mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
30 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9966bf640e | ||
|
|
8e376bb4a5 | ||
|
|
7c0e4aa9a6 | ||
|
|
e609b75cc7 | ||
|
|
20d26a069b | ||
|
|
59d58e320e | ||
|
|
49b71aafb4 | ||
|
|
cbe514176a | ||
|
|
0898d96571 | ||
|
|
7f7c364071 | ||
|
|
fd9e04d992 | ||
|
|
86657b139a | ||
|
|
cdffbe1298 | ||
|
|
82a037ec7c | ||
|
|
1a4eced998 | ||
|
|
06dcdd78af | ||
|
|
f564efd97f | ||
|
|
16f2ac464e | ||
|
|
30405d182d | ||
|
|
785989e91d | ||
|
|
27b6796639 | ||
|
|
7756d35fa1 | ||
|
|
5afd2339c2 | ||
|
|
b7f220a6b6 | ||
|
|
fb7dba787c | ||
|
|
72e3afdffd | ||
|
|
85b8fcaab5 | ||
|
|
c3129f1443 | ||
|
|
000be8b032 | ||
|
|
da1bf3581c |
69
CHANGELOG.md
69
CHANGELOG.md
@@ -1,3 +1,67 @@
|
||||
## [0.5.15](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.14...v0.5.15) (2023-10-25)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Add XWiki Jetty and UniventionKeycloak to image.yaml for Compliance checks. They are not yet part of standard deployment. ([8e376bb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/8e376bb4a5e37e16d76ea527cd02a5f614cdfe3d))
|
||||
|
||||
## [0.5.14](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.13...v0.5.14) (2023-10-20)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Support for openDesk top bar with central navigation ([e609b75](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e609b75cc7fcbb7f03997cb5e26dd9cf4628f77d))
|
||||
|
||||
## [0.5.13](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.12...v0.5.13) (2023-10-20)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Configure rights and roles ([59d58e3](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/59d58e320e503727e42dbfe0b027ba7948275ac6))
|
||||
|
||||
## [0.5.12](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.11...v0.5.12) (2023-10-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Add an application service for the intercom-service ([1a4eced](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1a4eced998998faa7ac862b8c409bbd743b16ec0))
|
||||
* **element:** Add the Matrix NeoBoard Widget deployment ([5afd233](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/5afd2339c20a0be41078ae4c3ce703c62f332557))
|
||||
* **element:** Add the Matrix NeoChoice Widget deployment ([7756d35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7756d35fa156b36ed50ba8f837273db56323f45f))
|
||||
* **element:** Add the Matrix NeoDateFix Bot deployment ([785989e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/785989e91df5547ab5ac60914b82bc99c4f1a790))
|
||||
* **element:** Add the Matrix NeoDateFix Widget deployment ([27b6796](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/27b6796639f37dbd6c26f21fd54502153398aed0))
|
||||
* **element:** Add the Matrix User Verification Service deployment ([30405d1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/30405d182d44a5586a4070738dfbe1c141841d19))
|
||||
* **element:** Upgrade Element to v1.11.46 ([82a037e](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/82a037ec7c25baf41bd0542c3ded47402adc2844))
|
||||
* **element:** Upgrade the opendesk-element charts to 2.3.0 ([fd9e04d](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fd9e04d9922b949d0f213016169a9024a66a1ded))
|
||||
* **element:** Upgrade the opendesk-matrix-widgets charts to 2.3.0 ([cbe5141](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/cbe514176a4d86d166db248d7297d215409016d2))
|
||||
* **element:** Use a separate image configuration for the bootstrap tasks ([7f7c364](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/7f7c364071072b01d485d3e248a3f8de49a07309))
|
||||
* **intercom-service:** Allow access from the non-istio domain and reference to the correct synapse hostname ([16f2ac4](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/16f2ac464eb7267f1c4d87c3ccaca2c91a7ecc1b))
|
||||
* **intercom-service:** Fix the nordeck configuration ([06dcdd7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/06dcdd78afe0e6514c1f30d24924d3e7077ae6da))
|
||||
* **jitsi:** Use template for the cluster networking domain ([0898d96](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/0898d9657145d66fd4c52fe6036c955ad58a0cfe))
|
||||
* **keycloak:** Use the correct backchannel logout configuration for element ([86657b1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/86657b139a6d8f4ff3f921b8755e04cb790c3786))
|
||||
* **open-xchange:** Enable Element calendar integration ([f564efd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/f564efd97f8db39cffaea317e36db3825fc9121e))
|
||||
|
||||
## [0.5.11](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.10...v0.5.11) (2023-10-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **helmfile:** Quote all password template strings ([fb7dba7](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/fb7dba787c232c402aa9c989c0e8ace51869d534))
|
||||
* **services:** Add memcached service ([72e3afd](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/72e3afdffdeb6f88f8e926426dbc26adf4b54e7a))
|
||||
|
||||
## [0.5.10](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.9...v0.5.10) (2023-10-11)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **intercom-service:** Update intercom-service chart to v2.0.0 ([c3129f1](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c3129f14437728be890187bb7c4a1bfc42d90958))
|
||||
|
||||
## [0.5.9](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.8...v0.5.9) (2023-10-10)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **element:** Enable the guest module in Synapse ([da1bf35](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/da1bf3581c5790786601948cabcef8a1d1c680ad))
|
||||
|
||||
## [0.5.8](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.7...v0.5.8) (2023-10-10)
|
||||
|
||||
|
||||
@@ -445,3 +509,8 @@
|
||||
* **open-xchange:** OX AppSuite 8 within SWP is now publicly available ([6dc470f](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/6dc470fd67edbb9711e406acb067569ca357b989))
|
||||
* **services:** Add clamav-simple deployment ([505f25c](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/505f25c5493ebb9e0181233ed5b7d8018e3a315d))
|
||||
* **sovereign-workplace:** Initial commit ([533c504](https://gitlab.souvap-univention.de/souvap/devops/sovereign-workplace/commit/533c5040faebd91f4012b604d0f4779ea1510424))
|
||||
|
||||
<!--
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
73
README.md
73
README.md
@@ -215,6 +215,7 @@ subdirectory `/helmfile/apps/services`.
|
||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional |
|
||||
| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional |
|
||||
| MariaDB | `mariadb.enabled` | `true` | Database | Eval |
|
||||
| Memcached | `memcached.enabled` | `true` | Cache Database | Eval |
|
||||
| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional |
|
||||
| OpenProject | `openproject.enabled` | `true` | Project management | Functional |
|
||||
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional |
|
||||
@@ -238,8 +239,8 @@ subdirectory `/helmfile/apps/services`.
|
||||
|
||||
#### Databases
|
||||
|
||||
In case you don't got for a develop or evaluation environment you want to point
|
||||
the application to your own database instances.
|
||||
When deploying this suite to production, you need to configure the applications to use your production grade database
|
||||
service.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------|
|
||||
@@ -283,6 +284,24 @@ the application to your own database instances.
|
||||
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
|
||||
| | | | Password | `databases.xwiki.password` | |
|
||||
|
||||
#### Cache
|
||||
|
||||
When deploying this suite to production, you need to configure the applications to use your production grade cache
|
||||
service.
|
||||
|
||||
| Component | Name | Type | Parameter | Key | Default |
|
||||
|------------------|------------------|-----------|-----------|------------------------------|------------------|
|
||||
| Intercom Service | Intercom Service | Redis | | | |
|
||||
| | | | Host | `cache.intercomService.host` | `redis-headless` |
|
||||
| | | | Port | `cache.intercomService.port` | `6379` |
|
||||
| Nextcloud | Nextcloud | Redis | | | |
|
||||
| | | | Host | `cache.nextcloud.host` | `redis-headless` |
|
||||
| | | | Port | `cache.nextcloud.port` | `6379` |
|
||||
| OpenProject | OpenProject | Memcached | | | |
|
||||
| | | | Host | `cache.openproject.host` | `memcached` |
|
||||
| | | | Port | `cache.openproject.port` | `11211` |
|
||||
|
||||
|
||||
### Scaling
|
||||
|
||||
The Replicas of components can be increased, while we still have to look in the
|
||||
@@ -350,30 +369,32 @@ This section summarizes various aspects of security and compliance aspects.
|
||||
This list gives you an overview of default security settings and if they comply with security standards:
|
||||
|
||||
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Component | Process | = | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|-------------|--------------------------|:------------------:|:----------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | wellKnown | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| Jitsi | jibri | :x: | :x: | :x: (`SYS_ADMIN`) | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jicofo | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | jitsiKeycloakAdapter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1993 | 1993 | - |
|
||||
| | jvb | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | prosody | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| | web | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| Keycloak | keycloak | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakConfigCli | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| | keycloakExtensionHandler | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| | keycloakExtensionProxy | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Memcached | memcached | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | - | 1001 |
|
||||
| Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
|
||||
|
||||
### Helm Chart Trust Chain
|
||||
|
||||
@@ -29,7 +29,7 @@ ingress:
|
||||
collabora:
|
||||
# Admin Console Credentials: https://CODE-domain/browser/dist/admin/admin.html
|
||||
username: "collabora-internal-admin"
|
||||
password: {{ .Values.secrets.collabora.adminPassword }}
|
||||
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
||||
aliasgroups:
|
||||
- host: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}:443"
|
||||
|
||||
|
||||
@@ -14,10 +14,22 @@ repositories:
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
# openDesk Matrix Widgets
|
||||
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets
|
||||
- name: "opendesk-matrix-widgets-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "opendesk-element"
|
||||
chart: "opendesk-element-repo/opendesk-element"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-element.yaml"
|
||||
- "values-element.gotmpl"
|
||||
@@ -25,7 +37,7 @@ releases:
|
||||
|
||||
- name: "opendesk-well-known"
|
||||
chart: "opendesk-element-repo/opendesk-well-known"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-well-known.yaml"
|
||||
- "values-well-known.gotmpl"
|
||||
@@ -33,7 +45,7 @@ releases:
|
||||
|
||||
- name: "opendesk-synapse-web"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-web"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-synapse-web.yaml"
|
||||
- "values-synapse-web.gotmpl"
|
||||
@@ -41,12 +53,68 @@ releases:
|
||||
|
||||
- name: "opendesk-synapse"
|
||||
chart: "opendesk-element-repo/opendesk-synapse"
|
||||
version: "2.2.0"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-synapse.yaml"
|
||||
- "values-synapse.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-user-verification-service-bootstrap.yaml"
|
||||
- "values-matrix-user-verification-service-bootstrap.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "opendesk-matrix-user-verification-service"
|
||||
chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-user-verification-service.yaml"
|
||||
- "values-matrix-user-verification-service.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "matrix-neoboard-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neoboard-widget.yaml"
|
||||
- "values-matrix-neoboard-widget.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "matrix-neochoice-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neochoice-widget.yaml"
|
||||
- "values-matrix-neochoice-widget.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "matrix-neodatefix-widget"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-widget.yaml"
|
||||
- "values-matrix-neodatefix-widget.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "matrix-neodatefix-bot-bootstrap"
|
||||
chart: "opendesk-element-repo/opendesk-synapse-create-account"
|
||||
version: "2.5.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot-bootstrap.yaml"
|
||||
- "values-matrix-neodatefix-bot-bootstrap.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
- name: "matrix-neodatefix-bot"
|
||||
chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
|
||||
version: "3.1.0"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot.yaml"
|
||||
- "values-matrix-neodatefix-bot.gotmpl"
|
||||
condition: "element.enabled"
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-1"
|
||||
component: "element"
|
||||
|
||||
@@ -15,6 +15,93 @@ configuration:
|
||||
additionalConfiguration:
|
||||
logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
|
||||
|
||||
"net.nordeck.element_web.module.opendesk":
|
||||
config:
|
||||
ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
|
||||
ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
|
||||
portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
portal_url: "https://{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}/"
|
||||
custom_css_variables:
|
||||
--cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
|
||||
|
||||
"net.nordeck.element_web.module.widget_lifecycle":
|
||||
widget_permissions:
|
||||
"https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
|
||||
identity_approved: true
|
||||
"https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
|
||||
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
|
||||
- org.matrix.msc2762.send.state_event:m.room.power_levels#
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels#
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
|
||||
- org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
|
||||
- org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
|
||||
- town.robin.msc3846.turn_servers
|
||||
"https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2762.send.event:net.nordeck.poll.vote
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.poll.vote
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll.settings
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.send.state_event:net.nordeck.poll.group
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.poll.group
|
||||
- org.matrix.msc2762.send.event:net.nordeck.poll.start
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.poll.start
|
||||
"https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*":
|
||||
preload_approved: true
|
||||
identity_approved: true
|
||||
capabilities_approved:
|
||||
- org.matrix.msc2931.navigate
|
||||
- org.matrix.msc2762.timeline:*
|
||||
- org.matrix.msc2762.receive.state_event:m.room.power_levels
|
||||
- org.matrix.msc2762.receive.event:m.reaction
|
||||
- org.matrix.msc2762.receive.state_event:m.room.create
|
||||
- org.matrix.msc2762.receive.state_event:m.room.tombstone
|
||||
- org.matrix.msc2762.receive.state_event:m.room.member
|
||||
- org.matrix.msc2762.send.state_event:m.room.member
|
||||
- org.matrix.msc2762.receive.state_event:m.room.name
|
||||
- org.matrix.msc2762.receive.state_event:m.room.topic
|
||||
- org.matrix.msc2762.receive.state_event:m.space.parent
|
||||
- org.matrix.msc2762.receive.state_event:m.space.child
|
||||
- org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata
|
||||
- org.matrix.msc2762.receive.state_event:im.vector.modular.widgets
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions
|
||||
- org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message
|
||||
- org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message
|
||||
- org.matrix.msc3973.user_directory_search
|
||||
|
||||
welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
33
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoBoardWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoBoardWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-matrix-neoboard-widget.yaml
Normal file
21
helmfile/apps/element/values-matrix-neoboard-widget.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
33
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neochoice-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoChoiceWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoChoiceWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoChoiceWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
21
helmfile/apps/element/values-matrix-neochoice-widget.yaml
Normal file
21
helmfile/apps/element/values-matrix-neochoice-widget.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.synapseCreateUser.repository }}"
|
||||
tag: "{{ .Values.images.synapseCreateUser.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
...
|
||||
@@ -1,8 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
istio:
|
||||
enabled: false
|
||||
virtualService:
|
||||
enabled: false
|
||||
configuration:
|
||||
username: "meetings-bot"
|
||||
pod: "opendesk-synapse-0"
|
||||
secretName: "matrix-neodatefix-bot-account"
|
||||
...
|
||||
37
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
Normal file
37
helmfile/apps/element/values-matrix-neodatefix-bot.gotmpl
Normal file
@@ -0,0 +1,37 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
configuration:
|
||||
openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoDateFixBot.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoDateFixBot.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
persistence:
|
||||
size: "{{ .Values.persistence.size.matrixNeoDateFixBot }}"
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoDateFixBot | toYaml | nindent 2 }}
|
||||
...
|
||||
50
helmfile/apps/element/values-matrix-neodatefix-bot.yaml
Normal file
50
helmfile/apps/element/values-matrix-neodatefix-bot.yaml
Normal file
@@ -0,0 +1,50 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
bot:
|
||||
username: "meetings-bot"
|
||||
displayname: "Terminplaner Bot"
|
||||
|
||||
strings:
|
||||
breakoutSessionWidgetName: "Breakoutsessions"
|
||||
calendarRoomName: "Terminplaner"
|
||||
calendarWidgetName: "Terminplaner"
|
||||
cockpitWidgetName: "Meeting Steuerung"
|
||||
jitsiWidgetName: "Videokonferenz"
|
||||
matrixNeoBoardWidgetName: "Whiteboard"
|
||||
matrixNeoChoiceWidgetName: "Abstimmungen"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
extraEnvVars:
|
||||
- name: "ACCESS_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "matrix-neodatefix-bot-account"
|
||||
key: "access_token"
|
||||
|
||||
# TODO: The health endpoint does not work with the haproxy configuration, yet
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
|
||||
# TODO: The health endpoint does not work with the haproxy configuration, yet
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
...
|
||||
33
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
Normal file
33
helmfile/apps/element/values-matrix-neodatefix-widget.gotmpl
Normal file
@@ -0,0 +1,33 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixNeoDateFixWidget.repository }}"
|
||||
tag: "{{ .Values.images.matrixNeoDateFixWidget.tag }}"
|
||||
|
||||
ingress:
|
||||
enabled: "{{ .Values.ingress.enabled }}"
|
||||
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
|
||||
tls:
|
||||
enabled: "{{ .Values.ingress.tls.enabled }}"
|
||||
secretName: "{{ .Values.ingress.tls.secretName }}"
|
||||
|
||||
theme:
|
||||
{{ .Values.theme | toYaml | nindent 2 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixNeoDateFixWidget }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixNeoDateFixWidget | toYaml | nindent 2 }}
|
||||
...
|
||||
25
helmfile/apps/element/values-matrix-neodatefix-widget.yaml
Normal file
25
helmfile/apps/element/values-matrix-neodatefix-widget.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
bot:
|
||||
username: "meetings-bot"
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 101
|
||||
runAsNonRoot: true
|
||||
runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
configuration:
|
||||
password: {{ .Values.secrets.matrixUserVerificationService.password }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
url: "{{ .Values.images.synapseCreateUser.repository }}"
|
||||
tag: "{{ .Values.images.synapseCreateUser.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
...
|
||||
@@ -0,0 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
username: "uvs"
|
||||
pod: "opendesk-synapse-0"
|
||||
secretName: "opendesk-matrix-user-verification-service-account"
|
||||
...
|
||||
@@ -0,0 +1,23 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
repository: "{{ .Values.images.matrixUserVerificationService.repository }}"
|
||||
tag: "{{ .Values.images.matrixUserVerificationService.tag }}"
|
||||
|
||||
replicaCount: {{ .Values.replicas.matrixUserVerificationService }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.matrixUserVerificationService | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -0,0 +1,29 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
# TODO: the service can't run with read only filesystem or as non-root
|
||||
#readOnlyRootFilesystem: true
|
||||
#runAsGroup: 101
|
||||
#runAsNonRoot: true
|
||||
#runAsUser: 101
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
extraEnvVars:
|
||||
- name: "UVS_ACCESS_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "opendesk-matrix-user-verification-service-account"
|
||||
key: "access_token"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
...
|
||||
@@ -22,9 +22,20 @@ configuration:
|
||||
host: "{{ .Values.databases.synapse.host }}"
|
||||
name: "{{ .Values.databases.synapse.name }}"
|
||||
user: "{{ .Values.databases.synapse.username }}"
|
||||
password: "{{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser }}"
|
||||
password: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
|
||||
|
||||
homeserver:
|
||||
appServiceConfigs:
|
||||
- as_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
hs_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
id: intercom-service
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: false
|
||||
regex: "@.*"
|
||||
url: null
|
||||
sender_localpart: intercom-service
|
||||
|
||||
oidc:
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix }}
|
||||
issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
@@ -41,7 +52,7 @@ configuration:
|
||||
port: {{ .Values.turn.server.port }}
|
||||
transport: {{ .Values.turn.transport }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
guestModule:
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
@@ -2,9 +2,16 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
configuration:
|
||||
additionalConfiguration:
|
||||
room_prejoin_state:
|
||||
additional_event_types:
|
||||
- "m.space.parent"
|
||||
- "net.nordeck.meetings.metadata"
|
||||
- "m.room.power_levels"
|
||||
|
||||
homeserver:
|
||||
guestModule:
|
||||
enabled: false
|
||||
enabled: true
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -15,9 +15,8 @@ repositories:
|
||||
releases:
|
||||
- name: "intercom-service"
|
||||
chart: "intercom-service-repo/intercom-service"
|
||||
version: "1.1.3"
|
||||
version: "2.0.0"
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
condition: "intercom.enabled"
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
@@ -13,24 +14,28 @@ global:
|
||||
ics:
|
||||
secret: {{ .Values.secrets.intercom.secret }}
|
||||
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
originRegex: "{{ .Values.istio.domain }}"
|
||||
originRegex: "{{ .Values.istio.domain }}|{{ .Values.global.domain }}"
|
||||
default:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
oidc:
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.intercom }}
|
||||
matrix:
|
||||
asSecret: {{ .Values.secrets.jitsi.synapseAsToken }}
|
||||
serverName: "matrix.{{ .Values.global.domain }}"
|
||||
asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||
subdomain: {{ .Values.global.hosts.synapse }}
|
||||
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
||||
nordeck:
|
||||
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot }}
|
||||
portal:
|
||||
apiKey: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
redis:
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
host: {{ .Values.cache.intercomService.host }}
|
||||
port: {{ .Values.cache.intercomService.port }}
|
||||
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
||||
openxchange:
|
||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
image:
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.intercom.repository }}"
|
||||
tag: "{{ .Values.images.intercom.tag }}"
|
||||
|
||||
|
||||
@@ -63,6 +63,10 @@ jitsi:
|
||||
value: "myappid"
|
||||
- name: "JWT_APP_SECRET"
|
||||
value: "{{ .Values.secrets.jitsi.jwtAppSecret }}"
|
||||
- name: "MATRIX_UVS_SYNC_POWER_LEVELS"
|
||||
value: "true"
|
||||
- name: "MATRIX_UVS_URL"
|
||||
value: "http://opendesk-matrix-user-verification-service.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
|
||||
- name: TURNS_HOST
|
||||
value: "{{ .Values.turn.tls.host }}"
|
||||
- name: TURNS_PORT
|
||||
@@ -86,7 +90,7 @@ jitsi:
|
||||
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}"
|
||||
tag: "{{ .Values.images.jicofo.tag }}"
|
||||
xmpp:
|
||||
password: "{{ .Values.secrets.jitsi.jicofoAuthPassword }}"
|
||||
password: {{ .Values.secrets.jitsi.jicofoAuthPassword | quote }}
|
||||
componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}"
|
||||
resources:
|
||||
{{ .Values.resources.jicofo | toYaml | nindent 6 }}
|
||||
|
||||
@@ -17,7 +17,7 @@ cleanup:
|
||||
|
||||
config:
|
||||
administrator:
|
||||
password: "{{ .Values.secrets.keycloak.adminPassword }}"
|
||||
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
keycloak:
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
postgresql:
|
||||
connection:
|
||||
host: "{{ .Values.databases.keycloakExtension.host }}"
|
||||
@@ -13,7 +13,7 @@ global:
|
||||
auth:
|
||||
database: "{{ .Values.databases.keycloakExtension.name }}"
|
||||
username: "{{ .Values.databases.keycloakExtension.username }}"
|
||||
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser }}
|
||||
password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
handler:
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
@@ -21,7 +21,7 @@ handler:
|
||||
tag: "{{ .Values.images.keycloakExtensionHandler.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
appConfig:
|
||||
smtpPassword: "{{ .Values.smtp.password }}"
|
||||
smtpPassword: {{ .Values.smtp.password | quote }}
|
||||
smtpHost: "{{ .Values.smtp.host }}"
|
||||
smtpUsername: "{{ .Values.smtp.username }}"
|
||||
mailFrom: "noreply@{{ .Values.global.domain }}"
|
||||
|
||||
@@ -181,7 +181,7 @@ keycloakConfigCli:
|
||||
"attributes": {
|
||||
"backchannel.logout.revoke.offline.tokens": "true",
|
||||
"backchannel.logout.session.required": "true",
|
||||
"backchannel.logout.url": "https://$(ELEMENT_DOMAIN)/_synapse/client/oidc/backchannel_logout",
|
||||
"backchannel.logout.url": "https://$(MATRIX_DOMAIN)/_synapse/client/oidc/backchannel_logout",
|
||||
"post.logout.redirect.uris": "https://$(ELEMENT_DOMAIN)/*##https://$(MATRIX_DOMAIN)/*##https://$(UNIVENTION_CORPORATE_SERVER_DOMAIN)/*"
|
||||
},
|
||||
"authenticationFlowBindingOverrides": {},
|
||||
|
||||
@@ -20,10 +20,10 @@ externalDatabase:
|
||||
port: {{ .Values.databases.keycloak.port }}
|
||||
user: "{{ .Values.databases.keycloak.username }}"
|
||||
database: "{{ .Values.databases.keycloak.name }}"
|
||||
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser }}
|
||||
password: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
|
||||
auth:
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword }}
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.keycloak }}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ global:
|
||||
|
||||
config:
|
||||
administrator:
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
|
||||
antivirus:
|
||||
{{- if .Values.clamavDistributed.enabled }}
|
||||
@@ -25,15 +25,15 @@ config:
|
||||
|
||||
apps:
|
||||
integrationSwp:
|
||||
password: {{ .Values.secrets.centralnavigation.apiKey }}
|
||||
password: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
userOidc:
|
||||
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc }}
|
||||
password: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||
|
||||
database:
|
||||
host: "{{ .Values.databases.nextcloud.host }}"
|
||||
name: "{{ .Values.databases.nextcloud.name }}"
|
||||
user: "{{ .Values.databases.nextcloud.username }}"
|
||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||
|
||||
ldapSearch:
|
||||
password: "{{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}"
|
||||
|
||||
@@ -6,16 +6,20 @@ SPDX-License-Identifier: Apache-2.0
|
||||
nextcloud:
|
||||
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
|
||||
username: "nextcloud"
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword }}
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
externalDatabase:
|
||||
database: "{{ .Values.databases.nextcloud.name }}"
|
||||
user: "{{ .Values.databases.nextcloud.username }}"
|
||||
host: "{{ .Values.databases.nextcloud.host }}"
|
||||
password: "{{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||
extraEnv:
|
||||
REDIS_HOST: {{ .Values.cache.nextcloud.host | quote }}
|
||||
REDIS_HOST_PORT: {{ .Values.cache.nextcloud.port | quote }}
|
||||
REDIS_HOST_PASSWORD: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||
redis:
|
||||
auth:
|
||||
enabled: true
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
password: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||
ingress:
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
className: {{ .Values.ingress.ingressClassName }}
|
||||
|
||||
@@ -16,10 +16,10 @@ imagePullSecrets:
|
||||
|
||||
dovecot:
|
||||
mailDomain: "{{ .Values.global.domain }}"
|
||||
password: {{ .Values.secrets.dovecot.doveadm }}
|
||||
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||
ldap:
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc }}
|
||||
|
||||
@@ -11,8 +11,8 @@ global:
|
||||
database: "{{ .Values.databases.oxAppsuite.name }}"
|
||||
auth:
|
||||
user: "{{ .Values.databases.oxAppsuite.username }}"
|
||||
password: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
rootPassword: "{{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
istio:
|
||||
enabled: {{ .Values.istio.enabled }}
|
||||
|
||||
@@ -67,7 +67,7 @@ appsuite:
|
||||
# Old capability can be used to toggle all integrations with a single switch
|
||||
com.openexchange.capability.public-sector: "true"
|
||||
# New capabilities in 2.0
|
||||
com.openexchange.capability.public-sector-element: "false"
|
||||
com.openexchange.capability.public-sector-element: "true"
|
||||
com.openexchange.capability.public-sector-navigation: "true"
|
||||
com.openexchange.capability.client-onboarding: "true"
|
||||
com.openexchange.capability.dynamic-theme: "true"
|
||||
|
||||
@@ -14,6 +14,9 @@ image:
|
||||
tag: "{{ .Values.images.openproject.tag }}"
|
||||
|
||||
memcached:
|
||||
connection:
|
||||
host: "{{ .Values.cache.openproject.host }}"
|
||||
port: {{ .Values.cache.openproject.port }}
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.memcached.repository }}"
|
||||
@@ -21,7 +24,7 @@ memcached:
|
||||
|
||||
postgresql:
|
||||
auth:
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser }}
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
username: "{{ .Values.databases.openproject.username }}"
|
||||
database: "{{ .Values.databases.openproject.name }}"
|
||||
connection:
|
||||
@@ -35,7 +38,7 @@ openproject:
|
||||
name: "OpenProject Interal Admin"
|
||||
mail: "openproject-admin@swp-domain.internal"
|
||||
password_reset: "false"
|
||||
password: "{{ .Values.secrets.openproject.adminPassword }}"
|
||||
password: {{ .Values.secrets.openproject.adminPassword | quote }}
|
||||
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
image:
|
||||
registry: "registry.souvap-univention.de"
|
||||
|
||||
memcached:
|
||||
bundled: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
initialDelaySeconds: 300
|
||||
@@ -27,6 +30,12 @@ openproject:
|
||||
# seed will only be executed on initial installation
|
||||
seed_locale: "de"
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
environment:
|
||||
|
||||
@@ -21,7 +21,7 @@ oxConnector:
|
||||
domainName: "{{ .Values.global.domain }}"
|
||||
#oxMasterAdmin: "(( .Values.appsuite.core-mw.masterAdmin ))"
|
||||
oxMasterAdmin: "admin"
|
||||
oxMasterPassword: "{{ .Values.secrets.oxAppsuite.adminPassword }}"
|
||||
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
oxDefaultContext: "1"
|
||||
|
||||
|
||||
@@ -82,6 +82,13 @@ releases:
|
||||
- "values-redis.gotmpl"
|
||||
- "values-redis.yaml"
|
||||
condition: "redis.enabled"
|
||||
- name: "memcached"
|
||||
chart: "bitnami-repo/memcached"
|
||||
version: "6.6.2"
|
||||
values:
|
||||
- "values-memcached.yaml"
|
||||
- "values-memcached.gotmpl"
|
||||
condition: "memcached.enabled"
|
||||
- name: "postgresql"
|
||||
chart: "postgresql-repo/postgresql"
|
||||
version: "2.0.2"
|
||||
|
||||
@@ -18,11 +18,11 @@ image:
|
||||
job:
|
||||
users:
|
||||
- username: "xwiki_user"
|
||||
password: "{{ .Values.secrets.mariadb.xwikiUser }}"
|
||||
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
|
||||
- username: "openxchange_user"
|
||||
password: "{{ .Values.secrets.mariadb.openxchangeUser }}"
|
||||
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
|
||||
- username: "nextcloud_user"
|
||||
password: "{{ .Values.secrets.mariadb.nextcloudUser }}"
|
||||
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
|
||||
databases:
|
||||
- name: "xwiki"
|
||||
user: "xwiki_user"
|
||||
@@ -32,7 +32,7 @@ job:
|
||||
user: "openxchange_user"
|
||||
|
||||
mariadb:
|
||||
rootPassword: "{{ .Values.secrets.mariadb.rootPassword }}"
|
||||
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
persistence:
|
||||
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
|
||||
|
||||
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
19
helmfile/apps/services/values-memcached.gotmpl
Normal file
@@ -0,0 +1,19 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
repository: "{{ .Values.images.memcached.repository }}"
|
||||
tag: "{{ .Values.images.memcached.tag }}"
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.memcached | toYaml | nindent 2 }}
|
||||
...
|
||||
18
helmfile/apps/services/values-memcached.yaml
Normal file
18
helmfile/apps/services/values-memcached.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
...
|
||||
@@ -16,15 +16,15 @@ image:
|
||||
job:
|
||||
users:
|
||||
- username: "keycloak_user"
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
- username: "openproject_user"
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser }}
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
- username: "keycloak_extensions_user"
|
||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
- username: "matrix_user"
|
||||
password: {{ .Values.secrets.postgresql.matrixUser }}
|
||||
password: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
||||
- username: "notificationsapi_user"
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||
databases:
|
||||
- name: "keycloak"
|
||||
user: "keycloak_user"
|
||||
@@ -43,7 +43,7 @@ persistence:
|
||||
size: "{{ .Values.persistence.size.postgresql }}"
|
||||
|
||||
postgres:
|
||||
password: {{ .Values.secrets.postgresql.postgresUser }}
|
||||
password: {{ .Values.secrets.postgresql.postgresUser | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
|
||||
|
||||
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password }}
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
|
||||
global:
|
||||
imageRegistry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -37,31 +37,31 @@ extraEnvVars:
|
||||
- name: LDAPSEARCH_OX_USERNAME
|
||||
value: "ldapsearch_ox"
|
||||
- name: LDAPSEARCH_OX_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.ox | quote }}
|
||||
- name: LDAPSEARCH_DOVECOT_USERNAME
|
||||
value: "ldapsearch_dovecot"
|
||||
- name: LDAPSEARCH_DOVECOT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
- name: LDAPSEARCH_KEYCLOAK_USERNAME
|
||||
value: "ldapsearch_keycloak"
|
||||
- name: LDAPSEARCH_KEYCLOAK_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.keycloak | quote }}
|
||||
- name: LDAPSEARCH_NEXTCLOUD_USERNAME
|
||||
value: "ldapsearch_nextcloud"
|
||||
- name: LDAPSEARCH_NEXTCLOUD_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.nextcloud | quote }}
|
||||
- name: LDAPSEARCH_OPENPROJECT_USERNAME
|
||||
value: "ldapsearch_openproject"
|
||||
- name: LDAPSEARCH_OPENPROJECT_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
|
||||
- name: LDAPSEARCH_XWIKI_USERNAME
|
||||
value: "ldapsearch_xwiki"
|
||||
- name: LDAPSEARCH_XWIKI_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.ldapSearch.xwiki | quote }}
|
||||
- name: DEFAULT_ACCOUNT_USER_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.userPassword | quote }}
|
||||
- name: DEFAULT_ACCOUNT_ADMIN_PASSWORD
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword }}
|
||||
value: {{ .Values.secrets.univentionCorporateServer.defaultAccounts.adminPassword | quote }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.univentionCorporateServer | toYaml | nindent 2 }}
|
||||
|
||||
@@ -11,7 +11,7 @@ postgresql:
|
||||
auth:
|
||||
username: "notificationsapi_user"
|
||||
database: "notificationsapi"
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser }}
|
||||
password: {{ .Values.secrets.postgresql.notificationsapiUser | quote }}
|
||||
|
||||
image:
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
|
||||
@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
stackDataSwp:
|
||||
udmApiUsername: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
|
||||
@@ -5,13 +5,13 @@ SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
stackDataUms:
|
||||
udmApiUser: "cn=admin"
|
||||
udmApiPassword: "{{ .Values.secrets.univentionManagementStack.ldapSecret }}"
|
||||
udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
udmApiUrl: "http://ums-udm-rest-api/udm/"
|
||||
loadDevData: true
|
||||
|
||||
stackDataContext:
|
||||
ldapBase: "dc=swp-ldap,dc=internal"
|
||||
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
|
||||
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }}
|
||||
|
||||
# The SWP configuration brings its own UMC policies.
|
||||
installUmcPolicies: false
|
||||
|
||||
@@ -9,7 +9,7 @@ image:
|
||||
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
externalDB:
|
||||
password: "{{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword }}"
|
||||
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
database: "{{ .Values.databases.xwiki.name }}"
|
||||
user: "{{ .Values.databases.xwiki.username }}"
|
||||
host: "{{ .Values.databases.xwiki.host }}"
|
||||
|
||||
16
helmfile/environments/default/cache.yaml
Normal file
16
helmfile/environments/default/cache.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cache:
|
||||
intercomService:
|
||||
host: "redis-headless"
|
||||
port: 6379
|
||||
password: ""
|
||||
nextcloud:
|
||||
host: "redis-headless"
|
||||
port: 6379
|
||||
password: ""
|
||||
openproject:
|
||||
host: "memcached"
|
||||
port: 11211
|
||||
...
|
||||
@@ -15,14 +15,14 @@ global:
|
||||
intercomService: "ics"
|
||||
jitsi: "meet"
|
||||
keycloak: "id"
|
||||
meetingWidgetsBot: "meeting-widgets-bot"
|
||||
meetingWidgets: "meeting-widgets"
|
||||
newWorkBoardWidget: "whiteboard-widget"
|
||||
matrixNeoBoardWidget: "matrix-neoboard-widget"
|
||||
matrixNeoChoiceWidget: "matrix-neochoice-widget"
|
||||
matrixNeoDateFixBot: "matrix-neodatefix-bot"
|
||||
matrixNeoDateFixWidget: "matrix-neodatefix-widget"
|
||||
nextcloud: "fs"
|
||||
openproject: "project"
|
||||
openxchange: "webmail"
|
||||
openxchangeProvisioning: "ox-provisioning"
|
||||
pollWidget: "poll-widget"
|
||||
synapse: "matrix"
|
||||
univentionCorporateServer: "portal"
|
||||
univentionManagementStack: "portal"
|
||||
|
||||
@@ -16,7 +16,7 @@ images:
|
||||
# @supplier: "Open-Xchange"
|
||||
element:
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
tag: "1.1.0@sha256:4fc2df523090cf012b50a681c92482f61231baf4cce67de467dd9f79c181bc93"
|
||||
tag: "1.3.0@sha256:25bd7d731dc501cd00fac61c9db8807b635d1150a99067137b7fb290981ec8f8"
|
||||
# @supplier: "Element"
|
||||
freshclam:
|
||||
repository: "clamav/clamav"
|
||||
@@ -58,6 +58,11 @@ images:
|
||||
repository: "bitnami/keycloak"
|
||||
tag: "19.0.3-debian-11-r22@sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e"
|
||||
# @supplier: "Univention"
|
||||
keycloakUnivention:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/keycloak-app-on-use-base-manpub-tr"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
keycloakBootstrap:
|
||||
repository: "souvap/tooling/images/ansible"
|
||||
tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
|
||||
@@ -75,10 +80,30 @@ images:
|
||||
# For upgrades at least confirm compatibility of target version with OX (regarding AS Guard)
|
||||
tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
matrixNeoBoardWidget:
|
||||
repository: "nordeck/matrix-neoboard-widget"
|
||||
tag: "0.4.0@sha256:c5e72409a0edc1962e9be618fcb83acce19e64c0c645075d8ff0ccde06e93fc7"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoChoiceWidget:
|
||||
repository: "nordeck/matrix-poll-widget"
|
||||
tag: "1.2.0@sha256:0abcf7c368c91721413c96deaa1e87f095b6afbe864ea5f042c9a370c38fb07b"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixBot:
|
||||
repository: "nordeck/matrix-meetings-bot"
|
||||
tag: "2.4.0@sha256:d6560841c3708bd8b55623ef70dd55bf4792da6ed6cd5026c37a5e4df7c8a3a3"
|
||||
# @supplier: "Nordeck"
|
||||
matrixNeoDateFixWidget:
|
||||
repository: "nordeck/matrix-meetings-widget"
|
||||
tag: "1.5.1@sha256:a518c194fa1b8cf2886c02623d883810f166f27259ce7d4e0138b962dea565e7"
|
||||
# @supplier: "Nordeck"
|
||||
matrixUserVerificationService:
|
||||
repository: "matrixdotorg/matrix-user-verification-service"
|
||||
tag: "v3.0.0@sha256:25e685d595785e2a72e75a525dac78cf8c782445454f8ac090d3702431c38008"
|
||||
# @supplier: "Element"
|
||||
memcached:
|
||||
repository: "bitnami/memcached"
|
||||
tag: "1.6.21-debian-11-r84@sha256:81747acd297d3fcd05706ea771d441a6f01b28d722c366a06f922b6b7d4033dd"
|
||||
# @supplier: "OpenProject"
|
||||
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
milter:
|
||||
repository: "clamav/clamav"
|
||||
tag: "1.1.1-10_base@sha256:aed8d5a3ef58352c862028fae44241215a50eae0b9acb7ba8892b1edc0a6598f"
|
||||
@@ -157,6 +182,10 @@ images:
|
||||
repository: "matrixdotorg/synapse"
|
||||
tag: "v1.91.2@sha256:1d19508db417bb2b911c8e086bd3dc3b719ee75c6f6194d58af59b4c32b11322"
|
||||
# @supplier: "Element"
|
||||
synapseCreateUser:
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
# @supplier: "Nordeck"
|
||||
synapseGuestModule:
|
||||
repository: "nordeck/synapse-guest-module"
|
||||
tag: "1.0.0@sha256:e9c736d84a77df93b2dbe3e3afa7b0ca3efcbc4457677adaac5df3cc79a85923"
|
||||
@@ -170,54 +199,67 @@ images:
|
||||
tag: "20230829T094822@sha256:6415847851ee3b474cea756212698f4a110fbbde74882e22da92500a6358a4f8"
|
||||
# @supplier: "Univention"
|
||||
umsConfigHtpasswd:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsLdapServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-server"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsNotificationsApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "latest"
|
||||
# @supplier: "Univention"
|
||||
@@ -229,4 +271,10 @@ images:
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.10-mariadb-tomcat@sha256:02f0ff6407ccdd8dab17814202e28991fe0aa8d44fa106ba171cff5249eaf58f"
|
||||
# @supplier: "XWiki"
|
||||
xwikiJetty:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "xwikisas/swp/xwiki"
|
||||
tag: "0.11-SNAPSHOT-mariadb-jetty-alpine"
|
||||
# @supplier: "XWiki"
|
||||
|
||||
...
|
||||
|
||||
@@ -9,6 +9,7 @@ persistence:
|
||||
clamav: "1Gi"
|
||||
dovecot: "1Gi"
|
||||
mariadb: "1Gi"
|
||||
matrixNeoDateFixBot: "1Gi"
|
||||
nextcloud:
|
||||
main: "1Gi"
|
||||
data: "10Gi"
|
||||
|
||||
@@ -19,6 +19,11 @@ replicas:
|
||||
jitsiKeycloakAdapter: 1
|
||||
jvb: 1
|
||||
keycloak: 1
|
||||
matrixNeoBoardWidget: 1
|
||||
matrixNeoChoiceWidget: 1
|
||||
matrixNeoDateFixBot: 1
|
||||
matrixNeoDateFixWidget: 1
|
||||
matrixUserVerificationService: 1
|
||||
# clamav-distributed
|
||||
milter: 1
|
||||
nextcloud: 1
|
||||
|
||||
@@ -114,6 +114,48 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "500Mi"
|
||||
matrixNeoBoardWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
matrixNeoChoiceWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
matrixNeoDateFixBot:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "500Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "100Mi"
|
||||
matrixNeoDateFixWidget:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
matrixUserVerificationService:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "250Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "50Mi"
|
||||
memcached:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "32Mi"
|
||||
milter:
|
||||
limits:
|
||||
cpu: 4
|
||||
|
||||
@@ -60,7 +60,6 @@ secrets:
|
||||
collabora:
|
||||
adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "collabora" "collabora_admin_user" | sha1sum) }}
|
||||
jitsi:
|
||||
synapseAsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "as_token" | sha1sum) }}
|
||||
jwtAppSecret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jwtAppSecret" | sha1sum) }}
|
||||
jibriRecorderPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriRecorderPassword" | sha1sum) }}
|
||||
jibriXmppPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriXmppPassword" | sha1sum) }}
|
||||
@@ -81,4 +80,9 @@ secrets:
|
||||
superadminpassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "xwiki" "superadminpassword" | sha1sum) }}
|
||||
intercom:
|
||||
secret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "secret" | sha1sum) }}
|
||||
synapseAsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "intercom" "as_token" | sha1sum) }}
|
||||
matrixNeoDateFixBot:
|
||||
password: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-neodatefix-bot" "password" | sha1sum) }}
|
||||
matrixUserVerificationService:
|
||||
password: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "matrix-user-verification-service" "password" | sha1sum) }}
|
||||
...
|
||||
|
||||
@@ -21,6 +21,8 @@ keycloak:
|
||||
enabled: true
|
||||
mariadb:
|
||||
enabled: true
|
||||
memcached:
|
||||
enabled: true
|
||||
nextcloud:
|
||||
enabled: true
|
||||
openproject:
|
||||
|
||||
Reference in New Issue
Block a user