mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
b7f220a6b6 | ||
|
|
fb7dba787c | ||
|
|
72e3afdffd | ||
|
|
85b8fcaab5 | ||
|
|
c3129f1443 | ||
|
|
000be8b032 | ||
|
|
da1bf3581c | ||
|
|
4d0011d957 | ||
|
|
74f9ec28e4 | ||
|
|
b1d4b2d8ea | ||
|
|
711d29e374 |
41
CHANGELOG.md
41
CHANGELOG.md
@@ -1,3 +1,39 @@
|
|||||||
|
## [0.5.11](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.10...v0.5.11) (2023-10-11)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **helmfile:** Quote all password template strings ([fb7dba7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fb7dba787c232c402aa9c989c0e8ace51869d534))
|
||||||
|
* **services:** Add memcached service ([72e3afd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/72e3afdffdeb6f88f8e926426dbc26adf4b54e7a))
|
||||||
|
|
||||||
|
## [0.5.10](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.9...v0.5.10) (2023-10-11)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **intercom-service:** Update intercom-service chart to v2.0.0 ([c3129f1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c3129f14437728be890187bb7c4a1bfc42d90958))
|
||||||
|
|
||||||
|
## [0.5.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.8...v0.5.9) (2023-10-10)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **element:** Enable the guest module in Synapse ([da1bf35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/da1bf3581c5790786601948cabcef8a1d1c680ad))
|
||||||
|
|
||||||
|
## [0.5.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.7...v0.5.8) (2023-10-10)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **helmfile:** Add default port for SMTP in environment ([74f9ec2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/74f9ec28e401f7caeefc4e50ac0a7e95fea41a53))
|
||||||
|
|
||||||
|
## [0.5.7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.6...v0.5.7) (2023-10-09)
|
||||||
|
|
||||||
|
|
||||||
|
### Bug Fixes
|
||||||
|
|
||||||
|
* **openproject:** Mail sender address ([711d29e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/711d29e374d13a3c8b7bcdf3e8440d03e0ef2b7d))
|
||||||
|
|
||||||
## [0.5.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.5...v0.5.6) (2023-10-09)
|
## [0.5.6](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.5...v0.5.6) (2023-10-09)
|
||||||
|
|
||||||
|
|
||||||
@@ -431,3 +467,8 @@
|
|||||||
* **open-xchange:** OX AppSuite 8 within SWP is now publicly available ([6dc470f](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/6dc470fd67edbb9711e406acb067569ca357b989))
|
* **open-xchange:** OX AppSuite 8 within SWP is now publicly available ([6dc470f](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/6dc470fd67edbb9711e406acb067569ca357b989))
|
||||||
* **services:** Add clamav-simple deployment ([505f25c](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/505f25c5493ebb9e0181233ed5b7d8018e3a315d))
|
* **services:** Add clamav-simple deployment ([505f25c](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/505f25c5493ebb9e0181233ed5b7d8018e3a315d))
|
||||||
* **sovereign-workplace:** Initial commit ([533c504](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/533c5040faebd91f4012b604d0f4779ea1510424))
|
* **sovereign-workplace:** Initial commit ([533c504](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/533c5040faebd91f4012b604d0f4779ea1510424))
|
||||||
|
|
||||||
|
<!--
|
||||||
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
-->
|
||||||
|
|||||||
73
README.md
73
README.md
@@ -215,6 +215,7 @@ subdirectory `/helmfile/apps/services`.
|
|||||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional |
|
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional |
|
||||||
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
|
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
|
||||||
| MariaDB | `mariadb.enabled` | `true` | Database | Eval |
|
| MariaDB | `mariadb.enabled` | `true` | Database | Eval |
|
||||||
|
| Memcached | `memcached.enabled` | `true` | Cache Database | Eval |
|
||||||
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
|
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
|
||||||
| OpenProject | `openproject.enabled` | `true` | Project management | Functional |
|
| OpenProject | `openproject.enabled` | `true` | Project management | Functional |
|
||||||
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
|
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
|
||||||
@@ -238,8 +239,8 @@ subdirectory `/helmfile/apps/services`.
|
|||||||
|
|
||||||
#### Databases
|
#### Databases
|
||||||
|
|
||||||
In case you don't got for a develop or evaluation environment you want to point
|
When deploying this suite to production, you need to configure the applications to use your production grade database
|
||||||
the application to your own database instances.
|
service.
|
||||||
|
|
||||||
| Component | Name | Type | Parameter | Key | Default |
|
| Component | Name | Type | Parameter | Key | Default |
|
||||||
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------|
|
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------|
|
||||||
@@ -283,6 +284,24 @@ the application to your own database instances.
|
|||||||
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
|
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
|
||||||
| | | | Password | `databases.xwiki.password` | |
|
| | | | Password | `databases.xwiki.password` | |
|
||||||
|
|
||||||
|
#### Cache
|
||||||
|
|
||||||
|
When deploying this suite to production, you need to configure the applications to use your production grade cache
|
||||||
|
service.
|
||||||
|
|
||||||
|
| Component | Name | Type | Parameter | Key | Default |
|
||||||
|
|------------------|------------------|-----------|-----------|------------------------------|------------------|
|
||||||
|
| Intercom Service | Intercom Service | Redis | | | |
|
||||||
|
| | | | Host | `cache.intercomService.host` | `redis-headless` |
|
||||||
|
| | | | Port | `cache.intercomService.port` | `6379` |
|
||||||
|
| Nextcloud | Nextcloud | Redis | | | |
|
||||||
|
| | | | Host | `cache.nextcloud.host` | `redis-headless` |
|
||||||
|
| | | | Port | `cache.nextcloud.port` | `6379` |
|
||||||
|
| OpenProject | OpenProject | Memcached | | | |
|
||||||
|
| | | | Host | `cache.openproject.host` | `memcached` |
|
||||||
|
| | | | Port | `cache.openproject.port` | `11211` |
|
||||||
|
|
||||||
|
|
||||||
### Scaling
|
### Scaling
|
||||||
|
|
||||||
The Replicas of components can be increased, while we still have to look in the
|
The Replicas of components can be increased, while we still have to look in the
|
||||||
@@ -350,30 +369,32 @@ This section summarizes various aspects of security and compliance aspects.
|
|||||||
This list gives you an overview of default security settings and if they comply with security standards:
|
This list gives you an overview of default security settings and if they comply with security standards:
|
||||||
|
|
||||||
|
|
||||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||||
|------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
|-------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||||
|
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||||
|
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||||
|
|
||||||
|
|
||||||
### Helm Chart Trust Chain
|
### Helm Chart Trust Chain
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ ingress:
|
|||||||
collabora:
|
collabora:
|
||||||
# Admin Console Credentials: https://CODE-domain/browser/dist/admin/admin.html
|
# Admin Console Credentials: https://CODE-domain/browser/dist/admin/admin.html
|
||||||
username: "collabora-internal-admin"
|
username: "collabora-internal-admin"
|
||||||
password: {{ .Values.secrets.collabora.adminPassword }}
|
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
||||||
aliasgroups:
|
aliasgroups:
|
||||||
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
|
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
|
||||||
|
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ configuration:
|
|||||||
host: "{{ .Values.databases.synapse.host }}"
|
host: "{{ .Values.databases.synapse.host }}"
|
||||||
name: "{{ .Values.databases.synapse.name }}"
|
name: "{{ .Values.databases.synapse.name }}"
|
||||||
user: "{{ .Values.databases.synapse.username }}"
|
user: "{{ .Values.databases.synapse.username }}"
|
||||||
password: "{{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser }}"
|
password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
|
||||||
|
|
||||||
homeserver:
|
homeserver:
|
||||||
oidc:
|
oidc:
|
||||||
@@ -41,7 +41,7 @@ configuration:
|
|||||||
port: {{ .Values.turn.server.port }}
|
port: {{ .Values.turn.server.port }}
|
||||||
transport: {{ .Values.turn.transport }}
|
transport: {{ .Values.turn.transport }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
guestModule:
|
guestModule:
|
||||||
image:
|
image:
|
||||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
configuration:
|
configuration:
|
||||||
homeserver:
|
homeserver:
|
||||||
guestModule:
|
guestModule:
|
||||||
enabled: false
|
enabled: true
|
||||||
|
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|||||||
@@ -15,9 +15,8 @@ repositories:
|
|||||||
releases:
|
releases:
|
||||||
- name: "intercom-service"
|
- name: "intercom-service"
|
||||||
chart: "intercom-service-repo/intercom-service"
|
chart: "intercom-service-repo/intercom-service"
|
||||||
version: "1.1.3"
|
version: "2.0.0"
|
||||||
values:
|
values:
|
||||||
- "values.yaml"
|
|
||||||
- "values.gotmpl"
|
- "values.gotmpl"
|
||||||
condition: "intercom.enabled"
|
condition: "intercom.enabled"
|
||||||
|
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
*/}}
|
*/}}
|
||||||
---
|
---
|
||||||
global:
|
global:
|
||||||
|
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||||
domain: "{{ .Values.global.domain }}"
|
domain: "{{ .Values.global.domain }}"
|
||||||
hosts:
|
hosts:
|
||||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||||
@@ -24,13 +25,14 @@ ics:
|
|||||||
portal:
|
portal:
|
||||||
apiKey: {{ .Values.secrets.centralnavigation.apiKey }}
|
apiKey: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||||
redis:
|
redis:
|
||||||
password: {{ .Values.secrets.redis.password }}
|
host: {{ .Values.cache.intercomService.host }}
|
||||||
|
port: {{ .Values.cache.intercomService.port }}
|
||||||
|
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
||||||
openxchange:
|
openxchange:
|
||||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||||
|
|
||||||
image:
|
image:
|
||||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||||
registry: "{{ .Values.global.imageRegistry }}"
|
|
||||||
repository: "{{ .Values.images.intercom.repository }}"
|
repository: "{{ .Values.images.intercom.repository }}"
|
||||||
tag: "{{ .Values.images.intercom.tag }}"
|
tag: "{{ .Values.images.intercom.tag }}"
|
||||||
|
|
||||||
|
|||||||
@@ -1,8 +0,0 @@
|
|||||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
---
|
|
||||||
istio:
|
|
||||||
enabled: false
|
|
||||||
virtualService:
|
|
||||||
enabled: false
|
|
||||||
...
|
|
||||||
@@ -86,7 +86,7 @@ jitsi:
|
|||||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
|
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
|
||||||
tag: "{{ .Values.images.jicofo.tag }}"
|
tag: "{{ .Values.images.jicofo.tag }}"
|
||||||
xmpp:
|
xmpp:
|
||||||
password: "{{ .Values.secrets.jitsi.jicofoAuthPassword }}"
|
password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }}
|
||||||
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}"
|
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}"
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.jicofo | toYaml | nindent 6 }}
|
{{ .Values.resources.jicofo | toYaml | nindent 6 }}
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ cleanup:
|
|||||||
|
|
||||||
config:
|
config:
|
||||||
administrator:
|
administrator:
|
||||||
password: "{{ .Values.secrets.keycloak.adminPassword }}"
|
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||||
|
|
||||||
image:
|
image:
|
||||||
registry: "{{ .Values.global.imageRegistry }}"
|
registry: "{{ .Values.global.imageRegistry }}"
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
---
|
---
|
||||||
global:
|
global:
|
||||||
keycloak:
|
keycloak:
|
||||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||||
postgresql:
|
postgresql:
|
||||||
connection:
|
connection:
|
||||||
host: "{{ .Values.databases.keycloakExtension.host }}"
|
host: "{{ .Values.databases.keycloakExtension.host }}"
|
||||||
@@ -13,7 +13,7 @@ global:
|
|||||||
auth:
|
auth:
|
||||||
database: "{{ .Values.databases.keycloakExtension.name }}"
|
database: "{{ .Values.databases.keycloakExtension.name }}"
|
||||||
username: "{{ .Values.databases.keycloakExtension.username }}"
|
username: "{{ .Values.databases.keycloakExtension.username }}"
|
||||||
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser }}
|
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||||
handler:
|
handler:
|
||||||
image:
|
image:
|
||||||
registry: "{{ .Values.global.imageRegistry }}"
|
registry: "{{ .Values.global.imageRegistry }}"
|
||||||
@@ -21,7 +21,7 @@ handler:
|
|||||||
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}"
|
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}"
|
||||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||||
appConfig:
|
appConfig:
|
||||||
smtpPassword: "{{ .Values.smtp.password }}"
|
smtpPassword: {{ .Values.smtp.password | quote }}
|
||||||
smtpHost: "{{ .Values.smtp.host }}"
|
smtpHost: "{{ .Values.smtp.host }}"
|
||||||
smtpUsername: "{{ .Values.smtp.username }}"
|
smtpUsername: "{{ .Values.smtp.username }}"
|
||||||
mailFrom: "noreply@{{ .Values.global.domain }}"
|
mailFrom: "noreply@{{ .Values.global.domain }}"
|
||||||
|
|||||||
@@ -20,10 +20,10 @@ externalDatabase:
|
|||||||
port: {{ .Values.databases.keycloak.port }}
|
port: {{ .Values.databases.keycloak.port }}
|
||||||
user: "{{ .Values.databases.keycloak.username }}"
|
user: "{{ .Values.databases.keycloak.username }}"
|
||||||
database: "{{ .Values.databases.keycloak.name }}"
|
database: "{{ .Values.databases.keycloak.name }}"
|
||||||
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser }}
|
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
||||||
|
|
||||||
auth:
|
auth:
|
||||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||||
|
|
||||||
replicaCount: {{ .Values.replicas.keycloak }}
|
replicaCount: {{ .Values.replicas.keycloak }}
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ global:
|
|||||||
|
|
||||||
config:
|
config:
|
||||||
administrator:
|
administrator:
|
||||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||||
|
|
||||||
antivirus:
|
antivirus:
|
||||||
{{- if .Values.clamavDistributed.enabled }}
|
{{- if .Values.clamavDistributed.enabled }}
|
||||||
@@ -25,15 +25,15 @@ config:
|
|||||||
|
|
||||||
apps:
|
apps:
|
||||||
integrationSwp:
|
integrationSwp:
|
||||||
password: {{ .Values.secrets.centralnavigation.apiKey }}
|
password: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||||
userOidc:
|
userOidc:
|
||||||
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc }}
|
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||||
|
|
||||||
database:
|
database:
|
||||||
host: "{{ .Values.databases.nextcloud.host }}"
|
host: "{{ .Values.databases.nextcloud.host }}"
|
||||||
name: "{{ .Values.databases.nextcloud.name }}"
|
name: "{{ .Values.databases.nextcloud.name }}"
|
||||||
user: "{{ .Values.databases.nextcloud.username }}"
|
user: "{{ .Values.databases.nextcloud.username }}"
|
||||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||||
|
|
||||||
ldapSearch:
|
ldapSearch:
|
||||||
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}"
|
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}"
|
||||||
|
|||||||
@@ -6,16 +6,20 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
nextcloud:
|
nextcloud:
|
||||||
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||||
username: "nextcloud"
|
username: "nextcloud"
|
||||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||||
externalDatabase:
|
externalDatabase:
|
||||||
database: "{{ .Values.databases.nextcloud.name }}"
|
database: "{{ .Values.databases.nextcloud.name }}"
|
||||||
user: "{{ .Values.databases.nextcloud.username }}"
|
user: "{{ .Values.databases.nextcloud.username }}"
|
||||||
host: "{{ .Values.databases.nextcloud.host }}"
|
host: "{{ .Values.databases.nextcloud.host }}"
|
||||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||||
|
extraEnv:
|
||||||
|
REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }}
|
||||||
|
REDIS_HOST_PORT: {{ .Values.cache.nextcloud.port | quote }}
|
||||||
|
REDIS_HOST_PASSWORD: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||||
redis:
|
redis:
|
||||||
auth:
|
auth:
|
||||||
enabled: true
|
enabled: true
|
||||||
password: {{ .Values.secrets.redis.password }}
|
password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||||
ingress:
|
ingress:
|
||||||
enabled: {{ .Values.ingress.enabled }}
|
enabled: {{ .Values.ingress.enabled }}
|
||||||
className: {{ .Values.ingress.ingressClassName }}
|
className: {{ .Values.ingress.ingressClassName }}
|
||||||
|
|||||||
@@ -16,10 +16,10 @@ imagePullSecrets:
|
|||||||
|
|
||||||
dovecot:
|
dovecot:
|
||||||
mailDomain: "{{ .Values.global.domain }}"
|
mailDomain: "{{ .Values.global.domain }}"
|
||||||
password: {{ .Values.secrets.dovecot.doveadm }}
|
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||||
ldap:
|
ldap:
|
||||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||||
oidc:
|
oidc:
|
||||||
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
|
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
|
||||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc }}
|
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc }}
|
||||||
|
|||||||
@@ -11,8 +11,8 @@ global:
|
|||||||
database: "{{ .Values.databases.oxAppsuite.name }}"
|
database: "{{ .Values.databases.oxAppsuite.name }}"
|
||||||
auth:
|
auth:
|
||||||
user: "{{ .Values.databases.oxAppsuite.username }}"
|
user: "{{ .Values.databases.oxAppsuite.username }}"
|
||||||
password: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||||
rootPassword: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||||
|
|
||||||
istio:
|
istio:
|
||||||
enabled: {{ .Values.istio.enabled }}
|
enabled: {{ .Values.istio.enabled }}
|
||||||
|
|||||||
@@ -14,6 +14,9 @@ image:
|
|||||||
tag: "{{ .Values.images.openproject.tag }}"
|
tag: "{{ .Values.images.openproject.tag }}"
|
||||||
|
|
||||||
memcached:
|
memcached:
|
||||||
|
connection:
|
||||||
|
host: "{{ .Values.cache.openproject.host }}"
|
||||||
|
port: {{ .Values.cache.openproject.port }}
|
||||||
image:
|
image:
|
||||||
registry: "{{ .Values.global.imageRegistry }}"
|
registry: "{{ .Values.global.imageRegistry }}"
|
||||||
repository: "{{ .Values.images.memcached.repository }}"
|
repository: "{{ .Values.images.memcached.repository }}"
|
||||||
@@ -21,7 +24,7 @@ memcached:
|
|||||||
|
|
||||||
postgresql:
|
postgresql:
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser }}
|
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
||||||
username: "{{ .Values.databases.openproject.username }}"
|
username: "{{ .Values.databases.openproject.username }}"
|
||||||
database: "{{ .Values.databases.openproject.name }}"
|
database: "{{ .Values.databases.openproject.name }}"
|
||||||
connection:
|
connection:
|
||||||
@@ -35,7 +38,7 @@ openproject:
|
|||||||
name: "OpenProject Interal Admin"
|
name: "OpenProject Interal Admin"
|
||||||
mail: "openproject-admin@swp-domain.internal"
|
mail: "openproject-admin@swp-domain.internal"
|
||||||
password_reset: "false"
|
password_reset: "false"
|
||||||
password: "{{ .Values.secrets.openproject.adminPassword }}"
|
password: {{ .Values.secrets.openproject.adminPassword | quote }}
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||||
@@ -59,7 +62,7 @@ environment:
|
|||||||
OPENPROJECT_SMTP__PORT: "{{ .Values.smtp.port }}"
|
OPENPROJECT_SMTP__PORT: "{{ .Values.smtp.port }}"
|
||||||
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
||||||
OPENPROJECT_SMTP__ADDRESS: "{{ .Values.smtp.host }}"
|
OPENPROJECT_SMTP__ADDRESS: "{{ .Values.smtp.host }}"
|
||||||
OPENPROJECT_MAIL__FROM="do-not-reply@{{ .Values.global.domain }}"
|
OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
|
||||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}"
|
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}"
|
||||||
|
|
||||||
|
|||||||
@@ -4,6 +4,9 @@
|
|||||||
image:
|
image:
|
||||||
registry: "registry.souvap-univention.de"
|
registry: "registry.souvap-univention.de"
|
||||||
|
|
||||||
|
memcached:
|
||||||
|
bundled: false
|
||||||
|
|
||||||
probes:
|
probes:
|
||||||
liveness:
|
liveness:
|
||||||
initialDelaySeconds: 300
|
initialDelaySeconds: 300
|
||||||
@@ -27,6 +30,12 @@ openproject:
|
|||||||
# seed will only be executed on initial installation
|
# seed will only be executed on initial installation
|
||||||
seed_locale: "de"
|
seed_locale: "de"
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
|
||||||
# For more details and more options see
|
# For more details and more options see
|
||||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||||
environment:
|
environment:
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ oxConnector:
|
|||||||
domainName: "{{ .Values.global.domain }}"
|
domainName: "{{ .Values.global.domain }}"
|
||||||
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
|
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
|
||||||
oxMasterAdmin: "admin"
|
oxMasterAdmin: "admin"
|
||||||
oxMasterPassword: "{{ .Values.secrets.oxAppsuite.adminPassword }}"
|
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||||
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||||
oxDefaultContext: "1"
|
oxDefaultContext: "1"
|
||||||
|
|
||||||
|
|||||||
@@ -82,6 +82,13 @@ releases:
|
|||||||
- "values-redis.gotmpl"
|
- "values-redis.gotmpl"
|
||||||
- "values-redis.yaml"
|
- "values-redis.yaml"
|
||||||
condition: "redis.enabled"
|
condition: "redis.enabled"
|
||||||
|
- name: "memcached"
|
||||||
|
chart: "bitnami-repo/memcached"
|
||||||
|
version: "6.6.2"
|
||||||
|
values:
|
||||||
|
- "values-memcached.yaml"
|
||||||
|
- "values-memcached.gotmpl"
|
||||||
|
condition: "memcached.enabled"
|
||||||
- name: "postgresql"
|
- name: "postgresql"
|
||||||
chart: "postgresql-repo/postgresql"
|
chart: "postgresql-repo/postgresql"
|
||||||
version: "2.0.2"
|
version: "2.0.2"
|
||||||
|
|||||||
@@ -18,11 +18,11 @@ image:
|
|||||||
job:
|
job:
|
||||||
users:
|
users:
|
||||||
- username: "xwiki_user"
|
- username: "xwiki_user"
|
||||||
password: "{{ .Values.secrets.mariadb.xwikiUser }}"
|
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
|
||||||
- username: "openxchange_user"
|
- username: "openxchange_user"
|
||||||
password: "{{ .Values.secrets.mariadb.openxchangeUser }}"
|
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
|
||||||
- username: "nextcloud_user"
|
- username: "nextcloud_user"
|
||||||
password: "{{ .Values.secrets.mariadb.nextcloudUser }}"
|
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
|
||||||
databases:
|
databases:
|
||||||
- name: "xwiki"
|
- name: "xwiki"
|
||||||
user: "xwiki_user"
|
user: "xwiki_user"
|
||||||
@@ -32,7 +32,7 @@ job:
|
|||||||
user: "openxchange_user"
|
user: "openxchange_user"
|
||||||
|
|
||||||
mariadb:
|
mariadb:
|
||||||
rootPassword: "{{ .Values.secrets.mariadb.rootPassword }}"
|
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||||
|
|||||||
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
{{/*
|
||||||
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/}}
|
||||||
|
---
|
||||||
|
global:
|
||||||
|
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||||
|
|
||||||
|
image:
|
||||||
|
registry: "{{ .Values.global.imageRegistry }}"
|
||||||
|
repository: "{{ .Values.images.memcached.repository }}"
|
||||||
|
tag: "{{ .Values.images.memcached.tag }}"
|
||||||
|
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||||
|
|
||||||
|
resources:
|
||||||
|
{{ .Values.resources.memcached | toYaml | nindent 2 }}
|
||||||
|
...
|
||||||
18
helmfile/apps/services/values-memcached.yaml
Normal file
18
helmfile/apps/services/values-memcached.yaml
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
---
|
||||||
|
containerSecurityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- "ALL"
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 1001
|
||||||
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
create: true
|
||||||
|
...
|
||||||
@@ -16,15 +16,15 @@ image:
|
|||||||
job:
|
job:
|
||||||
users:
|
users:
|
||||||
- username: "keycloak_user"
|
- username: "keycloak_user"
|
||||||
password: {{ .Values.secrets.postgresql.keycloakUser }}
|
password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
||||||
- username: "openproject_user"
|
- username: "openproject_user"
|
||||||
password: {{ .Values.secrets.postgresql.openprojectUser }}
|
password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
||||||
- username: "keycloak_extensions_user"
|
- username: "keycloak_extensions_user"
|
||||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser }}
|
password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||||
- username: "matrix_user"
|
- username: "matrix_user"
|
||||||
password: {{ .Values.secrets.postgresql.matrixUser }}
|
password: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
||||||
- username: "notificationsapi_user"
|
- username: "notificationsapi_user"
|
||||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||||
databases:
|
databases:
|
||||||
- name: "keycloak"
|
- name: "keycloak"
|
||||||
user: "keycloak_user"
|
user: "keycloak_user"
|
||||||
@@ -43,7 +43,7 @@ persistence:
|
|||||||
size: "{{ .Values.persistence.size.postgresql }}"
|
size: "{{ .Values.persistence.size.postgresql }}"
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
password: {{ .Values.secrets.postgresql.postgresUser }}
|
password: {{ .Values.secrets.postgresql.postgresUser | quote }}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
|
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
*/}}
|
*/}}
|
||||||
---
|
---
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.redis.password }}
|
password: {{ .Values.secrets.redis.password | quote }}
|
||||||
|
|
||||||
global:
|
global:
|
||||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||||
|
|||||||
@@ -37,31 +37,31 @@ extraEnvVars:
|
|||||||
- name: LDAPSEARCH_OX_USERNAME
|
- name: LDAPSEARCH_OX_USERNAME
|
||||||
value: "ldapsearch_ox"
|
value: "ldapsearch_ox"
|
||||||
- name: LDAPSEARCH_OX_PASSWORD
|
- name: LDAPSEARCH_OX_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox }}
|
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||||
- name: LDAPSEARCH_DOVECOT_USERNAME
|
- name: LDAPSEARCH_DOVECOT_USERNAME
|
||||||
value: "ldapsearch_dovecot"
|
value: "ldapsearch_dovecot"
|
||||||
- name: LDAPSEARCH_DOVECOT_PASSWORD
|
- name: LDAPSEARCH_DOVECOT_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||||
- name: LDAPSEARCH_KEYCLOAK_USERNAME
|
- name: LDAPSEARCH_KEYCLOAK_USERNAME
|
||||||
value: "ldapsearch_keycloak"
|
value: "ldapsearch_keycloak"
|
||||||
- name: LDAPSEARCH_KEYCLOAK_PASSWORD
|
- name: LDAPSEARCH_KEYCLOAK_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak }}
|
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
|
||||||
- name: LDAPSEARCH_NEXTCLOUD_USERNAME
|
- name: LDAPSEARCH_NEXTCLOUD_USERNAME
|
||||||
value: "ldapsearch_nextcloud"
|
value: "ldapsearch_nextcloud"
|
||||||
- name: LDAPSEARCH_NEXTCLOUD_PASSWORD
|
- name: LDAPSEARCH_NEXTCLOUD_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}
|
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
||||||
- name: LDAPSEARCH_OPENPROJECT_USERNAME
|
- name: LDAPSEARCH_OPENPROJECT_USERNAME
|
||||||
value: "ldapsearch_openproject"
|
value: "ldapsearch_openproject"
|
||||||
- name: LDAPSEARCH_OPENPROJECT_PASSWORD
|
- name: LDAPSEARCH_OPENPROJECT_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}
|
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
|
||||||
- name: LDAPSEARCH_XWIKI_USERNAME
|
- name: LDAPSEARCH_XWIKI_USERNAME
|
||||||
value: "ldapsearch_xwiki"
|
value: "ldapsearch_xwiki"
|
||||||
- name: LDAPSEARCH_XWIKI_PASSWORD
|
- name: LDAPSEARCH_XWIKI_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}
|
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||||
- name: DEFAULT_ACCOUNT_USER_PASSWORD
|
- name: DEFAULT_ACCOUNT_USER_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword }}
|
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword | quote }}
|
||||||
- name: DEFAULT_ACCOUNT_ADMIN_PASSWORD
|
- name: DEFAULT_ACCOUNT_ADMIN_PASSWORD
|
||||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword }}
|
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword | quote }}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.univentionCorporateServer | toYaml | nindent 2 }}
|
{{ .Values.resources.univentionCorporateServer | toYaml | nindent 2 }}
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ postgresql:
|
|||||||
auth:
|
auth:
|
||||||
username: "notificationsapi_user"
|
username: "notificationsapi_user"
|
||||||
database: "notificationsapi"
|
database: "notificationsapi"
|
||||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||||
|
|
||||||
image:
|
image:
|
||||||
registry: "{{ .Values.global.imageRegistry }}"
|
registry: "{{ .Values.global.imageRegistry }}"
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
---
|
---
|
||||||
stackDataSwp:
|
stackDataSwp:
|
||||||
udmApiUsername: "cn=admin"
|
udmApiUsername: "cn=admin"
|
||||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||||
loadDevData: true
|
loadDevData: true
|
||||||
|
|
||||||
|
|||||||
@@ -5,13 +5,13 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
---
|
---
|
||||||
stackDataUms:
|
stackDataUms:
|
||||||
udmApiUser: "cn=admin"
|
udmApiUser: "cn=admin"
|
||||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||||
loadDevData: true
|
loadDevData: true
|
||||||
|
|
||||||
stackDataContext:
|
stackDataContext:
|
||||||
ldapBase: "dc=swp-ldap,dc=internal"
|
ldapBase: "dc=swp-ldap,dc=internal"
|
||||||
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
|
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }}
|
||||||
|
|
||||||
# The SWP configuration brings its own UMC policies.
|
# The SWP configuration brings its own UMC policies.
|
||||||
installUmcPolicies: false
|
installUmcPolicies: false
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ image:
|
|||||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||||
|
|
||||||
externalDB:
|
externalDB:
|
||||||
password: "{{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword }}"
|
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||||
database: "{{ .Values.databases.xwiki.name }}"
|
database: "{{ .Values.databases.xwiki.name }}"
|
||||||
user: "{{ .Values.databases.xwiki.username }}"
|
user: "{{ .Values.databases.xwiki.username }}"
|
||||||
host: "{{ .Values.databases.xwiki.host }}"
|
host: "{{ .Values.databases.xwiki.host }}"
|
||||||
|
|||||||
16
helmfile/environments/default/cache.yaml
Normal file
16
helmfile/environments/default/cache.yaml
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
---
|
||||||
|
cache:
|
||||||
|
intercomService:
|
||||||
|
host: "redis-headless"
|
||||||
|
port: 6379
|
||||||
|
password: ""
|
||||||
|
nextcloud:
|
||||||
|
host: "redis-headless"
|
||||||
|
port: 6379
|
||||||
|
password: ""
|
||||||
|
openproject:
|
||||||
|
host: "memcached"
|
||||||
|
port: 11211
|
||||||
|
...
|
||||||
@@ -77,8 +77,8 @@ images:
|
|||||||
# @supplier: "openDesk DevSecOps"
|
# @supplier: "openDesk DevSecOps"
|
||||||
memcached:
|
memcached:
|
||||||
repository: "bitnami/memcached"
|
repository: "bitnami/memcached"
|
||||||
tag: "1.6.21-debian-11-r84@sha256:81747acd297d3fcd05706ea771d441a6f01b28d722c366a06f922b6b7d4033dd"
|
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"
|
||||||
# @supplier: "OpenProject"
|
# @supplier: "openDesk DevSecOps"
|
||||||
milter:
|
milter:
|
||||||
repository: "clamav/clamav"
|
repository: "clamav/clamav"
|
||||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||||
|
|||||||
@@ -114,6 +114,13 @@ resources:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 0.1
|
cpu: 0.1
|
||||||
memory: "500Mi"
|
memory: "500Mi"
|
||||||
|
memcached:
|
||||||
|
limits:
|
||||||
|
cpu: 1
|
||||||
|
memory: "256Mi"
|
||||||
|
requests:
|
||||||
|
cpu: 0.1
|
||||||
|
memory: "32Mi"
|
||||||
milter:
|
milter:
|
||||||
limits:
|
limits:
|
||||||
cpu: 4
|
cpu: 4
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
---
|
---
|
||||||
smtp:
|
smtp:
|
||||||
host: ""
|
host: ""
|
||||||
|
port: 587
|
||||||
username: ""
|
username: ""
|
||||||
password: "{{ env "SMTP_PASSWORD" }}"
|
password: "{{ env "SMTP_PASSWORD" }}"
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -21,6 +21,8 @@ keycloak:
|
|||||||
enabled: true
|
enabled: true
|
||||||
mariadb:
|
mariadb:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
memcached:
|
||||||
|
enabled: true
|
||||||
nextcloud:
|
nextcloud:
|
||||||
enabled: true
|
enabled: true
|
||||||
openproject:
|
openproject:
|
||||||
|
|||||||
Reference in New Issue
Block a user