true",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"backchannel.logout.url": "https://$(ELEMENT_DOMAIN)/_synapse/client/oidc/backchannel_logout",
|
||||
"backchannel.logout.url": "https://$(MATRIX_DOMAIN)/_synapse/client/oidc/backchannel_logout",
|
||||
"post.logout.redirect.uris": "https://$(ELEMENT_DOMAIN)/*##https://$(MATRIX_DOMAIN)/*##https://$(UNIVENTION_CORPORATE_SERVER_DOMAIN)/*"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
|
||||
@@ -20,10 +20,10 @@ externalDatabase:
|
||||
port: {{ .Values.databases.keycloak.port }}
|
||||
user: "{{ .Values.databases.keycloak.username }}"
|
||||
database: "{{ .Values.databases.keycloak.name }}"
|
||||
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser }}
|
||||
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
|
||||
auth:
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.keycloak }}
|
||||
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Keycloak Bootstrap
|
||||
@@ -24,13 +28,13 @@ repositories:
|
||||
releases:
|
||||
- name: "opendesk-nextcloud-bootstrap"
|
||||
chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
|
||||
version: "3.1.2"
|
||||
version: "3.2.2"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values-bootstrap.gotmpl"
|
||||
- "values-bootstrap.yaml"
|
||||
condition: "nextcloud.enabled"
|
||||
installed: {{ .Values.nextcloud.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "nextcloud"
|
||||
@@ -41,13 +45,10 @@ releases:
|
||||
values:
|
||||
- "values-nextcloud.gotmpl"
|
||||
- "values-nextcloud.yaml"
|
||||
condition: "nextcloud.enabled"
|
||||
installed: {{ .Values.nextcloud.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "nextcloud"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -14,7 +14,7 @@ global:
|
||||
|
||||
config:
|
||||
administrator:
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
|
||||
antivirus:
|
||||
{{- if .Values.clamavDistributed.enabled }}
|
||||
@@ -25,15 +25,15 @@ config:
|
||||
|
||||
apps:
|
||||
integrationSwp:
|
||||
password: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
password: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
userOidc:
|
||||
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc }}
|
||||
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||
|
||||
database:
|
||||
host: "{{ .Values.databases.nextcloud.host }}"
|
||||
name: "{{ .Values.databases.nextcloud.name }}"
|
||||
user: "{{ .Values.databases.nextcloud.username }}"
|
||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||
|
||||
ldapSearch:
|
||||
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}"
|
||||
|
||||
@@ -6,16 +6,20 @@ SPDX-License-Identifier: Apache-2.0
|
||||
nextcloud:
|
||||
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
username: "nextcloud"
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
externalDatabase:
|
||||
database: "{{ .Values.databases.nextcloud.name }}"
|
||||
user: "{{ .Values.databases.nextcloud.username }}"
|
||||
host: "{{ .Values.databases.nextcloud.host }}"
|
||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||
extraEnv:
|
||||
REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }}
|
||||
REDIS_HOST_PORT: {{ .Values.cache.nextcloud.port | quote }}
|
||||
REDIS_HOST_PASSWORD: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||
redis:
|
||||
auth:
|
||||
enabled: true
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
|
||||
@@ -44,6 +44,18 @@ externalDatabase:
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
nextcloud:
|
||||
configs:
|
||||
mimetypealiases.json: |-
|
||||
{
|
||||
"application/x-drawio": "image"
|
||||
}
|
||||
|
||||
mimetypemapping.json: |-
|
||||
{
|
||||
"drawio": ["application/x-drawio"]
|
||||
}
|
||||
|
||||
# this is not documented but can be found in values.yaml
|
||||
service:
|
||||
port: "80"
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Dovecot
|
||||
@@ -35,7 +39,7 @@ releases:
|
||||
values:
|
||||
- "values-dovecot.yaml"
|
||||
- "values-dovecot.gotmpl"
|
||||
condition: "dovecot.enabled"
|
||||
installed: {{ .Values.dovecot.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "open-xchange"
|
||||
@@ -46,7 +50,7 @@ releases:
|
||||
- "values-openxchange.gotmpl"
|
||||
- "values-openxchange-enterprise-contact-picker.yaml"
|
||||
- "values-openxchange-enterprise-contact-picker.gotmpl"
|
||||
condition: "oxAppsuite.enabled"
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-open-xchange-bootstrap"
|
||||
@@ -54,13 +58,10 @@ releases:
|
||||
version: "1.3.1"
|
||||
values:
|
||||
- "values-openxchange-bootstrap.gotmpl"
|
||||
condition: "oxAppsuite.enabled"
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "open-xchange"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -16,10 +16,10 @@ imagePullSecrets:
|
||||
|
||||
dovecot:
|
||||
mailDomain: "{{ .Values.global.domain }}"
|
||||
password: {{ .Values.secrets.dovecot.doveadm }}
|
||||
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||
ldap:
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc }}
|
||||
|
||||
@@ -11,8 +11,8 @@ global:
|
||||
database: "{{ .Values.databases.oxAppsuite.name }}"
|
||||
auth:
|
||||
user: "{{ .Values.databases.oxAppsuite.username }}"
|
||||
password: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
rootPassword: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
istio:
|
||||
enabled: {{ .Values.istio.enabled }}
|
||||
|
||||
@@ -67,7 +67,7 @@ appsuite:
|
||||
# Old capability can be used to toggle all integrations with a single switch
|
||||
com.openexchange.capability.public-sector: "true"
|
||||
# New capabilities in 2.0
|
||||
com.openexchange.capability.public-sector-element: "false"
|
||||
com.openexchange.capability.public-sector-element: "true"
|
||||
com.openexchange.capability.public-sector-navigation: "true"
|
||||
com.openexchange.capability.client-onboarding: "true"
|
||||
com.openexchange.capability.dynamic-theme: "true"
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# OpenProject
|
||||
@@ -12,16 +16,16 @@ repositories:
|
||||
releases:
|
||||
- name: "openproject"
|
||||
chart: "openproject-repo/openproject"
|
||||
version: "1.8.0"
|
||||
version: "2.0.4"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "openproject.enabled"
|
||||
installed: {{ .Values.openproject.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "openproject"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -14,6 +14,9 @@ image:
|
||||
tag: "{{ .Values.images.openproject.tag }}"
|
||||
|
||||
memcached:
|
||||
connection:
|
||||
host: "{{ .Values.cache.openproject.host }}"
|
||||
port: {{ .Values.cache.openproject.port }}
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.memcached.repository }}"
|
||||
@@ -21,7 +24,7 @@ memcached:
|
||||
|
||||
postgresql:
|
||||
auth:
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser }}
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
username: "{{ .Values.databases.openproject.username }}"
|
||||
database: "{{ .Values.databases.openproject.name }}"
|
||||
connection:
|
||||
@@ -35,7 +38,7 @@ openproject:
|
||||
name: "OpenProject Interal Admin"
|
||||
mail: "openproject-admin@swp-domain.internal"
|
||||
password_reset: "false"
|
||||
password: "{{ .Values.secrets.openproject.adminPassword }}"
|
||||
password: {{ .Values.secrets.openproject.adminPassword | quote }}
|
||||
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
@@ -51,20 +54,21 @@ environment:
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__DOMAIN: "{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__USER__NAME: "{{ .Values.smtp.username }}"
|
||||
OPENPROJECT_SMTP__PASSWORD: "{{ .Values.smtp.password }}"
|
||||
OPENPROJECT_SMTP__PORT: "587" # (default=587)
|
||||
OPENPROJECT_SMTP__PORT: "{{ .Values.smtp.port }}"
|
||||
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
||||
OPENPROJECT_SMTP__ADDRESS: "{{ .Values.smtp.host }}"
|
||||
OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}"
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.openproject }}"
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
storageClassName: "{{ .Values.persistence.storageClassNames.RWX }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.openproject }}
|
||||
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
image:
|
||||
registry: "registry.souvap-univention.de"
|
||||
|
||||
memcached:
|
||||
bundled: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
initialDelaySeconds: 300
|
||||
@@ -27,6 +30,16 @@ openproject:
|
||||
# seed will only be executed on initial installation
|
||||
seed_locale: "de"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
persistence:
|
||||
accessModes:
|
||||
- "ReadWriteMany"
|
||||
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
environment:
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# OX Connector
|
||||
@@ -15,12 +19,9 @@ releases:
|
||||
values:
|
||||
- "values-oxconnector.yaml"
|
||||
- "values-oxconnector.gotmpl"
|
||||
condition: "oxConnector.enabled"
|
||||
installed: {{ .Values.oxConnector.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-2"
|
||||
component: "provisioning"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -21,7 +21,7 @@ oxConnector:
|
||||
domainName: "{{ .Values.global.domain }}"
|
||||
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
|
||||
oxMasterAdmin: "admin"
|
||||
oxMasterPassword: "{{ .Values.secrets.oxAppsuite.adminPassword }}"
|
||||
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
oxDefaultContext: "1"
|
||||
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Certificates
|
||||
@@ -64,9 +68,9 @@ repositories:
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "registry-1.docker.io/bitnamicharts" }}
|
||||
# Bitnami charts are not signed, see https://github.com/bitnami/charts/issues/14491
|
||||
verify: false
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "opendesk-certificates"
|
||||
@@ -74,21 +78,28 @@ releases:
|
||||
version: "2.1.0"
|
||||
values:
|
||||
- "values-certificates.gotmpl"
|
||||
condition: "certificates.enabled"
|
||||
installed: {{ .Values.certificates.enabled }}
|
||||
- name: "redis"
|
||||
chart: "bitnami-repo/redis"
|
||||
version: "18.0.4"
|
||||
version: "18.1.2"
|
||||
values:
|
||||
- "values-redis.gotmpl"
|
||||
- "values-redis.yaml"
|
||||
condition: "redis.enabled"
|
||||
installed: {{ .Values.redis.enabled }}
|
||||
- name: "memcached"
|
||||
chart: "bitnami-repo/memcached"
|
||||
version: "6.6.2"
|
||||
values:
|
||||
- "values-memcached.yaml"
|
||||
- "values-memcached.gotmpl"
|
||||
installed: {{ .Values.memcached.enabled }}
|
||||
- name: "postgresql"
|
||||
chart: "postgresql-repo/postgresql"
|
||||
version: "2.0.2"
|
||||
values:
|
||||
- "values-postgresql.yaml"
|
||||
- "values-postgresql.gotmpl"
|
||||
condition: "postgresql.enabled"
|
||||
installed: {{ .Values.postgresql.enabled }}
|
||||
timeout: 900
|
||||
- name: "mariadb"
|
||||
chart: "mariadb-repo/mariadb"
|
||||
@@ -96,7 +107,7 @@ releases:
|
||||
values:
|
||||
- "values-mariadb.yaml"
|
||||
- "values-mariadb.gotmpl"
|
||||
condition: "mariadb.enabled"
|
||||
installed: {{ .Values.mariadb.enabled }}
|
||||
timeout: 900
|
||||
- name: "postfix"
|
||||
chart: "postfix-repo/postfix"
|
||||
@@ -104,33 +115,30 @@ releases:
|
||||
values:
|
||||
- "values-postfix.yaml"
|
||||
- "values-postfix.gotmpl"
|
||||
condition: "postfix.enabled"
|
||||
installed: {{ .Values.postfix.enabled }}
|
||||
- name: "clamav"
|
||||
chart: "clamav-repo/opendesk-clamav"
|
||||
version: "4.0.0"
|
||||
values:
|
||||
- "values-clamav-distributed.yaml"
|
||||
- "values-clamav-distributed.gotmpl"
|
||||
condition: "clamavDistributed.enabled"
|
||||
installed: {{ .Values.clamavDistributed.enabled }}
|
||||
- name: "clamav-simple"
|
||||
chart: "clamav-repo/clamav-simple"
|
||||
version: "4.0.0"
|
||||
values:
|
||||
- "values-clamav-simple.yaml"
|
||||
- "values-clamav-simple.gotmpl"
|
||||
condition: "clamavSimple.enabled"
|
||||
installed: {{ .Values.clamavSimple.enabled }}
|
||||
- name: "opendesk-gateway"
|
||||
chart: "istio-resources-repo/istio-gateway"
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values-istio-gateway.yaml"
|
||||
- "values-istio-gateway.gotmpl"
|
||||
condition: "istio.enabled"
|
||||
installed: {{ .Values.istio.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "services"
|
||||
component: "services"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -18,11 +18,11 @@ image:
|
||||
job:
|
||||
users:
|
||||
- username: "xwiki_user"
|
||||
password: "{{ .Values.secrets.mariadb.xwikiUser }}"
|
||||
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
|
||||
- username: "openxchange_user"
|
||||
password: "{{ .Values.secrets.mariadb.openxchangeUser }}"
|
||||
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
|
||||
- username: "nextcloud_user"
|
||||
password: "{{ .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
|
||||
databases:
|
||||
- name: "xwiki"
|
||||
user: "xwiki_user"
|
||||
@@ -32,7 +32,7 @@ job:
|
||||
user: "openxchange_user"
|
||||
|
||||
mariadb:
|
||||
rootPassword: "{{ .Values.secrets.mariadb.rootPassword }}"
|
||||
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
persistence:
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
@@ -0,0 +1,19 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.memcached.repository }}"
|
||||
tag: "{{ .Values.images.memcached.tag }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.memcached | toYaml | nindent 2 }}
|
||||
...
|
||||
18
helmfile/apps/services/values-memcached.yaml
Normal file
18
helmfile/apps/services/values-memcached.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
...
|
||||
@@ -16,15 +16,15 @@ image:
|
||||
job:
|
||||
users:
|
||||
- username: "keycloak_user"
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
- username: "openproject_user"
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser }}
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
- username: "keycloak_extensions_user"
|
||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
- username: "matrix_user"
|
||||
password: {{ .Values.secrets.postgresql.matrixUser }}
|
||||
password: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
||||
- username: "notificationsapi_user"
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||
databases:
|
||||
- name: "keycloak"
|
||||
user: "keycloak_user"
|
||||
@@ -43,7 +43,7 @@ persistence:
|
||||
size: "{{ .Values.persistence.size.postgresql }}"
|
||||
|
||||
postgres:
|
||||
password: {{ .Values.secrets.postgresql.postgresUser }}
|
||||
password: {{ .Values.secrets.postgresql.postgresUser | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
|
||||
|
||||
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Univention Corporate Server (as eval Container)
|
||||
@@ -20,12 +24,9 @@ releases:
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "univentionCorporateServer.enabled"
|
||||
installed: {{ .Values.univentionCorporateServer.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "univention-corporate-container"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -37,31 +37,31 @@ extraEnvVars:
|
||||
- name: LDAPSEARCH_OX_USERNAME
|
||||
value: "ldapsearch_ox"
|
||||
- name: LDAPSEARCH_OX_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
- name: LDAPSEARCH_DOVECOT_USERNAME
|
||||
value: "ldapsearch_dovecot"
|
||||
- name: LDAPSEARCH_DOVECOT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
- name: LDAPSEARCH_KEYCLOAK_USERNAME
|
||||
value: "ldapsearch_keycloak"
|
||||
- name: LDAPSEARCH_KEYCLOAK_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
|
||||
- name: LDAPSEARCH_NEXTCLOUD_USERNAME
|
||||
value: "ldapsearch_nextcloud"
|
||||
- name: LDAPSEARCH_NEXTCLOUD_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
||||
- name: LDAPSEARCH_OPENPROJECT_USERNAME
|
||||
value: "ldapsearch_openproject"
|
||||
- name: LDAPSEARCH_OPENPROJECT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
|
||||
- name: LDAPSEARCH_XWIKI_USERNAME
|
||||
value: "ldapsearch_xwiki"
|
||||
- name: LDAPSEARCH_XWIKI_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||
- name: DEFAULT_ACCOUNT_USER_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword | quote }}
|
||||
- name: DEFAULT_ACCOUNT_ADMIN_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.univentionCorporateServer | toYaml | nindent 2 }}
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Univention Management Stack
|
||||
- name: "ums-repo"
|
||||
@@ -19,7 +20,7 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-store-dav.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-server"
|
||||
chart: "ums-repo/ldap-server"
|
||||
version: "0.1.0"
|
||||
@@ -27,7 +28,7 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-ldap-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-notifier"
|
||||
chart: "ums-repo/ldap-notifier"
|
||||
version: "0.1.0"
|
||||
@@ -36,7 +37,7 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-ldap-notifier.gotmpl"
|
||||
- "values-ldap-notifier.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-udm-rest-api"
|
||||
chart: "ums-repo/udm-rest-api"
|
||||
version: "0.1.0"
|
||||
@@ -44,7 +45,7 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-udm-rest-api.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-ums"
|
||||
chart: "ums-repo/stack-data-ums"
|
||||
version: "0.1.0"
|
||||
@@ -52,7 +53,7 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-ums.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-swp"
|
||||
chart: "ums-repo/stack-data-swp"
|
||||
version: "0.1.0"
|
||||
@@ -60,7 +61,7 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-swp.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-server"
|
||||
chart: "ums-repo/portal-server"
|
||||
version: "0.1.0"
|
||||
@@ -68,7 +69,7 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-notifications-api"
|
||||
chart: "ums-repo/notifications-api"
|
||||
version: "0.1.0"
|
||||
@@ -77,7 +78,7 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-notifications-api.gotmpl"
|
||||
- "values-notifications-api.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-listener"
|
||||
chart: "ums-repo/portal-listener"
|
||||
version: "0.1.0"
|
||||
@@ -86,7 +87,7 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-portal-listener.gotmpl"
|
||||
- "values-portal-listener.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-frontend"
|
||||
chart: "ums-repo/portal-frontend"
|
||||
version: "0.1.0"
|
||||
@@ -94,7 +95,7 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-portal-frontend.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-gateway"
|
||||
chart: "ums-repo/umc-gateway"
|
||||
version: "0.1.0"
|
||||
@@ -103,7 +104,7 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-umc-gateway.gotmpl"
|
||||
- "values-umc-gateway.yaml"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-server"
|
||||
chart: "ums-repo/umc-server"
|
||||
version: "0.1.0"
|
||||
@@ -111,8 +112,9 @@ releases:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-umc-server.gotmpl"
|
||||
condition: "univentionManagementStack.enabled"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "univention-management-stack"
|
||||
...
|
||||
|
||||
@@ -11,7 +11,7 @@ postgresql:
|
||||
auth:
|
||||
username: "notificationsapi_user"
|
||||
database: "notificationsapi"
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
stackDataSwp:
|
||||
udmApiUsername: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
|
||||
@@ -5,13 +5,13 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
stackDataUms:
|
||||
udmApiUser: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
|
||||
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }}
|
||||
|
||||
# The SWP configuration brings its own UMC policies.
|
||||
installUmcPolicies: false
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# XWiki
|
||||
@@ -12,18 +16,15 @@ repositories:
|
||||
releases:
|
||||
- name: "xwiki"
|
||||
chart: "xwiki-repo/xwiki"
|
||||
version: "1.1.3"
|
||||
version: "1.2.3"
|
||||
wait: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "xwiki.enabled"
|
||||
installed: {{ .Values.xwiki.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "xwiki"
|
||||
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
...
|
||||
|
||||
@@ -9,7 +9,7 @@ image:
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
externalDB:
|
||||
password: "{{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
database: "{{ .Values.databases.xwiki.name }}"
|
||||
user: "{{ .Values.databases.xwiki.username }}"
|
||||
host: "{{ .Values.databases.xwiki.host }}"
|
||||
|
||||
@@ -1,6 +1,31 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
|
||||
customConfigs:
|
||||
xwiki.cfg:
|
||||
xwiki.url.protocol: "https"
|
||||
## Indicate the LDAP field defining the user UID
|
||||
# xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
oidc.endpoint.userinfo.method: "GET"
|
||||
oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
|
||||
oidc.user.subjectFormater: "${oidc.user.subject}"
|
||||
# yamllint disable-line rule:line-length
|
||||
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
|
||||
oidc.clientid: "xwiki"
|
||||
oidc.endpoint.token.auth_method: "client_secret_basic"
|
||||
oidc.skipped: false
|
||||
oidc.logoutMechanism: "rpInitiated"
|
||||
|
||||
image:
|
||||
pullPolicy: "IfNotPresent"
|
||||
|
||||
@@ -15,9 +40,8 @@ ingress:
|
||||
istio:
|
||||
enabled: false
|
||||
|
||||
service:
|
||||
externalPort: 80
|
||||
enabled: true
|
||||
mariadb:
|
||||
enabled: false
|
||||
|
||||
mysql:
|
||||
enabled: false
|
||||
@@ -25,14 +49,11 @@ mysql:
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
mariadb:
|
||||
enabled: false
|
||||
|
||||
properties:
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.colorTheme": "FlamingoThemes.Iceberg"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de_DE"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.timezone": "Europe/Berlin"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de_DE"
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.link-color": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary"
|
||||
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary"
|
||||
@@ -62,25 +83,13 @@ properties:
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
|
||||
customConfigs:
|
||||
xwiki.cfg:
|
||||
xwiki.url.protocol: "https"
|
||||
## Indicate the LDAP field defining the user UID
|
||||
# xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
securityContext:
|
||||
enabled: true
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
oidc.endpoint.userinfo.method: "GET"
|
||||
oidc.user.nameFormater: "${oidc.user.phoenixusername._lowerCase}"
|
||||
oidc.user.subjectFormater: "${oidc.user.subject}"
|
||||
# yamllint disable-line rule:line-length
|
||||
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
|
||||
oidc.clientid: "xwiki"
|
||||
oidc.endpoint.token.auth_method: "client_secret_basic"
|
||||
oidc.skipped: false
|
||||
oidc.logoutMechanism: "rpInitiated"
|
||||
service:
|
||||
externalPort: 80
|
||||
enabled: true
|
||||
|
||||
volumePermissions:
|
||||
enabled: true
|
||||
...
|
||||
|
||||
16
helmfile/environments/default/cache.yaml
Normal file
16
helmfile/environments/default/cache.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cache:
|
||||
intercomService:
|
||||
host: "redis-headless"
|
||||
port: 6379
|
||||
password: ""
|
||||
nextcloud:
|
||||
host: "redis-headless"
|
||||
port: 6379
|
||||
password: ""
|
||||
openproject:
|
||||
host: "memcached"
|
||||
port: 11211
|
||||
...
|
||||
@@ -15,14 +15,14 @@ global:
|
||||
intercomService: "ics"
|
||||
jitsi: "meet"
|
||||
keycloak: "id"
|
||||
meetingWidgetsBot: "meeting-widgets-bot"
|
||||
meetingWidgets: "meeting-widgets"
|
||||
newWorkBoardWidget: "whiteboard-widget"
|
||||
matrixNeoBoardWidget: "matrix-neoboard-widget"
|
||||
matrixNeoChoiceWidget: "matrix-neochoice-widget"
|
||||
matrixNeoDateFixBot: "matrix-neodatefix-bot"
|
||||
matrixNeoDateFixWidget: "matrix-neodatefix-widget"
|
||||
nextcloud: "fs"
|
||||
openproject: "project"
|
||||
openxchange: "webmail"
|
||||
openxchangeProvisioning: "ox-provisioning"
|
||||
pollWidget: "poll-widget"
|
||||
synapse: "matrix"
|
||||
univentionCorporateServer: "portal"
|
||||
univentionManagementStack: "portal"
|
||||
|
||||
@@ -16,7 +16,7 @@ images:
|
||||
# @supplier: "Open-Xchange"
|
||||
element:
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
tag: "1.1.0@sha256:4fc2df523090cf012b50a681c92482f61231baf4cce67de467dd9f79c181bc93"
|
||||
tag: "1.4.0@sha256:81fd60c8feba4cfc65de3cf950d4b5ca724cabcc46da279edec74af192ecff00"
|
||||
# @supplier: "Element"
|
||||
freshclam:
|
||||
repository: "clamav/clamav"
|
||||
@@ -58,6 +58,11 @@ images:
|
||||
repository: "bitnami/keycloak"
|
||||
tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e"
|
||||
# @supplier: "Univention"
|
||||
keycloakUnivention:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/keycloak-app-on-use-base-manpub-tr"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
keycloakBootstrap:
|
||||
repository: "souvap/tooling/images/ansible"
|
||||
tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
|
||||
@@ -75,10 +80,30 @@ images:
|
||||
# For upgrades at least confirm compatibility of target version with OX (regarding AS Guard)
|
||||
tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
matrixNeoBoardWidget:
|
||||
repository: "nordeck/matrix-neoboard-widget"
|
||||
tag: "1.0.0@sha256:584b9c18ea3dfd4b7f1e73f3e114bc1dcd5731b400a8d037576bf2a797c8b086"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoChoiceWidget:
|
||||
repository: "nordeck/matrix-poll-widget"
|
||||
tag: "1.2.0@sha256:0abcf7c368c91721413c96deaa1e87f095b6afbe864ea5f042c9a370c38fb07b"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixBot:
|
||||
repository: "nordeck/matrix-meetings-bot"
|
||||
tag: "2.4.2@sha256:f5b3362560255470076f3e6c95a0dd93a8f781398afb992c1e1212764fa87297"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixWidget:
|
||||
repository: "nordeck/matrix-meetings-widget"
|
||||
tag: "1.5.2@sha256:cc9e2592c9159cc8f6bed96dae0be6e6fe599977dbef64cbdb1c1b84db85a2bb"
|
||||
# @supplier: "Nordeck"
|
||||
matrixUserVerificationService:
|
||||
repository: "matrixdotorg/matrix-user-verification-service"
|
||||
tag: "v3.0.0@sha256:25e685d595785e2a72e75a525dac78cf8c782445454f8ac090d3702431c38008"
|
||||
# @supplier: "Element"
|
||||
memcached:
|
||||
repository: "bitnami/memcached"
|
||||
tag: "1.6.21-debian-11-r84@sha256:81747acd297d3fcd05706ea771d441a6f01b28d722c366a06f922b6b7d4033dd"
|
||||
# @supplier: "OpenProject"
|
||||
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
milter:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
@@ -88,8 +113,8 @@ images:
|
||||
tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
|
||||
# @supplier: "Nextcloud Community"
|
||||
openproject:
|
||||
repository: "souvap/tooling/images/openproject/souvap"
|
||||
tag: "dev@sha256:03eb1eacc0c0c4e9e7d0f0c3d265fd0c15fd01cda33bc4f89cbc487ad53474a8"
|
||||
repository: "openproject/open_desk"
|
||||
tag: "dev@sha256:e907515ebbc758ea93b7efd9209c27a449e99adc0a3fc725a73c89508140a2f4"
|
||||
# @supplier: "OpenProject"
|
||||
openxchangeBootstrap:
|
||||
repository: "alpine/k8s"
|
||||
@@ -157,6 +182,10 @@ images:
|
||||
repository: "matrixdotorg/synapse"
|
||||
tag: "v1.91.2@sha256:1d19508db417bb2b911c8e086bd3dc3b719ee75c6f6194d58af59b4c32b11322"
|
||||
# @supplier: "Element"
|
||||
synapseCreateUser:
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
# @supplier: "Nordeck"
|
||||
synapseGuestModule:
|
||||
repository: "nordeck/synapse-guest-module"
|
||||
tag: "1.0.0@sha256:e9c736d84a77df93b2dbe3e3afa7b0ca3efcbc4457677adaac5df3cc79a85923"
|
||||
@@ -170,54 +199,67 @@ images:
|
||||
tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8"
|
||||
# @supplier: "Univention"
|
||||
umsConfigHtpasswd:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsLdapServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-server"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsNotificationsApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
@@ -227,6 +269,6 @@ images:
|
||||
# @supplier: "Element"
|
||||
xwiki:
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.10-mariadb-tomcat@sha256:02f0ff6407ccdd8dab17814202e28991fe0aa8d44fa106ba171cff5249eaf58f"
|
||||
tag: "0.11-mariadb-jetty-alpine@sha256:a334e18d171458ed41ef356e82580561f48b0edf60b4979dc4ed9503eb497c59"
|
||||
# @supplier: "XWiki"
|
||||
...
|
||||
|
||||
@@ -9,8 +9,9 @@ persistence:
|
||||
clamav: "1Gi"
|
||||
dovecot: "1Gi"
|
||||
mariadb: "1Gi"
|
||||
matrixNeoDateFixBot: "1Gi"
|
||||
nextcloud:
|
||||
main: "1Gi"
|
||||
main: "1.2Gi"
|
||||
data: "10Gi"
|
||||
openproject: "1Gi"
|
||||
postfix: "1Gi"
|
||||
|
||||
@@ -19,6 +19,11 @@ replicas:
|
||||
jitsiKeycloakAdapter: 1
|
||||
jvb: 1
|
||||
keycloak: 1
|
||||
matrixNeoBoardWidget: 1
|
||||
matrixNeoChoiceWidget: 1
|
||||
matrixNeoDateFixBot: 1
|
||||
matrixNeoDateFixWidget: 1
|
||||
matrixUserVerificationService: 1
|
||||
# clamav-distributed
|
||||
milter: 1
|
||||
nextcloud: 1
|
||||
|
||||
@@ -114,6 +114,48 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "500Mi"
|
||||
matrixNeoBoardWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
matrixNeoChoiceWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
matrixNeoDateFixBot:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
matrixNeoDateFixWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
matrixUserVerificationService:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memcached:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "32Mi"
|
||||
milter:
|
||||
limits:
|
||||
cpu: 4
|
||||
|
||||
@@ -60,7 +60,6 @@ secrets:
|
||||
collabora:
|
||||
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "collabora" "collabora_admin_user" | sha1sum) }}
|
||||
jitsi:
|
||||
synapseAsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "as_token" | sha1sum) }}
|
||||
jwtAppSecret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jwtAppSecret" | sha1sum) }}
|
||||
jibriRecorderPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriRecorderPassword" | sha1sum) }}
|
||||
jibriXmppPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriXmppPassword" | sha1sum) }}
|
||||
@@ -81,4 +80,9 @@ secrets:
|
||||
superadminpassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "xwiki" "superadminpassword" | sha1sum) }}
|
||||
intercom:
|
||||
secret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "secret" | sha1sum) }}
|
||||
synapseAsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "as_token" | sha1sum) }}
|
||||
matrixNeoDateFixBot:
|
||||
password: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-neodatefix-bot" "password" | sha1sum) }}
|
||||
matrixUserVerificationService:
|
||||
password: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-user-verification-service" "password" | sha1sum) }}
|
||||
...
|
||||
|
||||
@@ -5,6 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
smtp:
|
||||
host: ""
|
||||
port: 587
|
||||
username: ""
|
||||
password: "{{ env "SMTP_PASSWORD" }}"
|
||||
...
|
||||
|
||||
@@ -21,6 +21,8 @@ keycloak:
|
||||
enabled: true
|
||||
mariadb:
|
||||
enabled: true
|
||||
memcached:
|
||||
enabled: true
|
||||
nextcloud:
|
||||
enabled: true
|
||||
openproject:
|
||||
|
||||
Reference in New Issue
Block a user