diff --git a/Makefile b/Makefile index 5c9538f32..430f372a0 100644 --- a/Makefile +++ b/Makefile @@ -94,4 +94,26 @@ clean: ## Clean the project .PHONY: pre-commit-hook pre-commit-hook: ## Install pre-commit hook in .git/hooks - /usr/bin/cp -fa .githooks/pre-commit .git/hooks/pre-commit \ No newline at end of file + /usr/bin/cp -fa .githooks/pre-commit .git/hooks/pre-commit + +.PHONY: local-appcat-development +local-appcat-development : instance=vshn +local-appcat-development: local-sed-substitution gen-golden kindev-install ## Run local development for appcat + +local-sed-substitution: + sed -i 's/grpcEndpoint.*/grpcEndpoint: $(LINUX_IP_ADDRESS):9443/g' tests/vshn.yml + sed -i 's/proxyFunction.*/proxyFunction: true/g' tests/vshn.yml + +kindev-install: + kubectl apply -f https://raw.githubusercontent.com/vshn/appcat/refs/heads/master/hack/functionproxy/function.yaml + kubectl apply -f https://raw.githubusercontent.com/vshn/appcat/refs/heads/master/hack/functionproxy/proxyconfig.yaml + +.PHONY: local-appcat-development-revert +local-appcat-development-revert : instance=vshn +local-appcat-development-revert: revert-sed-substitution gen-golden ## Revert local development for appcat + kubectl delete -f https://raw.githubusercontent.com/vshn/appcat/refs/heads/master/hack/functionproxy/function.yaml + kubectl delete -f https://raw.githubusercontent.com/vshn/appcat/refs/heads/master/hack/functionproxy/proxyconfig.yaml + + +revert-sed-substitution: + git checkout master tests/vshn.yml \ No newline at end of file diff --git a/Makefile.vars.mk b/Makefile.vars.mk index 011aa6d29..aea42acca 100644 --- a/Makefile.vars.mk +++ b/Makefile.vars.mk @@ -52,3 +52,6 @@ YAMLLINT_ARGS ?= --no-warnings YAMLLINT_CONFIG ?= .yamllint.yml YAMLLINT_IMAGE ?= docker.io/cytopia/yamllint:latest YAMLLINT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) $(YAMLLINT_IMAGE) + + +LINUX_IP_ADDRESS := $(shell ip -4 addr show dev docker0 | grep inet | awk -F' ' '{print $$2}' | awk -F'/' '{print $$1}') diff --git a/class/defaults.yml b/class/defaults.yml index 4c0c2d7e7..a1c32aa64 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -55,7 +55,7 @@ parameters: appcat: registry: ghcr.io repository: vshn/appcat - tag: v4.98.0 + tag: nextcloud_collabora functionAppcat: registry: ${appcat:images:appcat:registry} repository: ${appcat:images:appcat:repository} @@ -861,6 +861,8 @@ parameters: cert-manager.io/cluster-issuer: letsencrypt-production haproxy.router.openshift.io/timeout: 120s haproxy.router.openshift.io/hsts_header: max-age=31536000;preload + collabora_ingress_annotations: | + cert-manager.io/cluster-issuer: letsencrypt-production openshiftTemplate: serviceName: nextcloudbyvshn description: "Nextcloud is an open source suite of client-server software for creating and using file hosting services." diff --git a/component/provider.jsonnet b/component/provider.jsonnet index 03e6f54b9..5adc211c0 100644 --- a/component/provider.jsonnet +++ b/component/provider.jsonnet @@ -54,8 +54,8 @@ local providerRBAC = { }, { apiGroups: [ '' ], - resources: [ 'namespaces', 'serviceaccounts', 'secrets', 'pods', 'pods/log', 'pods/portforward', 'pods/status', 'services' ], - verbs: [ 'get', 'list', 'watch', 'create', 'watch', 'patch', 'update', 'delete' ], + resources: [ 'namespaces', 'serviceaccounts', 'secrets', 'pods', 'pods/log', 'pods/portforward', 'pods/status', 'pods/attach', 'pods/exec', 'services' ], + verbs: [ '*' ], }, { apiGroups: [ 'apps' ], @@ -65,7 +65,7 @@ local providerRBAC = { { apiGroups: [ 'apps' ], resources: [ 'statefulsets', 'deployments' ], - verbs: [ 'get', 'delete', 'watch', 'list', 'patch' ], + verbs: [ 'get', 'delete', 'watch', 'list', 'patch', 'update', 'create' ], }, { apiGroups: [ 'rbac.authorization.k8s.io' ], @@ -163,6 +163,22 @@ local providerRBAC = { resources: [ 'poddisruptionbudgets' ], verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ], }, + { + apiGroups: [ 'networking.k8s.io' ], + resources: [ 'ingresses' ], + verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ], + }, + { + apiGroups: [ '' ], + resources: [ 'persistentvolumeclaims' ], + verbs: [ 'get', 'list', 'watch', 'create', 'watch', 'patch', 'update', 'delete' ], + }, + { + // This is needed for the privileged SCC - Nextcloud -> Collabora + apiGroups: [ 'security.openshift.io' ], + resources: [ 'securitycontextconstraints' ], + verbs: [ '*' ], + }, ], }, helm: { diff --git a/component/vshn_appcat_services.jsonnet b/component/vshn_appcat_services.jsonnet index d561a485b..5dfb75847 100644 --- a/component/vshn_appcat_services.jsonnet +++ b/component/vshn_appcat_services.jsonnet @@ -177,7 +177,45 @@ local vshn_appcat_service(name, serviceParams) = }, }; + + local scc = + { + allowHostDirVolumePlugin: true, + allowHostIPC: true, + allowHostNetwork: true, + allowHostPID: true, + allowHostPorts: true, + allowPrivilegeEscalation: false, + allowPrivilegedContainer: true, + allowedCapabilities: [ + 'MKNOD', + 'CHOWN', + 'SYS_CHROOT', + 'FOWNER', + ], + apiVersion: 'security.openshift.io/v1', + defaultAddCapabilities: [ + 'MKNOD', + 'CHOWN', + 'SYS_CHROOT', + 'FOWNER', + ], + kind: 'SecurityContextConstraints', + metadata: { + annotations: {}, + name: 'appcat-collabora', + }, + readOnlyRootFilesystem: false, + runAsUser: { + type: 'MustRunAsNonRoot', + }, + seLinuxContext: { + type: 'MustRunAs', + }, + }; + if params.services.vshn.enabled && serviceParams.enabled then { + '20_scc_appcat': scc, ['20_xrd_vshn_%s' % name]: xrd, ['20_rbac_vshn_%s' % name]: xrds.CompositeClusterRoles(xrd), ['21_composition_vshn_%s' % name]: composition, diff --git a/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml b/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml index 01a6874d1..655eec2fa 100644 --- a/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/billing/appcat/appcat/10_function_appcat.yaml b/tests/golden/billing/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/billing/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/billing/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 37774a6b4..9fd070778 100644 --- a/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 37774a6b4..9fd070778 100644 --- a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 37774a6b4..9fd070778 100644 --- a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml b/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml index cd953304a..5c74b10a5 100644 --- a/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml @@ -102,16 +102,11 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete + - '*' - apiGroups: - apps resources: @@ -130,6 +125,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -351,6 +348,37 @@ rules: - patch - create - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml b/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml index e63e38116..e888ee02f 100644 --- a/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml b/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 37774a6b4..9fd070778 100644 --- a/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 37774a6b4..9fd070778 100644 --- a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 37774a6b4..9fd070778 100644 --- a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml b/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml index cd953304a..5c74b10a5 100644 --- a/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml @@ -102,16 +102,11 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete + - '*' - apiGroups: - apps resources: @@ -130,6 +125,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -351,6 +348,37 @@ rules: - patch - create - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/minio/appcat/appcat/10_function_appcat.yaml b/tests/golden/minio/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/minio/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/minio/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml index cd953304a..5c74b10a5 100644 --- a/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml @@ -102,16 +102,11 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete + - '*' - apiGroups: - apps resources: @@ -130,6 +125,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -351,6 +348,37 @@ rules: - patch - create - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/minio/appcat/appcat/20_scc_appcat.yaml b/tests/golden/minio/appcat/appcat/20_scc_appcat.yaml new file mode 100644 index 000000000..731489f6d --- /dev/null +++ b/tests/golden/minio/appcat/appcat/20_scc_appcat.yaml @@ -0,0 +1,27 @@ +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegeEscalation: false +allowPrivilegedContainer: true +allowedCapabilities: + - MKNOD + - CHOWN + - SYS_CHROOT + - FOWNER +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: + - MKNOD + - CHOWN + - SYS_CHROOT + - FOWNER +kind: SecurityContextConstraints +metadata: + annotations: {} + name: appcat-collabora +readOnlyRootFilesystem: false +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: MustRunAs diff --git a/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml b/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml index 520db3495..22cf586e4 100644 --- a/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml +++ b/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml @@ -38,7 +38,7 @@ spec: emailAlertingSmtpFromAddress: myuser@example.com emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com - imageTag: v4.98.0 + imageTag: nextcloud_collabora isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance minioChartRepository: https://charts.min.io diff --git a/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml index 01a6874d1..655eec2fa 100644 --- a/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml index e63e38116..e888ee02f 100644 --- a/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml index 7b8fd949f..c12b5b3d6 100644 --- a/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora name: sla-reporter resources: limits: diff --git a/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 204684762..4b0664346 100644 --- a/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml b/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml index cd953304a..5c74b10a5 100644 --- a/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml @@ -102,16 +102,11 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete + - '*' - apiGroups: - apps resources: @@ -130,6 +125,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -351,6 +348,37 @@ rules: - patch - create - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml index a0a3f965c..5b11094b6 100644 --- a/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml @@ -40,7 +40,7 @@ spec: emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com externalDatabaseConnectionsEnabled: 'false' - imageTag: v4.98.0 + imageTag: nextcloud_collabora initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", diff --git a/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml index 47c8eec29..a83b8bcba 100644 --- a/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml @@ -569,7 +569,7 @@ spec: emailAlertingSmtpFromAddress: myuser@example.com emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com - imageTag: v4.98.0 + imageTag: nextcloud_collabora isOpenshift: 'true' maintenanceSA: helm-based-service-maintenance ownerGroup: vshn.appcat.vshn.io diff --git a/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 51b256af8..c64f782ec 100644 --- a/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml b/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml index 0d9adab51..0bb3623f1 100644 --- a/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.98.0-func + package: ghcr.io/vshn/appcat:nextcloud_collabora-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml index cd953304a..5c74b10a5 100644 --- a/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml @@ -102,16 +102,11 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - - get - - list - - watch - - create - - watch - - patch - - update - - delete + - '*' - apiGroups: - apps resources: @@ -130,6 +125,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -351,6 +348,37 @@ rules: - patch - create - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - watch + - patch + - update + - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/vshn/appcat/appcat/20_scc_appcat.yaml b/tests/golden/vshn/appcat/appcat/20_scc_appcat.yaml new file mode 100644 index 000000000..731489f6d --- /dev/null +++ b/tests/golden/vshn/appcat/appcat/20_scc_appcat.yaml @@ -0,0 +1,27 @@ +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegeEscalation: false +allowPrivilegedContainer: true +allowedCapabilities: + - MKNOD + - CHOWN + - SYS_CHROOT + - FOWNER +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: + - MKNOD + - CHOWN + - SYS_CHROOT + - FOWNER +kind: SecurityContextConstraints +metadata: + annotations: {} + name: appcat-collabora +readOnlyRootFilesystem: false +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: MustRunAs diff --git a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml index b17192448..dad0313af 100644 --- a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml +++ b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml @@ -5610,8 +5610,20 @@ spec: type: boolean type: object service: + collabora: + default: {} description: Service contains nextcloud DBaaS specific properties properties: + collabora: + properties: + enabled: + default: false + type: boolean + fqdn: + type: string + required: + - enabled + type: object fqdn: description: |- FQDN contains the FQDN which will be used for the ingress. diff --git a/tests/golden/vshn/appcat/appcat/21_composition_objectstorage_minio.yaml b/tests/golden/vshn/appcat/appcat/21_composition_objectstorage_minio.yaml index b28d38999..b5fe9ddcf 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_objectstorage_minio.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_objectstorage_minio.yaml @@ -26,6 +26,7 @@ spec: apiVersion: v1 data: providerConfig: minio + proxyEndpoint: 172.17.0.1:9443 serviceName: miniobucket kind: ConfigMap metadata: diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml index ff9b60cbf..4b2bc4823 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml @@ -38,7 +38,7 @@ spec: emailAlertingSmtpFromAddress: myuser@example.com emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com - imageTag: v4.98.0 + imageTag: nextcloud_collabora ingress_annotations: | nginx.ingress.kubernetes.io/backend-protocol: HTTPS cert-manager.io/cluster-issuer: letsencrypt-staging @@ -52,6 +52,7 @@ spec: true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi", "enabled": true, "memory": "4Gi"}}, "standard-8": {"size": {"cpu": "2", "disk": "16Gi", "enabled": true, "memory": "8Gi"}}}' + proxyEndpoint: 172.17.0.1:9443 quotasEnabled: 'false' registry_password: '' registry_username: '' diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml index 705e725b5..1a40bec3f 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml @@ -38,7 +38,7 @@ spec: emailAlertingSmtpFromAddress: myuser@example.com emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com - imageTag: v4.98.0 + imageTag: nextcloud_collabora isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance mode: standalone @@ -52,6 +52,7 @@ spec: {"size": {"cpu": "125m", "disk": "16Gi", "enabled": true, "memory": "512Mi"}}, "standard-8": {"size": {"cpu": "2", "disk": "16Gi", "enabled": true, "memory": "8Gi"}}}' + proxyEndpoint: 172.17.0.1:9443 quotasEnabled: 'false' restoreSA: mariadbrestoreserviceaccount serviceName: mariadb diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml index ecf65c217..a1b92d8be 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml @@ -38,7 +38,7 @@ spec: emailAlertingSmtpFromAddress: myuser@example.com emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com - imageTag: v4.98.0 + imageTag: nextcloud_collabora ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/enable-cors: "true" @@ -53,6 +53,7 @@ spec: true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi", "enabled": true, "memory": "4Gi"}}, "standard-8": {"size": {"cpu": "2", "disk": "16Gi", "enabled": true, "memory": "8Gi"}}}' + proxyEndpoint: 172.17.0.1:9443 quotasEnabled: 'false' restoreSA: nextcloudserviceaccount serviceName: nextcloud diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml index b0652fa8b..d15c5d55b 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml @@ -40,7 +40,7 @@ spec: emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com externalDatabaseConnectionsEnabled: 'true' - imageTag: v4.98.0 + imageTag: nextcloud_collabora initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", @@ -77,6 +77,7 @@ spec: {"cpu": "400m", "disk": "20Gi", "enabled": true, "memory": "1936Mi"}}, "standard-4": {"size": {"cpu": "900m", "disk": "40Gi", "enabled": true, "memory": "3984Mi"}}}' + proxyEndpoint: 172.17.0.1:9443 quotasEnabled: 'false' serviceName: postgresql sgNamespace: stackgres diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml index 68b362a9d..46e02b8e2 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml @@ -595,12 +595,13 @@ spec: emailAlertingSmtpFromAddress: myuser@example.com emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com - imageTag: v4.98.0 + imageTag: nextcloud_collabora isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance ownerGroup: vshn.appcat.vshn.io ownerKind: XVSHNRedis ownerVersion: v1 + proxyEndpoint: 172.17.0.1:9443 quotasEnabled: 'false' restoreSA: redisrestoreserviceaccount serviceName: redis diff --git a/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml index a00a9c44c..b88bbc526 100644 --- a/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml index e63e38116..e888ee02f 100644 --- a/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml index 0b1b0742a..8904451b8 100644 --- a/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora name: sla-reporter resources: limits: diff --git a/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 7f3d68c8d..e8a8224ff 100644 --- a/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "true" - name: APPCAT_SLI_VSHNMARIADB value: "true" - image: ghcr.io/vshn/appcat:v4.98.0 + image: ghcr.io/vshn/appcat:nextcloud_collabora livenessProbe: httpGet: path: /healthz diff --git a/tests/vshn.yml b/tests/vshn.yml index b39e4ae92..22761a170 100644 --- a/tests/vshn.yml +++ b/tests/vshn.yml @@ -21,8 +21,8 @@ parameters: appcat: - grpcEndpoint: host.docker.internal:9443 - proxyFunction: false + grpcEndpoint: 172.17.0.1:9443 + proxyFunction: true quotasEnabled: false appuioManaged: false