From e3c4237f4291bcc4baea55e91f7008a2e6f5ce85 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Tue, 2 Jun 2026 13:06:07 +0200 Subject: [PATCH 1/3] fix: WPB-25755 remove old images not in use anymore from proc_system_containers.sh --- changelog.d/2-wire-builds/clean-old-system-images | 1 + offline/tasks/proc_system_containers.sh | 8 -------- 2 files changed, 1 insertion(+), 8 deletions(-) create mode 100644 changelog.d/2-wire-builds/clean-old-system-images diff --git a/changelog.d/2-wire-builds/clean-old-system-images b/changelog.d/2-wire-builds/clean-old-system-images new file mode 100644 index 000000000..0ef8e1cef --- /dev/null +++ b/changelog.d/2-wire-builds/clean-old-system-images @@ -0,0 +1 @@ +Removed: old images not in use anymore from proc_system_containers.sh diff --git a/offline/tasks/proc_system_containers.sh b/offline/tasks/proc_system_containers.sh index 469afb512..6c8b93d75 100755 --- a/offline/tasks/proc_system_containers.sh +++ b/offline/tasks/proc_system_containers.sh @@ -32,14 +32,6 @@ quay.io/calico/pod2daemon-flexvol:v3.27.4 quay.io/calico/kube-controllers:v3.27.4 quay.io/calico/typha:v3.27.4 quay.io/calico/apiserver:v3.27.4 -quay.io/jetstack/cert-manager-controller:v1.16.3 -quay.io/jetstack/cert-manager-cainjector:v1.16.3 -quay.io/jetstack/cert-manager-webhook:v1.16.3 -quay.io/jetstack/cert-manager-startupapicheck:v1.16.3 -docker.io/library/nginx:1.25.4-alpine -bats/bats:1.11.1 -cr.step.sm/smallstep/step-ca:0.25.3-rc7 -registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0 EOF } From 9335bb7131ff4e37ecc3f520d9ced23a6358f28e Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Tue, 2 Jun 2026 15:26:18 +0200 Subject: [PATCH 2/3] fix: WPB-25755 keeping nginx 1.25.4 alpine image used by k8s cluster --- offline/tasks/proc_system_containers.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/offline/tasks/proc_system_containers.sh b/offline/tasks/proc_system_containers.sh index 6c8b93d75..636cbe590 100755 --- a/offline/tasks/proc_system_containers.sh +++ b/offline/tasks/proc_system_containers.sh @@ -32,6 +32,7 @@ quay.io/calico/pod2daemon-flexvol:v3.27.4 quay.io/calico/kube-controllers:v3.27.4 quay.io/calico/typha:v3.27.4 quay.io/calico/apiserver:v3.27.4 +docker.io/library/nginx:1.25.4-alpine EOF } From 122d46a525a8225c8332ab1e84e16d00220a52f5 Mon Sep 17 00:00:00 2001 From: Arthur Wolf Date: Tue, 2 Jun 2026 22:39:58 +0200 Subject: [PATCH 3/3] Enable MLS protocol in production values (#884) * Enable MLS protocol in production values Mohit had me deploy a wire-server (wire in a box) install following the current instructions. The install itself went mostly well, but recently I tried to set up a new user and log into the webapp, and that produced an error related to MLS/Proteus. The fix was to change the brig config `setEnableMLS` to `true`, which caused the backend and frontend to "match". This is a commit aimed at creating a PR that fixes this issue moving forward. * fix: WPB-25755 Enable MLS protocol in production values for brig * fix: WPB-25755 Enable MLS protocol in dev values for brig --------- Co-authored-by: mohitrajain --- changelog.d/3-deploy-builds/fix-mls-value | 1 + values/wire-server/demo-values.example.yaml | 2 +- values/wire-server/prod-values.example.yaml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 changelog.d/3-deploy-builds/fix-mls-value diff --git a/changelog.d/3-deploy-builds/fix-mls-value b/changelog.d/3-deploy-builds/fix-mls-value new file mode 100644 index 000000000..9103a7cd5 --- /dev/null +++ b/changelog.d/3-deploy-builds/fix-mls-value @@ -0,0 +1 @@ +Fixed: Enable MLS protocol in production and dev values for brig diff --git a/values/wire-server/demo-values.example.yaml b/values/wire-server/demo-values.example.yaml index 230fd6d7d..f12567827 100644 --- a/values/wire-server/demo-values.example.yaml +++ b/values/wire-server/demo-values.example.yaml @@ -55,7 +55,7 @@ brig: teamMemberWelcome: https://wire.example.com/download # change this enableFederation: false # Keep false unless federation is explicitly configured optSettings: - setEnableMLS: false # Enable for MLS protocol use + setEnableMLS: true # Enable for MLS protocol use setFederationDomain: example.com # change this per host deployment # Sync the domain with the 'host' variable in the sftd chart # Comment the next line (by adding '#' before it) if conference calling is not used diff --git a/values/wire-server/prod-values.example.yaml b/values/wire-server/prod-values.example.yaml index a0e8a2c67..31932fbe5 100644 --- a/values/wire-server/prod-values.example.yaml +++ b/values/wire-server/prod-values.example.yaml @@ -55,7 +55,7 @@ brig: teamMemberWelcome: https://wire.example.com/download # change this enableFederation: false # Keep false unless federation is explicitly configured optSettings: - setEnableMLS: false # Enable for MLS protocol use + setEnableMLS: true # Enable for MLS protocol use setFederationDomain: example.com # change this per host deployment # Sync the domain with the 'host' variable in the sftd chart # Comment the next line (by adding '#' before it) if conference calling is not used