mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-07 07:51:38 +01:00
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
812eb5a439 | ||
|
|
f86a74ba10 | ||
|
|
71d11cfcd0 | ||
|
|
6aa3d386af | ||
|
|
7ac2e0f9de | ||
|
|
6f556bce70 | ||
|
|
a447c137fe | ||
|
|
47a385683c | ||
|
|
db48140f3a |
@@ -555,7 +555,7 @@ generate-release-assets:
|
|||||||
- "./build_artefacts/image-index.json"
|
- "./build_artefacts/image-index.json"
|
||||||
tags: []
|
tags: []
|
||||||
variables:
|
variables:
|
||||||
ASSET_GENERATOR_REPO_PATH: "bmi/souveraener_arbeitsplatz/tooling/opendesk-asset-generator"
|
ASSET_GENERATOR_REPO_PATH: "bmi/opendesk/tooling/opendesk-asset-generator"
|
||||||
|
|
||||||
|
|
||||||
# Declare .environments which is in environments repository and only loaded when INCLUDE_ENVIRONMENTS_ENABLED not false.
|
# Declare .environments which is in environments repository and only loaded when INCLUDE_ENVIRONMENTS_ENABLED not false.
|
||||||
|
|||||||
29
CHANGELOG.md
29
CHANGELOG.md
@@ -1,3 +1,32 @@
|
|||||||
|
## [0.5.48](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.47...v0.5.48) (2023-11-24)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **services:** Update resource requests and remove cpu limits ([f86a74b](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/f86a74ba100c7f08f6538b58a713bbc87c00e814))
|
||||||
|
|
||||||
|
## [0.5.47](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.46...v0.5.47) (2023-11-24)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **helmfile:** Rename absolute paths on OpenCoDE to new 'opendesk' base group name ([7ac2e0f](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/7ac2e0f9de2a8386a7f5809ba40db4ed7164a857))
|
||||||
|
* **xwiki:** Enable the sync of user profile picture from LDAP ([6aa3d38](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/6aa3d386afe8b3f22e47f9971fd719089006b54e))
|
||||||
|
|
||||||
|
## [0.5.46](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.45...v0.5.46) (2023-11-23)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **element:** Fix quotes in element chart ([a447c13](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/a447c137fe58be343e7ada55afb7f6891a5cde74))
|
||||||
|
|
||||||
|
## [0.5.45](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.44...v0.5.45) (2023-11-22)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **open-xchange:** Add security context ([db48140](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/db48140f3ae6576b21e93ac0f10f40765efd608d))
|
||||||
|
|
||||||
## [0.5.44](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.43...v0.5.44) (2023-11-21)
|
## [0.5.44](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.43...v0.5.44) (2023-11-21)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
|
|
||||||
# Read me first
|
# Read me first
|
||||||
|
|
||||||
Please read the [project's overall CONTRIBUTING.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/CONTRIBUTING.md) first.
|
Please read the [project's overall CONTRIBUTING.md](https://gitlab.opencode.de/bmi/opendesk/info/-/blob/main/CONTRIBUTING.md) first.
|
||||||
|
|
||||||
# How to contribute?
|
# How to contribute?
|
||||||
|
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ Basic knowledge of Kubernetes and Devops is required though.
|
|||||||
|
|
||||||
# Active development notice
|
# Active development notice
|
||||||
openDesk will face breaking changes in the near future without upgrade paths before
|
openDesk will face breaking changes in the near future without upgrade paths before
|
||||||
[technical release](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/releases
|
[technical release](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases
|
||||||
v1.0.0 is reached.
|
v1.0.0 is reached.
|
||||||
|
|
||||||
While most components support upgrades, major configuration or component changes may occur, therefore we recommend
|
While most components support upgrades, major configuration or component changes may occur, therefore we recommend
|
||||||
@@ -60,10 +60,10 @@ Of course, further development also includes enhancing the documentation.
|
|||||||
|
|
||||||
We love to get feedback from you!
|
We love to get feedback from you!
|
||||||
Related to the deployment / contents of this repository,
|
Related to the deployment / contents of this repository,
|
||||||
please use the [issues within this project](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues).
|
please use the [issues within this project](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues).
|
||||||
|
|
||||||
If you want to address other topics, please check the section
|
If you want to address other topics, please check the section
|
||||||
["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
|
["Rückmeldungen und Beteiligung" of the Infos' project OVERVIEW.md](https://gitlab.opencode.de/bmi/opendesk/info/-/blob/main/OVERVIEW.md#rückmeldungen-und-beteiligung).
|
||||||
|
|
||||||
# Requirements
|
# Requirements
|
||||||
|
|
||||||
@@ -86,7 +86,7 @@ If you want to address other topics, please check the section
|
|||||||
All technical releases are created using [Semantic Versioning](https://semver.org/lang/de/).
|
All technical releases are created using [Semantic Versioning](https://semver.org/lang/de/).
|
||||||
|
|
||||||
Gitlab provides an
|
Gitlab provides an
|
||||||
[overview on the releases](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/releases)
|
[overview on the releases](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases)
|
||||||
of this project.
|
of this project.
|
||||||
|
|
||||||
The following release artefacts are provided beside the default source code assets:
|
The following release artefacts are provided beside the default source code assets:
|
||||||
|
|||||||
@@ -50,30 +50,43 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
|
|||||||
This list gives you an overview of default security settings and if they comply with security standards:
|
This list gives you an overview of default security settings and if they comply with security standards:
|
||||||
|
|
||||||
|
|
||||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||||
|-------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
|--------------|----------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||||
| CryptPad | cryptpad | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
| CryptPad | npm | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| Dovecot | dovecot | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `NET_BIND_SERVICE`, `SETGID`, `SETUID`, `SYS_CHROOT`) | :white_check_mark: | :white_check_mark: | :x: | - | - | 1000 |
|
||||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| Open-Xchange | core-documentconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||||
|
| | core-guidedtours | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-imageconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||||
|
| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - |
|
||||||
|
| | core-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-ui-middleware | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-ui-middleware-updater | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | core-user-guide | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | gotenberg | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | guard-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | nextlcoud-integration-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| | public-sector-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
|
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
|
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ missingFileHandler: "Error"
|
|||||||
# - Installing all releases from root via helmfile apply
|
# - Installing all releases from root via helmfile apply
|
||||||
# - Installing a single release from root via helmfile apply -f helmfile/apps/<app>/helmfile.yaml
|
# - Installing a single release from root via helmfile apply -f helmfile/apps/<app>/helmfile.yaml
|
||||||
# - Installing a single release from app directory via helmfile apply
|
# - Installing a single release from app directory via helmfile apply
|
||||||
# Issue: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/-/issues/2
|
# Issue: https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/issues/2
|
||||||
|
|
||||||
environments:
|
environments:
|
||||||
default:
|
default:
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ repositories:
|
|||||||
releases:
|
releases:
|
||||||
- name: "opendesk-element"
|
- name: "opendesk-element"
|
||||||
chart: "opendesk-element-repo/opendesk-element"
|
chart: "opendesk-element-repo/opendesk-element"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-element.yaml"
|
- "values-element.yaml"
|
||||||
- "values-element.gotmpl"
|
- "values-element.gotmpl"
|
||||||
@@ -42,7 +42,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-well-known"
|
- name: "opendesk-well-known"
|
||||||
chart: "opendesk-element-repo/opendesk-well-known"
|
chart: "opendesk-element-repo/opendesk-well-known"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-well-known.yaml"
|
- "values-well-known.yaml"
|
||||||
- "values-well-known.gotmpl"
|
- "values-well-known.gotmpl"
|
||||||
@@ -51,7 +51,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-synapse-web"
|
- name: "opendesk-synapse-web"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-synapse-web.yaml"
|
- "values-synapse-web.yaml"
|
||||||
- "values-synapse-web.gotmpl"
|
- "values-synapse-web.gotmpl"
|
||||||
@@ -60,7 +60,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-synapse"
|
- name: "opendesk-synapse"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse"
|
chart: "opendesk-element-repo/opendesk-synapse"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-synapse.yaml"
|
- "values-synapse.yaml"
|
||||||
- "values-synapse.gotmpl"
|
- "values-synapse.gotmpl"
|
||||||
@@ -69,7 +69,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||||
@@ -78,7 +78,7 @@ releases:
|
|||||||
|
|
||||||
- name: "opendesk-matrix-user-verification-service"
|
- name: "opendesk-matrix-user-verification-service"
|
||||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-matrix-user-verification-service.yaml"
|
- "values-matrix-user-verification-service.yaml"
|
||||||
- "values-matrix-user-verification-service.gotmpl"
|
- "values-matrix-user-verification-service.gotmpl"
|
||||||
@@ -114,7 +114,7 @@ releases:
|
|||||||
|
|
||||||
- name: "matrix-neodatefix-bot-bootstrap"
|
- name: "matrix-neodatefix-bot-bootstrap"
|
||||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||||
version: "2.5.0"
|
version: "2.5.1"
|
||||||
values:
|
values:
|
||||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||||
|
|||||||
@@ -46,4 +46,7 @@ ingress:
|
|||||||
tls:
|
tls:
|
||||||
enabled: {{ .Values.ingress.tls.enabled }}
|
enabled: {{ .Values.ingress.tls.enabled }}
|
||||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||||
|
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.intercomService | toYaml | nindent 2 }}
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ repositories:
|
|||||||
verify: true
|
verify: true
|
||||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||||
# openDesk Keycloak Theme
|
# openDesk Keycloak Theme
|
||||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-theme
|
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-keycloak-theme
|
||||||
- name: "keycloak-theme-repo"
|
- name: "keycloak-theme-repo"
|
||||||
oci: true
|
oci: true
|
||||||
url: >-
|
url: >-
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ bases:
|
|||||||
repositories:
|
repositories:
|
||||||
# openDesk Keycloak Bootstrap
|
# openDesk Keycloak Bootstrap
|
||||||
# Source:
|
# Source:
|
||||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/sovereign-workplace-nextcloud-bootstrap
|
# https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap
|
||||||
- name: "opendesk-nextcloud-bootstrap-repo"
|
- name: "opendesk-nextcloud-bootstrap-repo"
|
||||||
oci: true
|
oci: true
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
|
|||||||
@@ -49,6 +49,8 @@ metrics:
|
|||||||
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
enabled: {{ .Values.prometheus.serviceMonitors.enabled }}
|
||||||
labels:
|
labels:
|
||||||
{{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }}
|
{{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.nextcloudMetrics | toYaml | nindent 4 }}
|
||||||
|
|
||||||
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
||||||
replicaCount: {{ .Values.replicas.nextcloud }}
|
replicaCount: {{ .Values.replicas.nextcloud }}
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ bases:
|
|||||||
---
|
---
|
||||||
repositories:
|
repositories:
|
||||||
# openDesk Dovecot
|
# openDesk Dovecot
|
||||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-dovecot
|
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-dovecot
|
||||||
- name: "opendesk-dovecot-repo"
|
- name: "opendesk-dovecot-repo"
|
||||||
oci: true
|
oci: true
|
||||||
url: >-
|
url: >-
|
||||||
@@ -21,7 +21,7 @@ repositories:
|
|||||||
url: >-
|
url: >-
|
||||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
|
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
|
||||||
# openDesk Open-Xchange Bootstrap
|
# openDesk Open-Xchange Bootstrap
|
||||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-open-xchange-bootstrap
|
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-open-xchange-bootstrap
|
||||||
- name: "opendesk-open-xchange-bootstrap-repo"
|
- name: "opendesk-open-xchange-bootstrap-repo"
|
||||||
oci: true
|
oci: true
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
@@ -35,7 +35,7 @@ repositories:
|
|||||||
releases:
|
releases:
|
||||||
- name: "dovecot"
|
- name: "dovecot"
|
||||||
chart: "opendesk-dovecot-repo/dovecot"
|
chart: "opendesk-dovecot-repo/dovecot"
|
||||||
version: "1.3.5"
|
version: "1.3.6"
|
||||||
values:
|
values:
|
||||||
- "values-dovecot.yaml"
|
- "values-dovecot.yaml"
|
||||||
- "values-dovecot.gotmpl"
|
- "values-dovecot.gotmpl"
|
||||||
|
|||||||
@@ -1,6 +1,24 @@
|
|||||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
---
|
---
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
add:
|
||||||
|
- "CHOWN"
|
||||||
|
- "DAC_OVERRIDE"
|
||||||
|
- "KILL"
|
||||||
|
- "NET_BIND_SERVICE"
|
||||||
|
- "SETGID"
|
||||||
|
- "SETUID"
|
||||||
|
- "SYS_CHROOT"
|
||||||
|
enabled: true
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
dovecot:
|
dovecot:
|
||||||
ldap:
|
ldap:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -16,4 +34,8 @@ dovecot:
|
|||||||
enabled: true
|
enabled: true
|
||||||
ssl: "no"
|
ssl: "no"
|
||||||
host: "postfix:25"
|
host: "postfix:25"
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
fsGroup: 1000
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -25,6 +25,8 @@ nextcloud-integration-ui:
|
|||||||
{{- range .Values.global.imagePullSecrets }}
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
|
||||||
|
|
||||||
public-sector-ui:
|
public-sector-ui:
|
||||||
image:
|
image:
|
||||||
@@ -35,6 +37,8 @@ public-sector-ui:
|
|||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
|
||||||
|
|
||||||
appsuite:
|
appsuite:
|
||||||
istio:
|
istio:
|
||||||
@@ -62,6 +66,8 @@ appsuite:
|
|||||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
|
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
|
||||||
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
|
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
|
||||||
properties:
|
properties:
|
||||||
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
|
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/certs"
|
||||||
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||||
@@ -119,6 +125,8 @@ appsuite:
|
|||||||
{{- range .Values.global.imagePullSecrets }}
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-ui:
|
core-ui:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
@@ -129,6 +137,8 @@ appsuite:
|
|||||||
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
|
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
|
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-ui-middleware:
|
core-ui-middleware:
|
||||||
ingress:
|
ingress:
|
||||||
@@ -146,13 +156,18 @@ appsuite:
|
|||||||
redis:
|
redis:
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.redis.password | quote }}
|
password: {{ .Values.secrets.redis.password | quote }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
|
||||||
|
updater:
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.openxchangeCoreUIMiddlewareUpdater | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-documentconverter:
|
core-documentconverter:
|
||||||
image:
|
image:
|
||||||
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
|
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
|
||||||
resources:
|
resources:
|
||||||
{{- .Values.resources.oxDocumentConverter | toYaml | nindent 6 }}
|
{{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-guidedtours:
|
core-guidedtours:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
@@ -163,11 +178,15 @@ appsuite:
|
|||||||
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
|
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
|
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-imageconverter:
|
core-imageconverter:
|
||||||
image:
|
image:
|
||||||
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
||||||
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
|
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }}
|
||||||
|
|
||||||
guard-ui:
|
guard-ui:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
@@ -178,6 +197,8 @@ appsuite:
|
|||||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
|
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
|
||||||
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
|
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
|
||||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
|
||||||
|
|
||||||
core-user-guide:
|
core-user-guide:
|
||||||
image:
|
image:
|
||||||
@@ -188,4 +209,6 @@ appsuite:
|
|||||||
{{- range .Values.global.imagePullSecrets }}
|
{{- range .Values.global.imagePullSecrets }}
|
||||||
- name: {{ . | quote }}
|
- name: {{ . | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -14,6 +14,17 @@ appsuite:
|
|||||||
masterAdmin: "admin"
|
masterAdmin: "admin"
|
||||||
gotenberg:
|
gotenberg:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1001
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
features:
|
features:
|
||||||
status:
|
status:
|
||||||
# enable admin pack
|
# enable admin pack
|
||||||
@@ -27,6 +38,7 @@ appsuite:
|
|||||||
open-xchange-authentication-oauth: "enabled"
|
open-xchange-authentication-oauth: "enabled"
|
||||||
properties:
|
properties:
|
||||||
com.openexchange.UIWebPath: "/appsuite/"
|
com.openexchange.UIWebPath: "/appsuite/"
|
||||||
|
com.openexchange.showAdmin: "false"
|
||||||
# PDF Export
|
# PDF Export
|
||||||
com.openexchange.capability.mail_export_pdf: "true"
|
com.openexchange.capability.mail_export_pdf: "true"
|
||||||
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
||||||
@@ -158,8 +170,23 @@ appsuite:
|
|||||||
mkdir -p /opt/open-xchange/guard-files
|
mkdir -p /opt/open-xchange/guard-files
|
||||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||||
|
|
||||||
|
# Security context for core-mw has no effect yet
|
||||||
|
# podSecurityContext: {}
|
||||||
|
# securityContext: {}
|
||||||
|
|
||||||
core-ui:
|
core-ui:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-ui-middleware:
|
core-ui-middleware:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -170,15 +197,62 @@ appsuite:
|
|||||||
- "redis-master:6379"
|
- "redis-master:6379"
|
||||||
auth:
|
auth:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-guidedtours:
|
core-guidedtours:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
guard-ui:
|
guard-ui:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-cacheservice:
|
core-cacheservice:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
core-user-guide:
|
core-user-guide:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
core-imageconverter:
|
core-imageconverter:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -188,6 +262,19 @@ appsuite:
|
|||||||
endpoint: "."
|
endpoint: "."
|
||||||
accessKey: "."
|
accessKey: "."
|
||||||
secretKey: "."
|
secretKey: "."
|
||||||
|
podSecurityContext:
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 987
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
securityContext:
|
||||||
|
# missing:
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
|
||||||
core-spellcheck:
|
core-spellcheck:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -198,6 +285,19 @@ appsuite:
|
|||||||
cache:
|
cache:
|
||||||
remoteCache:
|
remoteCache:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
podSecurityContext:
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 987
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
securityContext:
|
||||||
|
# missing:
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
|
||||||
core-documents-collaboration:
|
core-documents-collaboration:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -213,3 +313,30 @@ appsuite:
|
|||||||
enabled: false
|
enabled: false
|
||||||
core-drive-help:
|
core-drive-help:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
nextcloud-integration-ui:
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
|
||||||
|
public-sector-ui:
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
...
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ externalDB:
|
|||||||
|
|
||||||
customConfigs:
|
customConfigs:
|
||||||
"xwiki.cfg":
|
"xwiki.cfg":
|
||||||
"xwiki.superadminpassword": {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
xwiki.superadminpassword: {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
||||||
## LDAP Server configuration
|
## LDAP Server configuration
|
||||||
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
|
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
|
||||||
xwiki.authentication.ldap.port: 389
|
xwiki.authentication.ldap.port: 389
|
||||||
@@ -25,6 +25,8 @@ customConfigs:
|
|||||||
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||||
## Base DN used for searching for users
|
## Base DN used for searching for users
|
||||||
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||||
|
## Allow short update cycles of the LDAP group cache
|
||||||
|
xwiki.authentication.ldap.groupcache_expiration: 300
|
||||||
|
|
||||||
"xwiki.properties":
|
"xwiki.properties":
|
||||||
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
|
"oidc.endpoint.authorization": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/auth"
|
||||||
|
|||||||
@@ -10,9 +10,9 @@ customConfigs:
|
|||||||
## Indicate the LDAP field defining the user UID
|
## Indicate the LDAP field defining the user UID
|
||||||
xwiki.authentication.ldap.UID_attr: "uid"
|
xwiki.authentication.ldap.UID_attr: "uid"
|
||||||
## Indicate the LDAP field defining the user profile picture
|
## Indicate the LDAP field defining the user profile picture
|
||||||
# xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
||||||
## Enable the synchronization of the LDAP profile picture
|
## Enable the synchronization of the LDAP profile picture
|
||||||
# xwiki.authentication.ldap.update_photo: 1
|
xwiki.authentication.ldap.update_photo: 1
|
||||||
|
|
||||||
xwiki.properties:
|
xwiki.properties:
|
||||||
oidc.scope: "openid,profile,email,address,phoenix"
|
oidc.scope: "openid,profile,email,address,phoenix"
|
||||||
@@ -80,8 +80,10 @@ properties:
|
|||||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
||||||
"dc=swp-ldap,dc=internal"
|
"dc=swp-ldap,dc=internal"
|
||||||
## LDAP filter to only synchronize some groups
|
## LDAP filter to only synchronize some groups
|
||||||
|
# "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||||
|
# "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||||
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
"(objectClass=opendeskKnowledgemanagementGroup)"
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -1,362 +1,455 @@
|
|||||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
---
|
---
|
||||||
|
# Some charts do not support null or ~ values, because they use their default values.
|
||||||
|
# To not limit the CPU, we set all CPU limits to 99.
|
||||||
resources:
|
resources:
|
||||||
clamd:
|
clamd:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "2Gi"
|
memory: "1.5Gi"
|
||||||
collabora:
|
collabora:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.5
|
cpu: 0.5
|
||||||
memory: "1Gi"
|
memory: "512Mi"
|
||||||
cryptpad:
|
cryptpad:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "512Mi"
|
memory: "512Mi"
|
||||||
dovecot:
|
dovecot:
|
||||||
limits:
|
limits:
|
||||||
cpu: 0.5
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
element:
|
element:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "32Mi"
|
||||||
freshclam:
|
freshclam:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "96Mi"
|
||||||
icap:
|
icap:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "128Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "16Mi"
|
memory: "16Mi"
|
||||||
|
intercomService:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "128Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "64Mi"
|
||||||
jibri:
|
jibri:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "768Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "125Mi"
|
memory: "384Mi"
|
||||||
jicofo:
|
jicofo:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "256Mi"
|
||||||
jitsi:
|
jitsi:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
jitsiKeycloakAdapter:
|
jitsiKeycloakAdapter:
|
||||||
limits:
|
limits:
|
||||||
cpu: "100m"
|
cpu: 99
|
||||||
memory: "128Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: "10m"
|
cpu: "10m"
|
||||||
memory: "16Mi"
|
memory: "48Mi"
|
||||||
jvb:
|
jvb:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "768Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "384Mi"
|
||||||
keycloak:
|
keycloak:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "750Mi"
|
memory: "512Mi"
|
||||||
keycloakExtension:
|
keycloakExtension:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "48Mi"
|
||||||
keycloakBootstrap:
|
keycloakBootstrap:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
keycloakProxy:
|
keycloakProxy:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "48Mi"
|
||||||
mariadb:
|
mariadb:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "500Mi"
|
memory: "384Mi"
|
||||||
matrixNeoBoardWidget:
|
matrixNeoBoardWidget:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "48Mi"
|
||||||
matrixNeoChoiceWidget:
|
matrixNeoChoiceWidget:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "48Mi"
|
||||||
matrixNeoDateFixBot:
|
matrixNeoDateFixBot:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "128Mi"
|
||||||
matrixNeoDateFixWidget:
|
matrixNeoDateFixWidget:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "48Mi"
|
||||||
matrixUserVerificationService:
|
matrixUserVerificationService:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "128Mi"
|
||||||
memcached:
|
memcached:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "256Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "32Mi"
|
memory: "32Mi"
|
||||||
milter:
|
milter:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "96Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "2Gi"
|
memory: "16Mi"
|
||||||
minio:
|
minio:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.25
|
cpu: 0.25
|
||||||
memory: "1Gi"
|
memory: "256Mi"
|
||||||
nextcloud:
|
nextcloud:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
|
nextcloudMetrics:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "128Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "32Mi"
|
||||||
openproject:
|
openproject:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "768Mi"
|
||||||
oxConnector:
|
openxchangeCoreDocumentConverter:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "2Gi"
|
|
||||||
requests:
|
|
||||||
cpu: 0.1
|
|
||||||
memory: "250Mi"
|
|
||||||
oxDocumentConverter:
|
|
||||||
limits:
|
|
||||||
cpu: 2
|
|
||||||
memory: "2Gi"
|
memory: "2Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.25
|
cpu: 0.25
|
||||||
memory: "1Gi"
|
memory: "1.25Gi"
|
||||||
|
openxchangeCoreGuidedtours:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeCoreImageConverter:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "2Gi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: "1.25Gi"
|
||||||
|
openxchangeCoreMW:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "8Gi"
|
||||||
|
requests:
|
||||||
|
cpu: 1
|
||||||
|
memory: "1.25Gi"
|
||||||
|
openxchangeCoreUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeCoreUIMiddleware:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "768Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: "192Mi"
|
||||||
|
openxchangeCoreUIMiddlewareUpdater:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "768Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.5
|
||||||
|
memory: "192Mi"
|
||||||
|
openxchangeCoreUserGuide:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.02
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeGotenberg:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.05
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeGuardUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangeNextcloudIntegrationUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
openxchangePublicSectorUI:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "96Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.01
|
||||||
|
memory: "32Mi"
|
||||||
|
oxConnector:
|
||||||
|
limits:
|
||||||
|
cpu: 99
|
||||||
|
memory: "512Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "64Mi"
|
||||||
postfix:
|
postfix:
|
||||||
limits:
|
limits:
|
||||||
cpu: 0.5
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "128Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "16Mi"
|
||||||
postgresql:
|
postgresql:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
prosody:
|
prosody:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "512Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
redis:
|
redis:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "500Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "100Mi"
|
memory: "32Mi"
|
||||||
synapse:
|
synapse:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 1
|
cpu: 1
|
||||||
memory: "2Gi"
|
memory: "256Mi"
|
||||||
synapseWeb:
|
synapseWeb:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "64Mi"
|
||||||
univentionCorporateServer:
|
univentionCorporateServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "4Gi"
|
memory: "4Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.5
|
cpu: 0.5
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
umsLdapNotifier:
|
umsLdapNotifier:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsLdapServer:
|
umsLdapServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsNotificationsApi:
|
umsNotificationsApi:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalFrontend:
|
umsPortalFrontend:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalListener:
|
umsPortalListener:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalListenerDependencies:
|
umsPortalListenerDependencies:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsPortalServer:
|
umsPortalServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsStackDataUms:
|
umsStackDataUms:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsStackDataSwp:
|
umsStackDataSwp:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsStoreDav:
|
umsStoreDav:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsUdmRestApi:
|
umsUdmRestApi:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsUmcGateway:
|
umsUmcGateway:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
umsUmcServer:
|
umsUmcServer:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "1Gi"
|
memory: "1Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
wellKnown:
|
wellKnown:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 99
|
||||||
memory: "250Mi"
|
memory: "256Mi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "50Mi"
|
memory: "32Mi"
|
||||||
xwiki:
|
xwiki:
|
||||||
limits:
|
limits:
|
||||||
cpu: 2
|
cpu: 99
|
||||||
memory: "8Gi"
|
memory: "8Gi"
|
||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "6Gi"
|
memory: "1.5Gi"
|
||||||
...
|
...
|
||||||
|
|||||||
Reference in New Issue
Block a user