mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
20 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1b9f394489 | ||
|
|
450c434ed0 | ||
|
|
4b6a20faa4 | ||
|
|
ce38714a81 | ||
|
|
37f1eb9794 | ||
|
|
db4bfa4884 | ||
|
|
6a649cb7f0 | ||
|
|
b6ef559cde | ||
|
|
cc0daa2a22 | ||
|
|
c69c62cd45 | ||
|
|
6a26299a75 | ||
|
|
4101e91ae6 | ||
|
|
83192b7834 | ||
|
|
3b1091bb3e | ||
|
|
e67ab8f430 | ||
|
|
da731e7d5e | ||
|
|
0ea585633b | ||
|
|
fe40b7cfa1 | ||
|
|
d04a60349d | ||
|
|
94ae3da78b |
@@ -56,14 +56,11 @@ variables:
|
||||
options:
|
||||
- "yes"
|
||||
- "no"
|
||||
DEPLOY_UCS:
|
||||
description: >-
|
||||
Enable Univention Corporate Server deployment.
|
||||
"ums-eval" does deploy the Univention Management Stack instead of the UCS container.
|
||||
DEPLOY_UMS:
|
||||
description: "Enable Univention Management Stack deployment."
|
||||
value: "no"
|
||||
options:
|
||||
- "yes"
|
||||
- "ums-eval"
|
||||
- "no"
|
||||
DEPLOY_PROVISIONING:
|
||||
description: "Enable Provisioning Components."
|
||||
@@ -154,7 +151,8 @@ variables:
|
||||
cache: {}
|
||||
dependencies: []
|
||||
extends: ".environments"
|
||||
image: "registry.souvap-univention.de/souvap/tooling/images/helm:latest"
|
||||
image: "external-registry.souvap-univention.de/registry-souvap-univention-de/souvap/tooling/images/helm\
|
||||
@sha256:5a53455af45f4af5c97a01ee2dd5f9ef683f365b59f1ab0102505bc0fd37f6c5"
|
||||
script:
|
||||
- "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
|
||||
# MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
|
||||
@@ -233,18 +231,6 @@ services-deploy:
|
||||
variables:
|
||||
COMPONENT: "services"
|
||||
|
||||
ucs-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS == "yes")
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "univention-corporate-container"
|
||||
|
||||
provisioning-deploy:
|
||||
stage: "component-deploy-stage-2"
|
||||
extends: ".deploy-common"
|
||||
@@ -252,7 +238,7 @@ provisioning-deploy:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UCS != "no" || $DEPLOY_PROVISIONING != "no")
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UMS != "no" || $DEPLOY_PROVISIONING != "no")
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "provisioning"
|
||||
@@ -264,7 +250,7 @@ ums-deploy:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
$DEPLOY_UCS == "ums-eval"
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UMS != "no")
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "univention-management-stack"
|
||||
@@ -434,6 +420,19 @@ env-stop:
|
||||
variables:
|
||||
GIT_STRATEGY: "none"
|
||||
|
||||
.ums-default-password: &ums-default-password
|
||||
- |
|
||||
UMS_PASSWORDS=$( \
|
||||
kubectl -n ${NAMESPACE} get cm ums-stack-data-swp-data -o jsonpath='{.data.dev-test-users\.yaml}' \
|
||||
| yq '.properties.password' > passwords.txt \
|
||||
)
|
||||
DEFAULT_USER_PASSWORD=$( \
|
||||
awk 'NR==1{print $1}' passwords.txt \
|
||||
)
|
||||
DEFAULT_ADMIN_PASSWORD=$(
|
||||
awk 'NR==3{print $1}' passwords.txt \
|
||||
)
|
||||
|
||||
run-tests:
|
||||
extends: ".deploy-common"
|
||||
environment:
|
||||
@@ -444,24 +443,8 @@ run-tests:
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes"
|
||||
when: "always"
|
||||
script:
|
||||
- *ums-default-password
|
||||
- |
|
||||
UCS_CONTAINER_NAME=$( \
|
||||
kubectl -n ${NAMESPACE} get pods --no-headers --selector \
|
||||
'app.kubernetes.io/instance=univention-corporate-container' \
|
||||
| grep Running \
|
||||
| awk '{print $1}' \
|
||||
)
|
||||
DEFAULT_USER_PASSWORD=$( \
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_USER_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
DEFAULT_ADMIN_PASSWORD=$(
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_ADMIN_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
|
||||
curl --request POST \
|
||||
--header "Content-Type: application/json" \
|
||||
--data "{ \
|
||||
@@ -483,7 +466,7 @@ run-tests:
|
||||
\"DEPLOY_OPENPROJECT\": \"${DEPLOY_OPENPROJECT}\", \
|
||||
\"DEPLOY_OX\": \"${DEPLOY_OX}\", \
|
||||
\"DEPLOY_SERVICES\": \"${DEPLOY_SERVICES}\", \
|
||||
\"DEPLOY_UCS\": \"${DEPLOY_UCS}\", \
|
||||
\"DEPLOY_UCS\": \"${DEPLOY_UMS}\", \
|
||||
\"DEPLOY_XWIKI\": \"${DEPLOY_XWIKI}\", \
|
||||
\"DEPLOY_PROVISIONING\": \"${DEPLOY_PROVISIONING}\" \
|
||||
} \
|
||||
@@ -500,24 +483,8 @@ run-souvap-dev-tests:
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && $NAMESPACE =~ /.+/ && $RUN_UMS_TESTS == "yes"
|
||||
when: "always"
|
||||
script:
|
||||
- *ums-default-password
|
||||
- |
|
||||
UCS_CONTAINER_NAME=$( \
|
||||
kubectl -n ${NAMESPACE} get pods --no-headers --selector \
|
||||
'app.kubernetes.io/instance=univention-corporate-container' \
|
||||
| grep Running \
|
||||
| awk '{print $1}' \
|
||||
)
|
||||
DEFAULT_USER_PASSWORD=$( \
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_USER_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
DEFAULT_ADMIN_PASSWORD=$(
|
||||
kubectl -n ${NAMESPACE} describe pod ${UCS_CONTAINER_NAME} \
|
||||
| grep DEFAULT_ACCOUNT_ADMIN_PASSWORD \
|
||||
| awk '{print $2}' \
|
||||
)
|
||||
|
||||
curl --request POST \
|
||||
--header "Content-Type: application/json" \
|
||||
--data "{ \
|
||||
@@ -570,6 +537,14 @@ generate-release-assets:
|
||||
image: "registry.souvap-univention.de/souvap/tooling/images/semantic-release-patched:latest"
|
||||
tags: []
|
||||
|
||||
|
||||
conventional-commits-linter:
|
||||
rules:
|
||||
- if: "$JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'"
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
|
||||
common-yaml-linter:
|
||||
rules:
|
||||
- if: "$JOB_COMMON_YAML_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|triggers|web|merge_request_event'"
|
||||
|
||||
65
CHANGELOG.md
65
CHANGELOG.md
@@ -1,3 +1,68 @@
|
||||
## [0.5.70](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.69...v0.5.70) (2023-12-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Remove UCS container monolith and make UMS standard IAM ([450c434](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/450c434ed08120ad0757d672dc269a78362e780d))
|
||||
|
||||
## [0.5.69](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.68...v0.5.69) (2023-12-12)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Functional replacement for UCS container monolith, still optional. ([ce38714](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/ce38714a81ea3b0e1377e6ea2d640fb65f317396))
|
||||
|
||||
## [0.5.68](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.67...v0.5.68) (2023-12-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **jitsi:** Disable IP Blacklist ([6a649cb](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/6a649cb7f0d04736ccabcd27c035ef6d051f6fd5))
|
||||
* **open-xchange:** Update to latest version ([db4bfa4](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/db4bfa488401f10bad111ce03c20a60473c64837))
|
||||
|
||||
## [0.5.67](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.66...v0.5.67) (2023-12-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **services:** Use Charts from openCoDE registry ([cc0daa2](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/cc0daa2a22837c00583038ffd9df7e669004e84e))
|
||||
|
||||
## [0.5.66](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.65...v0.5.66) (2023-12-08)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Update Element and Widgets ([6a26299](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/6a26299a7507ae749ffcf25288d2cf5b24d220db))
|
||||
|
||||
## [0.5.65](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.64...v0.5.65) (2023-12-08)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Bump OX Connector ([83192b7](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/83192b78345c62465e2979195d9a1c882ddbf0ea))
|
||||
|
||||
## [0.5.64](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.63...v0.5.64) (2023-12-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Switch to release container and set home url link ([e67ab8f](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/e67ab8f4304a525b50a3a723c86d1e610313c594))
|
||||
|
||||
## [0.5.63](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.62...v0.5.63) (2023-12-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Remove Talk folder ([0ea5856](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/0ea585633b4bf72fe180ca744cc99d9e9f84998f))
|
||||
|
||||
## [0.5.62](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.61...v0.5.62) (2023-12-06)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **nextcloud:** Bump image to 27.1.4 and update Helm chart to configure "Shared_with_me" folder ([d04a603](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/d04a60349dbbff2d64ca2b36b9c44b75526bf859))
|
||||
* **univention-management-stack:** Update optional UMS preview state ([94ae3da](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/94ae3da78bd79c61fd7a22db5a541d473eea6a2e))
|
||||
|
||||
## [0.5.61](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.60...v0.5.61) (2023-12-05)
|
||||
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@ This service is used by:
|
||||
- Nextcloud (e.g. share file notifictions)
|
||||
- Open-Xchange (emails)
|
||||
- OpenProject (general notifications)
|
||||
- UCS (e.g. password reset emails)
|
||||
- UMS (e.g. password reset emails)
|
||||
- XWiki (e.g. change notifications)
|
||||
|
||||
## TURN Server
|
||||
|
||||
@@ -59,7 +59,7 @@ Valid commit scopes:
|
||||
- `openproject`
|
||||
- `provisioning`
|
||||
- `services`
|
||||
- `univention-corporate-container`
|
||||
- `univention-management-stack`
|
||||
- `xwiki`
|
||||
|
||||
## Semantic Release
|
||||
|
||||
@@ -48,7 +48,6 @@ While most components support upgrades, major configuration or component changes
|
||||
at the moment always installing from scratch.
|
||||
|
||||
Components that are going to be replaced soon are:
|
||||
- the UCS dev container monolith will be substituted by multiple Univention Management Stack containers,
|
||||
- the Nextcloud community container is going to be replaced by an openDesk specific Nextcloud distroless container and
|
||||
- Dovecot Community is going to be replaced by a Dovecot container tailored for the needs of the public sector.
|
||||
|
||||
|
||||
@@ -18,53 +18,59 @@ This document will cover the additional configuration to use external services l
|
||||
When deploying this suite to production, you need to configure the applications to use your production grade database
|
||||
service.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------|
|
||||
| Element | Synapse | PostgreSQL | | | |
|
||||
| | | | Name | `databases.synapse.name` | `matrix` |
|
||||
| | | | Host | `databases.synapse.host` | `postgresql` |
|
||||
| | | | Port | `databases.synapse.port` | `5432` |
|
||||
| | | | Username | `databases.synapse.username` | `matrix_user` |
|
||||
| | | | Password | `databases.synapse.password` | |
|
||||
| Keycloak | Keycloak | PostgreSQL | | | |
|
||||
| | | | Name | `databases.keycloak.name` | `keycloak` |
|
||||
| | | | Host | `databases.keycloak.host` | `postgresql` |
|
||||
| | | | Port | `databases.keycloak.port` | `5432` |
|
||||
| | | | Username | `databases.keycloak.username` | `keycloak_user` |
|
||||
| | | | Password | `databases.keycloak.password` | |
|
||||
| | Keycloak Extension | PostgreSQL | | | |
|
||||
| | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
|
||||
| | | | Host | `databases.keycloakExtension.host` | `postgresql` |
|
||||
| | | | Port | `databases.keycloakExtension.port` | `5432` |
|
||||
| | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
|
||||
| | | | Password | `databases.keycloakExtension.password` | |
|
||||
| UMS | Notifications API | PostgreSQL | | | |
|
||||
| | | | Name | `databases.notificationsApi.name` | `notificationsapi` |
|
||||
| | | | Host | `databases.notificationsApi.host` | `postgresql` |
|
||||
| | | | Port | `databases.notificationsApi.port` | `5432` |
|
||||
| | | | Username | `databases.notificationsApi.username` | `notificationsapi_user` |
|
||||
| | | | Password | `databases.notificationsApi.password` | |
|
||||
| Nextcloud | Nextcloud | MariaDB | | | |
|
||||
| | | | Name | `databases.nextcloud.name` | `nextcloud` |
|
||||
| | | | Host | `databases.nextcloud.host` | `mariadb` |
|
||||
| | | | Username | `databases.nextcloud.username` | `nextcloud_user` |
|
||||
| | | | Password | `databases.nextcloud.password` | |
|
||||
| OpenProject | OpenProject | PostgreSQL | | | |
|
||||
| | | | Name | `databases.openproject.name` | `openproject` |
|
||||
| | | | Host | `databases.openproject.host` | `postgresql` |
|
||||
| | | | Port | `databases.openproject.port` | `5432` |
|
||||
| | | | Username | `databases.openproject.username` | `openproject_user` |
|
||||
| | | | Password | `databases.openproject.password` | |
|
||||
| OX Appsuite | OX Appsuite | MariaDB | | | |
|
||||
| | | | Name | `databases.oxAppsuite.name` | `CONFIGDB` |
|
||||
| | | | Host | `databases.oxAppsuite.host` | `mariadb` |
|
||||
| | | | Username | `databases.oxAppsuite.username` | `root` |
|
||||
| | | | Password | `databases.oxAppsuite.password` | |
|
||||
| XWiki | XWiki | MariaDB | | | |
|
||||
| | | | Name | `databases.xwiki.name` | `xwiki` |
|
||||
| | | | Host | `databases.xwiki.host` | `mariadb` |
|
||||
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
|
||||
| | | | Password | `databases.xwiki.password` | |
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|-------------|--------------------|------------|-----------|------------------------------------------|----------------------------|
|
||||
| Element | Synapse | PostgreSQL | | | |
|
||||
| | | | Name | `databases.synapse.name` | `matrix` |
|
||||
| | | | Host | `databases.synapse.host` | `postgresql` |
|
||||
| | | | Port | `databases.synapse.port` | `5432` |
|
||||
| | | | Username | `databases.synapse.username` | `matrix_user` |
|
||||
| | | | Password | `databases.synapse.password` | |
|
||||
| Keycloak | Keycloak | PostgreSQL | | | |
|
||||
| | | | Name | `databases.keycloak.name` | `keycloak` |
|
||||
| | | | Host | `databases.keycloak.host` | `postgresql` |
|
||||
| | | | Port | `databases.keycloak.port` | `5432` |
|
||||
| | | | Username | `databases.keycloak.username` | `keycloak_user` |
|
||||
| | | | Password | `databases.keycloak.password` | |
|
||||
| | Keycloak Extension | PostgreSQL | | | |
|
||||
| | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
|
||||
| | | | Host | `databases.keycloakExtension.host` | `postgresql` |
|
||||
| | | | Port | `databases.keycloakExtension.port` | `5432` |
|
||||
| | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
|
||||
| | | | Password | `databases.keycloakExtension.password` | |
|
||||
| UMS | Notifications API | PostgreSQL | | | |
|
||||
| | | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
|
||||
| | | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
|
||||
| | | | Port | `databases.umsNotificationsApi.port` | `5432` |
|
||||
| | | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
|
||||
| | | | Password | `databases.umsNotificationsApi.password` | |
|
||||
| | Self Service | PostgreSQL | | | |
|
||||
| | | | Name | `databases.umsSelfservice.name` | `selfservice` |
|
||||
| | | | Host | `databases.umsSelfservice.host` | `postgresql` |
|
||||
| | | | Port | `databases.umsSelfservice.port` | `5432` |
|
||||
| | | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
|
||||
| | | | Password | `databases.umsSelfservice.password` | |
|
||||
| Nextcloud | Nextcloud | MariaDB | | | |
|
||||
| | | | Name | `databases.nextcloud.name` | `nextcloud` |
|
||||
| | | | Host | `databases.nextcloud.host` | `mariadb` |
|
||||
| | | | Username | `databases.nextcloud.username` | `nextcloud_user` |
|
||||
| | | | Password | `databases.nextcloud.password` | |
|
||||
| OpenProject | OpenProject | PostgreSQL | | | |
|
||||
| | | | Name | `databases.openproject.name` | `openproject` |
|
||||
| | | | Host | `databases.openproject.host` | `postgresql` |
|
||||
| | | | Port | `databases.openproject.port` | `5432` |
|
||||
| | | | Username | `databases.openproject.username` | `openproject_user` |
|
||||
| | | | Password | `databases.openproject.password` | |
|
||||
| OX Appsuite | OX Appsuite | MariaDB | | | |
|
||||
| | | | Name | `databases.oxAppsuite.name` | `CONFIGDB` |
|
||||
| | | | Host | `databases.oxAppsuite.host` | `mariadb` |
|
||||
| | | | Username | `databases.oxAppsuite.username` | `root` |
|
||||
| | | | Password | `databases.oxAppsuite.password` | |
|
||||
| XWiki | XWiki | MariaDB | | | |
|
||||
| | | | Name | `databases.xwiki.name` | `xwiki` |
|
||||
| | | | Host | `databases.xwiki.host` | `mariadb` |
|
||||
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
|
||||
| | | | Password | `databases.xwiki.password` | |
|
||||
|
||||
## Objectstore
|
||||
|
||||
@@ -99,3 +105,6 @@ service.
|
||||
| OpenProject | OpenProject | Memcached | | | |
|
||||
| | | | Host | `cache.openproject.host` | `memcached` |
|
||||
| | | | Port | `cache.openproject.port` | `11211` |
|
||||
| UMS | Self Service | Memcached | | | |
|
||||
| | | | Host | `cache.umsSelfservice.host` | `memcached` |
|
||||
| | | | Port | `cache.umsSelfservice.port` | `11211` |
|
||||
|
||||
@@ -12,7 +12,7 @@ This documentation should enable you to create your own evaluation instance of o
|
||||
* [Customize environment](#customize-environment)
|
||||
* [Domain](#domain)
|
||||
* [Apps](#apps)
|
||||
* [Private OCI registry](#private-oci-registry)
|
||||
* [Private Image registry](#private-image-registry)
|
||||
* [Private Helm registry](#private-helm-registry)
|
||||
* [Cluster capabilities](#cluster-capabilities)
|
||||
* [Service](#service)
|
||||
@@ -52,7 +52,7 @@ For the following guide, we will use `dev` as environment, where variables can b
|
||||
|
||||
### Domain
|
||||
|
||||
The deployment is designed to deploy each app under a subdomains. For your convenience, we recommend to create a
|
||||
The deployment is designed to deploy each app under a subdomains. For your convenience, we recommend to create a
|
||||
`*.domain.tld` A-Record to your cluster ingress controller, otherwise you need to create an A-Record for each subdomain.
|
||||
|
||||
A list of all subdomains can be found in `helmfile/environments/default/global.yaml`.
|
||||
@@ -118,8 +118,7 @@ All available apps and their default value can be found in `helmfile/environment
|
||||
| Postfix | `postfix.enabled` | `true` | MTA |
|
||||
| PostgreSQL | `postgresql.enabled` | `true` | Database |
|
||||
| Redis | `redis.enabled` | `true` | Cache Database |
|
||||
| Univention Corporate Server | `univentionCorporateServer.enabled` | `true` | Identity Management & Portal |
|
||||
| Univention Management Stack | `univentionManagementStack.enabled` | `false` | Identity Management & Portal |
|
||||
| Univention Management Stack | `univentionManagementStack.enabled` | `true` | Identity Management & Portal |
|
||||
| XWiki | `xwiki.enabled` | `true` | Knowledgebase |
|
||||
|
||||
Exemplary, Jitsi can be disabled like:
|
||||
@@ -129,9 +128,9 @@ jitsi:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
### Private OCI registry
|
||||
### Private Image registry
|
||||
|
||||
By default, all OCI artifacts are proxied via the project's container registry, which should get replaced soon by the
|
||||
By default, all OCI artifacts are proxied via the project's image registry, which should get replaced soon by the
|
||||
OCI registries provided by Open CoDE.
|
||||
|
||||
You also can set your own registry by:
|
||||
@@ -156,12 +155,32 @@ global:
|
||||
|
||||
### Private Helm registry
|
||||
|
||||
Some apps use Chart Museum style helm registries. You can use your own registry by setting this environment variable:
|
||||
Some apps use OCI style registry and some use Helm chart museum style registries.
|
||||
In `helmfile/environments/default/charts.yaml` you can find all helm charts used and modify their registry, repository
|
||||
or version.
|
||||
|
||||
```shell
|
||||
export PRIVATE_CHART_REPOSITORY_URL=charts.open.desk
|
||||
As an example, you can also use helmfile methods to use just a single environment variable to set registry and
|
||||
authentication for all OCI helm charts.
|
||||
|
||||
```yaml
|
||||
charts:
|
||||
certificates:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
```
|
||||
|
||||
There is a full example including http and OCI style registries in `examples/private-helm-registry.yaml.gotmpl`.
|
||||
The following environment variables have to be exposed when using the example:
|
||||
|
||||
| Environment variable | Description |
|
||||
|-------------------------------------|--------------------------------------------------------------------------------------------|
|
||||
| `OD_PRIVATE_HELM_OCI_REGISTRY` | Registry for OCI hosted helm charts, example: `external-registry.souvap-univention.de` |
|
||||
| `OD_PRIVATE_HELM_HTTP_REGISTRY` | Registry URI for http hosted helm charts, `https://external-registry.souvap-univention.de` |
|
||||
| `OD_PRIVATE_HELM_REGISTRY_USERNAME` | Username |
|
||||
| `OD_PRIVATE_HELM_REGISTRY_PASSWORD` | Password |
|
||||
|
||||
|
||||
### Cluster capabilities
|
||||
|
||||
#### Service
|
||||
@@ -296,7 +315,7 @@ certificate:
|
||||
|
||||
### Password seed
|
||||
|
||||
All secrets are generated from a single master password via Master Password (algorithm).
|
||||
All secrets are generated from a single master password via Master Password (algorithm).
|
||||
To prevent others from using your openDesk instance, we highly recommend setting an individual master password via:
|
||||
|
||||
```shell
|
||||
@@ -349,7 +368,7 @@ When all apps are successfully deployed and pod status' went to `Running` or `Su
|
||||
https://portal.domain.tld
|
||||
```
|
||||
|
||||
If you change the subdomain of `univentionCorporateServer` or `univentionManagementStack`, you need to replace `portal`
|
||||
If you change the subdomain of `univentionManagementStack`, you need to replace `portal`
|
||||
by your specified subdomain.
|
||||
|
||||
**Credentials:**
|
||||
@@ -358,20 +377,13 @@ by your specified subdomain.
|
||||
# Replace with your namespace
|
||||
NAMESPACE=your-namespace
|
||||
|
||||
# Get UCS container, which contains passwords as env var.
|
||||
CONTAINER=$(kubectl -n ${NAMESPACE} get po -l app.kubernetes.io/name=univention-corporate-container -o jsonpath='{.items[0].metadata.name}')
|
||||
# $ kubectl -n ${NAMESPACE} get po -l app.kubernetes.io/name=univention-corporate-container
|
||||
#
|
||||
# NAME READY STATUS RESTARTS AGE
|
||||
# univention-corporate-container-8665c6f8b7-nlhc6 1/1 Running 0 10m
|
||||
|
||||
|
||||
# Password of `default.user`
|
||||
kubectl -n ${NAMESPACE} get po ${CONTAINER} -o=jsonpath='{.spec.containers[0].env[?(@.name=="DEFAULT_ACCOUNT_USER_PASSWORD")].value}'
|
||||
# Get credentials from ConfigMap
|
||||
kubectl -n ${NAMESPACE} get cm ums-stack-data-swp-data -o jsonpath='{.data.dev-test-users\.yaml}' \
|
||||
| yq '.properties.username,.properties.password'
|
||||
# default.user
|
||||
# 40615..............................e9e2f
|
||||
|
||||
# Password of `default.admin`
|
||||
kubectl -n ${NAMESPACE} get po ${CONTAINER} -o=jsonpath='{.spec.containers[0].env[?(@.name=="DEFAULT_ACCOUNT_ADMIN_PASSWORD")].value}'
|
||||
# ---
|
||||
# default.admin
|
||||
# bdbbb..............................04db6
|
||||
```
|
||||
|
||||
|
||||
112
docs/security.md
112
docs/security.md
@@ -37,12 +37,11 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
|
||||
| opendesk-keycloak-bootstrap-repo | yes | :white_check_mark: |
|
||||
| opendesk-nextcloud-bootstrap-repo | yes | :white_check_mark: |
|
||||
| opendesk-open-xchange-bootstrap-repo | yes | :white_check_mark: |
|
||||
| openproject-repo | no | :x: |
|
||||
| openproject-repo | yes | :white_check_mark: |
|
||||
| openxchange-repo | yes | :x: |
|
||||
| ox-connector-repo | no | :x: |
|
||||
| postfix-repo | yes | :white_check_mark: |
|
||||
| postgresql-repo | yes | :white_check_mark: |
|
||||
| univention-corporate-container-repo | yes | :white_check_mark: |
|
||||
| ums-repo | no | :x: |
|
||||
| xwiki-repo | no | :x: |
|
||||
|
||||
@@ -51,55 +50,66 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
|
||||
This list gives you an overview of default security settings and if they comply with security standards:
|
||||
|
||||
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|-----------------|--------------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| CryptPad | npm | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||
| Dovecot | dovecot | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `KILL`, `NET_BIND_SERVICE`, `SETGID`, `SETUID`, `SYS_CHROOT`) | :white_check_mark: | :white_check_mark: | :x: | - | - | 1000 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| IntercomService | intercom-service | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | 1000 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||
| Minio | minio | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | 1000 |
|
||||
| Nextcloud | nextcloud | :x: | :white_check_mark: | :x: (`NET_BIND_SERVICE`, `SETGID`, `SETUID`) | :white_check_mark: | :x: | :x: | - | - | 33 |
|
||||
| | nextcloud-cron | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | 33 |
|
||||
| | opendesk-nextcloud-bootstrap | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | 33 |
|
||||
| Open-Xchange | core-documentconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||
| | core-guidedtours | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-imageconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||
| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - |
|
||||
| | core-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-ui-middleware | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-ui-middleware-updater | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-user-guide | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | gotenberg | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | guard-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | nextlcoud-integration-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | public-sector-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Redis | redis | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 0 | 1001 |
|
||||
| UCC | univention-corporate-container | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - |
|
||||
| XWiki | xwiki | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | xwiki initContainers | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|-----------------------------|------------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| CryptPad | npm | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||
| Dovecot | dovecot | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `KILL`, `NET_BIND_SERVICE`, `SETGID`, `SETUID`, `SYS_CHROOT`) | :white_check_mark: | :white_check_mark: | :x: | - | - | 1000 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| IntercomService | intercom-service | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | 1000 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||
| Minio | minio | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | 1000 |
|
||||
| Nextcloud | nextcloud | :x: | :white_check_mark: | :x: (`NET_BIND_SERVICE`, `SETGID`, `SETUID`) | :white_check_mark: | :x: | :x: | - | - | 33 |
|
||||
| | nextcloud-cron | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | 33 |
|
||||
| | opendesk-nextcloud-bootstrap | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | 33 |
|
||||
| Open-Xchange | core-documentconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||
| | core-guidedtours | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-imageconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - |
|
||||
| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - |
|
||||
| | core-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-ui-middleware | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-ui-middleware-updater | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | core-user-guide | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | gotenberg | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | guard-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | nextlcoud-integration-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | public-sector-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| OpenProject | openproject | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | 1000 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Redis | redis | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 0 | 1001 |
|
||||
| Univention Management Stack | ldap-notifier | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | ldap-server | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | notifications-api | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | portal-frontend | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | portal-listener | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | portal-server | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | selfservice-listener | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | stack-gateway | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | store-dav | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | udm-rest-api | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | umc-gateway | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | umc-server | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| XWiki | xwiki | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | xwiki initContainers | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
|
||||
## NetworkPolicies
|
||||
|
||||
|
||||
261
examples/private-helm-registry.yaml.gotmpl
Normal file
261
examples/private-helm-registry.yaml.gotmpl
Normal file
@@ -0,0 +1,261 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
charts:
|
||||
certificates:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
clamav:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
clamavSimple:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
collabora:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
cryptpad:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
dovecot:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
element:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
elementWellKnown:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
intercomService:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
istioResources:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
jitsi:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
keycloak:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
keycloakBootstrap:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
keycloakExtensions:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
keycloakTheme:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
mariadb:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
matrixNeoboardWidget:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
matrixNeochoiseWidget:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
matrixNeodatefixBot:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
matrixNeodatefixWidget:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
matrixUserVerificationService:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
memcached:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
minio:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
nextcloud:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
nextcloudBootstrap:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
nginx:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
openproject:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
openprojectBootstrap:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
openXchangeAppSuite:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
openXchangeAppSuiteBootstrap:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
otterize:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
oxConnector:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
postfix:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
postgresql:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
redis:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
synapse:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
synapseCreateAccount:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
synapseWeb:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsLdapNotifier:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsLdapServer:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsNotificationsApi:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsPortalFrontend:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsPortalListener:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsPortalServer:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsStackDataSwp:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsStackDataUms:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsStoreDav:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsUdmRestApi:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsUmcGateway:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
umsUmcServer:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
|
||||
xwiki:
|
||||
registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
|
||||
username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
|
||||
...
|
||||
@@ -8,7 +8,6 @@ helmfiles:
|
||||
# Path to the helmfile state file being processed BEFORE releases in this state file
|
||||
- path: "helmfile/apps/services/helmfile.yaml"
|
||||
- path: "helmfile/apps/keycloak/helmfile.yaml"
|
||||
- path: "helmfile/apps/univention-corporate-container/helmfile.yaml"
|
||||
- path: "helmfile/apps/univention-management-stack/helmfile.yaml"
|
||||
- path: "helmfile/apps/keycloak-bootstrap/helmfile.yaml"
|
||||
- path: "helmfile/apps/intercom-service/helmfile.yaml"
|
||||
|
||||
@@ -3,25 +3,20 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Collabora Online
|
||||
# Source: https://github.com/CollaboraOnline/online
|
||||
- name: "collabora-online-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://collaboraonline.github.io/online" }}
|
||||
username: {{ .Values.charts.collabora.username | quote }}
|
||||
password: {{ .Values.charts.collabora.password | quote }}
|
||||
oci: {{ .Values.charts.collabora.oci }}
|
||||
url: "{{ .Values.charts.collabora.registry }}/{{ .Values.charts.collabora.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://collaboraonline.github.io/online
|
||||
# packageName=collabora-online
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "collabora-online"
|
||||
chart: "collabora-online-repo/collabora-online"
|
||||
version: "1.0.2"
|
||||
chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}"
|
||||
version: "{{ .Values.charts.collabora.version }}"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
|
||||
@@ -3,25 +3,20 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# CryptPad
|
||||
# Source: https://github.com/cryptpad/helm
|
||||
- name: "cryptpad-online-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://cryptpad.github.io/helm" }}
|
||||
- name: "cryptpad-repo"
|
||||
username: {{ .Values.charts.cryptpad.username | quote }}
|
||||
password: {{ .Values.charts.cryptpad.password | quote }}
|
||||
oci: {{ .Values.charts.cryptpad.oci }}
|
||||
url: "{{ .Values.charts.cryptpad.registry }}/{{ .Values.charts.cryptpad.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://cryptpad.github.io/helm
|
||||
# packageName=cryptpad
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "cryptpad"
|
||||
chart: "cryptpad-online-repo/cryptpad"
|
||||
version: "0.0.14"
|
||||
chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}"
|
||||
version: "{{ .Values.charts.cryptpad.version }}"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
|
||||
@@ -7,177 +7,176 @@ bases:
|
||||
repositories:
|
||||
# openDesk Element
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/sovereign-workplace-element
|
||||
- name: "opendesk-element-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
- name: "element-repo"
|
||||
oci: {{ .Values.charts.element.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.element.verify }}
|
||||
username: {{ .Values.charts.element.username | quote }}
|
||||
password: {{ .Values.charts.element.password | quote }}
|
||||
url: "{{ .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}"
|
||||
- name: "element-well-known-repo"
|
||||
oci: {{ .Values.charts.elementWellKnown.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.elementWellKnown.verify }}
|
||||
username: {{ .Values.charts.elementWellKnown.username | quote }}
|
||||
password: {{ .Values.charts.elementWellKnown.password | quote }}
|
||||
url: "{{ .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}"
|
||||
- name: "synapse-web-repo"
|
||||
oci: {{ .Values.charts.synapseWeb.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.synapseWeb.verify }}
|
||||
username: {{ .Values.charts.synapseWeb.username | quote }}
|
||||
password: {{ .Values.charts.synapseWeb.password | quote }}
|
||||
url: "{{ .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}"
|
||||
- name: "synapse-repo"
|
||||
oci: {{ .Values.charts.synapse.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.synapse.verify }}
|
||||
username: {{ .Values.charts.synapse.username | quote }}
|
||||
password: {{ .Values.charts.synapse.password | quote }}
|
||||
url: "{{ .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}"
|
||||
- name: "synapse-create-account-repo"
|
||||
oci: {{ .Values.charts.synapseCreateAccount.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.synapseCreateAccount.verify }}
|
||||
username: {{ .Values.charts.synapseCreateAccount.username | quote }}
|
||||
password: {{ .Values.charts.synapseCreateAccount.password | quote }}
|
||||
url: "{{ .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}"
|
||||
|
||||
# openDesk Matrix Widgets
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets
|
||||
- name: "opendesk-matrix-widgets-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
- name: "matrix-user-verification-service-repo"
|
||||
oci: {{ .Values.charts.matrixUserVerificationService.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.matrixUserVerificationService.verify }}
|
||||
username: {{ .Values.charts.matrixUserVerificationService.username | quote }}
|
||||
password: {{ .Values.charts.matrixUserVerificationService.password | quote }}
|
||||
url: "{{ .Values.charts.matrixUserVerificationService.registry }}/\
|
||||
{{ .Values.charts.matrixUserVerificationService.repository }}"
|
||||
- name: "matrix-neoboard-widget-repo"
|
||||
oci: {{ .Values.charts.matrixNeoboardWidget.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
|
||||
username: {{ .Values.charts.matrixNeoboardWidget.username | quote }}
|
||||
password: {{ .Values.charts.matrixNeoboardWidget.password | quote }}
|
||||
url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
|
||||
- name: "matrix-neochoice-widget-repo"
|
||||
oci: {{ .Values.charts.matrixNeoboardWidget.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
|
||||
username: {{ .Values.charts.matrixNeoboardWidget.username | quote }}
|
||||
password: {{ .Values.charts.matrixNeoboardWidget.password | quote }}
|
||||
url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
|
||||
- name: "matrix-neodatefix-widget-repo"
|
||||
oci: {{ .Values.charts.matrixNeodatefixWidget.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
|
||||
username: {{ .Values.charts.matrixNeodatefixWidget.username | quote }}
|
||||
password: {{ .Values.charts.matrixNeodatefixWidget.password | quote }}
|
||||
url: "{{ .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}"
|
||||
- name: "matrix-neodatefix-bot-repo"
|
||||
oci: {{ .Values.charts.matrixNeodatefixBot.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
|
||||
username: {{ .Values.charts.matrixNeodatefixBot.username | quote }}
|
||||
password: {{ .Values.charts.matrixNeodatefixBot.password | quote }}
|
||||
url: "{{ .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}"
|
||||
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-element"
|
||||
chart: "opendesk-element-repo/opendesk-element"
|
||||
version: "2.5.1"
|
||||
chart: "element-repo/{{ .Values.charts.element.name }}"
|
||||
version: "{{ .Values.charts.element.version }}"
|
||||
values:
|
||||
- "values-element.yaml"
|
||||
- "values-element.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-well-known"
|
||||
chart: "opendesk-element-repo/opendesk-well-known"
|
||||
version: "2.5.1"
|
||||
chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}"
|
||||
version: "{{ .Values.charts.elementWellKnown.version }}"
|
||||
values:
|
||||
- "values-well-known.yaml"
|
||||
- "values-well-known.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-synapse-web"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||
version: "2.5.1"
|
||||
chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}"
|
||||
version: "{{ .Values.charts.synapseWeb.version }}"
|
||||
values:
|
||||
- "values-synapse-web.yaml"
|
||||
- "values-synapse-web.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-synapse"
|
||||
chart: "opendesk-element-repo/opendesk-synapse"
|
||||
version: "2.5.1"
|
||||
chart: "synapse-repo/{{ .Values.charts.synapse.name }}"
|
||||
version: "{{ .Values.charts.synapse.version }}"
|
||||
values:
|
||||
- "values-synapse.yaml"
|
||||
- "values-synapse.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.1"
|
||||
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
|
||||
version: "{{ .Values.charts.synapseCreateAccount.version }}"
|
||||
values:
|
||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-matrix-user-verification-service"
|
||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||
version: "2.5.1"
|
||||
chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}"
|
||||
version: "{{ .Values.charts.matrixUserVerificationService.version }}"
|
||||
values:
|
||||
- "values-matrix-user-verification-service.yaml"
|
||||
- "values-matrix-user-verification-service.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neoboard-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
|
||||
version: "3.2.0"
|
||||
chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}"
|
||||
version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
|
||||
values:
|
||||
- "values-matrix-neoboard-widget.yaml"
|
||||
- "values-matrix-neoboard-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neochoice-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
|
||||
version: "3.2.0"
|
||||
chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}"
|
||||
version: "{{ .Values.charts.matrixNeochoiseWidget.version }}"
|
||||
values:
|
||||
- "values-matrix-neochoice-widget.yaml"
|
||||
- "values-matrix-neochoice-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neodatefix-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
|
||||
version: "3.2.0"
|
||||
chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}"
|
||||
version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
|
||||
values:
|
||||
- "values-matrix-neodatefix-widget.yaml"
|
||||
- "values-matrix-neodatefix-widget.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neodatefix-bot-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.1"
|
||||
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
|
||||
version: "{{ .Values.charts.synapseCreateAccount.version }}"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||
installed: {{ .Values.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "matrix-neodatefix-bot"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
|
||||
version: "3.2.0"
|
||||
chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}"
|
||||
version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot.yaml"
|
||||
- "values-matrix-neodatefix-bot.gotmpl"
|
||||
|
||||
@@ -13,15 +13,15 @@ global:
|
||||
|
||||
configuration:
|
||||
additionalConfiguration:
|
||||
logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
|
||||
"net.nordeck.element_web.module.opendesk":
|
||||
config:
|
||||
banner:
|
||||
ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
|
||||
ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
|
||||
portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/"
|
||||
portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
portal_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/"
|
||||
custom_css_variables:
|
||||
--cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
|
||||
widget_types:
|
||||
|
||||
@@ -22,6 +22,8 @@ extraEnvVars:
|
||||
secretKeyRef:
|
||||
name: "opendesk-matrix-user-verification-service-account"
|
||||
key: "access_token"
|
||||
- name: "UVS_DISABLE_IP_BLACKLIST"
|
||||
value: "true"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
|
||||
@@ -3,28 +3,22 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Intercom Service
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
|
||||
- name: "intercom-service-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/intercom-service" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.intercomService.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.intercomService.verify }}
|
||||
username: {{ .Values.charts.intercomService.username | quote }}
|
||||
password: {{ .Values.charts.intercomService.password | quote }}
|
||||
url: "{{ .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/intercom-service/intercom-service
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "intercom-service"
|
||||
chart: "intercom-service-repo/intercom-service"
|
||||
version: "2.0.1"
|
||||
chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}"
|
||||
version: "{{ .Values.charts.intercomService.version }}"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
|
||||
@@ -3,28 +3,22 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Jitsi
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-jitsi
|
||||
- name: "jitsi-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.jitsi.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.jitsi.verify }}
|
||||
username: {{ .Values.charts.jitsi.username | quote }}
|
||||
password: {{ .Values.charts.jitsi.password | quote }}
|
||||
url: "{{ .Values.charts.jitsi.registry }}/{{ .Values.charts.jitsi.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "jitsi"
|
||||
chart: "jitsi-repo/sovereign-workplace-jitsi"
|
||||
version: "1.7.1"
|
||||
chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}"
|
||||
version: "{{ .Values.charts.jitsi.version }}"
|
||||
values:
|
||||
- "values-jitsi.gotmpl"
|
||||
installed: {{ .Values.jitsi.enabled }}
|
||||
|
||||
@@ -60,7 +60,7 @@ jitsi:
|
||||
- name: "AUTH_TYPE"
|
||||
value: "hybrid_matrix_token"
|
||||
- name: "JWT_APP_ID"
|
||||
value: "myappid"
|
||||
value: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
|
||||
- name: "JWT_APP_SECRET"
|
||||
value: {{ .Values.secrets.jitsi.jwtAppSecret | quote }}
|
||||
- name: "MATRIX_UVS_SYNC_POWER_LEVELS"
|
||||
|
||||
@@ -3,30 +3,22 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Keycloak Bootstrap
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-bootstrap
|
||||
- name: "opendesk-keycloak-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
oci: {{ .Values.charts.keycloakBootstrap.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.keycloakBootstrap.verify }}
|
||||
username: {{ .Values.charts.keycloakBootstrap.username | quote }}
|
||||
password: {{ .Values.charts.keycloakBootstrap.password | quote }}
|
||||
url: "{{ .Values.charts.keycloakBootstrap.registry }}/{{ .Values.charts.keycloakBootstrap.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-keycloak-bootstrap/opendesk-keycloak-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-keycloak-bootstrap"
|
||||
chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
|
||||
version: "1.1.12"
|
||||
chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.keycloakBootstrap.name }}"
|
||||
version: "{{ .Values.charts.keycloakBootstrap.version }}"
|
||||
values:
|
||||
- "values-bootstrap.gotmpl"
|
||||
- "values-bootstrap.yaml"
|
||||
|
||||
@@ -3,54 +3,46 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# VMWare Bitnami
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
- name: "keycloak-repo"
|
||||
oci: {{ .Values.charts.keycloak.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.keycloak.verify }}
|
||||
username: {{ .Values.charts.keycloak.username | quote }}
|
||||
password: {{ .Values.charts.keycloak.password | quote }}
|
||||
url: "{{ .Values.charts.keycloak.registry }}/{{ .Values.charts.keycloak.repository }}"
|
||||
|
||||
# openDesk Keycloak Theme
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-keycloak-theme
|
||||
- name: "keycloak-theme-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/keycloak-theme" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.keycloakTheme.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.keycloakTheme.verify }}
|
||||
username: {{ .Values.charts.keycloakTheme.username | quote }}
|
||||
password: {{ .Values.charts.keycloakTheme.password | quote }}
|
||||
url: "{{ .Values.charts.keycloakTheme.registry }}/{{ .Values.charts.keycloakTheme.repository }}"
|
||||
|
||||
# openDesk Keycloak Extensions
|
||||
- name: "keycloak-extensions-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }}
|
||||
oci: {{ .Values.charts.keycloakExtensions.oci }}
|
||||
username: {{ .Values.charts.keycloakExtensions.username | quote }}
|
||||
password: {{ .Values.charts.keycloakExtensions.password | quote }}
|
||||
url: "{{ .Values.charts.keycloakExtensions.registry }}/{{ .Values.charts.keycloakExtensions.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "keycloak-theme"
|
||||
chart: "keycloak-theme-repo/opendesk-keycloak-theme"
|
||||
version: "2.0.0"
|
||||
chart: "keycloak-theme-repo/{{ .Values.charts.keycloakTheme.name }}"
|
||||
version: "{{ .Values.charts.keycloakTheme.version }}"
|
||||
values:
|
||||
- "values-theme.gotmpl"
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/keycloak
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "keycloak"
|
||||
chart: "bitnami-repo/keycloak"
|
||||
version: "12.1.5"
|
||||
chart: "keycloak-repo/{{ .Values.charts.keycloak.name }}"
|
||||
version: "{{ .Values.charts.keycloak.version }}"
|
||||
values:
|
||||
- "values-keycloak.gotmpl"
|
||||
- "values-keycloak.yaml"
|
||||
@@ -58,14 +50,9 @@ releases:
|
||||
wait: true
|
||||
installed: {{ .Values.keycloak.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable
|
||||
# packageName=keycloak-extensions
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "keycloak-extensions"
|
||||
chart: "keycloak-extensions-repo/keycloak-extensions"
|
||||
version: "0.1.0"
|
||||
chart: "keycloak-extensions-repo/{{ .Values.charts.keycloakExtensions.name }}"
|
||||
version: "{{ .Values.charts.keycloakExtensions.version }}"
|
||||
needs:
|
||||
- "keycloak"
|
||||
values:
|
||||
|
||||
@@ -42,7 +42,7 @@ keycloakConfigCli:
|
||||
- name: "KEYCLOAK_AVAILABILITYCHECK_TIMEOUT"
|
||||
value: "600s"
|
||||
- name: "UNIVENTION_CORPORATE_SERVER_DOMAIN"
|
||||
value: "{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
value: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
- name: "KEYCLOAK_DOMAIN"
|
||||
value: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
- name: "OPENXCHANGE_8_DOMAIN"
|
||||
@@ -78,7 +78,7 @@ keycloakConfigCli:
|
||||
- name: "KEYCLOAK_STORAGEPROVICER_UCSLDAP_NAME"
|
||||
value: "storage_provider_ucsldap"
|
||||
- name: "LDAPSEARCH_PASSWORD"
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
|
||||
value: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }}
|
||||
- name: "LDAPSEARCH_USERNAME"
|
||||
value: "ldapsearch_keycloak"
|
||||
resources:
|
||||
|
||||
@@ -3,37 +3,30 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Keycloak Bootstrap
|
||||
# Source:
|
||||
# https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap
|
||||
- name: "opendesk-nextcloud-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap
|
||||
- name: "nextcloud-bootstrap-repo"
|
||||
oci: {{ .Values.charts.nextcloudBootstrap.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.nextcloudBootstrap.verify }}
|
||||
username: {{ .Values.charts.nextcloudBootstrap.username | quote }}
|
||||
password: {{ .Values.charts.nextcloudBootstrap.password | quote }}
|
||||
url: "{{ .Values.charts.nextcloudBootstrap.registry }}/{{ .Values.charts.nextcloudBootstrap.repository }}"
|
||||
|
||||
# Nextcloud
|
||||
# Source: https://github.com/nextcloud/helm/
|
||||
- name: "nextcloud-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://nextcloud.github.io/helm/" }}
|
||||
oci: {{ .Values.charts.nextcloud.oci }}
|
||||
username: {{ .Values.charts.nextcloud.username | quote }}
|
||||
password: {{ .Values.charts.nextcloud.password | quote }}
|
||||
url: "{{ .Values.charts.nextcloud.registry }}/{{ .Values.charts.nextcloud.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-nextcloud-bootstrap"
|
||||
chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
|
||||
version: "3.2.4"
|
||||
chart: "nextcloud-bootstrap-repo/{{ .Values.charts.nextcloudBootstrap.name }}"
|
||||
version: "{{ .Values.charts.nextcloudBootstrap.version }}"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
@@ -42,14 +35,9 @@ releases:
|
||||
installed: {{ .Values.nextcloud.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://nextcloud.github.io/helm
|
||||
# packageName=nextcloud
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "nextcloud"
|
||||
chart: "nextcloud-repo/nextcloud"
|
||||
version: "3.5.19"
|
||||
chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}"
|
||||
version: "{{ .Values.charts.nextcloud.version }}"
|
||||
needs:
|
||||
- "opendesk-nextcloud-bootstrap"
|
||||
values:
|
||||
|
||||
@@ -37,7 +37,7 @@ config:
|
||||
|
||||
ldapSearch:
|
||||
host: {{ .Values.ldap.host | quote }}
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
||||
password: {{ .Values.secrets.univentionManagementStack.ldapSearch.nextcloud | quote }}
|
||||
|
||||
serverinfo:
|
||||
token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||
|
||||
@@ -3,58 +3,49 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Dovecot
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-dovecot
|
||||
- name: "opendesk-dovecot-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/dovecot" }}
|
||||
verify: true
|
||||
- name: "dovecot-repo"
|
||||
oci: {{ .Values.charts.dovecot.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.dovecot.verify }}
|
||||
username: {{ .Values.charts.dovecot.username | quote }}
|
||||
password: {{ .Values.charts.dovecot.password | quote }}
|
||||
url: "{{ .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}"
|
||||
|
||||
# Open-Xchange
|
||||
- name: "openxchange-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
|
||||
- name: "open-xchange-repo"
|
||||
oci: {{ .Values.charts.openXchangeAppSuite.oci }}
|
||||
username: {{ .Values.charts.openXchangeAppSuite.username | quote }}
|
||||
password: {{ .Values.charts.openXchangeAppSuite.password | quote }}
|
||||
url: "{{ .Values.charts.openXchangeAppSuite.registry }}/{{ .Values.charts.openXchangeAppSuite.repository }}"
|
||||
|
||||
# openDesk Open-Xchange Bootstrap
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-open-xchange-bootstrap
|
||||
- name: "opendesk-open-xchange-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
- name: "open-xchange-bootstrap-repo"
|
||||
oci: {{ .Values.charts.openXchangeAppSuiteBootstrap.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }}
|
||||
username: {{ .Values.charts.openXchangeAppSuiteBootstrap.username | quote }}
|
||||
password: {{ .Values.charts.openXchangeAppSuiteBootstrap.password | quote }}
|
||||
url: "{{ .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\
|
||||
{{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/dovecot/dovecot
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "dovecot"
|
||||
chart: "opendesk-dovecot-repo/dovecot"
|
||||
version: "1.3.6"
|
||||
chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}"
|
||||
version: "{{ .Values.charts.dovecot.version }}"
|
||||
values:
|
||||
- "values-dovecot.yaml"
|
||||
- "values-dovecot.gotmpl"
|
||||
installed: {{ .Values.dovecot.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# packageName=appsuite-public-sector/charts/appsuite-public-sector
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "open-xchange"
|
||||
chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
|
||||
version: "2.1.1"
|
||||
chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}"
|
||||
version: "{{ .Values.charts.openXchangeAppSuite.version }}"
|
||||
values:
|
||||
- "values-openxchange.yaml"
|
||||
- "values-openxchange.gotmpl"
|
||||
@@ -63,14 +54,9 @@ releases:
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-open-xchange-bootstrap"
|
||||
chart: "opendesk-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
|
||||
version: "1.3.1"
|
||||
chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}"
|
||||
version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}"
|
||||
values:
|
||||
- "values-openxchange-bootstrap.gotmpl"
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
|
||||
@@ -20,7 +20,7 @@ dovecot:
|
||||
ldap:
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
host: {{ .Values.ldap.host | quote }}
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
password: {{ .Values.secrets.univentionManagementStack.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
|
||||
introspectionPath: "/realms/souvap/protocol/openid-connect/token/introspect"
|
||||
|
||||
@@ -14,5 +14,5 @@ appsuite:
|
||||
port: 389
|
||||
auth:
|
||||
adminDN:
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
password: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
|
||||
...
|
||||
|
||||
@@ -81,21 +81,21 @@ appsuite:
|
||||
"com.openexchange.oidc.clientSecret": {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
"com.openexchange.oidc.rpRedirectURIPostSSOLogout": "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/logout"
|
||||
"com.openexchange.oidc.opLogoutEndpoint": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
|
||||
"com.openexchange.oidc.rpRedirectURILogout": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
"com.openexchange.oidc.rpRedirectURILogout": "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
secretProperties:
|
||||
com.openexchange.cookie.hash.salt: {{ .Values.secrets.oxAppsuite.cookieHashSalt | quote }}
|
||||
com.openexchange.sessiond.encryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey | quote }}
|
||||
com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }}
|
||||
propertiesFiles:
|
||||
"/opt/open-xchange/etc/ldapauth.properties":
|
||||
bindDNPassword: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
bindDNPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
|
||||
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal"
|
||||
uiSettings:
|
||||
"io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
||||
"io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
||||
# Dynamic theme
|
||||
io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }}
|
||||
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }}
|
||||
io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }}
|
||||
io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }}
|
||||
|
||||
@@ -150,6 +150,9 @@ appsuite:
|
||||
io.ox/core//coloredIcons: "false"
|
||||
# Mail templates
|
||||
io.ox/core//features/templates: "true"
|
||||
# Contact Collector
|
||||
io.ox/mail//contactCollectOnMailTransport: "true"
|
||||
# io.ox/mail//contactCollectOnMailAccess: "true"
|
||||
|
||||
asConfig:
|
||||
default:
|
||||
|
||||
@@ -3,30 +3,22 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk OpenProject Bootstrap
|
||||
# Source: Set when repo is managed on Open CoDE
|
||||
- name: "opendesk-openproject-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
- name: "openproject-bootstrap-repo"
|
||||
oci: {{ .Values.charts.openprojectBootstrap.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.openprojectBootstrap.verify }}
|
||||
username: {{ .Values.charts.openprojectBootstrap.username | quote }}
|
||||
password: {{ .Values.charts.openprojectBootstrap.password | quote }}
|
||||
url: "{{ .Values.charts.openprojectBootstrap.registry }}/{{ .Values.charts.openprojectBootstrap.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "opendesk-openproject-bootstrap"
|
||||
chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap"
|
||||
version: "1.2.1"
|
||||
chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}"
|
||||
version: "{{ .Values.charts.openprojectBootstrap.version }}"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
|
||||
@@ -3,27 +3,22 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# OpenProject
|
||||
# Source: https://github.com/opf/helm-charts
|
||||
- name: "openproject-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://charts.openproject.org" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.openproject.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/openproject-com.gpg"
|
||||
verify: {{ .Values.charts.openproject.verify }}
|
||||
username: {{ .Values.charts.openproject.username | quote }}
|
||||
password: {{ .Values.charts.openproject.password | quote }}
|
||||
url: "{{ .Values.charts.openproject.registry }}/{{ .Values.charts.openproject.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://charts.openproject.org
|
||||
# packageName=openproject
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "openproject"
|
||||
chart: "openproject-repo/openproject"
|
||||
version: "2.6.2"
|
||||
chart: "openproject-repo/{{ .Values.charts.openproject.name }}"
|
||||
version: "{{ .Values.charts.openproject.version }}"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
|
||||
@@ -67,7 +67,7 @@ environment:
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }}
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.domain | quote }}
|
||||
OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }}
|
||||
OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }}
|
||||
@@ -76,7 +76,7 @@ environment:
|
||||
OPENPROJECT_SMTP__ADDRESS: {{ .Values.smtp.host | quote }}
|
||||
OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
|
||||
# Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSearch.openproject | quote }}
|
||||
{{ if ne .Values.objectstores.openproject.backend "aws" }}
|
||||
OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: {{ .Values.objectstores.openproject.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||
OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
|
||||
@@ -86,7 +86,8 @@ environment:
|
||||
OPENPROJECT_FOG_CREDENTIALS_PROVIDER: {{ .Values.objectstores.openproject.provider | default "AWS" | quote }}
|
||||
OPENPROJECT_FOG_CREDENTIALS_REGION: {{ .Values.objectstores.openproject.region | quote }}
|
||||
OPENPROJECT_FOG_DIRECTORY: {{ .Values.objectstores.openproject.bucket | quote }}
|
||||
OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE : {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}
|
||||
OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE: {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}
|
||||
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.openproject }}
|
||||
|
||||
|
||||
@@ -30,11 +30,18 @@ openproject:
|
||||
# seed will only be executed on initial installation
|
||||
seed_locale: "de"
|
||||
|
||||
securityContext:
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
@@ -3,24 +3,19 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# OX Connector
|
||||
- name: "ox-connector-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }}
|
||||
oci: {{ .Values.charts.oxConnector.oci }}
|
||||
username: {{ .Values.charts.oxConnector.username | quote }}
|
||||
password: {{ .Values.charts.oxConnector.password | quote }}
|
||||
url: "{{ .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable
|
||||
# packageName=ox-connector
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ox-connector"
|
||||
chart: "ox-connector-repo/ox-connector"
|
||||
version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
|
||||
chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}"
|
||||
version: "{{ .Values.charts.oxConnector.version }}"
|
||||
values:
|
||||
- "values-oxconnector.yaml"
|
||||
- "values-oxconnector.gotmpl"
|
||||
|
||||
@@ -26,7 +26,7 @@ oxConnector:
|
||||
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
oxDefaultContext: "1"
|
||||
ldapPassword: {{ if eq .Values.ldap.host "univention-corporate-container" }} "ucctempldapstring" {{ else }} {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} {{ end }}
|
||||
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.oxConnector | toYaml | nindent 2 }}
|
||||
|
||||
@@ -3,224 +3,194 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Otterize
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-otterize
|
||||
- name: "opendesk-otterize-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-otterize" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
- name: "otterize-repo"
|
||||
oci: {{ .Values.charts.otterize.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.otterize.verify }}
|
||||
username: {{ .Values.charts.otterize.username | quote }}
|
||||
password: {{ .Values.charts.otterize.password | quote }}
|
||||
url: "{{ .Values.charts.otterize.registry }}/{{ .Values.charts.otterize.repository }}"
|
||||
|
||||
# openDesk Certificates
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-certificates
|
||||
- name: "opendesk-certificates-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
- name: "certificates-repo"
|
||||
oci: {{ .Values.charts.certificates.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.certificates.verify }}
|
||||
username: {{ .Values.charts.certificates.username | quote }}
|
||||
password: {{ .Values.charts.certificates.password | quote }}
|
||||
url: "{{ .Values.charts.certificates.registry }}/{{ .Values.charts.certificates.repository }}"
|
||||
|
||||
# openDesk PostgreSQL
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postgresql
|
||||
- name: "postgresql-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postgresql" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.postgresql.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.postgresql.verify }}
|
||||
username: {{ .Values.charts.postgresql.username | quote }}
|
||||
password: {{ .Values.charts.postgresql.password | quote }}
|
||||
url: "{{ .Values.charts.postgresql.registry }}/{{ .Values.charts.postgresql.repository }}"
|
||||
|
||||
# openDesk MariaDB
|
||||
# Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-mariadb
|
||||
# Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-mariadb
|
||||
- name: "mariadb-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/mariadb" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
oci: {{ .Values.charts.mariadb.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.mariadb.verify }}
|
||||
username: {{ .Values.charts.mariadb.username | quote }}
|
||||
password: {{ .Values.charts.mariadb.password | quote }}
|
||||
url: "{{ .Values.charts.mariadb.registry }}/{{ .Values.charts.mariadb.repository }}"
|
||||
|
||||
# openDesk Postfix
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postfix
|
||||
- name: "postfix-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postfix" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.postfix.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.postfix.verify }}
|
||||
username: {{ .Values.charts.postfix.username | quote }}
|
||||
password: {{ .Values.charts.postfix.password | quote }}
|
||||
url: "{{ .Values.charts.postfix.registry }}/{{ .Values.charts.postfix.repository }}"
|
||||
|
||||
# openDesk Istio Resources
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-istio-resources
|
||||
- name: "istio-resources-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/istio-ressources" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.istioResources.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.istioResources.verify }}
|
||||
username: {{ .Values.charts.istioResources.username | quote }}
|
||||
password: {{ .Values.charts.istioResources.password | quote }}
|
||||
url: "{{ .Values.charts.istioResources.registry }}/{{ .Values.charts.istioResources.repository }}"
|
||||
|
||||
# openDesk ClamAV
|
||||
# https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-clamav
|
||||
- name: "clamav-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/clamav" }}
|
||||
verify: true
|
||||
oci: {{ .Values.charts.clamav.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.clamav.verify }}
|
||||
username: {{ .Values.charts.clamav.username | quote }}
|
||||
password: {{ .Values.charts.clamav.password | quote }}
|
||||
url: "{{ .Values.charts.clamav.registry }}/{{ .Values.charts.clamav.repository }}"
|
||||
- name: "clamav-simple-repo"
|
||||
oci: {{ .Values.charts.clamavSimple.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.clamavSimple.verify }}
|
||||
username: {{ .Values.charts.clamavSimple.username | quote }}
|
||||
password: {{ .Values.charts.clamavSimple.password | quote }}
|
||||
url: "{{ .Values.charts.clamavSimple.registry }}/{{ .Values.charts.clamavSimple.repository }}"
|
||||
|
||||
# VMWare Bitnami
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "bitnami-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
- name: "memcached-repo"
|
||||
oci: {{ .Values.charts.memcached.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.memcached.verify }}
|
||||
username: {{ .Values.charts.memcached.username | quote }}
|
||||
password: {{ .Values.charts.memcached.password | quote }}
|
||||
url: "{{ .Values.charts.memcached.registry }}/{{ .Values.charts.memcached.repository }}"
|
||||
- name: "redis-repo"
|
||||
oci: {{ .Values.charts.redis.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.redis.verify }}
|
||||
username: {{ .Values.charts.redis.username | quote }}
|
||||
password: {{ .Values.charts.redis.password | quote }}
|
||||
url: "{{ .Values.charts.redis.registry }}/{{ .Values.charts.redis.repository }}"
|
||||
- name: "minio-repo"
|
||||
oci: {{ .Values.charts.minio.oci }}
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.minio.verify }}
|
||||
username: {{ .Values.charts.minio.username | quote }}
|
||||
password: {{ .Values.charts.minio.password | quote }}
|
||||
url: "{{ .Values.charts.minio.registry }}/{{ .Values.charts.minio.repository }}"
|
||||
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "opendesk-otterize"
|
||||
chart: "opendesk-otterize-repo/opendesk-otterize"
|
||||
version: "1.1.2"
|
||||
chart: "otterize-repo/{{ .Values.charts.otterize.name }}"
|
||||
version: "{{ .Values.charts.otterize.version }}"
|
||||
values:
|
||||
- "values-otterize.gotmpl"
|
||||
installed: {{ .Values.security.otterizeIntents.enabled }}
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
|
||||
- name: "opendesk-certificates"
|
||||
chart: "opendesk-certificates-repo/opendesk-certificates"
|
||||
version: "2.1.0"
|
||||
chart: "certificates-repo/{{ .Values.charts.certificates.name }}"
|
||||
version: "{{ .Values.charts.certificates.version }}"
|
||||
values:
|
||||
- "values-certificates.gotmpl"
|
||||
installed: {{ .Values.certificates.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/redis
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "redis"
|
||||
chart: "bitnami-repo/redis"
|
||||
version: "18.1.2"
|
||||
chart: "redis-repo/{{ .Values.charts.redis.name }}"
|
||||
version: "{{ .Values.charts.redis.version }}"
|
||||
values:
|
||||
- "values-redis.gotmpl"
|
||||
- "values-redis.yaml"
|
||||
installed: {{ .Values.redis.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/memcached
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "memcached"
|
||||
chart: "bitnami-repo/memcached"
|
||||
version: "6.6.2"
|
||||
chart: "memcached-repo/{{ .Values.charts.memcached.name }}"
|
||||
version: "{{ .Values.charts.memcached.version }}"
|
||||
values:
|
||||
- "values-memcached.yaml"
|
||||
- "values-memcached.gotmpl"
|
||||
installed: {{ .Values.memcached.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/postgresql/postgresql
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "postgresql"
|
||||
chart: "postgresql-repo/postgresql"
|
||||
version: "2.0.3"
|
||||
chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}"
|
||||
version: "{{ .Values.charts.postgresql.version }}"
|
||||
values:
|
||||
- "values-postgresql.yaml"
|
||||
- "values-postgresql.gotmpl"
|
||||
installed: {{ .Values.postgresql.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/mariadb/mariadb
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "mariadb"
|
||||
chart: "mariadb-repo/mariadb"
|
||||
version: "2.1.1"
|
||||
chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}"
|
||||
version: "{{ .Values.charts.mariadb.version }}"
|
||||
values:
|
||||
- "values-mariadb.yaml"
|
||||
- "values-mariadb.gotmpl"
|
||||
installed: {{ .Values.mariadb.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/postfix/postfix
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "postfix"
|
||||
chart: "postfix-repo/postfix"
|
||||
version: "2.0.4"
|
||||
chart: "postfix-repo/{{ .Values.charts.postfix.name }}"
|
||||
version: "{{ .Values.charts.postfix.version }}"
|
||||
values:
|
||||
- "values-postfix.yaml"
|
||||
- "values-postfix.gotmpl"
|
||||
installed: {{ .Values.postfix.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/clamav/opendesk-clamav
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "clamav"
|
||||
chart: "clamav-repo/opendesk-clamav"
|
||||
version: "4.0.0"
|
||||
chart: "clamav-repo/{{ .Values.charts.clamav.name }}"
|
||||
version: "{{ .Values.charts.clamav.version }}"
|
||||
values:
|
||||
- "values-clamav-distributed.yaml"
|
||||
- "values-clamav-distributed.gotmpl"
|
||||
installed: {{ .Values.clamavDistributed.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/clamav/clamav-simple
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "clamav-simple"
|
||||
chart: "clamav-repo/clamav-simple"
|
||||
version: "4.0.0"
|
||||
chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}"
|
||||
version: "{{ .Values.charts.clamavSimple.version }}"
|
||||
values:
|
||||
- "values-clamav-simple.yaml"
|
||||
- "values-clamav-simple.gotmpl"
|
||||
installed: {{ .Values.clamavSimple.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/istio-ressources/istio-gateway
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "opendesk-gateway"
|
||||
chart: "istio-resources-repo/istio-gateway"
|
||||
version: "2.0.0"
|
||||
chart: "istio-resources-repo/{{ .Values.charts.istioResources.name }}"
|
||||
version: "{{ .Values.charts.istioResources.version }}"
|
||||
values:
|
||||
- "values-istio-gateway.yaml"
|
||||
- "values-istio-gateway.gotmpl"
|
||||
installed: {{ .Values.istio.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/minio
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
- name: "minio"
|
||||
chart: "bitnami-repo/minio"
|
||||
version: "12.8.19"
|
||||
chart: "minio-repo/{{ .Values.charts.minio.name }}"
|
||||
version: "{{ .Values.charts.minio.version }}"
|
||||
values:
|
||||
- "values-minio.yaml"
|
||||
- "values-minio.gotmpl"
|
||||
|
||||
@@ -8,6 +8,9 @@ global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
|
||||
image:
|
||||
repository: {{ .Values.images.mariadb.repository | quote }}
|
||||
tag: {{ .Values.images.mariadb.tag | quote }}
|
||||
|
||||
@@ -42,8 +42,6 @@ apps:
|
||||
enabled: {{ .Values.postgresql.enabled }}
|
||||
redis:
|
||||
enabled: {{ .Values.redis.enabled }}
|
||||
univentionCorporateServer:
|
||||
enabled: {{ .Values.univentionCorporateServer.enabled }}
|
||||
univentionManagementStack:
|
||||
enabled: {{ .Values.univentionManagementStack.enabled }}
|
||||
xwiki:
|
||||
|
||||
@@ -24,7 +24,9 @@ job:
|
||||
- username: "matrix_user"
|
||||
password: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
||||
- username: "notificationsapi_user"
|
||||
password: {{ .Values.secrets.postgresql.notificationsApiUser | quote }}
|
||||
password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
||||
- username: "selfservice_user"
|
||||
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
||||
databases:
|
||||
- name: "keycloak"
|
||||
user: "keycloak_user"
|
||||
@@ -37,6 +39,8 @@ job:
|
||||
additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0"
|
||||
- name: "notificationsapi"
|
||||
user: "notificationsapi_user"
|
||||
- name: "selfservice"
|
||||
user: "selfservice_user"
|
||||
|
||||
persistence:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk Univention Corporate Server (as eval Container)
|
||||
- name: "univention-corporate-container-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/univention-corporate-container" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "univention-corporate-container"
|
||||
chart: "univention-corporate-container-repo/univention-corporate-container"
|
||||
version: "1.0.10"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
installed: {{ .Values.univentionCorporateServer.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "univention-corporate-container"
|
||||
...
|
||||
@@ -1,68 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: {{ .Values.global.domain | quote }}
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
repository: {{ .Values.images.univentionCorporateServer.repository | quote }}
|
||||
tag: {{ .Values.images.univentionCorporateServer.tag | quote }}
|
||||
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
||||
tls:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
persistence:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
size: {{ .Values.persistence.size.univentionCorporateServer | quote }}
|
||||
|
||||
extraEnvVars:
|
||||
- name: ISTIO_DOMAIN
|
||||
value: {{ .Values.istio.domain | quote }}
|
||||
- name: CENTRALNAVIGATION_API_SECRET
|
||||
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
- name: LDAPSEARCH_OX_USERNAME
|
||||
value: "ldapsearch_ox"
|
||||
- name: LDAPSEARCH_OX_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
- name: LDAPSEARCH_DOVECOT_USERNAME
|
||||
value: "ldapsearch_dovecot"
|
||||
- name: LDAPSEARCH_DOVECOT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
- name: LDAPSEARCH_KEYCLOAK_USERNAME
|
||||
value: "ldapsearch_keycloak"
|
||||
- name: LDAPSEARCH_KEYCLOAK_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
|
||||
- name: LDAPSEARCH_NEXTCLOUD_USERNAME
|
||||
value: "ldapsearch_nextcloud"
|
||||
- name: LDAPSEARCH_NEXTCLOUD_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
||||
- name: LDAPSEARCH_OPENPROJECT_USERNAME
|
||||
value: "ldapsearch_openproject"
|
||||
- name: LDAPSEARCH_OPENPROJECT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
|
||||
- name: LDAPSEARCH_XWIKI_USERNAME
|
||||
value: "ldapsearch_xwiki"
|
||||
- name: LDAPSEARCH_XWIKI_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||
- name: DEFAULT_ACCOUNT_USER_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword | quote }}
|
||||
- name: DEFAULT_ACCOUNT_ADMIN_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.univentionCorporateServer | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -3,60 +3,107 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# Univention Management Stack
|
||||
- name: "ums-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
|
||||
- name: "ums-store-dav-repo"
|
||||
oci: {{ .Values.charts.umsStoreDav.oci }}
|
||||
username: {{ .Values.charts.umsStoreDav.username | quote }}
|
||||
password: {{ .Values.charts.umsStoreDav.password | quote }}
|
||||
url: "{{ .Values.charts.umsStoreDav.registry }}/{{ .Values.charts.umsStoreDav.repository }}"
|
||||
- name: "ums-ldap-server-repo"
|
||||
oci: {{ .Values.charts.umsLdapServer.oci }}
|
||||
username: {{ .Values.charts.umsLdapServer.username | quote }}
|
||||
password: {{ .Values.charts.umsLdapServer.password | quote }}
|
||||
url: "{{ .Values.charts.umsLdapServer.registry }}/{{ .Values.charts.umsLdapServer.repository }}"
|
||||
- name: "ums-ldap-notifier-repo"
|
||||
oci: {{ .Values.charts.umsLdapNotifier.oci }}
|
||||
username: {{ .Values.charts.umsLdapNotifier.username | quote }}
|
||||
password: {{ .Values.charts.umsLdapNotifier.password | quote }}
|
||||
url: "{{ .Values.charts.umsLdapNotifier.registry }}/{{ .Values.charts.umsLdapNotifier.repository }}"
|
||||
- name: "ums-udm-rest-api-repo"
|
||||
oci: {{ .Values.charts.umsUdmRestApi.oci }}
|
||||
username: {{ .Values.charts.umsUdmRestApi.username | quote }}
|
||||
password: {{ .Values.charts.umsUdmRestApi.password | quote }}
|
||||
url: "{{ .Values.charts.umsUdmRestApi.registry }}/{{ .Values.charts.umsUdmRestApi.repository }}"
|
||||
- name: "ums-stack-data-ums-repo"
|
||||
oci: {{ .Values.charts.umsStackDataUms.oci }}
|
||||
username: {{ .Values.charts.umsStackDataUms.username | quote }}
|
||||
password: {{ .Values.charts.umsStackDataUms.password | quote }}
|
||||
url: "{{ .Values.charts.umsStackDataUms.registry }}/{{ .Values.charts.umsStackDataUms.repository }}"
|
||||
- name: "ums-stack-data-swp-repo"
|
||||
oci: {{ .Values.charts.umsStackDataSwp.oci }}
|
||||
username: {{ .Values.charts.umsStackDataSwp.username | quote }}
|
||||
password: {{ .Values.charts.umsStackDataSwp.password | quote }}
|
||||
url: "{{ .Values.charts.umsStackDataSwp.registry }}/{{ .Values.charts.umsStackDataSwp.repository }}"
|
||||
- name: "ums-portal-server-repo"
|
||||
oci: {{ .Values.charts.umsPortalServer.oci }}
|
||||
username: {{ .Values.charts.umsPortalServer.username | quote }}
|
||||
password: {{ .Values.charts.umsPortalServer.password | quote }}
|
||||
url: "{{ .Values.charts.umsPortalServer.registry }}/{{ .Values.charts.umsPortalServer.repository }}"
|
||||
- name: "ums-notifications-api-repo"
|
||||
oci: {{ .Values.charts.umsNotificationsApi.oci }}
|
||||
username: {{ .Values.charts.umsNotificationsApi.username | quote }}
|
||||
password: {{ .Values.charts.umsNotificationsApi.password | quote }}
|
||||
url: "{{ .Values.charts.umsNotificationsApi.registry }}/{{ .Values.charts.umsNotificationsApi.repository }}"
|
||||
- name: "ums-portal-listener-repo"
|
||||
oci: {{ .Values.charts.umsPortalListener.oci }}
|
||||
username: {{ .Values.charts.umsPortalListener.username | quote }}
|
||||
password: {{ .Values.charts.umsPortalListener.password | quote }}
|
||||
url: "{{ .Values.charts.umsPortalListener.registry }}/{{ .Values.charts.umsPortalListener.repository }}"
|
||||
- name: "ums-portal-frontend-repo"
|
||||
oci: {{ .Values.charts.umsPortalFrontend.oci }}
|
||||
username: {{ .Values.charts.umsPortalFrontend.username | quote }}
|
||||
password: {{ .Values.charts.umsPortalFrontend.password | quote }}
|
||||
url: "{{ .Values.charts.umsPortalFrontend.registry }}/{{ .Values.charts.umsPortalFrontend.repository }}"
|
||||
- name: "ums-umc-gateway-repo"
|
||||
oci: {{ .Values.charts.umsUmcGateway.oci }}
|
||||
username: {{ .Values.charts.umsUmcGateway.username | quote }}
|
||||
password: {{ .Values.charts.umsUmcGateway.password | quote }}
|
||||
url: "{{ .Values.charts.umsUmcGateway.registry }}/{{ .Values.charts.umsUmcGateway.repository }}"
|
||||
- name: "ums-umc-server-repo"
|
||||
oci: {{ .Values.charts.umsUmcServer.oci }}
|
||||
username: {{ .Values.charts.umsUmcServer.username | quote }}
|
||||
password: {{ .Values.charts.umsUmcServer.password | quote }}
|
||||
url: "{{ .Values.charts.umsUmcServer.registry }}/{{ .Values.charts.umsUmcServer.repository }}"
|
||||
- name: "ums-selfservice-listener-repo"
|
||||
oci: {{ .Values.charts.umsSelfserviceListener.oci }}
|
||||
username: {{ .Values.charts.umsSelfserviceListener.username | quote }}
|
||||
password: {{ .Values.charts.umsSelfserviceListener.password | quote }}
|
||||
url: "{{ .Values.charts.umsSelfserviceListener.registry }}/{{ .Values.charts.umsSelfserviceListener.repository }}"
|
||||
|
||||
# VMWare Bitnami
|
||||
# Source: https://github.com/bitnami/charts/
|
||||
- name: "bitnami-repo"
|
||||
- name: "nginx-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
verify: {{ .Values.charts.nginx.verify }}
|
||||
username: "{{ .Values.charts.nginx.username }}"
|
||||
password: {{ .Values.charts.nginx.password | quote }}
|
||||
url: "{{ .Values.charts.nginx.registry }}/{{ .Values.charts.nginx.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/bitnami-charts/nginx
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
- name: "ums-stack-gateway"
|
||||
chart: "bitnami-repo/nginx"
|
||||
version: "15.3.5"
|
||||
chart: "nginx-repo/{{ .Values.charts.nginx.name }}"
|
||||
version: "{{ .Values.charts.nginx.version }}"
|
||||
values:
|
||||
- "values-ums-stack-gateway.gotmpl"
|
||||
- "values-ums-stack-gateway.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=store-dav
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-store-dav"
|
||||
chart: "ums-repo/store-dav"
|
||||
version: "0.5.2"
|
||||
chart: "ums-store-dav-repo/{{ .Values.charts.umsStoreDav.name }}"
|
||||
version: "{{ .Values.charts.umsStoreDav.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-store-dav.gotmpl"
|
||||
- "values-store-dav.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=ldap-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-ldap-server"
|
||||
chart: "ums-repo/ldap-server"
|
||||
version: "0.7.0"
|
||||
chart: "ums-ldap-server-repo/{{ .Values.charts.umsLdapServer.name }}"
|
||||
version: "{{ .Values.charts.umsLdapServer.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -64,14 +111,9 @@ releases:
|
||||
- "values-ldap-server.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=ldap-notifier
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-ldap-notifier"
|
||||
chart: "ums-repo/ldap-notifier"
|
||||
version: "0.7.0"
|
||||
chart: "ums-ldap-notifier-repo/{{ .Values.charts.umsLdapNotifier.name }}"
|
||||
version: "{{ .Values.charts.umsLdapNotifier.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -79,14 +121,9 @@ releases:
|
||||
- "values-ldap-notifier.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=udm-rest-api
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-udm-rest-api"
|
||||
chart: "ums-repo/udm-rest-api"
|
||||
version: "0.3.5"
|
||||
chart: "ums-udm-rest-api-repo/{{ .Values.charts.umsUdmRestApi.name }}"
|
||||
version: "{{ .Values.charts.umsUdmRestApi.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -94,14 +131,9 @@ releases:
|
||||
- "values-udm-rest-api.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=stack-data-ums
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-stack-data-ums"
|
||||
chart: "ums-repo/stack-data-ums"
|
||||
version: "0.37.0"
|
||||
chart: "ums-stack-data-ums-repo/{{ .Values.charts.umsStackDataUms.name }}"
|
||||
version: "{{ .Values.charts.umsStackDataUms.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -109,14 +141,9 @@ releases:
|
||||
- "values-stack-data-ums.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=stack-data-swp
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-stack-data-swp"
|
||||
chart: "ums-repo/stack-data-swp"
|
||||
version: "0.37.0"
|
||||
chart: "ums-stack-data-swp-repo/{{ .Values.charts.umsStackDataSwp.name }}"
|
||||
version: "{{ .Values.charts.umsStackDataSwp.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -124,14 +151,9 @@ releases:
|
||||
- "values-stack-data-swp.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-portal-server"
|
||||
chart: "ums-repo/portal-server"
|
||||
version: "0.5.0"
|
||||
chart: "ums-portal-server-repo/{{ .Values.charts.umsPortalServer.name }}"
|
||||
version: "{{ .Values.charts.umsPortalServer.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -139,14 +161,9 @@ releases:
|
||||
- "values-portal-server.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=notifications-api
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-notifications-api"
|
||||
chart: "ums-repo/notifications-api"
|
||||
version: "0.5.0"
|
||||
chart: "ums-notifications-api-repo/{{ .Values.charts.umsNotificationsApi.name }}"
|
||||
version: "{{ .Values.charts.umsNotificationsApi.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -154,14 +171,9 @@ releases:
|
||||
- "values-notifications-api.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-listener
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-portal-listener"
|
||||
chart: "ums-repo/portal-listener"
|
||||
version: "0.5.0"
|
||||
chart: "ums-portal-listener-repo/{{ .Values.charts.umsPortalListener.name }}"
|
||||
version: "{{ .Values.charts.umsPortalListener.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -169,14 +181,9 @@ releases:
|
||||
- "values-portal-listener.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-frontend
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-portal-frontend"
|
||||
chart: "ums-repo/portal-frontend"
|
||||
version: "0.5.0"
|
||||
chart: "ums-portal-frontend-repo/{{ .Values.charts.umsPortalFrontend.name }}"
|
||||
version: "{{ .Values.charts.umsPortalFrontend.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -184,14 +191,9 @@ releases:
|
||||
- "values-portal-frontend.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=umc-gateway
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-umc-gateway"
|
||||
chart: "ums-repo/umc-gateway"
|
||||
version: "0.6.1"
|
||||
chart: "ums-umc-gateway-repo/{{ .Values.charts.umsUmcGateway.name }}"
|
||||
version: "{{ .Values.charts.umsUmcGateway.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -199,14 +201,9 @@ releases:
|
||||
- "values-umc-gateway.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=umc-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "ums-umc-server"
|
||||
chart: "ums-repo/umc-server"
|
||||
version: "0.6.1"
|
||||
chart: "ums-umc-server-repo/{{ .Values.charts.umsUmcServer.name }}"
|
||||
version: "{{ .Values.charts.umsUmcServer.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -214,6 +211,16 @@ releases:
|
||||
- "values-umc-server.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
- name: "ums-selfservice-listener"
|
||||
chart: "ums-selfservice-listener-repo/{{ .Values.charts.umsSelfserviceListener.name }}"
|
||||
version: "{{ .Values.charts.umsSelfserviceListener.version }}"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
- "values-selfservice-listener.gotmpl"
|
||||
- "values-selfservice-listener.yaml"
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "univention-management-stack"
|
||||
|
||||
@@ -7,4 +7,12 @@ volumes:
|
||||
shared-data: "shared-data-ums-ldap-server-0"
|
||||
shared-run: "shared-run-ums-ldap-server-0"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -30,4 +30,25 @@ extraVolumeMounts:
|
||||
mountPath: "/var/lib/univention-ldap-local/local-schema/opendeskProjectmanagement.schema"
|
||||
subPath: "opendeskProjectmanagement.schema"
|
||||
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
|
||||
postgresql:
|
||||
bundled: false
|
||||
connection:
|
||||
host: {{ .Values.databases.notificationsApi.host | quote }}
|
||||
port: {{ .Values.databases.notificationsApi.port | quote }}
|
||||
host: {{ .Values.databases.umsNotificationsApi.host | quote }}
|
||||
port: {{ .Values.databases.umsNotificationsApi.port | quote }}
|
||||
auth:
|
||||
username: {{ .Values.databases.notificationsApi.username | quote }}
|
||||
database: {{ .Values.databases.notificationsApi.name | quote }}
|
||||
password: {{ .Values.databases.notificationsApi.password | default .Values.secrets.postgresql.notificationsApiUser | quote }}
|
||||
username: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
||||
database: {{ .Values.databases.umsNotificationsApi.name | quote }}
|
||||
password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry }}
|
||||
|
||||
@@ -9,4 +9,12 @@ notificationsapi:
|
||||
sql_echo: "False"
|
||||
api_prefix: "/univention/portal/notifications-api"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -70,4 +70,24 @@ extraVolumeMounts:
|
||||
mountPath: "/var/www/html/custom/portal_background_image.svg"
|
||||
subPath: "portal_background_image.svg"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
portalListener:
|
||||
adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }}
|
||||
assetsRoot: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-assets/" | quote }}
|
||||
ucsInternalUrl: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-data/" | quote }}
|
||||
ucsInternalUrl: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-data" | quote }}
|
||||
|
||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||
ldapHost: {{ .Values.ldap.host | quote }}
|
||||
|
||||
@@ -13,4 +13,24 @@ portalListener:
|
||||
store-dav:
|
||||
bundled: false
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -11,4 +11,24 @@ portalServer:
|
||||
centralNavigation:
|
||||
enabled: true
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -0,0 +1,48 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
selfserviceListener:
|
||||
|
||||
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
|
||||
ldapHost: {{ .Values.ldap.host | quote }}
|
||||
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
|
||||
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
notifierServer: {{ .Values.ldap.notifierHost | quote }}
|
||||
umcAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
|
||||
|
||||
image:
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
pullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
||||
selfserviceListener:
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
repository: {{ .Values.images.umsSelfserviceListener.repository | quote }}
|
||||
tag: {{ .Values.images.umsSelfserviceListener.tag | quote }}
|
||||
|
||||
selfserviceInvitation:
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }}
|
||||
tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }}
|
||||
|
||||
waitForDependency:
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
|
||||
|
||||
persistence:
|
||||
storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
size: {{ .Values.persistence.size.univentionManagementStack.selfserviceListener | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.umsSelfserviceListener | toYaml | nindent 2 }}
|
||||
|
||||
resourcesDependencyWaiter:
|
||||
{{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,31 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
|
||||
selfserviceListener:
|
||||
debugLevel: "4"
|
||||
tlsMode: "off"
|
||||
umcServerUrl: "http://ums-umc-server"
|
||||
umcAdminUser: "default.admin"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
@@ -8,7 +8,7 @@ stackDataSwp:
|
||||
|
||||
stackDataContext:
|
||||
ldapSearchUsers:
|
||||
{{- range $username, $password := .Values.secrets.univentionCorporateServer.ldapSearch }}
|
||||
{{- range $username, $password := .Values.secrets.univentionManagementStack.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
||||
password: {{ $password | quote }}
|
||||
lastname: "LDAP-Search-User"
|
||||
@@ -23,6 +23,8 @@ stackDataContext:
|
||||
portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain | quote }}
|
||||
portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain | quote }}
|
||||
portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain | quote }}
|
||||
portalTitleDE: "{{ .Values.theme.texts.productName }} Portal"
|
||||
portalTitleEN: "{{ .Values.theme.texts.productName }} Portal"
|
||||
|
||||
smtpHost: {{ .Values.smtp.host | quote }}
|
||||
smtpPort: {{ .Values.smtp.port | quote }}
|
||||
|
||||
@@ -8,9 +8,18 @@ stackDataSwp:
|
||||
|
||||
stackDataContext:
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
oxDefaultContext: "10"
|
||||
oxDefaultContext: "1"
|
||||
smtpStartTls: true
|
||||
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-stack-data-swp"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -14,4 +14,13 @@ stackDataContext:
|
||||
|
||||
additionalAnnotations:
|
||||
intents.otterize.com/service-name: "ums-stack-data-ums"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
@@ -18,4 +18,24 @@ extraVolumeMounts:
|
||||
mountPath: "/usr/share/attribute-to-group-mapper/flag_to_group_mapping.json"
|
||||
subPath: "flag_to_group_mapping.json"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -20,4 +20,25 @@ extraVolumeMounts:
|
||||
"/usr/share/univention-management-console-frontend/js/dijit/themes\
|
||||
/umc/icons/16x16/udm-portals-announcement.png"
|
||||
subPath: "udm-portals-announcement.png"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -11,6 +11,19 @@ umcServer:
|
||||
|
||||
smtpSecret: {{ .Values.smtp.password | quote }}
|
||||
|
||||
postgresql:
|
||||
connection:
|
||||
host: {{ .Values.databases.umsSelfservice.host | quote }}
|
||||
port: {{ .Values.databases.umsSelfservice.port | quote }}
|
||||
auth:
|
||||
username: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||
database: {{ .Values.databases.umsSelfservice.name | quote }}
|
||||
password: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
||||
postgresPassword: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
||||
|
||||
memcached:
|
||||
server: {{ .Values.cache.umsSelfservice.host | quote }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
repository: {{ .Values.images.umsUmcServer.repository | quote }}
|
||||
|
||||
@@ -43,11 +43,33 @@ extraVolumeMounts:
|
||||
mountPath: "/usr/share/univention-management-console/modules/udm-portals-announcement.xml"
|
||||
subPath: "udm-portals-announcement.xml"
|
||||
|
||||
postgresql:
|
||||
bundled: false
|
||||
|
||||
memcached:
|
||||
bundled: false
|
||||
server: "memcached"
|
||||
auth:
|
||||
username: null
|
||||
password: null
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "NET_RAW"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -10,3 +10,4 @@ ingress:
|
||||
- hosts:
|
||||
- {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
...
|
||||
|
||||
@@ -2,11 +2,18 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
ingress:
|
||||
annotations:
|
||||
# Ensure that the ingress controller can handle responses with plenty of
|
||||
# headers. This is a requirement from the UDM Rest API.
|
||||
nginx.org/proxy-buffer-size: "64k"
|
||||
nginx.org/proxy-buffers: "4 128k"
|
||||
tls: false
|
||||
|
||||
service:
|
||||
type: "ClusterIP"
|
||||
|
||||
fullnameOverride: "ums-stack-gateway"
|
||||
|
||||
# The content of the "serverBlock" does resemble the Ingress configuration of
|
||||
# the UMS components. The "location" entries do intentionally reflect precisely
|
||||
# the respective paths which are configured.
|
||||
@@ -14,8 +21,18 @@ serverBlock: |
|
||||
server {
|
||||
listen 8080;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
|
||||
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
|
||||
## portal-frontend
|
||||
# The frontend does not own "/univention/portal", only these two bits
|
||||
# The frontend does not own "/univention/portal" nor
|
||||
# "/univention/selfservice", only these two bits
|
||||
location = /univention/portal/ {
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80/;
|
||||
@@ -24,6 +41,10 @@ serverBlock: |
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80/;
|
||||
}
|
||||
location = /univention/selfservice/ {
|
||||
rewrite ^/univention/selfservice(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80/;
|
||||
}
|
||||
|
||||
# The following prefixes are owned by the frontend
|
||||
location /univention/portal/css/ {
|
||||
@@ -50,6 +71,30 @@ serverBlock: |
|
||||
rewrite ^/univention/portal(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/selfservice/css/ {
|
||||
rewrite ^/univention/selfservice(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/selfservice/fonts/ {
|
||||
rewrite ^/univention/selfservice(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/selfservice/i18n/ {
|
||||
rewrite ^/univention/selfservice(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/selfservice/media/ {
|
||||
rewrite ^/univention/selfservice(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/selfservice/js/ {
|
||||
rewrite ^/univention/selfservice(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
location /univention/selfservice/oidc/ {
|
||||
rewrite ^/univention/selfservice(/.*)$ $1 break;
|
||||
proxy_pass http://ums-portal-frontend:80;
|
||||
}
|
||||
|
||||
|
||||
## frontend redirects
|
||||
@@ -69,12 +114,19 @@ serverBlock: |
|
||||
absolute_redirect off;
|
||||
return 302 /univention/portal/;
|
||||
}
|
||||
location = /univention/selfservice {
|
||||
absolute_redirect off;
|
||||
return 302 /univention/selfservice/;
|
||||
}
|
||||
|
||||
|
||||
## portal-server
|
||||
location = /univention/portal/portal.json {
|
||||
proxy_pass http://ums-portal-server:80;
|
||||
}
|
||||
location = /univention/selfservice/portal.json {
|
||||
proxy_pass http://ums-portal-server:80;
|
||||
}
|
||||
location = /univention/portal/navigation.json {
|
||||
proxy_pass http://ums-portal-server:80;
|
||||
}
|
||||
@@ -89,13 +141,25 @@ serverBlock: |
|
||||
rewrite ^/univention/portal(/icons/logos/.*)$ /portal-assets$1 break;
|
||||
proxy_pass http://ums-store-dav:80;
|
||||
}
|
||||
location /univention/selfservice/icons/entries/ {
|
||||
rewrite ^/univention/selfservice(/icons/entries/.*)$ /portal-assets$1 break;
|
||||
proxy_pass http://ums-store-dav:80;
|
||||
}
|
||||
location /univention/selfservice/icons/logos/ {
|
||||
rewrite ^/univention/selfservice(/icons/logos/.*)$ /portal-assets$1 break;
|
||||
proxy_pass http://ums-store-dav:80;
|
||||
}
|
||||
|
||||
|
||||
## udm-rest-api
|
||||
location /univention/udm/ {
|
||||
# The UDM Rest API does return on some endpoints a lot of headers
|
||||
proxy_busy_buffers_size 128k;
|
||||
proxy_buffers 4 128k;
|
||||
proxy_buffer_size 64k;
|
||||
|
||||
rewrite ^/univention(/udm/.*)$ $1 break;
|
||||
proxy_pass http://ums-udm-rest-api:80;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
}
|
||||
|
||||
|
||||
@@ -128,27 +192,27 @@ serverBlock: |
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/logout/ {
|
||||
location /univention/logout {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/saml/ {
|
||||
location /univention/saml {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/get/ {
|
||||
location /univention/get {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/set/ {
|
||||
location /univention/set {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/command/ {
|
||||
location /univention/command {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
location /univention/upload/ {
|
||||
location /univention/upload {
|
||||
rewrite ^/univention(/.*)$ $1 break;
|
||||
proxy_pass http://ums-umc-server:80;
|
||||
}
|
||||
@@ -174,4 +238,21 @@ serverBlock: |
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
|
||||
@@ -3,25 +3,20 @@
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# XWiki
|
||||
# Source: https://github.com/xwiki-contrib/xwiki-helm
|
||||
- name: "xwiki-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
default "https://xwiki-contrib.github.io/xwiki-helm" }}
|
||||
oci: {{ .Values.charts.xwiki.oci }}
|
||||
username: {{ .Values.charts.xwiki.username | quote }}
|
||||
password: {{ .Values.charts.xwiki.password | quote }}
|
||||
url: "{{ .Values.charts.xwiki.registry }}/{{ .Values.charts.xwiki.repository }}"
|
||||
|
||||
releases:
|
||||
# renovate:
|
||||
# registryUrl=https://xwiki-contrib.github.io/xwiki-helm
|
||||
# packageName=xwiki
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
- name: "xwiki"
|
||||
chart: "xwiki-repo/xwiki"
|
||||
version: "1.2.3"
|
||||
chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}"
|
||||
version: "{{ .Values.charts.xwiki.version }}"
|
||||
wait: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
|
||||
@@ -22,7 +22,7 @@ customConfigs:
|
||||
xwiki.authentication.ldap.port: 389
|
||||
## Authentication to the LDAP server
|
||||
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
|
||||
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionManagementStack.ldapSearch.xwiki | quote }}
|
||||
## Base DN used for searching for users
|
||||
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||
## Allow short update cycles of the LDAP group cache
|
||||
@@ -35,8 +35,8 @@ customConfigs:
|
||||
"oidc.endpoint.logout": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout"
|
||||
"oidc.secret": {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
|
||||
"url.trustedDomains": "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
"workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
|
||||
"workplaceServices.base": "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
"workplaceServices.navigationEndpoint": "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
|
||||
"workplaceServices.base": "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
"workplaceServices.portalSecret": {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
|
||||
properties:
|
||||
|
||||
@@ -3,9 +3,8 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
## Define LDAP service (supports "ums_eval" from the CI pipeline)
|
||||
ldap:
|
||||
host: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-server" {{ else }} "univention-corporate-container" {{ end }}
|
||||
notifierHost: {{ if eq (env "DEPLOY_UCS") "ums-eval" }} "ums-ldap-notifier" {{ else }} "univention-corporate-container" {{ end }}
|
||||
host: "ums-ldap-server"
|
||||
notifierHost: "ums-ldap-notifier"
|
||||
baseDn: "dc=swp-ldap,dc=internal"
|
||||
...
|
||||
|
||||
@@ -13,4 +13,7 @@ cache:
|
||||
openproject:
|
||||
host: "memcached"
|
||||
port: 11211
|
||||
umsSelfservice:
|
||||
host: "memcached"
|
||||
port: 11211
|
||||
...
|
||||
|
||||
764
helmfile/environments/default/charts.yaml
Normal file
764
helmfile/environments/default/charts.yaml
Normal file
@@ -0,0 +1,764 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
charts:
|
||||
certificates:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates"
|
||||
name: "opendesk-certificates"
|
||||
oci: true
|
||||
version: "2.1.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
clamav:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/clamav/opendesk-clamav
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/clamav"
|
||||
name: "opendesk-clamav"
|
||||
oci: true
|
||||
version: "4.0.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
clamavSimple:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/clamav/clamav-simple
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/clamav"
|
||||
name: "clamav-simple"
|
||||
version: "4.0.0"
|
||||
oci: true
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
collabora:
|
||||
# renovate:
|
||||
# registryUrl=https://collaboraonline.github.io/online
|
||||
# packageName=collabora-online
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://collaboraonline.github.io"
|
||||
repository: "online"
|
||||
name: "collabora-online"
|
||||
oci: false
|
||||
version: "1.0.2"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
cryptpad:
|
||||
# renovate:
|
||||
# registryUrl=https://cryptpad.github.io/helm
|
||||
# packageName=cryptpad
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://cryptpad.github.io"
|
||||
repository: "helm"
|
||||
name: "cryptpad"
|
||||
oci: false
|
||||
version: "0.0.14"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
dovecot:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/dovecot/dovecot
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/dovecot"
|
||||
name: "dovecot"
|
||||
oci: true
|
||||
version: "1.3.6"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
element:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
|
||||
name: "opendesk-element"
|
||||
oci: true
|
||||
version: "2.6.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
elementWellKnown:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
|
||||
name: "opendesk-well-known"
|
||||
oci: true
|
||||
version: "2.6.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
intercomService:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/intercom-service/intercom-service
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/intercom-service"
|
||||
name: "intercom-service"
|
||||
oci: true
|
||||
version: "2.0.1"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
istioResources:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/istio-ressources/istio-gateway
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/istio-ressources"
|
||||
name: "istio-gateway"
|
||||
oci: true
|
||||
version: "2.0.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
jitsi:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi"
|
||||
name: "sovereign-workplace-jitsi"
|
||||
oci: true
|
||||
version: "1.7.2"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
keycloak:
|
||||
# renovate:
|
||||
# registryUrl=https://registry-1.docker.io
|
||||
# packageName=bitnamicharts/keycloak
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
|
||||
name: "keycloak"
|
||||
oci: true
|
||||
version: "12.1.5"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
keycloakBootstrap:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap"
|
||||
name: "sovereign-workplace-keycloak-bootstrap"
|
||||
oci: true
|
||||
version: "1.1.12"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
keycloakExtensions:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable
|
||||
# packageName=keycloak-extensions
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/77/packages/helm/stable"
|
||||
name: "keycloak-extensions"
|
||||
oci: false
|
||||
version: "0.1.0"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
keycloakTheme:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/keycloak-theme"
|
||||
name: "opendesk-keycloak-theme"
|
||||
oci: true
|
||||
version: "2.0.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
mariadb:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.opencode.de
|
||||
# packageName=bmi/opendesk/components/charts/opendesk-mariadb/mariadb
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/charts/opendesk-mariadb"
|
||||
name: "mariadb"
|
||||
oci: true
|
||||
version: "2.2.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
matrixNeoboardWidget:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
|
||||
name: "matrix-neoboard-widget"
|
||||
oci: true
|
||||
version: "3.3.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
matrixNeochoiseWidget:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
|
||||
name: "matrix-neochoice-widget"
|
||||
oci: true
|
||||
version: "3.3.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
matrixNeodatefixBot:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
|
||||
name: "matrix-neodatefix-bot"
|
||||
oci: true
|
||||
version: "3.3.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
matrixNeodatefixWidget:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
|
||||
name: "matrix-neodatefix-widget"
|
||||
oci: true
|
||||
version: "3.3.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
matrixUserVerificationService:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
|
||||
name: "opendesk-matrix-user-verification-service"
|
||||
oci: true
|
||||
version: "2.6.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
memcached:
|
||||
# renovate:
|
||||
# registryUrl=https://registry-1.docker.io
|
||||
# packageName=bitnamicharts/memcached
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
|
||||
name: "memcached"
|
||||
oci: true
|
||||
version: "6.6.2"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
minio:
|
||||
# renovate:
|
||||
# registryUrl=https://registry-1.docker.io
|
||||
# packageName=bitnamicharts/minio
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
|
||||
name: "minio"
|
||||
oci: true
|
||||
version: "12.8.19"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
nextcloud:
|
||||
# renovate:
|
||||
# registryUrl=https://nextcloud.github.io/helm
|
||||
# packageName=nextcloud
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://nextcloud.github.io"
|
||||
repository: "helm"
|
||||
oci: false
|
||||
name: "nextcloud"
|
||||
version: "3.5.19"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
nextcloudBootstrap:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap"
|
||||
name: "opendesk-nextcloud-bootstrap"
|
||||
oci: true
|
||||
version: "3.2.6"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
nginx:
|
||||
# renovate:
|
||||
# registryUrl=https://registry-1.docker.io
|
||||
# packageName=bitnamicharts/nginx
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
|
||||
name: "nginx"
|
||||
oci: true
|
||||
version: "15.3.5"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
openproject:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# packageName=opf/helm-charts/openproject
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/opf/helm-charts"
|
||||
name: "openproject"
|
||||
oci: true
|
||||
version: "3.0.2"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
openprojectBootstrap:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap"
|
||||
name: "opendesk-openproject-bootstrap"
|
||||
oci: true
|
||||
version: "1.2.1"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
openXchangeAppSuite:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# packageName=appsuite-public-sector/charts/appsuite-public-sector
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/appsuite-public-sector/charts"
|
||||
name: "appsuite-public-sector"
|
||||
oci: true
|
||||
version: "2.2.34"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
openXchangeAppSuiteBootstrap:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap"
|
||||
name: "sovereign-workplace-open-xchange-bootstrap"
|
||||
oci: true
|
||||
version: "1.3.1"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
otterize:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/opendesk-otterize"
|
||||
name: "opendesk-otterize"
|
||||
oci: true
|
||||
version: "1.1.6"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
oxConnector:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable
|
||||
# packageName=ox-connector
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/128/packages/helm/stable"
|
||||
name: "ox-connector"
|
||||
oci: false
|
||||
version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
postfix:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/postfix/postfix
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/postfix"
|
||||
name: "postfix"
|
||||
oci: true
|
||||
version: "2.0.4"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
postgresql:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/postgresql/postgresql
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/postgresql"
|
||||
name: "postgresql"
|
||||
oci: true
|
||||
version: "2.0.3"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
redis:
|
||||
# renovate:
|
||||
# registryUrl=https://registry-1.docker.io
|
||||
# packageName=bitnamicharts/redis
|
||||
# dataSource=docker
|
||||
# dependencyType=service
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
|
||||
name: "redis"
|
||||
oci: true
|
||||
version: "18.1.2"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
synapse:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
|
||||
name: "opendesk-synapse"
|
||||
oci: true
|
||||
version: "2.6.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
synapseCreateAccount:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
|
||||
name: "opendesk-synapse-create-account"
|
||||
oci: true
|
||||
version: "2.6.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
synapseWeb:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web
|
||||
# dataSource=docker
|
||||
# dependencyType=vendor
|
||||
registry: "external-registry.souvap-univention.de"
|
||||
repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
|
||||
name: "opendesk-synapse-web"
|
||||
oci: true
|
||||
version: "2.6.0"
|
||||
verify: true
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsLdapNotifier:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=ldap-notifier
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "ldap-notifier"
|
||||
oci: false
|
||||
version: "0.7.0"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsLdapServer:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=ldap-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "ldap-server"
|
||||
oci: false
|
||||
version: "0.7.0"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsNotificationsApi:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=notifications-api
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "notifications-api"
|
||||
oci: false
|
||||
version: "0.9.1"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsPortalFrontend:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-frontend
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "portal-frontend"
|
||||
oci: false
|
||||
version: "0.9.1"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsPortalListener:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-listener
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "portal-listener"
|
||||
oci: false
|
||||
version: "0.9.1"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsPortalServer:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=portal-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "portal-server"
|
||||
oci: false
|
||||
version: "0.9.1"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsSelfserviceListener:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=umc-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "selfservice-listener"
|
||||
oci: false
|
||||
version: "0.2.0"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsStackDataSwp:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=stack-data-swp
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "stack-data-swp"
|
||||
oci: false
|
||||
version: "0.39.3"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsStackDataUms:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=stack-data-ums
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "stack-data-ums"
|
||||
oci: false
|
||||
version: "0.39.3"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsStoreDav:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=store-dav
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "store-dav"
|
||||
oci: false
|
||||
version: "0.9.1"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsUdmRestApi:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=udm-rest-api
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "udm-rest-api"
|
||||
oci: false
|
||||
version: "0.4.1"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsUmcGateway:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=umc-gateway
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "umc-gateway"
|
||||
oci: false
|
||||
version: "0.6.2"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
umsUmcServer:
|
||||
# renovate:
|
||||
# registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
|
||||
# packageName=umc-server
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://gitlab.souvap-univention.de"
|
||||
repository: "api/v4/projects/155/packages/helm/stable"
|
||||
name: "umc-server"
|
||||
oci: false
|
||||
version: "0.6.2"
|
||||
username: ~
|
||||
password: ~
|
||||
|
||||
xwiki:
|
||||
# renovate:
|
||||
# registryUrl=https://xwiki-contrib.github.io/xwiki-helm
|
||||
# packageName=xwiki
|
||||
# dataSource=helm
|
||||
# dependencyType=vendor
|
||||
registry: "https://xwiki-contrib.github.io"
|
||||
repository: "xwiki-helm"
|
||||
oci: false
|
||||
name: "xwiki"
|
||||
version: "1.2.3"
|
||||
username: ~
|
||||
password: ~
|
||||
...
|
||||
@@ -19,12 +19,6 @@ databases:
|
||||
host: "mariadb"
|
||||
username: "nextcloud_user"
|
||||
password: ""
|
||||
notificationsApi:
|
||||
name: "notificationsapi"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "notificationsapi_user"
|
||||
password: ""
|
||||
openproject:
|
||||
name: "openproject"
|
||||
host: "postgresql"
|
||||
@@ -42,6 +36,18 @@ databases:
|
||||
username: "matrix_user"
|
||||
password: ""
|
||||
port: 5432
|
||||
umsNotificationsApi:
|
||||
name: "notificationsapi"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "notificationsapi_user"
|
||||
password: ""
|
||||
umsSelfservice:
|
||||
name: "selfservice"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "selfservice_user"
|
||||
password: ""
|
||||
xwiki:
|
||||
name: "xwiki"
|
||||
host: "mariadb"
|
||||
|
||||
@@ -26,7 +26,6 @@ global:
|
||||
openxchange: "webmail"
|
||||
openxchangeProvisioning: "ox-provisioning"
|
||||
synapse: "matrix"
|
||||
univentionCorporateServer: "portal"
|
||||
univentionManagementStack: "portal"
|
||||
whiteboard: "whiteboard"
|
||||
xwiki: "wiki"
|
||||
|
||||
@@ -35,7 +35,7 @@ images:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
tag: "1.6.0@sha256:a71cbd75ee88471e3df59f26a2a37b9b8ff83d2f71f726053acd381ecd87e234"
|
||||
tag: "1.7.0@sha256:b8b59aff8ed3eb07dc22cec123a2d04acaf435f5637148698183773a695444c2"
|
||||
# @supplier: "Element"
|
||||
freshclam:
|
||||
# renovate:
|
||||
@@ -149,21 +149,21 @@ images:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/matrix-neoboard-widget"
|
||||
tag: "1.0.0@sha256:584b9c18ea3dfd4b7f1e73f3e114bc1dcd5731b400a8d037576bf2a797c8b086"
|
||||
tag: "1.4.0@sha256:da04d6c3c3e07ec1fcb6ecec245adc48897f107a2ab84c39d8924de951744d9f"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoChoiceWidget:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/matrix-poll-widget"
|
||||
tag: "1.3.0@sha256:19d2c8c7a15fe7d12c4a83a89310831da12323fd45ff0280cce808f1be0c7e0b"
|
||||
tag: "1.3.1@sha256:ba7a0bcbcf278df523cef8d230dc44f31ef86f8aefe6dbea7d832b7234ff5c7a"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixBot:
|
||||
# renovate:
|
||||
# registryUrl=https://ghcr.io
|
||||
# dependencyType=vendor
|
||||
repository: "nordeck/matrix-meetings-bot"
|
||||
tag: "2.4.2@sha256:f5b3362560255470076f3e6c95a0dd93a8f781398afb992c1e1212764fa87297"
|
||||
tag: "2.5.0@sha256:6ea92f7e48cd71ce2c552cb5222a1d4b3696136e61045bce8456bc52ce02b9c8"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixWidget:
|
||||
# renovate:
|
||||
@@ -205,7 +205,7 @@ images:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "nextcloud"
|
||||
tag: "27.1.3-apache@sha256:ec46e99164ee7fa5d49e84784833e022be47f9f54f401bcb5a2d789f8c0bc149"
|
||||
tag: "27.1.4-apache@sha256:bd277bec9a8cf7cc009865e15410c05e0f66ccb6269ed96841cc95dd37c214fe"
|
||||
# @supplier: "Nextcloud Community"
|
||||
nextcloudExporter:
|
||||
# renovate:
|
||||
@@ -219,7 +219,7 @@ images:
|
||||
# registryUrl=https://docker.io
|
||||
# dependencyType=vendor
|
||||
repository: "openproject/open_desk"
|
||||
tag: "dev@sha256:3c9d110c0221621530a431b5899ba16956db8253f491a55a220ec642473cb61f"
|
||||
tag: "release-13.1@sha256:b1e6d55d913bb2dfc34caae364c54ff524c0676a74da1c036d0e64557ef42795"
|
||||
# @supplier: "OpenProject"
|
||||
openprojectInitDb:
|
||||
# renovate:
|
||||
@@ -254,14 +254,14 @@ images:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/middleware-public-sector"
|
||||
tag: "8.19.33@sha256:369c44369d727e4172f10c25137dbb00d936d20dd844cdca3a34f7f31273ea05"
|
||||
tag: "8.20.51@sha256:4a9cc9d6745b09a9ace2475fbbacfeff2ca66db02b6314eb8e035f28e28574a8"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUI:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/core-ui"
|
||||
tag: "8.19.0@sha256:7fdd73f78fd7094f2968f6fcaaae175e60824f9ef68f9e7e70418de6a2b623e9"
|
||||
tag: "8.20.1@sha256:a8bdf83b1179ca9126bcd4e5301b818aafec5e8ac6ff25914603d74a137b65dc"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeCoreUIMiddleware:
|
||||
# renovate:
|
||||
@@ -275,14 +275,14 @@ images:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/core-user-guide"
|
||||
tag: "8.19.771856@sha256:e00ed8f94c3c42cd288dd03f7fb18d228eb516b5e5ebd318825289b1c4ed17ab"
|
||||
tag: "8.20.799279@sha256:075c917a7e5ebfe57c07c3c21485ee672554616252d5c57f829f443ca987e75b"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeDocumentConverter:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/documentconverter"
|
||||
tag: "8.19.32@sha256:82354e858b6aeeae7f0ebaf66ad106f8e9ae46e605e97bb1d2d14e6ce1c3d708"
|
||||
tag: "8.20.50@sha256:bd11b4e5a62377aab79ebc0ebbe8da0bf54d42ce9a8ae64db0c84608570edf9f"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeGotenberg:
|
||||
# renovate:
|
||||
@@ -303,29 +303,28 @@ images:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/imageconverter"
|
||||
tag: "8.19.33@sha256:9543c1409a129567bd6e4a657a353819842a4b1e1807ab86a1ea2e7f73f8c18e"
|
||||
tag: "8.20.50@sha256:590a8a4c583057f6bb071247c2f8b8566c79d5d219482dcaa452b30c944c876b"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/nextcloud-integration-ui"
|
||||
tag: "1.1.0@sha256:82cecb5adac63806ab41546e6b49090a93a5f4645750bb3967d87585b60df2e1"
|
||||
tag: "1.2.0@sha256:3d0ef11196f7544a01539e6790e4402ad69e2a501312eb7c7bb128c6563d0a8d"
|
||||
# @supplier: "Open-Xchange"
|
||||
openxchangePublicSectorUI:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.open-xchange.com
|
||||
# dependencyType=vendor
|
||||
repository: "appsuite-public-sector/public-sector-ui"
|
||||
tag: "2.1.0@sha256:ed56730add8afdb08bef8b43a114aba406fd86d83c7fd7af93dc16bb002fa233"
|
||||
tag: "2.2.0@sha256:3f8c62c139c27569e6b7d38321268e7cc291caa4ea1ea03180c8ce5499edd6d5"
|
||||
# @supplier: "Open-Xchange"
|
||||
oxConnector:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
|
||||
tag: "branch-jconde-listener-entrypoint-chaining\
|
||||
@sha256:54748d49e37d52529d4a857ff834d1217bd2cb8c89c7eed25c0873159ed6853c"
|
||||
tag: "0.3.4@sha256:db95466170613db46222e63aa0f69de9e60d08c6a409e27905ce5389e4b19074"
|
||||
# @supplier: "Univention"
|
||||
postfix:
|
||||
# renovate:
|
||||
@@ -383,20 +382,13 @@ images:
|
||||
repository: "rapidfort/haproxy-official"
|
||||
tag: "2.6.6-bullseye@sha256:bf22cfb1301aae433213f5f8c687bc5d9ecc6b86daf1084be5f7a339bd27cadd"
|
||||
# @supplier: "Element"
|
||||
univentionCorporateServer:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
repository: "souvap/tooling/images/univention-corporate-server-swp/ucs"
|
||||
tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8"
|
||||
# @supplier: "Univention"
|
||||
umsConfigHtpasswd:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "0.5.2@sha256:c8627e0b73ee1d92f74d2ae8b06e4593ac93b6bbde55d56d0497f3510912924c"
|
||||
tag: "0.9.1@sha256:5694da729235371d93b1c7f14c00720657b34d6425f232426a1848b69f97ab15"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
# renovate:
|
||||
@@ -404,7 +396,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "0.36.0@sha256:045e0e524cbdc93e174ce803a12e67dbb341211f3abbc0029200ee638a0a1eb7"
|
||||
tag: "0.39.3@sha256:f2968f98cf4f7cb4fd44339422c2d06ee590c61780ea88728af685719b497a9f"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
# renovate:
|
||||
@@ -428,7 +420,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "0.5.2@sha256:192f0ebb77ec6191d1df1edb2427739c4a69a3733c7d423f55045db5b9209c64"
|
||||
tag: "0.9.1@sha256:86f86119292ccda53d77db010ceac9217a2552145fad8d20e876002f74c3a187"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
# renovate:
|
||||
@@ -436,7 +428,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "0.5.2@sha256:a1834a98cf4f4686a74077cb6c2b094429a49875d05801745de7ee13eee38a07"
|
||||
tag: "0.9.1@sha256:615a587717934153179c138d3598841922e3a658e5e891347f21ecbe5c8387ae"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
# renovate:
|
||||
@@ -444,7 +436,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "0.5.2@sha256:aca1d481e23cbba7a33d5f261be6196690a6b7f1e593f7ff96fc6f22edab2c6b"
|
||||
tag: "0.9.1@sha256:c0984b246692d58b3fbecac487d3737e9b4f62181666f1abfa2401d1a3a72267"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
# renovate:
|
||||
@@ -452,7 +444,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "0.5.2@sha256:ed982e41ac5b0b81946272acf00f76463901da4f4b3ad50282ec4c73fd4b5833"
|
||||
tag: "0.9.1@sha256:f608986d8b072a143260531b6e3fcb08d18c88bc444b968c0713737769fd1292"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
# renovate:
|
||||
@@ -460,7 +452,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "0.5.0@sha256:78cfcc52b81f620374c4b827f0055be5339a7dd469d9b8df67e3bed547abd6bc"
|
||||
tag: "0.9.1@sha256:22e57dca261dad12e046a827914bb888f49fd6bb61f50ad5023b53dade4eda33"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
# renovate:
|
||||
@@ -468,7 +460,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "0.5.2@sha256:1bc01b883a5ccd2612925e123da10f9d216389701d743f1cea4050633770639f"
|
||||
tag: "0.9.1@sha256:82b6b5e7c20793b2a6000a1ceddd3e4b3d085bf75999e9ff9814e7224d1de629"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
# renovate:
|
||||
@@ -476,7 +468,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "0.3.5@sha256:1a434f9d5e4d15217d011c13d9f1694e8a12291e09a6d0802c1158f7e2c5e035"
|
||||
tag: "0.4.1@sha256:4b264251e9e1f2933be86051964d6113011379af107cc95dca53c1eff4c1e709"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
# renovate:
|
||||
@@ -484,7 +476,7 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "0.6.1@sha256:e023c6b4a66eb80dc165310aff9b869cf35c102196514741676a9dba68cfae89"
|
||||
tag: "0.6.2@sha256:326ced2ffd5cffa7591f23f5b0e2fe313a5aa0984d1537c3464df042d93b341c"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
# renovate:
|
||||
@@ -492,7 +484,23 @@ images:
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "0.6.1@sha256:9fc3ad7c45c436698223fe3219c314420b4687c9c694f5d255612beb51df9347"
|
||||
tag: "0.6.2@sha256:e2694fbc1b8f3027ae48f329e034431e06648028ca9c928b464db66a9fd080fb"
|
||||
# @supplier: "Univention"
|
||||
umsSelfserviceListener:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/selfservice-listener"
|
||||
tag: "0.3.0@sha256:919c4cbef3c4920fe661f5d69de7258135096b673a26370a0cbd98d244a20752"
|
||||
# @supplier: "Univention"
|
||||
umsSelfserviceInvitation:
|
||||
# renovate:
|
||||
# registryUrl=https://registry.souvap-univention.de
|
||||
# dependencyType=vendor
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/selfservice-invitation"
|
||||
tag: "0.3.0@sha256:225ce06e2859586d4c0fa1933d687df370d170b71b62cfd1e46992b44e880b08"
|
||||
# @supplier: "Univention"
|
||||
wellKnown:
|
||||
# renovate:
|
||||
|
||||
@@ -19,11 +19,11 @@ persistence:
|
||||
prosody: "1Gi"
|
||||
redis: "1Gi"
|
||||
synapse: "1Gi"
|
||||
univentionCorporateServer: "1Gi"
|
||||
univentionManagementStack:
|
||||
ldapServerData: "1Gi"
|
||||
ldapServerShared: "1Gi"
|
||||
portalListener: "1Gi"
|
||||
selfserviceListener: "1Gi"
|
||||
storeDav: "1Gi"
|
||||
xwiki: "1Gi"
|
||||
...
|
||||
|
||||
@@ -340,13 +340,6 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "64Mi"
|
||||
univentionCorporateServer:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "4Gi"
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: "1Gi"
|
||||
umsLdapNotifier:
|
||||
limits:
|
||||
cpu: 99
|
||||
@@ -396,6 +389,21 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsSelfserviceListener:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
umsSelfserviceListenerDependencies:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
|
||||
umsStackDataUms:
|
||||
limits:
|
||||
cpu: 99
|
||||
|
||||
@@ -11,11 +11,8 @@ secrets:
|
||||
shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}
|
||||
oxguardMC: {{ printf "MC%s" (randAlphaNum 20 | b64enc) | quote }}
|
||||
oxguardRC: {{ printf "RC%s" (randAlphaNum 20 | b64enc) | quote }}
|
||||
univentionCorporateServer:
|
||||
authSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "auth_secret" | sha1sum | quote }}
|
||||
defaultAccounts:
|
||||
userPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_password" | sha1sum | quote }}
|
||||
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_admin" | sha1sum | quote }}
|
||||
univentionManagementStack:
|
||||
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
|
||||
ldapSearch:
|
||||
keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_keycloak" | sha1sum | quote }}
|
||||
nextcloud: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_nextcloud" | sha1sum | quote }}
|
||||
@@ -23,8 +20,6 @@ secrets:
|
||||
ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_ox" | sha1sum | quote }}
|
||||
openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_openproject" | sha1sum | quote }}
|
||||
xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_xwiki" | sha1sum | quote }}
|
||||
univentionManagementStack:
|
||||
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
|
||||
defaultAccounts:
|
||||
administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "ums" | sha1sum | quote }}
|
||||
userPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_password" | sha1sum | quote }}
|
||||
@@ -38,7 +33,8 @@ secrets:
|
||||
keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
|
||||
matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
|
||||
openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}
|
||||
notificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
|
||||
umsNotificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
|
||||
umsSelfserviceUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "selfservice_user" | sha1sum | quote }}
|
||||
mariadb:
|
||||
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }}
|
||||
xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }}
|
||||
|
||||
@@ -41,10 +41,8 @@ postgresql:
|
||||
enabled: true
|
||||
redis:
|
||||
enabled: true
|
||||
univentionCorporateServer:
|
||||
enabled: true
|
||||
univentionManagementStack:
|
||||
enabled: false
|
||||
enabled: true
|
||||
xwiki:
|
||||
enabled: true
|
||||
...
|
||||
|
||||
BIN
helmfile/files/gpg-pubkeys/opencode.gpg
Normal file
BIN
helmfile/files/gpg-pubkeys/opencode.gpg
Normal file
Binary file not shown.
@@ -1,7 +1,2 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
service:
|
||||
nodePort:
|
||||
enabled: false
|
||||
...
|
||||
Binary file not shown.
Reference in New Issue
Block a user