mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
Compare commits
13 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6c1664fc0d | ||
|
|
36aa3ed7c9 | ||
|
|
23c46e7fe5 | ||
|
|
efbd814968 | ||
|
|
812eb5a439 | ||
|
|
f86a74ba10 | ||
|
|
71d11cfcd0 | ||
|
|
6aa3d386af | ||
|
|
7ac2e0f9de | ||
|
|
6f556bce70 | ||
|
|
a447c137fe | ||
|
|
47a385683c | ||
|
|
db48140f3a |
@@ -555,7 +555,7 @@ generate-release-assets:
|
||||
- "./build_artefacts/image-index.json"
|
||||
tags: []
|
||||
variables:
|
||||
ASSET_GENERATOR_REPO_PATH: "bmi/souveraener_arbeitsplatz/tooling/opendesk-asset-generator"
|
||||
ASSET_GENERATOR_REPO_PATH: "bmi/opendesk/tooling/opendesk-asset-generator"
|
||||
|
||||
|
||||
# Declare .environments which is in environments repository and only loaded when INCLUDE_ENVIRONMENTS_ENABLED not false.
|
||||
|
||||
43
CHANGELOG.md
43
CHANGELOG.md
@@ -1,3 +1,46 @@
|
||||
## [0.5.50](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.49...v0.5.50) (2023-11-27)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **ci:** Add metadata for renovate processing ([36aa3ed](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/36aa3ed7c9f9a6d0ffe23dc3ca2174d5f2741dfa))
|
||||
|
||||
## [0.5.49](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.48...v0.5.49) (2023-11-27)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Bump image to incorporate fix for https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f962-hw26-g267 ([efbd814](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/efbd81496868c5d4274f09805a1e771f47d548be))
|
||||
|
||||
## [0.5.48](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.47...v0.5.48) (2023-11-24)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **services:** Update resource requests and remove cpu limits ([f86a74b](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/f86a74ba100c7f08f6538b58a713bbc87c00e814))
|
||||
|
||||
## [0.5.47](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.46...v0.5.47) (2023-11-24)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Rename absolute paths on OpenCoDE to new 'opendesk' base group name ([7ac2e0f](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/7ac2e0f9de2a8386a7f5809ba40db4ed7164a857))
|
||||
* **xwiki:** Enable the sync of user profile picture from LDAP ([6aa3d38](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/6aa3d386afe8b3f22e47f9971fd719089006b54e))
|
||||
|
||||
## [0.5.46](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.45...v0.5.46) (2023-11-23)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Fix quotes in element chart ([a447c13](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a447c137fe58be343e7ada55afb7f6891a5cde74))
|
||||
|
||||
## [0.5.45](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.44...v0.5.45) (2023-11-22)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Add security context ([db48140](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/db48140f3ae6576b21e93ac0f10f40765efd608d))
|
||||
|
||||
## [0.5.44](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.43...v0.5.44) (2023-11-21)
|
||||
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
# Read me first
|
||||
|
||||
Please read the [project's overall CONTRIBUTING.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/CONTRIBUTING.md) first.
|
||||
Please read the [project's overall CONTRIBUTING.md](https://gitlab.opencode.de/bmi/opendesk/info/-/blob/main/CONTRIBUTING.md) first.
|
||||
|
||||
# How to contribute?
|
||||
|
||||
|
||||
@@ -40,7 +40,7 @@ Basic knowledge of Kubernetes and Devops is required though.
|
||||
|
||||
# Active development notice
|
||||
openDesk will face breaking changes in the near future without upgrade paths before
|
||||
[technical release](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/releases
|
||||
[technical release](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases
|
||||
v1.0.0 is reached.
|
||||
|
||||
While most components support upgrades, major configuration or component changes may occur, therefore we recommend
|
||||
@@ -60,10 +60,10 @@ Of course, further development also includes enhancing the documentation.
|
||||
|
||||
We love to get feedback from you!
|
||||
Related to the deployment / contents of this repository,
|
||||
please use the [issues within this project](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues).
|
||||
please use the [issues within this project](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues).
|
||||
|
||||
If you want to address other topics, please check the section
|
||||
["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
|
||||
["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/opendesk/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
|
||||
|
||||
# Requirements
|
||||
|
||||
@@ -86,7 +86,7 @@ If you want to address other topics, please check the section
|
||||
All technical releases are created using [Semantic Versioning](https://semver.org/lang/de/).
|
||||
|
||||
Gitlab provides an
|
||||
[overview on the releases](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/releases)
|
||||
[overview on the releases](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases)
|
||||
of this project.
|
||||
|
||||
The following release artefacts are provided beside the default source code assets:
|
||||
|
||||
@@ -50,30 +50,43 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
|
||||
This list gives you an overview of default security settings and if they comply with security standards:
|
||||
|
||||
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|-------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| CryptPad | cryptpad | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|--------------|----------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| CryptPad | npm | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||
| Dovecot | dovecot | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `NET_BIND_SERVICE`, `SETGID`, `SETUID`, `SYS_CHROOT`) | :white_check_mark: | :white_check_mark: | :x: | - | - | 1000 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| Open-Xchange | core-documentconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||
| | core-guidedtours | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-imageconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||
| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - |
|
||||
| | core-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-ui-middleware | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-ui-middleware-updater | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-user-guide | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | gotenberg | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | guard-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | nextlcoud-integration-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | public-sector-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
|
||||
@@ -29,7 +29,7 @@ missingFileHandler: "Error"
|
||||
# - Installing all releases from root via helmfile apply
|
||||
# - Installing a single release from root via helmfile apply -f helmfile/apps/<app>/helmfile.yaml
|
||||
# - Installing a single release from app directory via helmfile apply
|
||||
# Issue: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues/2
|
||||
# Issue: https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues/2
|
||||
|
||||
environments:
|
||||
default:
|
||||
|
||||
@@ -14,6 +14,11 @@ repositories:
|
||||
default "https://collaboraonline.github.io/online" }}
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://collaboraonline.github.io/online
|
||||
# packageName=collabora-online
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "collabora-online"
|
||||
chart: "collabora-online-repo/collabora-online"
|
||||
version: "1.0.2"
|
||||
|
||||
@@ -14,6 +14,11 @@ repositories:
|
||||
default "https://cryptpad.github.io/helm" }}
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://cryptpad.github.io/helm
|
||||
# packageName=cryptpad
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "cryptpad"
|
||||
chart: "cryptpad-online-repo/cryptpad"
|
||||
version: "0.0.13"
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Element
|
||||
@@ -31,60 +30,95 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-element"
|
||||
chart: "opendesk-element-repo/opendesk-element"
|
||||
version: "2.5.0"
|
||||
version: "2.5.1"
|
||||
values:
|
||||
- "values-element.yaml"
|
||||
- "values-element.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-well-known"
|
||||
chart: "opendesk-element-repo/opendesk-well-known"
|
||||
version: "2.5.0"
|
||||
version: "2.5.1"
|
||||
values:
|
||||
- "values-well-known.yaml"
|
||||
- "values-well-known.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-synapse-web"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||
version: "2.5.0"
|
||||
version: "2.5.1"
|
||||
values:
|
||||
- "values-synapse-web.yaml"
|
||||
- "values-synapse-web.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-synapse"
|
||||
chart: "opendesk-element-repo/opendesk-synapse"
|
||||
version: "2.5.0"
|
||||
version: "2.5.1"
|
||||
values:
|
||||
- "values-synapse.yaml"
|
||||
- "values-synapse.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
version: "2.5.1"
|
||||
values:
|
||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-matrix-user-verification-service"
|
||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||
version: "2.5.0"
|
||||
version: "2.5.1"
|
||||
values:
|
||||
- "values-matrix-user-verification-service.yaml"
|
||||
- "values-matrix-user-verification-service.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neoboard-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
|
||||
version: "3.2.0"
|
||||
@@ -94,6 +128,11 @@ releases:
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neochoice-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
|
||||
version: "3.2.0"
|
||||
@@ -103,6 +142,11 @@ releases:
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neodatefix-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
|
||||
version: "3.2.0"
|
||||
@@ -112,15 +156,25 @@ releases:
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neodatefix-bot-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
version: "2.5.1"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neodatefix-bot"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
|
||||
version: "3.2.0"
|
||||
|
||||
@@ -17,6 +17,11 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/intercom-service/intercom-service
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "intercom-service"
|
||||
chart: "intercom-service-repo/intercom-service"
|
||||
version: "2.0.1"
|
||||
|
||||
@@ -46,4 +46,7 @@ ingress:
|
||||
tls:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.intercomService | toYaml | nindent 2 }}
|
||||
...
|
||||
|
||||
@@ -17,6 +17,11 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "jitsi"
|
||||
chart: "jitsi-repo/sovereign-workplace-jitsi"
|
||||
version: "1.7.1"
|
||||
|
||||
@@ -19,6 +19,11 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-keycloak-bootstrap/opendesk-keycloak-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-keycloak-bootstrap"
|
||||
chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
|
||||
version: "1.1.12"
|
||||
|
||||
@@ -16,7 +16,7 @@ repositories:
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
# openDesk Keycloak Theme
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-theme
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-keycloak-theme
|
||||
- name: "keycloak-theme-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
@@ -31,12 +31,23 @@ repositories:
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "keycloak-theme"
|
||||
chart: "keycloak-theme-repo/opendesk-keycloak-theme"
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values-theme.gotmpl"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/keycloak
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "keycloak"
|
||||
chart: "bitnami-repo/keycloak"
|
||||
version: "12.1.5"
|
||||
@@ -46,6 +57,12 @@ releases:
|
||||
- "values-keycloak-idp.yaml"
|
||||
wait: true
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable
|
||||
# packageName=keycloak-extensions
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "keycloak-extensions"
|
||||
chart: "keycloak-extensions-repo/keycloak-extensions"
|
||||
version: "0.1.0"
|
||||
|
||||
@@ -8,7 +8,7 @@ bases:
|
||||
repositories:
|
||||
# openDesk Keycloak Bootstrap
|
||||
# Source:
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/sovereign-workplace-nextcloud-bootstrap
|
||||
# https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap
|
||||
- name: "opendesk-nextcloud-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
@@ -26,6 +26,11 @@ repositories:
|
||||
default "https://nextcloud.github.io/helm/" }}
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-nextcloud-bootstrap"
|
||||
chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
|
||||
version: "3.2.3"
|
||||
@@ -37,6 +42,11 @@ releases:
|
||||
installed: {{ .Values.nextcloud.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://nextcloud.github.io/helm
|
||||
# packageName=nextcloud
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "nextcloud"
|
||||
chart: "nextcloud-repo/nextcloud"
|
||||
version: "3.5.19"
|
||||
|
||||
@@ -49,6 +49,8 @@ metrics:
|
||||
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||
labels:
|
||||
{{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }}
|
||||
resources:
|
||||
{{ .Values.resources.nextcloudMetrics | toYaml | nindent 4 }}
|
||||
|
||||
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
||||
replicaCount: {{ .Values.replicas.nextcloud }}
|
||||
|
||||
@@ -7,7 +7,7 @@ bases:
|
||||
---
|
||||
repositories:
|
||||
# openDesk Dovecot
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-dovecot
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-dovecot
|
||||
- name: "opendesk-dovecot-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
@@ -21,7 +21,7 @@ repositories:
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
|
||||
# openDesk Open-Xchange Bootstrap
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-open-xchange-bootstrap
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-open-xchange-bootstrap
|
||||
- name: "opendesk-open-xchange-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
@@ -33,15 +33,25 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/dovecot/dovecot
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "dovecot"
|
||||
chart: "opendesk-dovecot-repo/dovecot"
|
||||
version: "1.3.5"
|
||||
version: "1.3.6"
|
||||
values:
|
||||
- "values-dovecot.yaml"
|
||||
- "values-dovecot.gotmpl"
|
||||
installed: {{ .Values.dovecot.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# packageName=appsuite-public-sector/charts/appsuite-public-sector
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "open-xchange"
|
||||
chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
|
||||
version: "2.1.1"
|
||||
@@ -53,6 +63,11 @@ releases:
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-open-xchange-bootstrap"
|
||||
chart: "opendesk-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
|
||||
version: "1.3.1"
|
||||
|
||||
@@ -1,6 +1,24 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "KILL"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SYS_CHROOT"
|
||||
enabled: true
|
||||
readOnlyRootFilesystem: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
dovecot:
|
||||
ldap:
|
||||
enabled: true
|
||||
@@ -16,4 +34,8 @@ dovecot:
|
||||
enabled: true
|
||||
ssl: "no"
|
||||
host: "postfix:25"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
...
|
||||
|
||||
@@ -25,6 +25,8 @@ nextcloud-integration-ui:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
|
||||
|
||||
public-sector-ui:
|
||||
image:
|
||||
@@ -35,6 +37,8 @@ public-sector-ui:
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
|
||||
|
||||
appsuite:
|
||||
istio:
|
||||
@@ -62,6 +66,8 @@ appsuite:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
|
||||
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
|
||||
properties:
|
||||
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
|
||||
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
@@ -119,6 +125,8 @@ appsuite:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
|
||||
|
||||
core-ui:
|
||||
imagePullSecrets:
|
||||
@@ -129,6 +137,8 @@ appsuite:
|
||||
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
|
||||
|
||||
core-ui-middleware:
|
||||
ingress:
|
||||
@@ -146,13 +156,18 @@ appsuite:
|
||||
redis:
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
|
||||
updater:
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUIMiddlewareUpdater | toYaml | nindent 6 }}
|
||||
|
||||
core-documentconverter:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.oxDocumentConverter | toYaml | nindent 6 }}
|
||||
{{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }}
|
||||
|
||||
core-guidedtours:
|
||||
imagePullSecrets:
|
||||
@@ -163,11 +178,15 @@ appsuite:
|
||||
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
|
||||
|
||||
core-imageconverter:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }}
|
||||
|
||||
guard-ui:
|
||||
imagePullSecrets:
|
||||
@@ -178,6 +197,8 @@ appsuite:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
|
||||
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
|
||||
|
||||
core-user-guide:
|
||||
image:
|
||||
@@ -188,4 +209,6 @@ appsuite:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
|
||||
...
|
||||
|
||||
@@ -14,6 +14,17 @@ appsuite:
|
||||
masterAdmin: "admin"
|
||||
gotenberg:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
features:
|
||||
status:
|
||||
# enable admin pack
|
||||
@@ -27,6 +38,7 @@ appsuite:
|
||||
open-xchange-authentication-oauth: "enabled"
|
||||
properties:
|
||||
com.openexchange.UIWebPath: "/appsuite/"
|
||||
com.openexchange.showAdmin: "false"
|
||||
# PDF Export
|
||||
com.openexchange.capability.mail_export_pdf: "true"
|
||||
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
||||
@@ -158,8 +170,23 @@ appsuite:
|
||||
mkdir -p /opt/open-xchange/guard-files
|
||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||
|
||||
# Security context for core-mw has no effect yet
|
||||
# podSecurityContext: {}
|
||||
# securityContext: {}
|
||||
|
||||
core-ui:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-ui-middleware:
|
||||
enabled: true
|
||||
@@ -170,15 +197,62 @@ appsuite:
|
||||
- "redis-master:6379"
|
||||
auth:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-guidedtours:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
guard-ui:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-cacheservice:
|
||||
enabled: false
|
||||
|
||||
core-user-guide:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-imageconverter:
|
||||
enabled: true
|
||||
@@ -188,6 +262,19 @@ appsuite:
|
||||
endpoint: "."
|
||||
accessKey: "."
|
||||
secretKey: "."
|
||||
podSecurityContext:
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 987
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
securityContext:
|
||||
# missing:
|
||||
# readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
|
||||
core-spellcheck:
|
||||
enabled: false
|
||||
@@ -198,6 +285,19 @@ appsuite:
|
||||
cache:
|
||||
remoteCache:
|
||||
enabled: false
|
||||
podSecurityContext:
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 987
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
securityContext:
|
||||
# missing:
|
||||
# readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
|
||||
core-documents-collaboration:
|
||||
enabled: false
|
||||
@@ -213,3 +313,30 @@ appsuite:
|
||||
enabled: false
|
||||
core-drive-help:
|
||||
enabled: false
|
||||
|
||||
nextcloud-integration-ui:
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
public-sector-ui:
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -19,6 +19,11 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-openproject-bootstrap"
|
||||
chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap"
|
||||
version: "1.2.1"
|
||||
|
||||
@@ -14,6 +14,11 @@ repositories:
|
||||
default "https://charts.openproject.org" }}
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://charts.openproject.org
|
||||
# packageName=openproject
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "openproject"
|
||||
chart: "openproject-repo/openproject"
|
||||
version: "2.4.0"
|
||||
|
||||
@@ -13,6 +13,11 @@ repositories:
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }}
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable
|
||||
# packageName=ox-connector
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ox-connector"
|
||||
chart: "ox-connector-repo/ox-connector"
|
||||
version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
|
||||
|
||||
@@ -73,12 +73,23 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "opendesk-certificates"
|
||||
chart: "opendesk-certificates-repo/opendesk-certificates"
|
||||
version: "2.1.0"
|
||||
values:
|
||||
- "values-certificates.gotmpl"
|
||||
installed: {{ .Values.certificates.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/redis
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "redis"
|
||||
chart: "bitnami-repo/redis"
|
||||
version: "18.1.2"
|
||||
@@ -86,6 +97,12 @@ releases:
|
||||
- "values-redis.gotmpl"
|
||||
- "values-redis.yaml"
|
||||
installed: {{ .Values.redis.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/memcached
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "memcached"
|
||||
chart: "bitnami-repo/memcached"
|
||||
version: "6.6.2"
|
||||
@@ -93,6 +110,12 @@ releases:
|
||||
- "values-memcached.yaml"
|
||||
- "values-memcached.gotmpl"
|
||||
installed: {{ .Values.memcached.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/postgresql/postgresql
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "postgresql"
|
||||
chart: "postgresql-repo/postgresql"
|
||||
version: "2.0.3"
|
||||
@@ -101,6 +124,12 @@ releases:
|
||||
- "values-postgresql.gotmpl"
|
||||
installed: {{ .Values.postgresql.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/mariadb/mariadb
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "mariadb"
|
||||
chart: "mariadb-repo/mariadb"
|
||||
version: "2.1.1"
|
||||
@@ -109,6 +138,12 @@ releases:
|
||||
- "values-mariadb.gotmpl"
|
||||
installed: {{ .Values.mariadb.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/postfix/postfix
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "postfix"
|
||||
chart: "postfix-repo/postfix"
|
||||
version: "2.0.4"
|
||||
@@ -116,6 +151,12 @@ releases:
|
||||
- "values-postfix.yaml"
|
||||
- "values-postfix.gotmpl"
|
||||
installed: {{ .Values.postfix.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/clamav/opendesk-clamav
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "clamav"
|
||||
chart: "clamav-repo/opendesk-clamav"
|
||||
version: "4.0.0"
|
||||
@@ -123,6 +164,12 @@ releases:
|
||||
- "values-clamav-distributed.yaml"
|
||||
- "values-clamav-distributed.gotmpl"
|
||||
installed: {{ .Values.clamavDistributed.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/clamav/clamav-simple
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "clamav-simple"
|
||||
chart: "clamav-repo/clamav-simple"
|
||||
version: "4.0.0"
|
||||
@@ -130,6 +177,12 @@ releases:
|
||||
- "values-clamav-simple.yaml"
|
||||
- "values-clamav-simple.gotmpl"
|
||||
installed: {{ .Values.clamavSimple.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/istio-ressources/istio-gateway
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "opendesk-gateway"
|
||||
chart: "istio-resources-repo/istio-gateway"
|
||||
version: "2.0.0"
|
||||
@@ -137,6 +190,12 @@ releases:
|
||||
- "values-istio-gateway.yaml"
|
||||
- "values-istio-gateway.gotmpl"
|
||||
installed: {{ .Values.istio.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/minio
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "minio"
|
||||
chart: "bitnami-repo/minio"
|
||||
version: "12.8.19"
|
||||
|
||||
@@ -18,6 +18,11 @@ repositories:
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "univention-corporate-container"
|
||||
chart: "univention-corporate-container-repo/univention-corporate-container"
|
||||
version: "1.0.10"
|
||||
|
||||
@@ -24,6 +24,12 @@ repositories:
|
||||
releases:
|
||||
# TODO: Interim, until the UMS stack has a stack umbrella chart and provides a solution
|
||||
# {{- if eq .Values.ingress.ingressClassName "dedicated-haproxy-external" }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/nginx
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "ums-stack-gateway"
|
||||
chart: "bitnami-repo/nginx"
|
||||
version: "15.3.5"
|
||||
@@ -31,6 +37,12 @@ releases:
|
||||
- "values-ums-stack-gateway.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
# {{- end }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=store-dav
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-store-dav"
|
||||
chart: "ums-repo/store-dav"
|
||||
version: "0.5.2"
|
||||
@@ -39,6 +51,12 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-store-dav.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=ldap-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-ldap-server"
|
||||
chart: "ums-repo/ldap-server"
|
||||
version: "0.7.0"
|
||||
@@ -48,6 +66,12 @@ releases:
|
||||
- "values-ldap-server.gotmpl"
|
||||
- "values-ldap-server.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=ldap-notifier
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-ldap-notifier"
|
||||
chart: "ums-repo/ldap-notifier"
|
||||
version: "0.7.0"
|
||||
@@ -57,6 +81,12 @@ releases:
|
||||
- "values-ldap-notifier.gotmpl"
|
||||
- "values-ldap-notifier.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=udm-rest-api
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-udm-rest-api"
|
||||
chart: "ums-repo/udm-rest-api"
|
||||
version: "0.3.5"
|
||||
@@ -65,6 +95,12 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-udm-rest-api.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=stack-data-ums
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-stack-data-ums"
|
||||
chart: "ums-repo/stack-data-ums"
|
||||
version: "0.33.0"
|
||||
@@ -73,6 +109,12 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-ums.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=stack-data-swp
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-stack-data-swp"
|
||||
chart: "ums-repo/stack-data-swp"
|
||||
version: "0.33.0"
|
||||
@@ -81,6 +123,12 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-stack-data-swp.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-portal-server"
|
||||
chart: "ums-repo/portal-server"
|
||||
version: "0.4.3"
|
||||
@@ -89,6 +137,12 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-portal-server.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=notifications-api
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-notifications-api"
|
||||
chart: "ums-repo/notifications-api"
|
||||
version: "0.4.3"
|
||||
@@ -98,6 +152,12 @@ releases:
|
||||
- "values-notifications-api.gotmpl"
|
||||
- "values-notifications-api.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-listener
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-portal-listener"
|
||||
chart: "ums-repo/portal-listener"
|
||||
version: "0.4.3"
|
||||
@@ -107,6 +167,12 @@ releases:
|
||||
- "values-portal-listener.gotmpl"
|
||||
- "values-portal-listener.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-frontend
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-portal-frontend"
|
||||
chart: "ums-repo/portal-frontend"
|
||||
version: "0.4.3"
|
||||
@@ -115,6 +181,12 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-portal-frontend.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/nginx
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "ums-portal-frontend-custom"
|
||||
# TODO: Replace with our own Nginx chart.
|
||||
chart: "bitnami-repo/nginx"
|
||||
@@ -123,6 +195,12 @@ releases:
|
||||
- "values-portal-frontend-custom.yaml"
|
||||
- "values-portal-frontend-custom.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=umc-gateway
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-umc-gateway"
|
||||
chart: "ums-repo/umc-gateway"
|
||||
version: "0.5.1"
|
||||
@@ -131,6 +209,12 @@ releases:
|
||||
- "values-common.yaml"
|
||||
- "values-umc-gateway.gotmpl"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=umc-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-umc-server"
|
||||
chart: "ums-repo/umc-server"
|
||||
version: "0.5.1"
|
||||
|
||||
@@ -14,6 +14,11 @@ repositories:
|
||||
default "https://xwiki-contrib.github.io/xwiki-helm" }}
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://xwiki-contrib.github.io/xwiki-helm
|
||||
# packageName=xwiki
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "xwiki"
|
||||
chart: "xwiki-repo/xwiki"
|
||||
version: "1.2.3"
|
||||
|
||||
@@ -16,7 +16,7 @@ externalDB:
|
||||
|
||||
customConfigs:
|
||||
"xwiki.cfg":
|
||||
"xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
||||
xwiki.superadminpassword: {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
||||
## LDAP Server configuration
|
||||
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
|
||||
xwiki.authentication.ldap.port: 389
|
||||
@@ -25,6 +25,8 @@ customConfigs:
|
||||
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||
## Base DN used for searching for users
|
||||
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||
## Allow short update cycles of the LDAP group cache
|
||||
xwiki.authentication.ldap.groupcache_expiration: 300
|
||||
|
||||
"xwiki.properties":
|
||||
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
|
||||
|
||||
@@ -10,9 +10,9 @@ customConfigs:
|
||||
## Indicate the LDAP field defining the user UID
|
||||
xwiki.authentication.ldap.UID_attr: "uid"
|
||||
## Indicate the LDAP field defining the user profile picture
|
||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||
## Enable the synchronization of the LDAP profile picture
|
||||
# xwiki.authentication.ldap.update_photo: 1
|
||||
xwiki.authentication.ldap.update_photo: 1
|
||||
|
||||
xwiki.properties:
|
||||
oidc.scope: "openid,profile,email,address,phoenix"
|
||||
@@ -80,8 +80,10 @@ properties:
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
||||
"dc=swp-ldap,dc=internal"
|
||||
## LDAP filter to only synchronize some groups
|
||||
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
"(objectClass=opendeskKnowledgemanagementGroup)"
|
||||
|
||||
securityContext:
|
||||
enabled: true
|
||||
|
||||
@@ -3,298 +3,508 @@
|
||||
---
|
||||
images:
|
||||
clamd:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
collabora:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/collabora"
|
||||
tag: "23.05.5.4.1@sha256:ff48ec379f0d63e50b7714d1fa0f8f8de4247595dfa78754c44786a79c4968e4"
|
||||
# @supplier: "Collabora"
|
||||
cryptpad:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "cryptpad/cryptpad"
|
||||
tag: "opendesk-20231020@sha256:b0bfe09601d8c8064e1b174d21a225ddb10aaa4103892fdfdf3d216726c26dde"
|
||||
# @supplier: "XWiki"
|
||||
dovecot:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/dovecot-public-sector"
|
||||
tag: "2.3.21@sha256:c76965a84d1ca527f523404eb027119f6736b199c094e4671037cb345ecad3dc"
|
||||
# @supplier: "Open-Xchange"
|
||||
element:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
tag: "1.6.0@sha256:a71cbd75ee88471e3df59f26a2a37b9b8ff83d2f71f726053acd381ecd87e234"
|
||||
# @supplier: "Element"
|
||||
freshclam:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
icap:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=service
|
||||
repository: "souvap/tooling/images/c-icap"
|
||||
tag: "0.5.10@sha256:cd665e77a42460bb1e6df4282bc1d8737be241fc9f4143d43509e31de3a7993d"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
intercom:
|
||||
# renovate:
|
||||
# registryUrl=https://quay.io
|
||||
# dependencyType=vendor
|
||||
repository: "univention/intercom-service"
|
||||
tag: "1.6@sha256:f32c1e52fa132e9dc6973e9f8ed36a98c5c3e0bcd51c60f9a683e7e528dd2306"
|
||||
# @supplier: "Univention"
|
||||
jibri:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "jitsi/jibri"
|
||||
tag: "stable-8922@sha256:87aa176b44b745b13769f13b8e2d22ddd6f6ba624244d5354c8dd3664787e936"
|
||||
# @supplier: "Nordeck"
|
||||
jicofo:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "jitsi/jicofo"
|
||||
tag: "stable-8922@sha256:820fcd4b072b29f42c1c37389fbefda1065f1e9654694941485dc08123c8a93b"
|
||||
# @supplier: "Nordeck"
|
||||
jitsi:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "jitsi/web"
|
||||
tag: "stable-8922@sha256:24bd4179998fe01ace1be74e53fea5308f4d91722953bb4334611e6886753f46"
|
||||
# @supplier: "Nordeck"
|
||||
jitsiKeycloakAdapter:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/jitsi-keycloak-adapter"
|
||||
tag: "v20230906@sha256:54d45ee1a1205f98641810ffb171bd92e6478e2957a349ee4ff599359239fbf2"
|
||||
# @supplier: "Nordeck"
|
||||
jitsiPatchJVB:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "bitnami/kubectl"
|
||||
tag: "1.26.8@sha256:c6902a1fdce0a24c9f93ac8d1f317039b206a4b307d8fc76cab4a92911345757"
|
||||
# @supplier: "Nordeck"
|
||||
jvb:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "jitsi/jvb"
|
||||
tag: "stable-8922@sha256:75dd613807e19cbbd440d071b60609fa9e4ee50a1396b14deb0ed779d882a554"
|
||||
# @supplier: "Nordeck"
|
||||
keycloak:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "bitnami/keycloak"
|
||||
tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e"
|
||||
# @supplier: "Univention"
|
||||
keycloakUnivention:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/keycloak-app-on-use-base-manpub-tr"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
keycloakBootstrap:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=service
|
||||
repository: "souvap/tooling/images/ansible"
|
||||
tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
keycloakExtensionHandler:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler"
|
||||
tag: "latest@sha256:e67bdfc655e43b7fb83b025e13f949b04fdd98e089b33401275d03e340e03e2e"
|
||||
# @supplier: "Univention"
|
||||
keycloakExtensionProxy:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-proxy"
|
||||
tag: "latest@sha256:57026fb4ba7d4579461e7ddd4b1b8ce9585d1cac4adbe64040f5e1063c80a6ba"
|
||||
# @supplier: "Univention"
|
||||
mariadb:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "mariadb"
|
||||
# For upgrades at least confirm compatibility of target version with OX (regarding AS Guard)
|
||||
tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
matrixNeoBoardWidget:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/matrix-neoboard-widget"
|
||||
tag: "1.0.0@sha256:584b9c18ea3dfd4b7f1e73f3e114bc1dcd5731b400a8d037576bf2a797c8b086"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoChoiceWidget:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/matrix-poll-widget"
|
||||
tag: "1.3.0@sha256:19d2c8c7a15fe7d12c4a83a89310831da12323fd45ff0280cce808f1be0c7e0b"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixBot:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/matrix-meetings-bot"
|
||||
tag: "2.4.2@sha256:f5b3362560255470076f3e6c95a0dd93a8f781398afb992c1e1212764fa87297"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixWidget:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/matrix-meetings-widget"
|
||||
tag: "1.5.3@sha256:918b1eb28cefb08bfdaae57607f0889b454111f2ba80b5ec9bb3c750f8599913"
|
||||
# @supplier: "Nordeck"
|
||||
matrixUserVerificationService:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "matrixdotorg/matrix-user-verification-service"
|
||||
tag: "v3.0.0@sha256:25e685d595785e2a72e75a525dac78cf8c782445454f8ac090d3702431c38008"
|
||||
# @supplier: "Element"
|
||||
memcached:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "bitnami/memcached"
|
||||
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
milter:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
minio:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "bitnami/minio"
|
||||
tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
nextcloud:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "nextcloud"
|
||||
tag: "27.1.1-apache@sha256:47325758ffcd54563021e697905aaba6aac8c21bceefb245c67d40194813ce39"
|
||||
tag: "27.1.3-apache@sha256:ec46e99164ee7fa5d49e84784833e022be47f9f54f401bcb5a2d789f8c0bc149"
|
||||
# @supplier: "Nextcloud Community"
|
||||
nextcloudExporter:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "xperimental/nextcloud-exporter"
|
||||
tag: "0.6.2@sha256:4ef2555e74ad1dd1b7b7b0680ce85f2b9333f2c2301756582ff04ae97adf796f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
openproject:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "openproject/open_desk"
|
||||
tag: "dev@sha256:732b5d0efe9fc64fe411c9d8143ec3f4a3c731d03c0caddb5fa4c614ff426e8d"
|
||||
# @supplier: "OpenProject"
|
||||
openprojectInitDb:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "postgres"
|
||||
tag: "13@sha256:ced3ba927f4cf06e03eac7760f426a95367076fb31fe4e31b679f82d119a3519"
|
||||
# @supplier: "OpenProject"
|
||||
openprojectBootstrap:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=service
|
||||
repository: "souvap/tooling/images/opendesk-openproject-bootstrap"
|
||||
tag: "1.1.1@sha256:09da76a9b645b3dbe5c181061f7829f82f239e7d17f7e115218a32870f7a955e"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
openxchangeBootstrap:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreGuidedtours:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/core-guidedtours"
|
||||
tag: "8.6.0@sha256:6c20780f8c609636f2182c41709e2ee26586b4a23679fd13b15875a5f443445b"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreMW:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/middleware-public-sector"
|
||||
tag: "8.19.33@sha256:369c44369d727e4172f10c25137dbb00d936d20dd844cdca3a34f7f31273ea05"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUI:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/core-ui"
|
||||
tag: "8.19.0@sha256:7fdd73f78fd7094f2968f6fcaaae175e60824f9ef68f9e7e70418de6a2b623e9"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUIMiddleware:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/core-ui-middleware"
|
||||
tag: "2.0.0@sha256:8082edf30498a3ac1715f2d9b3e406f240ea586e2616b97f40c207ef55dff11f"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUserGuide:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/core-user-guide"
|
||||
tag: "8.19.771856@sha256:e00ed8f94c3c42cd288dd03f7fb18d228eb516b5e5ebd318825289b1c4ed17ab"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeDocumentConverter:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/documentconverter"
|
||||
tag: "8.19.32@sha256:82354e858b6aeeae7f0ebaf66ad106f8e9ae46e605e97bb1d2d14e6ce1c3d708"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeGotenberg:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/3rdparty/gotenberg"
|
||||
tag: "7.9.2@sha256:c97c1adb971d149222062ec46c5d749d710b38ad153c5c6ed954023e2401c9d0"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeGuardUI:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/guard-ui"
|
||||
tag: "4.0.7@sha256:8c9fa5d6aed055c0e84042ab28b3f0e9add94390362266ad440da4f90b8c93a8"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeImageConverter:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/imageconverter"
|
||||
tag: "8.19.33@sha256:9543c1409a129567bd6e4a657a353819842a4b1e1807ab86a1ea2e7f73f8c18e"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/nextcloud-integration-ui"
|
||||
tag: "1.1.0@sha256:82cecb5adac63806ab41546e6b49090a93a5f4645750bb3967d87585b60df2e1"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangePublicSectorUI:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/public-sector-ui"
|
||||
tag: "2.1.0@sha256:ed56730add8afdb08bef8b43a114aba406fd86d83c7fd7af93dc16bb002fa233"
|
||||
# @supplier: "Open-Xchange"
|
||||
oxConnector:
|
||||
# @supplier: "Univention"
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
|
||||
tag: "branch-jconde-listener-entrypoint-chaining\
|
||||
@sha256:54748d49e37d52529d4a857ff834d1217bd2cb8c89c7eed25c0873159ed6853c"
|
||||
# @supplier: "Univention"
|
||||
postfix:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=service
|
||||
repository: "souvap/tooling/images/postfix"
|
||||
tag: "1.0.0@sha256:69e0c53ade77ffb89673672f5c8183ec2edfc81d4e990aca3ec594f33c55a7ac"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
postgresql:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "postgres"
|
||||
tag: "15.4-alpine3.18@sha256:f36c528a2dc8747ea40b4cb8578da69fa75c5063fd6a71dcea3e3b2a6404ff7b"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
prosody:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "jitsi/prosody"
|
||||
tag: "stable-8922@sha256:243547f24ae7d686d1f0c18ee230cf93119a66f095dda282bacbf45d4bb69f77"
|
||||
# @supplier: "Nordeck"
|
||||
redis:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=service
|
||||
repository: "bitnami/redis"
|
||||
tag: "7.2.1-debian-11-r5@sha256:e664fa63dfe88cd099180c32f2c9a109a958f053b75d195beb48b06ffd8a0b5b"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
synapse:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "matrixdotorg/synapse"
|
||||
tag: "v1.91.2@sha256:1d19508db417bb2b911c8e086bd3dc3b719ee75c6f6194d58af59b4c32b11322"
|
||||
# @supplier: "Element"
|
||||
synapseCreateUser:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
# @supplier: "Nordeck"
|
||||
synapseGuestModule:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/synapse-guest-module"
|
||||
tag: "1.0.0@sha256:e9c736d84a77df93b2dbe3e3afa7b0ca3efcbc4457677adaac5df3cc79a85923"
|
||||
# @supplier: "Nordeck"
|
||||
synapseWeb:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "rapidfort/haproxy-official"
|
||||
tag: "2.6.6-bullseye@sha256:bf22cfb1301aae433213f5f8c687bc5d9ecc6b86daf1084be5f7a339bd27cadd"
|
||||
# @supplier: "Element"
|
||||
univentionCorporateServer:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/univention-corporate-server-swp/ucs"
|
||||
tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8"
|
||||
# @supplier: "Univention"
|
||||
umsConfigHtpasswd:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "0.5.2@sha256:b63887af87ed4c496688d422a8881e806de4a2364eb07c7e24bb1635b539e7f3"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "0.33.0@sha256:2e9baf28cfe3eb6c740ce604d60ebc1ee6b3e0e2e8741730716a1c7375046039"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||
tag: "0.7.0@sha256:c5bd680dc85990aec2c3dde14f8e6b72f5a5d2d3c648bc434c57117836464faf"
|
||||
# @supplier: "Univention"
|
||||
umsLdapServer:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-server"
|
||||
tag: "0.7.0@sha256:a87b615fc97c574316f41e1e6dc9bef41d80583ba450aece9d9830bab4d5a09a"
|
||||
# @supplier: "Univention"
|
||||
umsNotificationsApi:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "0.4.4@sha256:630905fd503ea5f4b17ccd4adccd68c20b85405a7372e7c71ac2c88aa6e1e47c"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "0.4.4@sha256:689065bad9ab735be1cfd12e519934616e8c049afee4f78c46b630ab7c1a7aef"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "0.4.4@sha256:b8955718ad4d2c973b4c1ee80867ac47c2d90e422234c7a2401b13ed606fd4d4"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "0.4.4@sha256:21d279ede3a7cbdaf3a5c4e83375bb389785db4f2569cfaf8362896a9b30e287"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "0.4.3@sha256:ff4b7f762860baa1415cfe9a24131cb28c2660a14058ca8a1e7a697468f72d69"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "0.5.2@sha256:a3cbb1df2024edf58aea029a280f660bcd2fb8e684eed638901f5d7cbf9db467"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "0.3.5@sha256:1a434f9d5e4d15217d011c13d9f1694e8a12291e09a6d0802c1158f7e2c5e035"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "0.5.1@sha256:9937efd54020e0782a26a1670d0cb8b29edbc802b1fd9eed5e308a594d4ce010"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "0.5.1@sha256:cfb626f8d0a949ce0ed36d7e01791006eae24d984573dfa3ed3f031808437da3"
|
||||
# @supplier: "Univention"
|
||||
wellKnown:
|
||||
# renovate:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "library/nginx"
|
||||
tag: "1.25.2-bookworm@sha256:9504f3f64a3f16f0eaf9adca3542ff8b2a6880e6abfb13e478cca23f6380080a"
|
||||
# @supplier: "Element"
|
||||
xwiki:
|
||||
# renovate:
|
||||
# registryUrl=https://git.xwikisas.com:5050
|
||||
# dependencyType=vendor
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.12-mariadb-jetty-alpine@sha256:c195d8baf38b6c6b0c533a3216e726cd863a6c2ba0e65f18036402592bb72896"
|
||||
# @supplier: "XWiki"
|
||||
|
||||
@@ -1,362 +1,455 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
# Some charts do not support null or ~ values, because they use their default values.
|
||||
# To not limit the CPU, we set all CPU limits to 99.
|
||||
resources:
|
||||
clamd:
|
||||
limits:
|
||||
cpu: 4
|
||||
cpu: 99
|
||||
memory: "4Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "2Gi"
|
||||
memory: "1.5Gi"
|
||||
collabora:
|
||||
limits:
|
||||
cpu: 4
|
||||
cpu: 99
|
||||
memory: "4Gi"
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: "1Gi"
|
||||
memory: "512Mi"
|
||||
cryptpad:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "2Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "512Mi"
|
||||
dovecot:
|
||||
limits:
|
||||
cpu: 0.5
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "32Mi"
|
||||
element:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memory: "32Mi"
|
||||
freshclam:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "96Mi"
|
||||
icap:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "16Mi"
|
||||
intercomService:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "64Mi"
|
||||
jibri:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "768Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "125Mi"
|
||||
memory: "384Mi"
|
||||
jicofo:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "256Mi"
|
||||
jitsi:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "32Mi"
|
||||
jitsiKeycloakAdapter:
|
||||
limits:
|
||||
cpu: "100m"
|
||||
cpu: 99
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "16Mi"
|
||||
memory: "48Mi"
|
||||
jvb:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "768Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "384Mi"
|
||||
keycloak:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "2Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "750Mi"
|
||||
memory: "512Mi"
|
||||
keycloakExtension:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "48Mi"
|
||||
keycloakBootstrap:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
keycloakProxy:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "48Mi"
|
||||
mariadb:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "2Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "500Mi"
|
||||
memory: "384Mi"
|
||||
matrixNeoBoardWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memory: "48Mi"
|
||||
matrixNeoChoiceWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memory: "48Mi"
|
||||
matrixNeoDateFixBot:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "128Mi"
|
||||
matrixNeoDateFixWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memory: "48Mi"
|
||||
matrixUserVerificationService:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memory: "128Mi"
|
||||
memcached:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "32Mi"
|
||||
milter:
|
||||
limits:
|
||||
cpu: 4
|
||||
memory: "4Gi"
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "2Gi"
|
||||
memory: "16Mi"
|
||||
minio:
|
||||
limits:
|
||||
cpu: 2
|
||||
memory: "4Gi"
|
||||
cpu: 99
|
||||
memory: "2Gi"
|
||||
requests:
|
||||
cpu: 0.25
|
||||
memory: "1Gi"
|
||||
memory: "256Mi"
|
||||
nextcloud:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "500Mi"
|
||||
memory: "512Mi"
|
||||
nextcloudMetrics:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "32Mi"
|
||||
openproject:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
oxConnector:
|
||||
memory: "768Mi"
|
||||
openxchangeCoreDocumentConverter:
|
||||
limits:
|
||||
cpu: 2
|
||||
memory: "2Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
oxDocumentConverter:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "2Gi"
|
||||
requests:
|
||||
cpu: 0.25
|
||||
memory: "1Gi"
|
||||
memory: "1.25Gi"
|
||||
openxchangeCoreGuidedtours:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.01
|
||||
memory: "32Mi"
|
||||
openxchangeCoreImageConverter:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "2Gi"
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: "1.25Gi"
|
||||
openxchangeCoreMW:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "8Gi"
|
||||
requests:
|
||||
cpu: 1
|
||||
memory: "1.25Gi"
|
||||
openxchangeCoreUI:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.01
|
||||
memory: "32Mi"
|
||||
openxchangeCoreUIMiddleware:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "768Mi"
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: "192Mi"
|
||||
openxchangeCoreUIMiddlewareUpdater:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "768Mi"
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: "192Mi"
|
||||
openxchangeCoreUserGuide:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.02
|
||||
memory: "32Mi"
|
||||
openxchangeGotenberg:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.05
|
||||
memory: "32Mi"
|
||||
openxchangeGuardUI:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.01
|
||||
memory: "32Mi"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.01
|
||||
memory: "32Mi"
|
||||
openxchangePublicSectorUI:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "96Mi"
|
||||
requests:
|
||||
cpu: 0.01
|
||||
memory: "32Mi"
|
||||
oxConnector:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "64Mi"
|
||||
postfix:
|
||||
limits:
|
||||
cpu: 0.5
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "128Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "16Mi"
|
||||
postgresql:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
prosody:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "32Mi"
|
||||
redis:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
memory: "32Mi"
|
||||
synapse:
|
||||
limits:
|
||||
cpu: 4
|
||||
cpu: 99
|
||||
memory: "4Gi"
|
||||
requests:
|
||||
cpu: 1
|
||||
memory: "2Gi"
|
||||
memory: "256Mi"
|
||||
synapseWeb:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memory: "64Mi"
|
||||
univentionCorporateServer:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "4Gi"
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: "1Gi"
|
||||
umsLdapNotifier:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsLdapServer:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsNotificationsApi:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsPortalFrontend:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsPortalListener:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsPortalListenerDependencies:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsPortalServer:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsStackDataUms:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsStackDataSwp:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsStoreDav:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsUdmRestApi:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsUmcGateway:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
umsUmcServer:
|
||||
limits:
|
||||
cpu: 1
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "250Mi"
|
||||
memory: "256Mi"
|
||||
wellKnown:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memory: "32Mi"
|
||||
xwiki:
|
||||
limits:
|
||||
cpu: 2
|
||||
cpu: 99
|
||||
memory: "8Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "6Gi"
|
||||
memory: "1.5Gi"
|
||||
...
|
||||
|
||||
Reference in New Issue
Block a user