mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
fix(gotmpl): Refactor from external to existing secrets
Signed-off-by: Axel Lender <lender@b1-systems.de>
This commit is contained in:
Axel Lender
@@ -3,9 +3,9 @@ SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlic
|
|||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<h1>External Secrets</h1>
|
<h1>Existing Secrets</h1>
|
||||||
|
|
||||||
This document covers how to utilise external secrets and special requirements. The examples documented here are mostly showing the format with the openDesk default values.
|
This document covers how to utilise existing secrets and special requirements. The examples documented here are mostly showing the format with the openDesk default values.
|
||||||
|
|
||||||
<!-- TOC -->
|
<!-- TOC -->
|
||||||
* [General](#general)
|
* [General](#general)
|
||||||
@@ -20,15 +20,15 @@ This document covers how to utilise external secrets and special requirements. T
|
|||||||
|
|
||||||
# General
|
# General
|
||||||
|
|
||||||
⚠ ATTENTION: This feature is still in early development. For now you can't simply replace plain secrets with external secrets because some secrets are used several components where some maybe don't support external secrets by now.
|
⚠ ATTENTION: This feature is still in early development. For now you can't simply replace plain secrets with existing secrets because some secrets are used several components where some maybe don't support existing secrets by now.
|
||||||
|
|
||||||
For most components when set the external secret will supersede e.g. a password in a `values.yaml` file.
|
For most components when set the existing secret will supersede e.g. a password in a `values.yaml` file.
|
||||||
|
|
||||||
The file [`external_secrets.yaml`](/helmfile/environments/default/external_secrets.yaml.gotmpl) lists all possible references to external secrets that are currently implemented in openDesk.
|
The file [`existing_secrets.yaml`](/helmfile/environments/default/existing_secrets.yaml.gotmpl) lists all possible references to existing secrets that are currently implemented in openDesk.
|
||||||
|
|
||||||
# Components
|
# Components
|
||||||
|
|
||||||
This section covers information and special requirements to external secrets that some Helm Charts expect.
|
This section covers information and special requirements to existing secrets that some Helm Charts expect.
|
||||||
|
|
||||||
## Cassandra
|
## Cassandra
|
||||||
|
|
||||||
@@ -50,7 +50,7 @@ This has to be adapted into a secret that also holds a `cql` script and is named
|
|||||||
|
|
||||||
## Keycloak
|
## Keycloak
|
||||||
|
|
||||||
Several external secrets utilised by the Keycloak bootstrap chart are expected in a special format and/or key.
|
Several existing secrets utilised by the Keycloak bootstrap chart are expected in a special format and/or key.
|
||||||
|
|
||||||
### Admin credentials
|
### Admin credentials
|
||||||
|
|
||||||
@@ -63,7 +63,7 @@ stringData:
|
|||||||
|
|
||||||
### ox-connector
|
### ox-connector
|
||||||
|
|
||||||
The secret `openxchangeConnector.provisioningApiPassword` has to provide a JSON file. The value `.Values.secrets.oxConnector.provisioningApiPassword` is taken from the default openDesk install without external secrets and has to be replaced by some secret value. The following format is expected:
|
The secret `openxchangeConnector.provisioningApiPassword` has to provide a JSON file. The value `.Values.secrets.oxConnector.provisioningApiPassword` is taken from the default openDesk install without existing secrets and has to be replaced by some secret value. The following format is expected:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
stringData:
|
stringData:
|
||||||
@@ -76,7 +76,7 @@ The secret `nubus.ldapSearch.keycloak` has the requirement to use `password` as
|
|||||||
|
|
||||||
### SSOFederation and Clients
|
### SSOFederation and Clients
|
||||||
|
|
||||||
Values taken from those external secrets will supersede secret values that are already present for the `client`/`IdP` in the configuration or add them accordingly. Further the secrets for the have to provide a `yaml` file in a special format. Both formats rely on the same key as used in the configuration respectively. The expected format for each configuration can be seen in the table below:
|
Values taken from those existing secrets will supersede secret values that are already present for the `client`/`IdP` in the configuration or add them accordingly. Further the secrets for the have to provide a `yaml` file in a special format. Both formats rely on the same key as used in the configuration respectively. The expected format for each configuration can be seen in the table below:
|
||||||
|
|
||||||
|Section |Format |
|
|Section |Format |
|
||||||
|-----------------------------------------------------|-------------|
|
|-----------------------------------------------------|-------------|
|
||||||
@@ -123,7 +123,7 @@ Values taken from those external secrets will supersede secret values that are a
|
|||||||
|
|
||||||
## MinIO
|
## MinIO
|
||||||
|
|
||||||
Like described in the [upstream `values.yaml`](https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml#L1595) credentials and information about a user in external secrets listed in `usersExistingSecrets` have to be formatted as follows:
|
Like described in the [upstream `values.yaml`](https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml#L1595) credentials and information about a user in existing secrets listed in `usersExistingSecrets` have to be formatted as follows:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
stringData:
|
stringData:
|
||||||
@@ -167,11 +167,11 @@ stringData:
|
|||||||
|
|
||||||
## XWiki
|
## XWiki
|
||||||
|
|
||||||
Properties listed in the file of the external secret will overwrite plain values.
|
Properties listed in the file of the existing secret will overwrite plain values.
|
||||||
|
|
||||||
Licenses can also be given via properties and require the format `licenses=<EnterpriseLicense>,<Applicationslicense>`.
|
Licenses can also be given via properties and require the format `licenses=<EnterpriseLicense>,<Applicationslicense>`.
|
||||||
|
|
||||||
Like described in the [upstream `values.yaml`](https://github.com/xwiki-contrib/xwiki-helm/blob/master/charts/xwiki/values.yaml#L435) credentials and information about a user in external secrets listed in `propertiesSecret` have to be formatted as follows:
|
Like described in the [upstream `values.yaml`](https://github.com/xwiki-contrib/xwiki-helm/blob/master/charts/xwiki/values.yaml#L435) credentials and information about a user in existing secrets listed in `propertiesSecret` have to be formatted as follows:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
stringData:
|
stringData:
|
||||||
@@ -12,7 +12,7 @@ This document covers the current status of security measures.
|
|||||||
* [Helm Chart Trust Chain](#helm-chart-trust-chain)
|
* [Helm Chart Trust Chain](#helm-chart-trust-chain)
|
||||||
* [Kubernetes Security Enforcements](#kubernetes-security-enforcements)
|
* [Kubernetes Security Enforcements](#kubernetes-security-enforcements)
|
||||||
* [NetworkPolicies](#networkpolicies)
|
* [NetworkPolicies](#networkpolicies)
|
||||||
* [External Secrets](#external-secrets)
|
* [Existing Secrets](#existing-secrets)
|
||||||
<!-- TOC -->
|
<!-- TOC -->
|
||||||
|
|
||||||
# Helm chart trust chain
|
# Helm chart trust chain
|
||||||
@@ -52,8 +52,8 @@ security:
|
|||||||
enabled: true
|
enabled: true
|
||||||
```
|
```
|
||||||
|
|
||||||
# External Secrets
|
# Existing Secrets
|
||||||
|
|
||||||
We urge you to use external secrets for your confidential credentials.
|
We urge you to use existing secrets for your confidential credentials.
|
||||||
|
|
||||||
For further explanation and documentation please visit [External Secrets](./docs/external-secrets.md).
|
For further explanation and documentation please visit [Existing Secrets](./docs/existing-secrets.md).
|
||||||
|
|||||||
@@ -86,7 +86,7 @@ The following naming scheme is applied for the deployment matrix:
|
|||||||
- *Secrets*: Master password based secrets based on `secrets.yaml.gotmpl`
|
- *Secrets*: Master password based secrets based on `secrets.yaml.gotmpl`
|
||||||
- *Certificates*: Letsencrypt-prod certificates are used.
|
- *Certificates*: Letsencrypt-prod certificates are used.
|
||||||
- *Deployment*: GitLab CI based deployment.
|
- *Deployment*: GitLab CI based deployment.
|
||||||
- `funct1`: Different configuration of `functional.yaml`, self-signed-certs [and when available external secrets].
|
- `funct1`: Different configuration of `functional.yaml`, self-signed-certs [and when available existing secrets].
|
||||||
- `extsrv`: External services (where possible).
|
- `extsrv`: External services (where possible).
|
||||||
- `gitops`: Argo CD based deployment.
|
- `gitops`: Argo CD based deployment.
|
||||||
|
|
||||||
|
|||||||
@@ -40,12 +40,12 @@ collabora:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
username: "collabora-internal-admin"
|
username: "collabora-internal-admin"
|
||||||
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
password: {{ .Values.secrets.collabora.adminPassword | quote }}
|
||||||
{{- if .Values.externalSecrets.collabora.existingSecret.name }}
|
{{- if .Values.existingSecrets.collabora.existingSecret.name }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
enabled: true
|
enabled: true
|
||||||
secretName: {{ .Values.externalSecrets.collabora.existingSecret.name | quote }}
|
secretName: {{ .Values.existingSecrets.collabora.existingSecret.name | quote }}
|
||||||
usernameKey: {{ .Values.externalSecrets.collabora.existingSecret.usernameKey | quote }}
|
usernameKey: {{ .Values.existingSecrets.collabora.existingSecret.usernameKey | quote }}
|
||||||
passwordKey: {{ .Values.externalSecrets.collabora.existingSecret.passwordKey | quote }}
|
passwordKey: {{ .Values.existingSecrets.collabora.existingSecret.passwordKey | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
fullnameOverride: "collabora"
|
fullnameOverride: "collabora"
|
||||||
|
|||||||
@@ -27,13 +27,13 @@ configuration:
|
|||||||
username:
|
username:
|
||||||
value: "nextcloud"
|
value: "nextcloud"
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nextcloud.admin.username.name | quote }}
|
name: {{ .Values.existingSecrets.nextcloud.admin.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nextcloud.admin.username.key | quote }}
|
key: {{ .Values.existingSecrets.nextcloud.admin.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nextcloud.admin.password.name | quote }}
|
name: {{ .Values.existingSecrets.nextcloud.admin.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nextcloud.admin.password.key | quote }}
|
key: {{ .Values.existingSecrets.nextcloud.admin.password.key | quote }}
|
||||||
|
|
||||||
antivirus:
|
antivirus:
|
||||||
{{- if .Values.antivirus.icap.host }}
|
{{- if .Values.antivirus.icap.host }}
|
||||||
@@ -54,13 +54,13 @@ configuration:
|
|||||||
username:
|
username:
|
||||||
value: {{ .Values.cache.nextcloud.username }}
|
value: {{ .Values.cache.nextcloud.username }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.cache.nextcloud.username.name | quote }}
|
name: {{ .Values.existingSecrets.cache.nextcloud.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.cache.nextcloud.username.key | quote }}
|
key: {{ .Values.existingSecrets.cache.nextcloud.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.cache.nextcloud.password.name | quote }}
|
name: {{ .Values.existingSecrets.cache.nextcloud.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.cache.nextcloud.password.key | quote }}
|
key: {{ .Values.existingSecrets.cache.nextcloud.password.key | quote }}
|
||||||
host: {{ .Values.cache.nextcloud.host | quote }}
|
host: {{ .Values.cache.nextcloud.host | quote }}
|
||||||
port: {{ .Values.cache.nextcloud.port | quote }}
|
port: {{ .Values.cache.nextcloud.port | quote }}
|
||||||
tls: {{ .Values.cache.nextcloud.tls }}
|
tls: {{ .Values.cache.nextcloud.tls }}
|
||||||
@@ -106,8 +106,8 @@ configuration:
|
|||||||
username:
|
username:
|
||||||
value: {{ .Values.databases.nextcloud.username | quote }}
|
value: {{ .Values.databases.nextcloud.username | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.databases.nextcloud.username.name | quote }}
|
name: {{ .Values.existingSecrets.databases.nextcloud.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.databases.nextcloud.username.key | quote }}
|
key: {{ .Values.existingSecrets.databases.nextcloud.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||||
@@ -117,8 +117,8 @@ configuration:
|
|||||||
value: {{ .Values.databases.nextcloud.password | quote }}
|
value: {{ .Values.databases.nextcloud.password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.databases.nextcloud.password.name | quote }}
|
name: {{ .Values.existingSecrets.databases.nextcloud.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.databases.nextcloud.password.key | quote }}
|
key: {{ .Values.existingSecrets.databases.nextcloud.password.key | quote }}
|
||||||
|
|
||||||
ldap:
|
ldap:
|
||||||
base: {{ .Values.ldap.baseDn | quote }}
|
base: {{ .Values.ldap.baseDn | quote }}
|
||||||
@@ -127,8 +127,8 @@ configuration:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
|
value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nubus.ldapSearch.nextcloud.name | quote }}
|
name: {{ .Values.existingSecrets.nubus.ldapSearch.nextcloud.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nubus.ldapSearch.nextcloud.key | quote }}
|
key: {{ .Values.existingSecrets.nubus.ldapSearch.nextcloud.key | quote }}
|
||||||
adminGroupName: "managed-by-attribute-FileshareAdmin"
|
adminGroupName: "managed-by-attribute-FileshareAdmin"
|
||||||
|
|
||||||
objectstore:
|
objectstore:
|
||||||
@@ -136,13 +136,13 @@ configuration:
|
|||||||
accessKey:
|
accessKey:
|
||||||
value: {{ .Values.objectstores.nextcloud.username | quote }}
|
value: {{ .Values.objectstores.nextcloud.username | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.objectstores.nextcloud.accessKey.name | quote }}
|
name: {{ .Values.existingSecrets.objectstores.nextcloud.accessKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.objectstores.nextcloud.accessKey.key | quote }}
|
key: {{ .Values.existingSecrets.objectstores.nextcloud.accessKey.key | quote }}
|
||||||
secretKey:
|
secretKey:
|
||||||
value: {{ .Values.objectstores.nextcloud.secretKey | default .Values.secrets.minio.nextcloudUser | quote }}
|
value: {{ .Values.objectstores.nextcloud.secretKey | default .Values.secrets.minio.nextcloudUser | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.objectstores.nextcloud.secretKey.name | quote }}
|
name: {{ .Values.existingSecrets.objectstores.nextcloud.secretKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.objectstores.nextcloud.secretKey.key | quote }}
|
key: {{ .Values.existingSecrets.objectstores.nextcloud.secretKey.key | quote }}
|
||||||
bucket: {{ .Values.objectstores.nextcloud.bucket | quote }}
|
bucket: {{ .Values.objectstores.nextcloud.bucket | quote }}
|
||||||
host: {{ .Values.objectstores.nextcloud.endpoint | quote }}
|
host: {{ .Values.objectstores.nextcloud.endpoint | quote }}
|
||||||
region: {{ .Values.objectstores.nextcloud.region | quote }}
|
region: {{ .Values.objectstores.nextcloud.region | quote }}
|
||||||
@@ -157,8 +157,8 @@ configuration:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.clientSecret.nextcloudOidc.name | quote }}
|
name: {{ .Values.existingSecrets.keycloak.clientSecret.nextcloudOidc.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.keycloak.clientSecret.nextcloudOidc.key | quote }}
|
key: {{ .Values.existingSecrets.keycloak.clientSecret.nextcloudOidc.key | quote }}
|
||||||
|
|
||||||
opendeskIntegration:
|
opendeskIntegration:
|
||||||
centralNavigation:
|
centralNavigation:
|
||||||
@@ -168,8 +168,8 @@ configuration:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.centralnavigation.apiKey.name | quote }}
|
name: {{ .Values.existingSecrets.centralnavigation.apiKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.centralnavigation.apiKey.key | quote }}
|
key: {{ .Values.existingSecrets.centralnavigation.apiKey.key | quote }}
|
||||||
oxAppSuite:
|
oxAppSuite:
|
||||||
enabled: {{ .Values.apps.oxAppSuite.enabled }}
|
enabled: {{ .Values.apps.oxAppSuite.enabled }}
|
||||||
|
|
||||||
@@ -195,8 +195,8 @@ configuration:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.postfix.opendeskSystem.password.name | quote }}
|
name: {{ .Values.existingSecrets.postfix.opendeskSystem.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.postfix.opendeskSystem.password.key | quote }}
|
key: {{ .Values.existingSecrets.postfix.opendeskSystem.password.key | quote }}
|
||||||
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||||
port: 587
|
port: 587
|
||||||
fromAddress: {{ .Values.smtp.localpartNoReply | quote }}
|
fromAddress: {{ .Values.smtp.localpartNoReply | quote }}
|
||||||
@@ -214,8 +214,8 @@ configuration:
|
|||||||
token:
|
token:
|
||||||
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nextcloud.metricsToken.name | quote }}
|
name: {{ .Values.existingSecrets.nextcloud.metricsToken.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nextcloud.metricsToken.key | quote }}
|
key: {{ .Values.existingSecrets.nextcloud.metricsToken.key | quote }}
|
||||||
|
|
||||||
forbiddenChars: {{ join " " .Values.functional.filestore.naming.forbiddenChars | quote }}
|
forbiddenChars: {{ join " " .Values.functional.filestore.naming.forbiddenChars | quote }}
|
||||||
|
|
||||||
|
|||||||
@@ -19,8 +19,8 @@ exporter:
|
|||||||
token:
|
token:
|
||||||
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nextcloud.metricsToken.name | quote }}
|
name: {{ .Values.existingSecrets.nextcloud.metricsToken.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nextcloud.metricsToken.key | quote }}
|
key: {{ .Values.existingSecrets.nextcloud.metricsToken.key | quote }}
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
capabilities:
|
capabilities:
|
||||||
@@ -91,13 +91,13 @@ aio:
|
|||||||
username:
|
username:
|
||||||
value: {{ .Values.cache.nextcloud.username }}
|
value: {{ .Values.cache.nextcloud.username }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.cache.nextcloud.username.name | quote }}
|
name: {{ .Values.existingSecrets.cache.nextcloud.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.cache.nextcloud.username.key | quote }}
|
key: {{ .Values.existingSecrets.cache.nextcloud.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.cache.nextcloud.password.name | quote }}
|
name: {{ .Values.existingSecrets.cache.nextcloud.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.cache.nextcloud.password.key | quote }}
|
key: {{ .Values.existingSecrets.cache.nextcloud.password.key | quote }}
|
||||||
host: {{ .Values.cache.nextcloud.host | quote }}
|
host: {{ .Values.cache.nextcloud.host | quote }}
|
||||||
port: {{ .Values.cache.nextcloud.port | quote }}
|
port: {{ .Values.cache.nextcloud.port | quote }}
|
||||||
tls: {{ .Values.cache.nextcloud.tls }}
|
tls: {{ .Values.cache.nextcloud.tls }}
|
||||||
@@ -116,8 +116,8 @@ aio:
|
|||||||
username:
|
username:
|
||||||
value: {{ .Values.databases.nextcloud.username | quote }}
|
value: {{ .Values.databases.nextcloud.username | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.databases.nextcloud.username.name | quote }}
|
name: {{ .Values.existingSecrets.databases.nextcloud.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.databases.nextcloud.username.key | quote }}
|
key: {{ .Values.existingSecrets.databases.nextcloud.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
|
||||||
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
|
||||||
@@ -127,8 +127,8 @@ aio:
|
|||||||
value: {{ .Values.databases.nextcloud.password | quote }}
|
value: {{ .Values.databases.nextcloud.password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.databases.nextcloud.password.name | quote }}
|
name: {{ .Values.existingSecrets.databases.nextcloud.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.databases.nextcloud.password.key | quote }}
|
key: {{ .Values.existingSecrets.databases.nextcloud.password.key | quote }}
|
||||||
trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
|
trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|||||||
@@ -5,8 +5,8 @@ global:
|
|||||||
collaborationServerSecret:
|
collaborationServerSecret:
|
||||||
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.notes.collaborationSecret.name | quote }}
|
name: {{ .Values.existingSecrets.notes.collaborationSecret.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.notes.collaborationSecret.key | quote }}
|
key: {{ .Values.existingSecrets.notes.collaborationSecret.key | quote }}
|
||||||
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||||
@@ -14,8 +14,8 @@ global:
|
|||||||
yProviderApiKey:
|
yProviderApiKey:
|
||||||
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
value: {{ .Values.secrets.notes.collaborationSecret | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.notes.collaborationSecret.name | quote }}
|
name: {{ .Values.existingSecrets.notes.collaborationSecret.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.notes.collaborationSecret.key | quote }}
|
key: {{ .Values.existingSecrets.notes.collaborationSecret.key | quote }}
|
||||||
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||||
tlsSecretName: {{ .Values.ingress.tls.secretName | quote }}
|
tlsSecretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||||
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
|
||||||
@@ -47,8 +47,8 @@ backend:
|
|||||||
apiKey:
|
apiKey:
|
||||||
value: {{ .Values.ai.apiKey }}
|
value: {{ .Values.ai.apiKey }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.ai.apiKey.name | quote }}
|
name: {{ .Values.existingSecrets.ai.apiKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.ai.apiKey.key | quote }}
|
key: {{ .Values.existingSecrets.ai.apiKey.key | quote }}
|
||||||
baseUrl: {{ .Values.ai.endpoint }}
|
baseUrl: {{ .Values.ai.endpoint }}
|
||||||
model: {{ .Values.ai.model | quote }}
|
model: {{ .Values.ai.model | quote }}
|
||||||
aws:
|
aws:
|
||||||
@@ -56,13 +56,13 @@ backend:
|
|||||||
s3AccessKeyId:
|
s3AccessKeyId:
|
||||||
value: {{ .Values.objectstores.notes.username }}
|
value: {{ .Values.objectstores.notes.username }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.objectstores.notes.s3AccessKeyId.name | quote }}
|
name: {{ .Values.existingSecrets.objectstores.notes.s3AccessKeyId.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.objectstores.notes.s3AccessKeyId.key | quote }}
|
key: {{ .Values.existingSecrets.objectstores.notes.s3AccessKeyId.key | quote }}
|
||||||
s3SecretAccessKey:
|
s3SecretAccessKey:
|
||||||
value: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
|
value: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.objectstores.notes.s3SecretAccessKey.name | quote }}
|
name: {{ .Values.existingSecrets.objectstores.notes.s3SecretAccessKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.objectstores.notes.s3SecretAccessKey.key | quote }}
|
key: {{ .Values.existingSecrets.objectstores.notes.s3SecretAccessKey.key | quote }}
|
||||||
storageBucketName: {{ .Values.objectstores.notes.bucket }}
|
storageBucketName: {{ .Values.objectstores.notes.bucket }}
|
||||||
collaboration:
|
collaboration:
|
||||||
apiUrl: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
apiUrl: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
|
||||||
@@ -73,14 +73,14 @@ backend:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
value: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.databases.notes.password.name | quote }}
|
name: {{ .Values.existingSecrets.databases.notes.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.databases.notes.password.key | quote }}
|
key: {{ .Values.existingSecrets.databases.notes.password.key | quote }}
|
||||||
port: {{ .Values.databases.notes.port | quote }}
|
port: {{ .Values.databases.notes.port | quote }}
|
||||||
user:
|
user:
|
||||||
value: {{ .Values.databases.notes.username | quote }}
|
value: {{ .Values.databases.notes.username | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.databases.notes.user.name | quote }}
|
name: {{ .Values.existingSecrets.databases.notes.user.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.databases.notes.user.key | quote }}
|
key: {{ .Values.existingSecrets.databases.notes.user.key | quote }}
|
||||||
email:
|
email:
|
||||||
brandName: "openDesk"
|
brandName: "openDesk"
|
||||||
from: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.mailDomain | default .Values.global.domain }}"
|
from: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.mailDomain | default .Values.global.domain }}"
|
||||||
@@ -90,13 +90,13 @@ backend:
|
|||||||
user:
|
user:
|
||||||
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.postfix.opendeskSystem.username.name | quote }}
|
name: {{ .Values.existingSecrets.postfix.opendeskSystem.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.postfix.opendeskSystem.username.key | quote }}
|
key: {{ .Values.existingSecrets.postfix.opendeskSystem.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.postfix.opendeskSystem.password.name | quote }}
|
name: {{ .Values.existingSecrets.postfix.opendeskSystem.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.postfix.opendeskSystem.password.key | quote }}
|
key: {{ .Values.existingSecrets.postfix.opendeskSystem.password.key | quote }}
|
||||||
oidc:
|
oidc:
|
||||||
enabled: true
|
enabled: true
|
||||||
rpClientId:
|
rpClientId:
|
||||||
@@ -104,8 +104,8 @@ backend:
|
|||||||
rpClientSecret:
|
rpClientSecret:
|
||||||
value: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
value: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.clientSecret.notes.name | quote }}
|
name: {{ .Values.existingSecrets.keycloak.clientSecret.notes.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.keycloak.clientSecret.notes.key | quote }}
|
key: {{ .Values.existingSecrets.keycloak.clientSecret.notes.key | quote }}
|
||||||
opJWKSEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
opJWKSEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||||
opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||||
opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||||
@@ -123,25 +123,25 @@ backend:
|
|||||||
secretKey:
|
secretKey:
|
||||||
value: {{ .Values.secrets.notes.djangoSecretKey }}
|
value: {{ .Values.secrets.notes.djangoSecretKey }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.notes.django.secretKey.name | quote }}
|
name: {{ .Values.existingSecrets.notes.django.secretKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.notes.django.secretKey.key | quote }}
|
key: {{ .Values.existingSecrets.notes.django.secretKey.key | quote }}
|
||||||
createSuperuser: true
|
createSuperuser: true
|
||||||
superuserEmail:
|
superuserEmail:
|
||||||
value: {{ printf "default.admin@%s" .Values.global.domain | quote }}
|
value: {{ printf "default.admin@%s" .Values.global.domain | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.notes.django.superuserEmail.name | quote }}
|
name: {{ .Values.existingSecrets.notes.django.superuserEmail.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.notes.django.superuserEmail.key | quote }}
|
key: {{ .Values.existingSecrets.notes.django.superuserEmail.key | quote }}
|
||||||
superuserPassword:
|
superuserPassword:
|
||||||
value: {{ .Values.secrets.notes.superuser }}
|
value: {{ .Values.secrets.notes.superuser }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.notes.django.superuserPassword.name | quote }}
|
name: {{ .Values.existingSecrets.notes.django.superuserPassword.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.notes.django.superuserPassword.key | quote }}
|
key: {{ .Values.existingSecrets.notes.django.superuserPassword.key | quote }}
|
||||||
frontendTheme: "openDesk"
|
frontendTheme: "openDesk"
|
||||||
redisUrl:
|
redisUrl:
|
||||||
value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
|
value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.notes.redisUrl.name | quote }}
|
name: {{ .Values.existingSecrets.notes.redisUrl.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.notes.redisUrl.key | quote }}
|
key: {{ .Values.existingSecrets.notes.redisUrl.key | quote }}
|
||||||
extraEnvVars:
|
extraEnvVars:
|
||||||
- name: "FRONTEND_HOMEPAGE_FEATURE_ENABLED"
|
- name: "FRONTEND_HOMEPAGE_FEATURE_ENABLED"
|
||||||
value: "False"
|
value: "False"
|
||||||
|
|||||||
@@ -54,9 +54,9 @@ ics:
|
|||||||
session:
|
session:
|
||||||
secret: {{ .Values.secrets.intercom.secret | quote }}
|
secret: {{ .Values.secrets.intercom.secret | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.nubus.ics.session.name | quote }}
|
name: {{ .Values.existingSecrets.nubus.ics.session.name | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
secret: {{ .Values.externalSecrets.nubus.ics.session.key | quote }}
|
secret: {{ .Values.existingSecrets.nubus.ics.session.key | quote }}
|
||||||
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||||
originRegex: "{{ .Values.global.domain }}"
|
originRegex: "{{ .Values.global.domain }}"
|
||||||
enableSessionCookie: true
|
enableSessionCookie: true
|
||||||
@@ -71,36 +71,36 @@ ics:
|
|||||||
id: "opendesk-intercom"
|
id: "opendesk-intercom"
|
||||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.clientSecret.intercom.name | quote}}
|
name: {{ .Values.existingSecrets.keycloak.clientSecret.intercom.name | quote}}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
clientSecret: {{ .Values.externalSecrets.keycloak.clientSecret.intercom.key | quote }}
|
clientSecret: {{ .Values.existingSecrets.keycloak.clientSecret.intercom.key | quote }}
|
||||||
matrix:
|
matrix:
|
||||||
subdomain: {{ .Values.global.hosts.synapse | quote }}
|
subdomain: {{ .Values.global.hosts.synapse | quote }}
|
||||||
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
||||||
auth:
|
auth:
|
||||||
applicationServiceSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
applicationServiceSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.nubus.ics.synapseAsToken.name | quote }}
|
name: {{ .Values.existingSecrets.nubus.ics.synapseAsToken.name | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: {{ .Values.externalSecrets.nubus.ics.synapseAsToken.key | quote }}
|
password: {{ .Values.existingSecrets.nubus.ics.synapseAsToken.key | quote }}
|
||||||
nordeck:
|
nordeck:
|
||||||
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
|
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
|
||||||
portal:
|
portal:
|
||||||
auth:
|
auth:
|
||||||
sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.centralnavigation.apiKey.name | quote }}
|
name: {{ .Values.existingSecrets.centralnavigation.apiKey.name | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
sharedSecret: {{ .Values.externalSecrets.centralnavigation.apiKey.key | quote }}
|
sharedSecret: {{ .Values.existingSecrets.centralnavigation.apiKey.key | quote }}
|
||||||
redis:
|
redis:
|
||||||
host: {{ .Values.cache.intercomService.host | quote }}
|
host: {{ .Values.cache.intercomService.host | quote }}
|
||||||
port: {{ .Values.cache.intercomService.port }}
|
port: {{ .Values.cache.intercomService.port }}
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.redis.existingSecret | quote }}
|
name: {{ .Values.existingSecrets.redis.existingSecret | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: {{ .Values.externalSecrets.redis.existingSecretPasswordKey | quote }}
|
password: {{ .Values.existingSecrets.redis.existingSecretPasswordKey | quote }}
|
||||||
openxchange:
|
openxchange:
|
||||||
oci: true
|
oci: true
|
||||||
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
||||||
@@ -151,9 +151,9 @@ provisioning:
|
|||||||
auth:
|
auth:
|
||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
name: {{ .Values.existingSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
passowrd: {{ .Values.externalSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
passowrd: {{ .Values.existingSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
||||||
image:
|
image:
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
|
|||||||
@@ -39,13 +39,13 @@ configuration:
|
|||||||
accessKey:
|
accessKey:
|
||||||
value: {{ .Values.objectstores.nubus.username | quote }}
|
value: {{ .Values.objectstores.nubus.username | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.objectstores.nubus.accessKey.name | quote }}
|
name: {{ .Values.existingSecrets.objectstores.nubus.accessKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.objectstores.nubus.accessKey.key | quote }}
|
key: {{ .Values.existingSecrets.objectstores.nubus.accessKey.key | quote }}
|
||||||
secretKey:
|
secretKey:
|
||||||
value: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
value: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.objectstores.nubus.secretKey.name | quote }}
|
name: {{ .Values.existingSecrets.objectstores.nubus.secretKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.objectstores.nubus.secretKey.key | quote }}
|
key: {{ .Values.existingSecrets.objectstores.nubus.secretKey.key | quote }}
|
||||||
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
{{ .Values.annotations.nubusNginxS3Gateway.pod | toYaml | nindent 2 }}
|
{{ .Values.annotations.nubusNginxS3Gateway.pod | toYaml | nindent 2 }}
|
||||||
|
|||||||
@@ -200,25 +200,25 @@ nubusGuardian:
|
|||||||
username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
||||||
database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
|
database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.databases.umsGuardianManagementApi.password.name | default "ums-guardian-postgresql-opendesk-credentials" | quote }}
|
name: {{ .Values.existingSecrets.databases.umsGuardianManagementApi.password.name | default "ums-guardian-postgresql-opendesk-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: {{ .Values.externalSecrets.databases.umsGuardianManagementApi.password.key | default "guardianDatabasePassword" | quote }}
|
password: {{ .Values.existingSecrets.databases.umsGuardianManagementApi.password.key | default "guardianDatabasePassword" | quote }}
|
||||||
provisioning:
|
provisioning:
|
||||||
enabled: false
|
enabled: false
|
||||||
config:
|
config:
|
||||||
nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
|
nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
|
||||||
keycloak:
|
keycloak:
|
||||||
credentialSecret:
|
credentialSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
name: {{ .Values.existingSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
||||||
key: {{ .Values.externalSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
key: {{ .Values.existingSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
||||||
realm: {{ .Values.platform.realm | quote }}
|
realm: {{ .Values.platform.realm | quote }}
|
||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
keycloak:
|
keycloak:
|
||||||
auth:
|
auth:
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.clientSecret.guardian.name | default "ums-opendesk-guardian-client-secret" | quote }}
|
name: {{ .Values.existingSecrets.keycloak.clientSecret.guardian.name | default "ums-opendesk-guardian-client-secret" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: {{ .Values.externalSecrets.keycloak.clientSecret.guardian.key | default "managementApiClientSecret" | quote }}
|
password: {{ .Values.existingSecrets.keycloak.clientSecret.guardian.key | default "managementApiClientSecret" | quote }}
|
||||||
connection:
|
connection:
|
||||||
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||||
baseUrl: "http://ums-keycloak:8080"
|
baseUrl: "http://ums-keycloak:8080"
|
||||||
|
|||||||
@@ -193,9 +193,9 @@ keycloak:
|
|||||||
auth:
|
auth:
|
||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
name: {{ .Values.existingSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
adminPassword: {{ .Values.externalSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
adminPassword: {{ .Values.existingSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
||||||
login:
|
login:
|
||||||
messages:
|
messages:
|
||||||
de:
|
de:
|
||||||
@@ -219,9 +219,9 @@ keycloak:
|
|||||||
username: {{ .Values.databases.keycloak.username | quote }}
|
username: {{ .Values.databases.keycloak.username | quote }}
|
||||||
database: {{ .Values.databases.keycloak.name | quote }}
|
database: {{ .Values.databases.keycloak.name | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.databases.keycloak.password.name | default "ums-keycloak-postgresql-opendesk-credentials" | quote }}
|
name: {{ .Values.existingSecrets.databases.keycloak.password.name | default "ums-keycloak-postgresql-opendesk-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: {{ .Values.externalSecrets.databases.keycloak.password.key | default "keycloakDatabasePassword" | quote }}
|
password: {{ .Values.existingSecrets.databases.keycloak.password.key | default "keycloakDatabasePassword" | quote }}
|
||||||
replicaCount: {{ .Values.replicas.keycloak }}
|
replicaCount: {{ .Values.replicas.keycloak }}
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.umsKeycloak | toYaml | nindent 4 }}
|
{{ .Values.resources.umsKeycloak | toYaml | nindent 4 }}
|
||||||
@@ -445,9 +445,9 @@ nubusKeycloakExtensions:
|
|||||||
# TODO: Pending secrets refactoring in component chart. This will refer to
|
# TODO: Pending secrets refactoring in component chart. This will refer to
|
||||||
# the secret generated by the keycloak subchart.
|
# the secret generated by the keycloak subchart.
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
name: {{ .Values.existingSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
adminPassword: {{ .Values.externalSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
adminPassword: {{ .Values.existingSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
||||||
proxy:
|
proxy:
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
{{ .Values.annotations.nubusKeycloakExtensions.proxyAdditional | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusKeycloakExtensions.proxyAdditional | toYaml | nindent 6 }}
|
||||||
@@ -526,9 +526,9 @@ nubusKeycloakExtensions:
|
|||||||
database: {{ .Values.databases.keycloakExtension.name | quote }}
|
database: {{ .Values.databases.keycloakExtension.name | quote }}
|
||||||
username: {{ .Values.databases.keycloakExtension.username | quote }}
|
username: {{ .Values.databases.keycloakExtension.username | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.databases.keycloakExtension.password.name | default "ums-keycloak-extensions-postgresql-opendesk-credentials" | quote }}
|
name: {{ .Values.existingSecrets.databases.keycloakExtension.password.name | default "ums-keycloak-extensions-postgresql-opendesk-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: {{ .Values.externalSecrets.databases.keycloakExtension.password.key | default "umcKeycloakExtensionsDatabasePassword" | quote }}
|
password: {{ .Values.existingSecrets.databases.keycloakExtension.password.key | default "umcKeycloakExtensionsDatabasePassword" | quote }}
|
||||||
smtp:
|
smtp:
|
||||||
connection:
|
connection:
|
||||||
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||||
@@ -541,9 +541,9 @@ nubusKeycloakExtensions:
|
|||||||
# TODO: Pending secrets refactoring in the component chart
|
# TODO: Pending secrets refactoring in the component chart
|
||||||
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.postfix.opendeskSystem.password.name | default "ums-keycloak-extensions-smtp-opendesk-credentials" | quote }}
|
name: {{ .Values.existingSecrets.postfix.opendeskSystem.password.name | default "ums-keycloak-extensions-smtp-opendesk-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
password: {{ .Values.externalSecrets.postfix.opendeskSystem.password.key | default "umcKeycloakExtensionsSmtpPassword" | quote }}
|
password: {{ .Values.existingSecrets.postfix.opendeskSystem.password.key | default "umcKeycloakExtensionsSmtpPassword" | quote }}
|
||||||
handler:
|
handler:
|
||||||
additionalAnnotations:
|
additionalAnnotations:
|
||||||
{{ .Values.annotations.nubusKeycloakExtensions.handlerAdditional | toYaml | nindent 6 }}
|
{{ .Values.annotations.nubusKeycloakExtensions.handlerAdditional | toYaml | nindent 6 }}
|
||||||
@@ -1107,9 +1107,9 @@ nubusProvisioning:
|
|||||||
createUsers:
|
createUsers:
|
||||||
oxConsumer:
|
oxConsumer:
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.openxchangeConnector.provisioningApiPassword.name | default "ums-provisioning-ox-credentials" | quote }}
|
name: {{ .Values.existingSecrets.openxchangeConnector.provisioningApiPassword.name | default "ums-provisioning-ox-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
registration: {{ .Values.externalSecrets.openxchangeConnector.provisioningApiPassword.key | default "ox-connector.json" | quote }}
|
registration: {{ .Values.existingSecrets.openxchangeConnector.provisioningApiPassword.key | default "ox-connector.json" | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
image:
|
image:
|
||||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
||||||
@@ -1601,14 +1601,14 @@ nubusKeycloakBootstrap:
|
|||||||
auth:
|
auth:
|
||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
name: {{ .Values.existingSecrets.keycloak.adminPassword.name | default "ums-opendesk-keycloak-credentials" | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
adminPassword: {{ .Values.externalSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
adminPassword: {{ .Values.existingSecrets.keycloak.adminPassword.key | default "admin_password" | quote }}
|
||||||
ldap:
|
ldap:
|
||||||
auth:
|
auth:
|
||||||
bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }}
|
bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.nubus.ldapSearch.keycloak.name | default "ums-keycloak-bootstrap-ldap-opendesk-credentials" | quote }}
|
name: {{ .Values.existingSecrets.nubus.ldapSearch.keycloak.name | default "ums-keycloak-bootstrap-ldap-opendesk-credentials" | quote }}
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
intents.otterize.com/service-name: "ums-keycloak-bootstrap"
|
intents.otterize.com/service-name: "ums-keycloak-bootstrap"
|
||||||
{{- with .Values.annotations.nubusKeycloakBootstrapNubus.pod }}
|
{{- with .Values.annotations.nubusKeycloakBootstrapNubus.pod }}
|
||||||
@@ -1631,49 +1631,49 @@ nubusKeycloakBootstrap:
|
|||||||
|
|
||||||
# Credential secrets for accessing customer supplied services
|
# Credential secrets for accessing customer supplied services
|
||||||
extraSecrets:
|
extraSecrets:
|
||||||
{{- if and (not .Values.externalSecrets.keycloak.clientSecret.guardian.name)
|
{{- if and (not .Values.existingSecrets.keycloak.clientSecret.guardian.name)
|
||||||
(not .Values.externalSecrets.keycloak.clientSecret.guardian.key) }}
|
(not .Values.existingSecrets.keycloak.clientSecret.guardian.key) }}
|
||||||
- name: "ums-opendesk-guardian-client-secret"
|
- name: "ums-opendesk-guardian-client-secret"
|
||||||
stringData:
|
stringData:
|
||||||
managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (not .Values.externalSecrets.keycloak.adminPassword.name)
|
{{- if and (not .Values.existingSecrets.keycloak.adminPassword.name)
|
||||||
(not .Values.externalSecrets.keycloak.adminPassword.key) }}
|
(not .Values.existingSecrets.keycloak.adminPassword.key) }}
|
||||||
- name: "ums-opendesk-keycloak-credentials"
|
- name: "ums-opendesk-keycloak-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
admin_password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
admin_password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (not .Values.externalSecrets.databases.keycloak.password.name)
|
{{- if and (not .Values.existingSecrets.databases.keycloak.password.name)
|
||||||
(not .Values.externalSecrets.databases.keycloak.password.key) }}
|
(not .Values.existingSecrets.databases.keycloak.password.key) }}
|
||||||
- name: "ums-keycloak-postgresql-opendesk-credentials"
|
- name: "ums-keycloak-postgresql-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (not .Values.externalSecrets.databases.umsGuardianManagementApi.password.name)
|
{{- if and (not .Values.existingSecrets.databases.umsGuardianManagementApi.password.name)
|
||||||
(not .Values.externalSecrets.databases.umsGuardianManagementApi.password.key) }}
|
(not .Values.existingSecrets.databases.umsGuardianManagementApi.password.key) }}
|
||||||
- name: "ums-guardian-postgresql-opendesk-credentials"
|
- name: "ums-guardian-postgresql-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
guardianDatabasePassword: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
guardianDatabasePassword: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (not .Values.externalSecrets.databases.keycloakExtension.password.name)
|
{{- if and (not .Values.existingSecrets.databases.keycloakExtension.password.name)
|
||||||
(not .Values.externalSecrets.databases.keycloakExtension.password.key) }}
|
(not .Values.existingSecrets.databases.keycloakExtension.password.key) }}
|
||||||
- name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
|
- name: "ums-keycloak-extensions-postgresql-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (not .Values.externalSecrets.postfix.opendeskSystem.password.name)
|
{{- if and (not .Values.existingSecrets.postfix.opendeskSystem.password.name)
|
||||||
(not .Values.externalSecrets.postfix.opendeskSystem.password.key) }}
|
(not .Values.existingSecrets.postfix.opendeskSystem.password.key) }}
|
||||||
- name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
- name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
umcKeycloakExtensionsSmtpPassword: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
umcKeycloakExtensionsSmtpPassword: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (not .Values.externalSecrets.nubus.ldapSearch.keycloak.name) }}
|
{{- if and (not .Values.existingSecrets.nubus.ldapSearch.keycloak.name) }}
|
||||||
- name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
|
- name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
|
password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and (not .Values.externalSecrets.openxchangeConnector.provisioningApiPassword.name)
|
{{- if and (not .Values.existingSecrets.openxchangeConnector.provisioningApiPassword.name)
|
||||||
(not .Values.externalSecrets.openxchangeConnector.provisioningApiPassword.key) }}
|
(not .Values.existingSecrets.openxchangeConnector.provisioningApiPassword.key) }}
|
||||||
- name: "ums-provisioning-ox-credentials"
|
- name: "ums-provisioning-ox-credentials"
|
||||||
stringData:
|
stringData:
|
||||||
ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }"
|
ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }"
|
||||||
|
|||||||
@@ -83,8 +83,8 @@ config:
|
|||||||
value:
|
value:
|
||||||
{{ .Values.functional.authentication.oidc.clients | toYaml | nindent 8 }}
|
{{ .Values.functional.authentication.oidc.clients | toYaml | nindent 8 }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.functional.authentication.clients.name | quote }}
|
name: {{ .Values.existingSecrets.functional.authentication.clients.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.functional.authentication.clients.key | quote }}
|
key: {{ .Values.existingSecrets.functional.authentication.clients.key | quote }}
|
||||||
managed:
|
managed:
|
||||||
clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list',
|
clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list',
|
||||||
'offline_access', 'roles', 'address', 'phone' ]
|
'offline_access', 'roles', 'address', 'phone' ]
|
||||||
@@ -97,7 +97,7 @@ config:
|
|||||||
username: "kcadmin"
|
username: "kcadmin"
|
||||||
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
password: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.adminSecret.name | quote }}
|
name: {{ .Values.existingSecrets.keycloak.adminSecret.name | quote }}
|
||||||
realm: {{ .Values.platform.realm | quote }}
|
realm: {{ .Values.platform.realm | quote }}
|
||||||
intraCluster:
|
intraCluster:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -121,8 +121,8 @@ config:
|
|||||||
enforceFederatedLogin: {{ .Values.functional.authentication.ssoFederation.enforceFederatedLogin }}
|
enforceFederatedLogin: {{ .Values.functional.authentication.ssoFederation.enforceFederatedLogin }}
|
||||||
value: {{ .Values.functional.authentication.ssoFederation.idpDict | toYaml | nindent 8 }}
|
value: {{ .Values.functional.authentication.ssoFederation.idpDict | toYaml | nindent 8 }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name : {{ .Values.externalSecrets.functional.authentication.ssoFederation.name | quote }}
|
name : {{ .Values.existingSecrets.functional.authentication.ssoFederation.name | quote }}
|
||||||
key : {{ .Values.externalSecrets.functional.authentication.ssoFederation.key | quote }}
|
key : {{ .Values.existingSecrets.functional.authentication.ssoFederation.key | quote }}
|
||||||
twoFactorSettings:
|
twoFactorSettings:
|
||||||
additionalGroups: {{ .Values.functional.authentication.twoFactor.groups | toYaml | nindent 6 }}
|
additionalGroups: {{ .Values.functional.authentication.twoFactor.groups | toYaml | nindent 6 }}
|
||||||
precreateGroups: [ 'Domain Admins', 'Domain Users', 'IAM API - Full Access',
|
precreateGroups: [ 'Domain Admins', 'Domain Users', 'IAM API - Full Access',
|
||||||
@@ -763,8 +763,8 @@ config:
|
|||||||
- "opendesk-xwiki-scope"
|
- "opendesk-xwiki-scope"
|
||||||
{{ end }}
|
{{ end }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.clients.name | quote }}
|
name: {{ .Values.existingSecrets.keycloak.clients.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.keycloak.clients.key | quote }}
|
key: {{ .Values.existingSecrets.keycloak.clients.key | quote }}
|
||||||
|
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|||||||
@@ -25,8 +25,8 @@ dovecot:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.cassandra.dovecotDictmapUser | quote }}
|
value: {{ .Values.secrets.cassandra.dovecotDictmapUser | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.dovecot.dictmapUser.name | quote }}
|
name: {{ .Values.existingSecrets.dovecot.dictmapUser.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.dovecot.dictmapUser.key | quote }}
|
key: {{ .Values.existingSecrets.dovecot.dictmapUser.key | quote }}
|
||||||
keyspace: {{ .Values.databases.dovecotDictmap.name | quote }}
|
keyspace: {{ .Values.databases.dovecotDictmap.name | quote }}
|
||||||
sharedMailboxes:
|
sharedMailboxes:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -36,8 +36,8 @@ dovecot:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.cassandra.dovecotACLUser | quote }}
|
value: {{ .Values.secrets.cassandra.dovecotACLUser | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.dovecot.aclUser.name | quote }}
|
name: {{ .Values.existingSecrets.dovecot.aclUser.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.dovecot.aclUser.key | quote }}
|
key: {{ .Values.existingSecrets.dovecot.aclUser.key | quote }}
|
||||||
keyspace: {{ .Values.databases.dovecotACL.name | quote }}
|
keyspace: {{ .Values.databases.dovecotACL.name | quote }}
|
||||||
objectStorage:
|
objectStorage:
|
||||||
bucket: {{ .Values.objectstores.dovecot.bucket | quote }}
|
bucket: {{ .Values.objectstores.dovecot.bucket | quote }}
|
||||||
@@ -45,18 +45,18 @@ dovecot:
|
|||||||
privateKey:
|
privateKey:
|
||||||
value: {{ requiredEnv "DOVECOT_CRYPT_PRIVATE_KEY" | quote }}
|
value: {{ requiredEnv "DOVECOT_CRYPT_PRIVATE_KEY" | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.dovecot.objectStorage.encryption.privateKey.name | quote }}
|
name: {{ .Values.existingSecrets.dovecot.objectStorage.encryption.privateKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.dovecot.objectStorage.encryption.privateKey.key | quote }}
|
key: {{ .Values.existingSecrets.dovecot.objectStorage.encryption.privateKey.key | quote }}
|
||||||
publicKey:
|
publicKey:
|
||||||
value: {{ requiredEnv "DOVECOT_CRYPT_PUBLIC_KEY" | quote }}
|
value: {{ requiredEnv "DOVECOT_CRYPT_PUBLIC_KEY" | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.dovecot.objectStorage.encryption.publicKey.name | quote }}
|
name: {{ .Values.existingSecrets.dovecot.objectStorage.encryption.publicKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.dovecot.objectStorage.encryption.publicKey.key | quote }}
|
key: {{ .Values.existingSecrets.dovecot.objectStorage.encryption.publicKey.key | quote }}
|
||||||
fqdn: {{ .Values.objectstores.dovecot.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
fqdn: {{ .Values.objectstores.dovecot.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
|
||||||
username: {{ .Values.objectstores.dovecot.username | quote }}
|
username: {{ .Values.objectstores.dovecot.username | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.objectstores.dovecot.secretKey | default .Values.secrets.minio.dovecotUser | quote }}
|
value: {{ .Values.objectstores.dovecot.secretKey | default .Values.secrets.minio.dovecotUser | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.objectstores.dovecotUser.name | quote }}
|
name: {{ .Values.existingSecrets.objectstores.dovecotUser.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.objectstores.dovecotUser.key | quote }}
|
key: {{ .Values.existingSecrets.objectstores.dovecotUser.key | quote }}
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -26,15 +26,15 @@ dovecot:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.dovecot.doveadm | quote }}
|
value: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.dovecot.doveadm.name | quote }}
|
name: {{ .Values.existingSecrets.dovecot.doveadm.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.dovecot.doveadm.key | quote }}
|
key: {{ .Values.existingSecrets.dovecot.doveadm.key | quote }}
|
||||||
migration:
|
migration:
|
||||||
enabled: {{ .Values.functional.migration.oxAppSuite.enabled }}
|
enabled: {{ .Values.functional.migration.oxAppSuite.enabled }}
|
||||||
masterPassword:
|
masterPassword:
|
||||||
value: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
|
value: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.oxAppSuite.migrationsMasterPassword.name | quote }}
|
name: {{ .Values.existingSecrets.oxAppSuite.migrationsMasterPassword.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.oxAppSuite.migrationsMasterPassword.key | quote }}
|
key: {{ .Values.existingSecrets.oxAppSuite.migrationsMasterPassword.key | quote }}
|
||||||
ldap:
|
ldap:
|
||||||
enabled: true
|
enabled: true
|
||||||
host: {{ .Values.ldap.host | quote }}
|
host: {{ .Values.ldap.host | quote }}
|
||||||
@@ -44,8 +44,8 @@ dovecot:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }}
|
value: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.nubus.ldapSearch.dovecot.name | quote }}
|
name: {{ .Values.existingSecrets.nubus.ldapSearch.dovecot.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nubus.ldapSearch.dovecot.key | quote }}
|
key: {{ .Values.existingSecrets.nubus.ldapSearch.dovecot.key | quote }}
|
||||||
loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }}
|
loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||||
|
|
||||||
oidc:
|
oidc:
|
||||||
@@ -55,8 +55,8 @@ dovecot:
|
|||||||
clientSecret:
|
clientSecret:
|
||||||
value: {{ .Values.secrets.keycloak.clientSecret.dovecot | quote }}
|
value: {{ .Values.secrets.keycloak.clientSecret.dovecot | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.clientSecret.dovecot.name | quote }}
|
name: {{ .Values.existingSecrets.keycloak.clientSecret.dovecot.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.keycloak.clientSecret.dovecot.key | quote }}
|
key: {{ .Values.existingSecrets.keycloak.clientSecret.dovecot.key | quote }}
|
||||||
introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
|
introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
|
||||||
introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect"
|
introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect"
|
||||||
usernameAttribute: "opendesk_username"
|
usernameAttribute: "opendesk_username"
|
||||||
|
|||||||
@@ -62,13 +62,13 @@ postfix:
|
|||||||
username:
|
username:
|
||||||
value: {{ .Values.smtp.username }}
|
value: {{ .Values.smtp.username }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.smtp.username.name | quote }}
|
name: {{ .Values.existingSecrets.smtp.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.smtp.username.key | quote }}
|
key: {{ .Values.existingSecrets.smtp.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.smtp.password }}
|
value: {{ .Values.smtp.password }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.smtp.password.name | quote }}
|
name: {{ .Values.existingSecrets.smtp.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.smtp.password.key | quote }}
|
key: {{ .Values.existingSecrets.smtp.password.key | quote }}
|
||||||
smtpSASLAuthEnable: "yes"
|
smtpSASLAuthEnable: "yes"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
allowRelayNets: false
|
allowRelayNets: false
|
||||||
|
|||||||
@@ -26,25 +26,25 @@ config:
|
|||||||
username:
|
username:
|
||||||
value: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
|
value: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.openproject.apiAdmin.username.name | quote }}
|
name: {{ .Values.existingSecrets.openproject.apiAdmin.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.openproject.apiAdmin.username.key | quote }}
|
key: {{ .Values.existingSecrets.openproject.apiAdmin.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
value: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.openproject.apiAdmin.password.name | quote }}
|
name: {{ .Values.existingSecrets.openproject.apiAdmin.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.openproject.apiAdmin.password.key | quote }}
|
key: {{ .Values.existingSecrets.openproject.apiAdmin.password.key | quote }}
|
||||||
nextcloud:
|
nextcloud:
|
||||||
admin:
|
admin:
|
||||||
username:
|
username:
|
||||||
value: "nextcloud"
|
value: "nextcloud"
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nextcloud.admin.username.name | quote }}
|
name: {{ .Values.existingSecrets.nextcloud.admin.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nextcloud.admin.username.key | quote }}
|
key: {{ .Values.existingSecrets.nextcloud.admin.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nextcloud.admin.password.name | quote }}
|
name: {{ .Values.existingSecrets.nextcloud.admin.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nextcloud.admin.password.key | quote }}
|
key: {{ .Values.existingSecrets.nextcloud.admin.password.key | quote }}
|
||||||
|
|
||||||
containerSecurityContext:
|
containerSecurityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
|||||||
@@ -72,8 +72,8 @@ selfSigned:
|
|||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.certificates.password | quote }}
|
value: {{ .Values.secrets.certificates.password | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.certificates.password.name | quote }}
|
name: {{ .Values.existingSecrets.certificates.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.certificates.password.key | quote }}
|
key: {{ .Values.existingSecrets.certificates.password.key | quote }}
|
||||||
|
|
||||||
wildcard: {{ .Values.certificate.wildcard }}
|
wildcard: {{ .Values.certificate.wildcard }}
|
||||||
...
|
...
|
||||||
|
|||||||
@@ -36,11 +36,11 @@ dbInit:
|
|||||||
{{ .Values.resources.openprojectDbInit | toYaml | nindent 4 }}
|
{{ .Values.resources.openprojectDbInit | toYaml | nindent 4 }}
|
||||||
|
|
||||||
environment:
|
environment:
|
||||||
{{- if and (not .Values.externalSecrets.openproject.environment)
|
{{- if and (not .Values.existingSecrets.openproject.environment)
|
||||||
(and (eq (env "OPENDESK_ENTERPRISE") "true") .Values.enterpriseKeys.openproject.token) }}
|
(and (eq (env "OPENDESK_ENTERPRISE") "true") .Values.enterpriseKeys.openproject.token) }}
|
||||||
OPENPROJECT_SEED__ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
|
OPENPROJECT_SEED__ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if not .Values.externalSecrets.openproject.environment }}
|
{{- if not .Values.existingSecrets.openproject.environment }}
|
||||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }}
|
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }}
|
||||||
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
|
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
|
||||||
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
||||||
@@ -142,10 +142,10 @@ postgresql:
|
|||||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
||||||
username: {{ .Values.databases.openproject.username | quote }}
|
username: {{ .Values.databases.openproject.username | quote }}
|
||||||
database: {{ .Values.databases.openproject.name | quote }}
|
database: {{ .Values.databases.openproject.name | quote }}
|
||||||
existingSecret: {{ .Values.externalSecrets.databases.openproject.name | quote }}
|
existingSecret: {{ .Values.existingSecrets.databases.openproject.name | quote }}
|
||||||
secretKeys:
|
secretKeys:
|
||||||
adminPasswordKey: {{ .Values.externalSecrets.databases.openproject.adminPasswordKey | quote }}
|
adminPasswordKey: {{ .Values.existingSecrets.databases.openproject.adminPasswordKey | quote }}
|
||||||
userPasswordKey: {{ .Values.externalSecrets.databases.openproject.userPasswordKey | quote }}
|
userPasswordKey: {{ .Values.existingSecrets.databases.openproject.userPasswordKey | quote }}
|
||||||
connection:
|
connection:
|
||||||
host: {{ .Values.databases.openproject.host | quote }}
|
host: {{ .Values.databases.openproject.host | quote }}
|
||||||
port: {{ .Values.databases.openproject.port }}
|
port: {{ .Values.databases.openproject.port }}
|
||||||
@@ -171,9 +171,9 @@ openproject:
|
|||||||
# Lock the admin user, preventing internal logins.
|
# Lock the admin user, preventing internal logins.
|
||||||
# Switch to true once the NC filestore bootstrapping is optimized.
|
# Switch to true once the NC filestore bootstrapping is optimized.
|
||||||
locked: false
|
locked: false
|
||||||
secret: {{ .Values.externalSecrets.openproject.adminUser.name | quote }}
|
secret: {{ .Values.existingSecrets.openproject.adminUserPassword.name | quote }}
|
||||||
secretKeys:
|
secretKeys:
|
||||||
password: {{ .Values.externalSecrets.openproject.adminUser.key | quote }}
|
password: {{ .Values.existingSecrets.openproject.adminUserPassword.key | quote }}
|
||||||
oidc:
|
oidc:
|
||||||
enabled: true
|
enabled: true
|
||||||
authorizationEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
authorizationEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||||
@@ -183,10 +183,10 @@ openproject:
|
|||||||
provider: "keycloak"
|
provider: "keycloak"
|
||||||
scope: "[openid,opendesk-openproject-scope]"
|
scope: "[openid,opendesk-openproject-scope]"
|
||||||
secret: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
|
secret: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
|
||||||
existingSecret: {{ .Values.externalSecrets.keycloak.clientSecret.openproject.name | quote }}
|
existingSecret: {{ .Values.existingSecrets.keycloak.clientSecret.openproject.name | quote }}
|
||||||
secretKeys:
|
secretKeys:
|
||||||
identifier: {{ .Values.externalSecrets.keycloak.clientSecret.openproject.identifier | quote }}
|
identifier: {{ .Values.existingSecrets.keycloak.clientSecret.openproject.identifier | quote }}
|
||||||
secret: {{ .Values.externalSecrets.keycloak.clientSecret.openproject.key | quote }}
|
secret: {{ .Values.existingSecrets.keycloak.clientSecret.openproject.key | quote }}
|
||||||
tokenEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
tokenEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||||
userinfoEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
userinfoEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||||
attribute_map:
|
attribute_map:
|
||||||
@@ -195,7 +195,7 @@ openproject:
|
|||||||
useTmpVolumes: true
|
useTmpVolumes: true
|
||||||
tmpVolumesAnnotations:
|
tmpVolumesAnnotations:
|
||||||
{{ .Values.annotations.openproject.openprojectTempVolumes | toYaml | nindent 4 }}
|
{{ .Values.annotations.openproject.openprojectTempVolumes | toYaml | nindent 4 }}
|
||||||
extraEnvVarsSecret: {{ .Values.externalSecrets.openproject.environment | quote }}
|
extraEnvVarsSecret: {{ .Values.existingSecrets.openproject.environment | quote }}
|
||||||
|
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
annotations:
|
annotations:
|
||||||
@@ -239,10 +239,10 @@ s3:
|
|||||||
auth:
|
auth:
|
||||||
accessKeyId: {{ .Values.objectstores.openproject.username | quote }}
|
accessKeyId: {{ .Values.objectstores.openproject.username | quote }}
|
||||||
secretAccessKey: {{ .Values.objectstores.openproject.secretKey | default .Values.secrets.minio.openprojectUser | quote }}
|
secretAccessKey: {{ .Values.objectstores.openproject.secretKey | default .Values.secrets.minio.openprojectUser | quote }}
|
||||||
existingSecret: {{ .Values.externalSecrets.objectstores.openproject.name | quote }}
|
existingSecret: {{ .Values.existingSecrets.objectstores.openproject.name | quote }}
|
||||||
secretKeys:
|
secretKeys:
|
||||||
accessKeyId: {{ .Values.externalSecrets.objectstores.openproject.accessKeyId | quote }}
|
accessKeyId: {{ .Values.existingSecrets.objectstores.openproject.accessKeyId | quote }}
|
||||||
secretAccessKey: {{ .Values.externalSecrets.objectstores.openproject.secretAccessKey | quote }}
|
secretAccessKey: {{ .Values.existingSecrets.objectstores.openproject.secretAccessKey | quote }}
|
||||||
|
|
||||||
seederJob:
|
seederJob:
|
||||||
annotations:
|
annotations:
|
||||||
|
|||||||
@@ -21,9 +21,9 @@ dbUser:
|
|||||||
user: "root"
|
user: "root"
|
||||||
password: {{ .Values.secrets.cassandra.rootPassword | quote }}
|
password: {{ .Values.secrets.cassandra.rootPassword | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.cassandra.existingSecret.name | quote }}
|
name: {{ .Values.existingSecrets.cassandra.existingSecret.name | quote }}
|
||||||
keyMapping:
|
keyMapping:
|
||||||
cassandra-password: {{ .Values.externalSecrets.cassandra.existingSecret.passwordKey | quote }}
|
cassandra-password: {{ .Values.existingSecrets.cassandra.existingSecret.passwordKey | quote }}
|
||||||
global:
|
global:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||||
@@ -38,7 +38,7 @@ ingress:
|
|||||||
annotations:
|
annotations:
|
||||||
{{ .Values.annotations.cassandra.ingress | toYaml | nindent 6 }}
|
{{ .Values.annotations.cassandra.ingress | toYaml | nindent 6 }}
|
||||||
|
|
||||||
{{- if not .Values.externalSecrets.cassandra.initDBSecret }}
|
{{- if not .Values.existingSecrets.cassandra.initDBSecret }}
|
||||||
initDB:
|
initDB:
|
||||||
initUserData.cql: >
|
initUserData.cql: >
|
||||||
CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
|
CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
|
||||||
@@ -51,7 +51,7 @@ initDB:
|
|||||||
GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotACL.name | quote }} TO {{ .Values.databases.dovecotACL.username | quote }};
|
GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotACL.name | quote }} TO {{ .Values.databases.dovecotACL.username | quote }};
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
initDBSecret: {{ .Values.externalSecrets.cassandra.initDBSecret | quote }}
|
initDBSecret: {{ .Values.existingSecrets.cassandra.initDBSecret | quote }}
|
||||||
|
|
||||||
# Will print a warning if unset but is automatically calculated:
|
# Will print a warning if unset but is automatically calculated:
|
||||||
jvm:
|
jvm:
|
||||||
|
|||||||
@@ -19,9 +19,9 @@ apiIngress:
|
|||||||
|
|
||||||
auth:
|
auth:
|
||||||
rootPassword: {{ .Values.secrets.minio.rootPassword | quote }}
|
rootPassword: {{ .Values.secrets.minio.rootPassword | quote }}
|
||||||
existingSecret: {{ .Values.externalSecrets.minio.existingSecret | quote }}
|
existingSecret: {{ .Values.existingSecrets.minio.existingSecret | quote }}
|
||||||
rootUserSecretKey: {{ .Values.externalSecrets.minio.rootUserSecretKey | quote }}
|
rootUserSecretKey: {{ .Values.existingSecrets.minio.rootUserSecretKey | quote }}
|
||||||
rootPasswordSecretKey: {{ .Values.externalSecrets.minio.rootPasswordSecretKey | quote }}
|
rootPasswordSecretKey: {{ .Values.existingSecrets.minio.rootPasswordSecretKey | quote }}
|
||||||
|
|
||||||
commonAnnotations:
|
commonAnnotations:
|
||||||
{{ .Values.annotations.servicesExternalMinio.common | toYaml | nindent 2 }}
|
{{ .Values.annotations.servicesExternalMinio.common | toYaml | nindent 2 }}
|
||||||
@@ -225,7 +225,7 @@ provisioning:
|
|||||||
actions:
|
actions:
|
||||||
- "s3:*"
|
- "s3:*"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if not .Values.externalSecrets.minio.usersExistingSecrets }}
|
{{- if not .Values.existingSecrets.minio.usersExistingSecrets }}
|
||||||
users:
|
users:
|
||||||
- username: {{ .Values.objectstores.migrations.username | quote }}
|
- username: {{ .Values.objectstores.migrations.username | quote }}
|
||||||
password: {{ .Values.secrets.minio.migrationsUser | quote }}
|
password: {{ .Values.secrets.minio.migrationsUser | quote }}
|
||||||
@@ -272,7 +272,7 @@ provisioning:
|
|||||||
setPolicies: true
|
setPolicies: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
usersExistingSecrets: {{ .Values.externalSecrets.minio.usersExistingSecrets }}
|
usersExistingSecrets: {{ .Values.existingSecrets.minio.usersExistingSecrets }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{ .Values.resources.minio | toYaml | nindent 4 }}
|
{{ .Values.resources.minio | toYaml | nindent 4 }}
|
||||||
|
|||||||
@@ -67,13 +67,13 @@ postfix:
|
|||||||
username:
|
username:
|
||||||
value: {{ .Values.smtp.username }}
|
value: {{ .Values.smtp.username }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.smtp.username.name | quote }}
|
name: {{ .Values.existingSecrets.smtp.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.smtp.username.key | quote }}
|
key: {{ .Values.existingSecrets.smtp.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.smtp.password }}
|
value: {{ .Values.smtp.password }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.smtp.password.name | quote }}
|
name: {{ .Values.existingSecrets.smtp.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.smtp.password.key | quote }}
|
key: {{ .Values.existingSecrets.smtp.password.key | quote }}
|
||||||
smtpSASLAuthEnable: "yes"
|
smtpSASLAuthEnable: "yes"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# Warning: This setting allows unauthenticated mail relay from relayNets!
|
# Warning: This setting allows unauthenticated mail relay from relayNets!
|
||||||
@@ -95,13 +95,13 @@ postfix:
|
|||||||
username:
|
username:
|
||||||
value: "opendesk-system"
|
value: "opendesk-system"
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.postfix.opendeskSystem.username.name | quote }}
|
name: {{ .Values.existingSecrets.postfix.opendeskSystem.username.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.postfix.opendeskSystem.username.key | quote }}
|
key: {{ .Values.existingSecrets.postfix.opendeskSystem.username.key | quote }}
|
||||||
password:
|
password:
|
||||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||||
existingSecret:
|
existingSecret:
|
||||||
name: {{ .Values.externalSecrets.postfix.opendeskSystem.password.name | quote }}
|
name: {{ .Values.existingSecrets.postfix.opendeskSystem.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.postfix.opendeskSystem.password.key | quote }}
|
key: {{ .Values.existingSecrets.postfix.opendeskSystem.password.key | quote }}
|
||||||
|
|
||||||
{{- if .Values.antivirus.milter.host }}
|
{{- if .Values.antivirus.milter.host }}
|
||||||
smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
|
smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
|
||||||
|
|||||||
@@ -6,8 +6,8 @@ architecture: "standalone"
|
|||||||
|
|
||||||
auth:
|
auth:
|
||||||
password: {{ .Values.secrets.redis.password | quote }}
|
password: {{ .Values.secrets.redis.password | quote }}
|
||||||
existingSecret: {{ .Values.externalSecrets.redis.existingSecret | quote }}
|
existingSecret: {{ .Values.existingSecrets.redis.existingSecret | quote }}
|
||||||
existingSecretPasswordKey: {{ .Values.externalSecrets.redis.existingSecretPasswordKey | quote }}
|
existingSecretPasswordKey: {{ .Values.existingSecrets.redis.existingSecretPasswordKey | quote }}
|
||||||
|
|
||||||
commonAnnotations:
|
commonAnnotations:
|
||||||
{{ .Values.annotations.servicesExternalRedis.common | toYaml | nindent 2 }}
|
{{ .Values.annotations.servicesExternalRedis.common | toYaml | nindent 2 }}
|
||||||
|
|||||||
@@ -31,8 +31,8 @@ javaOptsSecrets:
|
|||||||
option: "-Djavax.net.ssl.trustStorePassword="
|
option: "-Djavax.net.ssl.trustStorePassword="
|
||||||
value: {{ .Values.secrets.certificates.password }}
|
value: {{ .Values.secrets.certificates.password }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.certificates.password.name | quote }}
|
name: {{ .Values.existingSecrets.certificates.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.certificates.password.key | quote }}
|
key: {{ .Values.existingSecrets.certificates.password.key | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
externalDB:
|
externalDB:
|
||||||
@@ -45,10 +45,10 @@ externalDB:
|
|||||||
user: {{ .Values.databases.xwiki.username | quote }}
|
user: {{ .Values.databases.xwiki.username | quote }}
|
||||||
host: {{ printf "%s:%d" .Values.databases.xwiki.host .Values.databases.xwiki.port | quote }}
|
host: {{ printf "%s:%d" .Values.databases.xwiki.host .Values.databases.xwiki.port | quote }}
|
||||||
customKeyRef:
|
customKeyRef:
|
||||||
{{- if .Values.externalSecrets.databases.xwiki.password.name }}
|
{{- if .Values.existingSecrets.databases.xwiki.password.name }}
|
||||||
enabled: true
|
enabled: true
|
||||||
name: {{ .Values.externalSecrets.databases.xwiki.password.name | quote }}
|
name: {{ .Values.existingSecrets.databases.xwiki.password.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.databases.xwiki.password.key | quote }}
|
key: {{ .Values.existingSecrets.databases.xwiki.password.key | quote }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
enabled: false
|
enabled: false
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@@ -129,25 +129,25 @@ customConfigsSecrets:
|
|||||||
xwiki.superadminpassword:
|
xwiki.superadminpassword:
|
||||||
value: {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
value: {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.xwiki.xwikiSuperadminpassword.name | quote }}
|
name: {{ .Values.existingSecrets.xwiki.xwikiSuperadminpassword.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.xwiki.xwikiSuperadminpassword.key | quote }}
|
key: {{ .Values.existingSecrets.xwiki.xwikiSuperadminpassword.key | quote }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
xwiki.authentication.ldap.bind_pass:
|
xwiki.authentication.ldap.bind_pass:
|
||||||
value: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }}
|
value: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.nubus.ldapSearch.xwiki.name | quote }}
|
name: {{ .Values.existingSecrets.nubus.ldapSearch.xwiki.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.nubus.ldapSearch.xwiki.key | quote }}
|
key: {{ .Values.existingSecrets.nubus.ldapSearch.xwiki.key | quote }}
|
||||||
xwiki.properties:
|
xwiki.properties:
|
||||||
oidc.secret:
|
oidc.secret:
|
||||||
value: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
|
value: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.keycloak.clientSecret.xwiki.name | quote }}
|
name: {{ .Values.existingSecrets.keycloak.clientSecret.xwiki.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.keycloak.clientSecret.xwiki.key | quote }}
|
key: {{ .Values.existingSecrets.keycloak.clientSecret.xwiki.key | quote }}
|
||||||
workplaceServices.portalSecret:
|
workplaceServices.portalSecret:
|
||||||
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||||
secret:
|
secret:
|
||||||
name: {{ .Values.externalSecrets.centralnavigation.apiKey.name | quote }}
|
name: {{ .Values.existingSecrets.centralnavigation.apiKey.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.centralnavigation.apiKey.key | quote }}
|
key: {{ .Values.existingSecrets.centralnavigation.apiKey.key | quote }}
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: {{ .Values.ingress.enabled }}
|
enabled: {{ .Values.ingress.enabled }}
|
||||||
@@ -256,8 +256,8 @@ properties:
|
|||||||
|
|
||||||
## Properties listed in the secret file will overwrite plain values
|
## Properties listed in the secret file will overwrite plain values
|
||||||
propertiesSecret:
|
propertiesSecret:
|
||||||
name: {{ .Values.externalSecrets.xwiki.propertiesSecret.name | quote }}
|
name: {{ .Values.existingSecrets.xwiki.propertiesSecret.name | quote }}
|
||||||
key: {{ .Values.externalSecrets.xwiki.propertiesSecret.key | quote }}
|
key: {{ .Values.existingSecrets.xwiki.propertiesSecret.key | quote }}
|
||||||
|
|
||||||
cluster:
|
cluster:
|
||||||
replicas: {{ .Values.replicas.xwiki }}
|
replicas: {{ .Values.replicas.xwiki }}
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlic
|
|||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
*/}}
|
*/}}
|
||||||
---
|
---
|
||||||
externalSecrets:
|
existingSecrets:
|
||||||
ai:
|
ai:
|
||||||
apiKey:
|
apiKey:
|
||||||
name: ~
|
name: ~
|
||||||
@@ -214,7 +214,7 @@ externalSecrets:
|
|||||||
accessKeyId: ~
|
accessKeyId: ~
|
||||||
secretAccessKey: ~
|
secretAccessKey: ~
|
||||||
openproject:
|
openproject:
|
||||||
adminUser:
|
adminUserPassword:
|
||||||
name: ~
|
name: ~
|
||||||
key: ~
|
key: ~
|
||||||
apiAdmin:
|
apiAdmin:
|
||||||
Reference in New Issue
Block a user