mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
812eb5a439 | ||
|
|
f86a74ba10 | ||
|
|
71d11cfcd0 | ||
|
|
6aa3d386af | ||
|
|
7ac2e0f9de | ||
|
|
6f556bce70 | ||
|
|
a447c137fe | ||
|
|
47a385683c | ||
|
|
db48140f3a | ||
|
|
d7cae3b1fa | ||
|
|
7ae65a36a2 | ||
|
|
01466947cc | ||
|
|
061e588da9 | ||
|
|
b460206bd4 | ||
|
|
ea14f953a4 | ||
|
|
feed270fd7 |
@@ -33,9 +33,6 @@ variables:
|
|||||||
description: "Define which cluster to use. Cluster must be defined in gitlab/environments.yaml of
|
description: "Define which cluster to use. Cluster must be defined in gitlab/environments.yaml of
|
||||||
sovereign-workplace-env included above."
|
sovereign-workplace-env included above."
|
||||||
value: "dev"
|
value: "dev"
|
||||||
BASE_DOMAIN:
|
|
||||||
description: "Define the Cluster Base Domain."
|
|
||||||
value: "souvap.cloud"
|
|
||||||
MASTER_PASSWORD_WEB_VAR:
|
MASTER_PASSWORD_WEB_VAR:
|
||||||
description: "Optional: Provide a passphrase to be used for password generation."
|
description: "Optional: Provide a passphrase to be used for password generation."
|
||||||
value: ""
|
value: ""
|
||||||
@@ -150,9 +147,6 @@ variables:
|
|||||||
UMS_TESTS_BRANCH:
|
UMS_TESTS_BRANCH:
|
||||||
description: "Branch of E2E test suite of SouvAP Dev team"
|
description: "Branch of E2E test suite of SouvAP Dev team"
|
||||||
value: "main"
|
value: "main"
|
||||||
# please use the following set of variables with normalized names:
|
|
||||||
DOMAIN: "${NAMESPACE}.${CLUSTER}.${BASE_DOMAIN}"
|
|
||||||
ISTIO_DOMAIN: "${NAMESPACE}.istio.${CLUSTER}.${BASE_DOMAIN}"
|
|
||||||
|
|
||||||
.deploy-common:
|
.deploy-common:
|
||||||
cache: {}
|
cache: {}
|
||||||
@@ -204,7 +198,6 @@ env-cleanup:
|
|||||||
env-start:
|
env-start:
|
||||||
environment:
|
environment:
|
||||||
name: "${NAMESPACE}"
|
name: "${NAMESPACE}"
|
||||||
url: "https://portal.${DOMAIN}"
|
|
||||||
on_stop: "env-stop"
|
on_stop: "env-stop"
|
||||||
extends: ".deploy-common"
|
extends: ".deploy-common"
|
||||||
image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6"
|
image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/k8s:1.25.6"
|
||||||
@@ -443,10 +436,6 @@ run-tests:
|
|||||||
extends: ".deploy-common"
|
extends: ".deploy-common"
|
||||||
environment:
|
environment:
|
||||||
name: "${NAMESPACE}"
|
name: "${NAMESPACE}"
|
||||||
tags:
|
|
||||||
- "docker"
|
|
||||||
- "kubernetes"
|
|
||||||
- "${CLUSTER}"
|
|
||||||
stage: "tests"
|
stage: "tests"
|
||||||
rules:
|
rules:
|
||||||
- if: >
|
- if: >
|
||||||
@@ -503,10 +492,6 @@ run-souvap-dev-tests:
|
|||||||
extends: ".deploy-common"
|
extends: ".deploy-common"
|
||||||
environment:
|
environment:
|
||||||
name: "${NAMESPACE}"
|
name: "${NAMESPACE}"
|
||||||
tags:
|
|
||||||
- "docker"
|
|
||||||
- "kubernetes"
|
|
||||||
- "${CLUSTER}"
|
|
||||||
stage: "tests"
|
stage: "tests"
|
||||||
rules:
|
rules:
|
||||||
- if: >
|
- if: >
|
||||||
@@ -570,7 +555,7 @@ generate-release-assets:
|
|||||||
- "./build_artefacts/image-index.json"
|
- "./build_artefacts/image-index.json"
|
||||||
tags: []
|
tags: []
|
||||||
variables:
|
variables:
|
||||||
ASSET_GENERATOR_REPO_PATH: "bmi/souveraener_arbeitsplatz/tooling/opendesk-asset-generator"
|
ASSET_GENERATOR_REPO_PATH: "bmi/opendesk/tooling/opendesk-asset-generator"
|
||||||
|
|
||||||
|
|
||||||
# Declare .environments which is in environments repository and only loaded when INCLUDE_ENVIRONMENTS_ENABLED not false.
|
# Declare .environments which is in environments repository and only loaded when INCLUDE_ENVIRONMENTS_ENABLED not false.
|
||||||
|
|||||||
51
CHANGELOG.md
51
CHANGELOG.md
@@ -1,3 +1,54 @@
|
|||||||
|
## [0.5.48](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.47...v0.5.48) (2023-11-24)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **services:** Update resource requests and remove cpu limits ([f86a74b](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/f86a74ba100c7f08f6538b58a713bbc87c00e814))
|
||||||
|
|
||||||
|
## [0.5.47](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.46...v0.5.47) (2023-11-24)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **helmfile:** Rename absolute paths on OpenCoDE to new 'opendesk' base group name ([7ac2e0f](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/7ac2e0f9de2a8386a7f5809ba40db4ed7164a857))
|
||||||
|
* **xwiki:** Enable the sync of user profile picture from LDAP ([6aa3d38](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/6aa3d386afe8b3f22e47f9971fd719089006b54e))
|
||||||
|
|
||||||
|
## [0.5.46](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.45...v0.5.46) (2023-11-23)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **element:** Fix quotes in element chart ([a447c13](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a447c137fe58be343e7ada55afb7f6891a5cde74))
|
||||||
|
|
||||||
|
## [0.5.45](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.44...v0.5.45) (2023-11-22)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **open-xchange:** Add security context ([db48140](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/db48140f3ae6576b21e93ac0f10f40765efd608d))
|
||||||
|
|
||||||
|
## [0.5.44](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.43...v0.5.44) (2023-11-21)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **ci:** Remove default BASE_DOMAIN in .gitlab-ci.yml ([7ae65a3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7ae65a36a2777d249ba3784bf965da4c790a1b21))
|
||||||
|
|
||||||
|
## [0.5.43](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.42...v0.5.43) (2023-11-20)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **univention-management-stack:** Update optional UMS preview state ([061e588](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/061e588da90e52b531df0688347675bf4dcb431e))
|
||||||
|
|
||||||
|
## [0.5.42](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.41...v0.5.42) (2023-11-20)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **nextcloud:** Add exporter and serviceMonitor ([feed270](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/feed270fd7949743e8f9974e7f147e89ab623347))
|
||||||
|
* **nextcloud:** Bump openDesk bootstrap to 3.2.3 to support serverinfo token ([ea14f95](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/ea14f953a4a54c01cc0d66db1bdb645ca4a661e5))
|
||||||
|
|
||||||
## [0.5.41](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.40...v0.5.41) (2023-11-16)
|
## [0.5.41](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.40...v0.5.41) (2023-11-16)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
|
|
||||||
# Read me first
|
# Read me first
|
||||||
|
|
||||||
Please read the [project's overall CONTRIBUTING.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/CONTRIBUTING.md) first.
|
Please read the [project's overall CONTRIBUTING.md](https://gitlab.opencode.de/bmi/opendesk/info/-/blob/main/CONTRIBUTING.md) first.
|
||||||
|
|
||||||
# How to contribute?
|
# How to contribute?
|
||||||
|
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ Basic knowledge of Kubernetes and Devops is required though.
|
|||||||
|
|
||||||
# Active development notice
|
# Active development notice
|
||||||
openDesk will face breaking changes in the near future without upgrade paths before
|
openDesk will face breaking changes in the near future without upgrade paths before
|
||||||
[technical release](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/releases
|
[technical release](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases
|
||||||
v1.0.0 is reached.
|
v1.0.0 is reached.
|
||||||
|
|
||||||
While most components support upgrades, major configuration or component changes may occur, therefore we recommend
|
While most components support upgrades, major configuration or component changes may occur, therefore we recommend
|
||||||
@@ -60,10 +60,10 @@ Of course, further development also includes enhancing the documentation.
|
|||||||
|
|
||||||
We love to get feedback from you!
|
We love to get feedback from you!
|
||||||
Related to the deployment / contents of this repository,
|
Related to the deployment / contents of this repository,
|
||||||
please use the [issues within this project](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues).
|
please use the [issues within this project](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues).
|
||||||
|
|
||||||
If you want to address other topics, please check the section
|
If you want to address other topics, please check the section
|
||||||
["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
|
["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/opendesk/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
|
||||||
|
|
||||||
# Requirements
|
# Requirements
|
||||||
|
|
||||||
@@ -86,7 +86,7 @@ If you want to address other topics, please check the section
|
|||||||
All technical releases are created using [Semantic Versioning](https://semver.org/lang/de/).
|
All technical releases are created using [Semantic Versioning](https://semver.org/lang/de/).
|
||||||
|
|
||||||
Gitlab provides an
|
Gitlab provides an
|
||||||
[overview on the releases](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/releases)
|
[overview on the releases](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases)
|
||||||
of this project.
|
of this project.
|
||||||
|
|
||||||
The following release artefacts are provided beside the default source code assets:
|
The following release artefacts are provided beside the default source code assets:
|
||||||
|
|||||||
@@ -18,13 +18,12 @@ The project includes a `.gitlab-ci.yml` that allows you to execute the deploymen
|
|||||||
|
|
||||||
When starting the pipeline through the Gitlab UI, you will be queried for some variables plus the following ones:
|
When starting the pipeline through the Gitlab UI, you will be queried for some variables plus the following ones:
|
||||||
|
|
||||||
- `BASE_DOMAIN`: The base domain the SWP will use. For example: `souvap.cloud`
|
- `DOMAIN` = The domain to deploy to.
|
||||||
|
- `ISTIO_DOMAIN` = istio.`DOMAIN`
|
||||||
- `NAMESPACE`: Defines into which namespace of your K8s cluster the SWP will be installed
|
- `NAMESPACE`: Defines into which namespace of your K8s cluster the SWP will be installed
|
||||||
- `MASTER_PASSWORD_WEB_VAR`: Overwrites value of `MASTER_PASSWORD`
|
- `MASTER_PASSWORD_WEB_VAR`: Overwrites value of `MASTER_PASSWORD`
|
||||||
|
|
||||||
Based on your input, the following variables will be set:
|
Based on your input, the following variables will be set:
|
||||||
- `DOMAIN` = `NAMESPACE`.`BASE_DOMAIN`
|
|
||||||
- `ISTIO_DOMAIN` = istio.`DOMAIN`
|
|
||||||
- `MASTER_PASSWORD` = `MASTER_PASSWORD_WEB_VAR`. If `MASTER_PASSWORD_WEB_VAR`
|
- `MASTER_PASSWORD` = `MASTER_PASSWORD_WEB_VAR`. If `MASTER_PASSWORD_WEB_VAR`
|
||||||
is not set, the default for `MASTER_PASSWORD` will be used, unless you set
|
is not set, the default for `MASTER_PASSWORD` will be used, unless you set
|
||||||
`MASTER_PASSWORD` as a masked CI/CD variable in Gitlab to supersede the default.
|
`MASTER_PASSWORD` as a masked CI/CD variable in Gitlab to supersede the default.
|
||||||
|
|||||||
@@ -65,6 +65,7 @@ grafana:
|
|||||||
```
|
```
|
||||||
|
|
||||||
## Components
|
## Components
|
||||||
| Component | Metrics (pod- or serviceMonitor) | Alerts (prometheusRule) | Dashboard (Grafana) |
|
| Component | Metrics (pod- or serviceMonitor) | Alerts (prometheusRule) | Dashboard (Grafana) |
|
||||||
|:------------|-----------------------------------|-------------------------|---------------------|
|
|:----------|-----------------------------------|-------------------------|---------------------|
|
||||||
| Collabora | :white_check_mark: | :white_check_mark: | :white_check_mark: |
|
| Collabora | :white_check_mark: | :white_check_mark: | :white_check_mark: |
|
||||||
|
| Nextcloud | :white_check_mark: | :x: | :x: |
|
||||||
|
|||||||
@@ -50,30 +50,43 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
|
|||||||
This list gives you an overview of default security settings and if they comply with security standards:
|
This list gives you an overview of default security settings and if they comply with security standards:
|
||||||
|
|
||||||
|
|
||||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||||
|-------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
|--------------|----------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||||
| CryptPad | cryptpad | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
| CryptPad | npm | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| Dovecot | dovecot | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `NET_BIND_SERVICE`, `SETGID`, `SETUID`, `SYS_CHROOT`) | :white_check_mark: | :white_check_mark: | :x: | - | - | 1000 |
|
||||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| Open-Xchange | core-documentconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||||
|
| | core-guidedtours | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-imageconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||||
|
| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - |
|
||||||
|
| | core-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-ui-middleware | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-ui-middleware-updater | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-user-guide | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | gotenberg | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | guard-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | nextlcoud-integration-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | public-sector-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
|
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ missingFileHandler: "Error"
|
|||||||
# - Installing all releases from root via helmfile apply
|
# - Installing all releases from root via helmfile apply
|
||||||
# - Installing a single release from root via helmfile apply -f helmfile/apps/<app>/helmfile.yaml
|
# - Installing a single release from root via helmfile apply -f helmfile/apps/<app>/helmfile.yaml
|
||||||
# - Installing a single release from app directory via helmfile apply
|
# - Installing a single release from app directory via helmfile apply
|
||||||
# Issue: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues/2
|
# Issue: https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues/2
|
||||||
|
|
||||||
environments:
|
environments:
|
||||||
default:
|
default:
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ repositories:
|
|||||||
releases:
|
releases:
|
||||||
- name: "opendesk-element"
|
- name: "opendesk-element"
|
||||||
chart: "opendesk-element-repo/opendesk-element"
|
chart: "opendesk-element-repo/opendesk-element"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-element.yaml"
|
- "values-element.yaml"
|
||||||
- "values-element.gotmpl"
|
- "values-element.gotmpl"
|
||||||
@@ -42,7 +42,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-well-known"
|
- name: "opendesk-well-known"
|
||||||
chart: "opendesk-element-repo/opendesk-well-known"
|
chart: "opendesk-element-repo/opendesk-well-known"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-well-known.yaml"
|
- "values-well-known.yaml"
|
||||||
- "values-well-known.gotmpl"
|
- "values-well-known.gotmpl"
|
||||||
@@ -51,7 +51,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-synapse-web"
|
- name: "opendesk-synapse-web"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-synapse-web.yaml"
|
- "values-synapse-web.yaml"
|
||||||
- "values-synapse-web.gotmpl"
|
- "values-synapse-web.gotmpl"
|
||||||
@@ -60,7 +60,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-synapse"
|
- name: "opendesk-synapse"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse"
|
chart: "opendesk-element-repo/opendesk-synapse"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-synapse.yaml"
|
- "values-synapse.yaml"
|
||||||
- "values-synapse.gotmpl"
|
- "values-synapse.gotmpl"
|
||||||
@@ -69,7 +69,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||||
@@ -78,7 +78,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-matrix-user-verification-service"
|
- name: "opendesk-matrix-user-verification-service"
|
||||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-matrix-user-verification-service.yaml"
|
- "values-matrix-user-verification-service.yaml"
|
||||||
- "values-matrix-user-verification-service.gotmpl"
|
- "values-matrix-user-verification-service.gotmpl"
|
||||||
@@ -114,7 +114,7 @@ releases:
|
|||||||
|
|
||||||
- name: "matrix-neodatefix-bot-bootstrap"
|
- name: "matrix-neodatefix-bot-bootstrap"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||||
|
|||||||
@@ -46,4 +46,7 @@ ingress:
|
|||||||
tls:
|
tls:
|
||||||
enabled: {{ .Values.ingress.tls.enabled }}
|
enabled: {{ .Values.ingress.tls.enabled }}
|
||||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||||
|
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.intercomService | toYaml | nindent 2 }}
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ repositories:
|
|||||||
verify: true
|
verify: true
|
||||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||||
# openDesk Keycloak Theme
|
# openDesk Keycloak Theme
|
||||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-theme
|
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-keycloak-theme
|
||||||
- name: "keycloak-theme-repo"
|
- name: "keycloak-theme-repo"
|
||||||
oci: true
|
oci: true
|
||||||
url: >-
|
url: >-
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ bases:
|
|||||||
repositories:
|
repositories:
|
||||||
# openDesk Keycloak Bootstrap
|
# openDesk Keycloak Bootstrap
|
||||||
# Source:
|
# Source:
|
||||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/sovereign-workplace-nextcloud-bootstrap
|
# https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap
|
||||||
- name: "opendesk-nextcloud-bootstrap-repo"
|
- name: "opendesk-nextcloud-bootstrap-repo"
|
||||||
oci: true
|
oci: true
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
@@ -28,7 +28,7 @@ repositories:
|
|||||||
releases:
|
releases:
|
||||||
- name: "opendesk-nextcloud-bootstrap"
|
- name: "opendesk-nextcloud-bootstrap"
|
||||||
chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
|
chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
|
||||||
version: "3.2.2"
|
version: "3.2.3"
|
||||||
wait: true
|
wait: true
|
||||||
waitForJobs: true
|
waitForJobs: true
|
||||||
values:
|
values:
|
||||||
|
|||||||
@@ -39,6 +39,9 @@ config:
|
|||||||
host: {{ .Values.ldap.host | quote }}
|
host: {{ .Values.ldap.host | quote }}
|
||||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
||||||
|
|
||||||
|
serverinfo:
|
||||||
|
token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||||
|
|
||||||
smtp:
|
smtp:
|
||||||
host: {{ .Values.smtp.host | quote }}
|
host: {{ .Values.smtp.host | quote }}
|
||||||
username: {{ .Values.smtp.username | quote }}
|
username: {{ .Values.smtp.username | quote }}
|
||||||
|
|||||||
@@ -35,7 +35,22 @@ image:
|
|||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
|
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||||
|
https: true
|
||||||
token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||||
|
image:
|
||||||
|
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.nextcloudExporter.repository }}"
|
||||||
|
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||||
|
tag: {{ .Values.images.nextcloudExporter.tag | quote }}
|
||||||
|
pullSecrets:
|
||||||
|
{{- toYaml .Values.global.imagePullSecrets | nindent 4 }}
|
||||||
|
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||||
|
labels:
|
||||||
|
{{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.nextcloudMetrics | toYaml | nindent 4 }}
|
||||||
|
|
||||||
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
||||||
replicaCount: {{ .Values.replicas.nextcloud }}
|
replicaCount: {{ .Values.replicas.nextcloud }}
|
||||||
|
|||||||
@@ -41,9 +41,6 @@ externalDatabase:
|
|||||||
# to the mariadb:
|
# to the mariadb:
|
||||||
type: "mysql"
|
type: "mysql"
|
||||||
|
|
||||||
metrics:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
nextcloud:
|
nextcloud:
|
||||||
configs:
|
configs:
|
||||||
mimetypealiases.json: |-
|
mimetypealiases.json: |-
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ bases:
|
|||||||
---
|
---
|
||||||
repositories:
|
repositories:
|
||||||
# openDesk Dovecot
|
# openDesk Dovecot
|
||||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-dovecot
|
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-dovecot
|
||||||
- name: "opendesk-dovecot-repo"
|
- name: "opendesk-dovecot-repo"
|
||||||
oci: true
|
oci: true
|
||||||
url: >-
|
url: >-
|
||||||
@@ -21,7 +21,7 @@ repositories:
|
|||||||
url: >-
|
url: >-
|
||||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
|
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
|
||||||
# openDesk Open-Xchange Bootstrap
|
# openDesk Open-Xchange Bootstrap
|
||||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-open-xchange-bootstrap
|
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-open-xchange-bootstrap
|
||||||
- name: "opendesk-open-xchange-bootstrap-repo"
|
- name: "opendesk-open-xchange-bootstrap-repo"
|
||||||
oci: true
|
oci: true
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
@@ -35,7 +35,7 @@ repositories:
|
|||||||
releases:
|
releases:
|
||||||
- name: "dovecot"
|
- name: "dovecot"
|
||||||
chart: "opendesk-dovecot-repo/dovecot"
|
chart: "opendesk-dovecot-repo/dovecot"
|
||||||
version: "1.3.5"
|
version: "1.3.6"
|
||||||
values:
|
values:
|
||||||
- "values-dovecot.yaml"
|
- "values-dovecot.yaml"
|
||||||
- "values-dovecot.gotmpl"
|
- "values-dovecot.gotmpl"
|
||||||
|
|||||||
@@ -1,6 +1,24 @@
|
|||||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
---
|
---
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
add:
|
||||||
|
- "CHOWN"
|
||||||
|
- "DAC_OVERRIDE"
|
||||||
|
- "KILL"
|
||||||
|
- "NET_BIND_SERVICE"
|
||||||
|
- "SETGID"
|
||||||
|
- "SETUID"
|
||||||
|
- "SYS_CHROOT"
|
||||||
|
enabled: true
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
dovecot:
|
dovecot:
|
||||||
ldap:
|
ldap:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -16,4 +34,8 @@ dovecot:
|
|||||||
enabled: true
|
enabled: true
|
||||||
ssl: "no"
|
ssl: "no"
|
||||||
host: "postfix:25"
|
host: "postfix:25"
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
fsGroup: 1000
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -25,6 +25,8 @@ nextcloud-integration-ui:
|
|||||||
{{- range .Values.global.imagePullSecrets }}
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
|
||||||
|
|
||||||
public-sector-ui:
|
public-sector-ui:
|
||||||
image:
|
image:
|
||||||
@@ -35,6 +37,8 @@ public-sector-ui:
|
|||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
|
||||||
|
|
||||||
appsuite:
|
appsuite:
|
||||||
istio:
|
istio:
|
||||||
@@ -62,6 +66,8 @@ appsuite:
|
|||||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
|
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
|
||||||
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
|
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
|
||||||
properties:
|
properties:
|
||||||
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
|
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
|
||||||
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||||
@@ -119,6 +125,8 @@ appsuite:
|
|||||||
{{- range .Values.global.imagePullSecrets }}
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-ui:
|
core-ui:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
@@ -129,6 +137,8 @@ appsuite:
|
|||||||
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
|
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
|
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-ui-middleware:
|
core-ui-middleware:
|
||||||
ingress:
|
ingress:
|
||||||
@@ -146,13 +156,18 @@ appsuite:
|
|||||||
redis:
|
redis:
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.redis.password | quote }}
|
password: {{ .Values.secrets.redis.password | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
|
||||||
|
updater:
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreUIMiddlewareUpdater | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-documentconverter:
|
core-documentconverter:
|
||||||
image:
|
image:
|
||||||
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
|
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
|
||||||
resources:
|
resources:
|
||||||
{{- .Values.resources.oxDocumentConverter | toYaml | nindent 6 }}
|
{{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-guidedtours:
|
core-guidedtours:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
@@ -163,11 +178,15 @@ appsuite:
|
|||||||
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
|
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
|
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-imageconverter:
|
core-imageconverter:
|
||||||
image:
|
image:
|
||||||
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
|
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }}
|
||||||
|
|
||||||
guard-ui:
|
guard-ui:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
@@ -178,6 +197,8 @@ appsuite:
|
|||||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
|
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
|
||||||
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
|
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-user-guide:
|
core-user-guide:
|
||||||
image:
|
image:
|
||||||
@@ -188,4 +209,6 @@ appsuite:
|
|||||||
{{- range .Values.global.imagePullSecrets }}
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -14,6 +14,17 @@ appsuite:
|
|||||||
masterAdmin: "admin"
|
masterAdmin: "admin"
|
||||||
gotenberg:
|
gotenberg:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1001
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
features:
|
features:
|
||||||
status:
|
status:
|
||||||
# enable admin pack
|
# enable admin pack
|
||||||
@@ -27,6 +38,7 @@ appsuite:
|
|||||||
open-xchange-authentication-oauth: "enabled"
|
open-xchange-authentication-oauth: "enabled"
|
||||||
properties:
|
properties:
|
||||||
com.openexchange.UIWebPath: "/appsuite/"
|
com.openexchange.UIWebPath: "/appsuite/"
|
||||||
|
com.openexchange.showAdmin: "false"
|
||||||
# PDF Export
|
# PDF Export
|
||||||
com.openexchange.capability.mail_export_pdf: "true"
|
com.openexchange.capability.mail_export_pdf: "true"
|
||||||
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
||||||
@@ -158,8 +170,23 @@ appsuite:
|
|||||||
mkdir -p /opt/open-xchange/guard-files
|
mkdir -p /opt/open-xchange/guard-files
|
||||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||||
|
|
||||||
|
# Security context for core-mw has no effect yet
|
||||||
|
# podSecurityContext: {}
|
||||||
|
# securityContext: {}
|
||||||
|
|
||||||
core-ui:
|
core-ui:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-ui-middleware:
|
core-ui-middleware:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -170,15 +197,62 @@ appsuite:
|
|||||||
- "redis-master:6379"
|
- "redis-master:6379"
|
||||||
auth:
|
auth:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-guidedtours:
|
core-guidedtours:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
guard-ui:
|
guard-ui:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-cacheservice:
|
core-cacheservice:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
core-user-guide:
|
core-user-guide:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-imageconverter:
|
core-imageconverter:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -188,6 +262,19 @@ appsuite:
|
|||||||
endpoint: "."
|
endpoint: "."
|
||||||
accessKey: "."
|
accessKey: "."
|
||||||
secretKey: "."
|
secretKey: "."
|
||||||
|
podSecurityContext:
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 987
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
securityContext:
|
||||||
|
# missing:
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
|
||||||
core-spellcheck:
|
core-spellcheck:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -198,6 +285,19 @@ appsuite:
|
|||||||
cache:
|
cache:
|
||||||
remoteCache:
|
remoteCache:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
podSecurityContext:
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 987
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
securityContext:
|
||||||
|
# missing:
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
|
||||||
core-documents-collaboration:
|
core-documents-collaboration:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -213,3 +313,30 @@ appsuite:
|
|||||||
enabled: false
|
enabled: false
|
||||||
core-drive-help:
|
core-drive-help:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
nextcloud-integration-ui:
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
|
public-sector-ui:
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
...
|
||||||
|
|||||||
@@ -41,15 +41,16 @@ releases:
|
|||||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||||
- name: "ums-ldap-server"
|
- name: "ums-ldap-server"
|
||||||
chart: "ums-repo/ldap-server"
|
chart: "ums-repo/ldap-server"
|
||||||
version: "0.5.2"
|
version: "0.7.0"
|
||||||
values:
|
values:
|
||||||
- "values-common.gotmpl"
|
- "values-common.gotmpl"
|
||||||
- "values-common.yaml"
|
- "values-common.yaml"
|
||||||
- "values-ldap-server.gotmpl"
|
- "values-ldap-server.gotmpl"
|
||||||
|
- "values-ldap-server.yaml"
|
||||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||||
- name: "ums-ldap-notifier"
|
- name: "ums-ldap-notifier"
|
||||||
chart: "ums-repo/ldap-notifier"
|
chart: "ums-repo/ldap-notifier"
|
||||||
version: "0.5.2"
|
version: "0.7.0"
|
||||||
values:
|
values:
|
||||||
- "values-common.gotmpl"
|
- "values-common.gotmpl"
|
||||||
- "values-common.yaml"
|
- "values-common.yaml"
|
||||||
@@ -58,7 +59,7 @@ releases:
|
|||||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||||
- name: "ums-udm-rest-api"
|
- name: "ums-udm-rest-api"
|
||||||
chart: "ums-repo/udm-rest-api"
|
chart: "ums-repo/udm-rest-api"
|
||||||
version: "0.3.3"
|
version: "0.3.5"
|
||||||
values:
|
values:
|
||||||
- "values-common.gotmpl"
|
- "values-common.gotmpl"
|
||||||
- "values-common.yaml"
|
- "values-common.yaml"
|
||||||
@@ -66,7 +67,7 @@ releases:
|
|||||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||||
- name: "ums-stack-data-ums"
|
- name: "ums-stack-data-ums"
|
||||||
chart: "ums-repo/stack-data-ums"
|
chart: "ums-repo/stack-data-ums"
|
||||||
version: "0.25.1"
|
version: "0.33.0"
|
||||||
values:
|
values:
|
||||||
- "values-common.gotmpl"
|
- "values-common.gotmpl"
|
||||||
- "values-common.yaml"
|
- "values-common.yaml"
|
||||||
@@ -74,7 +75,7 @@ releases:
|
|||||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||||
- name: "ums-stack-data-swp"
|
- name: "ums-stack-data-swp"
|
||||||
chart: "ums-repo/stack-data-swp"
|
chart: "ums-repo/stack-data-swp"
|
||||||
version: "0.25.1"
|
version: "0.33.0"
|
||||||
values:
|
values:
|
||||||
- "values-common.gotmpl"
|
- "values-common.gotmpl"
|
||||||
- "values-common.yaml"
|
- "values-common.yaml"
|
||||||
@@ -124,7 +125,7 @@ releases:
|
|||||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||||
- name: "ums-umc-gateway"
|
- name: "ums-umc-gateway"
|
||||||
chart: "ums-repo/umc-gateway"
|
chart: "ums-repo/umc-gateway"
|
||||||
version: "0.3.5"
|
version: "0.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-common.gotmpl"
|
- "values-common.gotmpl"
|
||||||
- "values-common.yaml"
|
- "values-common.yaml"
|
||||||
@@ -132,7 +133,7 @@ releases:
|
|||||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||||
- name: "ums-umc-server"
|
- name: "ums-umc-server"
|
||||||
chart: "ums-repo/umc-server"
|
chart: "ums-repo/umc-server"
|
||||||
version: "0.3.5"
|
version: "0.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-common.gotmpl"
|
- "values-common.gotmpl"
|
||||||
- "values-common.yaml"
|
- "values-common.yaml"
|
||||||
|
|||||||
@@ -0,0 +1,30 @@
|
|||||||
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
---
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: "ClusterIP"
|
||||||
|
|
||||||
|
extraVolumes:
|
||||||
|
- name: "opendesk-schemas"
|
||||||
|
configMap:
|
||||||
|
name: "ums-stack-data-swp-schemas"
|
||||||
|
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: "opendesk-schemas"
|
||||||
|
mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskFileshare.schema"
|
||||||
|
subPath: "opendeskFileshare.schema"
|
||||||
|
- name: "opendesk-schemas"
|
||||||
|
mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskKnowledgemanagement.schema"
|
||||||
|
subPath: "opendeskKnowledgemanagement.schema"
|
||||||
|
- name: "opendesk-schemas"
|
||||||
|
mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskLearnmanagement.schema"
|
||||||
|
subPath: "opendeskLearnmanagement.schema"
|
||||||
|
- name: "opendesk-schemas"
|
||||||
|
mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskLivecollaboration.schema"
|
||||||
|
subPath: "opendeskLivecollaboration.schema"
|
||||||
|
- name: "opendesk-schemas"
|
||||||
|
mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskProjectmanagement.schema"
|
||||||
|
subPath: "opendeskProjectmanagement.schema"
|
||||||
|
|
||||||
|
...
|
||||||
@@ -17,7 +17,7 @@ portalListener:
|
|||||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||||
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
notifierServer: "ums-ldap-notifier"
|
notifierServer: {{ .Values.ldap.notifierHost | quote }}
|
||||||
portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal"
|
portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,dc=swp-ldap,dc=internal"
|
||||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||||
udmApiUsername: "cn=admin"
|
udmApiUsername: "cn=admin"
|
||||||
|
|||||||
@@ -30,6 +30,9 @@ stackDataContext:
|
|||||||
|
|
||||||
oxDefaultContext: "10"
|
oxDefaultContext: "10"
|
||||||
|
|
||||||
|
userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }}
|
||||||
|
adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
|
||||||
|
|
||||||
image:
|
image:
|
||||||
registry: {{ .Values.global.imageRegistry | quote }}
|
registry: {{ .Values.global.imageRegistry | quote }}
|
||||||
repository: {{ .Values.images.umsDataLoader.repository | quote }}
|
repository: {{ .Values.images.umsDataLoader.repository | quote }}
|
||||||
|
|||||||
@@ -9,9 +9,22 @@ extraVolumes:
|
|||||||
- name: "certificates"
|
- name: "certificates"
|
||||||
secret:
|
secret:
|
||||||
secretName: "opendesk-certificates-tls"
|
secretName: "opendesk-certificates-tls"
|
||||||
|
- name: "entrypoint-swp-patches"
|
||||||
|
configMap:
|
||||||
|
name: "ums-stack-data-swp-umc-server-entrypoint"
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: "self-service-emails"
|
||||||
|
configMap:
|
||||||
|
name: "ums-stack-data-swp-self-service-emails"
|
||||||
|
defaultMode: 0444
|
||||||
|
|
||||||
extraVolumeMounts:
|
extraVolumeMounts:
|
||||||
- name: "certificates"
|
- name: "certificates"
|
||||||
mountPath: "/var/secrets/ssl"
|
mountPath: "/var/secrets/ssl"
|
||||||
|
- name: "entrypoint-swp-patches"
|
||||||
|
mountPath: "/entrypoint.d/90-customization.sh"
|
||||||
|
subPath: "90-customization.sh"
|
||||||
|
- name: "self-service-emails"
|
||||||
|
mountPath: "/usr/share/univention-self-service/email_bodies"
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ externalDB:
|
|||||||
|
|
||||||
customConfigs:
|
customConfigs:
|
||||||
"xwiki.cfg":
|
"xwiki.cfg":
|
||||||
"xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
xwiki.superadminpassword: {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
||||||
## LDAP Server configuration
|
## LDAP Server configuration
|
||||||
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
|
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
|
||||||
xwiki.authentication.ldap.port: 389
|
xwiki.authentication.ldap.port: 389
|
||||||
@@ -25,6 +25,8 @@ customConfigs:
|
|||||||
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||||
## Base DN used for searching for users
|
## Base DN used for searching for users
|
||||||
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||||
|
## Allow short update cycles of the LDAP group cache
|
||||||
|
xwiki.authentication.ldap.groupcache_expiration: 300
|
||||||
|
|
||||||
"xwiki.properties":
|
"xwiki.properties":
|
||||||
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
|
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
|
||||||
|
|||||||
@@ -10,9 +10,9 @@ customConfigs:
|
|||||||
## Indicate the LDAP field defining the user UID
|
## Indicate the LDAP field defining the user UID
|
||||||
xwiki.authentication.ldap.UID_attr: "uid"
|
xwiki.authentication.ldap.UID_attr: "uid"
|
||||||
## Indicate the LDAP field defining the user profile picture
|
## Indicate the LDAP field defining the user profile picture
|
||||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||||
## Enable the synchronization of the LDAP profile picture
|
## Enable the synchronization of the LDAP profile picture
|
||||||
# xwiki.authentication.ldap.update_photo: 1
|
xwiki.authentication.ldap.update_photo: 1
|
||||||
|
|
||||||
xwiki.properties:
|
xwiki.properties:
|
||||||
oidc.scope: "openid,profile,email,address,phoenix"
|
oidc.scope: "openid,profile,email,address,phoenix"
|
||||||
@@ -80,8 +80,10 @@ properties:
|
|||||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
||||||
"dc=swp-ldap,dc=internal"
|
"dc=swp-ldap,dc=internal"
|
||||||
## LDAP filter to only synchronize some groups
|
## LDAP filter to only synchronize some groups
|
||||||
|
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||||
|
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||||
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
"(objectClass=opendeskKnowledgemanagementGroup)"
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ images:
|
|||||||
# @supplier: "openDesk DevSecOps"
|
# @supplier: "openDesk DevSecOps"
|
||||||
intercom:
|
intercom:
|
||||||
repository: "univention/intercom-service"
|
repository: "univention/intercom-service"
|
||||||
tag: "1.4-kubernetes@sha256:e4fa2e0df49595bf9ba5bf73e36a50e8f1b44334a1a326a43488b8f9c8bbcb9c"
|
tag: "1.6@sha256:f32c1e52fa132e9dc6973e9f8ed36a98c5c3e0bcd51c60f9a683e7e528dd2306"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
jibri:
|
jibri:
|
||||||
repository: "jitsi/jibri"
|
repository: "jitsi/jibri"
|
||||||
@@ -120,6 +120,10 @@ images:
|
|||||||
repository: "nextcloud"
|
repository: "nextcloud"
|
||||||
tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
|
tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
|
||||||
# @supplier: "Nextcloud Community"
|
# @supplier: "Nextcloud Community"
|
||||||
|
nextcloudExporter:
|
||||||
|
repository: "xperimental/nextcloud-exporter"
|
||||||
|
tag: "0.6.2@sha256:4ef2555e74ad1dd1b7b7b0680ce85f2b9333f2c2301756582ff04ae97adf796f"
|
||||||
|
# @supplier: "openDesk DevSecOps"
|
||||||
openproject:
|
openproject:
|
||||||
repository: "openproject/open_desk"
|
repository: "openproject/open_desk"
|
||||||
tag: "dev@sha256:732b5d0efe9fc64fe411c9d8143ec3f4a3c731d03c0caddb5fa4c614ff426e8d"
|
tag: "dev@sha256:732b5d0efe9fc64fe411c9d8143ec3f4a3c731d03c0caddb5fa4c614ff426e8d"
|
||||||
@@ -224,42 +228,42 @@ images:
|
|||||||
umsConfigHtpasswd:
|
umsConfigHtpasswd:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||||
tag: "0.5.2@sha256:b713d22a9f2285aab7ff3b1db950002c9ae507ee0b8ba6c76c8a700299440b02"
|
tag: "0.5.2@sha256:b63887af87ed4c496688d422a8881e806de4a2364eb07c7e24bb1635b539e7f3"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsDataLoader:
|
umsDataLoader:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/data-loader"
|
repository: "souvap/tooling/images/univention/data-loader"
|
||||||
tag: "0.25.1@sha256:4b5d621e7ee2ca9efd8755ccb287a6daeb05284c3c010e4b6c487d01e539c606"
|
tag: "0.33.0@sha256:2e9baf28cfe3eb6c740ce604d60ebc1ee6b3e0e2e8741730716a1c7375046039"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsLdapNotifier:
|
umsLdapNotifier:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||||
tag: "0.5.2@sha256:693c170507dd420d9afa19a2128c85ffd1f231b1c13b149a46bb12a501a1136f"
|
tag: "0.7.0@sha256:c5bd680dc85990aec2c3dde14f8e6b72f5a5d2d3c648bc434c57117836464faf"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsLdapServer:
|
umsLdapServer:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/ldap-server"
|
repository: "souvap/tooling/images/univention/ldap-server"
|
||||||
tag: "0.5.2@sha256:e4b229b1879185e150e371242a90c9a8e1ebb0bc19076871554137cc354855cb"
|
tag: "0.7.0@sha256:a87b615fc97c574316f41e1e6dc9bef41d80583ba450aece9d9830bab4d5a09a"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsNotificationsApi:
|
umsNotificationsApi:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/notifications-api"
|
repository: "souvap/tooling/images/univention/notifications-api"
|
||||||
tag: "0.4.3@sha256:f0a95d96f4047b08db41b8878800f98e66a8fb2fc3c0f493130be314a3be0270"
|
tag: "0.4.4@sha256:630905fd503ea5f4b17ccd4adccd68c20b85405a7372e7c71ac2c88aa6e1e47c"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsPortalListener:
|
umsPortalListener:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/portal-listener"
|
repository: "souvap/tooling/images/univention/portal-listener"
|
||||||
tag: "0.4.3@sha256:a5454bfc113df95d1e71424765b6a0137e7468861cb3df3865136888d24ca7a0"
|
tag: "0.4.4@sha256:689065bad9ab735be1cfd12e519934616e8c049afee4f78c46b630ab7c1a7aef"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsPortalFrontend:
|
umsPortalFrontend:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||||
tag: "0.4.3@sha256:bfae4930c830185b0f64d6cd9bb479bdde8ac383a58f8f5948731ece9288ff4d"
|
tag: "0.4.4@sha256:b8955718ad4d2c973b4c1ee80867ac47c2d90e422234c7a2401b13ed606fd4d4"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsPortalServer:
|
umsPortalServer:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/portal-server"
|
repository: "souvap/tooling/images/univention/portal-server"
|
||||||
tag: "0.4.3@sha256:3a906e38aaabf5e80457f1b572a4ee3676b90921ac9c0df9a64a177ee0d75cc9"
|
tag: "0.4.4@sha256:21d279ede3a7cbdaf3a5c4e83375bb389785db4f2569cfaf8362896a9b30e287"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsWaitForDependency:
|
umsWaitForDependency:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
@@ -269,22 +273,22 @@ images:
|
|||||||
umsStoreDav:
|
umsStoreDav:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/store-dav"
|
repository: "souvap/tooling/images/univention/store-dav"
|
||||||
tag: "0.5.2@sha256:e6d42110be74f171b62c8ba4752afd0af8119f0354783bf428eb2030f97be84a"
|
tag: "0.5.2@sha256:a3cbb1df2024edf58aea029a280f660bcd2fb8e684eed638901f5d7cbf9db467"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsUdmRestApi:
|
umsUdmRestApi:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||||
tag: "0.3.3@sha256:3893d74b1e450e920a53788a8b86cafb4e811dbbae8734fd32d56718ccbb89c5"
|
tag: "0.3.5@sha256:1a434f9d5e4d15217d011c13d9f1694e8a12291e09a6d0802c1158f7e2c5e035"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsUmcGateway:
|
umsUmcGateway:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||||
tag: "0.3.5@sha256:2e5ec7a33f0f9094143090c786b3fda632fe85b669b7fe3bb467ec96b4a76eff"
|
tag: "0.5.1@sha256:9937efd54020e0782a26a1670d0cb8b29edbc802b1fd9eed5e308a594d4ce010"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
umsUmcServer:
|
umsUmcServer:
|
||||||
# This is a preview and not part of the standard deployment.
|
# This is a preview and not part of the standard deployment.
|
||||||
repository: "souvap/tooling/images/univention/umc-server"
|
repository: "souvap/tooling/images/univention/umc-server"
|
||||||
tag: "0.3.5@sha256:fa95ab3a547807322e6d66da943292119b37229eccbb35b31217fe0f484c4798"
|
tag: "0.5.1@sha256:cfb626f8d0a949ce0ed36d7e01791006eae24d984573dfa3ed3f031808437da3"
|
||||||
# @supplier: "Univention"
|
# @supplier: "Univention"
|
||||||
wellKnown:
|
wellKnown:
|
||||||
repository: "library/nginx"
|
repository: "library/nginx"
|
||||||
|
|||||||
@@ -1,362 +1,455 @@
|
|||||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
---
|
---
|
||||||
|
# Some charts do not support null or ~ values, because they use their default values.
|
||||||
|
# To not limit the CPU, we set all CPU limits to 99.
|
||||||
resources:
|
resources:
|
||||||
clamd:
|
clamd:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "2Gi"
|
memory: "1.5Gi"
|
||||||
collabora:
|
collabora:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.5
|
cpu: 0.5
|
||||||
memory: "1Gi"
|
memory: "512Mi"
|
||||||
cryptpad:
|
cryptpad:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "512Mi"
|
memory: "512Mi"
|
||||||
dovecot:
|
dovecot:
|
||||||
limits:
|
limits:
|
||||||
cpu: 0.5
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
element:
|
element:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "32Mi"
|
||||||
freshclam:
|
freshclam:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "96Mi"
|
||||||
icap:
|
icap:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "128Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "16Mi"
|
memory: "16Mi"
|
||||||
|
intercomService:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "128Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "64Mi"
|
||||||
jibri:
|
jibri:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "768Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "125Mi"
|
memory: "384Mi"
|
||||||
jicofo:
|
jicofo:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "256Mi"
|
||||||
jitsi:
|
jitsi:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
jitsiKeycloakAdapter:
|
jitsiKeycloakAdapter:
|
||||||
limits:
|
limits:
|
||||||
cpu: "100m"
|
cpu: 99
|
||||||
memory: "128Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: "10m"
|
cpu: "10m"
|
||||||
memory: "16Mi"
|
memory: "48Mi"
|
||||||
jvb:
|
jvb:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "768Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "384Mi"
|
||||||
keycloak:
|
keycloak:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "750Mi"
|
memory: "512Mi"
|
||||||
keycloakExtension:
|
keycloakExtension:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "48Mi"
|
||||||
keycloakBootstrap:
|
keycloakBootstrap:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
keycloakProxy:
|
keycloakProxy:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "48Mi"
|
||||||
mariadb:
|
mariadb:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "500Mi"
|
memory: "384Mi"
|
||||||
matrixNeoBoardWidget:
|
matrixNeoBoardWidget:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "48Mi"
|
||||||
matrixNeoChoiceWidget:
|
matrixNeoChoiceWidget:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "48Mi"
|
||||||
matrixNeoDateFixBot:
|
matrixNeoDateFixBot:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "128Mi"
|
||||||
matrixNeoDateFixWidget:
|
matrixNeoDateFixWidget:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "48Mi"
|
||||||
matrixUserVerificationService:
|
matrixUserVerificationService:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "128Mi"
|
||||||
memcached:
|
memcached:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "256Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "32Mi"
|
memory: "32Mi"
|
||||||
milter:
|
milter:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "96Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "2Gi"
|
memory: "16Mi"
|
||||||
minio:
|
minio:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.25
|
cpu: 0.25
|
||||||
memory: "1Gi"
|
memory: "256Mi"
|
||||||
nextcloud:
|
nextcloud:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
|
nextcloudMetrics:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "128Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "32Mi"
|
||||||
openproject:
|
openproject:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "768Mi"
|
||||||
oxConnector:
|
openxchangeCoreDocumentConverter:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
|
||||||
requests:
|
|
||||||
cpu: 0.1
|
|
||||||
memory: "250Mi"
|
|
||||||
oxDocumentConverter:
|
|
||||||
limits:
|
|
||||||
cpu: 2
|
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.25
|
cpu: 0.25
|
||||||
memory: "1Gi"
|
memory: "1.25Gi"
|
||||||
|
openxchangeCoreGuidedtours:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeCoreImageConverter:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "2Gi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: "1.25Gi"
|
||||||
|
openxchangeCoreMW:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "8Gi"
|
||||||
|
requests:
|
||||||
|
cpu: 1
|
||||||
|
memory: "1.25Gi"
|
||||||
|
openxchangeCoreUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeCoreUIMiddleware:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "768Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: "192Mi"
|
||||||
|
openxchangeCoreUIMiddlewareUpdater:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "768Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: "192Mi"
|
||||||
|
openxchangeCoreUserGuide:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.02
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeGotenberg:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.05
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeGuardUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeNextcloudIntegrationUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangePublicSectorUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
oxConnector:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "512Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "64Mi"
|
||||||
postfix:
|
postfix:
|
||||||
limits:
|
limits:
|
||||||
cpu: 0.5
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "16Mi"
|
||||||
postgresql:
|
postgresql:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
prosody:
|
prosody:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
redis:
|
redis:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
synapse:
|
synapse:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 1
|
cpu: 1
|
||||||
memory: "2Gi"
|
memory: "256Mi"
|
||||||
synapseWeb:
|
synapseWeb:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "64Mi"
|
||||||
univentionCorporateServer:
|
univentionCorporateServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.5
|
cpu: 0.5
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
umsLdapNotifier:
|
umsLdapNotifier:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsLdapServer:
|
umsLdapServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsNotificationsApi:
|
umsNotificationsApi:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalFrontend:
|
umsPortalFrontend:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalListener:
|
umsPortalListener:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalListenerDependencies:
|
umsPortalListenerDependencies:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalServer:
|
umsPortalServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsStackDataUms:
|
umsStackDataUms:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsStackDataSwp:
|
umsStackDataSwp:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsStoreDav:
|
umsStoreDav:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsUdmRestApi:
|
umsUdmRestApi:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsUmcGateway:
|
umsUmcGateway:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsUmcServer:
|
umsUmcServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
wellKnown:
|
wellKnown:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "32Mi"
|
||||||
xwiki:
|
xwiki:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "8Gi"
|
memory: "8Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "6Gi"
|
memory: "1.5Gi"
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ secrets:
|
|||||||
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
|
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
|
||||||
defaultAccounts:
|
defaultAccounts:
|
||||||
administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "ums" | sha1sum | quote }}
|
administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "ums" | sha1sum | quote }}
|
||||||
|
userPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_password" | sha1sum | quote }}
|
||||||
|
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_admin" | sha1sum | quote }}
|
||||||
storeDavUsers:
|
storeDavUsers:
|
||||||
portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
|
portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
|
||||||
portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
|
portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
|
||||||
|
|||||||
Reference in New Issue
Block a user