diff --git a/ansible/group_vars/all/config.yml b/ansible/group_vars/all/config.yml index 444aaef82..9fe1260f8 100644 --- a/ansible/group_vars/all/config.yml +++ b/ansible/group_vars/all/config.yml @@ -619,16 +619,6 @@ configuration_all: server: false client: true nuxtclient: false - FEATURE_NEXBOARD_ENABLED: - value: "false" - server: true - client: true - nuxtclient: false - FEATURE_NEXBOARD_COPY_ENABLED: - value: "false" - server: true - client: true - nuxtclient: false FEATURE_SCHOOL_POLICY_ENABLED: value: "false" server: false @@ -660,11 +650,6 @@ configuration_all: server: true client: true nuxtclient: false - ES_API_V7: - value: "true" - server: true - client: false - nuxtclient: false ES_DOMAIN: value: "https://repository.edusharing.dbildungscloud.de" server: true @@ -884,14 +869,6 @@ configuration_all: server: true client: true nuxtclient: false - FEATURE_CTL_TOOLS_TAB_ENABLED: - server: true - client: true - nuxtclient: false - FEATURE_LTI_TOOLS_TAB_ENABLED: - server: true - client: true - nuxtclient: false FEATURE_PROMETHEUS_METRICS_ENABLED: value: "true" server: true @@ -918,11 +895,6 @@ configuration_all: server: false client: true nuxtclient: false - FEATURE_LEGACY_HYDRA_ENABLED: - value: "false" - server: false - client: true - nuxtclient: false FEATURE_ALERTS_ON_HOMEPAGE_ENABLED: value: "true" server: false @@ -1116,14 +1088,6 @@ configuration_all: server: true client: true nuxtclient: false - VIDIS_API_CLIENT_BASE_URL: - server: true - client: false - nuxtclient: false - VIDIS_SYNC_REGION: - server: true - client: false - nuxtclient: false FEATURE_VIDIS_MEDIA_ACTIVATIONS_ENABLED: value: "false" server: true diff --git a/ansible/group_vars/all/instance_config_all.yml b/ansible/group_vars/all/instance_config_all.yml index fb172484d..36e39f061 100644 --- a/ansible/group_vars/all/instance_config_all.yml +++ b/ansible/group_vars/all/instance_config_all.yml @@ -14,24 +14,25 @@ IDENTITY_MANAGEMENT__EXTERNAL_URI: "https://{{ ERWINIDM_PREFIX }}{{ DOMAIN }}" IDENTITY_MANAGEMENT__TENANT: "" IDENTITY_MANAGEMENT__CLIENTID: "" -FEATURE_CTL_TOOLS_ENABLED: "true" -FEATURE_LTI_TOOLS_ENABLED: "false" -FEATURE_LTI_TOOLS_TAB_ENABLED: "false" -FEATURE_CTL_TOOLS_TAB_ENABLED: "true" +# CTL FEATURE_COLUMN_BOARD_EXTERNAL_TOOLS_ENABLED: "true" FEATURE_MEDIA_SHELF_ENABLED: "true" +# Provisioning +FEATURE_SCHULCONNEX_COURSE_SYNC_ENABLED: "false" + # TSP Sync FEATURE_TSP_SYNC_ENABLED: "false" TSP_SYNC_SCHOOL_LIMIT: "10" TSP_SYNC_DATA_LIMIT: "50" -TSP_SYNC_SCHOOL_DAYS_TO_FETCH: "1" -TSP_SYNC_DATA_DAYS_TO_FETCH: "1" +TSP_SYNC_SCHOOL_DAYS_TO_FETCH: "30" +TSP_SYNC_DATA_DAYS_TO_FETCH: "30" TSP_API_CLIENT_BASE_URL: "" TSP_API_CLIENT_TOKEN_LIFETIME_MS: "30000" FEATURE_TSP_MIGRATION_ENABLED: "false" -TSP_SYNC_MIGRATION_LIMIT: "500" +TSP_SYNC_MIGRATION_LIMIT: "50" +# Erwin idm ERWINIDM_PORT: 8089 ERWINIDM_PREFIX: idm. ERWINIDM_SERVICE_MONITOR: true diff --git a/ansible/group_vars/all/with.yml b/ansible/group_vars/all/with.yml index 98dd4b9c5..06ccf14b6 100644 --- a/ansible/group_vars/all/with.yml +++ b/ansible/group_vars/all/with.yml @@ -22,3 +22,5 @@ WITH_COMMON_CARTRIDGE: false WITH_CLAMMIT: false WITH_MEDIA_LICENSES: false WITH_MEDIA_METADATA_SYNC: false +WITH_SCHULCONNEX_PROVISIONING: false +WITH_SHD_CLIENT: false diff --git a/ansible/group_vars/develop/cfg.yml b/ansible/group_vars/develop/cfg.yml index 74fd1cbd4..ae8663bc5 100644 --- a/ansible/group_vars/develop/cfg.yml +++ b/ansible/group_vars/develop/cfg.yml @@ -42,6 +42,7 @@ MOIN_SCHULE_USERS_DELETION_QUEUEING_CRONJOB_SCHEDULE: "{{ 60 | random(seed=NAMES MOIN_SCHULE_USERS_SYNC_CRONJOB_SCHEDULE: "{{ 60 | random(seed=NAMESPACE) }} * * * *" SERVER_FILE_DELETION_CRONJOB_SCHEDULE: "{{ 60 | random(seed=NAMESPACE) }} * * * *" SERVER_DATA_DELETION_TRIGGER_CRONJOB_SCHEDULE: "{{ 60 | random(seed=NAMESPACE) }} * * * *" +SERVER_DATA_DELETION_TRIGGER_FAILED_CRONJOB_SCHEDULE: "{{ 60 | random(seed=NAMESPACE) }} 2 * * *" TLDRAW_FILE_DELETION_CRONJOB_SCHEDULE: "{{ 60 | random(seed=NAMESPACE) }} * * * *" SERVER_LDAP_SYNC_FULL_CRONJOB: "{{ 60 | random(seed=NAMESPACE) }} * * * *" SERVER_TSP_RANDOM: "{{ 20 | random(seed=NAMESPACE) }}" diff --git a/ansible/group_vars/develop/with.yml b/ansible/group_vars/develop/with.yml index 33b0253e1..c133ee74d 100644 --- a/ansible/group_vars/develop/with.yml +++ b/ansible/group_vars/develop/with.yml @@ -4,7 +4,6 @@ WITH_SCHULCLOUD_INIT: true WITH_CALENDAR_INIT: true WITH_ERWINIDM: true WITH_OIDCMOCK: true -WITH_H5P_LIBRARY_MANAGEMENT: true WITH_H5P_EDITOR: true WITH_BOARD_COLLABORATION: true WITH_COMMON_CARTRIDGE: true diff --git a/ansible/group_vars/nbc/instance_cfg.yml b/ansible/group_vars/nbc/instance_cfg.yml index 166d43b1a..d8d3955ad 100644 --- a/ansible/group_vars/nbc/instance_cfg.yml +++ b/ansible/group_vars/nbc/instance_cfg.yml @@ -123,10 +123,6 @@ SCHULCONNEX_CLIENT__TOKEN_ENDPOINT: "https://auth.stage.niedersachsen-login.schu PROVISIONING_SCHULCONNEX_POLICIES_INFO_URL: "https://api-dienste.stage.niedersachsen-login.schule/v1/policies-info" -# VIDIS -VIDIS_API_CLIENT_BASE_URL: "https://service-stage.vidis.schule/o/vidis-rest" -VIDIS_SYNC_REGION: "test-region" - # Ingress group_ingress: api_v1_roster: diff --git a/ansible/group_vars/production/cfg.yml b/ansible/group_vars/production/cfg.yml index bdb5b5847..86e9e48fd 100644 --- a/ansible/group_vars/production/cfg.yml +++ b/ansible/group_vars/production/cfg.yml @@ -1,6 +1,5 @@ FEATURE_S3_BUCKET_CORS: "true" ES_DOMAIN: "https://repository.edusharing.dbildungscloud.de" -ES_API_V7: "true" H5P_FRAME_SRC_URLS: "https://rendering.services.edusharing.dbildungscloud.de/" BETTERMARKS_APPS_URL: "https://apps.bettermarks.com" diff --git a/ansible/group_vars/production/resources.yml b/ansible/group_vars/production/resources.yml index 1e41ec8cc..5d969c9f7 100644 --- a/ansible/group_vars/production/resources.yml +++ b/ansible/group_vars/production/resources.yml @@ -143,3 +143,15 @@ MEDIA_METADATA_SYNC_CPU_LIMITS: "2000m" MEDIA_METADATA_SYNC_CPU_REQUESTS: "100m" MEDIA_METADATA_SYNC_MEMORY_LIMITS: "2Gi" MEDIA_METADATA_SYNC_MEMORY_REQUESTS: "2Gi" +SCHULCONNEX_GROUP_PROVISIONING_CPU_LIMITS: "2000m" +SCHULCONNEX_GROUP_PROVISIONING_CPU_REQUESTS: "100m" +SCHULCONNEX_GROUP_PROVISIONING_MEMORY_LIMITS: "2Gi" +SCHULCONNEX_GROUP_PROVISIONING_MEMORY_REQUESTS: "2Gi" +SCHULCONNEX_GROUP_REMOVAL_CPU_LIMITS: "2000m" +SCHULCONNEX_GROUP_REMOVAL_CPU_REQUESTS: "100m" +SCHULCONNEX_GROUP_REMOVAL_MEMORY_LIMITS: "2Gi" +SCHULCONNEX_GROUP_REMOVAL_MEMORY_REQUESTS: "2Gi" +SCHULCONNEX_LICENSE_PROVISIONING_CPU_LIMITS: "2000m" +SCHULCONNEX_LICENSE_PROVISIONING_CPU_REQUESTS: "100m" +SCHULCONNEX_LICENSE_PROVISIONING_MEMORY_LIMITS: "2Gi" +SCHULCONNEX_LICENSE_PROVISIONING_MEMORY_REQUESTS: "2Gi" diff --git a/ansible/group_vars/reference/resources.yml b/ansible/group_vars/reference/resources.yml index 72a481c05..7785eb3c1 100644 --- a/ansible/group_vars/reference/resources.yml +++ b/ansible/group_vars/reference/resources.yml @@ -143,3 +143,15 @@ MEDIA_METADATA_SYNC_CPU_LIMITS: "2000m" MEDIA_METADATA_SYNC_CPU_REQUESTS: "100m" MEDIA_METADATA_SYNC_MEMORY_LIMITS: "2Gi" MEDIA_METADATA_SYNC_MEMORY_REQUESTS: "2Gi" +SCHULCONNEX_GROUP_PROVISIONING_CPU_LIMITS: "2000m" +SCHULCONNEX_GROUP_PROVISIONING_CPU_REQUESTS: "100m" +SCHULCONNEX_GROUP_PROVISIONING_MEMORY_LIMITS: "2Gi" +SCHULCONNEX_GROUP_PROVISIONING_MEMORY_REQUESTS: "2Gi" +SCHULCONNEX_GROUP_REMOVAL_CPU_LIMITS: "2000m" +SCHULCONNEX_GROUP_REMOVAL_CPU_REQUESTS: "100m" +SCHULCONNEX_GROUP_REMOVAL_MEMORY_LIMITS: "2Gi" +SCHULCONNEX_GROUP_REMOVAL_MEMORY_REQUESTS: "2Gi" +SCHULCONNEX_LICENSE_PROVISIONING_CPU_LIMITS: "2000m" +SCHULCONNEX_LICENSE_PROVISIONING_CPU_REQUESTS: "100m" +SCHULCONNEX_LICENSE_PROVISIONING_MEMORY_LIMITS: "2Gi" +SCHULCONNEX_LICENSE_PROVISIONING_MEMORY_REQUESTS: "2Gi" diff --git a/ansible/host_vars/dev-loadtest-01/version.yml b/ansible/host_vars/dev-loadtest-01/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/dev-loadtest-01/version.yml +++ b/ansible/host_vars/dev-loadtest-01/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/infra.dbildungscloud-01/version.yml b/ansible/host_vars/infra.dbildungscloud-01/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/infra.dbildungscloud-01/version.yml +++ b/ansible/host_vars/infra.dbildungscloud-01/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/nbc_host/cfg.yml b/ansible/host_vars/nbc_host/cfg.yml index 3955e3496..cd9d45c28 100644 --- a/ansible/host_vars/nbc_host/cfg.yml +++ b/ansible/host_vars/nbc_host/cfg.yml @@ -6,3 +6,5 @@ FEATURE_AI_TUTOR_ENABLED: "true" # Migration wizard FEATURE_USER_MIGRATION_SYSTEM_ID: "0000d186816abba584714c93" + +WITH_SCHULCONNEX_PROVISIONING: true diff --git a/ansible/host_vars/prod-brb/version.yml b/ansible/host_vars/prod-brb/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/prod-brb/version.yml +++ b/ansible/host_vars/prod-brb/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/prod-dbc/version.yml b/ansible/host_vars/prod-dbc/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/prod-dbc/version.yml +++ b/ansible/host_vars/prod-dbc/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/prod-nbc/cfg.yml b/ansible/host_vars/prod-nbc/cfg.yml index 1d118b95d..33ef1daac 100644 --- a/ansible/host_vars/prod-nbc/cfg.yml +++ b/ansible/host_vars/prod-nbc/cfg.yml @@ -23,3 +23,5 @@ PROVISIONING_SCHULCONNEX_POLICIES_INFO_URL: "https://api-dienste.moin.schule/v1/ JWT_PUBLIC_KEY: '-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAx3s+uLFUG4TSEvXvPu8Kb9UqX5VKIlBjFggoprxbtDShykL+O+lY\nZNG2XJoZ1OCwsGify617OOr/+3XmPChXbDTiuAZAZv945zhZ6ebtkAkKvAzf1jU+\n0ZoidcrpjebCn5oZyZqLJm1uNRxlFkKKJSactc7DTT99NB/AP7CPBum6k5QG+XcB\nsn9KMzPB4jx2PFoMwDU7vOUbHqPrj+0n3lW8/xMcgwVqoWFE11C8oDSSZNcByATf\n8AfX4lfREmtj0HAD6KSXEiT+OM53KWhq7Sz8icE+eiq8oLka2T6kI7gP1N2+9ycq\nh+CtS30ABvQi1Z6meCOjPk8HOFFa3Vj5o2pnrx6cXng4EQL59Y4NzhOclkxOUrUm\nAzWT51g1EdfjTh4PYNCQNJdbfcHL8/H3y8Khg6YCE/6qU7lFyt2aLOriy0d7fTCP\nCA0eQPE71PtYmncW/vk9SCHfQG3Xri3si3MkRQyshYwKBEBIc0Is5owsByAyqxwU\n0NIv1bo7aSHSTt5Q5WYu9wku7YPRpfYprJs5GjlZUMRD++CHSdQz83pi331EsAyd\nPEccVP7tT3+cHlyF/5+qV5QIZ1da4c+ODydbsyYwpjQh9SReAQtZDkW6l/OcT3cp\n9zXc7mK1dgHMlgkHMR1D8qCCOj0CmFNdjlCQSbV0hXOeowBY8EGPBkkCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n' FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED: "false" FEATURE_VIDIS_MEDIA_ACTIVATIONS_ENABLED: "false" + +WITH_SCHULCONNEX_PROVISIONING: false diff --git a/ansible/host_vars/prod-nbc/pod.yml b/ansible/host_vars/prod-nbc/pod.yml index eef40c41f..3cbbe256f 100644 --- a/ansible/host_vars/prod-nbc/pod.yml +++ b/ansible/host_vars/prod-nbc/pod.yml @@ -28,3 +28,6 @@ TLDRAW_SERVER_REPLICAS: 5 ADMIN_API_SERVER_REPLICAS: 3 BOARD_COLLABORATION_SERVER_REPLICAS: 3 ANTIVIRUS_SCANFILE_MAX_REPLICA_COUNT: 20 +SCHULCONNEX_GROUP_PROVISIONING_REPLICAS: 10 +SCHULCONNEX_GROUP_REMOVAL_REPLICAS: 10 +SCHULCONNEX_LICENSE_PROVISIONING_REPLICAS: 2 diff --git a/ansible/host_vars/prod-nbc/version.yml b/ansible/host_vars/prod-nbc/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/prod-nbc/version.yml +++ b/ansible/host_vars/prod-nbc/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/prod-thr/version.yml b/ansible/host_vars/prod-thr/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/prod-thr/version.yml +++ b/ansible/host_vars/prod-thr/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/ref-audit/version.yml b/ansible/host_vars/ref-audit/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/ref-audit/version.yml +++ b/ansible/host_vars/ref-audit/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/ref-brb/version.yml b/ansible/host_vars/ref-brb/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/ref-brb/version.yml +++ b/ansible/host_vars/ref-brb/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/ref-dbc/version.yml b/ansible/host_vars/ref-dbc/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/ref-dbc/version.yml +++ b/ansible/host_vars/ref-dbc/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/ref-nbc/cfg.yml b/ansible/host_vars/ref-nbc/cfg.yml index 713d89d5b..e109e63fc 100644 --- a/ansible/host_vars/ref-nbc/cfg.yml +++ b/ansible/host_vars/ref-nbc/cfg.yml @@ -16,3 +16,5 @@ FEATURE_USER_MIGRATION_SYSTEM_ID: "62dab6401c473a01956a0d7d" JWT_PUBLIC_KEY: '-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAuOzRE8DED9QaLtlnMUSNsz6ulucjKBpHfyGr8RAfowP9NtEaOVCv\nnWL2guKUY1rbl1mJMa56bJ+ZYvCUgYdLbRERpDK5mZtaEQ5SoNZ2qYWTEB58Dvm7\nR8OQZ2m3Hv6BZuiBSqWexl7Ns869yBAeE3842Frkm7wjnVG5cc7kp4H0oXTgGQ3d\n8lDswj8VL7h1w1NEDxd2+6IHE0MNnrvo3vcyLG5r3PNYLQZIRGlU0d5xNCUx+ewn\nVBlBaOfJ3cTp+Kl5Q7NBqttya0+YdmpZmcwk20GT89UhCt5EC7G1YyOcwtBcRvBx\nu52A5Q2C2dUZdy48M4Brhtbw8WpFuk54YUbdq0LtO6GCg79XkhSaBAYMKPAYiwWT\np53B+cWiCEKPdX5X7UoE2GVA1ycMRxarpUjz386ckvOd+bMSWdf/41EeGBXhlaDQ\ndLfh/NVR2XJw7TVuxwgUP1qXNQHCG+oEM6LifhouVVESjyweL81w/ayBS0aiY85Q\nYnypmAxh44NrPRHRK56dnJjhqvVA9nSKi3r2EloHu61rQ1pFMy5G30w0xIa0I9Hy\n4DEGntdntEKwXZjtURdmfSZJdQh9pV6FO7UHioMTSbU3290/MaHeNm7SnmeSjodT\nVhSE9O8mXgpiofQAfj9ebv9VKLo55mDh+f/wVzSLRgxgsyKHMnKTBGMCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n' FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED: "false" FEATURE_VIDIS_MEDIA_ACTIVATIONS_ENABLED: "false" + +WITH_SCHULCONNEX_PROVISIONING: false diff --git a/ansible/host_vars/ref-nbc/pod.yml b/ansible/host_vars/ref-nbc/pod.yml index 22fc27740..c1e5b0c70 100644 --- a/ansible/host_vars/ref-nbc/pod.yml +++ b/ansible/host_vars/ref-nbc/pod.yml @@ -31,3 +31,6 @@ TLDRAW_CLIENT_REPLICAS: 2 TLDRAW_SERVER_REPLICAS: 2 ADMIN_API_SERVER_REPLICAS: 1 BOARD_COLLABORATION_SERVER_REPLICAS: 3 +SCHULCONNEX_GROUP_PROVISIONING_REPLICAS: 1 +SCHULCONNEX_GROUP_REMOVAL_REPLICAS: 1 +SCHULCONNEX_LICENSE_PROVISIONING_REPLICAS: 1 \ No newline at end of file diff --git a/ansible/host_vars/ref-nbc/version.yml b/ansible/host_vars/ref-nbc/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/ref-nbc/version.yml +++ b/ansible/host_vars/ref-nbc/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/ref-thr/version.yml b/ansible/host_vars/ref-thr/version.yml index 02b5b4e83..b1d24a6c3 100644 --- a/ansible/host_vars/ref-thr/version.yml +++ b/ansible/host_vars/ref-thr/version.yml @@ -1,11 +1,11 @@ -SCHULCLOUD_SERVER_IMAGE_TAG: 33.0.1 -SCHULCLOUD_CLIENT_IMAGE_TAG: 33.0.0 -NUXT_CLIENT_IMAGE_TAG: 33.0.1 -SUPERHERO_DASHBOARD_IMAGE_TAG: 32.51.0 -SHD_CLIENT_IMAGE_TAG: 32.51.0 -SCHULCLOUD_CALENDAR_IMAGE_TAG: 32.50.0 -ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 32.50.0 -VERSION_AGGREGATOR_IMAGE_TAG: 32.50.0 -H5P_STATICFILES_SERVER_IMAGE_TAG: 1.0.11 -TLDRAW_CLIENT_IMAGE_TAG: 32.51.0 -TLDRAW_SERVER_IMAGE_TAG: 33.0.0 +SCHULCLOUD_SERVER_IMAGE_TAG: 33.1.1 +SCHULCLOUD_CLIENT_IMAGE_TAG: 33.1.0 +NUXT_CLIENT_IMAGE_TAG: 33.1.1 +SUPERHERO_DASHBOARD_IMAGE_TAG: 33.1.0 +SHD_CLIENT_IMAGE_TAG: 33.1.0 +SCHULCLOUD_CALENDAR_IMAGE_TAG: 33.1.0 +ANTIVIRUS_CHECK_SERVICE_IMAGE_TAG: 33.1.0 +VERSION_AGGREGATOR_IMAGE_TAG: 33.1.0 +H5P_STATICFILES_SERVER_IMAGE_TAG: 33.1.0 +TLDRAW_CLIENT_IMAGE_TAG: 33.1.0 +TLDRAW_SERVER_IMAGE_TAG: 33.1.0 diff --git a/ansible/host_vars/ref-thr/with.yml b/ansible/host_vars/ref-thr/with.yml index cdf504de7..4008202aa 100644 --- a/ansible/host_vars/ref-thr/with.yml +++ b/ansible/host_vars/ref-thr/with.yml @@ -1,5 +1,4 @@ WITH_STORAGE: true -WITH_H5P_LIBRARY_MANAGEMENT: true WITH_H5P_EDITOR: true WITH_TSP_SYNC: true WITH_TSP: false \ No newline at end of file diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 0f7ad4794..7425d7c1d 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -30,6 +30,7 @@ - schulcloud-server-tspsync - schulcloud-server-h5p - schulcloud-server-migration-system + - schulcloud-server-provisioning - schulcloud-client-core - nuxt-client-core - superhero-dashboard diff --git a/ansible/playbook_rollout.yml b/ansible/playbook_rollout.yml index e55b13233..12b1eaa11 100644 --- a/ansible/playbook_rollout.yml +++ b/ansible/playbook_rollout.yml @@ -31,11 +31,11 @@ - role: schulcloud-server-tspsync - role: schulcloud-server-h5p - role: schulcloud-server-migration-system + - role: schulcloud-server-provisioning - role: schulcloud-server-init - role: schulcloud-client-core - role: nuxt-client-core - role: h5p-library-management - when: WITH_H5P_LIBRARY_MANAGEMENT is defined and WITH_H5P_LIBRARY_MANAGEMENT|bool - role: h5p-proxy - role: clammit - role: h5p-staticfiles-server-core diff --git a/ansible/roles/clamav/defaults/main.yml b/ansible/roles/clamav/defaults/main.yml index 37ab4ced3..00a8e2f01 100644 --- a/ansible/roles/clamav/defaults/main.yml +++ b/ansible/roles/clamav/defaults/main.yml @@ -1,2 +1,2 @@ CLAMAV_IMAGE_NAME: docker.io/clamav/clamav -CLAMAV_IMAGE_TAG: 1.4.1 +CLAMAV_IMAGE_TAG: 1.4.2 diff --git a/ansible/roles/clamav/templates/deployment.yml.j2 b/ansible/roles/clamav/templates/deployment.yml.j2 index 2b38b4d6d..3e9722e0f 100644 --- a/ansible/roles/clamav/templates/deployment.yml.j2 +++ b/ansible/roles/clamav/templates/deployment.yml.j2 @@ -36,6 +36,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: clamav image: {{ CLAMAV_IMAGE_NAME }}:{{ CLAMAV_IMAGE_TAG }} diff --git a/ansible/roles/clammit/templates/deployment.yml.j2 b/ansible/roles/clammit/templates/deployment.yml.j2 index 84f4b7988..d4a37baf1 100644 --- a/ansible/roles/clammit/templates/deployment.yml.j2 +++ b/ansible/roles/clammit/templates/deployment.yml.j2 @@ -34,6 +34,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: clammit image: {{ CLAMMIT_IMAGE_NAME }}:{{ CLAMMIT_IMAGE_TAG }} diff --git a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 index c1f535c63..5fdd96656 100644 --- a/ansible/roles/dof_etherpad/templates/deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/deployment.yml.j2 @@ -49,6 +49,8 @@ spec: runAsGroup: 5001 fsGroup: 5001 runAsNonRoot: true + os: + name: linux containers: - name: etherpad image: {{ ETHERPAD_IMAGE_NAME }}:{{ ETHERPAD_IMAGE_TAG }} diff --git a/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 b/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 index d23c2d24a..7075947c4 100644 --- a/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 +++ b/ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2 @@ -46,6 +46,8 @@ spec: #runAsGroup: 1000 #fsGroup: 1000 #runAsNonRoot: true + os: + name: linux containers: - name: etherpad-nginx image: {{ ETHERPAD_NGINX_IMAGE_NAME }}:{{ ETHERPAD_NGINX_IMAGE_TAG }} diff --git a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 index 57a2763a9..6066c01e5 100644 --- a/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mailcatcher/templates/deployment.yml.j2 @@ -40,6 +40,8 @@ spec: securityContext: #readOnlyRootFilesystem: true #runAsNonRoot: true + os: + name: linux containers: - name: mailcatcher image: {{ MAILCATCHER_IMAGE_NAME }}:{{ MAILCATCHER_IMAGE_TAG }} diff --git a/ansible/roles/dof_mongo/templates/deployment.yml.j2 b/ansible/roles/dof_mongo/templates/deployment.yml.j2 index 0170f9894..8977e72e0 100644 --- a/ansible/roles/dof_mongo/templates/deployment.yml.j2 +++ b/ansible/roles/dof_mongo/templates/deployment.yml.j2 @@ -46,6 +46,8 @@ spec: runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true + os: + name: linux containers: - name: mongo image: {{ MONGO_IMAGE_NAME }}:{{ MONGO_IMAGE_TAG }} diff --git a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 index 8b44c1a17..cab855fba 100644 --- a/ansible/roles/dof_postgresql/templates/deployment.yml.j2 +++ b/ansible/roles/dof_postgresql/templates/deployment.yml.j2 @@ -36,6 +36,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: postgres image: {{ POSTGRES_IMAGE_NAME }}:{{ POSTGRES_IMAGE_TAG }} diff --git a/ansible/roles/dof_postgresql_management/tasks/main.yml b/ansible/roles/dof_postgresql_management/tasks/main.yml index eeccc39ff..9158bfac1 100644 --- a/ansible/roles/dof_postgresql_management/tasks/main.yml +++ b/ansible/roles/dof_postgresql_management/tasks/main.yml @@ -17,12 +17,25 @@ tags: - configmap +- name: Test if Job for database deletion exit + kubernetes.core.k8s_info: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + api_version: batch/v1 + kind: Job + name: pg-deletion-job + register: pg_deletion_job_present + tags: + - job + - name: Create suspended Job for database deletion kubernetes.core.k8s: kubeconfig: ~/.kube/config namespace: "{{ NAMESPACE }}" template: job-database-deletion.yml.j2 apply: yes - when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT + when: + - WITH_BRANCH_POSTGRES_DB_MANAGEMENT + - pg_deletion_job_present.resources|length == 0 tags: - - job \ No newline at end of file + - job diff --git a/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 b/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 index f2f2de5a6..1fa8aa1fc 100644 --- a/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 +++ b/ansible/roles/dof_postgresql_management/templates/job-database-deletion.yml.j2 @@ -23,6 +23,8 @@ spec: name: pg-configmap-deletion # 711 in decimal is 457 defaultMode: 457 + os: + name: linux containers: - name: psql-config image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} diff --git a/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 b/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 index 79b27fde4..772d686a2 100644 --- a/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 +++ b/ansible/roles/dof_rabbitmq/templates/rabbitmq.yaml.j2 @@ -22,6 +22,8 @@ spec: spec: template: spec: + os: + name: linux containers: - name: rabbitmq volumeMounts: diff --git a/ansible/roles/dof_redis/templates/deployment.yml.j2 b/ansible/roles/dof_redis/templates/deployment.yml.j2 index c2242dbbf..5bc04c12d 100644 --- a/ansible/roles/dof_redis/templates/deployment.yml.j2 +++ b/ansible/roles/dof_redis/templates/deployment.yml.j2 @@ -40,6 +40,8 @@ spec: securityContext: #readOnlyRootFilesystem: true #runAsNonRoot: true + os: + name: linux containers: - name: redis image: {{ REDIS_IMAGE_NAME }}:{{ REDIS_IMAGE_TAG }} diff --git a/ansible/roles/erwin-idm/templates/deployment.yml.j2 b/ansible/roles/erwin-idm/templates/deployment.yml.j2 index ea841322b..276d49a63 100644 --- a/ansible/roles/erwin-idm/templates/deployment.yml.j2 +++ b/ansible/roles/erwin-idm/templates/deployment.yml.j2 @@ -49,6 +49,8 @@ spec: runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true + os: + name: linux containers: - name: erwinidm image: {{ ERWINIDM_IMAGE_NAME }}:{{ ERWINIDM_IMAGE_TAG }} diff --git a/ansible/roles/erwin-idm/templates/init_job.yml.j2 b/ansible/roles/erwin-idm/templates/init_job.yml.j2 index e34c9b81a..434a0f89e 100644 --- a/ansible/roles/erwin-idm/templates/init_job.yml.j2 +++ b/ansible/roles/erwin-idm/templates/init_job.yml.j2 @@ -10,6 +10,8 @@ spec: labels: app: erwinidm-init spec: + os: + name: linux containers: - name: erwinidm-init image: quay.io/schulcloudverbund/infra-tools:latest diff --git a/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 b/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 index 0b2c7cd3c..61a0ba0d4 100644 --- a/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 +++ b/ansible/roles/erwin-idm/templates/job-database-init.yml.j2 @@ -29,6 +29,8 @@ spec: name: pg-erwinidm-configmap-init # 711 in decimal is 457 defaultMode: 457 + os: + name: linux containers: - name: psql-erwinidm-config image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} diff --git a/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 b/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 index 3438ee6ad..b48c93a06 100644 --- a/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 +++ b/ansible/roles/h5p-proxy/templates/api-h5p-proxy-deployment.yml.j2 @@ -40,6 +40,8 @@ spec: git.branch: {{ DOF_APP_DEPLOY_BRANCH_NAME }} git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: h5p-proxy-nginx image: {{ H5P_PROXY_IMAGE_NAME }}:{{ H5P_PROXY_IMAGE_TAG }} diff --git a/ansible/roles/hydra/defaults/main.yaml b/ansible/roles/hydra/defaults/main.yaml index 51b3a6aaf..c05417e58 100644 --- a/ansible/roles/hydra/defaults/main.yaml +++ b/ansible/roles/hydra/defaults/main.yaml @@ -1,4 +1,4 @@ HYDRA_DNS_PREFIX: oauth. HYDRA_IMAGE_NAME: docker.io/oryd/hydra -HYDRA_IMAGE_TAG: v2.2.0-amd64 -HYDRA_ISSUER_URL_SUFFIX: \ No newline at end of file +HYDRA_IMAGE_TAG: v2.3.0-amd64 +HYDRA_ISSUER_URL_SUFFIX: diff --git a/ansible/roles/hydra/templates/deployment.yml.j2 b/ansible/roles/hydra/templates/deployment.yml.j2 index ad6323b9e..d8e6784c4 100644 --- a/ansible/roles/hydra/templates/deployment.yml.j2 +++ b/ansible/roles/hydra/templates/deployment.yml.j2 @@ -39,6 +39,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: hydra image: {{ HYDRA_IMAGE_NAME }}:{{ HYDRA_IMAGE_TAG }} diff --git a/ansible/roles/hydra/templates/job-database-init.yml.j2 b/ansible/roles/hydra/templates/job-database-init.yml.j2 index 5406cd9b4..d36a45633 100644 --- a/ansible/roles/hydra/templates/job-database-init.yml.j2 +++ b/ansible/roles/hydra/templates/job-database-init.yml.j2 @@ -29,6 +29,8 @@ spec: name: pg-hydra-configmap-init # 711 in decimal is 457 defaultMode: 457 + os: + name: linux containers: - name: psql-hydra-config image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }} diff --git a/ansible/roles/hydra/templates/job.yml.j2 b/ansible/roles/hydra/templates/job.yml.j2 index b3f35e51e..a3697e662 100644 --- a/ansible/roles/hydra/templates/job.yml.j2 +++ b/ansible/roles/hydra/templates/job.yml.j2 @@ -11,6 +11,8 @@ spec: labels: app: hydra-migrate-db-job spec: + os: + name: linux containers: - name: hydra-migrate image: {{ HYDRA_IMAGE_NAME }}:{{ HYDRA_IMAGE_TAG }} diff --git a/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 b/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 index 625bb340b..07269b4d8 100644 --- a/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 +++ b/ansible/roles/ingress/templates/default-backend-404-deployment.yml.j2 @@ -34,6 +34,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: default-backend-404 image: nginx:1.27-alpine diff --git a/ansible/roles/libreoffice/templates/deployment.yml.j2 b/ansible/roles/libreoffice/templates/deployment.yml.j2 index 7cd8c96dd..9fbc7884f 100644 --- a/ansible/roles/libreoffice/templates/deployment.yml.j2 +++ b/ansible/roles/libreoffice/templates/deployment.yml.j2 @@ -41,6 +41,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: libreoffice image: {{ LIBREOFFICE_IMAGE_NAME }}:{{ LIBREOFFICE_IMAGE_TAG }} @@ -64,7 +66,7 @@ spec: requests: cpu: "{{ LIBREOFFICE_CPU_MIN|default("100m", true) }}" memory: "{{ LIBREOFFICE_MEM_MIN|default("128Mi", true) }}" - securityPolicy: + securityContext: capabilities: add: - MKNOD diff --git a/ansible/roles/maildrop/templates/deployment.yml.j2 b/ansible/roles/maildrop/templates/deployment.yml.j2 index 86ff0101a..ce01b9c67 100644 --- a/ansible/roles/maildrop/templates/deployment.yml.j2 +++ b/ansible/roles/maildrop/templates/deployment.yml.j2 @@ -37,6 +37,8 @@ spec: app.kubernetes.io/managed-by: ansible git.repo: {{ DOF_APP_DEPLOY_REPO_NAME }} spec: + os: + name: linux containers: - name: maildrop image: {{ MAILDROP_IMAGE_NAME }}:{{ MAILDROP_IMAGE_TAG }} diff --git a/ansible/roles/namespace-activator-scaled-objects/defaults/main.yml b/ansible/roles/namespace-activator-scaled-objects/defaults/main.yml index ccbd8a55c..5d41bf1e1 100644 --- a/ansible/roles/namespace-activator-scaled-objects/defaults/main.yml +++ b/ansible/roles/namespace-activator-scaled-objects/defaults/main.yml @@ -32,6 +32,9 @@ deployments_for_scaled_objects: - name: board-collaboration-deployment - name: common-cartridge-deployment - name: clammit-deployment + - name: schulconnex-group-provisioning-deployment + - name: schulconnex-group-removal-deployment + - name: schulconnex-license-provisioning-deployment - name: tldraw-server-deployment - name: tldraw-worker-deployment - name: tldraw-client-deployment diff --git a/ansible/roles/oidcmock/templates/deployment.yml.j2 b/ansible/roles/oidcmock/templates/deployment.yml.j2 index 6ea02d4e7..14422b075 100644 --- a/ansible/roles/oidcmock/templates/deployment.yml.j2 +++ b/ansible/roles/oidcmock/templates/deployment.yml.j2 @@ -39,6 +39,8 @@ spec: annotations: configmapHash: "" spec: + os: + name: linux initContainers: - name: oidcmock-initcontainers image: quay.io/schulcloudverbund/infra-tools:latest @@ -51,9 +53,9 @@ spec: mountPath: /tmp - name: config-directory mountPath: /cfg - securityContext: - runAsNonRoot: false - readOnlyRootFilesystem: false + securityContext: + runAsNonRoot: false + readOnlyRootFilesystem: false containers: - name: oidcmock image: {{ OIDCMOCK_IMAGE_NAME }}:{{ OIDCMOCK_IMAGE_TAG }} diff --git a/ansible/roles/pre_deployment/templates/job.yml.j2 b/ansible/roles/pre_deployment/templates/job.yml.j2 index be96b441f..fa5b22fae 100644 --- a/ansible/roles/pre_deployment/templates/job.yml.j2 +++ b/ansible/roles/pre_deployment/templates/job.yml.j2 @@ -5,6 +5,8 @@ metadata: spec: template: spec: + os: + name: linux containers: - name: deployment-metrics-marker image: quay.io/schulcloudverbund/infra-tools:latest diff --git a/ansible/roles/rocketchat/templates/deployment.yml.j2 b/ansible/roles/rocketchat/templates/deployment.yml.j2 index dcdc83f3e..68a09f89f 100644 --- a/ansible/roles/rocketchat/templates/deployment.yml.j2 +++ b/ansible/roles/rocketchat/templates/deployment.yml.j2 @@ -39,6 +39,8 @@ spec: runAsGroup: 99999 fsGroup: 99999 runAsNonRoot: true + os: + name: linux containers: - name: rocketchat image: {{ ROCKETCHAT_IMAGE_NAME }}:{{ ROCKETCHAT_IMAGE_TAG }} diff --git a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 index ac12684fe..34ec8e29f 100644 --- a/ansible/roles/rocketchat/templates/fixup-job.yml.j2 +++ b/ansible/roles/rocketchat/templates/fixup-job.yml.j2 @@ -19,6 +19,8 @@ spec: activeDeadlineSeconds: 300 template: spec: + os: + name: linux containers: - name: fixup-rocketchat-job image: quay.io/schulcloudverbund/infra-tools:latest diff --git a/ansible/roles/storage/templates/deployment.yml.j2 b/ansible/roles/storage/templates/deployment.yml.j2 index 69b4788db..8c6d91e01 100644 --- a/ansible/roles/storage/templates/deployment.yml.j2 +++ b/ansible/roles/storage/templates/deployment.yml.j2 @@ -44,6 +44,8 @@ spec: runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true + os: + name: linux containers: - name: storage image: {{ STORAGE_IMAGE_NAME }}