mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-07 16:01:37 +01:00
fix(openproject): Merge yaml and gotmpl value files
This commit is contained in:
Thorsten Roßner
committed by
Oliver Günther
Oliver Günther
parent
acf6816653
commit
45967c7a0b
@@ -22,8 +22,7 @@ releases:
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
- "values.yaml.gotmpl"
|
||||
installed: {{ .Values.openproject.enabled }}
|
||||
timeout: 900
|
||||
|
||||
|
||||
@@ -1,25 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
job:
|
||||
enabled: true
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
...
|
||||
@@ -10,12 +10,6 @@ global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openprojectBootstrap.registry | quote }}
|
||||
repository: {{ .Values.images.openprojectBootstrap.repository | quote }}
|
||||
tag: {{ .Values.images.openprojectBootstrap.tag | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy |quote }}
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
@@ -30,4 +24,33 @@ config:
|
||||
admin:
|
||||
username: "nextcloud"
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openprojectBootstrap.registry | quote }}
|
||||
repository: {{ .Values.images.openprojectBootstrap.repository | quote }}
|
||||
tag: {{ .Values.images.openprojectBootstrap.tag | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy |quote }}
|
||||
|
||||
job:
|
||||
enabled: true
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
|
||||
...
|
||||
@@ -22,8 +22,7 @@ releases:
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
- "values.yaml.gotmpl"
|
||||
installed: {{ .Values.openproject.enabled }}
|
||||
timeout: 900
|
||||
|
||||
|
||||
@@ -1,90 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
image:
|
||||
registry: "registry.souvap-univention.de"
|
||||
|
||||
memcached:
|
||||
bundled: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
initialDelaySeconds: 300
|
||||
failureThreshold: 30
|
||||
readiness:
|
||||
initialDelaySeconds: 150
|
||||
failureThreshold: 30
|
||||
|
||||
postgresql:
|
||||
bundled: false
|
||||
|
||||
openproject:
|
||||
oidc:
|
||||
enabled: true
|
||||
provider: "keycloak"
|
||||
identifier: "opendesk-openproject"
|
||||
scope: "[openid,opendesk]"
|
||||
# seed will only be executed on initial installation
|
||||
seed_locale: "de"
|
||||
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
s3:
|
||||
enabled: true
|
||||
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
environment:
|
||||
OPENPROJECT_LOG__LEVEL: "info"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_LOGIN: "opendesk_username"
|
||||
OPENPROJECT_LOGIN__REQUIRED: "true"
|
||||
OPENPROJECT_OAUTH__ALLOW__REMAPPING__OF__EXISTING__USERS: "true"
|
||||
OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER: "keycloak"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_DISPLAY__NAME: "Keycloak"
|
||||
OPENPROJECT_PER__PAGE__OPTIONS: "20, 50, 100, 200"
|
||||
OPENPROJECT_EMAIL__DELIVERY__METHOD: "smtp"
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementUser)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SYNC__USERS: "true"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_LOGIN__MAPPING: "uid"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_FIRSTNAME__MAPPING: "givenName"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_LASTNAME__MAPPING: "sn"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_MAIL__MAPPING: "mailPrimaryAddress"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_ADMIN__MAPPING: "opendeskProjectmanagementAdmin"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn"
|
||||
# Details: https://www.openproject.org/docs/installation-and-operations/configuration/#attachments-storage
|
||||
OPENPROJECT_ATTACHMENTS__STORAGE: "fog"
|
||||
OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
|
||||
# Define an admin mapping from the claim
|
||||
# The attribute mapping cannot currently be defined in the value
|
||||
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_ADMIN: "openproject_admin"
|
||||
|
||||
seederJob:
|
||||
annotations:
|
||||
intents.otterize.com/service-name: "openproject-seeder"
|
||||
...
|
||||
@@ -7,54 +7,53 @@ global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openproject.registry | quote }}
|
||||
repository: {{ .Values.images.openproject.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.openproject.tag | quote }}
|
||||
|
||||
initdb:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openprojectInitDb.registry | quote }}
|
||||
repository: {{ .Values.images.openprojectInitDb.repository | quote }}
|
||||
tag: {{ .Values.images.openprojectInitDb.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
memcached:
|
||||
connection:
|
||||
host: {{ .Values.cache.openproject.host | quote }}
|
||||
port: {{ .Values.cache.openproject.port }}
|
||||
|
||||
postgresql:
|
||||
auth:
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
username: {{ .Values.databases.openproject.username | quote }}
|
||||
database: {{ .Values.databases.openproject.name | quote }}
|
||||
connection:
|
||||
host: {{ .Values.databases.openproject.host | quote }}
|
||||
port: {{ .Values.databases.openproject.port }}
|
||||
|
||||
openproject:
|
||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
# Will only be set on initial seed / installation
|
||||
admin_user:
|
||||
name: "OpenProject Internal Admin"
|
||||
mail: "openproject-admin@swp-domain.internal"
|
||||
password_reset: "false"
|
||||
password: {{ .Values.secrets.openproject.adminPassword | quote }}
|
||||
oidc:
|
||||
authorizationEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
tokenEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
userinfoEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
||||
tls:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
environment:
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
OPENPROJECT_LOG__LEVEL: "info"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_LOGIN: "opendesk_username"
|
||||
OPENPROJECT_LOGIN__REQUIRED: "true"
|
||||
OPENPROJECT_OAUTH__ALLOW__REMAPPING__OF__EXISTING__USERS: "true"
|
||||
OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER: "keycloak"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_DISPLAY__NAME: "Keycloak"
|
||||
OPENPROJECT_PER__PAGE__OPTIONS: "20, 50, 100, 200"
|
||||
OPENPROJECT_EMAIL__DELIVERY__METHOD: "smtp"
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementUser)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SYNC__USERS: "true"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_LOGIN__MAPPING: "uid"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_FIRSTNAME__MAPPING: "givenName"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_LASTNAME__MAPPING: "sn"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_MAIL__MAPPING: "mailPrimaryAddress"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_ADMIN__MAPPING: "opendeskProjectmanagementAdmin"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn"
|
||||
# Details: https://www.openproject.org/docs/installation-and-operations/configuration/#attachments-storage
|
||||
OPENPROJECT_ATTACHMENTS__STORAGE: "fog"
|
||||
OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
|
||||
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
|
||||
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
|
||||
@@ -87,9 +86,87 @@ environment:
|
||||
OPENPROJECT_FOG_DIRECTORY: {{ .Values.objectstores.openproject.bucket | quote }}
|
||||
OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE: {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}
|
||||
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
|
||||
# Define an admin mapping from the claim
|
||||
# The attribute mapping cannot currently be defined in the value
|
||||
# OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_ADMIN: "openproject_admin"
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openproject.registry | quote }}
|
||||
repository: {{ .Values.images.openproject.repository | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
tag: {{ .Values.images.openproject.tag | quote }}
|
||||
|
||||
initdb:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openprojectInitDb.registry | quote }}
|
||||
repository: {{ .Values.images.openprojectInitDb.repository | quote }}
|
||||
tag: {{ .Values.images.openprojectInitDb.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
memcached:
|
||||
bundled: false
|
||||
connection:
|
||||
host: {{ .Values.cache.openproject.host | quote }}
|
||||
port: {{ .Values.cache.openproject.port }}
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
postgresql:
|
||||
bundled: false
|
||||
auth:
|
||||
password: {{ .Values.databases.openproject.password | default .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
username: {{ .Values.databases.openproject.username | quote }}
|
||||
database: {{ .Values.databases.openproject.name | quote }}
|
||||
connection:
|
||||
host: {{ .Values.databases.openproject.host | quote }}
|
||||
port: {{ .Values.databases.openproject.port }}
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
initialDelaySeconds: 300
|
||||
failureThreshold: 30
|
||||
readiness:
|
||||
initialDelaySeconds: 150
|
||||
failureThreshold: 30
|
||||
|
||||
openproject:
|
||||
oidc:
|
||||
# seed will only be executed on initial installation
|
||||
seed_locale: "de"
|
||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
# Will only be set on initial seed / installation
|
||||
admin_user:
|
||||
name: "OpenProject Internal Admin"
|
||||
mail: "openproject-admin@swp-domain.internal"
|
||||
password_reset: "false"
|
||||
password: {{ .Values.secrets.openproject.adminPassword | quote }}
|
||||
oidc:
|
||||
enabled: true
|
||||
provider: "keycloak"
|
||||
identifier: "opendesk-openproject"
|
||||
scope: "[openid,opendesk]"
|
||||
authorizationEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
tokenEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
userinfoEndpoint: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/userinfo"
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
||||
tls:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.openproject }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.openproject | toYaml | nindent 2 }}
|
||||
|
||||
s3:
|
||||
enabled: true
|
||||
|
||||
seederJob:
|
||||
annotations:
|
||||
intents.otterize.com/service-name: "openproject-seeder"
|
||||
|
||||
...
|
||||
Reference in New Issue
Block a user