sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 15:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: sheppy:weber/update-notes
Branches Tags
sheppy:develop sheppy:renovate/univention sheppy:renovate/openxchange sheppy:trossner/gpg-keys sheppy:trossner/mail_doc sheppy:tkaltenbrunner/fix-milter sheppy:ntretkowski/intercom-update sheppy:b1-boekhorst/nc_testing_encryption_bfp_nginx sheppy:trossner/ox_deputy sheppy:kuntke/size-profiles sheppy:trossner/misc_1.11.0 sheppy:feat/openproject/bump-16-6-2 sheppy:renovate/opf-helm-charts-openproject-11.x sheppy:rohland/selfsigned sheppy:sschmidt/feat_update_otterize sheppy:sell/opendesk-exporter sheppy:trossner/coco-update sheppy:renovate/lasuite-impress-y-provider-4.x sheppy:renovate/opf-helm-charts-openproject-10.x sheppy:renovate/openproject sheppy:renovate/nordeck sheppy:renovate/element sheppy:renovate/collabora sheppy:lender/test-externalsecrets sheppy:rfischer/baseline_requirements_update_2025 sheppy:chore/kyverno-sec sheppy:sell/pythonic-charts-local sheppy:trossner/ox-jitsi sheppy:irondesk-preview sheppy:chore/open-xchange/update-8.43 sheppy:b1-boekhorst/nc_basicauth_testing sheppy:lluerenbaum/develop sheppy:rfischer/nc_sharereview_app sheppy:tkaltenbrunner/fix/new-element-chart sheppy:vpracht/demo sheppy:main sheppy:b1-boekhorst/nc_status_php sheppy:gaberb1/postfix-sasl-security-options sheppy:ntretkowski/nubus-v1.15.0 sheppy:ntretkowski/ox-connector-v0.32.2 sheppy:sschmidt/feat_add_otterize_chart sheppy:b1-boekhorst/nc_bfp sheppy:trossner/nc_31-0-9 sheppy:trossner/token_exchange sheppy:boekhorst/nc_31-0-10_testing sheppy:ntretkowski/nubus-v1.14.1 sheppy:tkaltenbrunner/fix/dovecot-migration sheppy:tkaltenbrunner/fix/dovecot-caches sheppy:tkaltenbrunner/fix/postfix-transport sheppy:chore/open-xchange/update-8.42 sheppy:dkaminski/ca_certs sheppy:dpapoutsis/bundled-keycloak-secrets sheppy:boekhorst/favicon_resize sheppy:irondesk sheppy:boekhorst/nc_31-0-9 sheppy:migration_test sheppy:sschmidt/fix_services_otterize_intents sheppy:mmeschter/nats-secrets-refactor sheppy:sccon_2025 sheppy:jtorres/ox-test sheppy:lender/feat-externalsecrets-xwiki sheppy:sschmidt/fix_nubus_opendesk_keycloak_bootstrap_annotation sheppy:ntretkowski/nubus-2fa-upgrade-fix sheppy:jlohmer/ox-connector-helm-unittests sheppy:mmeschter/develop sheppy:tkaltenbrunner/fix/ox-push-notification sheppy:cgarcia/develop sheppy:trossner/fix_storageclassnames sheppy:jconde/ox-groups-deletion sheppy:ntretkowski/nubus-v1.13.1 sheppy:jtorres/develop sheppy:tkaltenbrunner/fix/opendesk-impress-customization sheppy:jconde/develop sheppy:mgcm/test/mas-upstream sheppy:document-nordeck-widgets sheppy:trossner/upd_jitsi_10431 sheppy:chaack/feat_add_jitsi_patchJVB_backoffLimit sheppy:trossner/xwiki_solr_image sheppy:1.7+harbor-fixes sheppy:lender/feat-externalsecrets-notes sheppy:tkaltenbrunner/fix/dovecot-fts sheppy:lender/feat-externalsecrets-postfix-dovecot sheppy:heading-capitalization-harmonization sheppy:lender/feat-externalsecrets-minio sheppy:jconde/debug-no-portal-tiles sheppy:hermann/feat-support-nginx-security-defaults sheppy:jtorres/ox-connector-manager-tests sheppy:jtorres/1.12.0-kc-bootstrap sheppy:sell/prometheus-nats-exporter sheppy:jconde/ics-secret-refactor sheppy:tkaltenbrunner/fix/postfix-submissions sheppy:jconde/debug-ics-with-keycloak-26.3 sheppy:data_storage_doc sheppy:tkaltenbrunner/fix/coco-internal sheppy:sell/keycloak-metrics sheppy:jconde/ox-connector-fixes sheppy:jlohmer/ox-connector-test sheppy:gaberb1/wip-ci sheppy:weber/update-notes sheppy:lender/feat-externalsecrets-redis sheppy:lender/feat-externalsecrets-opendesk-services sheppy:lender/feat-externalsecrets-collabora sheppy:lender/feat-externalsecrets-cassandra sheppy:lender/feat-externalsecrets-nextcloud sheppy:lender/feat-externalsecrets-openproject-bootstrap sheppy:thollwed/doc-bawue-migration-dev sheppy:1.5+nats-fix sheppy:trossner/nc_31.0.5 sheppy:sell/nubus-liveness-customization sheppy:integration-opendesk-family sheppy:gsautner/fix_nc_custom_baseDn sheppy:tkaltenbrunner/fix/ox-external-secrets sheppy:tlatz/portal_update sheppy:jbornhold/tmp-portal-update sheppy:trossner/temp_kc26.2.2_preview sheppy:yschmidt/nubus-v1.9.1-twofa-helpdesk sheppy:mmoura/phone-dial-in sheppy:lender/feat-externalsecrets-mariadb sheppy:lender/feat-externalsecrets-postgresql sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap-1725.191 sheppy:ys/dev-helpdesk sheppy:tkaltenbrunner/fix/dovecot-acls sheppy:ox-vpracht/dovecot-conf sheppy:renovate/major-openproject sheppy:renovate/major-platform sheppy:renovate/lasuite-impress-y-provider-3.x sheppy:renovate/lasuite-impress-y-provider-2.x sheppy:renovate/xwiki sheppy:trossner/nc_notifypush sheppy:cnegrini/load sheppy:nic/feat/ZO-155_dialin_docs sheppy:feat/dovecot-config sheppy:yschmidt/s3-region-example sheppy:trossner/nubus_ox_consumer sheppy:yschmidt/s3-region-vars sheppy:jschulz/fix_nubus-consumer-pvc-size sheppy:el/t3chguy/element-web-modules sheppy:jahlers/2fa-helpdesk sheppy:trossner/notes_guest_access sheppy:thollwed/nubus-v1.6.0-integration sheppy:jschulz/fix_set_jitsi_element_antiaffinity sheppy:jbornhold/nubus-v1.6.0-s3-ingress sheppy:chore/open-xchange/release-8.34 sheppy:jconde/test-ox-packaging sheppy:jtorres/ox-extension-integration sheppy:jschulz/feat_helmfile-enable-intents sheppy:chore/openproject/15-3-changes sheppy:nc-main sheppy:fischer/review-apps sheppy:jconde/fix-intercom-element sheppy:trossner/nc_notify_push sheppy:docs/nubus-version sheppy:schneemann/ingress-nginx-max-version sheppy:jlohmer/configurable-udm-listener-password sheppy:jtorres/hotfix-ics-secret sheppy:jtorres/ics-redis-ssl sheppy:dkaminski/feat/annotations sheppy:trossner/fix/openproject sheppy:jconde/ox-connector-kyverno sheppy:jconde/ics-kyverno-changes sheppy:chore/open-xchange/bump-8-31 sheppy:mmoura/feat_test sheppy:dkaminski/fix/nubus-v0.72.0 sheppy:jconde/ics-filepicker-fix sheppy:trossner/update_migrs sheppy:nic/qa/develop sheppy:nic/fix/widgets-no-guests sheppy:uv-jconde/plain-nubus sheppy:nubus/main sheppy:uv-jbornhold/preview-fe sheppy:nic/fix/undo-439-add-widgets sheppy:jtorres/bump-0.60-cache-http sheppy:acaceres/develop sheppy:fix/trossner/dominiks_improvements sheppy:uv-jbornhold/plain-nubus-3 sheppy:nubus-update-2024-09-16-backup sheppy:trossner/nubus-update-2024-09-16-ldap-mig sheppy:nic/feat/matrix-neoboard-widget-1.19.1 sheppy:jconde/integrate-ox-connector sheppy:jbornhold/include-ldap-migration-script sheppy:acaceres/integrate-ox-connector sheppy:uv-jbornhold/plain-nubus-2 sheppy:jtorres/clients-fixup sheppy:jconde/system-information sheppy:jtorres/remove-admin-credentials sheppy:jbornhold/develop sheppy:chore/openproject/bump-14-5-0 sheppy:temp/trossner/kcupd-fr sheppy:nubus/fix-domain-configuration sheppy:uv-fix/default-service-loglevel sheppy:uv-jlohmer/consumer-race-condition sheppy:uv-jconde/umc-plain-login sheppy:uv-jconde/statefulset-keycloak sheppy:jlohmer/develop sheppy:fix/tkaltenbrunner/oxmonitoring sheppy:jtorres/udm-loader sheppy:nubus/tkintscher/fix-fsnotify-load sheppy:nubus/wip-jbornhold-test sheppy:jbornhold/small-fixes sheppy:nubus/jconde-test-users sheppy:feat/nubus-updates sheppy:uv-jlohmer/manual-deploy-jobs sheppy:uv-jtorres/login-tiles sheppy:uv-jbornhold/fix-e2e-test-configuration sheppy:uv-jlohmer/fix-feature-flag-typo sheppy:uv-jbornhold/fix-e2e-test-configuration-test sheppy:uv-acaceres/register-ox-connector sheppy:uv-jtorres/keycloak-upgrade sheppy:uv-jtorres/create-readonly-user sheppy:uv-acaceres/update-provisioning-and-stack-data sheppy:uv-jlohmer/selfservice-consumer sheppy:uv-jlohmer/provisioning-consumer-feature-flag sheppy:uv-jconde/test-email-e2e-tests sheppy:jlohmer/nubus-updates-provisioning sheppy:nubus/provisioning-consumer-integration sheppy:uv-dkaminski/cert-manager-support sheppy:uv-jbornhold/update-portal-frontend sheppy:uv-provisioning-consumer-integration sheppy:uv-jtorres/opendesk-udm-loader sheppy:uv-jtorres/ox-extensions-to-data-loader sheppy:uv-jbornhold/update-stack-data sheppy:uv-maildev-ci-setup sheppy:uv-jconde/umc-server-session-stickyness sheppy:uv-jbornhold/cleanup sheppy:uv-dtroeder/raise-helm-timeout sheppy:uv-dtroeder/prov-int-biscet sheppy:uv-spike-plain-nubus sheppy:jtorres/univention-keycloak-provisioning sheppy:fix/trossner/proxy_ips sheppy:uv-jlohmer/provisioning-consumer-integration sheppy:uv-jconde/menu-patches sheppy:jconde/use-nubus-umbrella sheppy:jconde/udm-rest-api-fix sheppy:sandersen/develop sheppy:b1-demo1 sheppy:jbornhold/tmp-test-od-main-0.9.0 sheppy:feat/use-nubus-umbrella-2 sheppy:OC000007901454-main-patch-76476 sheppy:jtorres/allow-theme-configuration sheppy:acaceres/debug-ox-error sheppy:101-add-configmap-checksum-check-to-postfix-helm-chart sheppy:trossner/fix/op_guests sheppy:renovate/platform sheppy:feat/ldap-scalability sheppy:jlohmer/split-provisioning-listener sheppy:feat/update-keycloak-related-charts sheppy:acaceres/update-selfservice-to-use-provisioning sheppy:feat/nubus-keycloak-extensions sheppy:feat/nubus-keycloak-bootstrap sheppy:feat/nubus-provisioning-with-selfservice sheppy:refactor/ums-umbrella-values sheppy:54-issue-with-invitation-password-reset-mails sheppy:nic/fix/ew-1.11.59-widget-sync sheppy:trossner/fix/renovate sheppy:nic/test/ew-1.11.59 sheppy:feat/mon-redis sheppy:feat/mon-jitsi sheppy:feat/mon-ox sheppy:feat/mon-xwiki sheppy:v0.5.74-patch1
sheppy:v1.10.0 sheppy:v1.9.0 sheppy:v1.8.0 sheppy:v1.7.1 sheppy:v1.7.0 sheppy:v1.6.0 sheppy:v1.5.0 sheppy:v1.4.1 sheppy:v1.4.0 sheppy:v1.3.2 sheppy:v1.3.1 sheppy:v1.3.0 sheppy:v1.2.1 sheppy:v1.2.0 sheppy:v1.1.2 sheppy:v1.1.1 sheppy:v1.1.0 sheppy:v1.0.0 sheppy:v0.9.0 sheppy:v0.8.1 sheppy:v0.8.0 sheppy:v0.7.1 sheppy:v0.7.0 sheppy:v0.6.0 sheppy:v0.5.81 sheppy:v0.5.80 sheppy:v0.5.79 sheppy:v0.5.78 sheppy:v0.5.74 sheppy:24.03 sheppy:v0.5.77 sheppy:v0.5.76 sheppy:v0.5.75 sheppy:v0.5.73 sheppy:v0.5.72 sheppy:v0.5.71 sheppy:v0.5.70 sheppy:v0.5.69 sheppy:v0.5.68 sheppy:v0.5.67 sheppy:v0.5.66 sheppy:v0.5.65 sheppy:v0.5.64 sheppy:v0.5.63 sheppy:v0.5.62 sheppy:v0.5.61 sheppy:v0.5.60 sheppy:v0.5.59 sheppy:v0.5.58 sheppy:v0.5.57 sheppy:v0.5.56 sheppy:v0.5.55 sheppy:v0.5.54 sheppy:v0.5.53 sheppy:v0.5.52 sheppy:v0.5.51 sheppy:v0.5.50 sheppy:v0.5.49 sheppy:v0.5.48 sheppy:v0.5.47 sheppy:v0.5.46 sheppy:v0.5.45 sheppy:v0.5.44 sheppy:v0.5.43 sheppy:v0.5.42 sheppy:v0.5.41 sheppy:v0.5.40 sheppy:v0.5.39 sheppy:v0.5.38 sheppy:23.12 sheppy:v0.5.37 sheppy:v0.5.36 sheppy:v0.5.35 sheppy:v0.5.34 sheppy:v0.5.33 sheppy:v0.5.32 sheppy:v0.5.31 sheppy:v0.5.30 sheppy:v0.5.29 sheppy:v0.5.28 sheppy:v0.5.27 sheppy:v0.5.26 sheppy:v0.5.25 sheppy:v0.5.24 sheppy:v0.5.23 sheppy:v0.5.22 sheppy:v0.5.21 sheppy:v0.5.20 sheppy:v0.5.19 sheppy:v0.5.18 sheppy:v0.5.17 sheppy:v0.5.16 sheppy:v0.5.15 sheppy:v0.5.14 sheppy:v0.5.13 sheppy:v0.5.12 sheppy:v0.5.11 sheppy:v0.5.10 sheppy:v0.5.9 sheppy:v0.5.8 sheppy:v0.5.7 sheppy:v0.5.6 sheppy:v0.5.5 sheppy:v0.5.4 sheppy:v0.5.3 sheppy:v0.5.2 sheppy:v0.5.1 sheppy:v0.5.0 sheppy:v0.4.9 sheppy:v0.4.8 sheppy:v0.4.7 sheppy:v0.4.6 sheppy:v0.4.5 sheppy:v0.4.4 sheppy:v0.4.3 sheppy:v0.4.2 sheppy:v0.4.1 sheppy:v0.4.0 sheppy:v0.3.2 sheppy:v0.3.1 sheppy:v0.3.0 sheppy:v0.2.10 sheppy:v0.2.9 sheppy:v0.2.8 sheppy:v0.2.7 sheppy:v0.2.6 sheppy:v0.2.5 sheppy:v0.2.4 sheppy:v0.2.3 sheppy:v0.2.2 sheppy:v0.2.1 sheppy:v0.2.0 sheppy:v0.1.2 sheppy:v0.1.1 sheppy:v0.1.0 sheppy:v0.0.6 sheppy:v0.0.5 sheppy:v0.0.4 sheppy:v0.0.3 sheppy:v0.0.2 sheppy:v0.0.1
...
compare: sheppy:gaberb1/wip-ci
Branches Tags
sheppy:renovate/univention sheppy:renovate/openxchange sheppy:trossner/gpg-keys sheppy:trossner/mail_doc sheppy:tkaltenbrunner/fix-milter sheppy:ntretkowski/intercom-update sheppy:b1-boekhorst/nc_testing_encryption_bfp_nginx sheppy:trossner/ox_deputy sheppy:kuntke/size-profiles sheppy:trossner/misc_1.11.0 sheppy:feat/openproject/bump-16-6-2 sheppy:renovate/opf-helm-charts-openproject-11.x sheppy:rohland/selfsigned sheppy:sschmidt/feat_update_otterize sheppy:sell/opendesk-exporter sheppy:trossner/coco-update sheppy:renovate/lasuite-impress-y-provider-4.x sheppy:renovate/opf-helm-charts-openproject-10.x sheppy:renovate/openproject sheppy:renovate/nordeck sheppy:renovate/element sheppy:renovate/collabora sheppy:lender/test-externalsecrets sheppy:develop sheppy:rfischer/baseline_requirements_update_2025 sheppy:chore/kyverno-sec sheppy:sell/pythonic-charts-local sheppy:trossner/ox-jitsi sheppy:irondesk-preview sheppy:chore/open-xchange/update-8.43 sheppy:b1-boekhorst/nc_basicauth_testing sheppy:lluerenbaum/develop sheppy:rfischer/nc_sharereview_app sheppy:tkaltenbrunner/fix/new-element-chart sheppy:vpracht/demo sheppy:main sheppy:b1-boekhorst/nc_status_php sheppy:gaberb1/postfix-sasl-security-options sheppy:ntretkowski/nubus-v1.15.0 sheppy:ntretkowski/ox-connector-v0.32.2 sheppy:sschmidt/feat_add_otterize_chart sheppy:b1-boekhorst/nc_bfp sheppy:trossner/nc_31-0-9 sheppy:trossner/token_exchange sheppy:boekhorst/nc_31-0-10_testing sheppy:ntretkowski/nubus-v1.14.1 sheppy:tkaltenbrunner/fix/dovecot-migration sheppy:tkaltenbrunner/fix/dovecot-caches sheppy:tkaltenbrunner/fix/postfix-transport sheppy:chore/open-xchange/update-8.42 sheppy:dkaminski/ca_certs sheppy:dpapoutsis/bundled-keycloak-secrets sheppy:boekhorst/favicon_resize sheppy:irondesk sheppy:boekhorst/nc_31-0-9 sheppy:migration_test sheppy:sschmidt/fix_services_otterize_intents sheppy:mmeschter/nats-secrets-refactor sheppy:sccon_2025 sheppy:jtorres/ox-test sheppy:lender/feat-externalsecrets-xwiki sheppy:sschmidt/fix_nubus_opendesk_keycloak_bootstrap_annotation sheppy:ntretkowski/nubus-2fa-upgrade-fix sheppy:jlohmer/ox-connector-helm-unittests sheppy:mmeschter/develop sheppy:tkaltenbrunner/fix/ox-push-notification sheppy:cgarcia/develop sheppy:trossner/fix_storageclassnames sheppy:jconde/ox-groups-deletion sheppy:ntretkowski/nubus-v1.13.1 sheppy:jtorres/develop sheppy:tkaltenbrunner/fix/opendesk-impress-customization sheppy:jconde/develop sheppy:mgcm/test/mas-upstream sheppy:document-nordeck-widgets sheppy:trossner/upd_jitsi_10431 sheppy:chaack/feat_add_jitsi_patchJVB_backoffLimit sheppy:trossner/xwiki_solr_image sheppy:1.7+harbor-fixes sheppy:lender/feat-externalsecrets-notes sheppy:tkaltenbrunner/fix/dovecot-fts sheppy:lender/feat-externalsecrets-postfix-dovecot sheppy:heading-capitalization-harmonization sheppy:lender/feat-externalsecrets-minio sheppy:jconde/debug-no-portal-tiles sheppy:hermann/feat-support-nginx-security-defaults sheppy:jtorres/ox-connector-manager-tests sheppy:jtorres/1.12.0-kc-bootstrap sheppy:sell/prometheus-nats-exporter sheppy:jconde/ics-secret-refactor sheppy:tkaltenbrunner/fix/postfix-submissions sheppy:jconde/debug-ics-with-keycloak-26.3 sheppy:data_storage_doc sheppy:tkaltenbrunner/fix/coco-internal sheppy:sell/keycloak-metrics sheppy:jconde/ox-connector-fixes sheppy:jlohmer/ox-connector-test sheppy:gaberb1/wip-ci sheppy:weber/update-notes sheppy:lender/feat-externalsecrets-redis sheppy:lender/feat-externalsecrets-opendesk-services sheppy:lender/feat-externalsecrets-collabora sheppy:lender/feat-externalsecrets-cassandra sheppy:lender/feat-externalsecrets-nextcloud sheppy:lender/feat-externalsecrets-openproject-bootstrap sheppy:thollwed/doc-bawue-migration-dev sheppy:1.5+nats-fix sheppy:trossner/nc_31.0.5 sheppy:sell/nubus-liveness-customization sheppy:integration-opendesk-family sheppy:gsautner/fix_nc_custom_baseDn sheppy:tkaltenbrunner/fix/ox-external-secrets sheppy:tlatz/portal_update sheppy:jbornhold/tmp-portal-update sheppy:trossner/temp_kc26.2.2_preview sheppy:yschmidt/nubus-v1.9.1-twofa-helpdesk sheppy:mmoura/phone-dial-in sheppy:lender/feat-externalsecrets-mariadb sheppy:lender/feat-externalsecrets-postgresql sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap sheppy:thollwed/feat_readonly-filesystem-keycloak-bootstrap-1725.191 sheppy:ys/dev-helpdesk sheppy:tkaltenbrunner/fix/dovecot-acls sheppy:ox-vpracht/dovecot-conf sheppy:renovate/major-openproject sheppy:renovate/major-platform sheppy:renovate/lasuite-impress-y-provider-3.x sheppy:renovate/lasuite-impress-y-provider-2.x sheppy:renovate/xwiki sheppy:trossner/nc_notifypush sheppy:cnegrini/load sheppy:nic/feat/ZO-155_dialin_docs sheppy:feat/dovecot-config sheppy:yschmidt/s3-region-example sheppy:trossner/nubus_ox_consumer sheppy:yschmidt/s3-region-vars sheppy:jschulz/fix_nubus-consumer-pvc-size sheppy:el/t3chguy/element-web-modules sheppy:jahlers/2fa-helpdesk sheppy:trossner/notes_guest_access sheppy:thollwed/nubus-v1.6.0-integration sheppy:jschulz/fix_set_jitsi_element_antiaffinity sheppy:jbornhold/nubus-v1.6.0-s3-ingress sheppy:chore/open-xchange/release-8.34 sheppy:jconde/test-ox-packaging sheppy:jtorres/ox-extension-integration sheppy:jschulz/feat_helmfile-enable-intents sheppy:chore/openproject/15-3-changes sheppy:nc-main sheppy:fischer/review-apps sheppy:jconde/fix-intercom-element sheppy:trossner/nc_notify_push sheppy:docs/nubus-version sheppy:schneemann/ingress-nginx-max-version sheppy:jlohmer/configurable-udm-listener-password sheppy:jtorres/hotfix-ics-secret sheppy:jtorres/ics-redis-ssl sheppy:dkaminski/feat/annotations sheppy:trossner/fix/openproject sheppy:jconde/ox-connector-kyverno sheppy:jconde/ics-kyverno-changes sheppy:chore/open-xchange/bump-8-31 sheppy:mmoura/feat_test sheppy:dkaminski/fix/nubus-v0.72.0 sheppy:jconde/ics-filepicker-fix sheppy:trossner/update_migrs sheppy:nic/qa/develop sheppy:nic/fix/widgets-no-guests sheppy:uv-jconde/plain-nubus sheppy:nubus/main sheppy:uv-jbornhold/preview-fe sheppy:nic/fix/undo-439-add-widgets sheppy:jtorres/bump-0.60-cache-http sheppy:acaceres/develop sheppy:fix/trossner/dominiks_improvements sheppy:uv-jbornhold/plain-nubus-3 sheppy:nubus-update-2024-09-16-backup sheppy:trossner/nubus-update-2024-09-16-ldap-mig sheppy:nic/feat/matrix-neoboard-widget-1.19.1 sheppy:jconde/integrate-ox-connector sheppy:jbornhold/include-ldap-migration-script sheppy:acaceres/integrate-ox-connector sheppy:uv-jbornhold/plain-nubus-2 sheppy:jtorres/clients-fixup sheppy:jconde/system-information sheppy:jtorres/remove-admin-credentials sheppy:jbornhold/develop sheppy:chore/openproject/bump-14-5-0 sheppy:temp/trossner/kcupd-fr sheppy:nubus/fix-domain-configuration sheppy:uv-fix/default-service-loglevel sheppy:uv-jlohmer/consumer-race-condition sheppy:uv-jconde/umc-plain-login sheppy:uv-jconde/statefulset-keycloak sheppy:jlohmer/develop sheppy:fix/tkaltenbrunner/oxmonitoring sheppy:jtorres/udm-loader sheppy:nubus/tkintscher/fix-fsnotify-load sheppy:nubus/wip-jbornhold-test sheppy:jbornhold/small-fixes sheppy:nubus/jconde-test-users sheppy:feat/nubus-updates sheppy:uv-jlohmer/manual-deploy-jobs sheppy:uv-jtorres/login-tiles sheppy:uv-jbornhold/fix-e2e-test-configuration sheppy:uv-jlohmer/fix-feature-flag-typo sheppy:uv-jbornhold/fix-e2e-test-configuration-test sheppy:uv-acaceres/register-ox-connector sheppy:uv-jtorres/keycloak-upgrade sheppy:uv-jtorres/create-readonly-user sheppy:uv-acaceres/update-provisioning-and-stack-data sheppy:uv-jlohmer/selfservice-consumer sheppy:uv-jlohmer/provisioning-consumer-feature-flag sheppy:uv-jconde/test-email-e2e-tests sheppy:jlohmer/nubus-updates-provisioning sheppy:nubus/provisioning-consumer-integration sheppy:uv-dkaminski/cert-manager-support sheppy:uv-jbornhold/update-portal-frontend sheppy:uv-provisioning-consumer-integration sheppy:uv-jtorres/opendesk-udm-loader sheppy:uv-jtorres/ox-extensions-to-data-loader sheppy:uv-jbornhold/update-stack-data sheppy:uv-maildev-ci-setup sheppy:uv-jconde/umc-server-session-stickyness sheppy:uv-jbornhold/cleanup sheppy:uv-dtroeder/raise-helm-timeout sheppy:uv-dtroeder/prov-int-biscet sheppy:uv-spike-plain-nubus sheppy:jtorres/univention-keycloak-provisioning sheppy:fix/trossner/proxy_ips sheppy:uv-jlohmer/provisioning-consumer-integration sheppy:uv-jconde/menu-patches sheppy:jconde/use-nubus-umbrella sheppy:jconde/udm-rest-api-fix sheppy:sandersen/develop sheppy:b1-demo1 sheppy:jbornhold/tmp-test-od-main-0.9.0 sheppy:feat/use-nubus-umbrella-2 sheppy:OC000007901454-main-patch-76476 sheppy:jtorres/allow-theme-configuration sheppy:acaceres/debug-ox-error sheppy:101-add-configmap-checksum-check-to-postfix-helm-chart sheppy:trossner/fix/op_guests sheppy:renovate/platform sheppy:feat/ldap-scalability sheppy:jlohmer/split-provisioning-listener sheppy:feat/update-keycloak-related-charts sheppy:acaceres/update-selfservice-to-use-provisioning sheppy:feat/nubus-keycloak-extensions sheppy:feat/nubus-keycloak-bootstrap sheppy:feat/nubus-provisioning-with-selfservice sheppy:refactor/ums-umbrella-values sheppy:54-issue-with-invitation-password-reset-mails sheppy:nic/fix/ew-1.11.59-widget-sync sheppy:trossner/fix/renovate sheppy:nic/test/ew-1.11.59 sheppy:feat/mon-redis sheppy:feat/mon-jitsi sheppy:feat/mon-ox sheppy:feat/mon-xwiki sheppy:v0.5.74-patch1
sheppy:v1.10.0 sheppy:v1.9.0 sheppy:v1.8.0 sheppy:v1.7.1 sheppy:v1.7.0 sheppy:v1.6.0 sheppy:v1.5.0 sheppy:v1.4.1 sheppy:v1.4.0 sheppy:v1.3.2 sheppy:v1.3.1 sheppy:v1.3.0 sheppy:v1.2.1 sheppy:v1.2.0 sheppy:v1.1.2 sheppy:v1.1.1 sheppy:v1.1.0 sheppy:v1.0.0 sheppy:v0.9.0 sheppy:v0.8.1 sheppy:v0.8.0 sheppy:v0.7.1 sheppy:v0.7.0 sheppy:v0.6.0 sheppy:v0.5.81 sheppy:v0.5.80 sheppy:v0.5.79 sheppy:v0.5.78 sheppy:v0.5.74 sheppy:24.03 sheppy:v0.5.77 sheppy:v0.5.76 sheppy:v0.5.75 sheppy:v0.5.73 sheppy:v0.5.72 sheppy:v0.5.71 sheppy:v0.5.70 sheppy:v0.5.69 sheppy:v0.5.68 sheppy:v0.5.67 sheppy:v0.5.66 sheppy:v0.5.65 sheppy:v0.5.64 sheppy:v0.5.63 sheppy:v0.5.62 sheppy:v0.5.61 sheppy:v0.5.60 sheppy:v0.5.59 sheppy:v0.5.58 sheppy:v0.5.57 sheppy:v0.5.56 sheppy:v0.5.55 sheppy:v0.5.54 sheppy:v0.5.53 sheppy:v0.5.52 sheppy:v0.5.51 sheppy:v0.5.50 sheppy:v0.5.49 sheppy:v0.5.48 sheppy:v0.5.47 sheppy:v0.5.46 sheppy:v0.5.45 sheppy:v0.5.44 sheppy:v0.5.43 sheppy:v0.5.42 sheppy:v0.5.41 sheppy:v0.5.40 sheppy:v0.5.39 sheppy:v0.5.38 sheppy:23.12 sheppy:v0.5.37 sheppy:v0.5.36 sheppy:v0.5.35 sheppy:v0.5.34 sheppy:v0.5.33 sheppy:v0.5.32 sheppy:v0.5.31 sheppy:v0.5.30 sheppy:v0.5.29 sheppy:v0.5.28 sheppy:v0.5.27 sheppy:v0.5.26 sheppy:v0.5.25 sheppy:v0.5.24 sheppy:v0.5.23 sheppy:v0.5.22 sheppy:v0.5.21 sheppy:v0.5.20 sheppy:v0.5.19 sheppy:v0.5.18 sheppy:v0.5.17 sheppy:v0.5.16 sheppy:v0.5.15 sheppy:v0.5.14 sheppy:v0.5.13 sheppy:v0.5.12 sheppy:v0.5.11 sheppy:v0.5.10 sheppy:v0.5.9 sheppy:v0.5.8 sheppy:v0.5.7 sheppy:v0.5.6 sheppy:v0.5.5 sheppy:v0.5.4 sheppy:v0.5.3 sheppy:v0.5.2 sheppy:v0.5.1 sheppy:v0.5.0 sheppy:v0.4.9 sheppy:v0.4.8 sheppy:v0.4.7 sheppy:v0.4.6 sheppy:v0.4.5 sheppy:v0.4.4 sheppy:v0.4.3 sheppy:v0.4.2 sheppy:v0.4.1 sheppy:v0.4.0 sheppy:v0.3.2 sheppy:v0.3.1 sheppy:v0.3.0 sheppy:v0.2.10 sheppy:v0.2.9 sheppy:v0.2.8 sheppy:v0.2.7 sheppy:v0.2.6 sheppy:v0.2.5 sheppy:v0.2.4 sheppy:v0.2.3 sheppy:v0.2.2 sheppy:v0.2.1 sheppy:v0.2.0 sheppy:v0.1.2 sheppy:v0.1.1 sheppy:v0.1.0 sheppy:v0.0.6 sheppy:v0.0.5 sheppy:v0.0.4 sheppy:v0.0.3 sheppy:v0.0.2 sheppy:v0.0.1

35 Commits
weber/upda ... gaberb1/wi

Author SHA1 Message Date
Philip Gaber
94012f7921 chore: troubleshoot 2025-07-15 10:17:34 +02:00
Philip Gaber
bb0706dff0 chore: back 2025-07-15 10:13:02 +02:00
Philip Gaber
f88a365019 chore: Link to dev branch 2025-07-15 10:06:03 +02:00
Thorsten Roßner
c858692e6b chore(release): 1.6.0 [skip ci] 
# [1.6.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.5.0...v1.6.0) (2025-07-14)

### Bug Fixes

* **dovecot-pro:** Use of `requiredEnv` instead of `env` and update `README-EE.md` ([a79e40f](a79e40f44a))
* **helmfile:** Prefix NATS passwords as workaround for upstream issue and add documentation to `gettings-started.md` [[#185](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/185), [#202](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/202)] ([7f478bf](7f478bffd6))
* **helmfile:** Remove default setting from `repositories.helm.registryOpencodeDeEnterprise` for better support of `PRIVATE_HELM_REGISTRY_URL` ([c5dd881](c5dd8814ae))
* **helmfile:** Set `nubusKeycloakBootstrap` debug mode when openDesk is running in debug mode ([4e0ffee](4e0ffeea1f))
* **helmfile:** Streamline license header comment style [[#192](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/192)] ([20cbad3](20cbad31e7))
* **nubus:** Explicitly template `nubusStackDataUms.stackDataContext.portalFqdn` to fix custom hostname support [[#193](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/193)] ([6aa6d3a](6aa6d3af2f))
* **nubus:** Replace openDesk portal fork with upstream `portal-frontend` image ([e4f1afc](e4f1afca0f))
* **nubus:** Update from 1.11.1 to 1.11.2 ([237c9af](237c9af3c1))
* **open-xchange:** Add missing `imagePullSecrets` for `core-imageconverter` and `core-documentconverter` ([9b7f439](9b7f439d83))
* **open-xchange:** Enable `com.openexchange.smime.test` only when openDesk is running with `debug.enabled: true` ([51ff7a5](51ff7a5fdb))
* **open-xchange:** Enable searching by LDAP `mailAlternativeAddress` when resolving global contacts. Note: OX App Suite evaluates all `mailAlternativeAddress` values of a user when searching, but only the first address is returned, which might differ from the one that matched the search criteria. ([9014324](9014324156))
* **open-xchange:** Use `objectstore.dovecot.secretKey` when defined ([5c33226](5c332264ed))
* **opendesk-services:** Add missing certificates ([acbabdb](acbabdb806))
* **openproject:** Update from 16.1.0 to 16.1.1 ([e30d4f1](e30d4f126d))

### Features

* **collabora:** Update from 24.04.13 to 25.04.2 ([c56f564](c56f564025))
* **element:** Update NeoBoard from 2.1.0 to 2.2.1, NeoChoice from 1.5.1. to 1.5.2, NeoDateFix from 1.7.0 to 1.7.1 widgets and NeoDateFixBot from 2.8.2 to 2.8.3 latest releases ([98d31f8](98d31f811b))
* **helmfile:** Add options in `functional.yaml.gotmpl` for setting the portal's corner links, toggling the welcome message and the newsfeed ([1a6f438](1a6f438724))
* **nextcloud:** Update from 30.0.10 to 31.0.6 and support for notify-push ([a4c8be6](a4c8be60f3))
* **nubus:** Update from 1.9.1 to 1.11.1; required minimum openDesk version for this upgrade is 1.5.0, see `migrations.md` for details ([ccd5ab8](ccd5ab84e3))
* **open-xchange:** Store attachments for calendar, contact and task objects in object storage; review `migrations.md` for required upgrade steps ([4eb6570](4eb6570b0a))
* **open-xchange:** Updated OX App Suite from 8.37 to 8.38 ([2b31751](2b317514c6))
 2025-07-14 11:19:43 +00:00
Thorsten Roßner
de1554aed1 chore(publiccode.yml): Update for 1.6.0 2025-07-12 14:55:55 +02:00
Philip Gaber
a79e40f44a fix(dovecot-pro): Use of requiredEnv instead of env and update README-EE.md 2025-07-12 14:55:55 +02:00
Thomas Kaltenbrunner
5c332264ed fix(open-xchange): Use objectstore.dovecot.secretKey when defined 2025-07-12 14:55:55 +02:00
Thorsten Roßner
22c179d3f2 ci(db-cleanup): Fix cleanup when values files are loaded including go-template placeholders 2025-07-12 14:55:55 +02:00
Thorsten Roßner
20cbad31e7 fix(helmfile): Streamline license header comment style [#192] 2025-07-12 14:55:55 +02:00
Norbert Tretkowski
237c9af3c1 fix(nubus): Update from 1.11.1 to 1.11.2 2025-07-12 14:55:55 +02:00
Thomas Kaltenbrunner
acbabdb806 fix(opendesk-services): Add missing certificates 2025-07-12 14:55:55 +02:00
Philip Gaber
a4c8be60f3 feat(nextcloud): Update from 30.0.10 to 31.0.6 and support for notify-push 2025-07-12 14:55:55 +02:00
Franz Kuntke
9e92aa3005 ci(cleanup): Extend db-cleanup to flush data of external-services at StackIT 2025-07-12 14:55:55 +02:00
Thorsten Roßner
5160711050 chore(nubus): Update wrong SHA for nubusBlocklistCleanup to existing image on the openCode mirror 2025-07-12 14:55:55 +02:00
Mikhail Aheichyk
98d31f811b feat(element): Update NeoBoard from 2.1.0 to 2.2.1, NeoChoice from 1.5.1. to 1.5.2, NeoDateFix from 1.7.0 to 1.7.1 widgets and NeoDateFixBot from 2.8.2 to 2.8.3 latest releases 2025-07-12 14:55:55 +02:00
Thorsten Roßner
26e4b54cad docs(gettings-started.md): Explicitly require ingressClassName 2025-07-12 14:55:55 +02:00
Thorsten Roßner
7ae716bc82 docs(theming.md): Improve wording 2025-07-12 14:55:55 +02:00
Thorsten Roßner
d39c406d63 docs(migrations.md): Add "deprecation warning" section 2025-07-12 14:55:55 +02:00
Thorsten Roßner
1a6f438724 feat(helmfile): Add options in functional.yaml.gotmpl for setting the portal's corner links, toggling the welcome message and the newsfeed 2025-07-12 14:55:55 +02:00
Thorsten Roßner
e4f1afca0f fix(nubus): Replace openDesk portal fork with upstream portal-frontend image 2025-07-12 14:55:55 +02:00
Thorsten Roßner
19f4ea90e2 chore(helmfile): Set global.systemInformation.releaseVersion to v1.6.0 to allow migration tests 2025-07-12 14:55:55 +02:00
Thorsten Roßner
8777722cf1 ci(cleanup): Echo info which namespace is being worked on 2025-07-12 14:55:55 +02:00
Thorsten Roßner
0cc04c0be0 docs(data-storage.md): Update NC,XWiki as they use PostgreSQL as default, fix provisioning listener table entry [#198, #200] 2025-07-12 14:55:55 +02:00
Thorsten Roßner
6aa6d3af2f fix(nubus): Explicitly template nubusStackDataUms.stackDataContext.portalFqdn to fix custom hostname support [#193] 2025-07-12 14:55:55 +02:00
Thorsten Roßner
4e0ffeea1f fix(helmfile): Set nubusKeycloakBootstrap debug mode when openDesk is running in debug mode 2025-07-12 14:55:55 +02:00
Norbert Tretkowski
ccd5ab84e3 feat(nubus): Update from 1.9.1 to 1.11.1; required minimum openDesk version for this upgrade is 1.5.0, see migrations.md for details 2025-07-12 14:55:55 +02:00
René Fischer
8d832107c1 chore(publiccode.yml): Add English translation 2025-07-12 14:55:55 +02:00
Thorsten Roßner
51ff7a5fdb fix(open-xchange): Enable com.openexchange.smime.test only when openDesk is running with debug.enabled: true 2025-07-12 14:55:55 +02:00
Thorsten Roßner
4eb6570b0a feat(open-xchange): Store attachments for calendar, contact and task objects in object storage; review migrations.md for required upgrade steps 2025-07-12 14:55:55 +02:00
Philip Gaber
9b7f439d83 fix(open-xchange): Add missing imagePullSecrets for core-imageconverter and core-documentconverter 2025-07-12 14:55:55 +02:00
Viktor Pracht
2b317514c6 feat(open-xchange): Updated OX App Suite from 8.37 to 8.38 2025-07-12 14:55:55 +02:00
Thomas Kaltenbrunner
9014324156 fix(open-xchange): Enable searching by LDAP mailAlternativeAddress when resolving global contacts. Note: OX App Suite evaluates all mailAlternativeAddress values of a user when searching, but only the first address is returned, which might differ from the one that matched the search criteria. 2025-07-12 14:55:55 +02:00
Thorsten Roßner
c5dd8814ae fix(helmfile): Remove default setting from repositories.helm.registryOpencodeDeEnterprise for better support of PRIVATE_HELM_REGISTRY_URL 2025-07-12 14:55:55 +02:00
Thorsten Roßner
c56f564025 feat(collabora): Update from 24.04.13 to 25.04.2 2025-07-12 14:55:55 +02:00
Oliver Günther
e30d4f126d fix(openproject): Update from 16.1.0 to 16.1.1 2025-07-12 14:55:33 +02:00
110 changed files with 1510 additions and 933 deletions
Expand all files Collapse all files

174
.gitlab-ci.yml
View File

@@ -17,7 +17,7 @@ include:
- local: "/.gitlab/lint/lint-reuse.yml" - local: "/.gitlab/lint/lint-reuse.yml"
- project: "${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}" - project: "${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}"
file: "gitlab/environments.yaml" file: "gitlab/environments.yaml"
ref: "main" ref: "gaberb1/ci-od-customization"
- local: "/.gitlab/lint/lint-opendesk.yml" - local: "/.gitlab/lint/lint-opendesk.yml"
rules: rules:
- if: > - if: >
@@ -80,6 +80,11 @@ variables:
options: options:
- "yes" - "yes"
- "no" - "no"
FLUSH_EXTERNAL_SERVICES_TYPE:
description: >
Select the type of external services (e.g. "RUN", or "STACKIT"), as they require different
cleanup strategies. Requires `FLUSH_EXTERNAL_SERVICES_BEFORE=yes`.
value: "RUN"
DEBUG_ENABLED: DEBUG_ENABLED:
description: > description: >
Allows to set `debug.enabled` to true for a deployment, needs to be supported by stage specific Allows to set `debug.enabled` to true for a deployment, needs to be supported by stage specific
@@ -241,7 +246,7 @@ variables:
image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:${HELM_IMAGE_PIN}" image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/helm:${HELM_IMAGE_PIN}"
script: script:
- "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}" - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
# MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD # MASTER_PASSWORD_WEB_VAR has precedence for MASTER_PASSWORD
- | - |
if ! [ -z "${MASTER_PASSWORD_WEB_VAR}" ]; then if ! [ -z "${MASTER_PASSWORD_WEB_VAR}" ]; then
export MASTER_PASSWORD="${MASTER_PASSWORD_WEB_VAR}" export MASTER_PASSWORD="${MASTER_PASSWORD_WEB_VAR}"
@@ -272,53 +277,74 @@ db-cleanup:
when: "on_success" when: "on_success"
script: script:
# yamllint disable-line rule:line-length rule:quoted-strings # yamllint disable-line rule:line-length rule:quoted-strings
- export FILES=(${CI_PROJECT_DIR}/helmfile/environments/default/database.yaml.gotmpl ${CI_PROJECT_DIR}/helmfile/environments/dev/write-over-values-for-environment.yaml.gotmpl)
# Cleanup MariaDB
- | - |
export DATABASES="oxAppSuite" echo "Checking FLUSH_EXTERNAL_SERVICES_TYPE value..."
export MARIADB_HOST="" case "$FLUSH_EXTERNAL_SERVICES_TYPE" in
export MARIADB_PORT="" "RUN")
export MARIADB_USERNAME="" echo " ... running flush procedure for RUN cluster."
export MARIADB_PASSWORD="" ;;
"STACKIT")
echo " ... running flush procedure for STACKIT provider."
;;
*)
echo "ERROR: FLUSH_EXTERNAL_SERVICES_TYPE is not set to valid value."
echo " Expected 'RUN' or 'STACKIT', got ${FLUSH_EXTERNAL_SERVICES_TYPE}."
exit 1
;;
esac
- |
# TODO: Adjust this when the CI improvement ist complete
export FILES=(
"${CI_PROJECT_DIR}/helmfile/environments/default/database.yaml.gotmpl"
"${CI_PROJECT_DIR}/helmfile/environments/dev/values.yaml.gotmpl"
"${CI_PROJECT_DIR}/helmfile/environments/dev/write-over-values-for-environment.yaml.gotmpl"
)
# Cleanup MariaDB
- "export MARIADB_HOST=\"\""
- "export MARIADB_PORT=\"\""
- "export MARIADB_USERNAME=\"\""
- "export MARIADB_PASSWORD=\"\""
- "export ENV_DATABASE=\"oxAppSuite\""
for DATABASE in $DATABASES; do # Parse cluster values
export ENV_DATABASE=${DATABASE} - |
for FILE in ${FILES[@]}; do
# Parse cluster values if [ -f ${FILE} ]; then
for FILE in ${FILES[@]}; do if [[ $(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)]') != "null" ]]; then
if [ -f ${FILE} ]; then MARIADB_DATABASE=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].name')
if [[ $(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)]') != "null" ]]; then MARIADB_USERNAME=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].username')
MARIADB_DATABASE=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].name') MARIADB_PASSWORD=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].password')
MARIADB_USERNAME=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].username') MARIADB_HOST=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].host')
MARIADB_PASSWORD=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].password') MARIADB_PORT=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].port')
MARIADB_HOST=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].host')
MARIADB_PORT=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].port')
fi;
fi; fi;
done;
CONNECTION="--host=${MARIADB_HOST} \
--port=${MARIADB_PORT} \
--user=${MARIADB_USERNAME} \
--password=${MARIADB_PASSWORD} \
--skip-ssl"
echo "[mysql] [${ENV_DATABASE}] DROP ${MARIADB_DATABASE} on ${MARIADB_HOST}"
mariadb ${CONNECTION} -e "DROP DATABASE IF EXISTS ${MARIADB_DATABASE};"
if [ "${ENV_DATABASE}" = "oxAppSuite" ]; then
echo "[mysql] [${ENV_DATABASE}] DROP oxguard on ${MARIADB_HOST}"
mariadb ${CONNECTION} -e "DROP DATABASE IF EXISTS oxguard;"
echo "[mysql] [${ENV_DATABASE}] DROP oxguard_1 on ${MARIADB_HOST}"
mariadb ${CONNECTION} -e "DROP DATABASE IF EXISTS oxguard_1;"
echo "[mysql] [${ENV_DATABASE}] DROP PRIMARYDB_9 on ${MARIADB_HOST}"
mariadb ${CONNECTION} -e "DROP DATABASE IF EXISTS PRIMARYDB_9;"
else
mariadb ${CONNECTION} -e "CREATE DATABASE ${MARIADB_DATABASE};"
mariadb ${CONNECTION} -e "GRANT ALL PRIVILEGES ON ${MARIADB_DATABASE}.* TO ${MARIADB_USERNAME}@\"%\";"
mariadb ${CONNECTION} -e "FLUSH PRIVILEGES;"
fi; fi;
done; done;
- |
export CONNECTION=(
"--host=${MARIADB_HOST}"
"--port=${MARIADB_PORT}"
"--user=${MARIADB_USERNAME}"
"--password=${MARIADB_PASSWORD}"
"--skip-ssl"
)
- "echo \"[mysql] [${ENV_DATABASE}] DROP ${MARIADB_DATABASE} on ${MARIADB_HOST}\""
- "mariadb ${CONNECTION[@]} -e \"DROP DATABASE IF EXISTS ${MARIADB_DATABASE};\""
- |
if [ "${ENV_DATABASE}" = "oxAppSuite" ]; then
echo "[mysql] [${ENV_DATABASE}] DROP oxguard on ${MARIADB_HOST}"
mariadb ${CONNECTION[@]} -e "DROP DATABASE IF EXISTS oxguard;"
echo "[mysql] [${ENV_DATABASE}] DROP oxguard_1 on ${MARIADB_HOST}"
mariadb ${CONNECTION[@]} -e "DROP DATABASE IF EXISTS oxguard_1;"
echo "[mysql] [${ENV_DATABASE}] DROP PRIMARYDB_9 on ${MARIADB_HOST}"
mariadb ${CONNECTION[@]} -e "DROP DATABASE IF EXISTS PRIMARYDB_9;"
else
mariadb ${CONNECTION[@]} -e "CREATE DATABASE ${MARIADB_DATABASE};"
mariadb ${CONNECTION[@]} -e "GRANT ALL PRIVILEGES ON ${MARIADB_DATABASE}.* TO ${MARIADB_USERNAME}@\"%\";"
mariadb ${CONNECTION[@]} -e "FLUSH PRIVILEGES;"
fi;
# Cleanup PostgreSQL # Cleanup PostgreSQL
- | - |
export DATABASES="keycloak keycloakExtension nextcloud notes openproject synapse umsGuardianManagementApi \ export DATABASES="keycloak keycloakExtension nextcloud notes openproject synapse umsGuardianManagementApi \
@@ -336,26 +362,37 @@ db-cleanup:
# Parse cluster values # Parse cluster values
for FILE in ${FILES[@]}; do for FILE in ${FILES[@]}; do
if [ -f $FILE ]; then if [ -f $FILE ]; then
if [[ $(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)]') != "null" ]]; then if [[ $(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)]') != "null" ]]; then
POSTGRES_DATABASE=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].name') POSTGRES_DATABASE=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].name')
PGUSER=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].username') PGUSER=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].username')
PGPASSWORD=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].password') PGPASSWORD=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].password')
PGHOST=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].host') PGHOST=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].host')
PGPORT=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].port') PGPORT=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].port')
PGPARAMS=$(tail -n +5 $FILE | yq '.databases.[env(ENV_DATABASE)].parameters') PGPARAMS=$(tail -n +1 $FILE | grep -v '{{' | yq '.databases.[env(ENV_DATABASE)].parameters')
fi; fi;
fi; fi;
done; done;
echo "[psql] [${ENV_DATABASE}] DROP ${POSTGRES_DATABASE} on ${PGHOST}"
psql -c "DROP DATABASE ${POSTGRES_DATABASE}" || true; case "$FLUSH_EXTERNAL_SERVICES_TYPE" in
if [ "${PGPARAMS}" = "null" ]; then "STACKIT")
psql -c "CREATE DATABASE \"${POSTGRES_DATABASE}\";" # In case of STACKIT resources the db content should just be dropped
else echo "[psql] [${ENV_DATABASE}] DROP OWNED BY ${PGUSER} in ${POSTGRES_DATABASE} on ${PGHOST}"
psql -c "CREATE DATABASE \"${POSTGRES_DATABASE}\" ${PGPARAMS};" psql -c "DROP OWNED BY ${PGUSER}" || true;
fi; ;;
psql -c "ALTER DATABASE \"${POSTGRES_DATABASE}\" OWNER TO \"${PGUSER}\""; *)
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${POSTGRES_DATABASE}\" TO \"${PGUSER}\""; # Usually, e.g. in "RUN" cluster, databases can simply be dropped and recreated
echo "[psql] [${ENV_DATABASE}] DROP ${POSTGRES_DATABASE} on ${PGHOST}"
psql -c "DROP DATABASE ${POSTGRES_DATABASE}" || true;
if [ "${PGPARAMS}" = "null" ]; then
psql -c "CREATE DATABASE \"${POSTGRES_DATABASE}\";"
else
psql -c "CREATE DATABASE \"${POSTGRES_DATABASE}\" ${PGPARAMS};"
fi;
psql -c "ALTER DATABASE \"${POSTGRES_DATABASE}\" OWNER TO \"${PGUSER}\"";
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${POSTGRES_DATABASE}\" TO \"${PGUSER}\"";
;;
esac
done; done;
# Cleanup Objectstore # Cleanup Objectstore
- | - |
@@ -371,12 +408,12 @@ db-cleanup:
# Parse cluster values # Parse cluster values
for FILE in ${FILES[@]}; do for FILE in ${FILES[@]}; do
if [ -f $FILE ]; then if [ -f $FILE ]; then
if [[ $(tail -n +5 $FILE | yq '.objectstores.[env(ENV_BUCKET)]') != "null" ]]; then if [[ $(tail -n +1 $FILE | grep -v '{{' | yq '.objectstores.[env(ENV_BUCKET)]') != "null" ]]; then
AWS_BUCKET=$(tail -n +5 $FILE | yq '.objectstores.[env(ENV_BUCKET)].bucket') AWS_BUCKET=$(tail -n +1 $FILE | grep -v '{{' | yq '.objectstores.[env(ENV_BUCKET)].bucket')
AWS_ENDPOINT=$(tail -n +5 $FILE | yq '.objectstores.[env(ENV_BUCKET)].endpoint') AWS_ENDPOINT=$(tail -n +1 $FILE | grep -v '{{' | yq '.objectstores.[env(ENV_BUCKET)].endpoint')
AWS_ACCESS_KEY_ID=$(tail -n +5 $FILE | yq '.objectstores.[env(ENV_BUCKET)].username') AWS_ACCESS_KEY_ID=$(tail -n +1 $FILE | grep -v '{{' | yq '.objectstores.[env(ENV_BUCKET)].username')
AWS_SECRET_ACCESS_KEY=$(tail -n +5 $FILE | yq '.objectstores.[env(ENV_BUCKET)].secretKey') AWS_SECRET_ACCESS_KEY=$(tail -n +1 $FILE | grep -v '{{' | yq '.objectstores.[env(ENV_BUCKET)].secretKey')
AWS_DEFAULT_REGION=$(tail -n +5 $FILE | yq '.objectstores.[env(ENV_BUCKET)].region') AWS_DEFAULT_REGION=$(tail -n +1 $FILE | grep -v '{{' | yq '.objectstores.[env(ENV_BUCKET)].region')
fi; fi;
fi; fi;
done; done;
@@ -395,6 +432,7 @@ env-cleanup:
when: "on_success" when: "on_success"
script: script:
- | - |
echo "Cleaning up ${NAMESPACE}"
if [ "${OPENDESK_SLEDGEHAMMER_DESTROY_ENABLED}" = "yes" ]; then if [ "${OPENDESK_SLEDGEHAMMER_DESTROY_ENABLED}" = "yes" ]; then
for OPENDESK_RELEASE in $(helm ls -n ${NAMESPACE} -aq); do for OPENDESK_RELEASE in $(helm ls -n ${NAMESPACE} -aq); do
helm uninstall -n ${NAMESPACE} ${OPENDESK_RELEASE}; helm uninstall -n ${NAMESPACE} ${OPENDESK_RELEASE};
@@ -693,7 +731,8 @@ diff-on-branch:
BASE_URL="https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/archive" BASE_URL="https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/archive"
FILE_NAME="opendesk-${SAFE_BRANCH_NAME}.tar.gz" FILE_NAME="opendesk-${SAFE_BRANCH_NAME}.tar.gz"
curl -L "${BASE_URL}/${DIFF_ON_BRANCH}/${FILE_NAME}" -o branch.tar.gz curl -L "${BASE_URL}/${DIFF_ON_BRANCH}/${FILE_NAME}" -o branch.tar.gz
mkdir ${DIFF_ON_BRANCH_SUBDIRECTORY} && tar -xzf branch.tar.gz -C ${DIFF_ON_BRANCH_SUBDIRECTORY} --strip-components=1 mkdir ${DIFF_ON_BRANCH_SUBDIRECTORY} &&
tar -xzf branch.tar.gz -C ${DIFF_ON_BRANCH_SUBDIRECTORY} --strip-components=1
cd ${DIFF_ON_BRANCH_SUBDIRECTORY} cd ${DIFF_ON_BRANCH_SUBDIRECTORY}
helmfile --namespace ${NAMESPACE} diff | grep -v '^ ' || true helmfile --namespace ${NAMESPACE} diff | grep -v '^ ' || true
tags: tags:
@@ -729,6 +768,7 @@ import-default-accounts:
--admin_enable_knowledgemanagement True \ --admin_enable_knowledgemanagement True \
--admin_enable_projectmanagement True \ --admin_enable_projectmanagement True \
--create_admin_accounts True \ --create_admin_accounts True \
--create_maildomains True \
--verify_certificate False --verify_certificate False
run-tests: run-tests:

31
CHANGELOG.md
View File

@@ -1,3 +1,34 @@
# [1.6.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.5.0...v1.6.0) (2025-07-14)
### Bug Fixes
* **dovecot-pro:** Use of `requiredEnv` instead of `env` and update `README-EE.md` ([a79e40f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/a79e40f44af68a16f0944265cc447ec9b0d84922))
* **helmfile:** Prefix NATS passwords as workaround for upstream issue and add documentation to `gettings-started.md` [[#185](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/185), [#202](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/202)] ([7f478bf](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7f478bffd60bdf3af536bc593ef397d823a22e88))
* **helmfile:** Remove default setting from `repositories.helm.registryOpencodeDeEnterprise` for better support of `PRIVATE_HELM_REGISTRY_URL` ([c5dd881](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c5dd8814ae7576eaaf7cfcdd1cb4aa101f164c62))
* **helmfile:** Set `nubusKeycloakBootstrap` debug mode when openDesk is running in debug mode ([4e0ffee](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4e0ffeea1f9d0420c404d78c5188ff6bdb0f81ea))
* **helmfile:** Streamline license header comment style [[#192](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/192)] ([20cbad3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/20cbad31e75d9ae27081675072561650fa168935))
* **nubus:** Explicitly template `nubusStackDataUms.stackDataContext.portalFqdn` to fix custom hostname support [[#193](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/193)] ([6aa6d3a](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6aa6d3af2fed1be99b4f4eb5de2e2703ca00578a))
* **nubus:** Replace openDesk portal fork with upstream `portal-frontend` image ([e4f1afc](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e4f1afca0fdf4af184f4e287f1317ed57d229013))
* **nubus:** Update from 1.11.1 to 1.11.2 ([237c9af](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/237c9af3c16885b51dcd1d7c793bf7fd23dbcefb))
* **open-xchange:** Add missing `imagePullSecrets` for `core-imageconverter` and `core-documentconverter` ([9b7f439](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/9b7f439d83c9cd5a60b70f8d3ba7d36bb35ebd5c))
* **open-xchange:** Enable `com.openexchange.smime.test` only when openDesk is running with `debug.enabled: true` ([51ff7a5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/51ff7a5fdb7b7f3bdef02a32e44e6204df9db6ea))
* **open-xchange:** Enable searching by LDAP `mailAlternativeAddress` when resolving global contacts. Note: OX App Suite evaluates all `mailAlternativeAddress` values of a user when searching, but only the first address is returned, which might differ from the one that matched the search criteria. ([9014324](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/90143241564d7e66bf1b864c704e13c677dcbc93))
* **open-xchange:** Use `objectstore.dovecot.secretKey` when defined ([5c33226](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/5c332264edfcbb3343bcfd39352db6ddefd0a85c))
* **opendesk-services:** Add missing certificates ([acbabdb](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/acbabdb80662bf0599a157b24d3f8461e1f98cad))
* **openproject:** Update from 16.1.0 to 16.1.1 ([e30d4f1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e30d4f126dda29183cffc078307d41d3dce6f4fa))
### Features
* **collabora:** Update from 24.04.13 to 25.04.2 ([c56f564](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c56f564025531d25a1966792f8c161aedf644c99))
* **element:** Update NeoBoard from 2.1.0 to 2.2.1, NeoChoice from 1.5.1. to 1.5.2, NeoDateFix from 1.7.0 to 1.7.1 widgets and NeoDateFixBot from 2.8.2 to 2.8.3 latest releases ([98d31f8](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/98d31f811bdb007e40c4b3436ff65cdcf610db7e))
* **helmfile:** Add options in `functional.yaml.gotmpl` for setting the portal's corner links, toggling the welcome message and the newsfeed ([1a6f438](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1a6f438724cc442ca7b9c423a326c67690510301))
* **nextcloud:** Update from 30.0.10 to 31.0.6 and support for notify-push ([a4c8be6](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/a4c8be60f335af98270e40478e53e6fa34c23d38))
* **nubus:** Update from 1.9.1 to 1.11.1; required minimum openDesk version for this upgrade is 1.5.0, see `migrations.md` for details ([ccd5ab8](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/ccd5ab84e3f5bb67eb879a3683c299d7a61ddba0))
* **open-xchange:** Store attachments for calendar, contact and task objects in object storage; review `migrations.md` for required upgrade steps ([4eb6570](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/4eb6570b0a69931f09042bdc40edfad23e6f28c1))
* **open-xchange:** Updated OX App Suite from 8.37 to 8.38 ([2b31751](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/2b317514c61eba4ebc4cc9e7041aac606d8c16b8))
# [1.5.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.4.1...v1.5.0) (2025-06-16) # [1.5.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.4.1...v1.5.0) (2025-06-16)

11
README-EE.md
View File

@@ -150,3 +150,14 @@ openDesk updates OX App Suite in od CE and EE always to the same release version
- Dovecot Pro container image: Dovecot Pro is based on the open source components Dovecot and Pigeonhole but extended by modules providing additional functionality like obox2, cluster, cluster controller and dovecot fts. The additional modules make up about 15% of the overall Dovecot Pro code and are subject to a closed source license. - Dovecot Pro container image: Dovecot Pro is based on the open source components Dovecot and Pigeonhole but extended by modules providing additional functionality like obox2, cluster, cluster controller and dovecot fts. The additional modules make up about 15% of the overall Dovecot Pro code and are subject to a closed source license.
openDesk aims to keep Dovecot's shared codebases in sync between oD CE and EE, though the versioning between the releases differs (CE: 2.x, EE: 3.y). openDesk aims to keep Dovecot's shared codebases in sync between oD CE and EE, though the versioning between the releases differs (CE: 2.x, EE: 3.y).
Dovecot Pro requires two additional environment variables:
- `DOVECOT_CRYPT_PRIVATE_KEY`
- `DOVECOT_CRYPT_PUBLIC_KEY`
These variables must contain the base64 encoded strings of the private and public
key. These keys can be generated with the following commands:
- Private Key: `openssl genpkey -algorithm X25519 -out private.pem && cat private.pem | base64 -w0`
- Public Key: `openssl pkey -in private.pem -out public.pem -pubout && cat public.pem | base64 -w0`

10
README.md
View File

@@ -37,13 +37,13 @@ openDesk currently features the following functional main components:
| Chat & collaboration | Element ft. Nordeck widgets | [1.11.89](https://github.com/element-hq/element-desktop/releases/tag/v1.11.89) | [For the most recent release](https://element.io/user-guide) | | Chat & collaboration | Element ft. Nordeck widgets | [1.11.89](https://github.com/element-hq/element-desktop/releases/tag/v1.11.89) | [For the most recent release](https://element.io/user-guide) |
| Collaborative notes | Notes (aka Docs) | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1) | Online documentation/welcome document available in installed application | | Collaborative notes | Notes (aka Docs) | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1) | Online documentation/welcome document available in installed application |
| Diagram editor | CryptPad ft. diagrams.net | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) | | Diagram editor | CryptPad ft. diagrams.net | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
| File management | Nextcloud | [30.0.10](https://nextcloud.com/de/changelog/#30-0-10) | [Nextcloud 30](https://docs.nextcloud.com/) | | File management | Nextcloud | [31.0.6](https://nextcloud.com/de/changelog/#31-0-6) | [Nextcloud 31](https://docs.nextcloud.com/) |
| Groupware | OX App Suite | [8.37](https://documentation.open-xchange.com/appsuite/releases/8.37/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) | | Groupware | OX App Suite | [8.38](https://documentation.open-xchange.com/appsuite/releases/8.38/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
| Knowledge management | XWiki | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) | | Knowledge management | XWiki | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
| Portal & IAM | Nubus | [1.9.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-9-1-2025-05-07) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) | | Portal & IAM | Nubus | [1.11.2](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/changelog.html#version-1-11-2-2025-07-10) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
| Project management | OpenProject | [16.0.1](https://www.openproject.org/docs/release-notes/16-0-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) | | Project management | OpenProject | [16.1.1](https://www.openproject.org/docs/release-notes/16-1-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
| Videoconferencing | Jitsi | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) | | Videoconferencing | Jitsi | [2.0.9955](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9955) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
| Weboffice | Collabora | [24.04.13](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) | | Weboffice | Collabora | [25.04.2](https://www.collaboraoffice.com/code-25-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
While not all components are perfectly designed for the execution inside containers, one of the project's objectives is to While not all components are perfectly designed for the execution inside containers, one of the project's objectives is to
align the applications with best practices regarding container design and operations. align the applications with best practices regarding container design and operations.

84
docs/data-storage.md
View File

@@ -40,7 +40,7 @@ Intercom-Service,Redis,1
Jitsi,PersistentVolume,1 Jitsi,PersistentVolume,1
Nextcloud,MariaDB,1 Nextcloud,PostgreSQL,1
Nextcloud,S3,1 Nextcloud,S3,1
Nextcloud,Redis,1 Nextcloud,Redis,1
@@ -60,52 +60,52 @@ Open-Xchange,Redis,1
Postfix,PersistentVolume,1 Postfix,PersistentVolume,1
XWiki,MariaDB,1 XWiki,PostgreSQL,1
XWiki,PersistentVolume,1 XWiki,PersistentVolume,1
``` ```
# Details # Details
| Application | Data Storage | Backup | Content | Identifier | Details | | Application | Data Storage | Backup | Content | Identifier | Details |
| -------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------- | ----------------------------------------------------- | |----------------------|--------------|----------|--------------------------------------------------------------------------------------------|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
| **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` | | **ClamAV** | PVC | No | ClamAV Database | `clamav-database-clamav-simple-0` | `/var/lib/clamav` |
| **Dovecot** | PVC | Yes | User mail directories (openDesk CE only, openDesk EE uses Dovecot Pro with Object Storage) | `dovecot` | `/srv/mail` | | **Dovecot** | PVC | Yes | User mail directories (openDesk CE only, openDesk EE uses Dovecot Pro with Object Storage) | `dovecot` | `/srv/mail` |
| **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | | | **Element/Synapse** | PostgreSQL | Yes | Application's main database | `matrix` | |
| | PVC | Yes | Attachments | `media-opendesk-synapse-0` | `/media` | | | PVC | Yes | Attachments | `media-opendesk-synapse-0` | `/media` |
| | | Yes | Sync and state data | `matrix-neodatefix-bot` | `/app/storage` | | | | Yes | Sync and state data | `matrix-neodatefix-bot` | `/app/storage` |
| **Intercom-Service** | Redis | No | Shared session data | | | | **Intercom-Service** | Redis | No | Shared session data | | |
| **Jitsi** | PVC | Optional | Meeting recordings (feature not enabled in openDesk) | `prosody-data-jitsi-prosody-0` | `/config/data` | | **Jitsi** | PVC | Optional | Meeting recordings (feature not enabled in openDesk) | `prosody-data-jitsi-prosody-0` | `/config/data` |
| **Nextcloud** | MariaDB | Yes | Application's main database Meta-Data | `nextcloud` | | | **Nextcloud** | PostgreSQL | Yes | Application's main database Meta-Data | `nextcloud` | |
| | S3 | Yes | The Nextcloud managed user files | `nextcloud` | | | | S3 | Yes | The Nextcloud managed user files | `nextcloud` | |
| | Redis | No | Distributed caching, as well as transactional file locking | | | | | Redis | No | Distributed caching, as well as transactional file locking | | |
| **Nubus** | PostgreSQL | Yes | Main database for Nubus' IdP Keycloak | `keycloak` | | | **Nubus** | PostgreSQL | Yes | Main database for Nubus' IdP Keycloak | `keycloak` | |
| | | Yes | Login actions and device-fingerprints | `keycloak_extensions` | | | | | Yes | Login actions and device-fingerprints | `keycloak_extensions` | |
| | | Optional | Store of the temporary password reset token | `selfservice` | | | | | Optional | Store of the temporary password reset token | `selfservice` | |
| | | No | Notification features are not used in openDesk 1.1 | `notificationsapi` | | | | | No | Notification features are not used in openDesk 1.1 | `notificationsapi` | |
| | | No | Guardian features are currently not used in openDesk 1.1 | `guardianmanagementapi` | | | | | No | Guardian features are currently not used in openDesk 1.1 | `guardianmanagementapi` | |
| | S3 | No | Static files for Portal | `ums` | | | | S3 | No | Static files for Portal | `ums` | |
| | PVC | Yes | openLDAP database (primary R/W Pods), when restore select the one from the leader | `shared-data-ums-ldap-server-primary-0` | `/var/lib/univention-ldap` | | | PVC | Yes | openLDAP database (primary R/W Pods), when restore select the one from the leader | `shared-data-ums-ldap-server-primary-0` | `/var/lib/univention-ldap` |
| | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` | | | | Yes | openLDAP process data | `shared-run-ums-ldap-server-primary-0` | `/var/run/slapd` |
| | | No | openLDAP database (secondary R/O Pods), secondaries can sync from the primary | `shared-data-ums-ldap-server-secondary-0` | `/var/lib/univention-ldap` | | | | No | openLDAP database (secondary R/O Pods), secondaries can sync from the primary | `shared-data-ums-ldap-server-secondary-0` | `/var/lib/univention-ldap` |
| | | No | openLDAP process data | `shared-run-ums-ldap-server-secondary-0` | `/var/run/slapd` | | | | No | openLDAP process data | `shared-run-ums-ldap-server-secondary-0` | `/var/run/slapd` |
| | | Yes | The state of the listener | `data-ums-provisioning-listener-0` | `/var/log/univention` and two others | | | | Yes | The state of the listener | `data-ums-provisioning-udm-listener-0` | `/var/log/univention`<br>`/var/lib/univention-ldap/schema/id`<br>`/var/lib/univention-directory-listener` |
| | | No | Cache | `group-membership-cache-ums-portal-consumer-0` | `/usr/share/univention-group-membership-cache/caches` | | | | No | Cache | `group-membership-cache-ums-portal-consumer-0` | `/usr/share/univention-group-membership-cache/caches` |
| | | Yes | Queued provisioning objects | `nats-data-ums-provisioning-nats-0` | `/data` | | | | Yes | Queued provisioning objects | `nats-data-ums-provisioning-nats-0` | `/data` |
| | Memcached | No | Cache for UMC Server | | | | | Memcached | No | Cache for UMC Server | | |
| **OpenProject** | PostgreSQL | Yes | Application's main database | `openproject` | | | **OpenProject** | PostgreSQL | Yes | Application's main database | `openproject` | |
| | S3 | Yes | Attachments, custom styles | `openproject` | | | | S3 | Yes | Attachments, custom styles | `openproject` | |
| | Memcached | No | Cache | | | | | Memcached | No | Cache | | |
| | PVC | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-*-tmp` | `/tmp` | | | PVC | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-*-tmp` | `/tmp` |
| | | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-app-*-tmp` | `/app/tmp` | | | | No | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs | `openproject-<web/worker>-app-*-tmp` | `/app/tmp` |
| **Open-Xchange** | MariaDB | Yes | Application's control database to coordiate dynamically created ones | `configdb` | | | **Open-Xchange** | MariaDB | Yes | Application's control database to coordiate dynamically created ones | `configdb` | |
| | | Yes | Dynamically creates databases of schema `PRIMARYDB_n`containing multiple contexts | `PRIMARYDB_*` | | | | | Yes | Dynamically creates databases of schema `PRIMARYDB_n`containing multiple contexts | `PRIMARYDB_*` | |
| | | Yes | OX Guard related settings | `oxguard*` | | | | | Yes | OX Guard related settings | `oxguard*` | |
| | Redis | Optional | Cache, session related data, distributed maps | | | | | Redis | Optional | Cache, session related data, distributed maps | | |
| | PVC | Yes | OX-Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` | | | PVC | Yes | OX-Connector: OXAPI access details | `ox-connector-appcenter-ox-connector-0` | `/var/lib/univention-appcenter/apps/ox-connector` |
| | | Yes | OX-Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` | | | | Yes | OX-Connector: Application's meta data | `ox-connector-ox-contexts-ox-connector-0` | `/etc/ox-secrets` |
| **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` | | **Postfix** | PVC | Yes | Mail spool | `postfix` | `/var/spool/postfix` |
| **XWiki** | Database | Yes | Application's main database | `xwiki` | | | **XWiki** | PostgreSQL | Yes | Application's main database | `xwiki` | |
| | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` | | | PVC | Yes | Attachments | `xwiki-data-xwiki-0` | `/usr/local/xwiki/data` |
Additionally, the following persistent volumes are mounted by pods that serve as a data storage for the applications mentioned above. Additionally, the following persistent volumes are mounted by pods that serve as a data storage for the applications mentioned above.

13
docs/getting-started.md
View File

@@ -226,16 +226,19 @@ cluster:
### Ingress ### Ingress
By default, the `ingressClassName` is empty and selects the default ingress controller in your cluster. You can customize it by The default value for the `ingressClassName` in openDesk is set to `nginx`. This prevents fallback to the
setting the following attribute to the name of the ingress controller the within your deployment you wish to use. Useful if the ingress controller you wish to use is not the default. clusters default ingress class, since the Helm charts used by openDesk components are not consistently aligned in
how they handle a missing or empty `ingressClassName`. In case you are using a non-standard `ingressClassName` for
your `ingress-nginx` controller you have to configure it as follows:
```yaml ```yaml
ingress: ingress:
ingressClassName: "name-of-my-nginx-ingress" ingressClassName: "nginx"
``` ```
Currently, the only supported ingress controller is `ingress-nginx` (see > **Note**<br>
[requirements.md](./docs/requirements.md) for reference). > Currently, the only supported ingress controller is `ingress-nginx`
> (see [requirements.md](./docs/requirements.md) for reference).
### Container runtime ### Container runtime

169
docs/migrations.md
View File

@@ -7,8 +7,17 @@ SPDX-License-Identifier: Apache-2.0
<!-- TOC --> <!-- TOC -->
* [Disclaimer](#disclaimer) * [Disclaimer](#disclaimer)
* [Deprecation warnings](#deprecation-warnings)
* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path) * [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
* [Manual checks/actions](#manual-checksactions) * [Manual checks/actions](#manual-checksactions)
* [v1.6.0+](#v160)
* [Pre-upgrade to v1.6.0+](#pre-upgrade-to-v160)
* [Upstream contraint: Nubus' external secrets](#upstream-contraint-nubus-external-secrets)
* [Helmfile new secret: `secrets.minio.openxchangeUser`](#helmfile-new-secret-secretsminioopenxchangeuser)
* [Helmfile new object storage: `objectstores.openxchange.*`](#helmfile-new-object-storage-objectstoresopenxchange)
* [OX App Suite fix-up: Using S3 as storage for non mail attachments (pre-upgrade)](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-pre-upgrade)
* [Post-upgrade to v1.6.0+](#post-upgrade-to-v160)
* [OX App Suite fix-up: Using S3 as storage for non mail attachments (post-upgrade)](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-post-upgrade)
* [v1.4.0+](#v140) * [v1.4.0+](#v140)
* [Pre-upgrade to v1.4.0+](#pre-upgrade-to-v140) * [Pre-upgrade to v1.4.0+](#pre-upgrade-to-v140)
* [Helmfile new feature: `functional.authentication.ssoFederation`](#helmfile-new-feature-functionalauthenticationssofederation) * [Helmfile new feature: `functional.authentication.ssoFederation`](#helmfile-new-feature-functionalauthenticationssofederation)
@@ -49,15 +58,12 @@ SPDX-License-Identifier: Apache-2.0
* [Post-upgrade to v1.0.0+](#post-upgrade-to-v100) * [Post-upgrade to v1.0.0+](#post-upgrade-to-v100)
* [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component) * [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
* [Optional Cleanup](#optional-cleanup) * [Optional Cleanup](#optional-cleanup)
* [v0.9.0](#v090)
* [Pre-upgrade to v0.9.0](#pre-upgrade-to-v090)
* [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
* [Updated customizable template attributes](#updated-customizable-template-attributes)
* [`migrations` S3 bucket](#migrations-s3-bucket)
* [Automated migrations - Details](#automated-migrations---details) * [Automated migrations - Details](#automated-migrations---details)
* [v1.6.0+ (automated)](#v160-automated)
* [v1.6.0+ migrations-post](#v160-migrations-post)
* [v1.2.0+ (automated)](#v120-automated) * [v1.2.0+ (automated)](#v120-automated)
* [migrations-pre](#migrations-pre) * [v1.2.0+ migrations-pre](#v120-migrations-pre)
* [migrations-post](#migrations-post) * [v1.2.0+ migrations-post](#v120-migrations-post)
* [v1.1.0+ (automated)](#v110-automated) * [v1.1.0+ (automated)](#v110-automated)
* [v1.0.0+ (automated)](#v100-automated) * [v1.0.0+ (automated)](#v100-automated)
* [Related components and artifacts](#related-components-and-artifacts) * [Related components and artifacts](#related-components-and-artifacts)
@@ -80,6 +86,15 @@ Manual checks and possible activities are also required by openDesk updates, the
> **Known limitations**<br> > **Known limitations**<br>
> We assume that the PV reclaim policy is set to `delete`, resulting in PVs getting deleted as soon as the related PVC is deleted; we will not address explicit deletion for PVs. > We assume that the PV reclaim policy is set to `delete`, resulting in PVs getting deleted as soon as the related PVC is deleted; we will not address explicit deletion for PVs.
# Deprecation warnings
We cannot hold back all migrations as some are required e.g. due to a change in a specific component that we want/need to update, we try to bundle others only with major releases.
This section should provide you with an overview of what changes to expect in the next major release (openDesk 2.0) expected in September 2025.
- `functional.portal.link*` (see `functional.yaml.gotmpl` for details) are going to be moved into the `theme.*` tree, we are also going to move the icons used for the links currently found under `theme.imagery.portalEntries` in this step.
- We will explicitly set the [database schema configuration](https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Configuration/#HConfigurethenamesofdatabaseschemas) for XWiki to avoid the use of the `public` schema.
# Automated migrations - Overview and mandatory upgrade path # Automated migrations - Overview and mandatory upgrade path
The following table gives an overview of the mandatory upgrade path of openDesk, required in order for the automated migrations to work as expected. The following table gives an overview of the mandatory upgrade path of openDesk, required in order for the automated migrations to work as expected.
@@ -88,7 +103,8 @@ To upgrade existing deployments, you cannot skip any version mentioned in the co
| Mandatory version | | Mandatory version |
| ----------------- | | ----------------- |
<!--| v1.2+ | add the entry to the table as soon as we get new migration requiring the set version (range) to be deployed first --> <!-- | 1.x.x | add the entry to the table as soon as we get new migration requiring that the former migration was executed -->
| v1.5.0 |
| v1.1.x | | v1.1.x |
| v1.0.0 | | v1.0.0 |
| v0.9.0 | | v0.9.0 |
@@ -101,6 +117,102 @@ If you would like more details about the automated migrations, please read secti
# Manual checks/actions # Manual checks/actions
## v1.6.0+
### Pre-upgrade to v1.6.0+
#### Upstream contraint: Nubus' external secrets
**Target group:** Operators that use external secrets for Nubus.
> **Note**<br>
> External Secrets are not yet a supported feature. We are working on making it available in 2025, though it is possible to make use of the support for external secrets within single applications using the openDesk [customization](../helmfile/environments/default/customization.yaml.gotmpl) options.
Please ensure you read the [Nubus 1.10.0 "Migration steps" section](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/changelog.html#v1-10-0-migration-steps) with focus on the paragraph "Operators that make use of the following UDM Listener secrets variables" and act accordingly.
#### Helmfile new secret: `secrets.minio.openxchangeUser`
**Target group:** All existing deployments that have OX App Suite enabled and that use externally defined secrets in combination with openDesk provided MinIO object storage.
For OX App Suite to access the object storage a new secret has been introduced.
It is declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) by the key: `secrets.minio.openxchangeUser`. If you define your own secrets, please ensure that you provide a value for this secret as well, otherwise the aforementioned secret will be derived from the `MASTER_PASSWORD`.
#### Helmfile new object storage: `objectstores.openxchange.*`
**Target group:** All deployments that use an external object storage.
For OX App Suite's newly introduced filestore you have to configure a new object storage (bucket). When you are using
an external object storage you did this already for all the entries in
[`objectstores.yaml.gotmpl`](../helmfile/environments/default/objectstores.yaml.gotmpl). Where we now introduced
`objectstores.openxchange` section that you also need to provide you external configuration for.
#### OX App Suite fix-up: Using S3 as storage for non mail attachments (pre-upgrade)
**Target group:** All existing deployments that have OX App Suite enabled.
With openDesk 1.6.0 OX App Suite persists the attachments on contact, calendar or task objects in object storage.
To enable the use of this new filestore backend existing deployments must execute the following steps.
Preparation:
- Ensure your `kubeconfig` is pointing to the cluster that is running your deployment.
- Identify/create a e.g. local temporary directory that can keep the attachments while upgrading openDesk.
- Set some environment variables to prepare running the documented commands:
```shell
export ATTACHMENT_TEMP_DIR=<your_temporary_directory_for_the_attachments>
export NAMESPACE=<your_namespace>
```
1. Copy the existing attachments from all `open-xchange-core-mw-default-*` Pods to the identified directory, example for `open-xchange-core-mw-default-0`:
```shell
kubectl cp -n ${NAMESPACE} open-xchange-core-mw-default-0:/opt/open-xchange/ox-filestore ${ATTACHMENT_TEMP_DIR}
```
2. Run the upgrade.
3. Continue with the [related post-upgrade steps](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-post-upgrade)
### Post-upgrade to v1.6.0+
#### OX App Suite fix-up: Using S3 as storage for non mail attachments (post-upgrade)
**Target group:** All existing deployments having OX App Suite enabled.
Continued from the [related pre-upgrade section](#ox-app-suite-fix-up-using-s3-as-storage-for-non-mail-attachments-pre-upgrade).
1. Copy the attachments back from your temporary directory into `open-xchange-core-mw-default-0`.
```shell
kubectl cp -n ${NAMESPACE} ${ATTACHMENT_TEMP_DIR}/* open-xchange-core-mw-default-0:/opt/open-xchange/ox-filestore
```
2. Ideally you verify the files have been copied as expected checking the target directory in the `open-xchange-core-mw-default-0` Pod. All the following commands are for execution within the aforementioned Pod.
3. Get the `id` of the new object storage based OX filestore, using the following command in the first line of the following block. In the shown example output the `id` for the new filestore would be `10` as the filestore can be identified by its path value `s3://ox-filestore-s3`, the `id` of the existing filestore would be `3` identified by the corresponding path `/opt/open-xchange/ox-filestore`:
```shell
/opt/open-xchange/sbin/listfilestore -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW
id path size reserved used max-entities cur-entities
3 /opt/open-xchange/ox-filestore 100000 200 5 5000 1
10 s3://ox-filestore-s3 100000 0 0 5000 0
```
4. Get the list of your OX contexts IDs (`cid` column in the output of the `listcontext` command), as the next step needs to be executed per OX context. Most installation will just have a single OX context (`1`).
```shell
/opt/open-xchange/sbin/listcontext -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW
cid fid fname enabled qmax qused name lmappings
1 3 1_ctx_store true 5 1 1,context1
```
5. For each of your OX contexts IDs run the final filestore migration command and you will get output like this: `context 1 to filestore 10 scheduled as job 1`:
```shell
/opt/open-xchange/sbin/movecontextfilestore -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW -f <your_s3_filestore_id_from_step_3> -c <your_context_id_from_step_4>
```
6. Depending on the size of your filestore, moving the contexts will take some time. You can check the status of a context's jobs with the command below. When the job status is `Done` you can also doublecheck that everything worked as expected by running the `listfilestore` command from step #3 and should see that the filestore is no longer used.
```shell
/opt/open-xchange/sbin/jobcontrol -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW -c <your_context_id_from_step_4> -l
ID Type of Job Status Further Information
1 movefilestore Done move context 1 to filestore 10
```
7. Finally you can unregister the old filestore:
```shell
/opt/open-xchange/sbin/unregisterfilestore -A $MASTER_ADMIN_USER -P $MASTER_ADMIN_PW -i <your_old_filestore_id_from_step_3>
```
## v1.4.0+ ## v1.4.0+
### Pre-upgrade to v1.4.0+ ### Pre-upgrade to v1.4.0+
@@ -280,7 +392,7 @@ persistence:
#### Helmfile new secret: `secrets.nubus.masterpassword` #### Helmfile new secret: `secrets.nubus.masterpassword`
A not yet templated secret was discovered in the Nubus deployment. It is now declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) and can be defined using: `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the same value as the `MASTER_PASSWORD` environment variable used in your deployment. A not yet templated secret was discovered in the Nubus deployment. It is now declared in [`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) and can be defined using: `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the same value as the `MASTER_PASSWORD` environment variable used in your deployment.
## v1.1.0+ ## v1.1.0+
@@ -687,42 +799,31 @@ kubectl -n ${NAMESPACE} delete pvc shared-run-ums-ldap-server-0
kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0 kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
``` ```
## v0.9.0
### Pre-upgrade to v0.9.0
#### Updated `cluster.networking.cidr`
- Action: `cluster.networking.cidr` is now an array (was a string until v0.8.1); please update your setup accordingly if you explicitly set this value.
- Reference:[cluster.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/cluster.yaml)
#### Updated customizable template attributes
- Action: Please update your custom deployment values according to the updated default value structure.
- References:
- `functional.` prefix for `authentication.*`, `externalServices.*`, `admin.*` and `filestore.*`, see [functional.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/functional.yaml).
- `debug.` prefix for `cleanup.*`, see [debug.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/debug.yaml).
- `monitoring.` prefix for `prometheus.*` and `grafana.*`, see [monitoring.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/monitoring.yaml).
- `smtp.` prefix for `localpartNoReply`, see [smtp.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/smtp.yaml).
#### `migrations` S3 bucket
- Action: For self-managed/external S3/object storages, please create a bucket called `migrations` using your S3 endpoint.
- Reference: `objectstores.migrations` in [objectstores.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/objectstores.yaml)
# Automated migrations - Details # Automated migrations - Details
## v1.6.0+ (automated)
> **Note**<br>
> Details can be found in [run_5.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_5.py).
### v1.6.0+ migrations-post
Restarting the StatefulSets `ums-provisioning-nats` and `ox-connector` due to a workaround applied on the NATS secrets, see the "Notes" segment of the ["Password seed" heading in getting-started.md](./docs/getting-started.md#password-seed)
> **Note**<br>
> This change aims to prevent authentication failures with NATS in some Pods, which can lead to errors such as: `wait-for-nats Unavailable, waiting 2 seconds. Error: nats: 'Authorization Violation'`.
## v1.2.0+ (automated) ## v1.2.0+ (automated)
> **Note**<br> > **Note**<br>
> Details can be found in [run_4.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_4.py). > Details can be found in [run_4.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_4.py).
### migrations-pre ### v1.2.0+ migrations-pre
- Delete PVC `group-membership-cache-ums-portal-consumer-0`: With the upgrade the Nubus Portal Consumer no longer requires to be executed with root privileges. The PVC contains files that require root permission to access them, therefore the PVC gets deleted (and re-created) during the upgrade. - Delete PVC `group-membership-cache-ums-portal-consumer-0`: With the upgrade the Nubus Portal Consumer no longer requires to be executed with root privileges. The PVC contains files that require root permission to access them, therefore the PVC gets deleted (and re-created) during the upgrade.
- Delete StatefulSet `ums-portal-consumer`: A bug was fixed in the templating of the Portal Consumer's PVC causing the values in `persistence.storages.nubusPortalConsumer.*` to be ignored. As these values are immutable, we had to delete the whole StatefulSet. - Delete StatefulSet `ums-portal-consumer`: A bug was fixed in the templating of the Portal Consumer's PVC causing the values in `persistence.storages.nubusPortalConsumer.*` to be ignored. As these values are immutable, we had to delete the whole StatefulSet.
### migrations-post ### v1.2.0+ migrations-post
- Restarting Deployment `ums-provisioning-udm-transformer` and StatefulSet `ums-provisioning-udm-listener` as well as deleting the Nubus Provisioning consumer `durable_name:incoming` on stream `stream:incoming`: Due to a bug in Nubus 1.7.0 the `incoming` stream was blocked after the upgrade, the aforementioned measures unblock the stream. - Restarting Deployment `ums-provisioning-udm-transformer` and StatefulSet `ums-provisioning-udm-listener` as well as deleting the Nubus Provisioning consumer `durable_name:incoming` on stream `stream:incoming`: Due to a bug in Nubus 1.7.0 the `incoming` stream was blocked after the upgrade, the aforementioned measures unblock the stream.

5
docs/security-context.md
View File

@@ -169,6 +169,7 @@ This list gives you an overview of templated security settings and if they compl
| **jitsi**/jitsi/jitsi/web | :x: | no | no | no | no | 0 | 0 | yes | no | | **jitsi**/jitsi/jitsi/web | :x: | no | no | no | no | 0 | 0 | yes | no |
| **jitsi**/jitsi/patchJVB | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes | | **jitsi**/jitsi/patchJVB | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes |
| **nextcloud**/opendesk-nextcloud-management | :x: | no | no | no | yes | 101 | 101 | yes | yes | | **nextcloud**/opendesk-nextcloud-management | :x: | no | no | no | yes | 101 | 101 | yes | yes |
| **nextcloud**/opendesk-nextcloud-notifypush | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |
| **nextcloud**/opendesk-nextcloud/aio | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes | | **nextcloud**/opendesk-nextcloud/aio | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |
| **nextcloud**/opendesk-nextcloud/exporter | :white_check_mark: | no | no | yes | yes | 65532 | 65532 | yes | yes | | **nextcloud**/opendesk-nextcloud/exporter | :white_check_mark: | no | no | yes | yes | 65532 | 65532 | yes | yes |
| **notes**/impress/backend | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes | | **notes**/impress/backend | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes |
@@ -178,10 +179,6 @@ This list gives you an overview of templated security settings and if they compl
| **nubus**/intercom-service/provisioning | :x: | n/a | n/a | n/a | n/a | n/a | n/a | yes | no | | **nubus**/intercom-service/provisioning | :x: | n/a | n/a | n/a | n/a | n/a | n/a | yes | no |
| **nubus**/opendesk-keycloak-bootstrap | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes | | **nubus**/opendesk-keycloak-bootstrap | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
| **nubus**/ums/keycloak | :x: | no | n/a | no | yes | 1000 | 1000 | yes | yes | | **nubus**/ums/keycloak | :x: | no | n/a | no | yes | 1000 | 1000 | yes | yes |
| **nubus**/ums/nubusGuardian/authorizationApi | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
| **nubus**/ums/nubusGuardian/managementApi | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
| **nubus**/ums/nubusGuardian/managementUi | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
| **nubus**/ums/nubusGuardian/openPolicyAgent | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
| **nubus**/ums/nubusKeycloakBootstrap | :x: | no | n/a | yes | yes | 1000 | 1000 | yes | yes | | **nubus**/ums/nubusKeycloakBootstrap | :x: | no | n/a | yes | yes | 1000 | 1000 | yes | yes |
| **nubus**/ums/nubusKeycloakExtensions/handler | :x: | n/a | n/a | n/a | n/a | n/a | n/a | yes | no | | **nubus**/ums/nubusKeycloakExtensions/handler | :x: | n/a | n/a | n/a | n/a | n/a | n/a | yes | no |
| **nubus**/ums/nubusKeycloakExtensions/proxy | :x: | no | n/a | yes | yes | 1000 | 1000 | yes | yes | | **nubus**/ums/nubusKeycloakExtensions/proxy | :x: | no | n/a | yes | yes | 1000 | 1000 | yes | yes |

5
docs/theming.md
View File

@@ -20,6 +20,11 @@ Please review the default configuration that is applied to understand your custo
You can just update the files in [helmfile/files/theme](../helmfile/files/theme) to change logos, favicons etc. Note that the `.svg` versions of the favicons are also used for the portal tiles. You can just update the files in [helmfile/files/theme](../helmfile/files/theme) to change logos, favicons etc. Note that the `.svg` versions of the favicons are also used for the portal tiles.
> **Note**<br>
> Theming focuses on colors, iconography and imagery. If you like to adapt the default links in the portal pointing to external
> resources (like "Support", "Legal Notice") please check the `functional.portal` section
> in [`functional.yaml.gotmpl`](../helmfile/environments/default/functional.yaml.gotmpl)
# Known limitations # Known limitations
- Portal and Keycloak screen styles, especially colors, must be applied in the [`portalStylesheets.css`](../helmfile/files/theme/portalStylesheet.css), - Portal and Keycloak screen styles, especially colors, must be applied in the [`portalStylesheets.css`](../helmfile/files/theme/portalStylesheet.css),

6
helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
controller: controller:
enableHashmapParallelization: true enableHashmapParallelization: true

6
helmfile/apps/collabora/values-enterprise.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
image: image:
repository: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.collabora.registry }}/{{ .Values.images.collabora.repository }}" repository: "{{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.collabora.registry }}/{{ .Values.images.collabora.repository }}"

8
helmfile/apps/collabora/values.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
autoscaling: autoscaling:
enabled: false enabled: false

8
helmfile/apps/cryptpad/values.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/README.md or # https://github.com/cryptpad/helm/blob/main/charts/cryptpad/README.md or
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/values.yaml # https://github.com/cryptpad/helm/blob/main/charts/cryptpad/values.yaml

8
helmfile/apps/element/values-element.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
commonAnnotations: commonAnnotations:
{{ .Values.annotations.element.common | toYaml | nindent 2 }} {{ .Values.annotations.element.common | toYaml | nindent 2 }}

8
helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.elementMatrixNeoboardWidget.additional | toYaml | nindent 2 }} {{ .Values.annotations.elementMatrixNeoboardWidget.additional | toYaml | nindent 2 }}

8
helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.elementMatrixNeochoiceWidget.additional | toYaml | nindent 2 }} {{ .Values.annotations.elementMatrixNeochoiceWidget.additional | toYaml | nindent 2 }}

8
helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}

8
helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixBot.additional | toYaml | nindent 2 }} {{ .Values.annotations.elementMatrixNeodatefixBot.additional | toYaml | nindent 2 }}

8
helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixWidget.additional | toYaml | nindent 2 }} {{ .Values.annotations.elementMatrixNeodatefixWidget.additional | toYaml | nindent 2 }}

8
helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}

8
helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.elementMatrixUserVerificationService.additional | toYaml | nindent 2 }} {{ .Values.annotations.elementMatrixUserVerificationService.additional | toYaml | nindent 2 }}

6
helmfile/apps/element/values-synapse-admin.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

6
helmfile/apps/element/values-synapse-adminbot-bootstrap.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

6
helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

6
helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

6
helmfile/apps/element/values-synapse-auditbot-bootstrap.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

6
helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

6
helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

8
helmfile/apps/element/values-synapse-web.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
commonAnnotations: commonAnnotations:
{{ .Values.annotations.elementSynapseWeb.common | toYaml | nindent 2 }} {{ .Values.annotations.elementSynapseWeb.common | toYaml | nindent 2 }}

8
helmfile/apps/element/values-synapse.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
commonAnnotations: commonAnnotations:
{{ .Values.annotations.elementSynapse.common | toYaml | nindent 2 }} {{ .Values.annotations.elementSynapse.common | toYaml | nindent 2 }}

8
helmfile/apps/element/values-well-known.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
commonAnnotations: commonAnnotations:
{{ .Values.annotations.elementWellKnown.common | toYaml | nindent 2 }} {{ .Values.annotations.elementWellKnown.common | toYaml | nindent 2 }}

8
helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

25
helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl
View File

@@ -24,9 +24,9 @@ releases:
chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}" chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}"
version: "{{ .Values.charts.nextcloudManagement.version }}" version: "{{ .Values.charts.nextcloudManagement.version }}"
values: values:
- "values-nextcloud-mgmt.yaml.gotmpl" - "values-nextcloud-management.yaml.gotmpl"
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }} {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
- "values-nextcloud-mgmt-enterprise.yaml.gotmpl" - "values-nextcloud-management-ee.yaml.gotmpl"
{{- end }} {{- end }}
{{- range .Values.customization.release.opendeskNextcloudManagement }} {{- range .Values.customization.release.opendeskNextcloudManagement }}
- {{ . }} - {{ . }}
@@ -34,14 +34,14 @@ releases:
waitForJobs: true waitForJobs: true
wait: true wait: true
installed: {{ .Values.apps.nextcloud.enabled }} installed: {{ .Values.apps.nextcloud.enabled }}
timeout: 900 timeout: 1800
- name: "opendesk-nextcloud" - name: "opendesk-nextcloud"
chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}" chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}"
version: "{{ .Values.charts.nextcloud.version }}" version: "{{ .Values.charts.nextcloud.version }}"
values: values:
- "values-nextcloud.yaml.gotmpl" - "values-nextcloud.yaml.gotmpl"
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }} {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
- "values-nextcloud-enterprise.yaml.gotmpl" - "values-nextcloud-ee.yaml.gotmpl"
{{- end }} {{- end }}
{{- range .Values.customization.release.opendeskNextcloud }} {{- range .Values.customization.release.opendeskNextcloud }}
- {{ . }} - {{ . }}
@@ -49,6 +49,23 @@ releases:
needs: needs:
- "opendesk-nextcloud-management" - "opendesk-nextcloud-management"
installed: {{ .Values.apps.nextcloud.enabled }} installed: {{ .Values.apps.nextcloud.enabled }}
timeout: 1800
- name: "opendesk-nextcloud-notifypush"
chart: "nextcloud-repo/{{ .Values.charts.nextcloudNotifyPush.name }}"
version: "{{ .Values.charts.nextcloudNotifyPush.version }}"
values:
- "values-nextcloud-notifypush.yaml.gotmpl"
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
- "values-nextcloud-notifypush-ee.yaml.gotmpl"
{{- end }}
{{- range .Values.customization.release.opendeskNextcloudNotifyPush }}
- {{ . }}
{{- end }}
wait: true
needs:
- "opendesk-nextcloud"
installed: {{ and .Values.apps.nextcloud.enabled (gt .Values.replicas.nextcloudNotifyPush 0) }}
timeout: 1800
commonLabels: commonLabels:
deployStage: "050-components" deployStage: "050-components"

6
helmfile/apps/nextcloud/values-nextcloud-enterprise.yaml.gotmpl → helmfile/apps/nextcloud/values-nextcloud-ee.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
aio: aio:
image: image:

6
helmfile/apps/nextcloud/values-nextcloud-mgmt-enterprise.yaml.gotmpl → helmfile/apps/nextcloud/values-nextcloud-management-ee.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}

12
helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl → helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}
@@ -67,6 +65,8 @@ configuration:
enabled: true enabled: true
integrationOpenproject: integrationOpenproject:
enabled: {{ .Values.apps.openproject.enabled }} enabled: {{ .Values.apps.openproject.enabled }}
notifyPush:
enabled: {{ gt .Values.replicas.nextcloudNotifyPush 0 }}
spreed: spreed:
enabled: true enabled: true
circles: circles:
@@ -101,7 +101,9 @@ configuration:
{{- end }} {{- end }}
ldap: ldap:
base: {{ .Values.ldap.baseDn | quote }}
host: {{ .Values.ldap.host | quote }} host: {{ .Values.ldap.host | quote }}
dn: "uid=ldapsearch_nextcloud,cn=users,{{ .Values.ldap.baseDn }}"
password: password:
value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }} value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
adminGroupName: "managed-by-attribute-FileshareAdmin" adminGroupName: "managed-by-attribute-FileshareAdmin"

6
helmfile/apps/nextcloud/values-nextcloud-notifypush-ee.yaml.gotmpl Normal file
View File

@@ -0,0 +1,6 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
...

141
helmfile/apps/nextcloud/values-nextcloud-notifypush.yaml.gotmpl Normal file
View File

@@ -0,0 +1,141 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
additionalAnnotations:
intents.otterize.com/service-name: "opendesk-nextcloud-notifypush"
{{- with .Values.annotations.nextcloudNotifyPush.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
configuration:
cache:
auth:
enabled: true
username:
value: {{ .Values.cache.nextcloud.username }}
password:
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
host: {{ .Values.cache.nextcloud.host | quote }}
port: {{ .Values.cache.nextcloud.port | quote }}
tls: {{ .Values.cache.nextcloud.tls }}
database:
{{ if eq .Values.databases.nextcloud.type "mariadb" }}
type: "mysql"
{{ else if eq .Values.databases.nextcloud.type "postgresql" }}
type: "postgres"
{{ else }}
{{ .Values.databases.nextcloud.type | quote }}
{{ end }}
host: {{ .Values.databases.nextcloud.host | quote }}
port: {{ .Values.databases.nextcloud.port | quote }}
name: {{ .Values.databases.nextcloud.name | quote }}
auth:
username:
value: {{ .Values.databases.nextcloud.username | quote }}
password:
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
{{- else }}
value: {{ .Values.databases.nextcloud.password | quote }}
{{- end }}
trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
# Nextcloud connection
# FIXME: Dynamically get the service name of the `opendesk-nextcloud-aio` chart
# IDEA: helmfile > service-names.yaml.gotmpl with service names (external/internal)
# So this is controller on a more "global" level
# TODO: Find a sensible default
nextcloudUrl: "http://opendesk-nextcloud-aio"
logging:
# Default value for logging is "error" we bump it to "info" for better information in logs
# NOTE: "trace", which includes "debug" might be too verbose
# https://docs.rs/env_logger/latest/env_logger/#enabling-logging
level: {{ if .Values.debug.enabled }}"debug"{{ else }}"info"{{ end }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 101
runAsGroup: 101
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }}
{{- if .Values.certificate.selfSigned }}
extraEnvVars:
- name: "FS_ENV_CA_CERTIFICATE_PATH"
value: "/etc/ssl/certs/ca-certificates.crt"
extraVolumes:
- name: "trusted-cert-secret-volume"
secret:
secretName: "opendesk-certificates-ca-tls"
items:
- key: "ca.crt"
path: "ca-certificates.crt"
extraVolumeMounts:
- name: "trusted-cert-secret-volume"
mountPath: "/etc/ssl/certs/ca-certificates.crt"
subPath: "ca-certificates.crt"
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
repository: {{ .Values.images.nextcloud.repository | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloud.tag | quote }}
ingress:
enabled: {{ .Values.ingress.enabled }}
annotations:
{{- with .Values.annotations.nextcloudNotifyPush.ingress }}
{{ . | toYaml | nindent 6 }}
{{- end }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
metrics:
enabled: true
service:
annotations:
{{ .Values.annotations.nextcloudNotifyPush.serviceMetrics | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.nextcloudNotifyPush.pod | toYaml | nindent 4 }}
podSecurityContext:
fsGroup: 101
# prometheus:
# serviceMonitor:
# enabled: { .Values.monitoring.prometheus.serviceMonitors.enabled }}
# labels:
# { .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
# prometheusRule:
# enabled: { .Values.monitoring.prometheus.prometheusRules.enabled }}
# additionalLabels:
# { .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
replicaCount: {{ .Values.replicas.nextcloudNotifyPush }}
resources:
{{ .Values.resources.nextcloudNotifyPush | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.nextcloudNotifyPush.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nextcloudNotifyPush.serviceAccount | toYaml | nindent 6 }}
...

8
helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
imagePullSecrets: imagePullSecrets:

6
helmfile/apps/notes/values.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
image: image:
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry) (.Values.images.notesBackend.repository) | quote }} repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.notesBackend.registry) (.Values.images.notesBackend.repository) | quote }}

8
helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.nubusIntercomService.additional | toYaml | nindent 2 }} {{ .Values.annotations.nubusIntercomService.additional | toYaml | nindent 2 }}

6
helmfile/apps/nubus/values-nginx-s3-gateway.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
imagePullSecrets: imagePullSecrets:

233
helmfile/apps/nubus/values-nubus-guardian.yaml.gotmpl Normal file
View File

@@ -0,0 +1,233 @@
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
#
# This file is currently optional for customizing purposes only. It will be a mandatory part of Nubus in a later release.
#
nubusGuardian:
authorizationApi:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianAuthorizationApi | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianAuthorizationApi.registry | quote }}
repository: {{ .Values.images.nubusGuardianAuthorizationApi.repository }}
tag: {{ .Values.images.nubusGuardianAuthorizationApi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-authorization-api"
{{- with .Values.annotations.nubusGuardian.authorizationApiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.umsGuardianAuthorizationApi }}
resources:
{{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }}
global:
podAnnotations:
{{ .Values.annotations.nubusGuardian.globalPod | toYaml | nindent 6 }}
ingress:
annotations:
{{ .Values.annotations.nubusGuardian.ingressIngress | toYaml | nindent 6 }}
certManager:
enabled: false
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
items:
- name: management-ui
host: ""
# -- Define the Ingress paths.
paths:
- path: /univention/guardian/management-ui
pathType: Prefix
backend:
service:
name: guardian-management-ui
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressManagementUi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
- name: management-api
host: ""
paths:
- path: /guardian/management
pathType: Prefix
backend:
service:
name: guardian-management-api
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressManagementApi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
- name: authorization-api
host: ""
paths:
- path: /guardian/authorization
pathType: Prefix
backend:
service:
name: guardian-authorization-api
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressAuthorizationApi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
managementApi:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianManagementApi | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementApi.registry | quote }}
repository: {{ .Values.images.nubusGuardianManagementApi.repository }}
tag: {{ .Values.images.nubusGuardianManagementApi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-management-api"
{{- with .Values.annotations.nubusGuardian.managementApiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.umsGuardianManagementApi }}
resources:
{{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }}
managementUi:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianManagementUi | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementUi.registry | quote }}
repository: {{ .Values.images.nubusGuardianManagementUi.repository }}
tag: {{ .Values.images.nubusGuardianManagementUi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-management-ui"
{{- with .Values.annotations.nubusGuardian.managementUiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
replicaCount: {{ .Values.replicas.umsGuardianManagementUi }}
resources:
{{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}
openPolicyAgent:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianOpenPolicyAgent | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpenPolicyAgent.registry | quote }}
repository: {{ .Values.images.nubusOpenPolicyAgent.repository }}
tag: {{ .Values.images.nubusOpenPolicyAgent.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
podAnnotations:
intents.otterize.com/service-name: "ums-ums-open-policy-agent"
replicaCount: {{ .Values.replicas.umsGuardianOpenPolicyAgent }}
resources:
{{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }}
postgresql:
connection:
host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
port: {{ .Values.databases.umsGuardianManagementApi.port | quote }}
auth:
username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
existingSecret:
name: "ums-guardian-postgresql-opendesk-credentials"
keyMapping:
password: "guardianDatabasePassword"
provisioning:
enabled: false
config:
nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
keycloak:
credentialSecret:
name: "ums-opendesk-keycloak-credentials"
key: "admin_password"
realm: {{ .Values.platform.realm | quote }}
username: "kcadmin"
keycloak:
auth:
existingSecret:
name: "ums-opendesk-guardian-client-secret"
keyMapping:
password: "managementApiClientSecret"
connection:
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
baseUrl: "http://ums-keycloak:8080"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianProvisioning.registry | quote }}
repository: {{ .Values.images.nubusGuardianProvisioning.repository }}
tag: {{ .Values.images.nubusGuardianProvisioning.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusGuardian.serviceAccount | toYaml | nindent 6 }}
---

524
helmfile/apps/nubus/values-nubus.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.nubus.additional | toYaml | nindent 2 }} {{ .Values.annotations.nubus.additional | toYaml | nindent 2 }}
@@ -10,15 +8,14 @@ global:
certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }} certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }}
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }} ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }}
keycloak: keycloak:
realm: {{ .Values.platform.realm | quote }} realm: {{ .Values.platform.realm | quote }}
ldap: ldap:
baseDn: {{ .Values.ldap.baseDn | quote }} baseDn: {{ .Values.ldap.baseDn | quote }}
domainName: {{ .Values.global.domain | quote }} domainName: {{ .Values.global.domain | quote }}
auth:
cnAdmin:
password: {{ .Values.secrets.nubus.ldapSecret | quote }}
nubusDeployment: true nubusDeployment: true
secrets: secrets:
masterPassword: {{ .Values.secrets.nubus.masterpassword | quote }} masterPassword: {{ .Values.secrets.nubus.masterpassword | quote }}
@@ -28,35 +25,31 @@ global:
# -- Extensions to load. Add entries to load additional extensions into Nubus. # -- Extensions to load. Add entries to load additional extensions into Nubus.
extensions: extensions:
- name: "ox"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOxExtension.registry | quote }}
repository: {{ .Values.images.nubusOxExtension.repository }}
tag: {{ .Values.images.nubusOxExtension.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
- name: "opendesk"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtension.registry | quote }}
repository: {{ .Values.images.nubusOpendeskExtension.repository }}
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.nubusOpendeskExtension.tag }}
- name: "opendesk-a2g-mapper" - name: "opendesk-a2g-mapper"
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtensionA2gMapper.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtensionA2gMapper.registry | quote }}
repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }} repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }}
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }} tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }}
# -- Allows to configure the system extensions to load. This is intended for # -- Allows to configure the system extensions to load. This is intended for
# internal usage, prefer to use `global.extensions` for user configured # internal usage, prefer to use `global.extensions` for user configured
# extensions. # extensions.
systemExtensions: systemExtensions:
- name: "ox"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOxExtension.registry | quote }}
repository: {{ .Values.images.nubusOxExtension.repository }}
tag: {{ .Values.images.nubusOxExtension.tag }}
- name: "opendesk"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtension.registry | quote }}
repository: {{ .Values.images.nubusOpendeskExtension.repository }}
tag: {{ .Values.images.nubusOpendeskExtension.tag }}
- name: "portal" - name: "portal"
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalExtension.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalExtension.registry | quote }}
repository: {{ .Values.images.nubusPortalExtension.repository }} repository: {{ .Values.images.nubusPortalExtension.repository }}
tag: {{ .Values.images.nubusPortalExtension.tag }} tag: {{ .Values.images.nubusPortalExtension.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
configUcr: configUcr:
directory: directory:
manager: manager:
@@ -138,10 +131,6 @@ ingress:
{{- with .Values.annotations.nubus.ingress }} {{- with .Values.annotations.nubus.ingress }}
{{ . | toYaml | nindent 4 }} {{ . | toYaml | nindent 4 }}
{{- end }} {{- end }}
# temporary fix
{{- if not .Values.apps.minio.enabled }}
enabled: false
{{- end }}
certManager: certManager:
enabled: false enabled: false
tls: tls:
@@ -185,14 +174,16 @@ keycloak:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }}
repository: {{ .Values.images.nubusKeycloak.repository }} repository: {{ .Values.images.nubusKeycloak.repository }}
tag: {{ .Values.images.nubusKeycloak.tag }} tag: {{ .Values.images.nubusKeycloak.tag }}
# NOTE: The subchart "keycloak" does not yet support
# "global.imagePullPolicy". The local configuration can be removed once it
# does have this feature.
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress: ingress:
enabled: false enabled: false
keycloak: keycloak:
auth: auth:
username: "kcadmin" username: "kcadmin"
# TODO: Pending secrets refactoring to be able to provide the value directly
existingSecret: existingSecret:
name: "ums-opendesk-keycloak-credentials" name: "ums-opendesk-keycloak-credentials"
keyMapping: keyMapping:
@@ -203,6 +194,10 @@ keycloak:
loginTitle: "Anmeldung bei {{ .Values.theme.texts.productName }}" loginTitle: "Anmeldung bei {{ .Values.theme.texts.productName }}"
en: en:
loginTitle: "Sign in to {{ .Values.theme.texts.productName }}" loginTitle: "Sign in to {{ .Values.theme.texts.productName }}"
features:
enabled:
- "admin-fine-grained-authz:v1"
- "token-exchange"
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-keycloak" intents.otterize.com/service-name: "ums-keycloak"
{{- with .Values.annotations.nubusKeycloak.pod }} {{- with .Values.annotations.nubusKeycloak.pod }}
@@ -215,6 +210,7 @@ keycloak:
auth: auth:
username: {{ .Values.databases.keycloak.username | quote }} username: {{ .Values.databases.keycloak.username | quote }}
database: {{ .Values.databases.keycloak.name | quote }} database: {{ .Values.databases.keycloak.name | quote }}
# TODO: Pending secrets refactoring to be able to provide the value directly
existingSecret: existingSecret:
name: "ums-keycloak-postgresql-opendesk-credentials" name: "ums-keycloak-postgresql-opendesk-credentials"
keyMapping: keyMapping:
@@ -261,231 +257,7 @@ keycloak:
{{- end }} {{- end }}
nubusGuardian: nubusGuardian:
authorizationApi: enabled: false
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianAuthorizationApi | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianAuthorizationApi.registry | quote }}
repository: {{ .Values.images.nubusGuardianAuthorizationApi.repository }}
tag: {{ .Values.images.nubusGuardianAuthorizationApi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-authorization-api"
{{- with .Values.annotations.nubusGuardian.authorizationApiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.umsGuardianAuthorizationApi }}
resources:
{{ .Values.resources.umsGuardianAuthorizationApi | toYaml | nindent 6 }}
global:
podAnnotations:
{{ .Values.annotations.nubusGuardian.globalPod | toYaml | nindent 6 }}
ingress:
annotations:
{{ .Values.annotations.nubusGuardian.ingressIngress | toYaml | nindent 6 }}
certManager:
enabled: false
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
items:
- name: management-ui
host: ""
# -- Define the Ingress paths.
paths:
- path: /univention/guardian/management-ui
pathType: Prefix
backend:
service:
name: guardian-management-ui
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressManagementUi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
- name: management-api
host: ""
paths:
- path: /guardian/management
pathType: Prefix
backend:
service:
name: guardian-management-api
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressManagementApi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
- name: authorization-api
host: ""
paths:
- path: /guardian/authorization
pathType: Prefix
backend:
service:
name: guardian-authorization-api
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressAuthorizationApi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
managementApi:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianManagementApi | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementApi.registry | quote }}
repository: {{ .Values.images.nubusGuardianManagementApi.repository }}
tag: {{ .Values.images.nubusGuardianManagementApi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-management-api"
{{- with .Values.annotations.nubusGuardian.managementApiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.umsGuardianManagementApi }}
resources:
{{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 6 }}
managementUi:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianManagementUi | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementUi.registry | quote }}
repository: {{ .Values.images.nubusGuardianManagementUi.repository }}
tag: {{ .Values.images.nubusGuardianManagementUi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-management-ui"
{{- with .Values.annotations.nubusGuardian.managementUiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
replicaCount: {{ .Values.replicas.umsGuardianManagementUi }}
resources:
{{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}
openPolicyAgent:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianOpenPolicyAgent | toYaml | nindent 8 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpenPolicyAgent.registry | quote }}
repository: {{ .Values.images.nubusOpenPolicyAgent.repository }}
tag: {{ .Values.images.nubusOpenPolicyAgent.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
podAnnotations:
intents.otterize.com/service-name: "ums-ums-open-policy-agent"
replicaCount: {{ .Values.replicas.umsGuardianOpenPolicyAgent }}
resources:
{{ .Values.resources.umsOpenPolicyAgent | toYaml | nindent 6 }}
postgresql:
connection:
host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
port: {{ .Values.databases.umsGuardianManagementApi.port | quote }}
auth:
username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
existingSecret:
name: "ums-guardian-postgresql-opendesk-credentials"
keyMapping:
password: "guardianDatabasePassword"
provisioning:
enabled: false
config:
nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
keycloak:
credentialSecret:
name: "ums-opendesk-keycloak-credentials"
key: "admin_password"
realm: {{ .Values.platform.realm | quote }}
username: "kcadmin"
keycloak:
auth:
existingSecret:
name: "ums-opendesk-guardian-client-secret"
keyMapping:
password: "managementApiClientSecret"
connection:
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
baseUrl: "http://ums-keycloak:8080"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianProvisioning.registry | quote }}
repository: {{ .Values.images.nubusGuardianProvisioning.repository }}
tag: {{ .Values.images.nubusGuardianProvisioning.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusGuardian.serviceAccount | toYaml | nindent 6 }}
nubusNotificationsApi: nubusNotificationsApi:
enabled: false enabled: false
@@ -512,9 +284,6 @@ nubusNotificationsApi:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
repository: {{ .Values.images.nubusNotificationsApi.repository }} repository: {{ .Values.images.nubusNotificationsApi.repository }}
tag: {{ .Values.images.nubusNotificationsApi.tag }} tag: {{ .Values.images.nubusNotificationsApi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress: ingress:
annotations: annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3" nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
@@ -539,8 +308,12 @@ nubusNotificationsApi:
auth: auth:
username: {{ .Values.databases.umsNotificationsApi.username | quote }} username: {{ .Values.databases.umsNotificationsApi.username | quote }}
database: {{ .Values.databases.umsNotificationsApi.name | quote }} database: {{ .Values.databases.umsNotificationsApi.name | quote }}
password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
# NOTE: Nubus has still an existing secret configured for legacy reasons.
# This disables the existing secret and ensures that the value from above
# is used.
existingSecret: existingSecret:
name: "ums-notifications-api-postgresql-opendesk-credentials" name: null
service: service:
annotations: annotations:
{{ .Values.annotations.nubusNotificationsApi.service | toYaml | nindent 6 }} {{ .Values.annotations.nubusNotificationsApi.service | toYaml | nindent 6 }}
@@ -576,9 +349,6 @@ nubusPortalFrontend:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalFrontend.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalFrontend.registry | quote }}
repository: {{ .Values.images.nubusPortalFrontend.repository }} repository: {{ .Values.images.nubusPortalFrontend.repository }}
tag: {{ .Values.images.nubusPortalFrontend.tag }} tag: {{ .Values.images.nubusPortalFrontend.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress: ingress:
annotations: annotations:
{{ .Values.annotations.nubusPortalFrontend.ingressIngress | toYaml | nindent 6 }} {{ .Values.annotations.nubusPortalFrontend.ingressIngress | toYaml | nindent 6 }}
@@ -637,8 +407,12 @@ nubusPortalFrontend:
portalFrontend: portalFrontend:
branding: branding:
css: {{ .Values.theme.styles.portal.main | toJson }} css: {{ .Values.theme.styles.portal.main | toJson }}
# Requires .ico, .svg does not work.
favicon: {{ .Values.theme.imagery.portal.faviconIco | toJson }} favicon: {{ .Values.theme.imagery.portal.faviconIco | toJson }}
faviconSvg: {{ .Values.theme.imagery.portal.faviconSvg | toJson }}
favicon96Png: {{ .Values.theme.imagery.portal.favicon96Png | toJson }}
appleTouchIcon: {{ .Values.theme.imagery.portal.appleTouchIcon | toJson }}
webManifestIcon192: {{ .Values.theme.imagery.portal.webManifestIcon192 | toJson }}
webManifestIcon512: {{ .Values.theme.imagery.portal.webManifestIcon512 | toJson }}
# The actual `logo` is set in customizing image, the logo down here is for waiting spinner. # The actual `logo` is set in customizing image, the logo down here is for waiting spinner.
logo: {{ .Values.theme.imagery.portal.waitingSpinnerSvg | toJson }} logo: {{ .Values.theme.imagery.portal.waitingSpinnerSvg | toJson }}
backgroundImage: {{ .Values.theme.imagery.portal.backgroundSvg | toJson }} backgroundImage: {{ .Values.theme.imagery.portal.backgroundSvg | toJson }}
@@ -658,6 +432,8 @@ nubusKeycloakExtensions:
keycloak: keycloak:
auth: auth:
username: "kcadmin" username: "kcadmin"
# TODO: Pending secrets refactoring in component chart. This will refer to
# the secret generated by the keycloak subchart.
existingSecret: existingSecret:
name: "ums-opendesk-keycloak-credentials" name: "ums-opendesk-keycloak-credentials"
keyMapping: keyMapping:
@@ -669,7 +445,11 @@ nubusKeycloakExtensions:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }}
repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }} repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }}
tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }} tag: {{ .Values.images.nubusKeycloakExtensionProxy.tag }}
# NOTE: The subchart "keycloak-extensions" does not yet support
# "global.imagePullPolicy".
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
# NOTE: Remove once the keycloak-extensions subchart respects
# "global.imagePullSecrets".
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
ingress: ingress:
@@ -735,6 +515,7 @@ nubusKeycloakExtensions:
auth: auth:
database: {{ .Values.databases.keycloakExtension.name | quote }} database: {{ .Values.databases.keycloakExtension.name | quote }}
username: {{ .Values.databases.keycloakExtension.username | quote }} username: {{ .Values.databases.keycloakExtension.username | quote }}
# TODO: Pending secrets refactoring for this component chart
existingSecret: existingSecret:
name: "ums-keycloak-extensions-postgresql-opendesk-credentials" name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
keyMapping: keyMapping:
@@ -748,6 +529,7 @@ nubusKeycloakExtensions:
auth: auth:
enabled: true enabled: true
username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
# TODO: Pending secrets refactoring in the component chart
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
existingSecret: existingSecret:
name: "ums-keycloak-extensions-smtp-opendesk-credentials" name: "ums-keycloak-extensions-smtp-opendesk-credentials"
@@ -765,7 +547,11 @@ nubusKeycloakExtensions:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionHandler.registry | quote }}
repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }} repository: {{ .Values.images.nubusKeycloakExtensionHandler.repository }}
tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }} tag: {{ .Values.images.nubusKeycloakExtensionHandler.tag }}
# NOTE: The subchart "keycloak-extensions" does not yet support
# "global.imagePullPolicy".
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
# NOTE: Remove once the keycloak-extensions subchart respects
# "global.imagePullSecrets".
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations: podAnnotations:
@@ -788,9 +574,6 @@ nubusKeycloakExtensions:
annotations: annotations:
{{ .Values.annotations.nubusKeycloakExtensions.handlerServiceAccount | toYaml | nindent 8 }} {{ .Values.annotations.nubusKeycloakExtensions.handlerServiceAccount | toYaml | nindent 8 }}
nubusPortalListener:
enabled: false
nubusPortalConsumer: nubusPortalConsumer:
enabled: true enabled: true
portalConsumer: portalConsumer:
@@ -798,24 +581,12 @@ nubusPortalConsumer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
repository: {{ .Values.images.nubusPortalConsumer.repository }} repository: {{ .Values.images.nubusPortalConsumer.repository }}
tag: {{ .Values.images.nubusPortalConsumer.tag }} tag: {{ .Values.images.nubusPortalConsumer.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
pullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
assetsBaseUrl: {{ printf "https://%s.%s/univention/portal" .Values.global.hosts.nubus .Values.global.domain | quote }} assetsBaseUrl: {{ printf "https://%s.%s/univention/portal" .Values.global.hosts.nubus .Values.global.domain | quote }}
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }} logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
objectStorage: objectStorage:
auth: auth:
accessKeyId: {{ .Values.objectstores.nubus.username | quote }} accessKeyId: {{ .Values.objectstores.nubus.username | quote }}
accessKey: {{ .Values.objectstores.nubus.username | quote }}
secretAccessKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} secretAccessKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
secretKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
existingSecret:
name: "{{ .Release.Name }}-portal-consumer-minio-credentials"
keyMapping:
accessKey: "accessKey"
secretKey: "secretKey"
bucketName: {{ .Values.objectstores.nubus.bucket | quote }} bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }} endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
persistence: persistence:
@@ -846,7 +617,6 @@ nubusPortalConsumer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository }} repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }} tag: {{ .Values.images.nubusWaitForDependency.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
{{- if .Values.certificate.selfSigned }} {{- if .Values.certificate.selfSigned }}
extraVolumeMounts: extraVolumeMounts:
- name: "trusted-cert-secret-volume" - name: "trusted-cert-secret-volume"
@@ -905,9 +675,6 @@ nubusPortalServer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalServer.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalServer.registry | quote }}
repository: {{ .Values.images.nubusPortalServer.repository }} repository: {{ .Values.images.nubusPortalServer.repository }}
tag: {{ .Values.images.nubusPortalServer.tag }} tag: {{ .Values.images.nubusPortalServer.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress: ingress:
annotations: annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3" nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
@@ -915,7 +682,6 @@ nubusPortalServer:
{{- with .Values.annotations.nubusPortalServer.ingress }} {{- with .Values.annotations.nubusPortalServer.ingress }}
{{ . | toYaml | nindent 8 }} {{ . | toYaml | nindent 8 }}
{{- end }} {{- end }}
certManager: certManager:
enabled: false enabled: false
tls: tls:
@@ -933,19 +699,31 @@ nubusPortalServer:
podAnnotations: podAnnotations:
{{ .Values.annotations.nubusPortalServer.pod | toYaml | nindent 4 }} {{ .Values.annotations.nubusPortalServer.pod | toYaml | nindent 4 }}
portalServer: portalServer:
centralNavigation:
enabled: true
auth:
sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
featureToggles:
notifications_api: false
centered_layout: true
newsfeed: {{ and .Values.apps.xwiki.enabled .Values.functional.portal.newsfeed.enabled }}
umc_session_refresh: true
welcome_message: {{ .Values.functional.portal.welcomeMessage.enabled }}
newsfeed:
feedType: "xwiki"
feedUrl:
en_US: {{ printf "https://%s.%s/wiki/bin/get/Blog/BlogRss?xpage=plain&blog=openDesk.Newsfeed.WebHome" .Values.global.hosts.intercomService .Values.global.domain }}
de_DE: {{ printf "https://%s.%s/wiki/bin/get/Blog/BlogRss?xpage=plain&blog=openDesk.Newsfeed.WebHome" .Values.global.hosts.intercomService .Values.global.domain }}
homeUrl:
en_US: {{ printf "https://%s.%s/bin/view/openDesk/Newsfeed/" .Values.global.hosts.xwiki .Values.global.domain }}
de_DE: {{ printf "https://%s.%s/bin/view/openDesk/Newsfeed/" .Values.global.hosts.xwiki .Values.global.domain }}
icsSilentLoginUrl: {{ printf "https://%s.%s/silent" .Values.global.hosts.intercomService .Values.global.domain }}
objectStorageEndpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }} objectStorageEndpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }} objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
objectStorageCredentialSecret: objectStorageCredentialSecret:
name: "ums-portal-server-minio-opendesk-credentials" name: "ums-portal-server-minio-opendesk-credentials"
accessKeyKey: "access-key-id" accessKeyKey: "access-key-id"
secretKeyKey: "secret-key-id" secretKeyKey: "secret-key-id"
portalServer:
centralNavigation:
enabled: true
existingSecret:
name: "ums-opendesk-portal-server-central-navigation"
featureToggles:
notifications_api: false
replicaCount: {{ .Values.replicas.umsPortalServer }} replicaCount: {{ .Values.replicas.umsPortalServer }}
resources: resources:
{{ .Values.resources.umsPortalServer | toYaml | nindent 4 }} {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
@@ -1005,12 +783,11 @@ nubusUdmRestApi:
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.umsUdmRestApi | toYaml | nindent 6 }} {{ .Values.seLinuxOptions.umsUdmRestApi | toYaml | nindent 6 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress: ingress:
enabled: {{ .Values.functional.externalServices.nubus.udmRestApi.enabled }} enabled: {{ .Values.functional.externalServices.nubus.udmRestApi.enabled }}
annotations: annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: "64k" nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"
nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "128k"
nginx.ingress.kubernetes.io/configuration-snippet-disabled: | nginx.ingress.kubernetes.io/configuration-snippet-disabled: |
rewrite ^/univention(/udm/.*)$ $1 break; rewrite ^/univention(/udm/.*)$ $1 break;
nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/use-regex: "true"
@@ -1025,6 +802,23 @@ nubusUdmRestApi:
secretName: {{ .Values.ingress.tls.secretName | quote }} secretName: {{ .Values.ingress.tls.secretName | quote }}
initResources: initResources:
{{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }} {{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }}
waitForDependency:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }}
blocklistCleanup:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusBlocklistCleanup.registry | quote }}
repository: {{ .Values.images.nubusBlocklistCleanup.repository }}
tag: {{ .Values.images.nubusBlocklistCleanup.tag }}
ldapUpdateUniventionObjectIdentifier:
enabled: true
suspend: false
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapUpdateUniventionObjectIdentifier.registry | quote }}
repository: {{ .Values.images.nubusLdapUpdateUniventionObjectIdentifier.repository }}
tag: {{ .Values.images.nubusLdapUpdateUniventionObjectIdentifier.tag }}
persistence: persistence:
annotations: annotations:
{{ .Values.annotations.nubusUdmRestApi.persistence | toYaml | nindent 6 }} {{ .Values.annotations.nubusUdmRestApi.persistence | toYaml | nindent 6 }}
@@ -1047,7 +841,6 @@ nubusUdmRestApi:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUdmRestApi.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUdmRestApi.registry | quote }}
repository: {{ .Values.images.nubusUdmRestApi.repository }} repository: {{ .Values.images.nubusUdmRestApi.repository }}
tag: {{ .Values.images.nubusUdmRestApi.tag }} tag: {{ .Values.images.nubusUdmRestApi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
nubusLdapNotifier: nubusLdapNotifier:
additionalAnnotations: additionalAnnotations:
@@ -1070,9 +863,6 @@ nubusLdapNotifier:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapNotifier.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapNotifier.registry | quote }}
repository: {{ .Values.images.nubusLdapNotifier.repository }} repository: {{ .Values.images.nubusLdapNotifier.repository }}
tag: {{ .Values.images.nubusLdapNotifier.tag }} tag: {{ .Values.images.nubusLdapNotifier.tag }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-ldap-notifier" intents.otterize.com/service-name: "ums-ldap-notifier"
{{- with .Values.annotations.nubusLdapNotifier.pod }} {{- with .Values.annotations.nubusLdapNotifier.pod }}
@@ -1091,10 +881,6 @@ serviceAccount:
nubusLdapServer: nubusLdapServer:
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.nubusLdapServer.additional | toYaml | nindent 4 }} {{ .Values.annotations.nubusLdapServer.additional | toYaml | nindent 4 }}
global:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
additionalAnnotations: additionalAnnotations:
intents.otterize.com/service-name: "ums-ldap-server" intents.otterize.com/service-name: "ums-ldap-server"
dhInitcontainer: dhInitcontainer:
@@ -1102,20 +888,19 @@ nubusLdapServer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerDhInitContainer.registry | quote }}
repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }} repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }} tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
initResources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }} initResources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
ldapServer: ldapServer:
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServer.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServer.registry | quote }}
repository: {{ .Values.images.nubusLdapServer.repository }} repository: {{ .Values.images.nubusLdapServer.repository }}
tag: {{ .Values.images.nubusLdapServer.tag }} tag: {{ .Values.images.nubusLdapServer.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} auth:
password: {{ .Values.secrets.nubus.ldapSecret | quote }}
leaderElector: leaderElector:
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerLeaderElector.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerLeaderElector.registry | quote }}
repository: {{ .Values.images.nubusLdapServerLeaderElector.repository }} repository: {{ .Values.images.nubusLdapServerLeaderElector.repository }}
tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }} tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
persistence: persistence:
size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }} size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }} storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
@@ -1139,7 +924,6 @@ nubusLdapServer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository }} repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }} tag: {{ .Values.images.nubusWaitForDependency.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
nubusProvisioning: nubusProvisioning:
enabled: true enabled: true
@@ -1152,14 +936,16 @@ nubusProvisioning:
{{ . | toYaml | nindent 6 }} {{ . | toYaml | nindent 6 }}
{{- end }} {{- end }}
auth: auth:
adminPassword: {{ .Values.secrets.nubus.provisioning.api.adminPassword | quote }} admin:
prefillPassword: {{ .Values.secrets.nubus.provisioning.api.prefillPassword | quote}} password: {{ .Values.secrets.nubus.provisioning.api.adminPassword | quote }}
udmTransformerPassword: {{ .Values.secrets.nubus.provisioning.api.udmTransformerPassword | quote}} prefill:
password: {{ .Values.secrets.nubus.provisioning.api.prefillPassword | quote}}
eventsUdm:
password: {{ .Values.secrets.nubus.provisioning.api.udmTransformerPassword | quote}}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningEventsAndConsumerApi.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningEventsAndConsumerApi.registry | quote }}
repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }} repository: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.repository }}
tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }} tag: {{ .Values.images.nubusProvisioningEventsAndConsumerApi.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
nats: nats:
auth: auth:
password: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}} password: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}}
@@ -1191,7 +977,6 @@ nubusProvisioning:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningDispatcher.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningDispatcher.registry | quote }}
repository: {{ .Values.images.nubusProvisioningDispatcher.repository }} repository: {{ .Values.images.nubusProvisioningDispatcher.repository }}
tag: {{ .Values.images.nubusProvisioningDispatcher.tag }} tag: {{ .Values.images.nubusProvisioningDispatcher.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
nats: nats:
auth: auth:
password: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}} password: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}}
@@ -1199,11 +984,6 @@ nubusProvisioning:
{{ .Values.annotations.nubusProvisioning.dispatcherPod | toYaml | nindent 6 }} {{ .Values.annotations.nubusProvisioning.dispatcherPod | toYaml | nindent 6 }}
resources: resources:
{{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 6 }} {{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 6 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ldap:
auth:
password: {{ .Values.secrets.nubus.ldapSecret | quote }}
nats: nats:
additionalAnnotations: additionalAnnotations:
intents.otterize.com/service-name: "ums-provisioning-nats" intents.otterize.com/service-name: "ums-provisioning-nats"
@@ -1229,19 +1009,23 @@ nubusProvisioning:
runAsNonRoot: true runAsNonRoot: true
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.umsProvisioningNats | toYaml | nindent 8 }} {{ .Values.seLinuxOptions.umsProvisioningNats | toYaml | nindent 8 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
nats: nats:
image: image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNats.registry | quote }} registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNats.registry | quote }}
repository: {{ .Values.images.nubusNats.repository }} repository: {{ .Values.images.nubusNats.repository }}
tag: {{ .Values.images.nubusNats.tag }} tag: {{ .Values.images.nubusNats.tag }}
# NOTE: The subchart does not yet fully support
# "global.imagePullPolicy". This can be removed once the subchart has
# been adjusted.
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
natsBox: natsBox:
image: image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsBox.registry | quote }} registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsBox.registry | quote }}
repository: {{ .Values.images.nubusNatsBox.repository }} repository: {{ .Values.images.nubusNatsBox.repository }}
tag: {{ .Values.images.nubusNatsBox.tag }} tag: {{ .Values.images.nubusNatsBox.tag }}
# NOTE: The subchart does not yet fully support
# "global.imagePullPolicy". This can be removed once the subchart has
# been adjusted.
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
persistence: persistence:
size: {{ .Values.persistence.storages.nubusProvisioningNats.size }} size: {{ .Values.persistence.storages.nubusProvisioningNats.size }}
@@ -1251,6 +1035,9 @@ nubusProvisioning:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsReloader.registry | quote }} registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsReloader.registry | quote }}
repository: {{ .Values.images.nubusNatsReloader.repository }} repository: {{ .Values.images.nubusNatsReloader.repository }}
tag: {{ .Values.images.nubusNatsReloader.tag }} tag: {{ .Values.images.nubusNatsReloader.tag }}
# NOTE: The subchart does not yet fully support
# "global.imagePullPolicy". This can be removed once the subchart has
# been adjusted.
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
resources: resources:
{{ .Values.resources.umsProvisioningNats | toYaml | nindent 6 }} {{ .Values.resources.umsProvisioningNats | toYaml | nindent 6 }}
@@ -1268,7 +1055,6 @@ nubusProvisioning:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningPrefill.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningPrefill.registry | quote }}
repository: {{ .Values.images.nubusProvisioningPrefill.repository }} repository: {{ .Values.images.nubusProvisioningPrefill.repository }}
tag: {{ .Values.images.nubusProvisioningPrefill.tag }} tag: {{ .Values.images.nubusProvisioningPrefill.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
nats: nats:
auth: auth:
password: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}} password: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}}
@@ -1286,7 +1072,6 @@ nubusProvisioning:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmTransformer.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmTransformer.registry | quote }}
repository: {{ .Values.images.nubusProvisioningUdmTransformer.repository }} repository: {{ .Values.images.nubusProvisioningUdmTransformer.repository }}
tag: {{ .Values.images.nubusProvisioningUdmTransformer.tag }} tag: {{ .Values.images.nubusProvisioningUdmTransformer.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
nats: nats:
auth: auth:
password: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}} password: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}}
@@ -1311,13 +1096,12 @@ nubusProvisioning:
existingSecret: existingSecret:
name: ums-provisioning-ox-credentials name: ums-provisioning-ox-credentials
keyMapping: keyMapping:
password: "ox-connector.json" registration: "ox-connector.json"
{{- end }} {{- end }}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository }} repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }} tag: {{ .Values.images.nubusWaitForDependency.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-provisioning-register-consumers" intents.otterize.com/service-name: "ums-provisioning-register-consumers"
{{- with .Values.annotations.nubusProvisioning.registerConsumersPod }} {{- with .Values.annotations.nubusProvisioning.registerConsumersPod }}
@@ -1354,9 +1138,14 @@ nubusUdmListener:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmListener.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmListener.registry | quote }}
repository: {{ .Values.images.nubusProvisioningUdmListener.repository }} repository: {{ .Values.images.nubusProvisioningUdmListener.repository }}
tag: {{ .Values.images.nubusProvisioningUdmListener.tag }} tag: {{ .Values.images.nubusProvisioningUdmListener.tag }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }} waitForDependency:
imagePullSecrets: image:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }}
persistence:
size: {{ .Values.persistence.storages.nubusUdmListener.size | quote }}
# storageClass: -- coalesce .Values.persistence.storages.nubusUdmListener.storageClassName .Values.persistence.storageClassNames.RWO | quote --
podAnnotations: podAnnotations:
{{ .Values.annotations.nubusUdmListener.pod | toYaml | nindent 4 }} {{ .Values.annotations.nubusUdmListener.pod | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.umsUdmListener }} replicaCount: {{ .Values.replicas.umsUdmListener }}
@@ -1369,13 +1158,6 @@ nubusUdmListener:
annotations: annotations:
{{ .Values.annotations.nubusUdmListener.serviceAccount | toYaml | nindent 6 }} {{ .Values.annotations.nubusUdmListener.serviceAccount | toYaml | nindent 6 }}
nubusSelfServiceListener:
enabled: false
resources:
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
resourcesWaitForDependency:
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
nubusSelfServiceConsumer: nubusSelfServiceConsumer:
enabled: true enabled: true
containerSecurityContext: containerSecurityContext:
@@ -1396,9 +1178,6 @@ nubusSelfServiceConsumer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfServiceConsumer.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfServiceConsumer.registry | quote }}
repository: {{ .Values.images.nubusSelfServiceConsumer.repository }} repository: {{ .Values.images.nubusSelfServiceConsumer.repository }}
tag: {{ .Values.images.nubusSelfServiceConsumer.tag }} tag: {{ .Values.images.nubusSelfServiceConsumer.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
podAnnotations: podAnnotations:
intents.otterize.com/service-name: "ums-selfservice-listener" intents.otterize.com/service-name: "ums-selfservice-listener"
{{- with .Values.annotations.nubusSelfserviceConsumer.pod }} {{- with .Values.annotations.nubusSelfserviceConsumer.pod }}
@@ -1420,7 +1199,6 @@ nubusSelfServiceConsumer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository }} repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }} tag: {{ .Values.images.nubusWaitForDependency.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
# Nubus services # Nubus services
nubusStackDataUms: nubusStackDataUms:
@@ -1449,7 +1227,8 @@ nubusStackDataUms:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
repository: {{ .Values.images.nubusDataLoader.repository }} repository: {{ .Values.images.nubusDataLoader.repository }}
tag: {{ .Values.images.nubusDataLoader.tag }} tag: {{ .Values.images.nubusDataLoader.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
# TODO: Are these used for anything?
nubusPortalConsumer: nubusPortalConsumer:
objectStorage: objectStorage:
bucketName: {{ .Values.objectstores.nubus.bucket | quote }} bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
@@ -1458,6 +1237,7 @@ nubusStackDataUms:
objectStorage: objectStorage:
bucketName: {{ .Values.objectstores.nubus.bucket | quote }} bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }} endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
initResources: initResources:
{{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }} {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
# In openDesk the external memcache does not expect a username to be set. Overwriting # In openDesk the external memcache does not expect a username to be set. Overwriting
@@ -1475,17 +1255,16 @@ nubusStackDataUms:
host: {{ .Values.databases.umsSelfservice.host | quote }} host: {{ .Values.databases.umsSelfservice.host | quote }}
podAnnotations: podAnnotations:
{{ .Values.annotations.nubusStackDataUms.pod | toYaml | nindent 4 }} {{ .Values.annotations.nubusStackDataUms.pod | toYaml | nindent 4 }}
pullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
resources: resources:
{{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }} {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
stackDataContext: stackDataContext:
umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }}
umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }}
umcMemcachedHostname: {{ .Values.cache.umsSelfservice.host | quote }}
umcMemcachedUsername: ""
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }} externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}" umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}"
# NOTE: The sub-chart is not yet properly respecting the configuration of
# "global.subDomains.portal". This value should be removed once this is
# supported in the sub-chart.
ldapSamlSpUrls: {{ printf "https://%s.%s/univention/saml/metadata" .Values.global.hosts.nubus .Values.global.domain | quote }}
portalFqdn: {{ printf "%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }} smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
smtpPort: 25 smtpPort: 25
smtpUser: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} smtpUser: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
@@ -1524,8 +1303,11 @@ nubusStackDataUms:
portalNotesLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain }} portalNotesLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain }}
portalTitleDE: "Portal - {{ .Values.theme.texts.productName }}" portalTitleDE: "Portal - {{ .Values.theme.texts.productName }}"
portalTitleEN: "Portal - {{ .Values.theme.texts.productName }}" portalTitleEN: "Portal - {{ .Values.theme.texts.productName }}"
portalLinkLegalNotice: {{ .Values.functional.portal.linkLegalNotice }} portalLinkLegalNotice: {{ .Values.functional.portal.linkLegalNotice | quote }}
portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }} portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement | quote }}
portalLinkDocumentation: {{ .Values.functional.portal.linkDocumentation | quote }}
portalLinkSupport: {{ .Values.functional.portal.linkSupport | quote }}
portalLinkFeedback: {{ .Values.functional.portal.linkFeedback | quote }}
oxDefaultContext: "1" oxDefaultContext: "1"
oxContextHidden: true oxContextHidden: true
ldapSearchUsers: ldapSearchUsers:
@@ -1599,12 +1381,12 @@ nubusUmcServer:
capabilities: capabilities:
drop: drop:
- "ALL" - "ALL"
runAsUser: 0 runAsUser: 999
runAsGroup: 0 runAsGroup: 999
seccompProfile: seccompProfile:
type: "RuntimeDefault" type: "RuntimeDefault"
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: false runAsNonRoot: true
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }} {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
containerSecurityContextSssd: containerSecurityContextSssd:
@@ -1638,10 +1420,6 @@ nubusUmcServer:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcServer.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcServer.registry | quote }}
repository: {{ .Values.images.nubusUmcServer.repository }} repository: {{ .Values.images.nubusUmcServer.repository }}
tag: {{ .Values.images.nubusUmcServer.tag }} tag: {{ .Values.images.nubusUmcServer.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress: ingress:
annotations: annotations:
nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/use-regex: "true"
@@ -1660,10 +1438,7 @@ nubusUmcServer:
bundled: false bundled: false
server: {{ .Values.cache.umsSelfservice.host | quote }} server: {{ .Values.cache.umsSelfservice.host | quote }}
auth: auth:
existingSecret: password: ""
name: "ums-umc-server-memcached-opendesk-credentials"
keyMapping:
memcached-password: "umcServerMemcachedPassword"
podAnnotations: podAnnotations:
{{ .Values.annotations.nubusUmcServer.pod | toYaml | nindent 4 }} {{ .Values.annotations.nubusUmcServer.pod | toYaml | nindent 4 }}
postgresql: postgresql:
@@ -1674,16 +1449,17 @@ nubusUmcServer:
auth: auth:
username: {{ .Values.databases.umsSelfservice.username | quote }} username: {{ .Values.databases.umsSelfservice.username | quote }}
database: {{ .Values.databases.umsSelfservice.name | quote }} database: {{ .Values.databases.umsSelfservice.name | quote }}
password: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }}
# NOTE: Nubus has still an existing secret configured for legacy reasons.
# This disables the existing secret and ensures that the value from above
# is used.
existingSecret: existingSecret:
name: "ums-umc-server-postgresql-opendesk-credentials" name: null
keyMapping:
password: "umcServerDatabasePassword"
proxy: proxy:
image: image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusUmcServerProxy.registry | quote }} registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusUmcServerProxy.registry | quote }}
repository: {{ .Values.images.nubusUmcServerProxy.repository }} repository: {{ .Values.images.nubusUmcServerProxy.repository }}
tag: {{ .Values.images.nubusUmcServerProxy.tag }} tag: {{ .Values.images.nubusUmcServerProxy.tag }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
replicaCount: {{ .Values.replicas.umsUmcServerProxy }} replicaCount: {{ .Values.replicas.umsUmcServerProxy }}
replicaCount: {{ .Values.replicas.umsUmcServer }} replicaCount: {{ .Values.replicas.umsUmcServer }}
resources: resources:
@@ -1708,8 +1484,8 @@ nubusUmcServer:
annotations: annotations:
{{ .Values.annotations.nubusUmcServer.serviceAccount | toYaml | nindent 6 }} {{ .Values.annotations.nubusUmcServer.serviceAccount | toYaml | nindent 6 }}
smtp: smtp:
existingSecret: auth:
name: "ums-umc-server-smtp-credentials-custom" password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
nubusUmcGateway: nubusUmcGateway:
containerSecurityContext: containerSecurityContext:
@@ -1730,10 +1506,6 @@ nubusUmcGateway:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcGateway.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUmcGateway.registry | quote }}
repository: {{ .Values.images.nubusUmcGateway.repository }} repository: {{ .Values.images.nubusUmcGateway.repository }}
tag: {{ .Values.images.nubusUmcGateway.tag }} tag: {{ .Values.images.nubusUmcGateway.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress: ingress:
annotations: annotations:
nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/use-regex: "true"
@@ -1771,6 +1543,9 @@ nubusKeycloakBootstrap:
twoFactorAuthentication: twoFactorAuthentication:
enabled: true enabled: true
group: "2fa-users" group: "2fa-users"
config:
debug:
enabled: {{ .Values.debug.enabled }}
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -1789,9 +1564,10 @@ nubusKeycloakBootstrap:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
repository: {{ .Values.images.nubusKeycloakBootstrap.repository }} repository: {{ .Values.images.nubusKeycloakBootstrap.repository }}
tag: {{ .Values.images.nubusKeycloakBootstrap.tag }} tag: {{ .Values.images.nubusKeycloakBootstrap.tag }}
# NOTE: The subchart does not yet fully support
# "global.imagePullPolicy". This can be removed once the subchart has
# been adjusted.
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
keycloak: keycloak:
auth: auth:
username: "kcadmin" username: "kcadmin"
@@ -1814,6 +1590,9 @@ nubusKeycloakBootstrap:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository }} repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }} tag: {{ .Values.images.nubusWaitForDependency.tag }}
# NOTE: The subchart does not yet fully support
# "global.imagePullPolicy". This can be removed once the subchart has
# been adjusted.
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
serviceAccount: serviceAccount:
annotations: annotations:
@@ -1821,9 +1600,6 @@ nubusKeycloakBootstrap:
# Credential secrets for accessing customer supplied services # Credential secrets for accessing customer supplied services
extraSecrets: extraSecrets:
- name: "ums-opendesk-portal-server-central-navigation"
stringData:
password: {{ .Values.secrets.centralnavigation.apiKey | quote }}
- name: "ums-opendesk-guardian-client-secret" - name: "ums-opendesk-guardian-client-secret"
stringData: stringData:
managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
@@ -1836,15 +1612,6 @@ extraSecrets:
- name: "ums-guardian-postgresql-opendesk-credentials" - name: "ums-guardian-postgresql-opendesk-credentials"
stringData: stringData:
guardianDatabasePassword: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }} guardianDatabasePassword: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
- name: "ums-notifications-api-postgresql-opendesk-credentials"
stringData:
password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
- name: "ums-umc-server-postgresql-opendesk-credentials"
stringData:
umcServerDatabasePassword: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }}
- name: "ums-umc-server-memcached-opendesk-credentials"
stringData:
umcServerMemcachedPassword: ""
- name: "ums-keycloak-extensions-postgresql-opendesk-credentials" - name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
stringData: stringData:
umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
@@ -1854,13 +1621,6 @@ extraSecrets:
- name: "ums-keycloak-bootstrap-ldap-opendesk-credentials" - name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
stringData: stringData:
password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }} password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
- name: "ums-portal-server-minio-opendesk-credentials"
stringData:
access-key-id: {{ .Values.objectstores.nubus.username | quote }}
secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
- name: "ums-umc-server-smtp-credentials-custom"
stringData:
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
- name: "ums-provisioning-ox-credentials" - name: "ums-provisioning-ox-credentials"
stringData: stringData:
ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }" ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }"

6
helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: "{{ .Values.global.domain }}" domain: "{{ .Values.global.domain }}"

12
helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.dovecot.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.dovecot.registry | quote }}
@@ -39,11 +37,11 @@ dovecot:
bucket: {{ .Values.objectstores.dovecot.bucket | quote }} bucket: {{ .Values.objectstores.dovecot.bucket | quote }}
encryption: encryption:
privateKey: privateKey:
value: {{ env "DOVECOT_CRYPT_PRIVATE_KEY" | quote }} value: {{ requiredEnv "DOVECOT_CRYPT_PRIVATE_KEY" | quote }}
publicKey: publicKey:
value: {{ env "DOVECOT_CRYPT_PUBLIC_KEY" | quote }} value: {{ requiredEnv "DOVECOT_CRYPT_PUBLIC_KEY" | quote }}
fqdn: {{ .Values.objectstores.dovecot.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} fqdn: {{ .Values.objectstores.dovecot.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
username: {{ .Values.objectstores.dovecot.username | quote }} username: {{ .Values.objectstores.dovecot.username | quote }}
password: password:
value: {{ .Values.secrets.minio.dovecotUser | quote }} value: {{ .Values.objectstores.dovecot.secretKey | default .Values.secrets.minio.dovecotUser | quote }}
... ...

8
helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
commonAnnotations: commonAnnotations:
{{ .Values.annotations.openxchangeDovecot.common | toYaml | nindent 2 }} {{ .Values.annotations.openxchangeDovecot.common | toYaml | nindent 2 }}

12
helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
argocd.argoproj.io/hook: "Sync" argocd.argoproj.io/hook: "Sync"
@@ -42,4 +40,8 @@ serviceAccount:
annotations: annotations:
{{ .Values.annotations.openxchangeBootstrap.serviceAccount | toYaml | nindent 4 }} {{ .Values.annotations.openxchangeBootstrap.serviceAccount | toYaml | nindent 4 }}
filestore:
# identifier must match identifier in /opt/open-xchange/etc/filestore-s3.properties
identifier: "ox-filestore-s3"
size: {{ .Values.objectstores.openxchange.maxSize }}
... ...

12
helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
appsuite: appsuite:
core-mw: core-mw:
@@ -39,6 +37,7 @@ appsuite:
uiSettings: uiSettings:
# Enterprise contact picker # Enterprise contact picker
io.ox/core//features/enterprisePicker/enabled: "true" io.ox/core//features/enterprisePicker/enabled: "true"
io.ox/contacts//search/fields: 'email1,email2'
yamlFiles: yamlFiles:
contacts-provider-ldap.yml: contacts-provider-ldap.yml:
@@ -286,6 +285,7 @@ appsuite:
givenname: "givenName" givenname: "givenName"
surname: "sn" surname: "sn"
email1: "mailPrimaryAddress" email1: "mailPrimaryAddress"
email2: "mailAlternativeAddress"
department: "oxDepartment,department" department: "oxDepartment,department"
company: "oxCompany,o" company: "oxCompany,o"
branches: "oxBranches" branches: "oxBranches"
@@ -297,8 +297,6 @@ appsuite:
city_home: "oxCityHome" city_home: "oxCityHome"
commercial_register: "oxCommercialRegister" commercial_register: "oxCommercialRegister"
country_home: "oxCountryHome" country_home: "oxCountryHome"
email2: "oxEmail2"
email3: "oxEmail3"
employeetype: "employeeType" employeetype: "employeeType"
fax_business: "oxFaxBusiness,facsimileTelehoneNumber" fax_business: "oxFaxBusiness,facsimileTelehoneNumber"
fax_home: "oxFaxHome" fax_home: "oxFaxHome"

6
helmfile/apps/open-xchange/values-openxchange-enterprise.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
appsuite: appsuite:
plugins-ui: plugins-ui:

25
helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
@@ -295,6 +293,8 @@ appsuite:
open-xchange-oauth-provider: "enabled" open-xchange-oauth-provider: "enabled"
# Needed to set com.openexchange.hostname # Needed to set com.openexchange.hostname
open-xchange-hostname-config-cascade: "enabled" open-xchange-hostname-config-cascade: "enabled"
# Enable s3 storage
open-xchange-filestore-s3: "enabled"
properties: properties:
com.openexchange.hostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }} com.openexchange.hostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
com.openexchange.UIWebPath: "/appsuite/" com.openexchange.UIWebPath: "/appsuite/"
@@ -408,7 +408,7 @@ appsuite:
# Usage (in browser console after login): # Usage (in browser console after login):
# http = (await import('./io.ox/core/http.js')).default # http = (await import('./io.ox/core/http.js')).default
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } }) # await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
com.openexchange.smime.test: "true" com.openexchange.smime.test: {{ .Values.debug.enabled | quote }}
# DAV # DAV
{{- if .Values.functional.groupware.davSupport.enabled }} {{- if .Values.functional.groupware.davSupport.enabled }}
com.openexchange.caldav.enabled: "true" com.openexchange.caldav.enabled: "true"
@@ -479,6 +479,11 @@ appsuite:
com.openexchange.antivirus.port: "1344" com.openexchange.antivirus.port: "1344"
{{- end }} {{- end }}
com.openexchange.antivirus.maxFileSize: "1024" com.openexchange.antivirus.maxFileSize: "1024"
/opt/open-xchange/etc/filestore-s3.properties:
com.openexchange.filestore.s3.ox-filestore-s3.endpoint: {{ .Values.objectstores.openxchange.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
com.openexchange.filestore.s3.ox-filestore-s3.bucketName: {{ .Values.objectstores.openxchange.bucket | quote }}
com.openexchange.filestore.s3.ox-filestore-s3.accessKey: {{ .Values.objectstores.openxchange.username | quote }}
com.openexchange.filestore.s3.ox-filestore-s3.secretKey: {{ .Values.objectstores.openxchange.secretKey | default .Values.secrets.minio.openxchangeUser | quote }}
uiSettings: uiSettings:
io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/" io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/" io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
@@ -647,6 +652,10 @@ appsuite:
cache: cache:
remoteCache: remoteCache:
enabled: false enabled: false
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }}
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }} repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
@@ -733,6 +742,10 @@ appsuite:
adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }} adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
basicAuthLogin: "oxlogin" basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }} basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }}
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }} repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}

8
helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
{{- if .Values.certificate.selfSigned }} {{- if .Values.certificate.selfSigned }}
extraVolumes: extraVolumes:

8
helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
certificate: certificate:
secretName: {{ .Values.ingress.tls.secretName | quote }} secretName: {{ .Values.ingress.tls.secretName | quote }}

4
helmfile/apps/opendesk-migrations-post/values.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/*
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.opendeskMigrationsPost.additional | toYaml | nindent 2 }} {{ .Values.annotations.opendeskMigrationsPost.additional | toYaml | nindent 2 }}

4
helmfile/apps/opendesk-migrations-pre/values.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/*
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.opendeskMigrationsPre.additional | toYaml | nindent 2 }} {{ .Values.annotations.opendeskMigrationsPre.additional | toYaml | nindent 2 }}

10
helmfile/apps/opendesk-openproject-bootstrap/values.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}
@@ -25,7 +23,7 @@ config:
openproject: openproject:
fileshareName: "Nextcloud at {{ .Values.global.domain }}" fileshareName: "Nextcloud at {{ .Values.global.domain }}"
admin: admin:
username: username:
value: {{ .Values.secrets.openproject.apiAdminUsername | quote }} value: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
password: password:
value: {{ .Values.secrets.openproject.apiAdminPassword | quote }} value: {{ .Values.secrets.openproject.apiAdminPassword | quote }}

31
helmfile/apps/opendesk-services/values-certificates.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}
@@ -23,8 +21,9 @@ global:
synapseFederation: {{ .Values.global.hosts.synapseFederation }} synapseFederation: {{ .Values.global.hosts.synapseFederation }}
whiteboard: {{ .Values.global.hosts.whiteboard }} whiteboard: {{ .Values.global.hosts.whiteboard }}
{{- end }} {{- end }}
{{- if .Values.apps.nubus.enabled }} {{- if .Values.apps.elementAdmin.enabled }}
intercomService: {{ .Values.global.hosts.intercomService }} adminBot: {{ .Values.global.hosts.adminBot }}
synapseAdmin: {{ .Values.global.hosts.synapseAdmin }}
{{- end }} {{- end }}
{{- if .Values.apps.jitsi.enabled }} {{- if .Values.apps.jitsi.enabled }}
jitsi: {{ .Values.global.hosts.jitsi }} jitsi: {{ .Values.global.hosts.jitsi }}
@@ -36,23 +35,27 @@ global:
{{- if .Values.apps.nextcloud.enabled }} {{- if .Values.apps.nextcloud.enabled }}
nextcloud: {{ .Values.global.hosts.nextcloud }} nextcloud: {{ .Values.global.hosts.nextcloud }}
{{- end }} {{- end }}
{{- if .Values.apps.notes.enabled }}
notes: {{ .Values.global.hosts.notes }}
{{- end }}
{{- if .Values.apps.nubus.enabled }}
intercomService: {{ .Values.global.hosts.intercomService }}
keycloak: {{ .Values.global.hosts.keycloak }}
nubus: {{ .Values.global.hosts.nubus }}
{{- end }}
{{- if .Values.apps.openproject.enabled }} {{- if .Values.apps.openproject.enabled }}
openproject: {{ .Values.global.hosts.openproject }} openproject: {{ .Values.global.hosts.openproject }}
{{- end }} {{- end }}
{{- if .Values.apps.oxAppSuite.enabled }} {{- if .Values.apps.oxAppSuite.enabled }}
openxchange: {{ .Values.global.hosts.openxchange }} openxchange: {{ .Values.global.hosts.openxchange }}
openxchangeDav: {{ .Values.global.hosts.openxchangeDav }}
{{- end }} {{- end }}
{{- if .Values.apps.nubus.enabled }} {{- if .Values.apps.staticFiles.enabled }}
keycloak: {{ .Values.global.hosts.keycloak }} static: {{ .Values.global.hosts.static }}
nubus: {{ .Values.global.hosts.nubus }}
{{- end }} {{- end }}
{{- if .Values.apps.xwiki.enabled }} {{- if .Values.apps.xwiki.enabled }}
xwiki: {{ .Values.global.hosts.xwiki }} xwiki: {{ .Values.global.hosts.xwiki }}
{{- end }} {{- end }}
{{- if .Values.apps.notes.enabled }}
notes: {{ .Values.global.hosts.notes }}
{{- end }}
issuerRef: issuerRef:
name: {{ .Values.certificate.issuerRef.name | quote }} name: {{ .Values.certificate.issuerRef.name | quote }}

6
helmfile/apps/opendesk-services/values-home.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.opendeskServicesHome.additional | toYaml | nindent 2 }} {{ .Values.annotations.opendeskServicesHome.additional | toYaml | nindent 2 }}

6
helmfile/apps/opendesk-services/values-opendesk-alerts.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.monitoring.prometheus.prometheusRules.annotations | toYaml | nindent 2 }} {{ .Values.monitoring.prometheus.prometheusRules.annotations | toYaml | nindent 2 }}

8
helmfile/apps/opendesk-services/values-opendesk-dashboards.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.monitoring.grafana.dashboards.annotations | toYaml | nindent 2 }} {{ .Values.monitoring.grafana.dashboards.annotations | toYaml | nindent 2 }}

6
helmfile/apps/opendesk-services/values-opendesk-static-files.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

6
helmfile/apps/opendesk-services/values-otterize.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
domain: {{ .Values.global.domain | quote }} domain: {{ .Values.global.domain | quote }}

8
helmfile/apps/openproject/values.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
global: global:
imagePullSecrets: imagePullSecrets:

6
helmfile/apps/services-external/values-cassandra.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true

8
helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
clamd: clamd:
commonAnnotations: commonAnnotations:

8
helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
commonAnnotations: commonAnnotations:
{{ .Values.annotations.servicesExternalClamavSimple.common | toYaml | nindent 2 }} {{ .Values.annotations.servicesExternalClamavSimple.common | toYaml | nindent 2 }}

8
helmfile/apps/services-external/values-dkimpy.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
additionalAnnotations: additionalAnnotations:
{{ .Values.annotations.servicesExternalDkimpy.additional | toYaml | nindent 2 }} {{ .Values.annotations.servicesExternalDkimpy.additional | toYaml | nindent 2 }}

8
helmfile/apps/services-external/values-mariadb.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}

8
helmfile/apps/services-external/values-memcached.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
architecture: {{ if gt .Values.replicas.memcached 1 }}"high-availability"{{ else }}"standalone"{{ end }} architecture: {{ if gt .Values.replicas.memcached 1 }}"high-availability"{{ else }}"standalone"{{ end }}

29
helmfile/apps/services-external/values-minio.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
apiIngress: apiIngress:
enabled: {{ .Values.ingress.enabled }} enabled: {{ .Values.ingress.enabled }}
@@ -124,6 +122,9 @@ provisioning:
- name: {{ .Values.objectstores.openproject.bucket | quote }} - name: {{ .Values.objectstores.openproject.bucket | quote }}
versioning: "Suspended" versioning: "Suspended"
withLock: false withLock: false
- name: {{ .Values.objectstores.openxchange.bucket | quote }}
versioning: "Suspended"
withLock: false
- name: {{ .Values.objectstores.nubus.bucket | quote }} - name: {{ .Values.objectstores.nubus.bucket | quote }}
versioning: "Suspended" versioning: "Suspended"
withLock: false withLock: false
@@ -183,6 +184,18 @@ provisioning:
effect: "Allow" effect: "Allow"
actions: actions:
- "s3:*" - "s3:*"
- name: "openxchange-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::openxchange"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::openxchange/*"
effect: "Allow"
actions:
- "s3:*"
- name: "ums-bucket-policy" - name: "ums-bucket-policy"
statements: statements:
- resources: - resources:
@@ -234,6 +247,12 @@ provisioning:
policies: policies:
- "openproject-bucket-policy" - "openproject-bucket-policy"
setPolicies: true setPolicies: true
- username: {{ .Values.objectstores.openxchange.username | quote }}
password: {{ .Values.secrets.minio.openxchangeUser | quote }}
disabled: false
policies:
- "openxchange-bucket-policy"
setPolicies: true
- username: {{ .Values.objectstores.nubus.username | quote }} - username: {{ .Values.objectstores.nubus.username | quote }}
password: {{ .Values.secrets.minio.umsUser | quote }} password: {{ .Values.secrets.minio.umsUser | quote }}
disabled: false disabled: false

8
helmfile/apps/services-external/values-postfix.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
certificate: certificate:
secretName: {{ .Values.ingress.tls.secretName | quote }} secretName: {{ .Values.ingress.tls.secretName | quote }}

8
helmfile/apps/services-external/values-postgresql.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}

8
helmfile/apps/services-external/values-redis.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
architecture: "standalone" architecture: "standalone"

8
helmfile/apps/xwiki/values.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
commonAnnotations: commonAnnotations:
{{ .Values.annotations.xwiki.common | toYaml | nindent 2 }} {{ .Values.annotations.xwiki.common | toYaml | nindent 2 }}

3
helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl
View File

@@ -12,5 +12,6 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror" repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror"
name: "appsuite-public-sector-pro-chart" name: "appsuite-public-sector-pro-chart"
version: "1.17.292" version: "1.18.273"
verify: false verify: false
...

6
helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl
View File

@@ -5,7 +5,7 @@ images:
collabora: collabora:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk" repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
tag: "24.04.13.4.1@sha256:4d4f88fa244280f6116b072a923ee7e5c183ab30ee9759952f9b6aa802802300" tag: "25.04.2.3.1@sha256:b6dbe27d7242488dfdb400219abbc6c97fb83df029975e1127f52abc8444475e"
dovecot: dovecot:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro" repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
@@ -13,9 +13,9 @@ images:
nextcloud: nextcloud:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud" repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
tag: "30.0.10@sha256:a63374dd44d3c6a8873da31fe0554b97fb29993a4cf18b9dd6a304b577f2f2b8" tag: "31.0.6@sha256:eb1fd84f39a9ff36bd1251ef4bc00b2a838bc2f9fb6df2b18b1a70ae72fac022"
openxchangeCoreMW: openxchangeCoreMW:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro" repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"
tag: "8.37.69@sha256:40908484e71bc45ad23598685b0519d82fc9e3cf372e00fe38befe9196cf84e2" tag: "8.38.73@sha256:2ddd6ce6e33a77aadc6043ad01026afbea09d28f7b0c469ab6fd412fb4ca8792"
... ...

7
helmfile/environments/default/_helper.yaml.gotmpl
View File

@@ -1,5 +1,12 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
#
# DISCLAIMER:
#
# The values in this file are exposed because they are used in multiple components and it does make sense to define
# them centrally, but we do not support changing these values, please leave them as they are.
#
--- ---
ldap: ldap:
host: "ums-ldap-server" host: "ums-ldap-server"

8
helmfile/environments/default/annotations.yaml.gotmpl
View File

@@ -117,6 +117,14 @@ annotations:
nextcloudNextcloudMgmt: nextcloudNextcloudMgmt:
additional: ~ additional: ~
pod: ~ pod: ~
service: ~
serviceAccount: ~
nextcloudNotifyPush:
additional: ~
ingress: ~
pod: ~
service: ~
serviceMetrics: ~
serviceAccount: ~ serviceAccount: ~
notes: notes:
ingressAdmin: ~ ingressAdmin: ~

28
helmfile/environments/default/charts.yaml.gotmpl
View File

@@ -56,7 +56,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/collabora/charts-mirror" repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
name: "collabora-online" name: "collabora-online"
version: "1.1.38" version: "1.1.41"
verify: true verify: true
collaboraController: collaboraController:
# Enterprise Component # Enterprise Component
@@ -65,7 +65,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror" repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
name: "cool-controller" name: "cool-controller"
version: "1.1.2" version: "1.1.6"
verify: false verify: false
cryptpad: cryptpad:
# providerCategory: "Supplier" # providerCategory: "Supplier"
@@ -231,7 +231,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations" repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
name: "opendesk-migrations" name: "opendesk-migrations"
version: "1.6.0" version: "1.7.4"
verify: true verify: true
minio: minio:
# providerCategory: "Community" # providerCategory: "Community"
@@ -251,7 +251,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
name: "opendesk-nextcloud" name: "opendesk-nextcloud"
version: "4.1.0" version: "4.2.0"
verify: true verify: true
nextcloudManagement: nextcloudManagement:
# providerCategory: "Platform" # providerCategory: "Platform"
@@ -261,7 +261,17 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
name: "opendesk-nextcloud-management" name: "opendesk-nextcloud-management"
version: "4.1.0" version: "4.2.0"
verify: true
nextcloudNotifyPush:
# providerCategory: "Platform"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry.opencode.de"
# packageName=bmi/opendesk/components/platform-development/charts/opendesk-nextcloud/opendesk-nextcloud-notifypush
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
name: "opendesk-nextcloud-notifypush"
version: "4.2.0"
verify: true verify: true
nginx: nginx:
# providerCategory: "Community" # providerCategory: "Community"
@@ -303,7 +313,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror" repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "nubus" name: "nubus"
version: "1.9.1" version: "1.11.2"
verify: true verify: true
opendeskAlerts: opendeskAlerts:
# providerCategory: "Platform" # providerCategory: "Platform"
@@ -355,7 +365,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/openproject/charts-mirror" repository: "bmi/opendesk/components/supplier/openproject/charts-mirror"
name: "openproject" name: "openproject"
version: "10.0.3" version: "10.1.0"
verify: true verify: true
openprojectBootstrap: openprojectBootstrap:
# providerCategory: "Platform" # providerCategory: "Platform"
@@ -387,7 +397,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror" repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
name: "appsuite-public-sector" name: "appsuite-public-sector"
version: "2.19.262" version: "2.20.247"
verify: false verify: false
oxAppSuiteBootstrap: oxAppSuiteBootstrap:
# providerCategory: "Platform" # providerCategory: "Platform"
@@ -397,7 +407,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap" repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
name: "opendesk-open-xchange-bootstrap" name: "opendesk-open-xchange-bootstrap"
version: "2.1.2" version: "3.0.1"
verify: true verify: true
oxConnector: oxConnector:
# providerCategory: "Supplier" # providerCategory: "Supplier"

3
helmfile/environments/default/customization.yaml.gotmpl
View File

@@ -46,8 +46,9 @@ customization:
# migrations-pre # migrations-pre
migrationsPre: {} migrationsPre: {}
# nextcloud # nextcloud
opendeskNextcloudManagement: {}
opendeskNextcloud: {} opendeskNextcloud: {}
opendeskNextcloudManagement: {}
opendeskNextcloudNotifyPush: {}
# notes # notes
notes: {} notes: {}
# nubus # nubus

14
helmfile/environments/default/functional.yaml.gotmpl
View File

@@ -168,6 +168,20 @@ functional:
linkLegalNotice: "https://opendesk.eu/impressum" linkLegalNotice: "https://opendesk.eu/impressum"
# Link to the privacy statement shown in the portal menu, set to "~" if you want to remove the link # Link to the privacy statement shown in the portal menu, set to "~" if you want to remove the link
linkPrivacyStatement: "https://zendis.de/datenschutzerklaerung" linkPrivacyStatement: "https://zendis.de/datenschutzerklaerung"
# Link to documentation, shown in the right lower corner of the portal, set to "~" if you want to remove the link
linkDocumentation: "https://docs.opendesk.eu/"
# Link to support, shown in the right lower corner of the portal, set to "~" if you want to remove the link
linkSupport: "https://opendesk.eu/support"
# Link to feedback, shown in the right lower corner of the portal, set to "~" if you want to remove the link
linkFeedback: "https://opendesk.eu/feedback"
# Newsfeed related settings
newsfeed:
# Newsfeed is enabled by default, when XWiki is also deployed, you can forcefully disable the newsfeed
enabled: true
# Welcome message related settings
welcomeMessage:
# Welcome message is enabled by default and can be switched off below.
enabled: true
weboffice: weboffice:
# Set the file format to be used by default when creating new documents from the portal or the Nextcloud app. # Set the file format to be used by default when creating new documents from the portal or the Nextcloud app.

2
helmfile/environments/default/global.generated.yaml.gotmpl
View File

@@ -3,5 +3,5 @@
--- ---
global: global:
systemInformation: systemInformation:
releaseVersion: "v1.5.0" releaseVersion: "v1.6.0"
... ...

10
helmfile/environments/default/global.yaml.gotmpl
View File

@@ -1,8 +1,6 @@
{{/* # SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
## The global properties are used to configure multiple charts at once. ## The global properties are used to configure multiple charts at once.
# #
@@ -35,6 +33,8 @@ global:
# Beware: Changing hostnames on an existing deployment will break links the users may already make use of. # Beware: Changing hostnames on an existing deployment will break links the users may already make use of.
# Also some links are used directly in the portal and do not get updated after the initial # Also some links are used directly in the portal and do not get updated after the initial
# deployment. # deployment.
# Attention: When adding hosts here, please make sure to also add them in
# /helmfile/apps/opendesk-services/values-certificates.yaml.gotmpl
# #
hosts: hosts:
adminBot: "adminbot" adminBot: "adminbot"

100
helmfile/environments/default/images.yaml.gotmpl
View File

@@ -44,14 +44,14 @@ images:
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk" # upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk" repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
tag: "24.04.14.3.1@sha256:b7085475740a4e92ad3611d52808b6d822478e52286d18d3272a9b685e049464" tag: "25.04.2.2.1@sha256:03ec7f7740c5030eeb4f642c41fa0b9989d7a0dab81435a86b5c82479d0f78e2"
collaboraController: collaboraController:
# Enterprise Component # Enterprise Component
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Collabora" # providerResponsible: "Collabora"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller" repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
tag: "1.1.1@sha256:8a5b79920fdf7a8eb9c1e781f480d6134a30c75f14fae3f1ecb0b607e016215c" tag: "1.1.3@sha256:552b63fd748ec873bd286c4d9ea0cf675f349f35a9ca2a69d2962336e4bc5f83"
cryptpad: cryptpad:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "XWiki" # providerResponsible: "XWiki"
@@ -240,7 +240,7 @@ images:
# upstreamMirrorStartFrom: ["1", "4", "0"] # upstreamMirrorStartFrom: ["1", "4", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-neoboard-widget" repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-neoboard-widget"
tag: "2.1.0@sha256:3a386d5a7d1b0582372909e8f3714fc82304fbfb0c078807476d867f726d30f5" tag: "2.2.1@sha256:db404ba5b8e76cbd1166529dc2156d84506f1c2d341a1798d25a074e531b9d3d"
matrixNeoChoiceWidget: matrixNeoChoiceWidget:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Nordeck" # providerResponsible: "Nordeck"
@@ -250,7 +250,7 @@ images:
# upstreamMirrorStartFrom: ["1", "4", "0"] # upstreamMirrorStartFrom: ["1", "4", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-poll-widget" repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-poll-widget"
tag: "1.5.1@sha256:00d28898e2b08d00dc7f4ed986d496779b95f0b87347b6059b76d291eb44a7eb" tag: "1.5.2@sha256:8d0cce2b4f71787cab6cd1b6e6ff52205224a5d01ba384b3ebfbf05bc3228930"
matrixNeoDateFixBot: matrixNeoDateFixBot:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Nordeck" # providerResponsible: "Nordeck"
@@ -260,7 +260,7 @@ images:
# upstreamMirrorStartFrom: ["2", "7", "0"] # upstreamMirrorStartFrom: ["2", "7", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-bot" repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-bot"
tag: "2.8.2@sha256:1266f4af93cd82554e037125a7f6d753742bcde3dd90ecbeed8f6f5f64689c96" tag: "2.8.3@sha256:5bc9b8d67b4ecb38b618e84d54e759ba57c0533706300154a60423dfcf86f7e1"
matrixNeoDateFixWidget: matrixNeoDateFixWidget:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Nordeck" # providerResponsible: "Nordeck"
@@ -270,7 +270,7 @@ images:
# upstreamMirrorStartFrom: ["1", "6", "0"] # upstreamMirrorStartFrom: ["1", "6", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-widget" repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-widget"
tag: "1.7.0@sha256:a3547f064dff6b469bb3ed931acd4edba9654699e1af59a9180987bbbfd8104b" tag: "1.7.1@sha256:c03917f78ba197b2f93a59eb3d6596447de1e2bf5836194afa121fae8ea18593"
matrixUserVerificationService: matrixUserVerificationService:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Element" # providerResponsible: "Element"
@@ -296,7 +296,7 @@ images:
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
tag: "1.6.1@sha256:cc97de002f5821e3b3751879514f3f45a3b4ffa851d999187c3cf3dd0dee82e7" tag: "1.7.5@sha256:98375df151d4b9bba81b5a7f3ab80dedd4cbd46dd0440c94b014b656b7115c71"
milter: milter:
# providerCategory: "Community" # providerCategory: "Community"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
@@ -320,7 +320,7 @@ images:
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud" # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
tag: "30.0.10@sha256:a022c6279072eb45d14cab29296860a15ad0d5801f50a56928334eb99bae50d0" tag: "31.0.6@sha256:760d0f1ff724d53faa757987e7068d09df0c603e3ac4fbb8aefe1bf13270c615"
nextcloudExporter: nextcloudExporter:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
@@ -361,6 +361,16 @@ images:
registry: "registry-1.docker.io" registry: "registry-1.docker.io"
repository: "lasuite/impress-y-provider" repository: "lasuite/impress-y-provider"
tag: "v3.2.1@sha256:9dd7068336c02fe71806bc3576e7dc8636d7ccb139667c6303f0753e18d3ab7e" tag: "v3.2.1@sha256:9dd7068336c02fe71806bc3576e7dc8636d7ccb139667c6303f0753e18d3ab7e"
nubusBlocklistCleanup:
# providerCategory: "Supplier"
# providerResponsible: "Univention"
# upstreamRegistry: "https://artifacts.software-univention.de"
# upstreamRepository: "nubus/images/blocklist-cleanup"
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ["0", "34", "2"]
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/blocklist-cleanup"
tag: "0.37.1@sha256:e18a5ca77accb9438c57ec7448f0984e6de11481ca8e0cd3ce557e6492dd8355"
nubusDataLoader: nubusDataLoader:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -370,7 +380,7 @@ images:
# upstreamMirrorStartFrom: ["0", "41", "5"] # upstreamMirrorStartFrom: ["0", "41", "5"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader" repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
tag: "0.90.0@sha256:a776ea84ca5d4f984a1ecf1f97d8c90cd98894c3568401be6858a8e955c7ed92" tag: "0.95.0@sha256:57028c6a76d000a2085f7a429c704ac495be6e4e7ce0a5cc85e3bed25766ce32"
nubusGuardianAuthorizationApi: nubusGuardianAuthorizationApi:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -420,7 +430,7 @@ images:
# upstreamMirrorStartFrom: ["0", "0", "1"] # upstreamMirrorStartFrom: ["0", "0", "1"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak"
tag: "0.0.1@sha256:ce2397ac38920750b81a8a6065f7ed8a551641c6562a551963a2857fe6822beb" tag: "0.2.1@sha256:c338d5bba11185b1cca6d5e5e1b6fe28bedcd8f02af8b4b96e431bde617f5f72"
nubusKeycloakBootstrap: nubusKeycloakBootstrap:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -430,7 +440,7 @@ images:
# upstreamMirrorStartFrom: ["0", "1", "0"] # upstreamMirrorStartFrom: ["0", "1", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
tag: "0.11.0@sha256:55ad741e01dd91bb9b0332fd602a6262d3618abdf97a86c13f1e6148b36bd242" tag: "0.12.2@sha256:b3b058e49f9671e01530fca548a3308738aec3bf7d57c9ced9cde556f1f7545f"
nubusKeycloakExtensionHandler: nubusKeycloakExtensionHandler:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -440,7 +450,7 @@ images:
# upstreamMirrorStartFrom: ["0", "0", "3"] # upstreamMirrorStartFrom: ["0", "0", "3"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
tag: "0.11.0@sha256:aaba6527f37a7302cf54b0a689a1c11cb439bdc471e01d101726a05902714b9c" tag: "0.19.2@sha256:6e4c65b375ad12819240cb8eabd4ef629858ad74179bd639acb713201c528ef4"
nubusKeycloakExtensionProxy: nubusKeycloakExtensionProxy:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -450,7 +460,7 @@ images:
# upstreamMirrorStartFrom: ["0", "0", "3"] # upstreamMirrorStartFrom: ["0", "0", "3"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy" repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
tag: "0.15.3@sha256:087a8f242ac40f01bdc8326b220ec5b0034b64b3a3be6cf3968563c3d48eb056" tag: "0.19.2@sha256:b7c897870a12214064d79d72d52d0030bf2513148078cb922b8782806c2e4773"
nubusLdapNotifier: nubusLdapNotifier:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -460,7 +470,7 @@ images:
# upstreamMirrorStartFrom: ["0", "8", "2"] # upstreamMirrorStartFrom: ["0", "8", "2"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
tag: "0.37.0@sha256:b148e15c268badc45db9a6ce12c97cce332d25b86e86fec47fc417b8fe74d0d2" tag: "0.43.0@sha256:dcd4e7f1008eb4c6c1ae809785bee0da9cba1347af09ddbc147b76c422f4f35c"
nubusLdapServer: nubusLdapServer:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -470,7 +480,7 @@ images:
# upstreamMirrorStartFrom: ["0", "8", "2"] # upstreamMirrorStartFrom: ["0", "8", "2"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
tag: "0.37.0@sha256:caf7de9e121e5500c52dc8338b80057acd3eaa1e3877b526a5ae944bb53fe876" tag: "0.43.0@sha256:67557ec3e3bd7ff4981666dddb5455672ee8767e12e3876ea79447627f9d9742"
nubusLdapServerDhInitContainer: nubusLdapServerDhInitContainer:
# providerCategory: 'Community' # providerCategory: 'Community'
# providerResponsible: 'Univention' # providerResponsible: 'Univention'
@@ -488,7 +498,17 @@ images:
# upstreamMirrorStartFrom: ["0", "29", "1"] # upstreamMirrorStartFrom: ["0", "29", "1"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server-elector"
tag: "0.37.0@sha256:c9580e33ea48ec5d7ab2d4816926ca1b2ef72787f7615f31b124119c376c4324" tag: "0.43.0@sha256:179097cf89774b1ac48c5315ccc06cc8628cc89d085d95f2d89a223d52a75fe2"
nubusLdapUpdateUniventionObjectIdentifier:
# providerCategory: "Supplier"
# providerResponsible: "Univention"
# upstreamRegistry: "https://artifacts.software-univention.de"
# upstreamRepository: "nubus/images/ldap-update-univention-object-identifier"
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ["0", "34", "2"]
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-update-univention-object-identifier"
tag: "0.37.1@sha256:0715b8c98390337f230c04e88ed63142b94faf590bb2cb1dacb41390b2e8edf0"
nubusNats: nubusNats:
# providerCategory: 'Community' # providerCategory: 'Community'
# providerResponsible: 'Univention' # providerResponsible: 'Univention'
@@ -522,7 +542,7 @@ images:
# upstreamMirrorStartFrom: ["0", "9", "4"] # upstreamMirrorStartFrom: ["0", "9", "4"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api" repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
tag: "0.67.0@sha256:da28ce84d97b78027eafbe0bcf8286a333efffdfc52a8abe852caed9d8cde339" tag: "0.70.0@sha256:0120cca997eddcd6b9a5f0b9d6fb39ac2ffb118357380c28ab5352c16130a873"
nubusOpendeskExtension: nubusOpendeskExtension:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
@@ -530,7 +550,7 @@ images:
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
tag: "1.14.4@sha256:cf0e22c1eef138a413a90a60c5405126dc769195dd4dd37229a27afaa82ef3b3" tag: "1.14.9@sha256:a2c7a5e302ed5cc52445fd1b18b277de4a3d45b2a2940f1a3970447dc13eb16c"
nubusOpendeskExtensionA2gMapper: nubusOpendeskExtensionA2gMapper:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
@@ -558,7 +578,7 @@ images:
# upstreamMirrorStartFrom: ["0", "10", "0"] # upstreamMirrorStartFrom: ["0", "10", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension" repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
tag: "0.11.0@sha256:2cb5a9683b6ff81b995a5c71da52c2ff8177b662bb0be8f11e9cd0c6b48d8a11" tag: "0.11.1@sha256:e57df5c02d0480ccf1d299964e3c676d92440d5e959b4f587945f08624da3ae9"
nubusPortalConsumer: nubusPortalConsumer:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -568,7 +588,7 @@ images:
# upstreamMirrorStartFrom: ["0", "27", "0"] # upstreamMirrorStartFrom: ["0", "27", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
tag: "0.67.1@sha256:580adf9079d27f53f6efd0c519252c7855f6907e3badc033b994165856b16126" tag: "0.70.0@sha256:09eed9e5a7066f69b5d6085541ca91538ca9519d765ec7109d6934a6e67ab7cc"
nubusPortalExtension: nubusPortalExtension:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -584,9 +604,11 @@ images:
# providerResponsible: "Univention" # providerResponsible: "Univention"
# upstreamRegistry: "https://artifacts.software-univention.de" # upstreamRegistry: "https://artifacts.software-univention.de"
# upstreamRepository: "nubus/images/portal-frontend" # upstreamRepository: "nubus/images/portal-frontend"
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
# upstreamMirrorStartFrom: ["0", "67", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus-portal-update" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
tag: "1.10.14@sha256:fbdec057958fd7e728431cf96896b8453c2f5b390ce3d2f169a7766f49926b1b" tag: "0.70.0@sha256:9e0826c954e99b36b3c7b9ce6dfa1f567a3432158fb78af13337760197f94997"
nubusPortalServer: nubusPortalServer:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -596,7 +618,7 @@ images:
# upstreamMirrorStartFrom: ["0", "9", "4"] # upstreamMirrorStartFrom: ["0", "9", "4"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server" repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
tag: "0.67.0@sha256:d9418c7a1db7541ced1e3034f45683c190bf63270c6ba8f3d67c1fe0ac2edb1a" tag: "0.70.0@sha256:1331d5b5861574195f6bd0dfc3c8e1d6a2650b518e206a2815b682d43ab75d0b"
nubusProvisioningDispatcher: nubusProvisioningDispatcher:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -606,7 +628,7 @@ images:
# upstreamMirrorStartFrom: ["0", "14", "0"] # upstreamMirrorStartFrom: ["0", "14", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
tag: "0.51.0@sha256:f0cea25f788ff565b883e50c6138874c6f0338e0f91c5f8a32595323059930ef" tag: "0.58.0@sha256:2ac4d4a7362e45f67499537dd74d2fdfb7b54817b7f12eb9e2d88d87cf3a6f7e"
nubusProvisioningEventsAndConsumerApi: nubusProvisioningEventsAndConsumerApi:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -616,7 +638,7 @@ images:
# upstreamMirrorStartFrom: ["0", "14", "0"] # upstreamMirrorStartFrom: ["0", "14", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
tag: "0.51.0@sha256:66fec83fd5033cf32cd759e9c73f7ae659a4ec45a433f13417a12e007b1d4db6" tag: "0.58.0@sha256:083cf58d9522d5058d09a78355a9ca935be2882fc595ad221b1ffd707a7d615d"
nubusProvisioningPrefill: nubusProvisioningPrefill:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -626,7 +648,7 @@ images:
# upstreamMirrorStartFrom: ["0", "14", "0"] # upstreamMirrorStartFrom: ["0", "14", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
tag: "0.51.0@sha256:ff04d8cec6ecc0b33cdea164e1ba1222c90ed9fe8370057a58329b4521e56de1" tag: "0.58.0@sha256:368bc284956b642af02ca7199c6a7d94ae3bbdb3ede09db1c98822a146d9106d"
nubusProvisioningUdmListener: nubusProvisioningUdmListener:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -636,7 +658,7 @@ images:
# upstreamMirrorStartFrom: ["0", "14", "0"] # upstreamMirrorStartFrom: ["0", "14", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
tag: "0.51.0@sha256:5f0bba855945da2fa97d40b0fe51a14e3495b0b6da83562def6a6fcf4c21c059" tag: "0.58.0@sha256:5f924be8fdb29bda5734fd2b6b98f106913757e11530611bf5f6a5f144165be7"
nubusProvisioningUdmTransformer: nubusProvisioningUdmTransformer:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -646,7 +668,7 @@ images:
# upstreamMirrorStartFrom: ["0", "14", "0"] # upstreamMirrorStartFrom: ["0", "14", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer" repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
tag: "0.51.0@sha256:ce9c312699ebe42c2e1df0d6caf150dfda1e4cc3fc1aaebe62c9ea5de8c11780" tag: "0.58.0@sha256:afa6028bbaec6c14e09035b7d18507aad45ff6d6aa852fb664ab485f2622a308"
nubusSelfServiceConsumer: nubusSelfServiceConsumer:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -656,7 +678,7 @@ images:
# upstreamMirrorStartFrom: ["0", "3", "2"] # upstreamMirrorStartFrom: ["0", "3", "2"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation" repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
tag: "0.15.0@sha256:a7c4c097029de8903e3c2eee2082d740b5352dcc7a7a2a3c330bd9ebd7ad5b62" tag: "0.17.0@sha256:00e6124eecc1b763326023ecaf9702053e24b39b20f5efbcd35dfaad642d2cda"
nubusUdmRestApi: nubusUdmRestApi:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -666,7 +688,7 @@ images:
# upstreamMirrorStartFrom: ["0", "9", "3"] # upstreamMirrorStartFrom: ["0", "9", "3"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api" repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
tag: "0.30.0@sha256:9503666bac5f44a1d7cb6f17c6fd11a7d6976bc9059938596b6ac9f7bb581ca5" tag: "0.37.1@sha256:a0508191a52ed9c388e0574cf6a97031fdfffcff95ab8ca3e4231c795d3a68df"
nubusUmcGateway: nubusUmcGateway:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -676,7 +698,7 @@ images:
# upstreamMirrorStartFrom: ["0", "7", "3"] # upstreamMirrorStartFrom: ["0", "7", "3"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway" repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
tag: "0.43.1@sha256:e1f23a199e1e35667e2ba6a45866bcb6d37bc2b13f3b8134e511ae95973c743b" tag: "0.47.1@sha256:71d1fb00a28a7cc83e1a8a675b8e9dc3ff67b1d7f366b2d60f9623fdb5f6e419"
nubusUmcServer: nubusUmcServer:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -686,7 +708,7 @@ images:
# upstreamMirrorStartFrom: ["0", "7", "3"] # upstreamMirrorStartFrom: ["0", "7", "3"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server" repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
tag: "0.43.1@sha256:1aef76db446164c3ffaeaf233e9ef6303ebb1609b47f918ac4ab6714abf95283" tag: "0.47.1@sha256:8f451e7b50c6a32a8d4bad5959a103e34e3ae8d0bef2fe3df2dc8fbe7ae9c1b6"
nubusUmcServerProxy: nubusUmcServerProxy:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -704,7 +726,7 @@ images:
# upstreamMirrorStartFrom: ["0", "9", "4"] # upstreamMirrorStartFrom: ["0", "9", "4"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency" repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
tag: "0.30.0@sha256:fa804c2a10aa42439bf3f388007d7e55c046d6da6dc8a74c27f5a989fd422c8d" tag: "0.34.0@sha256:6ed1ae644160f0e69c00b4ea90efd4ea4aeaadeefb87e77f3454bcafaacd5e01"
opendeskKeycloakBootstrap: opendeskKeycloakBootstrap:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
@@ -730,7 +752,7 @@ images:
# upstreamMirrorStartFrom: ["13", "1", "1"] # upstreamMirrorStartFrom: ["13", "1", "1"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk" repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
tag: "16.0.1@sha256:c5b1172aed7e5e5ae21cca915e3349cc67fdf1366c9ded3c94db1ae5084e3841" tag: "16.1.1@sha256:2fe8a7d1cab42611b01f4ca20ce7179a0637477f2882364b4a1cfdebde9ecd6f"
openprojectBootstrap: openprojectBootstrap:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
@@ -774,7 +796,7 @@ images:
# upstreamMirrorStartFrom: ["8", "20", "51"] # upstreamMirrorStartFrom: ["8", "20", "51"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector" repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
tag: "8.37.69@sha256:dc06c7d9880505ad44ec7892ddf8f379fcd5f106ba1508436501c8f6e94dddb3" tag: "8.38.73@sha256:610d4bab888e5749ff918a782ba1c33ed4aa8da9e13d5be4ad71ca2f698d4044"
openxchangeCoreUI: openxchangeCoreUI:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Open-Xchange" # providerResponsible: "Open-Xchange"
@@ -784,7 +806,7 @@ images:
# upstreamMirrorStartFrom: ["8", "20", "1"] # upstreamMirrorStartFrom: ["8", "20", "1"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui" repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
tag: "8.37.1@sha256:eb30e03a5976d57a62d00a613336631d46bffc84c0d67e422f062635669f6b62" tag: "8.38.1@sha256:77bf250df7ac465006576d5e1e0a8420ce6d0fce622b749c6da318793b88490c"
openxchangeCoreUIMiddleware: openxchangeCoreUIMiddleware:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Open-Xchange" # providerResponsible: "Open-Xchange"
@@ -804,7 +826,7 @@ images:
# upstreamMirrorStartFrom: ["8", "20", "799279"] # upstreamMirrorStartFrom: ["8", "20", "799279"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide" repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
tag: "8.37.1354160@sha256:226b210268cd3c9b13a84a2ca1168e1ab08b62e19bccd3129adad7ffca514655" tag: "8.38.1408226@sha256:1a18c6c7b6a7a0f16376a9c298e65a13a4b482f6df1351582250a88571f1fa73"
openxchangeDocumentConverter: openxchangeDocumentConverter:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Open-Xchange" # providerResponsible: "Open-Xchange"
@@ -814,7 +836,7 @@ images:
# upstreamMirrorStartFrom: ["8", "20", "50"] # upstreamMirrorStartFrom: ["8", "20", "50"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter" repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
tag: "8.37.1818@sha256:d9dc76ac6b24987c1fc0d95ffd81b3d594f7f34aa38a687b98c738bdcd110928" tag: "8.38.1817@sha256:d7537574765e19e7c9e13fe936c1a4c69b39bda216abcd000dad9f93fbb62f7b"
openxchangeGotenberg: openxchangeGotenberg:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Open-Xchange" # providerResponsible: "Open-Xchange"
@@ -844,7 +866,7 @@ images:
# upstreamMirrorStartFrom: ["8", "20", "50"] # upstreamMirrorStartFrom: ["8", "20", "50"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter" repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
tag: "8.37.2089@sha256:8109351da173fa836d5559973103c8890e6a6e2514866675387bbf4d49606917" tag: "8.38.2105@sha256:9c79f29712c5a5479bc1a08e127c65415a50a63954b244c1d34a570f5f3ed1f6"
openxchangeNextcloudIntegrationUI: openxchangeNextcloudIntegrationUI:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Open-Xchange" # providerResponsible: "Open-Xchange"

4
helmfile/environments/default/ingress.yaml.gotmpl
View File

@@ -3,7 +3,7 @@
--- ---
ingress: ingress:
enabled: true enabled: true
ingressClassName: "" ingressClassName: "nginx"
tls: tls:
enabled: true enabled: true
secretName: "opendesk-certificates-tls" secretName: "opendesk-certificates-tls"
@@ -12,6 +12,7 @@ ingress:
collabora: "100M" collabora: "100M"
element: "100M" element: "100M"
nextcloud: "100M" nextcloud: "100M"
nextcloudNotifyPush: "100M"
notes: "100M" notes: "100M"
openproject: "100M" openproject: "100M"
oxAppSuite: "100M" oxAppSuite: "100M"
@@ -20,6 +21,7 @@ ingress:
collabora: 600 collabora: 600
element: 60 element: 60
nextcloud: 600 nextcloud: 600
nextcloudNotifyPush: 600
notes: 60 notes: 60
openproject: 60 openproject: 60
oxAppSuite: 60 oxAppSuite: 60

10
helmfile/environments/default/objectstores.yaml.gotmpl
View File

@@ -55,4 +55,14 @@ objectstores:
username: "openproject_user" username: "openproject_user"
pathStyle: true pathStyle: true
useIamProfile: false useIamProfile: false
openxchange:
bucket: "openxchange"
endpoint: ""
# Size in MB
maxSize: 100000
region: ""
secretKey: ""
storageClass: "STANDARD"
username: "openxchange_user"
useSSL: true
... ...

8
helmfile/environments/default/persistence.yaml.gotmpl
View File

@@ -36,6 +36,14 @@ persistence:
nubusProvisioningNats: nubusProvisioningNats:
size: "1Gi" size: "1Gi"
storageClassName: ~ storageClassName: ~
# This option was introduced with openDesk 1.6. For now we want to use the Helm charts default empty string
# to avoid issues during the upgrade modifying an existing PV, as the migrations in 1.6 required a smooth
# Nubus deployment.
# In a later openDesk release we will advise in the migrations.md to explicitly set this on existing deployments
# to the default storage class.
nubusUdmListener:
size: "1Gi"
#storageClassName: ""
oxConnector: oxConnector:
size: "1Gi" size: "1Gi"
storageClassName: ~ storageClassName: ~

2
helmfile/environments/default/replicas.yaml.gotmpl
View File

@@ -164,6 +164,8 @@ replicas:
# -- scalable: true # -- scalable: true
nextcloud: 1 nextcloud: 1
# -- scalable: true # -- scalable: true
nextcloudNotifyPush: 1
# -- scalable: true
nextcloudExporter: 1 nextcloudExporter: 1
# -- component: openDesk Static Files # -- component: openDesk Static Files

2
helmfile/environments/default/repositories.yaml.gotmpl
View File

@@ -12,7 +12,7 @@ repositories:
# Higher precedence than `global.imageRegistry` # Higher precedence than `global.imageRegistry`
helm: helm:
registryOpencodeDe: "" registryOpencodeDe: ""
registryOpencodeDeEnterprise: "registry.opencode.de" registryOpencodeDeEnterprise: ""
# ClamAV registry settings # ClamAV registry settings
clamav: clamav:
auth: {} auth: {}

7
helmfile/environments/default/resources.yaml.gotmpl
View File

@@ -276,6 +276,13 @@ resources:
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "32Mi" memory: "32Mi"
nextcloudNotifyPush:
limits:
cpu: 99
memory: "1Gi"
requests:
cpu: 0.1
memory: "512Mi"
nginxS3Gateway: nginxS3Gateway:
limits: limits:
cpu: 99 cpu: 99

11
helmfile/environments/default/secrets.yaml.gotmpl
View File

@@ -1,14 +1,12 @@
{{/* # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
secrets: secrets:
cassandra: cassandra:
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }} rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
dovecotDictmapUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_dictmap_user" | sha1sum | quote }}
dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }} dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }}
dovecotDictmapUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_dictmap_user" | sha1sum | quote }}
oxAppSuite: oxAppSuite:
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }} basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
@@ -82,6 +80,7 @@ secrets:
nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }} nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }}
notesUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "notes_user" | sha1sum | quote) }} notesUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "notes_user" | sha1sum | quote) }}
openprojectUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "openproject_user" | sha1sum | quote) }} openprojectUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "openproject_user" | sha1sum | quote) }}
openxchangeUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "openxchange_user" | sha1sum | quote) }}
umsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "ums_user" | sha1sum | quote) }} umsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "ums_user" | sha1sum | quote) }}
keycloak: keycloak:
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "adminPassword" | sha1sum | quote }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "adminPassword" | sha1sum | quote }}

6
helmfile/environments/default/service.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
service: service:
# Only override when needed, the default is set in `.Values.cluster.service.type` defined in `cluster.yaml.gotmpl` # Only override when needed, the default is set in `.Values.cluster.service.type` defined in `cluster.yaml.gotmpl`

6
helmfile/environments/default/smtp.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
smtp: smtp:
host: "" host: ""

14
helmfile/environments/default/theme.yaml.gotmpl
View File

@@ -66,8 +66,14 @@ theme:
faviconIco: {{ readFile "./../../files/theme/notes/favicon.ico" | b64enc | quote }} faviconIco: {{ readFile "./../../files/theme/notes/favicon.ico" | b64enc | quote }}
portal: portal:
faviconIco: {{ readFile "./../../files/theme/portal/favicon.ico" | b64enc | quote }} faviconIco: {{ readFile "./../../files/theme/portal/favicon/favicon.ico" | b64enc | quote }}
waitingSpinnerSvg: {{ readFile "./../../files/theme/portal/waiting-spinner.svg" | b64enc }} faviconSvg: {{ readFile "./../../files/theme/portal/favicon/favicon.svg" | b64enc | quote }}
favicon96Png: {{ readFile "./../../files/theme/portal/favicon/favicon-96x96.png" | b64enc | quote }}
appleTouchIcon: {{ readFile "./../../files/theme/portal/favicon/apple-touch-icon.png" | b64enc | quote }}
webManifestIcon192: {{ readFile "./../../files/theme/portal/favicon/web-app-manifest-192x192.png" | b64enc | quote }}
webManifestIcon512: {{ readFile "./../../files/theme/portal/favicon/web-app-manifest-512x512.png" | b64enc | quote }}
waitingSpinnerSvg: {{ readFile "./../../files/theme/portal/waiting-spinner.svg" | b64enc | quote }}
backgroundSvg: {{ readFile "./../../files/theme/portal/background.svg" | b64enc | quote }} backgroundSvg: {{ readFile "./../../files/theme/portal/background.svg" | b64enc | quote }}
portalTiles: portalTiles:
adminAnnouncement: {{ readFile "./../../files/theme/admin_announcements/favicon.svg" | b64enc | quote }} adminAnnouncement: {{ readFile "./../../files/theme/admin_announcements/favicon.svg" | b64enc | quote }}
@@ -89,6 +95,10 @@ theme:
notes: {{ readFile "./../../files/theme/notes/favicon.svg" | b64enc | quote }} notes: {{ readFile "./../../files/theme/notes/favicon.svg" | b64enc | quote }}
realtimeCollaboration: {{ readFile "./../../files/theme/chat/favicon.svg" | b64enc | quote }} realtimeCollaboration: {{ readFile "./../../files/theme/chat/favicon.svg" | b64enc | quote }}
realtimeVideoconference: {{ readFile "./../../files/theme/videoconference/favicon.svg" | b64enc | quote }} realtimeVideoconference: {{ readFile "./../../files/theme/videoconference/favicon.svg" | b64enc | quote }}
# links
documentation: {{ readFile "./../../files/theme/link_documentation/favicon.svg" | b64enc | quote }}
feedback: {{ readFile "./../../files/theme/link_feedback/favicon.svg" | b64enc | quote }}
support: {{ readFile "./../../files/theme/link_support/favicon.svg" | b64enc | quote }}
# empty.svg # empty.svg
empty: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }} empty: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }}
fileshareActivity: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }} fileshareActivity: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }}

6
helmfile/environments/default/turn.yaml.gotmpl
View File

@@ -1,7 +1,5 @@
{{/* # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0
SPDX-License-Identifier: Apache-2.0
*/}}
--- ---
turn: turn:
transport: "udp" transport: "udp"

1
helmfile/files/theme/link_documentation/favicon.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20" fill="none" class="portal-help__icon"><mask id="mask0_406_2939" maskUnits="userSpaceOnUse" x="0" y="0" width="20" height="20" style="mask-type: alpha;"><rect width="20" height="20" fill="#D9D9D9"></rect></mask><g mask="url(#mask0_406_2939)"><path d="M9.9987 16.666C9.33203 16.1382 8.60981 15.7285 7.83203 15.4368C7.05425 15.1452 6.2487 14.9993 5.41536 14.9993C4.83203 14.9993 4.25911 15.0757 3.69661 15.2285C3.13411 15.3813 2.59592 15.5966 2.08203 15.8743C1.79036 16.0271 1.50911 16.0202 1.23828 15.8535C0.967448 15.6868 0.832031 15.4438 0.832031 15.1243V5.08268C0.832031 4.9299 0.870226 4.78407 0.946615 4.64518C1.023 4.50629 1.13759 4.40213 1.29036 4.33268C1.92925 3.99935 2.59592 3.74935 3.29036 3.58268C3.98481 3.41602 4.69314 3.33268 5.41536 3.33268C6.22092 3.33268 7.00912 3.43685 7.77995 3.64518C8.55078 3.85352 9.29037 4.16602 9.9987 4.58268V14.666C10.707 14.2216 11.4501 13.8882 12.2279 13.666C13.0056 13.4438 13.7904 13.3327 14.582 13.3327C15.082 13.3327 15.5716 13.3743 16.0508 13.4577C16.5299 13.541 17.0126 13.666 17.4987 13.8327V3.83268C17.707 3.90213 17.9119 3.97504 18.1133 4.05143C18.3147 4.12782 18.5126 4.22157 18.707 4.33268C18.8598 4.40213 18.9744 4.50629 19.0508 4.64518C19.1272 4.78407 19.1654 4.9299 19.1654 5.08268V15.1243C19.1654 15.4438 19.0299 15.6868 18.7591 15.8535C18.4883 16.0202 18.207 16.0271 17.9154 15.8743C17.4015 15.5966 16.8633 15.3813 16.3008 15.2285C15.7383 15.0757 15.1654 14.9993 14.582 14.9993C13.7487 14.9993 12.9431 15.1452 12.1654 15.4368C11.3876 15.7285 10.6654 16.1382 9.9987 16.666ZM11.6654 12.4993V4.58268L15.832 0.416016V8.74935L11.6654 12.4993ZM8.33203 13.8535V5.60352C7.8737 5.40907 7.398 5.25977 6.90495 5.1556C6.41189 5.05143 5.91536 4.99935 5.41536 4.99935C4.90148 4.99935 4.40148 5.04796 3.91536 5.14518C3.42925 5.2424 2.95703 5.38824 2.4987 5.58268V13.8535C2.98481 13.673 3.46745 13.541 3.94661 13.4577C4.42578 13.3743 4.91536 13.3327 5.41536 13.3327C5.91536 13.3327 6.40495 13.3743 6.88412 13.4577C7.36328 13.541 7.84592 13.673 8.33203 13.8535Z" fill="white"></path></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.1 KiB

1
helmfile/files/theme/link_feedback/favicon.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="21" height="20" viewBox="0 0 21 20" fill="none" class="portal-help__icon"><mask id="mask0_592_612" maskUnits="userSpaceOnUse" x="0" y="0" width="21" height="20" style="mask-type: alpha;"><rect x="0.644531" width="20" height="20" fill="#D9D9D9"></rect></mask><g mask="url(#mask0_592_612)"><path d="M18.9792 18.3337L15.6458 15.0003H3.97917C3.52083 15.0003 3.12847 14.8371 2.80208 14.5107C2.47569 14.1844 2.3125 13.792 2.3125 13.3337V3.33366C2.3125 2.87533 2.47569 2.48296 2.80208 2.15658C3.12847 1.83019 3.52083 1.66699 3.97917 1.66699H17.3125C17.7708 1.66699 18.1632 1.83019 18.4896 2.15658C18.816 2.48296 18.9792 2.87533 18.9792 3.33366V18.3337ZM3.97917 13.3337H16.3542L17.3125 14.2712V3.33366H3.97917V13.3337Z" fill="white"></path></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 789 B

1
helmfile/files/theme/link_support/favicon.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20" fill="none" class="portal-help__icon"><mask id="mask0_406_2944" maskUnits="userSpaceOnUse" x="0" y="0" width="20" height="20" style="mask-type: alpha;"><rect width="20" height="20" fill="#D9D9D9"></rect></mask><g mask="url(#mask0_406_2944)"><path d="M10 18.3327L9.79167 15.8327H9.58333C7.61111 15.8327 5.9375 15.1452 4.5625 13.7702C3.1875 12.3952 2.5 10.7216 2.5 8.74935C2.5 6.77713 3.1875 5.10352 4.5625 3.72852C5.9375 2.35352 7.61111 1.66602 9.58333 1.66602C10.5694 1.66602 11.4896 1.85004 12.3438 2.2181C13.1979 2.58615 13.9479 3.0931 14.5938 3.73893C15.2396 4.38477 15.7465 5.13477 16.1146 5.98893C16.4826 6.8431 16.6667 7.76324 16.6667 8.74935C16.6667 9.79102 16.4965 10.791 16.1563 11.7493C15.816 12.7077 15.3507 13.5966 14.7604 14.416C14.1701 15.2355 13.4688 15.9785 12.6563 16.6452C11.8438 17.3118 10.9583 17.8743 10 18.3327ZM11.6667 15.291C12.6528 14.4577 13.4549 13.482 14.0729 12.3639C14.691 11.2459 15 10.041 15 8.74935C15 7.23546 14.4757 5.95421 13.4271 4.9056C12.3785 3.85699 11.0972 3.33268 9.58333 3.33268C8.06944 3.33268 6.78819 3.85699 5.73958 4.9056C4.69097 5.95421 4.16667 7.23546 4.16667 8.74935C4.16667 10.2632 4.69097 11.5445 5.73958 12.5931C6.78819 13.6417 8.06944 14.166 9.58333 14.166H11.6667V15.291ZM9.5625 13.3118C9.79861 13.3118 10 13.2285 10.1667 13.0618C10.3333 12.8952 10.4167 12.6938 10.4167 12.4577C10.4167 12.2216 10.3333 12.0202 10.1667 11.8535C10 11.6868 9.79861 11.6035 9.5625 11.6035C9.32639 11.6035 9.125 11.6868 8.95833 11.8535C8.79167 12.0202 8.70833 12.2216 8.70833 12.4577C8.70833 12.6938 8.79167 12.8952 8.95833 13.0618C9.125 13.2285 9.32639 13.3118 9.5625 13.3118ZM8.95833 10.666H10.2083C10.2083 10.2493 10.25 9.95768 10.3333 9.79102C10.4167 9.62435 10.6806 9.31879 11.125 8.87435C11.375 8.62435 11.5833 8.35352 11.75 8.06185C11.9167 7.77018 12 7.45768 12 7.12435C12 6.41602 11.7604 5.88477 11.2813 5.5306C10.8021 5.17643 10.2361 4.99935 9.58333 4.99935C8.97222 4.99935 8.45833 5.16949 8.04167 5.50977C7.625 5.85004 7.33333 6.26324 7.16667 6.74935L8.33333 7.20768C8.40278 6.97157 8.53472 6.73893 8.72917 6.50977C8.92361 6.2806 9.20833 6.16602 9.58333 6.16602C9.95833 6.16602 10.2396 6.27018 10.4271 6.47852C10.6146 6.68685 10.7083 6.91602 10.7083 7.16602C10.7083 7.40213 10.6389 7.61393 10.5 7.80143C10.3611 7.98893 10.1944 8.1799 10 8.37435C9.51389 8.79102 9.21875 9.12088 9.11458 9.36393C9.01042 9.60699 8.95833 10.041 8.95833 10.666Z" fill="white"></path></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.4 KiB

BIN
helmfile/files/theme/portal/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 50 KiB

BIN
helmfile/files/theme/portal/favicon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

Some files were not shown because too many files have changed in this diff Show More