From d52ff5922910c8ac7cf85c2713acb21231863a99 Mon Sep 17 00:00:00 2001 From: zebot Date: Tue, 24 Feb 2026 14:25:06 +0000 Subject: [PATCH 1/5] Update wire-builds to 7b0217a...ecd204f MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Wire Server: 5.27.0 Changed charts: - account-pages: 0.9.0-pre.1 → 0.9.0-pre.49 - sftd: 0.130.0 → 0.135.0 - wire-server: 5.23.0 → 5.27.0 - redis-ephemeral: 5.23.0 → 5.27.0 - rabbitmq: 5.23.0 → 5.27.0 - rabbitmq-external: 5.23.0 → 5.27.0 - databases-ephemeral: 5.23.0 → 5.27.0 - fake-aws: 5.23.0 → 5.27.0 - fake-aws-s3: 5.23.0 → 5.27.0 - fake-aws-sqs: 5.23.0 → 5.27.0 - aws-ingress: 5.23.0 → 5.27.0 - fluent-bit: 5.23.0 → 5.27.0 - kibana: 5.23.0 → 5.27.0 - backoffice: 5.23.0 → 5.27.0 - calling-test: 5.23.0 → 5.27.0 - demo-smtp: 5.23.0 → 5.27.0 - elasticsearch-curator: 5.23.0 → 5.27.0 - elasticsearch-external: 5.23.0 → 5.27.0 - elasticsearch-ephemeral: 5.23.0 → 5.27.0 - minio-external: 5.23.0 → 5.27.0 - cassandra-external: 5.23.0 → 5.27.0 - ingress-nginx-controller: 5.23.0 → 5.27.0 - nginx-ingress-services: 5.23.0 → 5.27.0 - reaper: 5.23.0 → 5.27.0 - restund: 5.23.0 → 5.27.0 - coturn: 4.6.2-federation-wireapp.43 → 4.6.2-federation-wireapp.47 - k8ssandra-test-cluster: 5.23.0 → 5.27.0 - webapp: 0.8.0-pre.1876 → 0.8.0-pre.2142 - ldap-scim-bridge: 5.23.0 → 5.27.0 - k8ssandra-operator: 1.16.0 → 1.18.0 - step-certificates: 1.25.0 → 1.28.6 - wire-server-enterprise: 5.23.0 → 5.27.0 Build: https://raw.githubusercontent.com/wireapp/wire-builds/ecd204f07540e79fc1febe2483a42111129a5d0d/build.json --- offline/tasks/proc_pull_charts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index 0ee754d9e..204bcd589 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -94,5 +94,5 @@ pull_charts() { #fi } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/7b0217a27c1b127bf8f1fedbea9ec03a1e277d5a/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/ecd204f07540e79fc1febe2483a42111129a5d0d/build.json" wire_build_chart_release "$wire_build" | pull_charts From 83a948810e877aedd176a1c9318ff1828b8fe962 Mon Sep 17 00:00:00 2001 From: sghosh23 Date: Mon, 9 Mar 2026 10:11:08 +0100 Subject: [PATCH 2/5] Adjust wire-server values for 5.27 deployment --- bin/helm-operations.sh | 8 +- values/wire-server/demo-secrets.example.yaml | 15 + values/wire-server/demo-values.example.yaml | 25 +- values/wire-server/prod-secrets.example.yaml | 1 + values/wire-server/prod-values.example.yaml | 50 +++- values/wire-server/values.yaml | 281 +++++++++++++++++++ 6 files changed, 364 insertions(+), 16 deletions(-) create mode 100644 values/wire-server/values.yaml diff --git a/bin/helm-operations.sh b/bin/helm-operations.sh index b95ac416c..98f7781e4 100755 --- a/bin/helm-operations.sh +++ b/bin/helm-operations.sh @@ -8,9 +8,9 @@ TARGET_SYSTEM="example.dev" CERT_MASTER_EMAIL="certmaster@${TARGET_SYSTEM}" # this IP should match the DNS A record value for TARGET_SYSTEM -# assuming it to be the public address used by clients to reach public Address +# assuming it to be the public address used by clients to reach public Address HOST_IP="" -if [ -z "$HOST_IP" ]; then +if [ -z "$HOST_IP" ]; then HOST_IP=$(wget -qO- https://api.ipify.org) fi @@ -145,7 +145,9 @@ deploy_charts() { "$BASE_DIR/bin/sync-k8s-secret-to-wire-secrets.sh" \ wire-postgresql-secret password \ "$BASE_DIR/values/wire-server/secrets.yaml" \ - .brig.secrets.pgPassword .galley.secrets.pgPassword + .brig.secrets.pgPassword \ + .galley.secrets.pgPassword \ + .background-worker.secrets.pgPassword else echo "⚠️ Warning: PostgreSQL secret 'wire-postgresql-secret' not found, skipping secret sync" echo " Make sure databases-ephemeral chart is deployed before wire-server" diff --git a/values/wire-server/demo-secrets.example.yaml b/values/wire-server/demo-secrets.example.yaml index 7bc5ecad3..788287afd 100644 --- a/values/wire-server/demo-secrets.example.yaml +++ b/values/wire-server/demo-secrets.example.yaml @@ -61,6 +61,20 @@ galley: rabbitmq: username: wire-server password: verysecurepassword + mlsPrivateKeys: + removal: + ed25519: | + -----BEGIN PRIVATE KEY----- + -----END PRIVATE KEY----- + ecdsa_secp256r1_sha256: | + -----BEGIN PRIVATE KEY----- + -----END PRIVATE KEY----- + ecdsa_secp384r1_sha384: | + -----BEGIN PRIVATE KEY----- + -----END PRIVATE KEY----- + ecdsa_secp521r1_sha512: | + -----BEGIN PRIVATE KEY----- + -----END PRIVATE KEY----- gundeck: secrets: @@ -96,6 +110,7 @@ nginz: # RabbitMQ credentials for background-worker. background-worker: secrets: + pgPassword: dummyPassword # gets replaced by the actual secret rabbitmq: username: wire-server password: verysecurepassword diff --git a/values/wire-server/demo-values.example.yaml b/values/wire-server/demo-values.example.yaml index fed128a0a..db7ce569d 100644 --- a/values/wire-server/demo-values.example.yaml +++ b/values/wire-server/demo-values.example.yaml @@ -127,7 +127,9 @@ cannon: # For demo mode only, we don't need to keep websocket connections open on chart upgrades drainTimeout: 10 config: - cassandra: + rabbitmq: + host: rabbitmq + cassandra: host: cassandra-ephemeral metrics: serviceMonitor: @@ -170,6 +172,9 @@ galley: port: "5432" user: wire-server dbname: wire-server + postgresMigration: + conversation: cassandra + teamFeatures: cassandra enableFederation: false # Enable to use federation settings: # prefix URI used when inviting users to a conversation by link @@ -199,6 +204,8 @@ gundeck: # image: # tag: some-tag (only override if you want a newer/different version than what is in the chart) config: + rabbitmq: + host: rabbitmq cassandra: host: cassandra-ephemeral aws: @@ -292,8 +299,24 @@ spar: background-worker: config: + federationDomain: example.com + rabbitmq: + host: rabbitmq cassandra: host: cassandra-ephemeral + cassandraGalley: + host: cassandra-ephemeral + cassandraBrig: + host: cassandra-ephemeral + postgresql: + host: postgresql # DNS name without protocol + port: "5432" + user: wire-server + dbname: wire-server + postgresMigration: + conversation: cassandra + teamFeatures: cassandra + # migrateTeamFeatures: false # Set to true only AFTER setting galley postgresMigration.teamFeatures to migration-to-postgresql # Enable for federation enableFederation: false metrics: diff --git a/values/wire-server/prod-secrets.example.yaml b/values/wire-server/prod-secrets.example.yaml index 23365c9af..c60a0f434 100644 --- a/values/wire-server/prod-secrets.example.yaml +++ b/values/wire-server/prod-secrets.example.yaml @@ -99,6 +99,7 @@ nginz: # RabbitMQ credentials for background-worker. background-worker: secrets: + pgPassword: verysecurepassword rabbitmq: username: guest password: guest diff --git a/values/wire-server/prod-values.example.yaml b/values/wire-server/prod-values.example.yaml index 9af281071..dc87ad41d 100644 --- a/values/wire-server/prod-values.example.yaml +++ b/values/wire-server/prod-values.example.yaml @@ -28,8 +28,9 @@ brig: elasticsearch: host: elasticsearch-external rabbitmq: - host: rabbitmq-external - # For k8s-based RabbitMQ for k8s based rabbitmq. Use 'rabbitmq-external' for production external RabbitMQ VMs + # Default: rabbitmq-external (for production external RabbitMQ VMs) + # CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral + host: rabbitmq-external postgresql: host: postgresql-external-rw # DNS name without protocol port: "5432" @@ -52,11 +53,10 @@ brig: teamSettings: https://teams.example.com # change this (or unset if team settings are not used) teamCreatorWelcome: https://teams.example.com/login # change this teamMemberWelcome: https://wire.example.com/download # change this - # TODO: BUG! 5.23 brig charts wont deploy in CI unless federation is enabled! - enableFederation: true # Enable to use federation + enableFederation: false # Keep false unless federation is explicitly configured optSettings: setEnableMLS: false # Enable for MLS protocol use - setFederationDomain: example.com # change this + setFederationDomain: example.com # change this per host deployment # Sync the domain with the 'host' variable in the sftd chart # Comment the next line (by adding '#' before it) if conference calling is not used setSftStaticUrl: "https://sftd.example.com:443" @@ -92,7 +92,9 @@ brig: deletionUrl: https://account.example.com/d/?key=${key}&code=${code} invitationUrl: https://account.example.com/i/${code} smtp: - host: smtp # change this if you want to use your own SMTP server + # Default: smtp (for CI/demo environments with demo-smtp chart) + # Production: Change to your actual SMTP server hostname + host: smtp port: 25 # change this connType: plain # change this. Possible values: plain|ssl|tls # proxy: @@ -133,7 +135,9 @@ cannon: # For demo mode only, we don't need to keep websocket connections open on chart upgrades drainTimeout: 10 config: - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external + rabbitmq: + # Default: rabbitmq-external (for production external RabbitMQ VMs) + # CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral host: rabbitmq-external cassandra: host: cassandra-external @@ -170,13 +174,20 @@ galley: config: cassandra: host: cassandra-external - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external + rabbitmq: + # Default: rabbitmq-external (for production external RabbitMQ VMs) + # CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral host: rabbitmq-external postgresql: host: postgresql-external-rw # DNS name without protocol port: "5432" user: wire-server dbname: wire-server + # Explicitly set postgresMigration to cassandra for fresh deployments. + # This controls whether galley reads conversations/teamFeatures from Cassandra or PostgreSQL. + postgresMigration: + conversation: cassandra + teamFeatures: cassandra enableFederation: false # Enable to use federation settings: # prefix URI used when inviting users to a conversation by link @@ -184,7 +195,7 @@ galley: federationDomain: example.com # change this # see #RefConfigOptions in `/docs/reference` (https://github.com/wireapp/wire-server/) featureFlags: - mls: + mls: # Keep disabled unless MLS is explicitly configured defaults: status: enabled config: @@ -194,7 +205,7 @@ galley: defaultCipherSuite: 2 supportedProtocols: [proteus, mls] lockStatus: unlocked - mlsMigration: + mlsMigration: # Keep disabled unless MLS migration is explicitly configured defaults: status: enabled config: @@ -231,7 +242,11 @@ gundeck: # image: # tag: some-tag (only override if you want a newer/different version than what is in the chart) config: - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external + redis: + host: databases-ephemeral-redis-ephemeral # Updated hostname for redis-ephemeral chart + rabbitmq: + # Default: rabbitmq-external (for production external RabbitMQ VMs) + # CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral host: rabbitmq-external cassandra: host: cassandra-external @@ -337,7 +352,9 @@ background-worker: config: federationDomain: example.com # logLevel: Debug - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external + rabbitmq: + # Default: rabbitmq-external (for production external RabbitMQ VMs) + # CI/Demo: Change to rabbitmq when using rabbitmq chart from databases-ephemeral host: rabbitmq-external cassandra: host: cassandra-external @@ -345,6 +362,15 @@ background-worker: host: cassandra-external cassandraBrig: host: cassandra-external + postgresql: + host: postgresql-external-rw # DNS name without protocol + port: "5432" + user: wire-server + dbname: wire-server + postgresMigration: + conversation: cassandra + teamFeatures: cassandra + migrateTeamFeatures: false # Set to true only AFTER setting galley postgresMigration.teamFeatures to migration-to-postgresql # Enable for federation enableFederation: false metrics: diff --git a/values/wire-server/values.yaml b/values/wire-server/values.yaml new file mode 100644 index 000000000..58807e8e3 --- /dev/null +++ b/values/wire-server/values.yaml @@ -0,0 +1,281 @@ +tags: + proxy: false + legalhold: false + federation: false +cassandra-migrations: + cassandra: + host: cassandra-external + replicationFactor: 3 +elasticsearch-index: + image: + repository: assethost:80/wire-server/wire/brig-index + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + elasticsearch: + host: elasticsearch-external + cassandra: + host: cassandra-external +brig: + image: + repository: assethost:80/wire-server/wire/brig + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + replicaCount: 3 + config: + cassandra: + host: cassandra-external + elasticsearch: + host: elasticsearch-external + rabbitmq: + host: rabbitmq-external + postgresql: + host: postgresql-external-rw + port: '5432' + user: wire-server + dbname: wire-server + useSES: false + randomPrekeys: true + aws: + region: eu-west-1 + sqsEndpoint: http://fake-aws-sqs:4568 + internalQueue: integration-brig-events-internal + prekeyTable: integration-brig-prekeys + externalUrls: + nginz: https://nginz-https.hetz-suk-a.zinfradev.com + teamSettings: https://teams.hetz-suk-a.zinfradev.com + teamCreatorWelcome: https://teams.hetz-suk-a.zinfradev.com/login + teamMemberWelcome: https://wire.hetz-suk-a.zinfradev.com/download + enableFederation: false + optSettings: + setFederationDomain: hetz-suk-a.zinfradev.com + setSftStaticUrl: https://sftd.hetz-suk-a.zinfradev.com:443 + setRestrictUserCreation: false + emailSMS: + general: + emailSender: email@hetz-suk-a.zinfradev.com + smsSender: insert-sms-sender-for-twilio + templateBranding: + brand: Wire + brandUrl: https://wire.com + brandLabel: wire.com + brandLabelUrl: https://wire.com + brandLogoUrl: https://wire.com/p/img/email/logo-email-black.png + brandService: Wire Service Provider + copyright: "\xA9 WIRE SWISS GmbH" + misuse: misuse@wire.com + legal: https://wire.com/legal/ + forgot: https://wire.com/forgot/ + support: https://support.wire.com/ + user: + passwordResetUrl: https://account.hetz-suk-a.zinfradev.com/reset/?key=${key}&code=${code} + activationUrl: https://account.hetz-suk-a.zinfradev.com/verify/?key=${key}&code=${code} + smsActivationUrl: https://account.hetz-suk-a.zinfradev.com/v/${code} + deletionUrl: https://account.hetz-suk-a.zinfradev.com/d/?key=${key}&code=${code} + invitationUrl: https://account.hetz-suk-a.zinfradev.com/i/${code} + smtp: + host: smtp + port: 25 + connType: plain + turnStatic: + v1: [] + v2: + - turn:136.243.148.68:3478 + - turn:136.243.148.68:3478?transport=tcp + metrics: + serviceMonitor: + enabled: true +proxy: + image: + repository: assethost:80/wire-server/wire/proxy + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + replicaCount: 3 + metrics: + serviceMonitor: + enabled: true +cannon: + image: + repository: assethost:80/wire-server/wire/cannon + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + nginzImage: + repository: assethost:80/wire-server/wire/nginz + tag: 5.23.0 + pullPolicy: IfNotPresent + replicaCount: 3 + drainTimeout: 10 + config: + cassandra: + host: cassandra-external + rabbitmq: + host: rabbitmq-external + metrics: + serviceMonitor: + enabled: true +cargohold: + image: + repository: assethost:80/wire-server/wire/cargohold + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + replicaCount: 3 + config: + aws: + region: eu-west-1 + s3Bucket: assets + s3Endpoint: http://minio-external:9000 + s3DownloadEndpoint: https://assets.hetz-suk-a.zinfradev.com + enableFederation: false + settings: + federationDomain: hetz-suk-a.zinfradev.com + metrics: + serviceMonitor: + enabled: true +galley: + image: + repository: assethost:80/wire-server/wire/galley + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + replicaCount: 3 + config: + cassandra: + host: cassandra-external + rabbitmq: + host: rabbitmq-external + postgresql: + host: postgresql-external-rw + port: '5432' + user: wire-server + dbname: wire-server + postgresqlMigration: + conversation: postgresql + enableFederation: false + settings: + conversationCodeURI: https://account.hetz-suk-a.zinfradev.com/conversation-join/ + federationDomain: hetz-suk-a.zinfradev.com + featureFlags: + sso: disabled-by-default + legalhold: disabled-permanently + teamSearchVisibility: disabled-by-default + aws: + region: eu-west-1 + metrics: + serviceMonitor: + enabled: true +gundeck: + image: + repository: assethost:80/wire-server/wire/gundeck + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + replicaCount: 3 + config: + cassandra: + host: cassandra-external + rabbitmq: + host: rabbitmq-external + aws: + account: '123456789012' + region: eu-west-1 + arnEnv: integration + queueName: integration-gundeck-events + sqsEndpoint: http://fake-aws-sqs:4568 + snsEndpoint: http://fake-aws-sns:4575 + maxConcurrentNativePushes: + soft: 200 + metrics: + serviceMonitor: + enabled: true + resources: + requests: + memory: 512Mi + cpu: 100m + limits: + memory: 2Gi +nginz: + images: + nginz: + repository: assethost:80/wire-server/wire/nginz + tag: 5.23.0 + replicaCount: 3 + config: + ws: + useProxyProtocol: false + nginx_conf: + dns_resolver: coredns + env: prod + external_env_domain: hetz-suk-a.zinfradev.com + deeplink: + endpoints: + backendURL: https://nginz-https.hetz-suk-a.zinfradev.com + backendWSURL: https://nginz-ssl.hetz-suk-a.zinfradev.com + teamsURL: https://teams.hetz-suk-a.zinfradev.com + accountsURL: https://account.hetz-suk-a.zinfradev.com + blackListURL: https://clientblacklist.wire.com/prod + websiteURL: https://wire.com + title: My Custom Wire Backend + drainTimeout: 10 + terminationGracePeriodSeconds: 30 + metrics: + serviceMonitor: + enabled: true +spar: + image: + repository: assethost:80/wire-server/wire/spar + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + replicaCount: 3 + config: + cassandra: + host: cassandra-external + logLevel: Debug + domain: hetz-suk-a.zinfradev.com + appUri: https://nginz-https.hetz-suk-a.zinfradev.com + ssoUri: https://nginz-https.hetz-suk-a.zinfradev.com/sso + maxttlAuthreq: 28800 + maxttlAuthresp: 28800 + contacts: + - type: ContactSupport + company: YourCompany + email: email:support@hetz-suk-a.zinfradev.com + metrics: + serviceMonitor: + enabled: true +legalhold: + host: legalhold.hetz-suk-a.zinfradev.com + wireApiHost: https://nginz-https.hetz-suk-a.zinfradev.com + metrics: + serviceMonitor: + enabled: true +federator: + image: + repository: assethost:80/wire-server/wire/federator + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + tls: + useSharedFederatorSecret: true + metrics: + serviceMonitor: + enabled: true +background-worker: + image: + repository: assethost:80/wire-server/wire/background-worker + tag: 5.23.0 + pullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent + config: + cassandra: + host: cassandra-external + rabbitmq: + host: rabbitmq-external + enableFederation: false + metrics: + serviceMonitor: + enabled: true From 9c00b6f775113fe2fa6854100b7a1e08523cdcfa Mon Sep 17 00:00:00 2001 From: sghosh23 Date: Mon, 9 Mar 2026 10:12:08 +0100 Subject: [PATCH 3/5] Add the changelog --- changelog.d/3-deploy-builds/wire-server-5.27 | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/3-deploy-builds/wire-server-5.27 diff --git a/changelog.d/3-deploy-builds/wire-server-5.27 b/changelog.d/3-deploy-builds/wire-server-5.27 new file mode 100644 index 000000000..eef103064 --- /dev/null +++ b/changelog.d/3-deploy-builds/wire-server-5.27 @@ -0,0 +1 @@ +Added: update prod and demo example values/secrets for wire-server 5.27, aligning PostgreSQL config, postgresMigration (conversation, teamFeatures), rabbitmq, and mlsPrivateKeys across all services From 49e11ec70784e3e06ab8b77c5d7fe45b00f4f5c8 Mon Sep 17 00:00:00 2001 From: sghosh23 Date: Wed, 11 Mar 2026 16:14:20 +0100 Subject: [PATCH 4/5] configure custom pool size for postgresql --- values/wire-server/prod-values.example.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/values/wire-server/prod-values.example.yaml b/values/wire-server/prod-values.example.yaml index dc87ad41d..0a53f158e 100644 --- a/values/wire-server/prod-values.example.yaml +++ b/values/wire-server/prod-values.example.yaml @@ -36,6 +36,8 @@ brig: port: "5432" user: wire-server dbname: wire-server + postgresqlPool: + size: 10 # adjust pool size as needed based on expected load and available resources useSES: false # Set to false if you want to hand out DynamoDB to store prekeys randomPrekeys: true @@ -183,6 +185,8 @@ galley: port: "5432" user: wire-server dbname: wire-server + postgresqlPool: + size: 10 # adjust pool size as needed based on expected load and available resources # Explicitly set postgresMigration to cassandra for fresh deployments. # This controls whether galley reads conversations/teamFeatures from Cassandra or PostgreSQL. postgresMigration: @@ -367,6 +371,8 @@ background-worker: port: "5432" user: wire-server dbname: wire-server + postgresqlPool: + size: 3 # Background worker has fewer connections to DB, so smaller pool size is fine postgresMigration: conversation: cassandra teamFeatures: cassandra From b1b25f2788ec00b0cfc40585b0c12be7f5908ef6 Mon Sep 17 00:00:00 2001 From: sghosh23 Date: Thu, 12 Mar 2026 16:29:27 +0100 Subject: [PATCH 5/5] sanitize values for prod --- values/wire-server/prod-values.example.yaml | 3 +- values/wire-server/values.yaml | 281 -------------------- 2 files changed, 1 insertion(+), 283 deletions(-) delete mode 100644 values/wire-server/values.yaml diff --git a/values/wire-server/prod-values.example.yaml b/values/wire-server/prod-values.example.yaml index 0a53f158e..92ac238cc 100644 --- a/values/wire-server/prod-values.example.yaml +++ b/values/wire-server/prod-values.example.yaml @@ -372,11 +372,10 @@ background-worker: user: wire-server dbname: wire-server postgresqlPool: - size: 3 # Background worker has fewer connections to DB, so smaller pool size is fine + size: 5 # Background worker has fewer connections to DB, so smaller pool size is fine postgresMigration: conversation: cassandra teamFeatures: cassandra - migrateTeamFeatures: false # Set to true only AFTER setting galley postgresMigration.teamFeatures to migration-to-postgresql # Enable for federation enableFederation: false metrics: diff --git a/values/wire-server/values.yaml b/values/wire-server/values.yaml deleted file mode 100644 index 58807e8e3..000000000 --- a/values/wire-server/values.yaml +++ /dev/null @@ -1,281 +0,0 @@ -tags: - proxy: false - legalhold: false - federation: false -cassandra-migrations: - cassandra: - host: cassandra-external - replicationFactor: 3 -elasticsearch-index: - image: - repository: assethost:80/wire-server/wire/brig-index - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - elasticsearch: - host: elasticsearch-external - cassandra: - host: cassandra-external -brig: - image: - repository: assethost:80/wire-server/wire/brig - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - replicaCount: 3 - config: - cassandra: - host: cassandra-external - elasticsearch: - host: elasticsearch-external - rabbitmq: - host: rabbitmq-external - postgresql: - host: postgresql-external-rw - port: '5432' - user: wire-server - dbname: wire-server - useSES: false - randomPrekeys: true - aws: - region: eu-west-1 - sqsEndpoint: http://fake-aws-sqs:4568 - internalQueue: integration-brig-events-internal - prekeyTable: integration-brig-prekeys - externalUrls: - nginz: https://nginz-https.hetz-suk-a.zinfradev.com - teamSettings: https://teams.hetz-suk-a.zinfradev.com - teamCreatorWelcome: https://teams.hetz-suk-a.zinfradev.com/login - teamMemberWelcome: https://wire.hetz-suk-a.zinfradev.com/download - enableFederation: false - optSettings: - setFederationDomain: hetz-suk-a.zinfradev.com - setSftStaticUrl: https://sftd.hetz-suk-a.zinfradev.com:443 - setRestrictUserCreation: false - emailSMS: - general: - emailSender: email@hetz-suk-a.zinfradev.com - smsSender: insert-sms-sender-for-twilio - templateBranding: - brand: Wire - brandUrl: https://wire.com - brandLabel: wire.com - brandLabelUrl: https://wire.com - brandLogoUrl: https://wire.com/p/img/email/logo-email-black.png - brandService: Wire Service Provider - copyright: "\xA9 WIRE SWISS GmbH" - misuse: misuse@wire.com - legal: https://wire.com/legal/ - forgot: https://wire.com/forgot/ - support: https://support.wire.com/ - user: - passwordResetUrl: https://account.hetz-suk-a.zinfradev.com/reset/?key=${key}&code=${code} - activationUrl: https://account.hetz-suk-a.zinfradev.com/verify/?key=${key}&code=${code} - smsActivationUrl: https://account.hetz-suk-a.zinfradev.com/v/${code} - deletionUrl: https://account.hetz-suk-a.zinfradev.com/d/?key=${key}&code=${code} - invitationUrl: https://account.hetz-suk-a.zinfradev.com/i/${code} - smtp: - host: smtp - port: 25 - connType: plain - turnStatic: - v1: [] - v2: - - turn:136.243.148.68:3478 - - turn:136.243.148.68:3478?transport=tcp - metrics: - serviceMonitor: - enabled: true -proxy: - image: - repository: assethost:80/wire-server/wire/proxy - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - replicaCount: 3 - metrics: - serviceMonitor: - enabled: true -cannon: - image: - repository: assethost:80/wire-server/wire/cannon - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - nginzImage: - repository: assethost:80/wire-server/wire/nginz - tag: 5.23.0 - pullPolicy: IfNotPresent - replicaCount: 3 - drainTimeout: 10 - config: - cassandra: - host: cassandra-external - rabbitmq: - host: rabbitmq-external - metrics: - serviceMonitor: - enabled: true -cargohold: - image: - repository: assethost:80/wire-server/wire/cargohold - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - replicaCount: 3 - config: - aws: - region: eu-west-1 - s3Bucket: assets - s3Endpoint: http://minio-external:9000 - s3DownloadEndpoint: https://assets.hetz-suk-a.zinfradev.com - enableFederation: false - settings: - federationDomain: hetz-suk-a.zinfradev.com - metrics: - serviceMonitor: - enabled: true -galley: - image: - repository: assethost:80/wire-server/wire/galley - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - replicaCount: 3 - config: - cassandra: - host: cassandra-external - rabbitmq: - host: rabbitmq-external - postgresql: - host: postgresql-external-rw - port: '5432' - user: wire-server - dbname: wire-server - postgresqlMigration: - conversation: postgresql - enableFederation: false - settings: - conversationCodeURI: https://account.hetz-suk-a.zinfradev.com/conversation-join/ - federationDomain: hetz-suk-a.zinfradev.com - featureFlags: - sso: disabled-by-default - legalhold: disabled-permanently - teamSearchVisibility: disabled-by-default - aws: - region: eu-west-1 - metrics: - serviceMonitor: - enabled: true -gundeck: - image: - repository: assethost:80/wire-server/wire/gundeck - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - replicaCount: 3 - config: - cassandra: - host: cassandra-external - rabbitmq: - host: rabbitmq-external - aws: - account: '123456789012' - region: eu-west-1 - arnEnv: integration - queueName: integration-gundeck-events - sqsEndpoint: http://fake-aws-sqs:4568 - snsEndpoint: http://fake-aws-sns:4575 - maxConcurrentNativePushes: - soft: 200 - metrics: - serviceMonitor: - enabled: true - resources: - requests: - memory: 512Mi - cpu: 100m - limits: - memory: 2Gi -nginz: - images: - nginz: - repository: assethost:80/wire-server/wire/nginz - tag: 5.23.0 - replicaCount: 3 - config: - ws: - useProxyProtocol: false - nginx_conf: - dns_resolver: coredns - env: prod - external_env_domain: hetz-suk-a.zinfradev.com - deeplink: - endpoints: - backendURL: https://nginz-https.hetz-suk-a.zinfradev.com - backendWSURL: https://nginz-ssl.hetz-suk-a.zinfradev.com - teamsURL: https://teams.hetz-suk-a.zinfradev.com - accountsURL: https://account.hetz-suk-a.zinfradev.com - blackListURL: https://clientblacklist.wire.com/prod - websiteURL: https://wire.com - title: My Custom Wire Backend - drainTimeout: 10 - terminationGracePeriodSeconds: 30 - metrics: - serviceMonitor: - enabled: true -spar: - image: - repository: assethost:80/wire-server/wire/spar - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - replicaCount: 3 - config: - cassandra: - host: cassandra-external - logLevel: Debug - domain: hetz-suk-a.zinfradev.com - appUri: https://nginz-https.hetz-suk-a.zinfradev.com - ssoUri: https://nginz-https.hetz-suk-a.zinfradev.com/sso - maxttlAuthreq: 28800 - maxttlAuthresp: 28800 - contacts: - - type: ContactSupport - company: YourCompany - email: email:support@hetz-suk-a.zinfradev.com - metrics: - serviceMonitor: - enabled: true -legalhold: - host: legalhold.hetz-suk-a.zinfradev.com - wireApiHost: https://nginz-https.hetz-suk-a.zinfradev.com - metrics: - serviceMonitor: - enabled: true -federator: - image: - repository: assethost:80/wire-server/wire/federator - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - tls: - useSharedFederatorSecret: true - metrics: - serviceMonitor: - enabled: true -background-worker: - image: - repository: assethost:80/wire-server/wire/background-worker - tag: 5.23.0 - pullPolicy: IfNotPresent - imagePullPolicy: IfNotPresent - config: - cassandra: - host: cassandra-external - rabbitmq: - host: rabbitmq-external - enableFederation: false - metrics: - serviceMonitor: - enabled: true