D4800.1774826510.diff
No OneTemporary
Actions

Authored By

Unknown

Size

47 KB

Referenced Files

None

Subscribers

None

D4800.1774826510.diff
View Options

	diff --git a/ci/env b/ci/env
	--- a/ci/env
	+++ b/ci/env
	@@ -1,6 +1,6 @@
	APP_NAME=Kolab
	APP_ENV=local
	-APP_KEY=
	+APP_KEY=base64:EFXja/fHF01EMKiXW200b5zWOynbPzAHfUM78bOp+28=
	APP_DEBUG=true
	APP_URL=https://kolab.local
	APP_PUBLIC_URL=https://kolab.local
	@@ -152,7 +152,6 @@
	APP_PASSPHRASE=simple123
	MEET_WEBHOOK_TOKEN=simple123
	MEET_SERVER_TOKEN=simple123
	-APP_KEY=base64:EFXja/fHF01EMKiXW200b5zWOynbPzAHfUM78bOp+28=
	PASSPORT_PROXY_OAUTH_CLIENT_ID=5909ca4f-df7e-45fe-b355-e7c195aef117
	PASSPORT_PROXY_OAUTH_CLIENT_SECRET=3URb+3JGJM9wPuDnlUSTPOw2mqmHsoOV8NXanx9xwQM=
	DES_KEY=kBxUM/53N9p9abusAoT0ZEAxwI2pxFz/
	diff --git a/ci/kustomize/base/configmaps.yml b/ci/kustomize/base/configmaps.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/configmaps.yml
	@@ -0,0 +1,149 @@
	+apiVersion: v1
	+kind: ConfigMap
	+metadata:
	+ name: kolab-test-env
	+data:
	+ APP_DEBUG: "true"
	+ APP_DOMAIN: kolab.local
	+ APP_ENV: local
	+ APP_HEADER_CSP: '"connect-src ''self''; child-src ''self''; font-src ''self''; form-action
	+ ''self'' data:; frame-ancestors ''self''; img-src blob: data: ''self'' *; media-src
	+ ''self''; object-src ''self''; script-src ''self'' ''unsafe-inline'' ''unsafe-eval'';
	+ style-src ''self'' ''unsafe-eval'' ''unsafe-inline''; default-src ''self'';"'
	+ APP_HEADER_XFO: sameorigin
	+ APP_IMAP: "1"
	+ APP_KEY: base64:EFXja/fHF01EMKiXW200b5zWOynbPzAHfUM78bOp+28=
	+ APP_LDAP: "0"
	+ APP_LOCALE: en
	+ APP_LOCALES: ""
	+ APP_NAME: Kolab
	+ APP_PASSPHRASE: simple123
	+ APP_PUBLIC_URL: https://kolab.local
	+ APP_TENANT_ID: "5"
	+ APP_THEME: default
	+ APP_URL: https://kolab.local
	+ APP_WEBSITE_DOMAIN: kolab.local
	+ APP_WITH_ADMIN: "1"
	+ APP_WITH_FILES: "1"
	+ APP_WITH_RESELLER: "1"
	+ APP_WITH_SERVICES: "1"
	+ APP_WITH_SIGNUP: "1"
	+ APP_WITH_WALLET: "1"
	+ ASSET_URL: https://kolab.local
	+ BROADCAST_DRIVER: redis
	+ CACHE_DRIVER: redis
	+ COMPANY_ADDRESS: ""
	+ COMPANY_DETAILS: ""
	+ COMPANY_EMAIL: ""
	+ COMPANY_FOOTER: ""
	+ COMPANY_LOGO: ""
	+ COMPANY_NAME: kolab.org
	+ DB_CONNECTION: mysql
	+ DB_DATABASE: kolabdev
	+ DB_HOST: mariadb
	+ DB_PASSWORD: simple123
	+ DB_PORT: "3306"
	+ DB_ROOT_PASSWORD: simple123
	+ DB_USERNAME: kolabdev
	+ DES_KEY: kBxUM/53N9p9abusAoT0ZEAxwI2pxFz/
	+ DNS_COPY_FROM: "null"
	+ DNS_SPF: '"v=spf1 mx -all"'
	+ DNS_STATIC: '"%s. MX 10 ext-mx01.mykolab.com."'
	+ DNS_TTL: "3600"
	+ FILESYSTEM_DISK: minio
	+ FIREBASE_API_KEY: ""
	+ GIT_REF_AUTOCONF: master
	+ GIT_REF_CHWALA: dev/mollekopf
	+ GIT_REF_FREEBUSY: master
	+ GIT_REF_IRONY: master
	+ GIT_REF_ROUNDCUBEMAIL: dev/kolab-1.5
	+ GIT_REF_ROUNDCUBEMAIL_PLUGINS: master
	+ GIT_REF_SYNCROTON: master
	+ GIT_REMOTE_AUTOCONF: https://git.kolab.org/diffusion/AC/autoconf.git
	+ GIT_REMOTE_CHWALA: https://git.kolab.org/diffusion/C/chwala.git
	+ GIT_REMOTE_FREEBUSY: https://git.kolab.org/diffusion/F/freebusy.git
	+ GIT_REMOTE_IRONY: https://git.kolab.org/source/iRony.git
	+ GIT_REMOTE_ROUNDCUBEMAIL: https://git.kolab.org/source/roundcubemail.git
	+ GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS: https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git
	+ GIT_REMOTE_SYNCROTON: https://git.kolab.org/diffusion/S/syncroton.git
	+ IMAP_ADMIN_LOGIN: cyrus-admin
	+ IMAP_ADMIN_PASSWORD: simple123
	+ IMAP_GIT_REF: dev/mollekopf
	+ IMAP_GIT_REMOTE: https://git.kolab.org/source/cyrus-imapd
	+ IMAP_GUAM_PORT: "11143"
	+ IMAP_HOST: imap
	+ IMAP_PORT: "11143"
	+ IMAP_URI: imap:11143
	+ IMAP_VERIFY_HOST: "false"
	+ IMAP_VERIFY_PEER: "false"
	+ IMAP_WITH_GROUPWARE_DEFAULT_FOLDERS: "false"
	+ KB_ACCOUNT_DELETE: ""
	+ KB_ACCOUNT_SUSPENDED: ""
	+ KB_PAYMENT_SYSTEM: ""
	+ KOLAB_GIT_REF: dev/mollekopf
	+ KOLAB_GIT_REMOTE: https://git.kolab.org/source/kolab
	+ KOLAB_SSL_CERTIFICATE: /etc/certs/kolab.hosted.com.cert
	+ KOLAB_SSL_CERTIFICATE_FULLCHAIN: /etc/certs/kolab.hosted.com.chain.pem
	+ KOLAB_SSL_CERTIFICATE_KEY: /etc/certs/kolab.hosted.com.key
	+ LOG_CHANNEL: stdout
	+ LOG_DEPRECATIONS_CHANNEL: "null"
	+ LOG_LEVEL: debug
	+ LOG_SLOW_REQUESTS: "5"
	+ MAIL_ENCRYPTION: starttls
	+ MAIL_FROM_ADDRESS: '"noreply@kolab.local"'
	+ MAIL_FROM_NAME: '"kolab.local"'
	+ MAIL_HOST: localhost
	+ MAIL_MAILER: smtp
	+ MAIL_PASSWORD: '"simple123"'
	+ MAIL_PORT: "587"
	+ MAIL_REPLYTO_ADDRESS: '"noreply@kolab.local"'
	+ MAIL_REPLYTO_NAME: "null"
	+ MAIL_USERNAME: '"noreply@kolab.local"'
	+ MAIL_VERIFY_PEER: '''false'''
	+ MEET_LISTENING_HOST: meet
	+ MEET_PUBLIC_DOMAIN: kolab.local
	+ MEET_SERVER_TOKEN: simple123
	+ MEET_SERVER_URLS: https://127.0.0.1:6443/meetmedia/api/
	+ MEET_SERVER_VERIFY_TLS: "false"
	+ MEET_WEBHOOK_TOKEN: simple123
	+ MEET_WEBRTC_LISTEN_IP: '''127.0.0.1'''
	+ MFA_DSN: mysql://roundcube:simple123@mariadb/roundcube
	+ MFA_TOTP_DIGEST: sha1
	+ MFA_TOTP_DIGITS: "6"
	+ MFA_TOTP_INTERVAL: "30"
	+ MINIO_BUCKET: kolab
	+ MINIO_ENDPOINT: http://minio:9000
	+ MINIO_PASSWORD: simple123
	+ MINIO_USER: minio
	+ MIX_ASSET_PATH: '''/'''
	+ MOLLIE_KEY: ""
	+ OCTANE_HTTP_HOST: kolab.local
	+ OPENEXCHANGERATES_API_KEY: ""
	+ PASSPORT_PROXY_OAUTH_CLIENT_ID: 5909ca4f-df7e-45fe-b355-e7c195aef117
	+ PASSPORT_PROXY_OAUTH_CLIENT_SECRET: 3URb+3JGJM9wPuDnlUSTPOw2mqmHsoOV8NXanx9xwQM=
	+ PASSWORD_POLICY: ""
	+ PGP_AGENT: /usr/bin/gpg-agent
	+ PGP_BINARY: /usr/bin/gpg
	+ PGP_ENABLE: "true"
	+ PGP_GPGCONF: /usr/bin/gpgconf
	+ PGP_LENGTH: ""
	+ PROXY_SSL_CERTIFICATE: /etc/certs/imap.hosted.com.cert
	+ PROXY_SSL_CERTIFICATE_KEY: /etc/certs/imap.hosted.com.key
	+ QUEUE_CONNECTION: redis
	+ RATELIMIT_WHITELIST: '"noreply@kolab.local"'
	+ REDIS_HOST: redis
	+ REDIS_PASSWORD: "null"
	+ REDIS_PORT: "6379"
	+ SESSION_DRIVER: file
	+ SESSION_LIFETIME: "120"
	+ SMTP_HOST: imap
	+ SMTP_PORT: "10587"
	+ STRIPE_KEY: ""
	+ STRIPE_PUBLIC_KEY: ""
	+ STRIPE_WEBHOOK_SECRET: ""
	+ SUPPORT_URL: /support
	+ SWOOLE_PACKAGE_MAX_LENGTH: "10485760"
	+ TRUSTED_PROXIES: '"172.18.0.7/8,127.0.0.1/8"'
	+ VAT_COUNTRIES: CH,LI
	+ VAT_RATE: "7.7"
	+ WEBMAIL_URL: /roundcubemail/
	diff --git a/ci/kustomize/base/imap_pod.yml b/ci/kustomize/base/imap_pod.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/imap_pod.yml
	@@ -0,0 +1,88 @@
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: imap
	+ labels:
	+ component: imap
	+spec:
	+ initContainers:
	+ - name: wait-for-webapp
	+ image: "curlimages/curl:latest"
	+ command: ["/bin/sh","-c"]
	+ args: ["while [ $(curl -sw '%{http_code}' http://webapp:8000 -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for the webserver...'; done"]
	+ containers:
	+ - name: imap
	+ env:
	+ - name: APP_SERVICES_DOMAIN
	+ value: webapp
	+ - name: SERVICES_PORT
	+ value: "8000"
	+ - name: IMAP_ADMIN_LOGIN
	+ value: cyrus-admin
	+ - name: IMAP_ADMIN_PASSWORD
	+ value: simple123
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/imap"
	+ imagePullPolicy: Always
	+ livenessProbe:
	+ initialDelaySeconds: 10
	+ tcpSocket:
	+ port: 11143
	+ readinessProbe:
	+ exec:
	+ command: ['test', '-e', '/run/saslauthd/mux']
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - name: var-lib-imap
	+ mountPath: /var/lib/imap
	+ - name: var-spool-imap
	+ mountPath: /var/spool/imap
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: true
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: var-lib-imap
	+ emptyDir: {}
	+ - name: var-spool-imap
	+ emptyDir: {}
	diff --git a/ci/kustomize/base/kustomization.yml b/ci/kustomize/base/kustomization.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/kustomization.yml
	@@ -0,0 +1,11 @@
	+resources:
	+ - pods.yml
	+ - imap_pod.yml
	+ - mariadb_pod.yml
	+ - proxy_pod.yml
	+ - secrets.yml
	+ - services.yml
	+ - configmaps.yml
	+
	+commonLabels:
	+ app: kolab4-test
	diff --git a/ci/kustomize/base/mariadb_pod.yml b/ci/kustomize/base/mariadb_pod.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/mariadb_pod.yml
	@@ -0,0 +1,96 @@
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: mariadb
	+ labels:
	+ component: mariadb
	+spec:
	+ containers:
	+ - name: mariadb
	+ env:
	+ - name: MYSQL_ROOT_PASSWORD
	+ value: simple123
	+ - name: TZ
	+ value: "+02:00"
	+ - name: DB_HKCCP_DATABASE
	+ value: kolabdev
	+ - name: DB_HKCCP_USERNAME
	+ value: kolabdev
	+ - name: DB_HKCCP_PASSWORD
	+ value: simple123
	+ - name: DB_KOLAB_DATABASE
	+ value: kolabdev
	+ - name: DB_KOLAB_USERNAME
	+ value: kolabdev
	+ - name: DB_KOLAB_PASSWORD
	+ value: simple123
	+ - name: DB_RC_DATABASE
	+ value: roundcube
	+ - name: DB_RC_USERNAME
	+ value: roundcube
	+ - name: DB_RC_PASSWORD
	+ value: simple123
	+ livenessProbe:
	+ tcpSocket:
	+ port: 3306
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/mariadb"
	+ imagePullPolicy: Always
	+ ports:
	+ - containerPort: 3306
	+ readinessProbe:
	+ exec:
	+ command: ['mysqladmin', '-u', 'root', 'ping']
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - name: var-lib-mysql
	+ mountPath: /var/lib/mysql
	+ readOnly: False
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: true
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: var-lib-mysql
	+ emptyDir: {}
	+
	diff --git a/ci/kustomize/base/pods.yml b/ci/kustomize/base/pods.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/pods.yml
	@@ -0,0 +1,355 @@
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: redis
	+ labels:
	+ component: redis
	+spec:
	+ containers:
	+ - name: redis
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/redis"
	+ imagePullPolicy: Always
	+ livenessProbe:
	+ tcpSocket:
	+ port: 6379
	+ resources: {}
	+ readinessProbe:
	+ exec:
	+ command: ['redis-cli', 'ping']
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - name: var-lib-redis-data
	+ mountPath: /var/lib/redis/data
	+ readOnly: False
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: true
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: var-lib-redis-data
	+ emptyDir: {}
	+
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: roundcube
	+ labels:
	+ component: roundcube
	+spec:
	+ containers:
	+ - name: roundcube
	+ env:
	+ - name: APP_DOMAIN
	+ value: "kolab.test"
	+ - name: DES_KEY
	+ value: "kBxUM/53N9p9abusAoT0ZEAxwI2pxFz/"
	+ - name: DB_HOST
	+ value: "mariadb"
	+ - name: DB_RC_DATABASE
	+ value: "roundcube"
	+ - name: DB_RC_USERNAME
	+ value: "roundcube"
	+ - name: DB_RC_PASSWORD
	+ value: "simple123"
	+ - name: DB_ROOT_PASSWORD
	+ value: "simple123"
	+ - name: IMAP_HOST
	+ value: "imap"
	+ - name: IMAP_PORT
	+ value: "11143"
	+ # - name: IMAP_ADMIN_LOGIN
	+ # value: cyrus-admin
	+ # - name: IMAP_ADMIN_PASSWORD
	+ # value: simple123
	+ # - name: MAIL_HOST
	+ # value: localhost
	+ # - name: MAIL_PORT
	+ # value: 10587
	+ # - name: IMAP_DEBUG
	+ # value: true
	+ # - name: FILEAPI_WOPI_OFFICE
	+ # value: "https://kolab.local"
	+ # - name: CALENDAR_CALDAV_SERVER
	+ # value: "http://imap:11080/dav"
	+ # - name: KOLAB_ADDRESSBOOK_CARDDAV_SERVER
	+ # value: "http://imap:11080/dav"
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/roundcube"
	+ imagePullPolicy: Always
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: true
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ tolerations:
	+ - effect: NoExecute
	+ key: node.kubernetes.io/not-ready
	+ operator: Exists
	+ tolerationSeconds: 300
	+ - effect: NoExecute
	+ key: node.kubernetes.io/unreachable
	+ operator: Exists
	+ tolerationSeconds: 300
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: minio
	+ labels:
	+ component: minio
	+spec:
	+ containers:
	+ - name: minio
	+ env:
	+ - name: MINIO_ROOT_USER
	+ value: "minio"
	+ - name: MINIO_ROOT_PASSWORD
	+ value: "simple123"
	+ command: ['sh', '-c', 'mkdir -p /data/kolab && minio server /data --console-address ":9001"']
	+ image: "quay.io/minio/minio:latest"
	+ imagePullPolicy: Always
	+ readinessProbe:
	+ exec:
	+ command: ['bash', '-c', 'mc ready local \|\| exit 1']
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: true
	+ - name: minio-data
	+ mountPath: /data
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: minio-data
	+ emptyDir: {}
	+
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: meet
	+ labels:
	+ component: meet
	+spec:
	+ initContainers:
	+ - name: kolab4-git-source
	+ image: alpine/git
	+ command: ['git', 'clone', 'https://git.kolab.org/source/kolab.git', '/kolab']
	+ volumeMounts:
	+ - name: kolab4-git-source-config
	+ mountPath: /kolab
	+ readOnly: False
	+ containers:
	+ - name: meet
	+ env:
	+ - name: WEBRTC_LISTEN_IP
	+ value: "127.0.0.1"
	+ - name: WEBRTC_ANNOUNCED_ADDRESS
	+ value: "127.0.0.1"
	+ - name: PUBLIC_DOMAIN
	+ value: "kolab.local"
	+ - name: LISTENING_HOST
	+ value: "127.0.0.1"
	+ - name: LISTENING_PORT
	+ value: "12443"
	+ - name: DEBUG
	+ value: "*"
	+ - name: TURN_SERVER
	+ value: "none"
	+ - name: AUTH_TOKEN
	+ value: "simple123"
	+ - name: WEBHOOK_TOKEN
	+ value: "simple123"
	+ - name: WEBHOOK_URL
	+ value: "kolab.local/api/webhooks/meet"
	+ - name: SSL_CERT
	+ value: "/etc/pki/tls/certs/meet.kolab.local.cert"
	+ - name: SSL_KEY
	+ value: "/etc/pki/tls/private/meet.kolab.local.key"
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/meet"
	+ imagePullPolicy: Always
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: True
	+ - name: kolab4-git-source-config
	+ subPath: meet/server
	+ mountPath: /src/meet
	+ readOnly: True
	+ - name: kolab4-git-source-config
	+ subPath: docker/certs/meet.kolab.local.cert
	+ mountPath: /etc/pki/tls/certs/meet.kolab.local.cert
	+ readOnly: True
	+ - name: kolab4-git-source-config
	+ subPath: docker/certs/meet.kolab.local.key
	+ mountPath: /etc/pki/tls/certs/meet.kolab.local.key
	+ readOnly: True
	+
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: kolab4-git-source-config
	+ emptyDir: {}
	diff --git a/ci/kustomize/base/proxy_pod.yml b/ci/kustomize/base/proxy_pod.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/proxy_pod.yml
	@@ -0,0 +1,84 @@
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: proxy
	+ labels:
	+ component: proxy
	+spec:
	+ containers:
	+ - name: proxy
	+ env:
	+ - name: APP_DOMAIN
	+ value: "kolab.local"
	+ - name: APP_WEBSITE_DOMAIN
	+ value: "kolab.local"
	+ - name: SSL_CERTIFICATE
	+ value: "/etc/certs/imap.hosted.com.cert"
	+ - name: SSL_CERTIFICATE_KEY
	+ value: "/etc/certs/imap.hosted.com.key"
	+ - name: WEBAPP_BACKEND
	+ value: "http://webapp:8000"
	+ - name: MEET_BACKEND
	+ value: "https://meet:12443"
	+ - name: ROUNDCUBE_BACKEND
	+ value: "http://roundcube:8080"
	+ - name: DAV_BACKEND
	+ value: "http://dav:11080/dav"
	+ - name: COLLABORA_BACKEND
	+ value: "http://collabora:9980"
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/proxy"
	+ imagePullPolicy: Always
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - name: docker-certs
	+ mountPath: /etc/certs
	+ readOnly: True
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: docker-certs
	+ configMap:
	+ name: docker-certs
	+
	+
	+
	diff --git a/ci/kustomize/base/secrets.yml b/ci/kustomize/base/secrets.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/secrets.yml
	@@ -0,0 +1,10 @@
	+apiVersion: v1
	+kind: Secret
	+metadata:
	+ name: passport-keys
	+ namespace: kolab4-ci
	+type: Opaque
	+data:
	+ PASSPORT_PRIVATE_KEY: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQ21ZZVJwN1hYblBlOHcKWDBpT0pScGVza2ZVdU9KL0dxejVkc01JV0ZCNmZQYUk1Lzl0a01FeXArdkNFRjdlRlhMQnJYZVFpNkYvVk5tVgp3bitkR0VRaGtodURvRVhyOFo0YzMzM3dMSDhpT0VGNFdRYnQvV0YzRVJkam1KdDN2S3J5OEIvT0xObW1jSzdqCjRzejgyOGg2TDJaVDZHUGNiR3NOdWt4Qk1jSU1PcGZsbzBTTEh5NFZUaGRvNmIxUTRuRDJLL1BYMXlweWZGYW8KbmozT2ZIQmRTVkxtVGdkN0J2Qi9hellGWVdIUDRJTlk4Y3lsWldJdERYdXFQbEJHU1UyZmYyeFRLWS9XUmNvLwpkanZyTzliTTFXZUkrOFczNkVlTEhFUnJ1MVFScE4yMlRnV0NRMmRiTFJzVnJzTWc4THk2U01lOGNlRFhRdDVDCkxLQU4yNGpGdDFVbkJncitxSzFUcnhrQnR1NStWMldQWVdoVXZCTEkvMnFuRlFoMUdpV01LaW5XUU83ckZDSUMKclJVY1FCVXUyQXlsbUcwUC9vUGpQcmpoQW54cTNIZ3VPbjhjUzFPZUJwT0g3Kzh0ejBDZUVkeVZmVDhtYVZzLwpWV1JaYkViMFVqRkxSTlUraVZFR3p6M2p5UXVLaE9KLzJXdVcwbUp6RjNwUFE2NERsK2ZMeVhxRjFLWE5vUGVtCmV2bW1SakNaV2ZrV0FFQVdkMyt5UmZvT3hHejU1dmFVMXFHUzgxbG5YblAxUjVUWkdYb24yNEhIUzl1UndIdDYKSklJK0ZFd2dxcjhLMlRJU0RQeHg3aVFiWHg4a2NNVU1CSkc4YU5vRzczV1ZYbUhzMHVhRVVzWE15OXZ0ZWdldQovL0lQcE5VVGxianNuOE90K3Q2OG1UTkxVWlg3NHdJREFRQUJBb0lDQUU1ZlpUOEtWbFBmSmlpa2NXSlhrdFRSCmFLbUlqMVFzNWhhNlBRTlV5ay93UmhiV0pVamdlMGpYdFdOYjM3di80V2JleGFmR1JnUGJIWVVBTWFsM2tUdzQKL1JIaThKekQydVVoMTBwSFEzbUVnejVqdlRKa2ZNRWZ3V011TXVsVGF6ajFLQjR2blRSYjl0MnNheitlYlpBMApmS0NBb20xbGVvWGtYK0FEeHJLSTlSejc2NkVXeGxmTnlaUW5LZ0NNTVlhYnpJZzZ0NmxtN1ZFTy9QRWpSN0NCCmhmV3JBcllPWGtHKzZCcmZ0TG05T1ZHdjBHU0dYWmo0Tld6TFhuZkZOcld2U1lEZzNucWh0RE54aDZiMk1HZWIKREdLSHFpcEhWVS92T0VHQTQ0aE9Id3V0TThZWTV2b1pSSjFSaldPYVVtUHpQWGFFTTlOaUVaeWROYVZoYUVwcQptN2pOcHU3UzV4YTJFb2R0Mml6MnVRaG5ESHJZbkdWQ0g1cHNhbDZUWkFvOUFQV3d3Qk9zRlErblh3anhUZUw5CiszSkw2K2pyUDBlcXpOVmhsOGMwY0hKbkJEcFNWTkc3MzRSc0s4WE94bUp5cTNYdDhSb2kzVWQ3Z2p5L0ZHcHYKWGd6RHBrRnZkNXVFVG4xVkl1QWZpcm03TUQ4UmJUSVpBV0NncUNyRTdOdVhPY25CR0h1Qzk1NUtGOE9BeDhucAo4eUN0bG1CU1hLaWZvSWVleXUzMkw4czNnN21kK3hSdWFVOHlSdHVDbFRMS0crNm9SWlljYUZOY1ZLS1p6eXU1CnhueFVTNkhhcGhkNS9MaGduQTN1alhra05QZG1IeFB2Sk9XWUFCU05GZVh6TkYxbnBMLzR3RkxOdnBwTUNQUjEKdjdNN0FuYnZ5RXZLbTFRMmVQZTlBb0lCQVFEaWdJNEFKSWFIZVFpdXFGU0lXaG04TllrT1pGMGpmdldNN0s4dgoxSUFFMFdBVFA4S2JlVElOUzJmVVlack5GczdTNjZQbDFXZFBIN2F0Vm9pN1FWY0lvRmhsWVlScUlMRVRwS0pyCnowZEZMSWlhYWp6UTlrVFB6aExSREdCaE8zVEtiN1JwRm5kWUF1eHpTdzFDLzNKSGI0Y3JEOGtESUI4eFZvYmEKeHZzWGRWc3NxQlFnU2NVcmoxRmY0WlB0RmhxTFBzV252ZEJwYk02TFYvMnQvQ25UdTRxVTJzekpaUU5HUDFRZgpnRWFwYnVaQzZZRmFoWERUZ1lGVGZuL3ZLenlLYi9GaXNrejNSczlqZ1kwOGdSeElhbmRlVXFKSUVvSmkrQ3daCnE2dHdEOHFLekdoQjlueFNBT3doSnpEZzRTeWhOblJRdDVYOFhRV1ZqcHhzM0h4bkFvSUJBUUM4RFBzSURONXIKN2pvWmo1ZDQvazhZZytxMWVjeVNtOXpZeTlMemYwV1VGZ1J1OU5XOVVlVVBSakdYaE5vNVZPeHhCNjJyTVpDSgpFODFJdHhVVlF3SEg0UzYyeWNCUGJzWUVhcEUvaXRTK0tkRXpXUVAydTNIQWtMRDNOMjhzbk1sSWhUSlI4ZlhCCkdhc1duZ3M5UTd1QjdXazBuaUthOFQ3ZkJEeDlwT3lqTWxJUHdvMGxaQ3JVQW5tak9nWitSdnZ1R0RncXBEZHAKaDdKVXh0Rm1zV1BnQkZOWnRyNUJUUmNyNWhXUm9TWEpnUU9EcXBUUUhqUWRkTVd5N0xDSmczcUtMaUtWSU9kNQoraUd6aFVJWnpvOTVGWWl5dDhPamR0M1kwazVKOTlOT3JPd0FQTkx2YkM1VFRzaHRBMTQ0RTl1d0VxQmJUbStTClJ0TFplVkJXWjFjbEFvSUJBUUMwajI2anhucEgvTUJqRzJWbjNRdXU4YTUwZnFXUTZtQ3RHdkQ4M0JYQndYY3AKWVNhdDhndG9kYmdyb2pOWlV0bEZZdnVnK0dJR3ZXMU8rVEMrdGZPL3VMTSsvbUlraURNaFNaa0JBSmY4R09nOAowSHZ5eUo5S1dTaSs1WExma0JvbVZxNG5KL1d6ZjRFbTE2bVd3elJDcGpIR3JpcThCeHRXcFhlVGFCUTZPeCtYCmxkV1ZkN2xxWkRHbWtaanU0elA5MU9pVU04aTBnanlVOEd3V0NuTDlpditLY25IV0NtUjExMzRrTG9vbC8zWW4KMlNWNUYrODliSHZBSjVPdEFYYWRsV2VFR2tjb3lKWUM2UC9DUDlwZ0VCOWdYZGRvUlBrVUZHcHpmRnFLVnN4TApvVzlyUmljTTZCZFV4bjA4aDhTZ0wxekNDOWZRK2dhOWxwWTBZZi81QW9JQkFIN1M1azVFbDVFRTVtd3N1a1JnCmhxbUs5alVVQXRMeGlSMHhRWUQwMmRFSWxFN2NrbllQRUVPZjNIeEtuZjVDZHYrMzVQbHJBUVpoczNZUis0Y08KWE5vWDFUQnptbDQzNEJaRVpOY000M09vc2kxR0lIVTdiM2ttWENNdVlLMGV4R1ZEWjI5NmxucDN2RG9SdHBUSAo1R0s0NGRZWnZFN3cycXovcDJnNVhWcW02azgwcjRxREpwczdYQnVvVzQ2NGd0bk52YnVNYXM2aU5MUVdMazFxCjMyZktvd2dEUmdhMlhpVStGRmZWN2EwYmRHcE5GZlhTR09Xd3hsQm9icHNmYi9wWEtQMllabVNPUEVKZFlmb1QKcEJGT1k1WGNkM1g4Q1p4Y0lXNmpWQUJnZ1AyY0I4cHZGRU1kQS9ENWI0YTBaZG8yaGExdWxiSjZUMk5aL01ONQpDSDBDZ2dFQkFNTFJueExRUkNnZHlyWXJvcWRTQlU4NWZBazB1VS8vcm43aS8xdlFHNnBVeTREcTZXL3lCaEZWCi9GcGg2YzlOWEhVVWJNM0hsdnlZMkh0NGFVUWw4ZDUwd3N5VTZlbnh2cGR3enRpNk4yV1h5ckVYNFd0VnFnTlAKT0tIRXUrbWlpM202a09mdkREOTdBVDRoQUd6Q1pSNGxrYjA2dDQ5eTd1YTROUlphS1RyVGlHM2cydVR0QlI4MQovdzFHdEwrRE5VRUZ6TzFJeTJkc2NXeHI3NkkrWlg2VmxGSEduZVVsaHlOOVZKazhXSFZJNXhwVlY5eTdheTNJCmpYWEZEZ05xanFpU0M2QlU3aVlwa1ZFS2wvaHZhR0pVN0NLTEtGYnh6QmdzZXlZLzdYc01Idldid2pLOGEwTG0KYmFraGllN2hKQlA3Qm9PdXArZEQ1TlFQbFhCUTQzND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLS0K
	+ PASSPORT_PUBLIC_KEY: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFwbUhrYWUxMTV6M3ZNRjlJamlVYQpYckpIMUxqaWZ4cXMrWGJEQ0ZoUWVuejJpT2YvYlpEQk1xZnJ3aEJlM2hWeXdhMTNrSXVoZjFUWmxjSi9uUmhFCklaSWJnNkJGNi9HZUhOOTk4Q3gvSWpoQmVGa0c3ZjFoZHhFWFk1aWJkN3lxOHZBZnppelpwbkN1NCtMTS9OdkkKZWk5bVUraGozR3hyRGJwTVFUSENERHFYNWFORWl4OHVGVTRYYU9tOVVPSnc5aXZ6MTljcWNueFdxSjQ5em54dwpYVWxTNWs0SGV3YndmMnMyQldGaHorQ0RXUEhNcFdWaUxRMTdxajVRUmtsTm4zOXNVeW1QMWtYS1AzWTc2enZXCnpOVm5pUHZGdCtoSGl4eEVhN3RVRWFUZHRrNEZna05uV3kwYkZhN0RJUEM4dWtqSHZISGcxMExlUWl5Z0RkdUkKeGJkVkp3WUsvcWl0VTY4WkFiYnVmbGRsajJGb1ZMd1N5UDlxcHhVSWRSb2xqQ29wMWtEdTZ4UWlBcTBWSEVBVgpMdGdNcFpodEQvNkQ0ejY0NFFKOGF0eDRManAvSEV0VG5nYVRoKy92TGM5QW5oSGNsWDAvSm1sYlAxVmtXV3hHCjlGSXhTMFRWUG9sUkJzODk0OGtMaW9UaWY5bHJsdEppY3hkNlQwT3VBNWZueThsNmhkU2x6YUQzcG5yNXBrWXcKbVZuNUZnQkFGbmQvc2tYNkRzUnMrZWIybE5haGt2TlpaMTV6OVVlVTJSbDZKOXVCeDB2YmtjQjdlaVNDUGhSTQpJS3EvQ3RreUVnejhjZTRrRzE4ZkpIREZEQVNSdkdqYUJ1OTFsVjVoN05MbWhGTEZ6TXZiN1hvSHJ2L3lENlRWCkU1VzQ3Si9EcmZyZXZKa3pTMUdWKytNQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=
	+
	diff --git a/ci/kustomize/base/services.yml b/ci/kustomize/base/services.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/base/services.yml
	@@ -0,0 +1,109 @@
	+---
	+apiVersion: v1
	+kind: Service
	+metadata:
	+ name: mariadb
	+spec:
	+ clusterIP: None
	+ clusterIPs:
	+ - None
	+ internalTrafficPolicy: Cluster
	+ ipFamilies:
	+ - IPv4
	+ ipFamilyPolicy: SingleStack
	+ ports:
	+ - port: 3306
	+ protocol: TCP
	+ targetPort: 3306
	+ selector:
	+ component: mariadb
	+ sessionAffinity: None
	+ type: ClusterIP
	+
	+---
	+apiVersion: v1
	+kind: Service
	+metadata:
	+ name: imap
	+spec:
	+ clusterIP: None
	+ clusterIPs:
	+ - None
	+ internalTrafficPolicy: Cluster
	+ ipFamilies:
	+ - IPv4
	+ ipFamilyPolicy: SingleStack
	+ ports:
	+ - port: 11143
	+ protocol: TCP
	+ targetPort: 11143
	+ selector:
	+ component: imap
	+ sessionAffinity: None
	+ type: ClusterIP
	+
	+---
	+apiVersion: v1
	+kind: Service
	+metadata:
	+ name: minio
	+spec:
	+ clusterIP: None
	+ clusterIPs:
	+ - None
	+ internalTrafficPolicy: Cluster
	+ ipFamilies:
	+ - IPv4
	+ ipFamilyPolicy: SingleStack
	+ ports:
	+ - port: 9000
	+ protocol: TCP
	+ targetPort: 9000
	+ selector:
	+ component: minio
	+ sessionAffinity: None
	+ type: ClusterIP
	+
	+---
	+apiVersion: v1
	+kind: Service
	+metadata:
	+ name: redis
	+spec:
	+ clusterIP: None
	+ clusterIPs:
	+ - None
	+ internalTrafficPolicy: Cluster
	+ ipFamilies:
	+ - IPv4
	+ ipFamilyPolicy: SingleStack
	+ ports:
	+ - port: 6379
	+ protocol: TCP
	+ targetPort: 6379
	+ selector:
	+ component: redis
	+ sessionAffinity: None
	+ type: ClusterIP
	+
	+---
	+apiVersion: v1
	+kind: Service
	+metadata:
	+ name: meet
	+spec:
	+ clusterIP: None
	+ clusterIPs:
	+ - None
	+ internalTrafficPolicy: Cluster
	+ ipFamilies:
	+ - IPv4
	+ ipFamilyPolicy: SingleStack
	+ ports:
	+ - port: 12443
	+ protocol: TCP
	+ targetPort: 12443
	+ selector:
	+ component: meet
	+ sessionAffinity: None
	+ type: ClusterIP
	diff --git a/ci/kustomize/overlays/demo/kustomization.yml b/ci/kustomize/overlays/demo/kustomization.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/overlays/demo/kustomization.yml
	@@ -0,0 +1,9 @@
	+bases:
	+ - ../../base
	+
	+resources:
	+ - webapp_pod.yml
	+ - webapp_svc.yml
	+
	+commonLabels:
	+ app: kolab4-test
	diff --git a/ci/kustomize/overlays/demo/webapp_pod.yml b/ci/kustomize/overlays/demo/webapp_pod.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/overlays/demo/webapp_pod.yml
	@@ -0,0 +1,108 @@
	+---
	+apiVersion: v1
	+kind: Pod
	+metadata:
	+ name: webapp
	+ labels:
	+ component: webapp
	+spec:
	+ initContainers:
	+ - name: kolab4-git-source
	+ image: alpine/git
	+ command: ['git', 'clone', 'https://git.kolab.org/source/kolab.git', '/kolab']
	+ volumeMounts:
	+ - name: kolab4-git-source-config
	+ mountPath: /kolab
	+ readOnly: False
	+ containers:
	+ - name: webapp
	+ envFrom:
	+ - configMapRef:
	+ name: kolab-test-env
	+ - secretRef:
	+ name: passport-keys
	+ env:
	+ - name: NOENVFILE
	+ value: "true"
	+ - name: APP_SERVICES_ALLOWED_DOMAINS
	+ value: "webapp,localhost,services.kolab.local"
	+ - name: DB_USERNAME
	+ value: kolabdev
	+ - name: DB_PASSWORD
	+ value: simple123
	+ - name: DB_DATABASE
	+ value: kolabdev
	+ - name: DB_HOST
	+ value: mariadb
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/webapp"
	+ imagePullPolicy: Always
	+ readinessProbe:
	+ initialDelaySeconds: 5
	+ exec:
	+ command: ['bash', '-c', './artisan octane:status \|\| exit 1']
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: True
	+ - name: kolab4-git-source-config
	+ subPath: src
	+ mountPath: /src/kolabsrc.orig
	+ readOnly: True
	+ - name: kolab4-git-source-config
	+ subPath: config.demo/src
	+ mountPath: /src/overlay
	+ readOnly: True
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Always
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ tolerations:
	+ - effect: NoExecute
	+ key: node.kubernetes.io/not-ready
	+ operator: Exists
	+ tolerationSeconds: 300
	+ - effect: NoExecute
	+ key: node.kubernetes.io/unreachable
	+ operator: Exists
	+ tolerationSeconds: 300
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: kolab4-git-source-config
	+ emptyDir: {}
	diff --git a/ci/kustomize/overlays/demo/webapp_svc.yml b/ci/kustomize/overlays/demo/webapp_svc.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/overlays/demo/webapp_svc.yml
	@@ -0,0 +1,26 @@
	+---
	+apiVersion: v1
	+kind: Service
	+metadata:
	+ name: webapp
	+spec:
	+ clusterIP: None
	+ clusterIPs:
	+ - None
	+ internalTrafficPolicy: Cluster
	+ ipFamilies:
	+ - IPv4
	+ ipFamilyPolicy: SingleStack
	+ ports:
	+ - name: httpform
	+ port: 8000
	+ protocol: TCP
	+ targetPort: 8000
	+ - name: https
	+ port: 443
	+ protocol: TCP
	+ targetPort: 443
	+ selector:
	+ component: webapp
	+ sessionAffinity: None
	+ type: ClusterIP
	diff --git a/ci/kustomize/overlays/tests/kustomization.yml b/ci/kustomize/overlays/tests/kustomization.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/overlays/tests/kustomization.yml
	@@ -0,0 +1,5 @@
	+resources:
	+ - tests_job.yml
	+
	+commonLabels:
	+ app: kolab4-test
	diff --git a/ci/kustomize/overlays/tests/tests_job.yml b/ci/kustomize/overlays/tests/tests_job.yml
	new file mode 100644
	--- /dev/null
	+++ b/ci/kustomize/overlays/tests/tests_job.yml
	@@ -0,0 +1,98 @@
	+---
	+apiVersion: batch/v1
	+kind: Job
	+metadata:
	+ labels:
	+ component: tests
	+ name: tests
	+spec:
	+ activeDeadlineSeconds: 1800
	+ backoffLimit: 1
	+ completions: 1
	+ parallelism: 1
	+ template:
	+ metadata:
	+ labels:
	+ component: tests
	+ name: tests
	+ spec:
	+ containers:
	+ - name: tests
	+ command: ['/init.sh', 'testsuite']
	+ envFrom:
	+ - configMapRef:
	+ name: kolab-test-env
	+ - secretRef:
	+ name: passport-keys
	+ env:
	+ - name: APP_SERVICES_DOMAIN
	+ value: "localhost"
	+ image: "image-registry.openshift-image-registry.svc:5000/kolab4-ci/tests"
	+ imagePullPolicy: Always
	+ resources: {}
	+ securityContext:
	+ capabilities:
	+ drop:
	+ - MKNOD
	+ terminationMessagePath: /dev/termination-log
	+ terminationMessagePolicy: File
	+ volumeMounts:
	+ - name: kolab4-git-source
	+ mountPath: /src/kolabsrc.orig
	+ readOnly: True
	+ - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
	+ name: kube-api-access
	+ readOnly: true
	+ dnsPolicy: ClusterFirst
	+ enableServiceLinks: true
	+ hostAliases:
	+ - hostnames:
	+ - kolab.local
	+ - admin.kolab.local
	+ - services.kolab.local
	+ ip: __WEBAPP_POD_IP__
	+ imagePullSecrets:
	+ - name: pipeline-dockercfg-z2lsh
	+ initContainers:
	+ - name: kolab4-git-source
	+ image: alpine/git
	+ command: ['git', 'clone', 'https://git.kolab.org/source/kolab.git', 'kolab']
	+ volumeMounts:
	+ - name: kolab4-git-source
	+ mountPath: /kolab
	+ readOnly: False
	+ preemptionPolicy: PreemptLowerPriority
	+ priority: 0
	+ restartPolicy: Never
	+ schedulerName: default-scheduler
	+ securityContext: {}
	+ serviceAccount: pipeline
	+ serviceAccountName: pipeline
	+ terminationGracePeriodSeconds: 30
	+ volumes:
	+ - name: kube-api-access
	+ projected:
	+ defaultMode: 420
	+ sources:
	+ - serviceAccountToken:
	+ expirationSeconds: 3607
	+ path: token
	+ - configMap:
	+ items:
	+ - key: ca.crt
	+ path: ca.crt
	+ name: kube-root-ca.crt
	+ - downwardAPI:
	+ items:
	+ - fieldRef:
	+ apiVersion: v1
	+ fieldPath: metadata.namespace
	+ path: namespace
	+ - configMap:
	+ items:
	+ - key: service-ca.crt
	+ path: service-ca.crt
	+ name: openshift-service-ca.crt
	+ - name: kolab4-git-source
	+ emptyDir: {}
	+
	diff --git a/ci/passport_keys b/ci/passport_keys
	new file mode 100644
	--- /dev/null
	+++ b/ci/passport_keys
	@@ -0,0 +1,66 @@
	+PASSPORT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
	+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCmYeRp7XXnPe8w
	+X0iOJRpeskfUuOJ/Gqz5dsMIWFB6fPaI5/9tkMEyp+vCEF7eFXLBrXeQi6F/VNmV
	+wn+dGEQhkhuDoEXr8Z4c333wLH8iOEF4WQbt/WF3ERdjmJt3vKry8B/OLNmmcK7j
	+4sz828h6L2ZT6GPcbGsNukxBMcIMOpflo0SLHy4VThdo6b1Q4nD2K/PX1ypyfFao
	+nj3OfHBdSVLmTgd7BvB/azYFYWHP4INY8cylZWItDXuqPlBGSU2ff2xTKY/WRco/
	+djvrO9bM1WeI+8W36EeLHERru1QRpN22TgWCQ2dbLRsVrsMg8Ly6SMe8ceDXQt5C
	+LKAN24jFt1UnBgr+qK1TrxkBtu5+V2WPYWhUvBLI/2qnFQh1GiWMKinWQO7rFCIC
	+rRUcQBUu2AylmG0P/oPjPrjhAnxq3HguOn8cS1OeBpOH7+8tz0CeEdyVfT8maVs/
	+VWRZbEb0UjFLRNU+iVEGzz3jyQuKhOJ/2WuW0mJzF3pPQ64Dl+fLyXqF1KXNoPem
	+evmmRjCZWfkWAEAWd3+yRfoOxGz55vaU1qGS81lnXnP1R5TZGXon24HHS9uRwHt6
	+JII+FEwgqr8K2TISDPxx7iQbXx8kcMUMBJG8aNoG73WVXmHs0uaEUsXMy9vtegeu
	+//IPpNUTlbjsn8Ot+t68mTNLUZX74wIDAQABAoICAE5fZT8KVlPfJiikcWJXktTR
	+aKmIj1Qs5ha6PQNUyk/wRhbWJUjge0jXtWNb37v/4WbexafGRgPbHYUAMal3kTw4
	+/RHi8JzD2uUh10pHQ3mEgz5jvTJkfMEfwWMuMulTazj1KB4vnTRb9t2saz+ebZA0
	+fKCAom1leoXkX+ADxrKI9Rz766EWxlfNyZQnKgCMMYabzIg6t6lm7VEO/PEjR7CB
	+hfWrArYOXkG+6BrftLm9OVGv0GSGXZj4NWzLXnfFNrWvSYDg3nqhtDNxh6b2MGeb
	+DGKHqipHVU/vOEGA44hOHwutM8YY5voZRJ1RjWOaUmPzPXaEM9NiEZydNaVhaEpq
	+m7jNpu7S5xa2Eodt2iz2uQhnDHrYnGVCH5psal6TZAo9APWwwBOsFQ+nXwjxTeL9
	++3JL6+jrP0eqzNVhl8c0cHJnBDpSVNG734RsK8XOxmJyq3Xt8Roi3Ud7gjy/FGpv
	+XgzDpkFvd5uETn1VIuAfirm7MD8RbTIZAWCgqCrE7NuXOcnBGHuC955KF8OAx8np
	+8yCtlmBSXKifoIeeyu32L8s3g7md+xRuaU8yRtuClTLKG+6oRZYcaFNcVKKZzyu5
	+xnxUS6Haphd5/LhgnA3ujXkkNPdmHxPvJOWYABSNFeXzNF1npL/4wFLNvppMCPR1
	+v7M7AnbvyEvKm1Q2ePe9AoIBAQDigI4AJIaHeQiuqFSIWhm8NYkOZF0jfvWM7K8v
	+1IAE0WATP8KbeTINS2fUYZrNFs7S66Pl1WdPH7atVoi7QVcIoFhlYYRqILETpKJr
	+z0dFLIiaajzQ9kTPzhLRDGBhO3TKb7RpFndYAuxzSw1C/3JHb4crD8kDIB8xVoba
	+xvsXdVssqBQgScUrj1Ff4ZPtFhqLPsWnvdBpbM6LV/2t/CnTu4qU2szJZQNGP1Qf
	+gEapbuZC6YFahXDTgYFTfn/vKzyKb/Fiskz3Rs9jgY08gRxIandeUqJIEoJi+CwZ
	+q6twD8qKzGhB9nxSAOwhJzDg4SyhNnRQt5X8XQWVjpxs3HxnAoIBAQC8DPsIDN5r
	+7joZj5d4/k8Yg+q1ecySm9zYy9Lzf0WUFgRu9NW9UeUPRjGXhNo5VOxxB62rMZCJ
	+E81ItxUVQwHH4S62ycBPbsYEapE/itS+KdEzWQP2u3HAkLD3N28snMlIhTJR8fXB
	+GasWngs9Q7uB7Wk0niKa8T7fBDx9pOyjMlIPwo0lZCrUAnmjOgZ+RvvuGDgqpDdp
	+h7JUxtFmsWPgBFNZtr5BTRcr5hWRoSXJgQODqpTQHjQddMWy7LCJg3qKLiKVIOd5
	++iGzhUIZzo95FYiyt8Ojdt3Y0k5J99NOrOwAPNLvbC5TTshtA144E9uwEqBbTm+S
	+RtLZeVBWZ1clAoIBAQC0j26jxnpH/MBjG2Vn3Quu8a50fqWQ6mCtGvD83BXBwXcp
	+YSat8gtodbgrojNZUtlFYvug+GIGvW1O+TC+tfO/uLM+/mIkiDMhSZkBAJf8GOg8
	+0HvyyJ9KWSi+5XLfkBomVq4nJ/Wzf4Em16mWwzRCpjHGriq8BxtWpXeTaBQ6Ox+X
	+ldWVd7lqZDGmkZju4zP91OiUM8i0gjyU8GwWCnL9iv+KcnHWCmR1134kLool/3Yn
	+2SV5F+89bHvAJ5OtAXadlWeEGkcoyJYC6P/CP9pgEB9gXddoRPkUFGpzfFqKVsxL
	+oW9rRicM6BdUxn08h8SgL1zCC9fQ+ga9lpY0Yf/5AoIBAH7S5k5El5EE5mwsukRg
	+hqmK9jUUAtLxiR0xQYD02dEIlE7cknYPEEOf3HxKnf5Cdv+35PlrAQZhs3YR+4cO
	+XNoX1TBzml434BZEZNcM43Oosi1GIHU7b3kmXCMuYK0exGVDZ296lnp3vDoRtpTH
	+5GK44dYZvE7w2qz/p2g5XVqm6k80r4qDJps7XBuoW464gtnNvbuMas6iNLQWLk1q
	+32fKowgDRga2XiU+FFfV7a0bdGpNFfXSGOWwxlBobpsfb/pXKP2YZmSOPEJdYfoT
	+pBFOY5Xcd3X8CZxcIW6jVABggP2cB8pvFEMdA/D5b4a0Zdo2ha1ulbJ6T2NZ/MN5
	+CH0CggEBAMLRnxLQRCgdyrYroqdSBU85fAk0uU//rn7i/1vQG6pUy4Dq6W/yBhFV
	+/Fph6c9NXHUUbM3HlvyY2Ht4aUQl8d50wsyU6enxvpdwzti6N2WXyrEX4WtVqgNP
	+OKHEu+mii3m6kOfvDD97AT4hAGzCZR4lkb06t49y7ua4NRZaKTrTiG3g2uTtBR81
	+/w1GtL+DNUEFzO1Iy2dscWxr76I+ZX6VlFHGneUlhyN9VJk8WHVI5xpVV9y7ay3I
	+jXXFDgNqjqiSC6BU7iYpkVEKl/hvaGJU7CKLKFbxzBgseyY/7XsMHvWbwjK8a0Lm
	+bakhie7hJBP7BoOup+dD5NQPlXBQ434=
	+-----END PRIVATE KEY-----"
	+PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
	+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApmHkae115z3vMF9IjiUa
	+XrJH1Ljifxqs+XbDCFhQenz2iOf/bZDBMqfrwhBe3hVywa13kIuhf1TZlcJ/nRhE
	+IZIbg6BF6/GeHN998Cx/IjhBeFkG7f1hdxEXY5ibd7yq8vAfzizZpnCu4+LM/NvI
	+ei9mU+hj3GxrDbpMQTHCDDqX5aNEix8uFU4XaOm9UOJw9ivz19cqcnxWqJ49znxw
	+XUlS5k4Hewbwf2s2BWFhz+CDWPHMpWViLQ17qj5QRklNn39sUymP1kXKP3Y76zvW
	+zNVniPvFt+hHixxEa7tUEaTdtk4FgkNnWy0bFa7DIPC8ukjHvHHg10LeQiygDduI
	+xbdVJwYK/qitU68ZAbbufldlj2FoVLwSyP9qpxUIdRoljCop1kDu6xQiAq0VHEAV
	+LtgMpZhtD/6D4z644QJ8atx4Ljp/HEtTngaTh+/vLc9AnhHclX0/JmlbP1VkWWxG
	+9FIxS0TVPolRBs8948kLioTif9lrltJicxd6T0OuA5fny8l6hdSlzaD3pnr5pkYw
	+mVn5FgBAFnd/skX6DsRs+eb2lNahkvNZZ15z9UeU2Rl6J9uBx0vbkcB7eiSCPhRM
	+IKq/CtkyEgz8ce4kG18fJHDFDASRvGjaBu91lV5h7NLmhFLFzMvb7XoHrv/yD6TV
	+E5W47J/DrfrevJkzS1GV++MCAwEAAQ==
	+-----END PUBLIC KEY-----"
	diff --git a/docker/base/almalinux9 b/docker/base/almalinux9
	--- a/docker/base/almalinux9
	+++ b/docker/base/almalinux9
	@@ -6,10 +6,10 @@
	ENV LC_ALL=C.utf8

	# Add EPEL.
	-RUN dnf -y install 'dnf-command(config-manager)' && \
	+RUN dnf -qy install 'dnf-command(config-manager)' && \
	dnf config-manager --set-enabled crb && \
	- dnf -y install epel-release && \
	- dnf -y install iputils vim-enhanced bind-utils procps-ng tcpdump telnet mc && \
	+ dnf -qy install epel-release && \
	+ dnf -qy install iputils vim-enhanced bind-utils procps-ng tcpdump telnet mc && \
	dnf clean all && \
	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9

	diff --git a/docker/imap/Dockerfile b/docker/imap/Dockerfile
	--- a/docker/imap/Dockerfile
	+++ b/docker/imap/Dockerfile
	@@ -1,4 +1,4 @@
	-FROM apheleia/almalinux9
	+FROM kolab4-ci/almalinux9

	WORKDIR /root/

	diff --git a/docker/meet/Dockerfile b/docker/meet/Dockerfile
	--- a/docker/meet/Dockerfile
	+++ b/docker/meet/Dockerfile
	@@ -1,4 +1,4 @@
	-FROM apheleia/almalinux9
	+FROM kolab4-ci/almalinux9

	RUN dnf -y install \
	--setopt 'tsflags=nodocs' \
	diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile
	--- a/docker/proxy/Dockerfile
	+++ b/docker/proxy/Dockerfile
	@@ -1,4 +1,4 @@
	-FROM apheleia/almalinux9
	+FROM kolab4-ci/almalinux9

	RUN dnf -y install \
	--setopt 'tsflags=nodocs' \
	diff --git a/docker/redis/Dockerfile b/docker/redis/Dockerfile
	--- a/docker/redis/Dockerfile
	+++ b/docker/redis/Dockerfile
	@@ -1,4 +1,4 @@
	-FROM apheleia/almalinux9
	+FROM kolab4-ci/almalinux9

	RUN id default \|\| (groupadd -g 1001 default && useradd -d /opt/app-root/ -u 1001 -g 1001 default)

	diff --git a/docker/roundcube/Dockerfile b/docker/roundcube/Dockerfile
	--- a/docker/roundcube/Dockerfile
	+++ b/docker/roundcube/Dockerfile
	@@ -1,4 +1,4 @@
	-FROM apheleia/almalinux9
	+FROM kolab4-ci/almalinux9

	ENV HOME=/opt/app-root/src

	diff --git a/docker/swoole/Dockerfile b/docker/swoole/Dockerfile
	--- a/docker/swoole/Dockerfile
	+++ b/docker/swoole/Dockerfile
	@@ -1,14 +1,14 @@
	-FROM apheleia/almalinux9
	+FROM kolab4-ci/almalinux9

	ARG SWOOLE_VERSION=v5.0.2
	ENV HOME=/opt/app-root/src


	RUN dnf module reset php && \
	- dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \
	- dnf module -y enable php:remi-8.1 && \
	- dnf module -y enable nodejs:20 && \
	- dnf -y install \
	+ dnf install -qy https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \
	+ dnf module -qy enable php:remi-8.1 && \
	+ dnf module -qy enable nodejs:20 && \
	+ dnf -qy install \
	--setopt=install_weak_deps=False \
	--setopt 'tsflags=nodocs' \
	composer \
	@@ -48,7 +48,7 @@
	make install && \
	cd / && \
	rm -rf /swoole-src.git/ && \
	- dnf -y remove \
	+ dnf -qy remove \
	diffutils \
	file \
	make \
	diff --git a/docker/tests/Dockerfile b/docker/tests/Dockerfile
	--- a/docker/tests/Dockerfile
	+++ b/docker/tests/Dockerfile
	@@ -1,4 +1,4 @@
	-FROM kolab-webapp:latest
	+FROM kolab4-ci/webapp:latest

	USER root

	diff --git a/docker/webapp/Dockerfile b/docker/webapp/Dockerfile
	--- a/docker/webapp/Dockerfile
	+++ b/docker/webapp/Dockerfile
	@@ -1,8 +1,8 @@
	-FROM apheleia/swoole:latest
	+FROM kolab4-ci/swoole:latest

	USER root

	-RUN dnf -y install findutils gnupg2 git rsync && \
	+RUN dnf -y install findutils gnupg2 git rsync iproute && \
	dnf clean all

	EXPOSE 8000

File Metadata

Mime Type: text/plain
Expires: Sun, Mar 29, 11:21 PM (4 d, 4 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18779205
Default Alt Text: D4800.1774826510.diff (47 KB)

D4800.1774826510.diffNo OneTemporaryActions

D4800.1774826510.diffView Options

File Metadata

Event Timeline

D4800.1774826510.diff
No OneTemporary
Actions

D4800.1774826510.diff
View Options