mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
12 Commits
v1.1.2
...
jahlers/2f
| Author | SHA1 | Date | |
|---|---|---|---|
|
ac674b93ae | ||
|
|
e46c3759e0 | ||
|
|
52b0b13e6b | ||
|
|
4c42ed76e8 | ||
|
|
7b05213d6e | ||
|
|
4296db7c90 | ||
|
|
a6de1fe694 | ||
|
|
817af98fcd | ||
|
|
780596ab40 | ||
|
|
da3adff0ef | ||
|
|
60f5e36b7c | ||
|
|
c4e4258162 |
@@ -32,7 +32,7 @@ repositories:
|
||||
# Commit type to use if Semantic Commits are enabled (default: "chore")
|
||||
semanticCommitType: "chore"
|
||||
# Enable dependency dashboard
|
||||
dependencyDashboard: true
|
||||
dependencyDashboard: false
|
||||
# Include package files only within these defined paths
|
||||
includePaths:
|
||||
- "helmfile/environments/default/images.yaml.gotmpl"
|
||||
@@ -59,30 +59,47 @@ repositories:
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "openDesk" ]
|
||||
groupName: "Platform"
|
||||
groupSlug: "platform"
|
||||
branchTopic: "platform"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Collabora" ]
|
||||
groupName: "Collabora"
|
||||
groupSlug: "collabora"
|
||||
branchTopic: "collabora"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Element" ]
|
||||
groupName: "Element"
|
||||
groupSlug: "element"
|
||||
branchTopic: "element"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Nordeck" ]
|
||||
groupName: "Nordeck"
|
||||
groupSlug: "nordeck"
|
||||
branchTopic: "nordeck"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Open-Xchange" ]
|
||||
groupName: "Open-Xchange"
|
||||
groupSlug: "openxchange"
|
||||
branchTopic: "openxchang"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "OpenProject" ]
|
||||
groupName: "OpenProject"
|
||||
groupSlug: "openproject"
|
||||
branchTopic: "openproject"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "OpenProject" ]
|
||||
groupName: "OpenProject"
|
||||
matchDepTypes: [ "Nextcloud" ]
|
||||
groupName: "nextcloud"
|
||||
branchTopic: "nextcloud"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Univention" ]
|
||||
groupName: "Univention"
|
||||
groupSlug: "univention"
|
||||
branchTopic: "univention"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "XWiki" ]
|
||||
groupName: "XWiki"
|
||||
groupSlug: "xwiki"
|
||||
branchTopic: "xwiki"
|
||||
# Add merge request labels
|
||||
labels:
|
||||
- "renovate"
|
||||
|
||||
@@ -44,6 +44,10 @@ To enable the oD EE deployment you must set the environment variable `OPENDESK_E
|
||||
OPENDESK_ENTERPRISE=true
|
||||
```
|
||||
|
||||
> **Note**
|
||||
> Upgrading from oD CE to EE is currently not supported, especially due to the fact it requires a migration
|
||||
> from Dovecot 2.x (standard storage) to Dovecot Pro 3.x (S3).
|
||||
|
||||
# Configuring the oD EE deployment for self-hosted installations
|
||||
|
||||
## Registry access
|
||||
|
||||
13
README.md
13
README.md
@@ -13,6 +13,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Getting started](#getting-started)
|
||||
* [Advanced customization](#advanced-customization)
|
||||
* [Architecture](#architecture)
|
||||
* [Testing](#testing)
|
||||
* [Permissions](#permissions)
|
||||
* [Releases](#releases)
|
||||
* [Data Storage](#data-storage)
|
||||
@@ -39,9 +40,9 @@ openDesk currently features the following functional main components:
|
||||
| Groupware | OX App Suite | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Knowledge management | XWiki | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | [1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Project management | OpenProject | [15.2.1](https://www.openproject.org/docs/release-notes/15-2-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Project management | OpenProject | [15.3.0](https://www.openproject.org/docs/release-notes/15-3-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
| Weboffice | Collabora | [24.04.12.4](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
|
||||
While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
|
||||
align the applications with best practices regarding container design and operations.
|
||||
@@ -79,7 +80,11 @@ You would like to install openDesk in your own infrastructure?
|
||||
|
||||
# Architecture
|
||||
|
||||
More information on openDesk's architecture can be found in our [Architecture docs](./docs/architecture.md).
|
||||
More information on openDesk's architecture can be found in our [architecture docs](./docs/architecture.md).
|
||||
|
||||
# Testing
|
||||
|
||||
openDesk is continously tested to ensure a high quality. Read how we test in openDesk in our [test concept](./docs/testing.md).
|
||||
|
||||
# Permissions
|
||||
|
||||
@@ -125,4 +130,4 @@ This project uses the following license: Apache-2.0
|
||||
|
||||
# Copyright
|
||||
|
||||
Copyright (C) 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
Copyright (C) 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
|
||||
@@ -98,6 +98,8 @@ def clone_charts_locally(branch, charts):
|
||||
if os.path.isdir(chart_local_path):
|
||||
logging.debug(f"Found pre-existing {chart_local_path} skipping clone/pull, but will still reference chart in Helmfile...")
|
||||
charts_dict[chart] = chart_local_path
|
||||
git_url = options.git_hostname+':'+repository
|
||||
doublette_dict[git_url] = chart_local_path
|
||||
continue
|
||||
elif 'opendesk/components/platform-development/charts' in repository:
|
||||
logging.info("Cloning the charts repo")
|
||||
@@ -153,7 +155,7 @@ def process_the_helmfiles(charts_dict, charts):
|
||||
if '.Values.charts.'+chart_ident+'.name' in line:
|
||||
logging.debug(f"found match with {chart_ident} in {line.strip()}")
|
||||
line = charts_dict[chart_ident]
|
||||
if os.path.isdir(line+'/charts/'+chart_ident):
|
||||
if os.path.isdir(line+'/charts/'+charts['charts'][chart_ident]['name']):
|
||||
line += '/charts/'+charts['charts'][chart_ident]['name']
|
||||
elif not os.path.isdir(line):
|
||||
sys.exit(f"! Did not find directory to reference in Helmfile: '{line}'")
|
||||
|
||||
@@ -22,85 +22,99 @@ service.
|
||||
> **Note**<br>
|
||||
> openDesk supports PostgreSQL as alternative database backend for Nextcloud and XWiki. PostgreSQL is likely become the preferred option/default in the future and MariaDB might be deprecated at a later point requiring migrations[^1] if you do not select PostgreSQL for new installations.
|
||||
|
||||
| Component | Name | Parameter | Key | Default |
|
||||
| ---------------- | ------------------ | --------- | --------------------------------------------- | ---------------------------- |
|
||||
| Element | Synapse | | | |
|
||||
| | | Type | `databases.synapse.type` | `postgresql` |
|
||||
| | | Name | `databases.synapse.name` | `matrix` |
|
||||
| | | Host | `databases.synapse.host` | `postgresql` |
|
||||
| | | Port | `databases.synapse.port` | `5432` |
|
||||
| | | Username | `databases.synapse.username` | `matrix_user` |
|
||||
| | | Password | `databases.synapse.password` | |
|
||||
| Nubus | Guardian Mgmt API | | | |
|
||||
| | | Type | `databases.umsGuardianManagementApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsGuardianManagementApi.name` | `guardianmanagementapi` |
|
||||
| | | Host | `databases.umsGuardianManagementApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsGuardianManagementApi.port` | `5432` |
|
||||
| | | Username | `databases.umsGuardianManagementApi.username` | `guardianmanagementapi_user` |
|
||||
| | | Password | `databases.umsGuardianManagementApi.password` | |
|
||||
| | Keycloak | | | |
|
||||
| | | Type | `databases.keycloak.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloak.name` | `keycloak` |
|
||||
| | | Host | `databases.keycloak.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloak.port` | `5432` |
|
||||
| | | Username | `databases.keycloak.username` | `keycloak_user` |
|
||||
| | | Password | `databases.keycloak.password` | |
|
||||
| | Keycloak Extension | | | |
|
||||
| | | Type | `databases.keycloakExtension.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
|
||||
| | | Host | `databases.keycloakExtension.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloakExtension.port` | `5432` |
|
||||
| | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
|
||||
| | | Password | `databases.keycloakExtension.password` | |
|
||||
| | Notifications API | | | |
|
||||
| | | Type | `databases.umsNotificationsApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
|
||||
| | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsNotificationsApi.port` | `5432` |
|
||||
| | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
|
||||
| | | Password | `databases.umsNotificationsApi.password` | |
|
||||
| | Self Service | | | |
|
||||
| | | Type | `databases.umsSelfservice.type` | `postgresql` |
|
||||
| | | Name | `databases.umsSelfservice.name` | `selfservice` |
|
||||
| | | Host | `databases.umsSelfservice.host` | `postgresql` |
|
||||
| | | Port | `databases.umsSelfservice.port` | `5432` |
|
||||
| | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
|
||||
| | | Password | `databases.umsSelfservice.password` | |
|
||||
| Nextcloud | Nextcloud | | | |
|
||||
| | | Type | `databases.nextcloud.type` | `mariadb` |
|
||||
| | | Name | `databases.nextcloud.name` | `nextcloud` |
|
||||
| | | Host | `databases.nextcloud.host` | `mariadb` |
|
||||
| | | Port | `databases.nextcloud.port` | `3306` |
|
||||
| | | Username | `databases.nextcloud.username` | `nextcloud_user` |
|
||||
| | | Password | `databases.nextcloud.password` | |
|
||||
| Notes | Notes | | | |
|
||||
| | | Type | `databases.notes.type` | `postgresql` |
|
||||
| | | Name | `databases.notes.name` | `notes` |
|
||||
| | | Host | `databases.notes.host` | `postgresql` |
|
||||
| | | Port | `databases.notes.port` | `5432` |
|
||||
| | | Username | `databases.notes.username` | `notes_user` |
|
||||
| | | Password | `databases.notes.password` | |
|
||||
| OpenProject | OpenProject | | | |
|
||||
| | | Type | `databases.openproject.type` | `postgresql` |
|
||||
| | | Name | `databases.openproject.name` | `openproject` |
|
||||
| | | Host | `databases.openproject.host` | `postgresql` |
|
||||
| | | Port | `databases.openproject.port` | `5432` |
|
||||
| | | Username | `databases.openproject.username` | `openproject_user` |
|
||||
| | | Password | `databases.openproject.password` | |
|
||||
| OX App Suite[^2] | OX App Suite | | | |
|
||||
| | | Type | `databases.oxAppSuite.type` | `mariadb` |
|
||||
| | | Name | `databases.oxAppSuite.name` | `openxchange` |
|
||||
| | | Host | `databases.oxAppSuite.host` | `mariadb` |
|
||||
| | | Port | `databases.oxAppSuite.port` | `3306` |
|
||||
| | | Username | `databases.oxAppSuite.username` | `root` |
|
||||
| | | Password | `databases.oxAppSuite.password` | |
|
||||
| XWiki[^3] | XWiki | | | |
|
||||
| | | Type | `databases.xwiki.type` | `mariadb` |
|
||||
| | | Name | `databases.xwiki.name` | `xwiki` |
|
||||
| | | Host | `databases.xwiki.host` | `mariadb` |
|
||||
| | | Port | `databases.xwiki.port` | `3306` |
|
||||
| | | Username | `databases.xwiki.username` | `root` |
|
||||
| | | Password | `databases.xwiki.password` | |
|
||||
| Component | Name | Parameter | Key | Default |
|
||||
| ------------------ | ------------------ | --------- | --------------------------------------------- | ---------------------------- |
|
||||
| Element | Synapse | | | |
|
||||
| | | Type | `databases.synapse.type` | `postgresql` |
|
||||
| | | Name | `databases.synapse.name` | `matrix` |
|
||||
| | | Host | `databases.synapse.host` | `postgresql` |
|
||||
| | | Port | `databases.synapse.port` | `5432` |
|
||||
| | | Username | `databases.synapse.username` | `matrix_user` |
|
||||
| | | Password | `databases.synapse.password` | |
|
||||
| Nubus | Guardian Mgmt API | | | |
|
||||
| | | Type | `databases.umsGuardianManagementApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsGuardianManagementApi.name` | `guardianmanagementapi` |
|
||||
| | | Host | `databases.umsGuardianManagementApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsGuardianManagementApi.port` | `5432` |
|
||||
| | | Username | `databases.umsGuardianManagementApi.username` | `guardianmanagementapi_user` |
|
||||
| | | Password | `databases.umsGuardianManagementApi.password` | |
|
||||
| | Keycloak | | | |
|
||||
| | | Type | `databases.keycloak.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloak.name` | `keycloak` |
|
||||
| | | Host | `databases.keycloak.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloak.port` | `5432` |
|
||||
| | | Username | `databases.keycloak.username` | `keycloak_user` |
|
||||
| | | Password | `databases.keycloak.password` | |
|
||||
| | Keycloak Extension | | | |
|
||||
| | | Type | `databases.keycloakExtension.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
|
||||
| | | Host | `databases.keycloakExtension.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloakExtension.port` | `5432` |
|
||||
| | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
|
||||
| | | Password | `databases.keycloakExtension.password` | |
|
||||
| | Notifications API | | | |
|
||||
| | | Type | `databases.umsNotificationsApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
|
||||
| | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsNotificationsApi.port` | `5432` |
|
||||
| | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
|
||||
| | | Password | `databases.umsNotificationsApi.password` | |
|
||||
| | Self Service | | | |
|
||||
| | | Type | `databases.umsSelfservice.type` | `postgresql` |
|
||||
| | | Name | `databases.umsSelfservice.name` | `selfservice` |
|
||||
| | | Host | `databases.umsSelfservice.host` | `postgresql` |
|
||||
| | | Port | `databases.umsSelfservice.port` | `5432` |
|
||||
| | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
|
||||
| | | Password | `databases.umsSelfservice.password` | |
|
||||
| Nextcloud | Nextcloud | | | |
|
||||
| | | Type | `databases.nextcloud.type` | `mariadb` |
|
||||
| | | Name | `databases.nextcloud.name` | `nextcloud` |
|
||||
| | | Host | `databases.nextcloud.host` | `mariadb` |
|
||||
| | | Port | `databases.nextcloud.port` | `3306` |
|
||||
| | | Username | `databases.nextcloud.username` | `nextcloud_user` |
|
||||
| | | Password | `databases.nextcloud.password` | |
|
||||
| Notes | Notes | | | |
|
||||
| | | Type | `databases.notes.type` | `postgresql` |
|
||||
| | | Name | `databases.notes.name` | `notes` |
|
||||
| | | Host | `databases.notes.host` | `postgresql` |
|
||||
| | | Port | `databases.notes.port` | `5432` |
|
||||
| | | Username | `databases.notes.username` | `notes_user` |
|
||||
| | | Password | `databases.notes.password` | |
|
||||
| OpenProject | OpenProject | | | |
|
||||
| | | Type | `databases.openproject.type` | `postgresql` |
|
||||
| | | Name | `databases.openproject.name` | `openproject` |
|
||||
| | | Host | `databases.openproject.host` | `postgresql` |
|
||||
| | | Port | `databases.openproject.port` | `5432` |
|
||||
| | | Username | `databases.openproject.username` | `openproject_user` |
|
||||
| | | Password | `databases.openproject.password` | |
|
||||
| OX App Suite[^2] | OX App Suite | | | |
|
||||
| | | Type | `databases.oxAppSuite.type` | `mariadb` |
|
||||
| | | Name | `databases.oxAppSuite.name` | `openxchange` |
|
||||
| | | Host | `databases.oxAppSuite.host` | `mariadb` |
|
||||
| | | Port | `databases.oxAppSuite.port` | `3306` |
|
||||
| | | Username | `databases.oxAppSuite.username` | `root` |
|
||||
| | | Password | `databases.oxAppSuite.password` | |
|
||||
| OX Dovecot Pro[^3] | ACLs | | | |
|
||||
| | | Type | `databases.dovecotACL.type` | `cassandra` |
|
||||
| | | Name | `databases.dovecotACL.name` | `dovecot_acl` |
|
||||
| | | Host | `databases.dovecotACL.host` | `cassandra` |
|
||||
| | | Port | `databases.dovecotACL.port` | `9042` |
|
||||
| | | Username | `databases.dovecotACL.username` | `dovecot_acl_user` |
|
||||
| | | Password | `databases.dovecotACL.password` | |
|
||||
| | Dictmap | | | |
|
||||
| | | Type | `databases.dovecotDictmap.type` | `cassandra` |
|
||||
| | | Name | `databases.dovecotDictmap.name` | `dovecot_dictmap` |
|
||||
| | | Host | `databases.dovecotDictmap.host` | `cassandra` |
|
||||
| | | Port | `databases.dovecotDictmap.port` | `9042` |
|
||||
| | | Username | `databases.dovecotDictmap.username` | `dovecot_dictmap_user` |
|
||||
| | | Password | `databases.dovecotDictmap.password` | |
|
||||
| XWiki[^4] | XWiki | | | |
|
||||
| | | Type | `databases.xwiki.type` | `mariadb` |
|
||||
| | | Name | `databases.xwiki.name` | `xwiki` |
|
||||
| | | Host | `databases.xwiki.host` | `mariadb` |
|
||||
| | | Port | `databases.xwiki.port` | `3306` |
|
||||
| | | Username | `databases.xwiki.username` | `root` |
|
||||
| | | Password | `databases.xwiki.password` | |
|
||||
|
||||
# Object storage
|
||||
|
||||
@@ -149,4 +163,6 @@ service.
|
||||
|
||||
[^2] OX App Suite only supports MariaDB and requires root access, as it manages its databases itself.
|
||||
|
||||
[^3] XWiki requires root access when using MariaDB as sub-wikis are using separate databases that are managed by XWiki. When using PostgreSQL with XWiki no root user is required as the sub-wikis are managed within multiple schemes within a single database.
|
||||
[^3] openDesk Enterprise only.
|
||||
|
||||
[^4] XWiki requires root access when using MariaDB as sub-wikis are using separate databases that are managed by XWiki. When using PostgreSQL with XWiki no root user is required as the sub-wikis are managed within multiple schemes within a single database.
|
||||
|
||||
@@ -101,33 +101,34 @@ All available apps and their default value are in `helmfile/environments/default
|
||||
|
||||
| Component | Name | Default | Description |
|
||||
| -------------------- | --------------------------- | ------- | ------------------------------ |
|
||||
| Certificates | `certificates.enabled` | `true` | TLS certificates |
|
||||
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine |
|
||||
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine |
|
||||
| Collabora | `collabora.enabled` | `true` | Weboffice |
|
||||
| CryptPad | `cryptpad.enabled` | `true` | Weboffice |
|
||||
| dkimpy | `dkimpy.enabled` | `false` | Postfix milter for DKIM |
|
||||
| Dovecot | `dovecot.enabled` | `true` | Mail backend |
|
||||
| Element | `element.enabled` | `true` | Secure communications platform |
|
||||
| Home | `home.enabled` | `true` | Base domain portal redirect |
|
||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing |
|
||||
| MariaDB | `mariadb.enabled` | `true` | Database |
|
||||
| Memcached | `memcached.enabled` | `true` | Cache Database |
|
||||
| MinIO | `minio.enabled` | `true` | Object Storage |
|
||||
| Nextcloud | `nextcloud.enabled` | `true` | File share |
|
||||
| Nubus | `nubus.enabled` | `true` | Identity Management & Portal |
|
||||
| OpenProject | `openproject.enabled` | `true` | Project management |
|
||||
| OX App Suite | `oxAppSuite.enabled` | `true` | Groupware |
|
||||
| Postfix | `postfix.enabled` | `true` | MTA |
|
||||
| PostgreSQL | `postgresql.enabled` | `true` | Database |
|
||||
| Redis | `redis.enabled` | `true` | Cache Database |
|
||||
| XWiki | `xwiki.enabled` | `true` | Knowledge management |
|
||||
| Certificates | `apps.certificates.enabled` | `true` | TLS certificates |
|
||||
| ClamAV (Distributed) | `apps.clamavDistributed.enabled` | `false` | Antivirus engine |
|
||||
| ClamAV (Simple) | `apps.clamavSimple.enabled` | `true` | Antivirus engine |
|
||||
| Collabora | `apps.collabora.enabled` | `true` | Weboffice |
|
||||
| CryptPad | `apps.cryptpad.enabled` | `true` | Weboffice |
|
||||
| dkimpy | `apps.dkimpy.enabled` | `false` | Postfix milter for DKIM |
|
||||
| Dovecot | `apps.dovecot.enabled` | `true` | Mail backend |
|
||||
| Element | `apps.element.enabled` | `true` | Secure communications platform |
|
||||
| Home | `apps.home.enabled` | `true` | Base domain portal redirect |
|
||||
| Jitsi | `apps.jitsi.enabled` | `true` | Videoconferencing |
|
||||
| MariaDB | `apps.mariadb.enabled` | `true` | Database |
|
||||
| Memcached | `apps.memcached.enabled` | `true` | Cache Database |
|
||||
| MinIO | `apps.minio.enabled` | `true` | Object Storage |
|
||||
| Nextcloud | `apps.nextcloud.enabled` | `true` | File share |
|
||||
| Nubus | `apps.nubus.enabled` | `true` | Identity Management & Portal |
|
||||
| OpenProject | `apps.openproject.enabled` | `true` | Project management |
|
||||
| OX App Suite | `apps.oxAppSuite.enabled` | `true` | Groupware |
|
||||
| Postfix | `apps.postfix.enabled` | `true` | MTA |
|
||||
| PostgreSQL | `apps.postgresql.enabled` | `true` | Database |
|
||||
| Redis | `apps.redis.enabled` | `true` | Cache Database |
|
||||
| XWiki | `apps.xwiki.enabled` | `true` | Knowledge management |
|
||||
|
||||
Exemplary, Jitsi can be disabled like:
|
||||
|
||||
```yaml
|
||||
jitsi:
|
||||
enabled: false
|
||||
apps:
|
||||
jitsi:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
## Private registries
|
||||
@@ -304,8 +305,10 @@ Enabling DKIM signing of emails helps to reduce spam and increases trust.
|
||||
openDesk ships dkimpy-milter as Postfix milter for signing emails.
|
||||
|
||||
```yaml
|
||||
dkimpy:
|
||||
enable: true
|
||||
apps:
|
||||
dkimpy:
|
||||
enabled: true
|
||||
smtp:
|
||||
dkim:
|
||||
key:
|
||||
value: "HzZs08QF1O7UiAkcM9T3U7rePPECtSFvWZIvyKqdg8E="
|
||||
@@ -337,8 +340,9 @@ secret named `opendesk-certificates-tls` must be present in the application name
|
||||
turn off `Certificate` resource creation by:
|
||||
|
||||
```yaml
|
||||
certificates:
|
||||
enabled: false
|
||||
apps:
|
||||
certificates:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
If you want to leverage the `cert-manager.io` to handle certificates, like `Let's encrypt`, you need to provide the
|
||||
|
||||
@@ -16,6 +16,7 @@ This section covers the internal system requirements and external service requir
|
||||
* [Certificate management](#certificate-management)
|
||||
* [External services](#external-services)
|
||||
* [Deployment](#deployment)
|
||||
* [Footnotes](#footnotes)
|
||||
<!-- TOC -->
|
||||
|
||||
# tl;dr
|
||||
@@ -31,6 +32,7 @@ openDesk is a Kubernetes-only solution and requires an existing Kubernetes (K8s)
|
||||
- [HelmDiff](https://github.com/databus23/helm-diff) >= 3.6.0
|
||||
- Volume provisioner supporting RWO (read-write-once)
|
||||
- Certificate handling with [cert-manager](https://cert-manager.io/)
|
||||
- [OpenKruise](https://openkruise.io/)[^1] >= 1.6
|
||||
|
||||
# Hardware
|
||||
|
||||
@@ -85,19 +87,20 @@ For the development and evaluation of openDesk, we bundle some services. Be awar
|
||||
deployments, you need to make use of your own production-grade services; see the
|
||||
[external-services.md](./external-services.md) for configuration details.
|
||||
|
||||
| Group | Type | Version | Tested against |
|
||||
| Group | Type | Version | Tested against |
|
||||
| -------- | ------------------- | ------- | --------------------- |
|
||||
| Cache | Memcached | `1.6.x` | Memcached |
|
||||
| | Redis | `7.x.x` | Redis |
|
||||
| Database | MariaDB | `10.x` | MariaDB |
|
||||
| | PostgreSQL | `15.x` | PostgreSQL |
|
||||
| Mail | Mail Transfer Agent | | Postfix |
|
||||
| | PKI/CI (S/MIME) | | |
|
||||
| Security | AntiVirus/ICAP | | ClamAV |
|
||||
| Storage | K8s ReadWriteOnce | | Ceph / Cloud specific |
|
||||
| | K8s ReadWriteMany | | Ceph / NFS |
|
||||
| | Object Storage | | MinIO |
|
||||
| Voice | TURN | | Coturn |
|
||||
| Cache | Memcached | `1.6.x` | Memcached |
|
||||
| | Redis | `7.x.x` | Redis |
|
||||
| Database | Cassandra[^1] | `5.0.x` | Cassandra |
|
||||
| | MariaDB | `10.x` | MariaDB |
|
||||
| | PostgreSQL | `15.x` | PostgreSQL |
|
||||
| Mail | Mail Transfer Agent | | Postfix |
|
||||
| | PKI/CI (S/MIME) | | |
|
||||
| Security | AntiVirus/ICAP | | ClamAV |
|
||||
| Storage | K8s ReadWriteOnce | | Ceph / Cloud specific |
|
||||
| | K8s ReadWriteMany | | Ceph / NFS |
|
||||
| | Object Storage | | MinIO |
|
||||
| Voice | TURN | | Coturn |
|
||||
|
||||
# Deployment
|
||||
|
||||
@@ -105,3 +108,7 @@ The deployment of each component is [Helm](https://helm.sh/) based. The 35+ Helm
|
||||
templated via [Helmfile](https://helmfile.readthedocs.io/en/latest/) to provide a streamlined deployment experience.
|
||||
|
||||
Helmfile requires [HelmDiff](https://github.com/databus23/helm-diff) to compare the desired against the deployed state.
|
||||
|
||||
# Footnotes
|
||||
|
||||
[^1]: Required for Dovecot Pro as part of openDesk Enterprise Edition.
|
||||
|
||||
141
docs/testing.md
Normal file
141
docs/testing.md
Normal file
@@ -0,0 +1,141 @@
|
||||
<!--
|
||||
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
<h1>Testing</h1>
|
||||
|
||||
<!-- TOC -->
|
||||
* [Overview](#overview)
|
||||
* [Test concept](#test-concept)
|
||||
* [Rely on upstream applications QA](#rely-on-upstream-applications-qa)
|
||||
* [Run minimal functional QA (end-to-end tests)](#run-minimal-functional-qa-end-to-end-tests)
|
||||
* [Run extensive load- and performance tests](#run-extensive-load--and-performance-tests)
|
||||
* [Base performance testing](#base-performance-testing)
|
||||
* [Load testing to saturation point](#load-testing-to-saturation-point)
|
||||
* [Load testing up to a defined user count](#load-testing-up-to-a-defined-user-count)
|
||||
* [Overload/recovery tests](#overloadrecovery-tests)
|
||||
* [Reporting and test results](#reporting-and-test-results)
|
||||
* [Allure TestOps](#allure-testops)
|
||||
<!-- TOC -->
|
||||
|
||||
# Overview
|
||||
|
||||
The following section provides an overview of the testing approach adopted to ensure the quality and reliability of openDesk. This concept balances leveraging existing quality assurance (QA) processes with targeted testing efforts tailored to the specific needs of openDesk. The outlined strategy focuses on three key areas:
|
||||
|
||||
1. Relying on application QA: Utilizing the existing QA processes of the applications to ensure baseline functionality and quality standards.
|
||||
2. Minimal functional QA: Executing end-to-end tests to validate critical workflows and ensure that key functionalities operate as expected.
|
||||
3. Extensive load and performance testing: Conducting comprehensive load and performance tests to assess openDesk's scalability and response under varying usage conditions.
|
||||
|
||||
These efforts are designed to complement each other, minimizing redundancy while ensuring robust testing coverage.
|
||||
|
||||
# Test concept
|
||||
|
||||
## Rely on upstream applications QA
|
||||
|
||||
openDesk contains applications from different suppliers, as a general approach, we rely on the testing
|
||||
conducted by these suppliers for their respective applications.
|
||||
|
||||
We review the supplier's QA measures on a regular basis, to ensure a reliable and sufficient QA of the underlying applications.
|
||||
|
||||
We receive the release notes early before a new application release is integrated into openDesk, so
|
||||
we are able to check the existence of a sufficient set of test scases.
|
||||
The suppliers create a set of test cases for each new functionality.
|
||||
|
||||
## Run minimal functional QA (end-to-end tests)
|
||||
|
||||
To ensure the functioning of all applications, we run a minimal set of testcases to check the
|
||||
basic functionality of openDesk and all integrated applications.
|
||||
|
||||
Furthermore, we analyze all features/usecases which are implemented by a set of more than one
|
||||
applications.
|
||||
All these features are not testable naturally by the suppliers, so we develop testcases
|
||||
for such features.
|
||||
|
||||
The openDesk application owners prioritize then this list of end-to-end-testcases, and we
|
||||
implement these testcases in the [test automation framework](https://gitlab.opencode.de/bmi/opendesk/deployment/e2e-tests).
|
||||
|
||||
## Run extensive load- and performance tests
|
||||
|
||||
We want to deliver openDesk as an application-grade software with the ability to serve a large user base.
|
||||
|
||||
We create and perform extensive load- and performance tests for every release of openDesk.
|
||||
|
||||
Our approach consists of different layers of load testing.
|
||||
|
||||
### Base performance testing
|
||||
|
||||
For these tests we define a set of "normal", not too complicated user-interactions with openDesk.
|
||||
|
||||
For each testcase in this set, we measure the duration of the whole testcase (and steps inside the
|
||||
testcase) on a given, unloaded environment, installed with a predefined setup and openDesk release.
|
||||
|
||||
As a result, we receive the total runtime of one iteration of the given testcase, the runtime of each
|
||||
step inside the testcase, the error rate and min/max/median runtimes.
|
||||
|
||||
Most importantly, the environment should not be used by other users or background tasks, so it should
|
||||
be an environment being mostly in idle state.
|
||||
|
||||
The results can be compared with the results of the previous release, so we can see if changes
|
||||
in software components improve or decrease the performance of a testcase.
|
||||
|
||||
### Load testing to saturation point
|
||||
|
||||
These tests are performed to ensure the correct processing and user interactions even in
|
||||
high-load scenarios.
|
||||
|
||||
We use the same test cases as in the base performance tests.
|
||||
|
||||
Now we measure the duration on a well-defined environment while the system is being used
|
||||
by a predefined number of test users in parallel. This number will be scaled up.
|
||||
|
||||
Our goal is to see constant runtimes of each testcase iteration, while the total throughput
|
||||
of requests increases consistently with the number of users in parallel usage of the system.
|
||||
|
||||
At a distinct point, a further increase of the number of users leads to no more increase of the
|
||||
total throughput, but instead leads to an increase in the runtime of each testcase iteration.
|
||||
|
||||
This point, the saturation point, is the load limit of the environment. Up to this point the
|
||||
environment and the installed software packages can handle the load. More load over this point
|
||||
leads to increased response times and increased error rates.
|
||||
|
||||
### Load testing up to a defined user count
|
||||
|
||||
For interested partners, that are looking into large scale openDesk deployments,
|
||||
we offer a load testing analysis based on defined scenarios to be discussed together with the partner in a workshop.
|
||||
|
||||
This way, we can help to decide on the appropriate sizing for the planned openDesk usage scenario.
|
||||
|
||||
### Overload/recovery tests
|
||||
|
||||
If necessary, we perform overload tests, which will saturate the system with multiple
|
||||
test cases until no further increase in throughput is visible. Then we add even more load
|
||||
until the first HTTP requests run into timeouts or errors.
|
||||
After a few minutes, we reduce the load below the saturation point.
|
||||
Now we can check if the system is able to recover from the overload status.
|
||||
|
||||
# Reporting and test results
|
||||
|
||||
We perform testruns every night on every of our environments.
|
||||
|
||||
For each environment, we define so called profiles, these contains the features enabled
|
||||
per environment.
|
||||
|
||||
For example: Testing the email features in an environment without deployment of Open-Xchange makes no sense at all.
|
||||
|
||||
Also we test the whole system via a browser with `language=DE` and another browser with `language=EN`.
|
||||
|
||||
The test results will be saved in an [Allure TestOps](https://qameta.io/) server, so interested persons
|
||||
are able to view the test results in detail.
|
||||
|
||||
## Allure TestOps
|
||||
|
||||
The Allure TestOps [server](https://testops.opendesk.run/) is currently only accessible to project members.
|
||||
|
||||
The relevant project is called *opendesk*.
|
||||
|
||||
To get an overview, click in the left symbol list onto the symbol "Rocket" to
|
||||
check all relevant launches.
|
||||
|
||||
Now you can, e.g., see the launch #1733, and directly check for the success
|
||||
of this launch.
|
||||
@@ -143,13 +143,16 @@ As a standard, the openDesk platform development team uses [reuse.software](http
|
||||
|
||||
openDesk uses Apache 2.0 as the license for their work. A typical reuse copyright and license header looks like this:
|
||||
```
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
```
|
||||
The way to mark the license header as a comment differs between the various file types. Please find matching examples for all types across the [deployment automation repository](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace).
|
||||
|
||||
> **Note**<br>
|
||||
> If an `SPDX-FileCopyrightText` already exists, do not replace but add an additional line based on the above example.
|
||||
> If a `SPDX-FileCopyrightText` already exists with the copyright owner described above but with an past year (e.g. 2024), please update this copyright header line to cover (up to and including) the current year, e.g. `2024-2025`.
|
||||
|
||||
> **Note**<br>
|
||||
> If line(s) with `SPDX-FileCopyrightText` containing a different copyright owner exist in the file you are working on, do not replace existing one(s) but add an additional header above these.
|
||||
|
||||
## Development workflow
|
||||
|
||||
|
||||
@@ -208,6 +208,8 @@ extraVolumeMounts:
|
||||
|
||||
federation:
|
||||
enabled: {{ .Values.functional.externalServices.matrix.federation.enabled }}
|
||||
domainAllowList:
|
||||
{{ .Values.functional.externalServices.matrix.federation.domainAllowList | toYaml | nindent 4 }}
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.synapseFederation }}.{{ .Values.global.domain }}"
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
|
||||
@@ -28,6 +28,15 @@ repositories:
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.opendeskKeycloakBootstrap.registry }}/{{ .Values.charts.opendeskKeycloakBootstrap.repository }}"
|
||||
# openDesk 2FA Helpdesk Chart
|
||||
- name: "opendesk-2fa-helpdesk-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.opendesk2FAHelpdesk.verify }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
# url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.opendesk2FAHelpdesk.registry }}/{{ .Values.charts.opendesk2FAHelpdesk.repository }}"
|
||||
url: "{{ .Values.charts.opendesk2FAHelpdesk.registry }}/{{ .Values.charts.opendesk2FAHelpdesk.repository }}"
|
||||
# NGINX S3 Gateway Chart
|
||||
- name: "nginx-s3-gateway-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
@@ -74,6 +83,18 @@ releases:
|
||||
installed: {{ .Values.apps.nubus.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# openDesk 2FA Helpdesk Chart
|
||||
- name: "opendesk-2fa-helpdesk-backend"
|
||||
chart: "opendesk-2fa-helpdesk-repo/{{ .Values.charts.opendesk2FAHelpdesk.name }}"
|
||||
version: "{{ .Values.charts.opendesk2FAHelpdesk.version }}"
|
||||
values:
|
||||
- "values-opendesk-2fa-helpdesk.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.opendesk2FAHelpdesk}}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.nubus.enabled }}
|
||||
timeout: 900
|
||||
|
||||
# NGINX S3 Gateway (when cluster minio is not used)
|
||||
- name: "nubus"
|
||||
chart: "nginx-s3-gateway-repo/{{ .Values.charts.nginxS3Gateway.name }}"
|
||||
|
||||
@@ -105,7 +105,7 @@ global:
|
||||
show: "false"
|
||||
login:
|
||||
password-complexity-message:
|
||||
de: "Das Passwort muss mindestens 8 Zeichen lang sein und darf keine Zahlenabfolge oder ganze Worte enthalten, wie '1234Test'."
|
||||
de: "Das Passwort muss mindestens 8 Zeichen lang sein und darf keine Zahlenabfolge oder ganze Worte enthalten, wie '1234Test'."
|
||||
en: "Password must be at least 8 characters long and cannot include a number series or regular words, like '1234Test'."
|
||||
module:
|
||||
udm:
|
||||
@@ -826,7 +826,8 @@ nubusLdapServer:
|
||||
replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }}
|
||||
replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }}
|
||||
replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }}
|
||||
resources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
resourcesPrimary: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
resourcesSecondary: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
serviceAccount:
|
||||
create: true
|
||||
waitForDependency:
|
||||
@@ -1113,6 +1114,7 @@ nubusStackDataUms:
|
||||
templateContext:
|
||||
initialPasswordAdministrator: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote }}
|
||||
apps: {{ .Values.apps | toYaml | nindent 6 }}
|
||||
defaultGroupOtherObjects: "cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
opendeskEnterprise: {{ env "OPENDESK_ENTERPRISE" }}
|
||||
opendeskAdminAttributes: true
|
||||
opendeskGroupAttributes: true
|
||||
@@ -1132,6 +1134,7 @@ nubusStackDataUms:
|
||||
portalLinkLegalNotice: {{ .Values.functional.portal.linkLegalNotice }}
|
||||
portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }}
|
||||
oxDefaultContext: "1"
|
||||
oxContextHidden: true
|
||||
ldapSearchUsers:
|
||||
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
||||
@@ -1140,29 +1143,29 @@ nubusStackDataUms:
|
||||
{{- end }}
|
||||
ldapSystemUsers: []
|
||||
portaltileGroupUserStandard:
|
||||
- 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupUserAdmin:
|
||||
- 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- 'cn=Support,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
- "cn=Support,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupUserAll:
|
||||
- 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
- "cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupGroupware:
|
||||
- 'cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupFileshare:
|
||||
- 'cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupManagementProject:
|
||||
- 'cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupManagementKnowledge:
|
||||
- 'cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupManagementLearn:
|
||||
- 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupLiveCollaboration:
|
||||
- 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupVideoconference:
|
||||
- 'cn=managed-by-attribute-Videoconference,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Videoconference,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupNotes:
|
||||
- 'cn=managed-by-attribute-Notes,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Notes,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
systemInformation:
|
||||
releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}{{ if eq (env "OPENDESK_ENTERPRISE") "true" }}-ee{{ end }}"
|
||||
{{- if .Values.functional.admin.portal.deploymentTimestamp.enabled }}
|
||||
@@ -1333,8 +1336,6 @@ nubusUmcGateway:
|
||||
replicaCount: {{ .Values.replicas.umsUmcGateway }}
|
||||
resources:
|
||||
{{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
|
||||
umcGateway:
|
||||
umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}"
|
||||
|
||||
nubusKeycloakBootstrap:
|
||||
additionalAnnotations:
|
||||
|
||||
770
helmfile/apps/nubus/values-opendesk-2fa-helpdesk.yaml.gotmpl
Normal file
770
helmfile/apps/nubus/values-opendesk-2fa-helpdesk.yaml.gotmpl
Normal file
@@ -0,0 +1,770 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.opendesk2FAHelpdesk.registry | quote }}
|
||||
repository: {{ .Values.images.opendesk2FAHelpdesk.repository | quote }}
|
||||
tag: {{ .Values.images.opendesk2FAHelpdesk.tag | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
clientAccessRestrictions:
|
||||
{{- if .Values.apps.element.enabled }}
|
||||
matrix:
|
||||
client: "opendesk-matrix"
|
||||
scope: "opendesk-matrix-scope"
|
||||
role: "opendesk-matrix-access-control"
|
||||
group: "managed-by-attribute-Livecollaboration"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.jitsi.enabled }}
|
||||
jitsi:
|
||||
client: "opendesk-jitsi"
|
||||
scope: "opendesk-jitsi-scope"
|
||||
role: "opendesk-jitsi-access-control"
|
||||
group: "managed-by-attribute-Videoconference"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.xwiki.enabled }}
|
||||
xwiki:
|
||||
client: "opendesk-xwiki"
|
||||
scope: "opendesk-xwiki-scope"
|
||||
role: "opendesk-xwiki-access-control"
|
||||
group: "managed-by-attribute-Knowledgemanagement"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.openproject.enabled }}
|
||||
openproject:
|
||||
client: "opendesk-openproject"
|
||||
scope: "opendesk-openproject-scope"
|
||||
role: "opendesk-openproject-access-control"
|
||||
group: "managed-by-attribute-Projectmanagement"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.nextcloud.enabled }}
|
||||
nextcloud:
|
||||
client: "opendesk-nextcloud"
|
||||
scope: "opendesk-nextcloud-scope"
|
||||
role: "opendesk-nextcloud-access-control"
|
||||
group: "managed-by-attribute-Fileshare"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.oxAppSuite.enabled }}
|
||||
oxAppSuite:
|
||||
client: "opendesk-oxappsuite"
|
||||
scope: "opendesk-oxappsuite-scope"
|
||||
role: "opendesk-oxappsuite-access-control"
|
||||
group: "managed-by-attribute-Groupware"
|
||||
dovecot:
|
||||
client: "opendesk-dovecot"
|
||||
scope: "opendesk-dovecot-scope"
|
||||
role: "opendesk-dovecot-access-control"
|
||||
group: "managed-by-attribute-Groupware"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.notes.enabled }}
|
||||
notes:
|
||||
client: "opendesk-notes"
|
||||
scope: "opendesk-notes-scope"
|
||||
role: "opendesk-notes-access-control"
|
||||
group: "managed-by-attribute-Notes"
|
||||
{{- end }}
|
||||
|
||||
custom:
|
||||
clientScopes:
|
||||
{{ .Values.functional.authentication.oidc.clientScopes | toYaml | nindent 6 }}
|
||||
clients:
|
||||
{{ .Values.functional.authentication.oidc.clients | toYaml | nindent 6 }}
|
||||
managed:
|
||||
clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list',
|
||||
'offline_access', 'roles', 'address', 'phone' ]
|
||||
clients: [ 'guardian-management-api', 'guardian-scripts', 'guardian-ui', 'UMC', '${client_account}',
|
||||
'${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}',
|
||||
'${client_security-admin-console}' ]
|
||||
# keycloak:
|
||||
# adminUser: "kcadmin"
|
||||
# adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
# realm: {{ .Values.platform.realm | quote }}
|
||||
# intraCluster:
|
||||
# enabled: true
|
||||
# internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
|
||||
# twoFactorSettings:
|
||||
# additionalGroups: {{ .Values.functional.authentication.twoFactor.groups }}
|
||||
# precreateGroups: [ 'Domain Admins', 'Domain Users', '2fa-users', 'IAM API - Full Access',
|
||||
# {{ if .Values.apps.nextcloud.enabled }}'managed-by-attribute-Fileshare', 'managed-by-attribute-FileshareAdmin',{{ end }}
|
||||
# {{ if .Values.apps.xwiki.enabled }}'managed-by-attribute-Knowledgemanagement', 'managed-by-attribute-KnowledgemanagementAdmin',{{ end }}
|
||||
# {{ if .Values.apps.element.enabled }}'managed-by-attribute-Livecollaboration', 'managed-by-attribute-LivecollaborationAdmin',{{ end }}
|
||||
# {{ if .Values.apps.openproject.enabled }}'managed-by-attribute-Projectmanagement', 'managed-by-attribute-ProjectmanagementAdmin',{{ end }}
|
||||
# {{ if .Values.apps.jitsi.enabled }}'managed-by-attribute-Videoconference',{{ end }}
|
||||
# {{ if .Values.apps.oxAppSuite.enabled }}'managed-by-attribute-Groupware',{{ end }}
|
||||
# {{ if .Values.apps.notes.enabled }}'managed-by-attribute-Notes',{{ end }}
|
||||
# ]
|
||||
|
||||
opendesk:
|
||||
# We use client specific scopes as we bind them to Keycloak role membership which itself is linked
|
||||
# to LDAP group membership to ensure a user cannot access an application without the required
|
||||
# group membership.
|
||||
clientScopes:
|
||||
- name: "read_contacts"
|
||||
protocol: "openid-connect"
|
||||
- name: "write_contacts"
|
||||
protocol: "openid-connect"
|
||||
{{ if .Values.apps.openproject.enabled }}
|
||||
- name: "opendesk-openproject-scope"
|
||||
description: "Scope for the claims required by openDesk's OpenProject instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "opendeskProjectmanagementAdmin"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "opendeskProjectmanagementAdmin"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "openproject_admin"
|
||||
jsonType.label: "String"
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
- name: "given name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "firstName"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "given_name"
|
||||
jsonType.label: "String"
|
||||
- name: "family name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "lastName"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "family_name"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.jitsi.enabled }}
|
||||
- name: "opendesk-jitsi-scope"
|
||||
description: "Scope for the claims required by openDesk's Jitsi instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "full name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-full-name-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
id.token.claim: true
|
||||
introspection.token.claim: true
|
||||
access.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.nextcloud.enabled }}
|
||||
- name: "opendesk-nextcloud-scope"
|
||||
description: "Scope for the claims required by openDesk's Nextcloud instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
- name: "context"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "oxContextIDNum"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "context"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.element.enabled }}
|
||||
- name: "opendesk-matrix-scope"
|
||||
description: "Scope for the claims required by openDesk's Matrix instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "full name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-full-name-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
id.token.claim: true
|
||||
introspection.token.claim: true
|
||||
access.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.xwiki.enabled }}
|
||||
- name: "opendesk-xwiki-scope"
|
||||
description: "Scope for the claims required by openDesk's XWiki instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "full name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-full-name-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
id.token.claim: true
|
||||
introspection.token.claim: true
|
||||
access.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.oxAppSuite.enabled }}
|
||||
- name: "opendesk-dovecot-scope"
|
||||
description: "Scope for the claims required by openDesk's Dovecot instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk-oxappsuite-scope"
|
||||
description: "Scope for the claims required by openDesk's OX Appuite instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "context"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "oxContextIDNum"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "context"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.notes.enabled }}
|
||||
- name: "opendesk-notes-scope"
|
||||
description: "Scope for the claims required by openDesk's Notes instance."
|
||||
protocol: "openid-connect"
|
||||
protocolMappers:
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
- name: "given name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "firstName"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "given_name"
|
||||
jsonType.label: "String"
|
||||
- name: "family name"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
introspection.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "lastName"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "family_name"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
clients:
|
||||
- name: "opendesk-intercom"
|
||||
clientId: "opendesk-intercom"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.revoke.offline.tokens: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
|
||||
protocolMappers:
|
||||
- name: "intercom-audience"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "opendesk-intercom"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
- name: "opendesk_username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
- name: "opendesk_useruuid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_useruuid"
|
||||
jsonType.label: "String"
|
||||
defaultClientScopes:
|
||||
- "offline_access"
|
||||
{{ if .Values.apps.notes.enabled }}
|
||||
- name: "opendesk-notes"
|
||||
clientId: "opendesk-notes"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/api/v1.0/callback/"
|
||||
standardFlowEnabled: true
|
||||
implicitFlowEnabled: false
|
||||
alwaysDisplayInConsole: false
|
||||
bearerOnly: false
|
||||
directAccessGrantsEnabled: true
|
||||
serviceAccountsEnabled: false
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
surrogateAuthRequired: false
|
||||
attributes:
|
||||
backchannel.logout.revoke.offline.tokens: false
|
||||
backchannel.logout.session.required: false
|
||||
client.introspection.response.allow.jwt.claim.enabled: false
|
||||
client.use.lightweight.access.token.enabled: false
|
||||
client_credentials.use_refresh_token: false
|
||||
display.on.consent.screen: false
|
||||
oauth2.device.authorization.grant.enabled: false
|
||||
oidc.ciba.grant.enabled: false
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}/*"
|
||||
require.pushed.authorization.requests: false
|
||||
tls.client.certificate.bound.access.tokens: false
|
||||
token.response.type.bearer.lower-case: false
|
||||
use.jwks.url: false
|
||||
use.refresh.tokens: false
|
||||
# it is probably not even required to set this value explicitly.
|
||||
user.info.response.signature.alg: "RS256"
|
||||
defaultClientScopes:
|
||||
- "opendesk-notes-scope"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.oxAppSuite.enabled }}
|
||||
- name: "opendesk-dovecot"
|
||||
clientId: "opendesk-dovecot"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.dovecot | quote }}
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: false
|
||||
defaultClientScopes:
|
||||
- "opendesk-dovecot-scope"
|
||||
- name: "opendesk-oxappsuite"
|
||||
clientId: "opendesk-oxappsuite"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout"
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-oxappsuite-scope"
|
||||
- "read_contacts"
|
||||
- "write_contacts"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.jitsi.enabled }}
|
||||
- name: "opendesk-jitsi"
|
||||
clientId: "opendesk-jitsi"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}/*"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: true
|
||||
fullScopeAllowed: true
|
||||
authorizationServicesEnabled: false
|
||||
defaultClientScopes:
|
||||
- "opendesk-jitsi-scope"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.element.enabled }}
|
||||
- name: "opendesk-matrix"
|
||||
clientId: "opendesk-matrix"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
standardFlowEnabled: true
|
||||
directAccessGrantsEnabled: true
|
||||
serviceAccountsEnabled: true
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/_synapse/client/oidc/backchannel_logout"
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-matrix-scope"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.nextcloud.enabled }}
|
||||
- name: "opendesk-nextcloud"
|
||||
clientId: "opendesk-nextcloud"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/user_oidc/backchannel-logout/opendesk"
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-nextcloud-scope"
|
||||
- "read_contacts"
|
||||
- "write_contacts"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.openproject.enabled }}
|
||||
- name: "opendesk-openproject"
|
||||
clientId: "opendesk-openproject"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
serviceAccountsEnabled: true
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/auth/keycloak/backchannel-logout"
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-openproject-scope"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.xwiki.enabled }}
|
||||
- name: "opendesk-xwiki"
|
||||
clientId: "opendesk-xwiki"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: false
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/oidc/authenticator/backchannel_logout"
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-xwiki-scope"
|
||||
{{ end }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.opendesk2FAHelpdesk | toYaml | nindent 4 }}
|
||||
|
||||
additionalAnnotations:
|
||||
argocd.argoproj.io/hook: "Sync"
|
||||
argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
|
||||
|
||||
podAnnotations:
|
||||
intents.otterize.com/service-name: "ums-keycloak-bootstrap"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.opendesk2FAHelpdesk | toYaml | nindent 2 }}
|
||||
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
extraVolumes:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
secret:
|
||||
secretName: "opendesk-certificates-ca-tls"
|
||||
items:
|
||||
- key: "ca.crt"
|
||||
path: "ca-certificates.crt"
|
||||
extraVolumeMounts:
|
||||
- name: "trusted-cert-secret-volume"
|
||||
mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
||||
subPath: "ca-certificates.crt"
|
||||
{{- end }}
|
||||
|
||||
...
|
||||
@@ -39,7 +39,7 @@ dbInit:
|
||||
|
||||
environment:
|
||||
{{- if and (eq (env "OPENDESK_ENTERPRISE") "true") .Values.enterpriseKeys.openproject.token }}
|
||||
OPENPROJECT_ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
|
||||
OPENPROJECT_SEED__ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
|
||||
{{- end }}
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
@@ -88,6 +88,16 @@ environment:
|
||||
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
OPENPROJECT_SEED_DESIGN_PRIMARY__BUTTON__COLOR: {{ .Values.theme.colors.primary | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_ACCENT__COLOR: {{ .Values.theme.colors.primary | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_HEADER__BG__COLOR: {{ .Values.theme.colors.white | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_HEADER__ITEM__BG__HOVER__COLOR: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_MAIN__MENU__BG__COLOR: {{ .Values.theme.colors.white | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_MAIN__MENU__BG__SELECTED__BACKGROUND: {{ .Values.theme.colors.primary | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_MAIN__MENU__BG__HOVER__BACKGROUND: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_LOGO: "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvgB64 }}"
|
||||
OPENPROJECT_SEED_DESIGN_FAVICON: "data:image/svg+xml;base64,{{ .Values.theme.imagery.projects.faviconSvg }}"
|
||||
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
SSL_CERT_FILE: "/etc/ssl/certs/ca-certificates.crt"
|
||||
{{- end }}
|
||||
|
||||
@@ -5,7 +5,7 @@ images:
|
||||
collabora:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
tag: "24.04.9.4.2@sha256:7c38f2568855ec33c11296d65384766230ea3097a245a60b9e8b0b62cb9cc17f"
|
||||
tag: "24.04.12.4.1@sha256:af4d4d0e743c71f7995e81cb081d0e1db79d016b0c50169480096f70b4b42f85"
|
||||
dovecot:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
|
||||
@@ -13,7 +13,7 @@ images:
|
||||
nextcloud:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
|
||||
tag: "1.1.2@sha256:64f08ff9c9481e67b41bdcc70aeb278b6beba061ba1c989ba96cc471ff46dd9c"
|
||||
tag: "1.1.3@sha256:53d1abb1132569ef81c235da2397d156aa8b3b9c6567806cdf4dc7f247ba05e0"
|
||||
openxchangeCoreMW:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/core-mw"
|
||||
|
||||
@@ -5,7 +5,7 @@ resources:
|
||||
collabora:
|
||||
# When using CollaboraController for autoscaling, `targetMemoryUtilizationPercentage` and
|
||||
# `targetCPUUtilizationPercentage` defined at `enterpriseFeatures.collabora.autoscaling`
|
||||
# are checked against the values defined below under `requests`, so please ensure you set these
|
||||
# are checked against the `requests` values defined, so please ensure you set these
|
||||
# appropriately to avoid unnecessary scaling.
|
||||
requests:
|
||||
cpu: 3
|
||||
|
||||
@@ -65,7 +65,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
|
||||
name: "cool-controller"
|
||||
version: "1.1.1"
|
||||
version: "1.1.2"
|
||||
verify: false
|
||||
cryptpad:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -109,7 +109,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-element"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
elementWellKnown:
|
||||
# providerCategory: "Platform"
|
||||
@@ -119,7 +119,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-well-known"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
home:
|
||||
# providerCategory: "Platform"
|
||||
@@ -141,7 +141,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "intercom-service"
|
||||
version: "2.7.3"
|
||||
version: "2.10.3"
|
||||
verify: true
|
||||
jitsi:
|
||||
# providerCategory: "Platform"
|
||||
@@ -211,7 +211,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-matrix-user-verification-service"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
memcached:
|
||||
# providerCategory: "Community"
|
||||
@@ -305,6 +305,16 @@ charts:
|
||||
name: "nubus"
|
||||
version: "1.5.1"
|
||||
verify: true
|
||||
opendesk2FAHelpdesk:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-2fa-admin"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-2fa-admin"
|
||||
name: "opendesk-2fa-helpdesk-backend"
|
||||
version: "1.0.0"
|
||||
verify: true
|
||||
opendeskAlerts:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -355,7 +365,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/openproject/charts-mirror"
|
||||
name: "openproject"
|
||||
version: "9.5.1"
|
||||
version: "9.7.0"
|
||||
verify: true
|
||||
openprojectBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
@@ -449,7 +459,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
synapseAdmin:
|
||||
# Enterprise Component
|
||||
@@ -477,7 +487,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-create-account"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
synapseGroupsync:
|
||||
# Enterprise Component
|
||||
@@ -505,7 +515,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-web"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
xwiki:
|
||||
# providerCategory: "Supplier"
|
||||
|
||||
@@ -54,6 +54,7 @@ customization:
|
||||
ums: {}
|
||||
intercomService: {}
|
||||
opendeskKeycloakBootstrap: {}
|
||||
opendesk2FAHelpdesk: {}
|
||||
nginxS3Gateway: {}
|
||||
# open-xchange
|
||||
dovecot: {}
|
||||
|
||||
@@ -34,6 +34,8 @@ functional:
|
||||
federation:
|
||||
# Disable to not support Matrix federation with your installation.
|
||||
enabled: true
|
||||
# List of matrix homeserver domains you want to allow federation with
|
||||
domainAllowList: []
|
||||
|
||||
filestore:
|
||||
quota:
|
||||
|
||||
@@ -44,14 +44,14 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
tag: "24.04.9.2.1@sha256:749917bf9146d8507b3a63d422a30ebe4f499700421c30527e32f322a015c73d"
|
||||
tag: "24.04.12.4.1@sha256:c794cefc3b56b13479e29626bb13e903ccc77a49163dacab1328efed69140c62"
|
||||
collaboraController:
|
||||
# Enterprise Component
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Collabora"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
|
||||
tag: "1.1.0@sha256:dfbbb6a9bfac94d39bd735eb143084803a774d2fc673a138bf08d4044e8d942a"
|
||||
tag: "1.1.1@sha256:8a5b79920fdf7a8eb9c1e781f480d6134a30c75f14fae3f1ecb0b607e016215c"
|
||||
cryptpad:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "XWiki"
|
||||
@@ -152,7 +152,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
|
||||
tag: "2.7.3@sha256:bae60a9a14df53431f81846bf98520e3340dbfc1abae88622ccbd3c6e81cd930"
|
||||
tag: "2.10.3@sha256:7b767f7a3f0e6c43e0f287374fd7fc758ec73e9fdb760a88150a64b2a33d1b66"
|
||||
jibri:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -318,7 +318,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
tag: "2.4.6@sha256:ebd5777c1244199df42f23b5a9df5339d86d353b95c68e7505f142c9c247eb73"
|
||||
tag: "2.4.7@sha256:86775101c085904db2a93d26a4d7f304f6552025e40aacade7f7de175308824a"
|
||||
nextcloudExporter:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -419,6 +419,16 @@ images:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-keycloak"
|
||||
tag: "25.0.1-ucs1@sha256:61cb3e703672f6d8806af41bec8056ca84e295bbeb546fdb5349322d1174a43d"
|
||||
opendesk2FAHelpdesk:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
# upstreamRegistry: "https://artifacts.software-univention.de"
|
||||
# upstreamRepository: "nubus/images/keycloak-bootstrap"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["0", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-2fa-admin-backend"
|
||||
tag: "1.0.0@sha256:790ae7fc673f2d577a27953d713109802866f368ae69a3faa043b309a550fde3"
|
||||
nubusKeycloakBootstrap:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -528,7 +538,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
|
||||
tag: "1.12.0@sha256:78d8e35f4dd7acd6b702a3aa4697424ae2f27898886b9b9086fd0ddc7884c391"
|
||||
tag: "1.12.2@sha256:a9d33c4f97008847178e19a005d8c187a302ff4065f453df8041c9cda71612f9"
|
||||
nubusOpendeskExtensionA2gMapper:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -728,7 +738,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["13", "1", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
|
||||
tag: "15.2.1@sha256:bbdde5f9818997086fcf61b7b204500fad716997bba3953819162f170425f4f0"
|
||||
tag: "15.3.0@sha256:28beb3f7eb22cbbcb4f02e09bc799dab9282c693bb975bf7028afdf2274c0355"
|
||||
openprojectBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
|
||||
@@ -84,8 +84,6 @@ replicas:
|
||||
umsGuardianManagementUi: 1
|
||||
# -- scalable: tbd
|
||||
umsGuardianOpenPolicyAgent: 1
|
||||
# -- scalable: tbd
|
||||
umsKeycloak: 1
|
||||
# -- scalable: false
|
||||
# -- comment: Should not be scaled, is an async process.
|
||||
umsKeycloakExtensionsHandler: 1
|
||||
|
||||
@@ -157,6 +157,13 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
opendesk2FAHelpdesk:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "512Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "256Mi"
|
||||
opendeskStaticFiles:
|
||||
limits:
|
||||
cpu: 99
|
||||
|
||||
@@ -44,6 +44,7 @@ seLinuxOptions:
|
||||
notesFrontend: ~
|
||||
notesYProvider: ~
|
||||
opendeskKeycloakBootstrap: ~
|
||||
opendesk2FAHelpdesk: ~
|
||||
opendeskStaticFiles: ~
|
||||
openproject: ~
|
||||
openprojectBootstrap: ~
|
||||
|
||||
@@ -10,7 +10,7 @@ smtp:
|
||||
password: {{ env "SMTP_PASSWORD" | quote }}
|
||||
localpartNoReply: "no-reply"
|
||||
|
||||
# For the following settings to have effect `dkimpy.enabled` must be `true`.
|
||||
# For the following settings to have effect `apps.dkimpy.enabled` must be `true`.
|
||||
dkim:
|
||||
key:
|
||||
# DKIM private key as plaintext value.
|
||||
|
||||
Reference in New Issue
Block a user