feat(opendesk-services): Add opendesk-otterize

fix(helmfile): Streamline annotations
feat(openproject): Update OpenProject from 16.5.1 to 16.6.0
2025-12-06 23:41:43 +01:00 · 2025-11-13 17:14:31 +01:00 · 2025-11-12 11:28:49 +01:00 · 2025-11-11 10:53:50 +00:00 · 2025-11-10 15:46:13 +00:00
220 changed files with 5341 additions and 117 deletions
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ openDesk currently features the following functional main components:
 | Groupware            | OX App Suite                | GPL-2.0-only (backend), AGPL-3.0-or-later (frontend)                                   | [8.41](https://documentation.open-xchange.com/appsuite/releases/8.41/)                        | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
 | Knowledge management | XWiki                       | LGPL-2.1-or-later                                                                      | [17.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/17.4.4/)                | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                     |
 | Portal & IAM         | Nubus                       | AGPL-3.0-or-later                                                                      | [1.14.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.14.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |
-| Project management   | OpenProject                 | GPL-3.0-only                                                                           | [16.5.1](https://www.openproject.org/docs/release-notes/16-5-1/)                              | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
+| Project management   | OpenProject                 | GPL-3.0-only                                                                           | [16.6.0](https://www.openproject.org/docs/release-notes/16-6-0/)                              | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
 | Videoconferencing    | Jitsi                       | Apache-2.0                                                                             | [2.0.10431](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_10431)       | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                            |
 | Weboffice            | Collabora                   | MPL-2.0                                                                                | [25.04.5](https://www.collaboraoffice.com/code-25-04-release-notes/)                          | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)        |

--- a/helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl
+++ b/helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl
@@ -47,7 +47,10 @@ ingress:
        - "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"

 podAnnotations:
-  {{ .Values.annotations.coco.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "collabora-controller"
+  {{- with .Values.annotations.coco.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 securityContext:
  allowPrivilegeEscalation: false
--- a/helmfile/apps/collabora/values.yaml.gotmpl
+++ b/helmfile/apps/collabora/values.yaml.gotmpl
@@ -110,7 +110,10 @@ ingress:
        - "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"

 podAnnotations:
-  {{ .Values.annotations.collabora.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "collabora"
+  {{- with .Values.annotations.collabora.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  fsGroup: 1001
--- a/helmfile/apps/cryptpad/values.yaml.gotmpl
+++ b/helmfile/apps/cryptpad/values.yaml.gotmpl
@@ -55,7 +55,10 @@ persistence:
  enabled: false

 podAnnotations:
-  {{ .Values.annotations.cryptpad.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "cryptpad"
+  {{- with .Values.annotations.cryptpad.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  fsGroup: 4001
--- a/helmfile/apps/element/values-element.yaml.gotmpl
+++ b/helmfile/apps/element/values-element.yaml.gotmpl
@@ -143,7 +143,10 @@ ingress:
    {{ .Values.annotations.element.ingress | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.element.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-element"
+  {{- with .Values.annotations.element.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl
@@ -44,7 +44,10 @@ ingress:
    {{ .Values.annotations.elementMatrixNeoboardWidget.ingress | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.elementMatrixNeoboardWidget.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "matrix-neoboard-widget"
+  {{- with .Values.annotations.elementMatrixNeoboardWidget.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl
@@ -44,7 +44,10 @@ ingress:
    {{ .Values.annotations.elementMatrixNeochoiceWidget.ingress | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.elementMatrixNeochoiceWidget.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "matrix-neochoice-widget"
+  {{- with .Values.annotations.elementMatrixNeochoiceWidget.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl
@@ -25,7 +25,10 @@ image:
 fullnameOverride: "matrix-neodatefix-bot-bootstrap"

 podAnnotations:
-  {{ .Values.annotations.elementMatrixNeodatefixBotBootstrap.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "values-matrix-neodatefix-bot-bootstrap"
+  {{- with .Values.annotations.elementMatrixNeodatefixBotBootstrap.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 securityContext:
  allowPrivilegeEscalation: false
@@ -42,7 +45,7 @@ securityContext:
  seLinuxOptions:
    {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }}

-podAnnotations:
-  {{ .Values.annotations.elementMatrixNeodatefixBotBootstrap.serviceAccount | toYaml | nindent 2 }}
-
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixBotBootstrap.serviceAccount | toYaml | nindent 4 }}
 ...
--- a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
@@ -90,7 +90,10 @@ persistence:
    {{ .Values.annotations.elementMatrixNeodatefixBot.persistence | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.elementMatrixNeodatefixBot.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "matrix-neodatefix-bot"
+  {{- with .Values.annotations.elementMatrixNeodatefixBot.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl
@@ -49,7 +49,10 @@ ingress:
    {{ .Values.annotations.elementMatrixNeodatefixWidget.ingress | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.elementMatrixNeodatefixWidget.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "matrix-neodatefix-widget"
+  {{- with .Values.annotations.elementMatrixNeodatefixWidget.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl
@@ -25,7 +25,10 @@ image:
 fullnameOverride: "opendesk-matrix-user-verification-service-bootstrap"

 podAnnotations:
-  {{ .Values.annotations.elementMatrixUserVerificationServiceBootstrap.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-matrix-user-verification-service-bootstrap"
+  {{- with .Values.annotations.elementMatrixUserVerificationServiceBootstrap.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 securityContext:
  allowPrivilegeEscalation: false
--- a/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
@@ -44,7 +44,10 @@ image:
  tag: {{ .Values.images.matrixUserVerificationService.tag | quote }}

 podAnnotations:
-  {{ .Values.annotations.elementMatrixUserVerificationService.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-matrix-user-verification-service"
+  {{- with .Values.annotations.elementMatrixUserVerificationService.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-synapse-admin.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-admin.yaml.gotmpl
@@ -56,7 +56,12 @@ cron:
    repository: {{ .Values.images.elementSyncAdmins.repository | quote }}
    tag: {{ .Values.images.elementSyncAdmins.tag | quote }}
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  podAnnotations:
+    intents.otterize.com/service-name: "opendesk-synapse-admin-cron"
 #fullnameOverride: "opendesk-synapse-admin"
+
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-synapse-admin"
 image:
  registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementSynapseAdmin.registry | quote }}
  repository: {{ .Values.images.elementSynapseAdmin.repository | quote }}
--- a/helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl
@@ -16,4 +16,6 @@ image:
  tag: {{ .Values.images.elementPipe.tag | quote }}
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 fullnameOverride: "opendesk-synapse-adminbot-pipe"
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-synapse-adminbot-pipe"
 ...
--- a/helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl
@@ -20,4 +20,6 @@ ingress:
  enabled: {{ .Values.ingress.enabled }}
  tls:
    secretName: {{ .Values.ingress.tls.secretName | quote }}
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-synapse-adminbot-web"
 ...
--- a/helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl
@@ -16,4 +16,6 @@ image:
  tag: {{ .Values.images.elementPipe.tag | quote }}
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 fullnameOverride: "opendesk-synapse-auditbot-pipe"
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-synapse-auditbot-pipe"
 ...
--- a/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl
@@ -51,4 +51,6 @@ image:
  url: {{ .Values.images.elementGroupsync.repository | quote }}
  tag: {{ .Values.images.elementGroupsync.tag | quote }}
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-synapse-groupsync"
 ...
--- a/helmfile/apps/element/values-synapse-web.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-web.yaml.gotmpl
@@ -56,7 +56,10 @@ ingress:
    secretName: {{ .Values.ingress.tls.secretName | quote }}

 podAnnotations:
-  {{ .Values.annotations.elementSynapseWeb.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-synapse-web"
+  {{- with .Values.annotations.elementSynapseWeb.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-synapse.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse.yaml.gotmpl
@@ -250,7 +250,10 @@ persistence:
    {{ .Values.annotations.elementSynapse.persistence | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.elementSynapse.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-synapse"
+  {{- with .Values.annotations.elementSynapse.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/element/values-well-known.yaml.gotmpl
+++ b/helmfile/apps/element/values-well-known.yaml.gotmpl
@@ -49,7 +49,10 @@ ingress:
    {{ .Values.annotations.elementWellKnown.ingress | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.elementWellKnown.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-well-known"
+  {{- with .Values.annotations.elementWellKnown.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
+++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
@@ -111,10 +111,11 @@ jitsi:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.jitsi | toYaml | nindent 8 }}
-    {{- if .Values.annotations.jitsiWeb.pod }}
    podAnnotations:
-      {{ .Values.annotations.jitsiWeb.pod | toYaml | nindent 6 }}
-    {{- end }}
+      intents.otterize.com/service-name: "jitsi-web"
+      {{- with .Values.annotations.jitsiWeb.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
  prosody:
    image:
      repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.prosody.registry }}/{{ .Values.images.prosody.repository }}"
@@ -164,10 +165,11 @@ jitsi:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.prosody | toYaml | nindent 8 }}
-    {{- if .Values.annotations.jitsiProsody.pod }}
    podAnnotations:
-      {{ .Values.annotations.jitsiProsody.pod | toYaml | nindent 6 }}
-    {{- end }}
+      intents.otterize.com/service-name: "jitsi-prosody"
+      {{- with .Values.annotations.jitsiProsody.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
  jicofo:
    replicaCount: {{ .Values.replicas.jicofo }}
    image:
@@ -191,10 +193,11 @@ jitsi:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.jicofo | toYaml | nindent 8 }}
-    {{- if .Values.annotations.jitsiJicofo.pod }}
    podAnnotations:
-      {{ .Values.annotations.jitsiJicofo.pod | toYaml | nindent 6 }}
-    {{- end }}
+      intents.otterize.com/service-name: "jitsi-jicofo"
+      {{- with .Values.annotations.jitsiJicofo.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
  jigasi:
    replicaCount: {{ .Values.replicas.jigasi }}
    enabled: {{ .Values.sip.jigasi.enabled }}
@@ -224,10 +227,11 @@ jitsi:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.jigasi | toYaml | nindent 8 }}
-    {{- if .Values.annotations.jitsiJigasi.pod }}
    podAnnotations:
-      {{ .Values.annotations.jitsiJigasi.pod | toYaml | nindent 6 }}
-    {{- end }}
+      intents.otterize.com/service-name: "jitsi-jigasi"
+      {{- with .Values.annotations.jitsiJigasi.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
  jvb:
    replicaCount: {{ .Values.replicas.jvb }}
    # The `useNodeIP` option provided by the upstream charts does not support all relevant scenarios, but since
@@ -260,10 +264,11 @@ jitsi:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.jvb | toYaml | nindent 8 }}
-    {{- if .Values.annotations.jitsiJvb.pod }}
    podAnnotations:
-      {{ .Values.annotations.jitsiJvb.pod | toYaml | nindent 6 }}
-    {{- end }}
+      intents.otterize.com/service-name: "jitsi-jvb"
+      {{- with .Values.annotations.jitsiJvb.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    metrics:
      prometheusAnnotations:
        {{ .Values.annotations.jitsiJvb.metricsPrometheus | toYaml | nindent 8 }}
@@ -288,10 +293,11 @@ jitsi:
      # Chart does not allow to template more
      capabilities:
        add: ["SYS_ADMIN"]
-    {{- if .Values.annotations.jitsiJibri.pod }}
    podAnnotations:
-      {{ .Values.annotations.jitsiJibri.pod | toYaml | nindent 6 }}
-    {{- end }}
+      intents.otterize.com/service-name: "jitsi-jibri"
+      {{- with .Values.annotations.jitsiJibri.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
  imagePullSecrets:
  {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
--- a/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
@@ -10,7 +10,7 @@ global:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}

 additionalAnnotations:
-  intents.otterize.com/service-name: "opendesk-nextcloud-php"
+  intents.otterize.com/service-name: "opendesk-nextcloud-management"
  {{- with .Values.annotations.nextcloudNextcloudMgmt.additional }}
  {{ . | toYaml | nindent 2}}
  {{- end }}
--- a/helmfile/apps/nextcloud/values-nextcloud-notifypush.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-notifypush.yaml.gotmpl
@@ -10,7 +10,6 @@ global:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}

 additionalAnnotations:
-  intents.otterize.com/service-name: "opendesk-nextcloud-notifypush"
  {{- with .Values.annotations.nextcloudNotifyPush.additional }}
  {{ . | toYaml | nindent 4 }}
  {{- end }}
@@ -114,7 +113,10 @@ metrics:
      {{ .Values.annotations.nextcloudNotifyPush.serviceMetrics | toYaml | nindent 6 }}

 podAnnotations:
-  {{ .Values.annotations.nextcloudNotifyPush.pod | toYaml | nindent 4 }}
+  intents.otterize.com/service-name: "opendesk-nextcloud-notifypush"
+  {{- with .Values.annotations.nextcloudNotifyPush.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
 podSecurityContext:
  fsGroup: 101
 # prometheus:
--- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
@@ -39,7 +39,10 @@ exporter:
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    tag: {{ .Values.images.nextcloudExporter.tag | quote }}
  podAnnotations:
-    {{ .Values.annotations.nextcloudExporter.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "opendesk-nextcloud-exporter"
+    {{- with .Values.annotations.nextcloudExporter.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  prometheus:
    serviceMonitor:
      enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
@@ -76,7 +79,7 @@ aio:
            topologyKey: "kubernetes.io/hostname"

  additionalAnnotations:
-    intents.otterize.com/service-name: "opendesk-nextcloud-aio"
+    intents.otterize.com/service-name: "opendesk-nextcloud-aio-cron"
    {{- with .Values.annotations.nextcloudAio.additional }}
    {{ . | toYaml | nindent 4 }}
    {{- end }}
@@ -177,7 +180,10 @@ aio:
    tls:
      secretName: {{ .Values.ingress.tls.secretName | quote }}
  podAnnotations:
-    {{ .Values.annotations.nextcloudAio.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "opendesk-nextcloud-aio"
+    {{- with .Values.annotations.nextcloudAio.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  podSecurityContext:
    fsGroup: 101
  prometheus:
--- a/helmfile/apps/notes/values.yaml.gotmpl
+++ b/helmfile/apps/notes/values.yaml.gotmpl
@@ -117,11 +117,20 @@ backend:
    seLinuxOptions:
      {{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
  podAnnotations:
-    {{ .Values.annotations.notesBackend.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "impress-backend"
+    {{- with .Values.annotations.notesBackend.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  podAnnotationsCreateUser:
-    {{ .Values.annotations.notesBackend.createUserJob | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "impress-create-user"
+    {{- with .Values.annotations.notesBackend.createUserJob }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  podAnnotationsMigrate:
-    {{ .Values.annotations.notesBackend.migrateJob | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "impress-migrate"
+    {{- with .Values.annotations.notesBackend.migrateJob }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  podSecurityContext:
    enabled: true
    fsGroup: 1000
@@ -189,7 +198,10 @@ frontend:
    seLinuxOptions:
      {{ .Values.seLinuxOptions.notesFrontend | toYaml | nindent 6 }}
  podAnnotations:
-    {{ .Values.annotations.notesFrontend.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "impress-frontend"
+    {{- with .Values.annotations.notesFrontend.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  podSecurityContext:
    enabled: true
    fsGroup: 1000
@@ -257,7 +269,10 @@ y-provider:
      {{ .Values.annotations.notesYProvider.ingressCollaborationWS | toYaml | nindent 6 }}
    ingressClassName: {{ .Values.ingress.ingressClassName }}
  podAnnotations:
-    {{ .Values.annotations.notesYProvider.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "impress-y-provider"
+    {{- with .Values.annotations.notesYProvider.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  podSecurityContext:
    enabled: true
    fsGroup: 1001
--- a/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
@@ -109,7 +109,10 @@ ingress:
    {{ .Values.annotations.nubusIntercomService.ingress | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.nubusIntercomService.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "intercom-service"
+  {{- with .Values.annotations.nubusIntercomService.pod }}
+  {{ . | toYaml | nindent 2}}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/nubus/values-nginx-s3-gateway.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nginx-s3-gateway.yaml.gotmpl
@@ -42,7 +42,10 @@ configuration:
      value: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}

 podAnnotations:
-  {{ .Values.annotations.nubusNginxS3Gateway.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "nubus-nginx-s3-gateway"
+  {{- with .Values.annotations.nubusNginxS3Gateway.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 resources:
  {{ .Values.resources.nginxS3Gateway | toYaml | nindent 2 }}
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -274,7 +274,6 @@ nubusTwofaHelpdesk:
 nubusNotificationsApi:
  enabled: false
  additionalAnnotations:
-    intents.otterize.com/service-name: "ums-notifications-api"
    {{- with .Values.annotations.nubusNotificationsApi.additional }}
    {{ . | toYaml | nindent 4 }}
    {{- end }}
@@ -312,7 +311,10 @@ nubusNotificationsApi:
    annotations:
      {{ .Values.annotations.nubusNotificationsApi.persistence | toYaml | nindent 6 }}
  podAnnotations:
-    {{ .Values.annotations.nubusNotificationsApi.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-notifications-api"
+    {{- with .Values.annotations.nubusNotificationsApi.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  postgresql:
    connection:
      host: {{ .Values.databases.umsNotificationsApi.host | quote }}
@@ -339,7 +341,6 @@ nubusNotificationsApi:

 nubusPortalFrontend:
  additionalAnnotations:
-    intents.otterize.com/service-name: "ums-portal-frontend"
    {{- with .Values.annotations.nubusPortalFrontend.additional }}
    {{ . | toYaml | nindent 4 }}
    {{- end }}
@@ -415,7 +416,10 @@ nubusPortalFrontend:
    annotations:
      {{ .Values.annotations.nubusPortalFrontend.persistence | toYaml | nindent 6 }}
  podAnnotations:
-    {{ .Values.annotations.nubusPortalFrontend.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-portal-frontend"
+    {{- with .Values.annotations.nubusPortalFrontend.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  portalFrontend:
    branding:
      css: {{ .Values.theme.styles.portal.main | toJson }}
@@ -666,7 +670,6 @@ nubusPortalConsumer:

 nubusPortalServer:
  additionalAnnotations:
-    intents.otterize.com/service-name: "ums-portal-server"
    {{- with .Values.annotations.nubusPortalServer.additional }}
    {{ . | toYaml | nindent 4 }}
    {{- end }}
@@ -711,7 +714,10 @@ nubusPortalServer:
    annotations:
      {{ .Values.annotations.nubusPortalServer.persistence | toYaml | nindent 6 }}
  podAnnotations:
-    {{ .Values.annotations.nubusPortalServer.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-portal-server"
+    {{- with .Values.annotations.nubusPortalServer.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  portalServer:
    centralNavigation:
      enabled: true
@@ -839,7 +845,10 @@ nubusUdmRestApi:
    annotations:
      {{ .Values.annotations.nubusUdmRestApi.persistence | toYaml | nindent 6 }}
  podAnnotations:
-    {{ .Values.annotations.nubusUdmRestApi.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-udm-rest-api"
+    {{- with .Values.annotations.nubusUdmRestApi.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end}}
  replicaCount: {{ .Values.replicas.umsUdmRestApi }}
  resources:
    {{ .Values.resources.umsUdmRestApi | toYaml | nindent 4 }}
@@ -898,7 +907,7 @@ nubusLdapServer:
  additionalAnnotations:
    {{ .Values.annotations.nubusLdapServer.additional | toYaml | nindent 4 }}
  additionalAnnotations:
-    intents.otterize.com/service-name: "ums-ldap-server"
+    {{ .Values.annotations.nubusLdapServer.additional | toYaml | nindent 4 }}
  dhInitcontainer:
    image:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }}
@@ -921,7 +930,10 @@ nubusLdapServer:
    size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }}
    storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
  podAnnotations:
-    {{ .Values.annotations.nubusLdapServer.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-ldap-server"
+    {{- with .Values.annotations.nubusLdapServer.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }}
  replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }}
  replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }}
@@ -947,7 +959,6 @@ nubusProvisioning:
    {{ .Values.annotations.nubusProvisioning.additional | toYaml | nindent 4 }}
  api:
    additionalAnnotations:
-      intents.otterize.com/service-name: "ums-provisioning-api"
      {{- with .Values.annotations.nubusProvisioning.apiAdditional }}
      {{ . | toYaml | nindent 6 }}
      {{- end }}
@@ -966,7 +977,10 @@ nubusProvisioning:
      auth:
        password: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}}
    podAnnotations:
-      {{ .Values.annotations.nubusProvisioning.apiPod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "ums-provisioning-api"
+      {{- with .Values.annotations.nubusProvisioning.apiPod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    resources:
      {{ .Values.resources.umsProvisioningApi | toYaml | nindent 6 }}
  containerSecurityContext:
@@ -985,7 +999,6 @@ nubusProvisioning:
      {{ .Values.seLinuxOptions.umsProvisioning | toYaml | nindent 6 }}
  dispatcher:
    additionalAnnotations:
-      intents.otterize.com/service-name: "ums-provisioning-dispatcher"
      {{- with .Values.annotations.nubusProvisioning.dispatcherAdditional }}
      {{ . | toYaml | nindent 6 }}
      {{- end }}
@@ -997,12 +1010,14 @@ nubusProvisioning:
      auth:
        password: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}}
    podAnnotations:
-      {{ .Values.annotations.nubusProvisioning.dispatcherPod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "ums-provisioning-dispatcher"
+      {{- with .Values.annotations.nubusProvisioning.dispatcherPod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    resources:
      {{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 6 }}
  nats:
    additionalAnnotations:
-      intents.otterize.com/service-name: "ums-provisioning-nats"
      {{- with .Values.annotations.nubusProvisioning.natsAdditional }}
      {{ . | toYaml | nindent 6 }}
      {{- end }}
@@ -1060,10 +1075,12 @@ nubusProvisioning:
    serviceAccount:
      create: true
  podAnnotations:
-    {{ .Values.annotations.nubusProvisioning.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-provisioning-nats"
+    {{- with .Values.annotations.nubusProvisioning.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  prefill:
    additionalAnnotations:
-      intents.otterize.com/service-name: "ums-provisioning-prefill"
      {{- with .Values.annotations.nubusProvisioning.prefillAdditional }}
      {{ . | toYaml | nindent 6 }}
      {{- end }}
@@ -1075,12 +1092,14 @@ nubusProvisioning:
      auth:
        password: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}}
    podAnnotations:
-      {{ .Values.annotations.nubusProvisioning.prefillPod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "ums-provisioning-prefill"
+      {{- with .Values.annotations.nubusProvisioning.prefillPod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    resources:
      {{ .Values.resources.umsProvisioningPrefill | toYaml | nindent 6 }}
  udmTransformer:
    additionalAnnotations:
-      intents.otterize.com/service-name: "ums-provisioning-udm-transformer"
      {{- with .Values.annotations.nubusProvisioning.udmTransformerAdditional }}
      {{ . | toYaml | nindent 6 }}
      {{- end }}
@@ -1092,7 +1111,10 @@ nubusProvisioning:
      auth:
        password: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}}
    podAnnotations:
-      {{ .Values.annotations.nubusProvisioning.udmTransformerPod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "ums-provisioning-udm-transformer"
+      {{- with .Values.annotations.nubusProvisioning.udmTransformerPod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    resources:
      {{ .Values.resources.umsProvisioningUdmTransformer | toYaml | nindent 6 }}
  replicaCount:
@@ -1163,7 +1185,10 @@ nubusUdmListener:
    size: {{ .Values.persistence.storages.nubusUdmListener.size | quote }}
 #    storageClass: -- coalesce .Values.persistence.storages.nubusUdmListener.storageClassName .Values.persistence.storageClassNames.RWO | quote --
  podAnnotations:
-    {{ .Values.annotations.nubusUdmListener.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-provisioning-udm-listener"
+    {{- with .Values.annotations.nubusUdmListener.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  replicaCount: {{ .Values.replicas.umsUdmListener }}
  resources:
    {{ .Values.resources.umsUdmListener | toYaml | nindent 4 }}
@@ -1219,9 +1244,9 @@ nubusSelfServiceConsumer:
 # Nubus services
 nubusStackDataUms:
  additionalAnnotations:
+    intents.otterize.com/service-name: "ums-stack-data-ums"
    argocd.argoproj.io/hook: "Sync"
    argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
-    intents.otterize.com/service-name: "ums-stack-data-ums"
    {{- with .Values.annotations.nubusStackDataUms.additional }}
    {{ . | toYaml | nindent 4 }}
    {{- end }}
@@ -1270,7 +1295,10 @@ nubusStackDataUms:
      connection:
        host: {{ .Values.databases.umsSelfservice.host | quote }}
  podAnnotations:
-    {{ .Values.annotations.nubusStackDataUms.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-stack-data-ums"
+    {{- with .Values.annotations.nubusStackDataUms.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  resources:
    {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
  stackDataContext:
@@ -1459,7 +1487,10 @@ nubusUmcServer:
    auth:
      password: ""
  podAnnotations:
-    {{ .Values.annotations.nubusUmcServer.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-umc-server"
+    {{- with .Values.annotations.nubusUmcServer.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  # Ref.: https://docs.software-univention.de/nubus-kubernetes-operation/1.x/en/reference.html#envvar-nubusUmcServer.podManagementPolicy
  podManagementPolicy: "{{ if gt .Values.replicas.umsUmcServer 4 }}Parallel{{ else }}OrderedReady{{ end }}"
  postgresql:
@@ -1555,7 +1586,10 @@ nubusUmcGateway:
  initResources:
    {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
  podAnnotations:
-    {{ .Values.annotations.nubusUmcGateway.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "ums-umc-gateway"
+    {{- with .Values.annotations.nubusUmcGateway.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  replicaCount: {{ .Values.replicas.umsUmcGateway }}
  serviceAccount:
    annotations:
--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -126,7 +126,10 @@ persistence:
    {{ .Values.annotations.openxchangeDovecot.persistence | toYaml | nindent 4 }}

 podAnnotations:
-  {{ .Values.annotations.openxchangeDovecot.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "open-xchange-dovecot"
+  {{- with .Values.annotations.openxchangeDovecot.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 resources:
  {{ .Values.resources.dovecot | toYaml | nindent 2 }}
--- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
@@ -3,6 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 additionalAnnotations:
+  intents.otterize.com/service-name: "open-xchange-bootstrap"
  argocd.argoproj.io/hook: "Sync"
  argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
  {{- with .Values.annotations.openxchangeBootstrap.additional }}
--- a/helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
@@ -5,6 +5,7 @@
 appsuite:
  core-mw:
    podAnnotations:
+      intents.otterize.com/service-name: "open-xchange-core-mw"
      logging.open-xchange.com/format: "appsuite-json"
      {{- with .Values.annotations.openxchangeEnterpriseContactPicker.appsuiteCoreMwPod }}
      {{ . | toYaml | nindent 6 }}
--- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
@@ -31,7 +31,10 @@ nextcloud-integration-ui:
    - name: {{ . | quote }}
  {{- end }}
  podAnnotations:
-    {{ .Values.annotations.openxchangeNextcloudIntegrationUi.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "open-xchange-nextcloud-integration-ui"
+    {{- with .Values.annotations.openxchangeNextcloudIntegrationUi.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  replicaCount: {{ .Values.replicas.openxchangeNextcloudIntegrationUI }}
  resources:
    {{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
@@ -66,7 +69,10 @@ public-sector-ui:
  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  replicaCount: {{ .Values.replicas.openxchangePublicSectorUI }}
  podAnnotations:
-    {{ .Values.annotations.openxchangePublicSectorUi.pod | toYaml | nindent 4 }}
+    intents.otterize.com/service-name: "open-xchange-public-sector-ui"
+    {{- with .Values.annotations.openxchangePublicSectorUi.pod }}
+    {{ . | toYaml | nindent 4 }}
+    {{- end }}
  resources:
    {{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
  securityContext:
@@ -311,7 +317,10 @@ appsuite:
    jolokiaPassword: {{ .Values.secrets.oxAppSuite.jolokiaPassword | quote }}
    hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
    podAnnotations:
-      {{ .Values.annotations.openxchangeAppsuiteCoreMw.pod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "open-xchange-core-mw"
+      {{- with .Values.annotations.openxchangeAppsuiteCoreMw.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    serviceAccount:
      annotations:
        {{ .Values.annotations.openxchangeAppsuiteCoreMw.serviceAccount | toYaml | nindent 8 }}
@@ -338,7 +347,10 @@ appsuite:
        pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
      replicaCount: {{ .Values.replicas.openxchangeGotenberg }}
      podAnnotations:
-        {{ .Values.annotations.openxchangeAppsuiteCoreMw.gotenbergPod | toYaml | nindent 8 }}
+        intents.otterize.com/service-name: "open-xchange-gotenberg"
+        {{- with .Values.annotations.openxchangeAppsuiteCoreMw.gotenbergPod }}
+        {{ . | toYaml | nindent 8 }}
+        {{- end }}
      resources:
        {{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
      securityContext:
@@ -351,7 +363,6 @@ appsuite:
        runAsNonRoot: true
        runAsUser: 1001
        runAsGroup: 1001
-        privileged: false
        seccompProfile:
          type: "RuntimeDefault"
        seLinuxOptions:
@@ -769,7 +780,10 @@ appsuite:
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    replicaCount: {{ .Values.replicas.openxchangeCoreUI }}
    podAnnotations:
-      {{ .Values.annotations.openxchangeAppsuiteCoreUi.pod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "open-xchange-core-ui"
+      {{- with .Values.annotations.openxchangeAppsuiteCoreUi.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    resources:
      {{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
    securityContext:
@@ -806,7 +820,10 @@ appsuite:
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    overrides: {}
    podAnnotations:
-      {{ .Values.annotations.openxchangeAppsuiteCoreUiMiddleware.pod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "open-xchange-core-ui-middleware"
+      {{- with .Values.annotations.openxchangeAppsuiteCoreUiMiddleware.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    redis: *redisConfiguration
    replicaCount: {{ .Values.replicas.openxchangeCoreUIMiddleware }}
    resources:
@@ -855,7 +872,10 @@ appsuite:
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    {{- if .Values.annotations.openxchangeAppsuiteCoreDocumentconverter.pod }}
    podAnnotations:
-      {{ .Values.annotations.openxchangeAppsuiteCoreDocumentconverter.pod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "open-xchange-core-documentconverter"
+      {{- with .Values.annotations.openxchangeAppsuiteCoreDocumentconverter.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    {{- end }}
    redis: *redisConfiguration
    replicaCount: {{ .Values.replicas.openxchangeCoreDocumentConverter }}
@@ -907,7 +927,10 @@ appsuite:
      tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    podAnnotations:
-      {{ .Values.annotations.openxchangeAppsuiteCoreGuidedtours.pod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "open-xchange-guidedtours"
+      {{- with .Values.annotations.openxchangeAppsuiteCoreGuidedtours.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    replicaCount: {{ .Values.replicas.openxchangeCoreGuidedtours }}
    resources:
      {{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
@@ -951,7 +974,10 @@ appsuite:
          secretKey: "."
    {{- if .Values.annotations.openxchangeAppsuiteCoreImageconverter.pod }}
    podAnnotations:
-      {{ .Values.annotations.openxchangeAppsuiteCoreImageconverter.pod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "open-xchange-core-imageconverter"
+      {{- with .Values.annotations.openxchangeAppsuiteCoreImageconverter.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    {{- end }}
    redis: *redisConfiguration
    replicaCount: {{ .Values.replicas.openxchangeCoreImageConverter }}
@@ -987,7 +1013,8 @@ appsuite:
      repository: {{ .Values.images.openxchangeGuardUI.repository | quote }}
      tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
-    podAnnotations: {}
+    podAnnotations:
+      intents.otterize.com/service-name: "open-xchange-guard-ui"
    replicaCount: {{ .Values.replicas.openxchangeGuardUI }}
    resources:
      {{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
@@ -1023,7 +1050,10 @@ appsuite:
      - name: {{ . | quote }}
    {{- end }}
    podAnnotations:
-      {{ .Values.annotations.openxchangeAppsuiteCoreUserGuide.pod | toYaml | nindent 6 }}
+      intents.otterize.com/service-name: "open-xchange-core-user-guide"
+      {{- with .Values.annotations.openxchangeAppsuiteCoreUserGuide.pod }}
+      {{ . | toYaml | nindent 6 }}
+      {{- end }}
    replicaCount: {{ .Values.replicas.openxchangeCoreUserGuide }}
    resources:
      {{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
--- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
@@ -68,7 +68,10 @@ persistence:
  #storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }}

 podAnnotations:
-  {{ .Values.annotations.nubusOxConnector.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "open-xchange-connector"
+  {{- with .Values.annotations.nubusOxConnector.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 replicaCount: {{ .Values.replicas.oxConnector }}

--- a/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
@@ -91,7 +91,10 @@ postfix:
  virtualTransport: "lmtps:dovecot:24"

 podAnnotations:
-  {{ .Values.annotations.openxchangePostfix.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "open-xchange-postfix"
+  {{- with .Values.annotations.openxchangePostfix.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 replicaCount: {{ .Values.replicas.postfix }}

--- a/helmfile/apps/opendesk-migrations-post/values.yaml.gotmpl
+++ b/helmfile/apps/opendesk-migrations-post/values.yaml.gotmpl
@@ -5,7 +5,10 @@ additionalAnnotations:
  {{ .Values.annotations.opendeskMigrationsPost.additional | toYaml | nindent 2 }}

 podAnnotations:
-  {{ .Values.annotations.opendeskMigrationsPost.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-migrations-post"
+  {{- with .Values.annotations.opendeskMigrationsPost.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 serviceAccount:
  annotations:
--- a/helmfile/apps/opendesk-openproject-bootstrap/values.yaml.gotmpl
+++ b/helmfile/apps/opendesk-openproject-bootstrap/values.yaml.gotmpl
@@ -74,7 +74,10 @@ job:
  enabled: true

 podAnnotations:
-  {{ .Values.annotations.openprojectBootstrap.pod | toYaml | nindent 2 }}
+  intents.otterize.com/service-name: "opendesk-openproject-bootstrap"
+  {{- with .Values.annotations.openprojectBootstrap.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/Chart.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/Chart.yaml
@@ -0,0 +1,21 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+annotations:
+  category: "Security"
+  licenses: "Apache-2.0"
+apiVersion: "v2"
+dependencies:
+  - name: "common"
+    version: "^2.x.x"
+    repository: "oci://registry.opencode.de/bmi/opendesk/components/external/charts/bitnami-charts"
+description: "A Helm chart deploying resources for Otterize to secure services with NetworkPolicies."
+home: "https://zendis.de"
+keywords:
+  - "security"
+name: "opendesk-otterize"
+sources:
+  - "https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-otterize"
+type: "application"
+version: "2.1.3"
+...
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/README.md
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/README.md
@@ -0,0 +1,121 @@
+<!--
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+-->
+# opendesk-otterize
+
+A Helm chart deploying resources for Otterize to secure services with NetworkPolicies.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`, you have two options:
+
+### Install via Repository
+
+```console
+helm repo add opendesk-otterize https://gitlab.opencode.de/api/v4/projects/2293/packages/helm/stable
+helm install my-release --version 2.1.3 opendesk-otterize/opendesk-otterize
+```
+
+### Install via OCI Registry
+
+```console
+helm repo add opendesk-otterize oci://registry.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-otterize
+helm install my-release --version 2.1.3 opendesk-otterize/opendesk-otterize
+```
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://registry.opencode.de/bmi/opendesk/components/external/charts/bitnami-charts | common | ^2.x.x |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalAnnotations | object | `{}` | Additional custom annotations to add to all deployed objects. |
+| additionalLabels | object | `{}` | Additional custom labels to add to all deployed objects. |
+| apps.clamavDistributed.enabled | bool | `true` | Enables ClamAV (in distributed mode) related resource creation. |
+| apps.clamavDistributed.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.clamavDistributed.signatureHost | string | `"gitlab.opencode.de"` | Signature database host |
+| apps.clamavSimple.enabled | bool | `true` | Enables ClamAV (in simple mode) related resource creation. |
+| apps.clamavSimple.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.clamavSimple.signatureHost | string | `"gitlab.opencode.de"` | Signature database host |
+| apps.collabora.enabled | bool | `true` | Enables Collabora related resource creation. |
+| apps.collabora.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.cryptpad.enabled | bool | `true` | Enables Cryptpad related resource creation. |
+| apps.cryptpad.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.dkimpy.enabled | bool | `true` | Enables dkimpy related resource creation. |
+| apps.dkimpy.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.dovecot.enabled | bool | `true` | Enables Dovecot related resource creation. |
+| apps.dovecot.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.element.enabled | bool | `true` | Enables Element related resource creation. |
+| apps.element.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.intercom.enabled | bool | `true` | Enables Intercom Service related resource creation. |
+| apps.intercom.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.jitsi.enabled | bool | `true` | Enables Jitsi related resource creation. |
+| apps.jitsi.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.mariadb.enabled | bool | `true` | Enables MariaDB related resource creation. |
+| apps.mariadb.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.memcached.enabled | bool | `true` | Enables Memcached related resource creation. |
+| apps.memcached.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.minio.enabled | bool | `true` | Enables MinIO related resource creation. |
+| apps.minio.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.nextcloud.enabled | bool | `true` | Enables Nextcloud related resource creation. |
+| apps.nextcloud.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.notes.enabled | bool | `true` | Enables LaSuite Notes related resource creation. |
+| apps.notes.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.nubus.enabled | bool | `true` | Enables Univention Management Stack related resource creation. |
+| apps.nubus.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.openproject.enabled | bool | `true` | Enables OpenProject related resource creation. |
+| apps.openproject.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.oxAppSuite.enabled | bool | `true` | Enables Open-Xchange Appsuite related resource creation. |
+| apps.oxAppSuite.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.oxConnector.enabled | bool | `true` | Enables OX-Connector related resource creation. |
+| apps.oxConnector.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.postfix.enabled | bool | `true` | Enables Postfix related resource creation. |
+| apps.postfix.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.postgresql.enabled | bool | `true` | Enables PostgreSQL related resource creation. |
+| apps.postgresql.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.redis.enabled | bool | `true` | Enables Redis related resource creation. |
+| apps.redis.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| apps.xwiki.enabled | bool | `true` | Enables XWiki related resource creation. |
+| apps.xwiki.namespace | string | `""` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| clientIntents.apiVersion | string | `"k8s.otterize.com/v1alpha3"` | Choose the API version to use. |
+| clientIntents.enabled | bool | `true` | Enable creation of ClientIntents custom resource. |
+| extraApps.clusterPostfix.enabled | bool | `false` | Enables cluster-wide postfix related resource creation. |
+| extraApps.clusterPostfix.namespace | string | `"swp-cross-instance-mail"` | If omitted, resources are deployed in the same namespace as this helm chart. |
+| global.domain | string | `"example.internal"` | Deployment base domain used for egress restrictions to opendesk services via Ingress. |
+| global.hosts | object | `{"collabora":"office","cryptpad":"pad","element":"chat","intercomService":"ics","jitsi":"meet","keycloak":"id","matrixNeoBoardWidget":"matrix-neoboard-widget","matrixNeoChoiceWidget":"matrix-neochoice-widget","matrixNeoDateFixBot":"matrix-neodatefix-bot","matrixNeoDateFixWidget":"matrix-neodatefix-widget","minioApi":"objectstore","minioConsole":"objectstore-ui","nextcloud":"files","notes":"notes","nubus":"portal","openproject":"projects","openxchange":"webmail","synapse":"matrix","synapseFederation":"matrix-federation","whiteboard":"whiteboard","xwiki":"wiki"}` | A map of avaible deployment subdomains. |
+| ingressController.namespace | string | `"nginx-ingress"` | Namespace of ingress controller. |
+| ingressController.podSelector | object | `{"matchLabels":{"app.kubernetes.io/name":"nginx-ingress"}}` | Pod selector for ingress controller to match for NetworkPolicies. |
+| istioGateway.namespace | string | `"istio-system"` | Namespace of ingress controller. |
+| istioGateway.podSelector | object | `{"matchLabels":{"app":"gateway","istio":"gateway"}}` | Pod selector for ingress controller to match for NetworkPolicies. |
+| networkPolicies.enabled | bool | `true` | Enable creation of NetworkPolicies custom resource. |
+| prometheus.namespace | string | `"monitoring"` | Namespace of ingress controller. |
+| prometheus.podSelector | object | `{"matchLabels":{"app.kubernetes.io/name":"prometheus"}}` | Pod selector for ingress controller to match for NetworkPolicies. |
+| protectedServices.apiVersion | string | `"k8s.otterize.com/v1alpha3"` | Choose the API version to use. |
+| protectedServices.enabled | bool | `true` | Enable creation of ProtectedServices custom resource. |
+
+## Uninstalling the Chart
+
+To install the release with name `my-release`:
+
+```bash
+helm uninstall my-release
+```
+
+## Signing
+
+Helm charts are signed with helm native signing method.
+
+You can verify the chart against [the public GPG key](../../files/gpg-pubkeys/opendesk.gpg).
+
+## License
+
+This project uses the following license: Apache-2.0
+
+## Copyright
+
+Copyright (C) 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/README.md.gotmpl.tpl
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/README.md.gotmpl.tpl
@@ -0,0 +1,50 @@
+<!--
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+-->
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`, you have two options:
+
+### Install via Repository
+
+```console
+helm repo add ${CI_PROJECT_NAME} ${CI_SERVER_PROTOCOL}://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/helm/stable
+helm install my-release --version ${RELEASE_VERSION} ${CI_PROJECT_NAME}/{{ template "chart.name" . }}
+```
+
+### Install via OCI Registry
+
+```console
+helm repo add ${CI_PROJECT_NAME} oci://${CI_REGISTRY_IMAGE}
+helm install my-release --version ${RELEASE_VERSION} ${CI_PROJECT_NAME}/{{ template "chart.name" . }}
+```
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+## Uninstalling the Chart
+
+To install the release with name `my-release`:
+
+```bash
+helm uninstall my-release
+```
+
+## Signing
+
+Helm charts are signed with helm native signing method.
+
+You can verify the chart against [the public GPG key](../../files/gpg-pubkeys/opendesk.gpg).
+
+## License
+
+This project uses the following license: Apache-2.0
+
+## Copyright
+
+Copyright (C) 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-freshclam.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-freshclam.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.clamavDistributed.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "clamav-freshclam"
+  namespace: {{ .Values.apps.clamavDistributed.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "clamav-freshclam"
+  targets:
+    - internet:
+        domains:
+          - {{ .Values.apps.clamavDistributed.signatureHost | quote }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-icap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-icap.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.clamavDistributed.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "clamav-icap"
+  namespace: {{ .Values.apps.clamavDistributed.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "clamav-icap"
+  targets:
+    - kubernetes:
+        name: "clamav-clamd.{{ coalesce .Values.apps.clamavDistributed.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-milter.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-milter.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.clamavDistributed.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "clamav-milter"
+  namespace: {{ .Values.apps.clamavDistributed.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "clamav-milter"
+  targets:
+    - kubernetes:
+        name: {{ printf "%s.%s" "clamav-clamd" (coalesce .Values.apps.clamavDistributed.namespace .Release.Namespace) | quote }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-simple.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/clamav-simple.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.clamavSimple.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "clamav-simple"
+  namespace: {{ .Values.apps.clamavSimple.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "clamav-simple"
+  targets:
+    - internet:
+        domains:
+          - {{ .Values.apps.clamavSimple.signatureHost | quote }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/collabora-controller.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/collabora-controller.yaml
@@ -0,0 +1,33 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.collabora.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "collabora-controller"
+  namespace: {{ .Values.apps.collabora.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "collabora-controller"
+  targets:
+    - kubernetes:
+        name: "collabora-controller"
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/collabora.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/collabora.yaml
@@ -0,0 +1,30 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.collabora.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "collabora"
+  namespace: {{ .Values.apps.collabora.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "collabora"
+  targets:
+    - kubernetes:
+        name: "collabora-controller"
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/cryptpad.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/cryptpad.yaml
@@ -0,0 +1,31 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.cryptpad.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "cryptpad"
+  namespace: {{ .Values.apps.cryptpad.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "cryptpad"
+  targets:
+    - kubernetes:
+        name: "clamav-clamd.{{ coalesce .Values.apps.clamavDistributed.namespace .Release.Namespace }}"
+    - internet:
+        domains:
+          - "registry.npmjs.org"
+          - "accounts.cryptpad.fr"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/impress-backend-init.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/impress-backend-init.yaml
@@ -0,0 +1,30 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.notes.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "impress-backend-init"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "impress-backend-init"
+    kind: "Job"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/impress-backend.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/impress-backend.yaml
@@ -0,0 +1,40 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.notes.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "impress-backend"
+  namespace: {{ .Values.apps.notes.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "impress-backend"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis.{{ coalesce .Values.apps.redis.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.postfix.enabled }}
+    - kubernetes:
+        name: "postfix.{{ coalesce .Values.apps.postfix.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/impress-y-provider.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/impress-y-provider.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.notes.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "impress-y-provider"
+  namespace: {{ .Values.apps.notes.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "impress-y-provider"
+  targets:
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/intercom-service.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/intercom-service.yaml
@@ -0,0 +1,32 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "intercom-service"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "intercom-service"
+  targets:
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis.{{ coalesce .Values.apps.redis.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-jibri.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-jibri.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.jitsi.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "jitsi-jibri"
+  namespace: {{ .Values.apps.jitsi.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "jitsi-jibri"
+  targets:
+    - kubernetes:
+        name: "jitsi-prosody.{{ coalesce .Values.apps.jitsi.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-jicofo.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-jicofo.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.jitsi.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "jitsi-jicofo"
+  namespace: {{ .Values.apps.jitsi.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "jitsi-jicofo"
+  targets:
+    - kubernetes:
+        name: "jitsi-prosody.{{ coalesce .Values.apps.jitsi.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-jvb.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-jvb.yaml
@@ -0,0 +1,31 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.jitsi.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "jitsi-jvb"
+  namespace: {{ .Values.apps.jitsi.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "jitsi-jvb"
+  targets:
+    - kubernetes:
+        name: "jitsi-prosody.{{ coalesce .Values.apps.jitsi.namespace .Release.Namespace }}"
+    - internet:
+        ips:
+          # Cloud provider instance metadata
+          - "169.254.169.254"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-opendesk-jitsi.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-opendesk-jitsi.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.jitsi.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "jitsi-opendesk-jitsi"
+  namespace: {{ .Values.apps.jitsi.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "jitsi-opendesk-jitsi"
+  targets:
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-prosody.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-prosody.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.jitsi.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "jitsi-prosody"
+  namespace: {{ .Values.apps.jitsi.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "jitsi-prosody"
+  targets:
+    - kubernetes:
+        name: "opendesk-matrix-user-verification-service.{{ coalesce .Values.apps.element.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-web.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/jitsi-web.yaml
@@ -0,0 +1,30 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.jitsi.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "jitsi-web"
+  namespace: {{ .Values.apps.jitsi.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "jitsi-web"
+  targets:
+    - kubernetes:
+        name: "jitsi-prosody.{{ coalesce .Values.apps.jitsi.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "opendesk-jitsi-keycloak-adapter.{{ coalesce .Values.apps.jitsi.namespace .Release.Namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/mariadb-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/mariadb-bootstrap.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.mariadb.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "mariadb-bootstrap"
+  namespace: {{ .Values.apps.mariadb.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "mariadb-bootstrap"
+  targets:
+    - kubernetes:
+        name: "mariadb.{{ coalesce .Values.apps.mariadb.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-adminbot-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-adminbot-bootstrap.yaml
@@ -0,0 +1,29 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.elementAdmin.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "matrix-adminbot-bootstrap"
+  namespace: {{ .Values.apps.elementAdmin.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "matrix-adminbot-bootstrap"
+    kind: "Job"
+  targets:
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-auditbot-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-auditbot-bootstrap.yaml
@@ -0,0 +1,29 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.elementAdmin.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "matrix-auditbot-bootstrap"
+  namespace: {{ .Values.apps.elementAdmin.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "matrix-auditbot-bootstrap"
+    kind: "Job"
+  targets:
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-neodatefix-bot-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-neodatefix-bot-bootstrap.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.element.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "matrix-neodatefix-bot-bootstrap"
+  namespace: {{ .Values.apps.element.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "matrix-neodatefix-bot-bootstrap"
+  targets:
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-neodatefix-bot.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/matrix-neodatefix-bot.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.element.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "matrix-neodatefix-bot"
+  namespace: {{ .Values.apps.element.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "matrix-neodatefix-bot"
+  targets:
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/minio-provisioning.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/minio-provisioning.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.minio.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "minio-provisioning"
+  namespace: {{ .Values.apps.minio.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "minio-provisioning"
+  targets:
+    - kubernetes:
+        name: "minio.{{ coalesce .Values.apps.minio.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/nubus-nginx-s3-gateway.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/nubus-nginx-s3-gateway.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "nubus-nginx-s3-gateway"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "nubus-nginx-s3-gateway"
+  targets:
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-bootstrap.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.oxAppSuite.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "open-xchange-bootstrap"
+  namespace: {{ .Values.apps.oxAppSuite.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "open-xchange-bootstrap"
+  targets:
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-connector.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-connector.yaml
@@ -0,0 +1,36 @@
+{{/*
+SPDX-FileCopyrightText: 2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.oxAppSuite.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "open-xchange-connector"
+  namespace: {{ .Values.apps.oxAppSuite.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "open-xchange-connector"
+  targets:
+    - kubernetes:
+        name: "ums-provisioning-api"
+    {{- if .Values.apps.oxAppSuite.enabled }}
+    - kubernetes:
+        name: "open-xchange-core-mw.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace}}"
+    {{- end }}
+    {{- if .Values.apps.xwiki.enabled }}
+    - kubernetes:
+        name: "xwiki.{{ coalesce .Values.apps.xwiki.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-core-mw-groupware.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-core-mw-groupware.yaml
@@ -0,0 +1,70 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.oxAppSuite.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "open-xchange-core-mw-groupware"
+  namespace: {{ .Values.apps.oxAppSuite.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "open-xchange-core-mw"
+  targets:
+    {{- if .Values.apps.clamavSimple.enabled }}
+    - kubernetes:
+        name: "clamav-simple.{{ coalesce .Values.apps.clamavSimple.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.clamavDistributed.enabled }}
+    - kubernetes:
+        name: "clamav-distributed.{{ coalesce .Values.apps.clamavDistributed.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.mariadb.enabled }}
+    - kubernetes:
+        name: "mariadb.{{ coalesce .Values.apps.mariadb.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "open-xchange-core-documentconverter.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+        kind: "Deployment"
+    - kubernetes:
+        name: "open-xchange-core-imageconverter.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+        kind: "Deployment"
+    - kubernetes:
+        name: "open-xchange-dovecot.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "open-xchange-postfix.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    {{- if .Values.apps.element.enabled }}
+    - kubernetes:
+        name: "opendesk-synapse-web.{{ coalesce .Values.apps.element.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.nextcloud.enabled }}
+    - kubernetes:
+        name: "opendesk-nextcloud-aio.{{ coalesce .Values.apps.nextcloud.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis.{{ coalesce .Values.apps.redis.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.nubus.enabled }}
+    - kubernetes:
+        name: "ums-ldap-server-primary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    {{- end }}
+    - kubernetes:
+          name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+          kind: "Deployment"
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-core-ui-middleware.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-core-ui-middleware.yaml
@@ -0,0 +1,39 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.oxAppSuite.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "open-xchange-core-ui-middleware"
+  namespace: {{ .Values.apps.oxAppSuite.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "open-xchange-core-ui-middleware"
+  targets:
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis.{{ coalesce .Values.apps.redis.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "open-xchange-guard-ui.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "open-xchange-core-ui.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "open-xchange-guidedtours.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "open-xchange-nextcloud-integration-ui.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "open-xchange-public-sector-ui.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-dovecot.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-dovecot.yaml
@@ -0,0 +1,41 @@
+{{/*
+SPDX-FileCopyrightText: 2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.oxAppSuite.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "open-xchange-dovecot"
+  namespace: {{ .Values.apps.oxAppSuite.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "open-xchange-dovecot"
+  targets:
+    {{- if .Values.apps.nubus.enabled }}
+    - kubernetes:
+        name: "ums-ldap-server-primary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    {{- end }}
+    {{- if .Values.apps.postfix.enabled }}
+    - kubernetes:
+        name: "postfix.{{ coalesce .Values.apps.postfix.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+    {{- if .Values.apps.cassandra.enabled }}
+    - kubernetes:
+        name: "cassandra.{{ coalesce .Values.apps.cassandra.namespace .Release.Namespace }}"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-imageconverter.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-imageconverter.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.oxAppSuite.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "open-xchange-imageconverter"
+  namespace: {{ .Values.apps.oxAppSuite.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "open-xchange-imageconverter"
+  targets:
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-postfix.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/open-xchange-postfix.yaml
@@ -0,0 +1,40 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "open-xchange-postfix"
+  namespace: {{ .Values.apps.oxAppSuite.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "open-xchange-postfix"
+  targets:
+    {{- if .Values.apps.clamavDistributed.enabled }}
+      - kubernetes:
+          name: "clamav-milter.{{ coalesce .Values.apps.clamavDistributed.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.clamavSimple.enabled}}
+      - kubernetes:
+          name: "clamav-simple.{{ coalesce .Values.apps.clamavSimple.namespace .Release.Namespace }}"
+    {{- end }}
+      - kubernetes:
+          name: "open-xchange-dovecot.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    {{- if .Values.apps.dkimpy.enabled }}
+      - kubernetes:
+          name: "dkimpy-milter.{{ coalesce .Values.apps.dkimpy.namespace .Release.Namespace }}"
+    {{- end }}
+      - internet:
+          domains:
+            - "{{ .Values.smtp.host }}"
+...
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-jitsi-keycloak-adapter.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-jitsi-keycloak-adapter.yaml
@@ -0,0 +1,29 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.jitsi.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-jitsi-keycloak-adapter"
+  namespace: {{ .Values.apps.jitsi.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-jitsi-keycloak-adapter"
+    kind: "Deployment"
+  targets:
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-keycloak-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-keycloak-bootstrap.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-keycloak-bootstrap"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-keycloak-bootstrap"
+  targets:
+    - kubernetes:
+        name: "ums-keycloak.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-matrix-user-verification-service-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-matrix-user-verification-service-bootstrap.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.element.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-matrix-user-verification-service-bootstrap"
+  namespace: {{ .Values.apps.element.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-matrix-user-verification-service-bootstrap"
+  targets:
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-matrix-user-verification-service.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-matrix-user-verification-service.yaml
@@ -0,0 +1,31 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.element.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-matrix-user-verification-service"
+  namespace: {{ .Values.apps.element.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-matrix-user-verification-service"
+  targets:
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+    - internet:
+        domains:
+          - "registry.npmjs.org"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-migrations-post.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-migrations-post.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.migrations.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-migrations-post"
+  namespace: {{ .Values.apps.migrations.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-migrations-post"
+  targets:
+    - internet:
+        domains:
+          - {{ .Values.cluster.api.domain }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-migrations-pre.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-migrations-pre.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.migrations.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-migrations-pre"
+  namespace: {{ .Values.apps.migrations.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-migrations-pre"
+  targets:
+    - internet:
+        domains:
+          - {{ .Values.cluster.api.domain }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-aio-cron.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-aio-cron.yaml
@@ -0,0 +1,52 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nextcloud.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-nextcloud-aio-cron"
+  namespace: {{ .Values.apps.nextcloud.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-nextcloud-aio-cron"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis"
+    {{- end }}
+    {{- if .Values.apps.nubus.enabled }}
+    - kubernetes:
+        name: "ums-ldap-server-primary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    {{- end }}
+    {{- if .Values.apps.clamavSimple.enabled }}
+    - kubernetes:
+        name: "clamav-simple.{{ coalesce .Values.apps.clamavSimple.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.postfix.enabled }}
+    - kubernetes:
+        name: "postfix.{{ coalesce .Values.apps.postfix.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+    - internet:
+        domains:
+          - "cloud.nextcloud.com"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-aio.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-aio.yaml
@@ -0,0 +1,53 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nextcloud.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-nextcloud-aio"
+  namespace: {{ .Values.apps.nextcloud.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-nextcloud-aio"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis"
+    {{- end }}
+    {{- if .Values.apps.nubus.enabled }}
+    - kubernetes:
+        name: "ums-ldap-server-primary"
+        kind: "StatefulSet"
+    - kubernetes:
+        name: "ums-portal-server"
+    {{- end }}
+    {{- if .Values.apps.clamavSimple.enabled }}
+    - kubernetes:
+        name: "clamav-simple"
+    {{- end }}
+    {{- if .Values.apps.postfix.enabled }}
+    - kubernetes:
+        name: "postfix"
+    {{- end }}
+    - kubernetes:
+        name: "opendesk-nextcloud-notifypush"
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-exporter.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-exporter.yaml
@@ -0,0 +1,30 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nextcloud.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-nextcloud-exporter"
+  namespace: {{ .Values.apps.nextcloud.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-nextcloud-exporter"
+  targets:
+    - kubernetes:
+        name: "opendesk-nextcloud-aio.{{ coalesce .Values.apps.nextcloud.namespace .Release.Namespace }}"
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-management.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-management.yaml
@@ -0,0 +1,33 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nextcloud.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-nextcloud-management"
+  namespace: {{ .Values.apps.nextcloud.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-nextcloud-management"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis.{{ coalesce .Values.apps.redis.namespace .Release.Namespace }}"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-notifypush.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-nextcloud-notifypush.yaml
@@ -0,0 +1,35 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nextcloud.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-nextcloud-notifypush"
+  namespace: {{ .Values.apps.nextcloud.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-nextcloud-notifypush"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.redis.enabled }}
+    - kubernetes:
+        name: "redis.{{ coalesce .Values.apps.redis.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "opendesk-nextcloud-aio.{{ coalesce .Values.apps.nextcloud.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-openproject-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-openproject-bootstrap.yaml
@@ -0,0 +1,28 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.openproject.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-openproject-bootstrap"
+  namespace: {{ .Values.apps.openproject.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-openproject-bootstrap"
+  targets:
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-admin-cron.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-admin-cron.yaml
@@ -0,0 +1,35 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.elementAdmin.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-synapse-admin-cron"
+  namespace: {{ .Values.apps.elementAdmin.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-synapse-admin-cron"
+  targets:
+    - kubernetes:
+        name: "ums-ldap-server-primary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    - kubernetes:
+        name: "ums-ldap-server-secondary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-admin.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-admin.yaml
@@ -0,0 +1,29 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.elementAdmin.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-synapse-admin"
+  namespace: {{ .Values.apps.elementAdmin.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-synapse-admin"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-adminbot-pipe.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-adminbot-pipe.yaml
@@ -0,0 +1,29 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.elementAdmin.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-synapse-adminbot-pipe"
+  namespace: {{ .Values.apps.elementAdmin.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-synapse-adminbot-pipe"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "opendesk-synapse-web.{{ coalesce .Values.apps.element.namespace .Release.Namespace }}"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-auditbot-pipe.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-auditbot-pipe.yaml
@@ -0,0 +1,29 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.elementAdmin.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-synapse-auditbot-pipe"
+  namespace: {{ .Values.apps.elementAdmin.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-synapse-auditbot-pipe"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "opendesk-synapse-web.{{ coalesce .Values.apps.element.namespace .Release.Namespace }}"
+    {{- end }}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-groupsync
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-groupsync
@@ -0,0 +1,37 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.elementGroupsync.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-synapse-groupsync"
+  namespace: {{ .Values.apps.elementGroupsync.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-synapse-groupsync"
+  targets:
+    {{- if .Values.apps.element.enabled }}
+    - kubernetes:
+        name: "opendesk-synapse-web.{{ coalesce .Values.apps.element.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.nubus.enabled }}
+    - kubernetes:
+        name: "ums-ldap-server-primary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    - kubernetes:
+        name: "ums-ldap-server-secondary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    {{- end}}
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-web.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse-web.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.element.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-synapse-web"
+  namespace: {{ .Values.apps.element.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-synapse-web"
+  targets:
+    - kubernetes:
+        name: "opendesk-synapse.{{ coalesce .Values.apps.element.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/opendesk-synapse.yaml
@@ -0,0 +1,40 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.element.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "opendesk-synapse"
+  namespace: {{ .Values.apps.element.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "opendesk-synapse"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.elementAdmin.enabled }}
+    - kubernetes:
+        name: "opendesk-synapse-auditbot-pipe.{{ coalesce .Values.apps.elementAdmin.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "opendesk-synapse-adminbot-pipe.{{ coalesce .Values.apps.elementAdmin.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "opendesk-synapse-groupsync.{{ coalesce .Values.apps.elementAdmin.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+          name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+          kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/openproject-seeder.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/openproject-seeder.yaml
@@ -0,0 +1,36 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.openproject.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "openproject-seeder"
+  namespace: {{ .Values.apps.openproject.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "openproject-seeder"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.memcached.enabled }}
+    - kubernetes:
+        name: "memcached.{{ coalesce .Values.apps.memcached.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/openproject.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/openproject.yaml
@@ -0,0 +1,48 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.openproject.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "openproject"
+  namespace: {{ .Values.apps.openproject.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "openproject"
+  targets:
+    {{- if .Values.apps.memcached.enabled }}
+    - kubernetes:
+        name: "memcached.{{ coalesce .Values.apps.memcached.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.postfix.enabled }}
+    - kubernetes:
+        name: "postfix.{{ coalesce .Values.apps.postfix.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.nubus.enabled }}
+    - kubernetes:
+        name: "ums-ldap-server-primary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+        kind: "StatefulSet"
+    {{- end }}
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+    - internet:
+        domains:
+          - "{{ .Values.cluster.networking.ingressGatewayIP }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/postfix.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/postfix.yaml
@@ -0,0 +1,44 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.postfix.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "postfix"
+  namespace: {{ .Values.apps.postfix.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "postfix"
+  targets:
+    {{- if .Values.apps.clamavDistributed.enabled }}
+    - kubernetes:
+        name: "clamav-milter.{{ coalesce .Values.apps.clamavDistributed.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.clamavSimple.enabled }}
+    - kubernetes:
+        name: "clamav-simple.{{ coalesce .Values.apps.clamavSimple.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.dovecot.enabled }}
+    - kubernetes:
+        name: "open-xchange-dovecot.{{ coalesce .Values.apps.oxAppSuite.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.dkimpy.enabled }}
+    - kubernetes:
+        name: "dkimpy-milter.{{ coalesce .Values.apps.dkimpy.namespace .Release.Namespace }}"
+    {{- end }}
+    - internet:
+        domains:
+          - "{{ .Values.smtp.host }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/postgresql-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/postgresql-bootstrap.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.postgresql.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "postgresql-bootstrap"
+  namespace: {{ .Values.apps.postgresql.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "postgresql-bootstrap"
+  targets:
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak-bootstrap.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak-bootstrap.yaml
@@ -0,0 +1,30 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "ums-keycloak-bootstrap"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "ums-keycloak-bootstrap"
+  targets:
+    - kubernetes:
+        name: "ums-keycloak.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak-extensions-handler.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak-extensions-handler.yaml
@@ -0,0 +1,35 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "ums-keycloak-extensions-handler"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "ums-keycloak-extensions-handler"
+  targets:
+    {{- if .Values.apps.postfix.enabled }}
+    - kubernetes:
+        name: "postfix.{{ coalesce .Values.apps.postfix.namespace .Release.Namespace }}"
+    {{- end }}
+    {{- if .Values.apps.postgresql.enabled}}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "ums-keycloak.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak-extensions-proxy.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak-extensions-proxy.yaml
@@ -0,0 +1,31 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "ums-keycloak-extensions-proxy"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "ums-keycloak-extensions-proxy"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        name: "ums-keycloak.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-keycloak.yaml
@@ -0,0 +1,35 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "ums-keycloak"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "ums-keycloak"
+  targets:
+    {{- if .Values.apps.postgresql.enabled }}
+    - kubernetes:
+        name: "postgresql.{{ coalesce .Values.apps.postgresql.namespace .Release.Namespace }}"
+    {{- end }}
+    - kubernetes:
+        kind: "StatefulSet"
+        name: "ums-ldap-server-primary.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+    - kubernetes:
+        name: "{{ .Values.ingressController.name }}.{{ .Values.ingressController.namespace }}"
+        kind: "Deployment"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-ldap-notifier.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-ldap-notifier.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "ums-ldap-notifier"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "ums-ldap-notifier"
+  targets:
+    - kubernetes:
+        name: "ums-provisioning-udm-listener.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-ldap-server-primary.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-ldap-server-primary.yaml
@@ -0,0 +1,30 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "ums-ldap-server-primary"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "ums-ldap-server-primary"
+  targets:
+    - kubernetes:
+        name: "ums-keycloak.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+    - internet:
+        domains:
+          - "{{ .Values.cluster.api.domain }}"
+...
+{{- end }}
--- a/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-ldap-server-secondary.yaml
+++ b/helmfile/apps/opendesk-services/charts/opendesk-otterize/templates/ClientIntents/ums-ldap-server-secondary.yaml
@@ -0,0 +1,27 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+{{- if and .Values.apps.nubus.enabled .Values.clientIntents.enabled }}
+---
+apiVersion: {{ .Values.clientIntents.apiVersion | quote }}
+kind: "ClientIntents"
+metadata:
+  name: "ums-ldap-server-secondary"
+  namespace: {{ .Values.apps.nubus.namespace | default .Release.Namespace | quote }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+spec:
+  workload:
+    name: "ums-ldap-server-secondary"
+  targets:
+    - kubernetes:
+        name: "ums-keycloak.{{ coalesce .Values.apps.nubus.namespace .Release.Namespace }}"
+...
+{{- end }}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Sven-Erik Schmidt	d778e28913	feat(opendesk-services): Add opendesk-otterize	2025-11-13 17:14:31 +01:00
Sven-Erik Schmidt	7aa717c050	fix(helmfile): Streamline annotations	2025-11-12 11:28:49 +01:00
Oliver Günther	19438c0281	feat(openproject): Update OpenProject from 16.5.1 to 16.6.0	2025-11-11 10:53:50 +00:00
Clément Aubin	02a3b77114	fix(xwiki): Update XWiki from 17.4.4 to 17.4.7	2025-11-10 15:46:13 +00:00