sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(helmfile): Add template support for annotations

Browse Source
This commit is contained in:
Dominik Kaminski
2024-11-26 13:24:14 +01:00
committed by Thorsten Roßner
parent cf750a8ddb
commit 9cde57d74b
47 changed files with 1603 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
helmfile/apps/collabora/values-coco-enterprise.yaml.gotmpl
View File

@@ -33,6 +33,8 @@ imagePullSecrets:
ingress:
enabled: {{ .Values.ingress.enabled }}
annotations:
{{ .Values.annotations.coco.ingress | toYaml | nindent 4 }}
className: {{ .Values.ingress.ingressClassName | quote }}
hosts:
- host: "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
@@ -44,7 +46,8 @@ ingress:
hosts:
- "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.coco.pod | toYaml | nindent 2 }}
securityContext:
allowPrivilegeEscalation: false
@@ -65,4 +68,7 @@ replicaCount: {{ .Values.replicas.collaboraController }}
resources:
{{ .Values.resources.collaboraController | toYaml | nindent 2 }}
serviceAccount:
annotations:
{{ .Values.annotations.coco.serviceAccount | toYaml | nindent 4 }}
...

39
helmfile/apps/collabora/values.yaml.gotmpl
View File

@@ -65,6 +65,35 @@ ingress:
location /cool/getMetrics { deny all; return 403; }
location /cool/adminws/ { deny all; return 403; }
location /browser/dist/admin/admin.html { deny all; return 403; }
# NGINX
nginx.org/websocket-services: "collabora"
nginx.org/lb-method: "hash $arg_WOPISrc consistent"
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.collabora }}"
nginx.org/server-snippets: |
# block admin and metrics endpoint from outside by default
location /cool/getMetrics { deny all; return 403; }
location /cool/adminws/ { deny all; return 403; }
location /browser/dist/admin/admin.html { deny all; return 403; }
# HAProxy
haproxy.org/timeout-tunnel: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
haproxy.org/backend-config-snippet: |
balance url_param WOPISrc check_post
hash-type consistent
# HAProxy - Community: https://haproxy-ingress.github.io/
haproxy-ingress.github.io/timeout-tunnel: "{{ .Values.ingress.parameters.bodyTimeout.collabora }}s"
haproxy-ingress.github.io/balance-algorithm: "url_param WOPISrc check_post"
haproxy-ingress.github.io/config-backend: |
hash-type consistent
# block admin urls from outside
acl admin_url path_beg /cool/getMetrics
acl admin_url path_beg /cool/adminws/
acl admin_url path_beg /browser/dist/admin/admin.html
http-request deny if admin_url
{{- with .Values.annotations.collabora.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
enabled: {{ .Values.ingress.enabled }}
className: {{ .Values.ingress.ingressClassName | quote }}
hosts:
@@ -77,7 +106,8 @@ ingress:
hosts:
- "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.collabora.pod | toYaml | nindent 2 }}
podSecurityContext:
fsGroup: 1001
@@ -116,6 +146,13 @@ securityContext:
seLinuxOptions:
{{ .Values.seLinuxOptions.collabora | toYaml | nindent 4 }}
serviceAccount:
create: true
annotations:
{{ .Values.annotations.collabora.serviceAccount | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.collabora.service | toYaml | nindent 4 }}
...

8
helmfile/apps/cryptpad/values.yaml.gotmpl
View File

@@ -39,6 +39,9 @@ ingress:
enabled: {{ .Values.ingress.enabled }}
annotations:
nginx.org/websocket-services: "cryptpad"
{{- with .Values.annotations.cryptpad.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
className: {{ .Values.ingress.ingressClassName | quote }}
hosts:
- host: "{{ .Values.global.hosts.cryptpad }}.{{ .Values.global.domain }}"
@@ -53,7 +56,8 @@ ingress:
persistence:
enabled: false
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.cryptpad.pod | toYaml | nindent 2 }}
podSecurityContext:
fsGroup: 4001
@@ -80,6 +84,8 @@ securityContext:
serviceAccount:
create: true
annotations:
{{ .Values.annotations.cryptpad.serviceAccount | toYaml | nindent 4 }}
workloadStateful: false

16
helmfile/apps/element/values-element.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.element.common | toYaml | nindent 2 }}
configuration:
endToEndEncryption: true
additionalConfiguration:
@@ -136,8 +139,11 @@ ingress:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.element.ingress | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.element.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -148,6 +154,14 @@ replicaCount: {{ .Values.replicas.element }}
resources:
{{ .Values.resources.element | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.element.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.element.serviceAccount | toYaml | nindent 4 }}
theme:
title: "Chat - {{ .Values.theme.texts.productName }}"
{{ .Values.theme | toYaml | nindent 2 }}

16
helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.elementMatrixNeoboardWidget.additional | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -39,8 +42,11 @@ ingress:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.elementMatrixNeoboardWidget.ingress | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementMatrixNeoboardWidget.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -51,6 +57,14 @@ replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}
resources:
{{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.elementMatrixNeoboardWidget.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementMatrixNeoboardWidget.serviceAccount | toYaml | nindent 4 }}
theme:
{{ .Values.theme | toYaml | nindent 2 }}

16
helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.elementMatrixNeochoiceWidget.additional | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -39,8 +42,11 @@ ingress:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.elementMatrixNeochoiceWidget.ingress | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementMatrixNeochoiceWidget.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -48,6 +54,14 @@ podSecurityContext:
replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }}
service:
annotations:
{{ .Values.annotations.elementMatrixNeochoiceWidget.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementMatrixNeochoiceWidget.serviceAccount | toYaml | nindent 4 }}
theme:
{{ .Values.theme | toYaml | nindent 2 }}

6
helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl
View File

@@ -26,7 +26,8 @@ image:
fullnameOverride: "matrix-neodatefix-bot-bootstrap"
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixBotBootstrap.pod | toYaml | nindent 2 }}
securityContext:
allowPrivilegeEscalation: false
@@ -43,4 +44,7 @@ securityContext:
seLinuxOptions:
{{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }}
podAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixBotBootstrap.serviceAccount | toYaml | nindent 2 }}
...

18
helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixBot.additional | toYaml | nindent 2 }}
global:
domain: {{ .Values.global.domain | quote }}
hosts:
@@ -76,6 +79,8 @@ ingress:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.elementMatrixNeodatefixBot.ingress | toYaml | nindent 4 }}
liveness sample:
enabled: true
@@ -83,8 +88,11 @@ liveness sample:
persistence:
size: {{ .Values.persistence.storages.matrixNeoDateFixBot.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.matrixNeoDateFixBot.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
annotations:
{{ .Values.annotations.elementMatrixNeodatefixBot.persistence | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixBot.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -98,4 +106,12 @@ replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}
resources:
{{ .Values.resources.matrixNeoDateFixBot | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.elementMatrixNeodatefixBot.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementMatrixNeodatefixBot.serviceAccount | toYaml | nindent 4 }}
...

16
helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixWidget.additional | toYaml | nindent 2 }}
configuration:
bot:
username: "meetings-bot"
@@ -44,8 +47,11 @@ ingress:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.elementMatrixNeodatefixWidget.ingress | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementMatrixNeodatefixWidget.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -59,6 +65,14 @@ resources:
theme:
{{ .Values.theme | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.elementMatrixNeodatefixWidget.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementMatrixNeodatefixWidget.serviceAccount | toYaml | nindent 4 }}
nginx:
ipv4Only: {{ if eq .Values.cluster.networking.ipFamilies "IPv4" }}true{{ else }}false{{ end }}

9
helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl
View File

@@ -26,7 +26,8 @@ image:
fullnameOverride: "opendesk-matrix-user-verification-service-bootstrap"
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementMatrixUserVerificationServiceBootstrap.pod | toYaml | nindent 2 }}
securityContext:
allowPrivilegeEscalation: false
@@ -42,4 +43,10 @@ securityContext:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementMatrixUserVerificationServiceBootstrap.serviceAccount | toYaml | nindent 4 }}
...

14
helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.elementMatrixUserVerificationService.additional | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -42,7 +45,8 @@ image:
repository: {{ .Values.images.matrixUserVerificationService.repository | quote }}
tag: {{ .Values.images.matrixUserVerificationService.tag | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementMatrixUserVerificationService.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -53,4 +57,12 @@ replicaCount: {{ .Values.replicas.matrixUserVerificationService }}
resources:
{{ .Values.resources.matrixUserVerificationService | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.elementMatrixUserVerificationService.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementMatrixUserVerificationService.serviceAccount | toYaml | nindent 4 }}
...

17
helmfile/apps/element/values-synapse-web.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.elementSynapseWeb.common | toYaml | nindent 2 }}
clusterDomain: {{ .Values.cluster.networking.domain }}
containerSecurityContext:
@@ -44,6 +47,9 @@ ingress:
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.element }}"
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.element }}s"
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.element }}s"
{{- with .Values.annotations.elementSynapseWeb.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
@@ -51,7 +57,8 @@ ingress:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementSynapseWeb.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -62,4 +69,12 @@ replicaCount: {{ .Values.replicas.synapseWeb }}
resources:
{{ .Values.resources.synapseWeb | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.elementSynapseWeb.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementSynapseWeb.serviceAccount | toYaml | nindent 4 }}
...

18
helmfile/apps/element/values-synapse.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.elementSynapse.common | toYaml | nindent 2 }}
configuration:
additionalConfiguration:
user_directory:
@@ -217,6 +220,8 @@ federation:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.elementSynapse.federationIngress | toYaml | nindent 6 }}
global:
domain: {{ .Values.global.domain | quote }}
@@ -234,8 +239,11 @@ image:
persistence:
size: {{ .Values.persistence.storages.synapse.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.synapse.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
annotations:
{{ .Values.annotations.elementSynapse.persistence | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementSynapse.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -250,6 +258,14 @@ replicaCount: {{ .Values.replicas.synapse }}
resources:
{{ .Values.resources.synapse | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.elementSynapse.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementSynapse.serviceAccount | toYaml | nindent 4 }}
tls:
secretName: {{ if .Values.global.matrixDomain }}"opendesk-certificates-synapse-tls"{{ else }}"opendesk-certificates-tls"{{ end }}
...

15
helmfile/apps/element/values-well-known.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.elementWellKnown.common | toYaml | nindent 2 }}
configuration:
e2ee:
forceDisable: false
@@ -44,8 +47,11 @@ ingress:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.elementWellKnown.ingress | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.elementWellKnown.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -56,4 +62,11 @@ replicaCount: {{ .Values.replicas.wellKnown }}
resources:
{{ .Values.resources.wellKnown | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.elementWellKnown.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.elementWellKnown.serviceAccount | toYaml | nindent 4 }}
...

38
helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
View File

@@ -10,7 +10,8 @@ global:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.jitsiGlobal.pod | toYaml | nindent 4}}
containerSecurityContext:
allowPrivilegeEscalation: false
@@ -77,6 +78,10 @@ jitsi:
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
ingress:
enabled: {{ .Values.ingress.enabled }}
annotations:
{{- with .Values.annotations.jitsiWeb.ingress }}
{{ . | toYaml | nindent 8 }}
{{- end }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
hosts:
- host: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
@@ -104,6 +109,8 @@ jitsi:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.jitsi | toYaml | nindent 8 }}
podAnnotations:
{{ .Values.annotations.jitsiWeb.pod | toYaml | nindent 6 }}
prosody:
image:
repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.prosody.registry }}/{{ .Values.images.prosody.repository }}"
@@ -153,6 +160,8 @@ jitsi:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.prosody | toYaml | nindent 8 }}
podAnnotations:
{{ .Values.annotations.jitsiProsody.pod | toYaml | nindent 6 }}
jicofo:
replicaCount: {{ .Values.replicas.jicofo }}
image:
@@ -176,6 +185,8 @@ jitsi:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.jicofo | toYaml | nindent 8 }}
podAnnotations:
{{ .Values.annotations.jitsiJicofo.pod | toYaml | nindent 6 }}
jigasi:
replicaCount: {{ .Values.replicas.jigasi }}
enabled: {{ .Values.sip.jigasi.enabled }}
@@ -205,6 +216,8 @@ jitsi:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.jigasi | toYaml | nindent 8 }}
podAnnotations:
{{ .Values.annotations.jitsiJigasi.pod | toYaml | nindent 6 }}
jvb:
replicaCount: {{ .Values.replicas.jvb }}
# The `useNodeIP` option provided by the upstream charts does not support all relevant scenarios, but since
@@ -221,6 +234,8 @@ jitsi:
{{ .Values.resources.jvb | toYaml | nindent 6 }}
service:
type: {{ coalesce .Values.service.type.jitsiVideoBridge .Values.cluster.service.type | quote }}
annotations:
{{ .Values.annotations.jitsiJvb.service | toYaml | nindent 8 }}
securityContext:
allowPrivilegeEscalation: false
capabilities: {}
@@ -233,6 +248,14 @@ jitsi:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.jvb | toYaml | nindent 8 }}
podAnnotations:
{{ .Values.annotations.jitsiJvb.pod | toYaml | nindent 6 }}
metrics:
prometheusAnnotations:
{{ .Values.annotations.jitsiJvb.metricsPrometheus | toYaml | nindent 8 }}
grafanaDashboards:
annotations:
{{ .Values.annotations.jitsiJvb.metricsGrafana | toYaml | nindent 10 }}
jibri:
replicaCount: {{ .Values.replicas.jibri }}
image:
@@ -249,10 +272,16 @@ jitsi:
# Chart does not allow to template more
capabilities:
add: ["SYS_ADMIN"]
podAnnotations:
{{ .Values.annotations.jitsiJibri.pod | toYaml | nindent 6 }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
serviceAccount:
annotations:
{{ .Values.annotations.jitsi.serviceAccount | toYaml | nindent 6 }}
patchJVB:
configuration:
@@ -279,10 +308,15 @@ patchJVB:
repository: {{ .Values.images.jitsiPatchJVB.repository | quote }}
tag: {{ .Values.images.jitsiPatchJVB.tag | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.jitsi.pod | toYaml | nindent 2 }}
replicaCount: {{ .Values.replicas.jitsiKeycloakAdapter }}
resources:
{{ .Values.resources.jitsiKeycloakAdapter | toYaml | nindent 2 }}
serviceAccount:
annotations:
{{ .Values.annotations.jitsi.serviceAccount | toYaml | nindent 4 }}
...

21
helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
View File

@@ -12,7 +12,10 @@ global:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
additionalAnnotations:
intents.otterize.com/service-name: "opendesk-nextcloud-management"
intents.otterize.com/service-name: "opendesk-nextcloud-php"
{{- with .Values.annotations.nextcloudNextcloudMgmt.additional }}
{{ . | toYaml | nindent 2}}
{{- end }}
cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
@@ -184,8 +187,6 @@ containerSecurityContext:
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.nextcloudManagement | toYaml | nindent 4 }}
podSecurityContext:
fsGroup: 101
debug:
loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }}
@@ -214,10 +215,20 @@ image:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloud.tag | quote }}
theme:
{{ .Values.theme | toYaml | nindent 2 }}
podAnnotations:
{{ .Values.annotations.nextcloudNextcloudMgmt.pod | toYaml | nindent 2 }}
podSecurityContext:
fsGroup: 101
resources:
{{ .Values.resources.nextcloud | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.nextcloudNextcloudMgmt.serviceAccount | toYaml | nindent 4 }}
theme:
{{ .Values.theme | toYaml | nindent 2 }}
...

32
helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
View File

@@ -9,6 +9,13 @@ global:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
exporter:
additionalAnnotations:
intents.otterize.com/service-name: "opendesk-nextcloud-exporter"
{{- with .Values.annotations.nextcloudExporter.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
enabled: true
configuration:
server: "http://opendesk-nextcloud-aio"
@@ -34,7 +41,8 @@ exporter:
repository: "{{ .Values.images.nextcloudExporter.repository }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloudExporter.tag | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.nextcloudExporter.pod | toYaml | nindent 4 }}
prometheus:
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
@@ -48,9 +56,17 @@ exporter:
resources:
{{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.nextcloudExporter.serviceAccount | toYaml | nindent 6 }}
aio:
additionalAnnotations:
intents.otterize.com/service-name: "opendesk-nextcloud-aio"
{{- with .Values.annotations.nextcloudAio.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
configuration:
cache:
auth:
@@ -139,11 +155,15 @@ aio:
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.nextcloud }}"
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.nextcloud }}s"
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.nextcloud }}s"
{{- with .Values.annotations.nextcloudAio.ingress }}
{{ . | toYaml | nindent 6 }}
{{- end }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.nextcloudAio.pod | toYaml | nindent 4 }}
podSecurityContext:
fsGroup: 101
prometheus:
@@ -159,4 +179,12 @@ aio:
resources:
{{ .Values.resources.nextcloud | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.nextcloudAio.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nextcloudAio.serviceAccount | toYaml | nindent 6 }}
...

38
helmfile/apps/notes/values.yaml.gotmpl
View File

@@ -33,6 +33,9 @@ ingressCollaborationWS:
nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
nginx.ingress.kubernetes.io/upstream-hash-by: $arg_room
{{- with .Values.annotations.notes.ingressCollaborationWS }}
{{ . | toYaml | nindent 4 }}
{{- end }}
ingressAdmin:
enabled: {{ .Values.ingress.enabled }}
@@ -41,6 +44,8 @@ ingressAdmin:
tls:
enabled: "{{ .Values.ingress.tls.enabled }}"
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.notes.ingressAdmin | toYaml | nindent 4 }}
ingressMedia:
enabled: {{ .Values.ingress.enabled }}
@@ -54,6 +59,9 @@ ingressMedia:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /{{ .Values.objectstores.notes.bucket }}/$1
nginx.ingress.kubernetes.io/session-cookie-path: /media
{{- with .Values.annotations.notes.ingressMedia }}
{{ . | toYaml | nindent 4 }}
{{- end }}
tls:
enabled: "{{ .Values.ingress.tls.enabled }}"
secretName: {{ .Values.ingress.tls.secretName | quote }}
@@ -66,11 +74,14 @@ ingressCollaborationApi:
tls:
enabled: "{{ .Values.ingress.tls.enabled }}"
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.notes.ingressCollaborationAPI | toYaml | nindent 4 }}
serviceMedia:
host: {{ .Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
port: {{ .Values.objectstores.notes.port | default 443 }}
annotations:
{{ .Values.annotations.notes.serviceMedia | toYaml | nindent 4 }}
frontend:
image:
@@ -103,6 +114,13 @@ frontend:
seLinuxOptions:
{{ .Values.seLinuxOptions.notesFrontend | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.notesFrontend.pod | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.notesFrontend.service | toYaml | nindent 6 }}
yProvider:
image:
repository: {{ printf "%s/%s" (coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.notesYProvider.registry) (.Values.images.notesYProvider.repository) | quote }}
@@ -131,6 +149,13 @@ yProvider:
COLLABORATION_SERVER_SECRET: {{ .Values.secrets.notes.collaborationSecret | quote }}
Y_PROVIDER_API_KEY: {{ .Values.secrets.notes.collaborationSecret | quote }}
podAnnotations:
{{ .Values.annotations.notesYProvider.pod | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.notesYProvider.service | toYaml | nindent 6 }}
oidc:
clientId: "opendesk-notes"
clientSecret: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
@@ -215,6 +240,9 @@ backend:
python manage.py migrate --no-input
restartPolicy: Never
migrateJobAnnotations:
{{ .Values.annotations.notesBackend.migrateJob | toYaml | nindent 4 }}
createsuperuser:
command:
- "/bin/sh"
@@ -223,6 +251,9 @@ backend:
python manage.py createsuperuser --email default.admin@{{ .Values.global.domain }} --password {{ .Values.secrets.notes.superuser }}
restartPolicy: Never
podAnnotations:
{{ .Values.annotations.notesBackend.pod | toYaml | nindent 4 }}
resources:
{{ .Values.resources.notesBackend | toYaml | nindent 4 }}
securityContext:
@@ -239,4 +270,9 @@ backend:
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.notesBackend | toYaml | nindent 6 }}
service:
annotations:
{{ .Values.annotations.notesBackend.service | toYaml | nindent 6 }}
...

15
helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.nubusIntercomService.additional | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -99,8 +102,11 @@ ingress:
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.nubusIntercomService.ingress | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.nubusIntercomService.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -150,4 +156,11 @@ replicaCount: {{ .Values.replicas.intercomService }}
resources:
{{ .Values.resources.intercomService | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.nubusIntercomService.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusIntercomService.serviceAccount | toYaml | nindent 4 }}
...

19
helmfile/apps/nubus/values-nginx-s3-gateway.yaml.gotmpl
View File

@@ -7,6 +7,9 @@ global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
additionalAnnotations:
{{ .Values.annotations.nubusNginxS3Gateway.additional | toYaml | nindent 2 }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nginxS3Gateway.registry | quote }}
repository: {{ .Values.images.nginxS3Gateway.repository | quote }}
@@ -20,6 +23,10 @@ ingress:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/portal-assets/icons/$2/$3"
nginx.ingress.kubernetes.io/use-regex: "true"
{{- with .Values.annotations.nubusNginxS3Gateway.ingress }}
{{. | toYaml | nindent 4 }}
{{- end }}
path: "/univention/(portal|selfservice)/icons/(logos|entries)/(.*)$"
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
@@ -36,8 +43,20 @@ configuration:
secretKey:
value: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
podAnnotations:
{{ .Values.annotations.nubusNginxS3Gateway.pod | toYaml | nindent 2 }}
resources:
{{ .Values.resources.nginxS3Gateway | toYaml | nindent 2 }}
replicaCount: {{ .Values.replicas.nginxS3Gateway }}
service:
annotations:
{{ .Values.annotations.nubusNginxS3Gateway.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusNginxS3Gateway.serviceAccount | toYaml | nindent 4 }}
...

363
helmfile/apps/nubus/values-nubus.yaml.gotmpl
View File

@@ -3,6 +3,9 @@ SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlic
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.nubus.additional | toYaml | nindent 2 }}
global:
certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }}
domain: {{ .Values.global.domain | quote }}
@@ -119,6 +122,22 @@ global:
groups: __DELETE_KEY__
ingress:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "128k"
nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "128k"
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/proxy-set-headers: |
Host $http_host;
X-Forwarded-For $proxy_add_x_forwarded_for;
X-Forwarded-Host $http_x_forwarded_host;
X-Forwarded-Port $http_x_forwarded_port;
X-Forwarded-Proto $http_x_forwarded_proto;
nginx.ingress.kubernetes.io/use-regex: "true"
{{- with .Values.annotations.nubus.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
# temporary fix
{{- if not .Values.apps.minio.enabled }}
enabled: false
@@ -160,6 +179,8 @@ keycloak:
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.umsKeycloak | toYaml | nindent 6 }}
commonAnnotations:
{{ .Values.annotations.nubusKeycloak.common | toYaml | nindent 4 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloak.registry | quote }}
repository: {{ .Values.images.nubusKeycloak.repository }}
@@ -178,6 +199,9 @@ keycloak:
adminPassword: "admin_password"
podAnnotations:
intents.otterize.com/service-name: "ums-keycloak"
{{- with .Values.annotations.nubusKeycloak.pod }}
{{ . | toYaml | nindent 4 }}
{{- end }}
postgresql:
connection:
host: {{ .Values.databases.keycloak.host | quote }}
@@ -192,6 +216,12 @@ keycloak:
replicaCount: {{ .Values.replicas.keycloak }}
resources:
{{ .Values.resources.umsKeycloak | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.nubusKeycloak.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusKeycloak.serviceAccount | toYaml | nindent 6 }}
{{- if .Values.certificate.selfSigned }}
extraVolumes:
- name: "trusted-cert-crt-secret-volume"
@@ -233,6 +263,9 @@ nubusGuardian:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-authorization-api"
{{- with .Values.annotations.nubusGuardian.authorizationApiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
@@ -253,12 +286,67 @@ nubusGuardian:
type: RuntimeDefault
seLinuxOptions:
{{ .Values.seLinuxOptions.umsGuardianAuthorizationApi | toYaml | nindent 8 }}
global:
podAnnotations:
{{ .Values.annotations.nubusGuardian.globalPod | toYaml | nindent 6 }}
ingress:
annotations:
{{ .Values.annotations.nubusGuardian.ingressIngress | toYaml | nindent 6 }}
certManager:
enabled: false
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
items:
- name: management-ui
host: ""
# -- Define the Ingress paths.
paths:
- path: /univention/guardian/management-ui
pathType: Prefix
backend:
service:
name: guardian-management-ui
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressManagementUi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
- name: management-api
host: ""
paths:
- path: /guardian/management
pathType: Prefix
backend:
service:
name: guardian-management-api
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressManagementApi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
- name: authorization-api
host: ""
paths:
- path: /guardian/authorization
pathType: Prefix
backend:
service:
name: guardian-authorization-api
port:
number: 80
ingressClassName: ""
annotations:
{{ .Values.annotations.nubusGuardian.ingressAuthorizationApi | toYaml | nindent 10 }}
tls:
# enabled: true
secretName: ""
managementApi:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusGuardianManagementApi.registry | quote }}
@@ -269,6 +357,9 @@ nubusGuardian:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-management-api"
{{- with .Values.annotations.nubusGuardian.managementApiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
podSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: "Always"
@@ -299,6 +390,9 @@ nubusGuardian:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-guardian-management-ui"
{{- with .Values.annotations.nubusGuardian.managementUiPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
replicaCount: {{ .Values.replicas.umsGuardianManagementUi }}
resources:
{{ .Values.resources.umsGuardianManagementUi | toYaml | nindent 6 }}
@@ -378,11 +472,17 @@ nubusGuardian:
repository: {{ .Values.images.nubusGuardianProvisioning.repository }}
tag: {{ .Values.images.nubusGuardianProvisioning.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusGuardian.serviceAccount | toYaml | nindent 6 }}
nubusNotificationsApi:
enabled: false
additionalAnnotations:
intents.otterize.com/service-name: "ums-notifications-api"
{{- with .Values.annotations.nubusNotificationsApi.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -405,11 +505,22 @@ nubusNotificationsApi:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
nginx.ingress.kubernetes.io/use-regex: "true"
{{- with .Values.annotations.nubusNotificationsApi.ingress }}
{{. | toYaml | nindent 6 }}
{{- end }}
certManager:
enabled: false
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
persistence:
annotations:
{{ .Values.annotations.nubusNotificationsApi.persistence | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.nubusNotificationsApi.pod | toYaml | nindent 4 }}
postgresql:
connection:
host: {{ .Values.databases.umsNotificationsApi.host | quote }}
@@ -419,7 +530,12 @@ nubusNotificationsApi:
database: {{ .Values.databases.umsNotificationsApi.name | quote }}
existingSecret:
name: "ums-notifications-api-postgresql-opendesk-credentials"
service:
annotations:
{{ .Values.annotations.nubusNotificationsApi.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusNotificationsApi.serviceAccount | toYaml | nindent 6 }}
create: true
replicaCount: {{ .Values.replicas.umsNotificationsApi }}
resources:
@@ -428,6 +544,9 @@ nubusNotificationsApi:
nubusPortalFrontend:
additionalAnnotations:
intents.otterize.com/service-name: "ums-portal-frontend"
{{- with .Values.annotations.nubusPortalFrontend.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -450,11 +569,60 @@ nubusPortalFrontend:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress:
annotations:
{{ .Values.annotations.nubusPortalFrontend.ingressIngress | toYaml | nindent 6 }}
certManager:
enabled: false
items:
- name: rewrites
host: ""
paths:
- path: /univention/(portal|selfservice)/$
pathType: ImplementationSpecific
- path: /univention/(portal|selfservice)/index.html$
pathType: ImplementationSpecific
- path: /univention/(portal|selfservice)/(css|fonts|i18n|media|js|oidc|custom)(/.*)$
pathType: ImplementationSpecific
- path: /univention/(portal)/(icons)(/.*)$
pathType: ImplementationSpecific
ingressClassName: ""
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
nginx.ingress.kubernetes.io/use-regex: "true"
{{- with .Values.annotations.nubusPortalFrontend.ingressRewrites }}
{{ . | toYaml | nindent 10 }}
{{- end }}
tls:
secretName: ""
- name: redirects
host: ""
paths:
- pathType: ImplementationSpecific
path: /$
- pathType: ImplementationSpecific
path: /univention$
- pathType: ImplementationSpecific
path: /univention/$
- pathType: ImplementationSpecific
path: /univention/portal$
- pathType: ImplementationSpecific
path: /univention/selfservice$
ingressClassName: ""
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: "/univention/portal/"
{{- with .Values.annotations.nubusPortalFrontend.ingressRedirects }}
{{ . | toYaml | nindent 10 }}
{{- end }}
tls:
secretName: ""
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName }}
persistence:
annotations:
{{ .Values.annotations.nubusPortalFrontend.persistence | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.nubusPortalFrontend.pod | toYaml | nindent 4 }}
portalFrontend:
branding:
css: {{ .Values.theme.styles.portal.main | toJson }}
@@ -463,7 +631,12 @@ nubusPortalFrontend:
# The actual `logo` is set in customizing image, the logo down here is for for waiting spinner.
logo: {{ .Values.theme.imagery.portal.waitingSpinnerSvg | toJson }}
backgroundImage: {{ .Values.theme.imagery.portal.backgroundSvg | toJson }}
service:
annotations:
{{ .Values.annotations.nubusPortalFrontend.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusPortalFrontend.serviceAccount | toYaml | nindent 6 }}
create: true
replicaCount: {{ .Values.replicas.umsPortalFrontend }}
resources:
@@ -479,6 +652,8 @@ nubusKeycloakExtensions:
keyMapping:
adminPassword: "admin_password"
proxy:
additionalAnnotations:
{{ .Values.annotations.nubusKeycloakExtensions.proxyAdditional | toYaml | nindent 6 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakExtensionProxy.registry | quote }}
repository: {{ .Values.images.nubusKeycloakExtensionProxy.repository }}
@@ -487,6 +662,12 @@ nubusKeycloakExtensions:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
ingress:
annotations:
nginx.org/proxy-buffer-size: "8k"
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
{{- with .Values.annotations.nubusKeycloakExtensions.proxyIngress }}
{{ . | toYaml | nindent 8 }}
{{- end }}
paths:
{{- if .Values.debug.enabled }}
- pathType: "Prefix"
@@ -507,6 +688,9 @@ nubusKeycloakExtensions:
secretName: {{ .Values.ingress.tls.secretName | quote }}
podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-extensions-proxy"
{{- with .Values.annotations.nubusKeycloakExtensions.proxyPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsProxy }}
resources:
{{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
@@ -515,6 +699,12 @@ nubusKeycloakExtensions:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.umsKeycloakExtensionHandler | toYaml | nindent 8 }}
service:
annotations:
{{ .Values.annotations.nubusKeycloakExtensions.proxyService | toYaml | nindent 8 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusKeycloakExtensions.proxyServiceAccount | toYaml | nindent 8 }}
postgresql:
connection:
host: {{ .Values.databases.keycloakExtension.host | quote }}
@@ -542,6 +732,8 @@ nubusKeycloakExtensions:
keyMapping:
password: "umcKeycloakExtensionsSmtpPassword"
handler:
additionalAnnotations:
{{ .Values.annotations.nubusKeycloakExtensions.handlerAdditional | toYaml | nindent 6 }}
appConfig:
newDeviceLoginNotificationEnable: {{ if .Values.functional.authentication.newDeviceLoginNotification.enabled }}"True"{{ else }}"False"{{ end }}
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
@@ -556,6 +748,9 @@ nubusKeycloakExtensions:
{{ .Values.global.imagePullSecrets | toYaml | nindent 6 }}
podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-extensions-handler"
{{- with .Values.annotations.nubusKeycloakExtensions.handlerPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }}
resources:
{{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 6 }}
@@ -564,6 +759,12 @@ nubusKeycloakExtensions:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.umsKeycloakExtensionHandler | toYaml | nindent 8 }}
service:
annotations:
{{ .Values.annotations.nubusKeycloakExtensions.handlerService | toYaml | nindent 8 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusKeycloakExtensions.handlerServiceAccount | toYaml | nindent 8 }}
nubusPortalListener:
enabled: false
@@ -594,6 +795,9 @@ nubusPortalConsumer:
storageClass: {{ coalesce .Values.persistence.storages.nubusPortalConsumer.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
podAnnotations:
intents.otterize.com/service-name: "ums-portal-consumer"
{{- with .Values.annotations.nubusPortalConsumer.pod }}
{{ . | toYaml | nindent 4 }}
{{- end }}
provisioningApi:
auth:
username: "portal-consumer"
@@ -650,6 +854,9 @@ nubusPortalConsumer:
nubusPortalServer:
additionalAnnotations:
intents.otterize.com/service-name: "ums-portal-server"
{{- with .Values.annotations.nubusPortalServer.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -672,6 +879,13 @@ nubusPortalServer:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
nginx.ingress.kubernetes.io/use-regex: "true"
{{- with .Values.annotations.nubusPortalServer.ingress }}
{{ . | toYaml | nindent 8 }}
{{- end }}
certManager:
enabled: false
tls:
@@ -683,6 +897,14 @@ nubusPortalServer:
secretAccessKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
bucketName: {{ .Values.objectstores.nubus.bucket | quote }}
endpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
persistence:
annotations:
{{ .Values.annotations.nubusPortalServer.persistence | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.nubusPortalServer.pod | toYaml | nindent 4 }}
portalServer:
objectStorageEndpoint: {{ printf "https://%s" (.Values.objectstores.nubus.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
objectStorageCredentialSecret:
name: "ums-portal-server-minio-opendesk-credentials"
accessKeyKey: "access-key-id"
@@ -697,7 +919,12 @@ nubusPortalServer:
replicaCount: {{ .Values.replicas.umsPortalServer }}
resources:
{{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.nubusPortalServer.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusPortalServer.serviceAccount | toYaml | nindent 6 }}
create: true
{{- if .Values.certificate.selfSigned }}
extraVolumes:
@@ -731,6 +958,9 @@ nubusPortalServer:
nubusUdmRestApi:
additionalAnnotations:
intents.otterize.com/service-name: "ums-udm-rest-api"
{{- with .Values.annotations.nubusUdmRestApi.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -749,6 +979,15 @@ nubusUdmRestApi:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress:
enabled: {{ .Values.functional.externalServices.nubus.udmRestApi.enabled }}
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: "64k"
nginx.ingress.kubernetes.io/configuration-snippet-disabled: |
rewrite ^/univention(/udm/.*)$ $1 break;
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
{{- with .Values.annotations.nubusUdmRestApi.ingress }}
{{ . | toYaml | nindent 6 }}
{{- end }}
certManager:
enabled: false
tls:
@@ -756,12 +995,23 @@ nubusUdmRestApi:
secretName: {{ .Values.ingress.tls.secretName | quote }}
initResources:
{{ .Values.resources.umsUdmRestApiInit | toYaml | nindent 4 }}
persistence:
annotations:
{{ .Values.annotations.nubusUdmRestApi.persistence | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.nubusUdmRestApi.pod | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.umsUdmRestApi }}
resources:
{{ .Values.resources.umsUdmRestApi | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.nubusUdmRestApi.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
intended.usage: "compliance"
{{- with .Values.annotations.nubusUdmRestApi.serviceAccount }}
{{ . | toYaml | nindent 6 }}
{{- end }}
udmRestApi:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusUdmRestApi.registry | quote }}
@@ -770,6 +1020,8 @@ nubusUdmRestApi:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
nubusLdapNotifier:
additionalAnnotations:
{{ .Values.annotations.nubusLdapNotifier.additional | toYaml | nindent 4 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -793,11 +1045,22 @@ nubusLdapNotifier:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
podAnnotations:
intents.otterize.com/service-name: "ums-ldap-notifier"
{{- with .Values.annotations.nubusLdapNotifier.pod }}
{{ . | toYaml | nindent 4 }}
{{- end }}
replicaCount: {{ .Values.replicas.umsLdapNotifier }}
resources:
{{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.nubusLdapNotifier.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusLdapNotifier.serviceAccount | toYaml | nindent 6 }}
nubusLdapServer:
additionalAnnotations:
{{ .Values.annotations.nubusLdapServer.additional | toYaml | nindent 4 }}
global:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
@@ -826,13 +1089,20 @@ nubusLdapServer:
persistence:
size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
podAnnotations:
{{ .Values.annotations.nubusLdapServer.pod | toYaml | nindent 4 }}
replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }}
replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }}
replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }}
resources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
resourcesPrimary: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
resourcesSecondary: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.nubusLdapServer.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusLdapServer.serviceAccount | toYaml | nindent 6 }}
create: true
waitForDependency:
image:
@@ -843,9 +1113,14 @@ nubusLdapServer:
nubusProvisioning:
enabled: true
additionalAnnotations:
{{ .Values.annotations.nubusProvisioning.additional | toYaml | nindent 4 }}
api:
additionalAnnotations:
intents.otterize.com/service-name: "ums-provisioning-api"
{{- with .Values.annotations.nubusProvisioning.apiAdditional }}
{{ . | toYaml | nindent 6 }}
{{- end }}
auth:
adminPassword: {{ .Values.secrets.nubus.provisioning.api.adminPassword | quote }}
prefillPassword: {{ .Values.secrets.nubus.provisioning.api.prefillPassword | quote}}
@@ -858,6 +1133,8 @@ nubusProvisioning:
nats:
auth:
password: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}}
podAnnotations:
{{ .Values.annotations.nubusProvisioning.apiPod | toYaml | nindent 6 }}
resources:
{{ .Values.resources.umsProvisioningApi | toYaml | nindent 6 }}
containerSecurityContext:
@@ -877,6 +1154,9 @@ nubusProvisioning:
dispatcher:
additionalAnnotations:
intents.otterize.com/service-name: "ums-provisioning-dispatcher"
{{- with .Values.annotations.nubusProvisioning.dispatcherAdditional }}
{{ . | toYaml | nindent 6 }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningDispatcher.registry | quote }}
repository: {{ .Values.images.nubusProvisioningDispatcher.repository }}
@@ -885,6 +1165,8 @@ nubusProvisioning:
nats:
auth:
password: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}}
podAnnotations:
{{ .Values.annotations.nubusProvisioning.dispatcherPod | toYaml | nindent 6 }}
resources:
{{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 6 }}
imagePullSecrets:
@@ -895,6 +1177,9 @@ nubusProvisioning:
nats:
additionalAnnotations:
intents.otterize.com/service-name: "ums-provisioning-nats"
{{- with .Values.annotations.nubusProvisioning.natsAdditional }}
{{ . | toYaml | nindent 6 }}
{{- end }}
auth:
adminPassword: {{ .Values.secrets.nats.natsAdminPassword | quote }}
config:
@@ -941,9 +1226,14 @@ nubusProvisioning:
{{ .Values.resources.umsProvisioningNats | toYaml | nindent 6 }}
serviceAccount:
create: true
podAnnotations:
{{ .Values.annotations.nubusProvisioning.pod | toYaml | nindent 4 }}
prefill:
additionalAnnotations:
intents.otterize.com/service-name: "ums-provisioning-prefill"
{{- with .Values.annotations.nubusProvisioning.prefillAdditional }}
{{ . | toYaml | nindent 6 }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningPrefill.registry | quote }}
repository: {{ .Values.images.nubusProvisioningPrefill.repository }}
@@ -952,11 +1242,16 @@ nubusProvisioning:
nats:
auth:
password: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}}
podAnnotations:
{{ .Values.annotations.nubusProvisioning.prefillPod | toYaml | nindent 6 }}
resources:
{{ .Values.resources.umsProvisioningPrefill | toYaml | nindent 6 }}
udmTransformer:
additionalAnnotations:
intents.otterize.com/service-name: "ums-provisioning-udm-transformer"
{{- with .Values.annotations.nubusProvisioning.udmTransformerAdditional }}
{{ . | toYaml | nindent 6 }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusProvisioningUdmTransformer.registry | quote }}
repository: {{ .Values.images.nubusProvisioningUdmTransformer.repository }}
@@ -965,6 +1260,8 @@ nubusProvisioning:
nats:
auth:
password: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}}
podAnnotations:
{{ .Values.annotations.nubusProvisioning.udmTransformerPod | toYaml | nindent 6 }}
resources:
{{ .Values.resources.umsProvisioningUdmTransformer | toYaml | nindent 6 }}
replicaCount:
@@ -975,6 +1272,9 @@ nubusProvisioning:
registerConsumers:
additionalAnnotations:
intents.otterize.com/service-name: "ums-provisioning-register-consumers"
{{- with .Values.annotations.nubusProvisioning.registerConsumersAdditional }}
{{ . | toYaml | nindent 6 }}
{{- end }}
{{- if .Values.apps.oxAppSuite.enabled }}
createUsers:
oxConsumer:
@@ -990,10 +1290,18 @@ nubusProvisioning:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations:
intents.otterize.com/service-name: "ums-provisioning-register-consumers"
{{- with .Values.annotations.nubusProvisioning.registerConsumersPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
resources:
registerConsumers:
{{ .Values.resources.umsProvisioningRegisterConsumers | toYaml | nindent 6 }}
service:
annotations:
{{ .Values.annotations.nubusProvisioning.service | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusProvisioning.serviceAccount | toYaml | nindent 6 }}
create: true
nubusUdmListener:
@@ -1019,12 +1327,17 @@ nubusUdmListener:
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
podAnnotations:
{{ .Values.annotations.nubusUdmListener.pod | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.umsUdmListener }}
resources:
{{ .Values.resources.umsUdmListener | toYaml | nindent 4 }}
nats:
auth:
password: {{ .Values.secrets.nubus.provisioning.udmListenerNatsPassword | quote}}
serviceAccount:
annotations:
{{ .Values.annotations.nubusUdmListener.serviceAccount | toYaml | nindent 6 }}
nubusSelfServiceListener:
enabled: false
@@ -1058,6 +1371,9 @@ nubusSelfServiceConsumer:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
podAnnotations:
intents.otterize.com/service-name: "ums-selfservice-listener"
{{- with .Values.annotations.nubusSelfserviceConsumer.pod }}
{{ . | toYaml | nindent 4 }}
{{- end }}
provisioningApi:
auth:
password: {{ .Values.secrets.nubus.selfserviceConsumer.provisioningApiPassword | quote}}
@@ -1066,6 +1382,9 @@ nubusSelfServiceConsumer:
resourcesWaitForDependency:
{{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.umsSelfserviceConsumer }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusSelfserviceConsumer.serviceAccount | toYaml | nindent 6 }}
waitForDependency:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
@@ -1079,6 +1398,9 @@ nubusStackDataUms:
argocd.argoproj.io/hook: "Sync"
argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
intents.otterize.com/service-name: "ums-stack-data-ums"
{{- with .Values.annotations.nubusStackDataUms.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -1121,6 +1443,8 @@ nubusStackDataUms:
username: {{ .Values.databases.umsSelfservice.username | quote }}
connection:
host: {{ .Values.databases.umsSelfservice.host | quote }}
podAnnotations:
{{ .Values.annotations.nubusStackDataUms.pod | toYaml | nindent 4 }}
pullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
resources:
@@ -1137,6 +1461,9 @@ nubusStackDataUms:
smtpUser: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
smtpStartTls: false
ldapBase: {{ .Values.ldap.baseDn }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusStackDataUms.serviceAccount | toYaml | nindent 6 }}
templateContext:
initialPasswordAdministrator: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote }}
apps: {{ .Values.apps | toYaml | nindent 6 }}
@@ -1209,6 +1536,9 @@ nubusStackDataUms:
nubusUmcServer:
additionalAnnotations:
intents.otterize.com/service-name: "ums-umc-server"
{{- with .Values.annotations.nubusUmcServer.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
@@ -1273,6 +1603,14 @@ nubusUmcServer:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress:
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-UMC-HTTPS 'on';
{{- with .Values.annotations.nubusUmcServer.ingress }}
{{ . | toYaml | nindent 6 }}
{{- end }}
certManager:
enabled: false
tls:
@@ -1286,6 +1624,8 @@ nubusUmcServer:
name: "ums-umc-server-memcached-opendesk-credentials"
keyMapping:
memcached-password: "umcServerMemcachedPassword"
podAnnotations:
{{ .Values.annotations.nubusUmcServer.pod | toYaml | nindent 4 }}
postgresql:
bundled: false
connection:
@@ -1324,6 +1664,9 @@ nubusUmcServer:
Mit freundlichen Grüßen
Ihr {domainname} Passwort-Service
serviceAccount:
annotations:
{{ .Values.annotations.nubusUmcServer.serviceAccount | toYaml | nindent 6 }}
smtp:
existingSecret:
name: "ums-umc-server-smtp-credentials-custom"
@@ -1352,6 +1695,12 @@ nubusUmcGateway:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ingress:
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
{{- with .Values.annotations.nubusUmcGateway.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
certManager:
enabled: false
tls:
@@ -1359,13 +1708,21 @@ nubusUmcGateway:
secretName: {{ .Values.ingress.tls.secretName | quote }}
initResources:
{{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
podAnnotations:
{{ .Values.annotations.nubusUmcGateway.pod | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.umsUmcGateway }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusUmcGateway.serviceAccount | toYaml | nindent 6 }}
resources:
{{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
nubusKeycloakBootstrap:
additionalAnnotations:
argocd.argoproj.io/hook: "Sync"
{{- with .Values.annotations.nubusKeycloakBootstrapNubus.additional }}
{{ . | toYaml | nindent 4 }}
{{- end }}
bootstrap:
ldapMappers:
- ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin"
@@ -1406,6 +1763,9 @@ nubusKeycloakBootstrap:
name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-bootstrap"
{{- with .Values.annotations.nubusKeycloakBootstrapNubus.pod }}
{{ . | toYaml | nindent 4 }}
{{- end }}
resources:
{{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 4 }}
waitForDependency:
@@ -1414,6 +1774,9 @@ nubusKeycloakBootstrap:
repository: {{ .Values.images.nubusWaitForDependency.repository }}
tag: {{ .Values.images.nubusWaitForDependency.tag }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusKeycloakBootstrapNubus.serviceAccount | toYaml | nindent 6 }}
# Credential secrets for accessing customer supplied services
extraSecrets:

14
helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
View File

@@ -759,11 +759,17 @@ containerSecurityContext:
{{ .Values.seLinuxOptions.opendeskKeycloakBootstrap | toYaml | nindent 4 }}
additionalAnnotations:
argocd.argoproj.io/hook: "Sync"
argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
argocd.argoproj.io/hook: "Sync"
argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
{{- with .Values.annotations.nubusKeycloakBootstrap.additional }}
{{. | toYaml | nindent 2 }}
{{- end }}
podAnnotations:
intents.otterize.com/service-name: "ums-keycloak-bootstrap"
{{- with .Values.annotations.nubusKeycloakBootstrap.pod }}
{{. | toYaml | nindent 2 }}
{{- end }}
podSecurityContext:
enabled: true
@@ -773,6 +779,10 @@ podSecurityContext:
resources:
{{ .Values.resources.opendeskKeycloakBootstrap | toYaml | nindent 2 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusKeycloakBootstrap.serviceAccount | toYaml | nindent 4 }}
{{- if .Values.certificate.selfSigned }}
extraVolumes:
- name: "trusted-cert-secret-volume"

18
helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.openxchangeDovecot.common | toYaml | nindent 2 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.dovecot.registry | quote }}
repository: {{ .Values.images.dovecot.repository | quote }}
@@ -79,9 +82,6 @@ containerSecurityContext:
seLinuxOptions:
{{ .Values.seLinuxOptions.dovecot | toYaml | nindent 4 }}
podAnnotations: {}
{{- if .Values.certificate.selfSigned }}
extraVolumes:
- name: "trusted-cert-secret-volume"
@@ -111,14 +111,26 @@ persistence:
- "ReadWriteOnce"
{{- end }}
size: {{ .Values.persistence.storages.dovecot.size | quote }}
annotations:
{{ .Values.annotations.openxchangeDovecot.persistence | toYaml | nindent 4 }}
podAnnotations:
{{ .Values.annotations.openxchangeDovecot.pod | toYaml | nindent 2 }}
resources:
{{ .Values.resources.dovecot | toYaml | nindent 2 }}
{{- if or (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "LoadBalancer") }}
service:
annotations:
{{ .Values.annotations.openxchangeDovecot.service | toYaml | nindent 4 }}
external:
enabled: true
type: {{ coalesce .Values.service.type.dovecot .Values.cluster.service.type | quote }}
{{- end }}
serviceAccount:
annotations:
{{ .Values.annotations.openxchangeDovecot.serviceAccount | toYaml | nindent 4 }}
...

14
helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
View File

@@ -4,6 +4,13 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
argocd.argoproj.io/hook: "Sync"
argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
{{- with .Values.annotations.openxchangeBootstrap.additional }}
{{ . | toYaml | nindent 2 }}
{{- end }}
cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
@@ -31,7 +38,8 @@ image:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 2 }}
additionalAnnotations:
argocd.argoproj.io/hook: "Sync"
argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
serviceAccount:
annotations:
{{ .Values.annotations.openxchangeBootstrap.serviceAccount | toYaml | nindent 4 }}
...

10
helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl
View File

@@ -6,7 +6,11 @@ SPDX-License-Identifier: Apache-2.0
---
appsuite:
core-mw:
podAnnotations:
logging.open-xchange.com/format: "appsuite-json"
{{- with .Values.annotations.openxchangeEnterpriseContactPicker.appsuiteCoreMwPod }}
{{ . | toYaml | nindent 6 }}
{{- end }}
properties:
# Enterprise contact picker
com.openexchange.contacts.ldap.accounts: "opendesk,other,functional"
@@ -28,6 +32,10 @@ appsuite:
dn: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}"
password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
serviceAccount:
annotations:
{{ .Values.annotations.openxchangeEnterpriseContactPicker.appsuiteCoreMwServiceAccount | toYaml | nindent 8 }}
uiSettings:
# Enterprise contact picker
io.ox/core//features/enterprisePicker/enabled: "true"

126
helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
View File

@@ -32,7 +32,8 @@ nextcloud-integration-ui:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeNextcloudIntegrationUi.pod | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.openxchangeNextcloudIntegrationUI }}
resources:
{{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
@@ -66,7 +67,8 @@ public-sector-ui:
{{- end }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
replicaCount: {{ .Values.replicas.openxchangePublicSectorUI }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangePublicSectorUi.pod | toYaml | nindent 4 }}
resources:
{{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
securityContext:
@@ -95,6 +97,8 @@ appsuite:
istio:
enabled: false
ingress:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.ingress | toYaml | nindent 6 }}
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls:
@@ -107,11 +111,101 @@ appsuite:
hosts:
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
routes:
appsuite-base:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.appsuitebase | toYaml | nindent 10 }}
rootredirect:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.rootredirect | toYaml | nindent 10 }}
trailslash:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.trailslash | toYaml | nindent 10 }}
rest-routes-admin:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesAdmin | toYaml | nindent 10 }}
rest-routes-advertisement:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesAdvertisement | toYaml | nindent 10 }}
rest-routes-chronos:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesChronos | toYaml | nindent 10 }}
rest-routes-preliminary:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesPreliminary | toYaml | nindent 10 }}
rest-routes-userfeedback:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesUserfeedback | toYaml | nindent 10 }}
static-routes-servlet:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesServlet | toYaml | nindent 10 }}
static-routes-realtime:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesRealtime | toYaml | nindent 10 }}
static-routes-infostore:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesInfostore | toYaml | nindent 10 }}
static-routes-webservices:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesWebservices | toYaml | nindent 10 }}
drive-client-windows-ox-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.driveClientWindowsOxRoute | toYaml | nindent 10 }}
guard-api-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.guardApiRoute | toYaml | nindent 10 }}
guard-support-api-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.guardSupportApiRoute | toYaml | nindent 10 }}
guard-pgp-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.guardPgpRoute | toYaml | nindent 10 }}
http-api-routes-api:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesApi | toYaml | nindent 10 }}
http-api-routes-ajax:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesAjax | toYaml | nindent 10 }}
http-api-routes-appsuite-api:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.oxAppSuite }}"
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.oxAppSuite }}"
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.oxAppSuite }}"
{{- with .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesAppsuiteApi }}
{{ . | toYaml | nindent 10 }}
{{- end }}
http-api-routes-app-root-api:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesAppRootApi | toYaml | nindent 10 }}
rt2-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.rt2Route | toYaml | nindent 10 }}
documents-help-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.documentsHelpRoute | toYaml | nindent 10 }}
drive-help-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.driveHelpRoute | toYaml | nindent 10 }}
core-help-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.coreHelpRoute | toYaml | nindent 10 }}
office-web-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.officeWebRoute | toYaml | nindent 10 }}
caldav-well-known-redirect:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.caldavWellKnownRedirect | toYaml | nindent 10 }}
carddav-well-known-redirect:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.carddavWellKnownRedirect | toYaml | nindent 10 }}
dav-infostore-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.davInfostoreRoute | toYaml | nindent 10 }}
dav-root-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.davRootRoute | toYaml | nindent 10 }}
wopi-server-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.wopiServerRoute | toYaml | nindent 10 }}
trailslash:
enabled: false
core-mw:
@@ -131,8 +225,11 @@ appsuite:
jolokiaLogin: "jolokia"
jolokiaPassword: {{ .Values.secrets.oxAppSuite.jolokiaPassword | quote }}
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.pod | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.serviceAccount | toYaml | nindent 8 }}
create: true
features:
status:
@@ -151,7 +248,8 @@ appsuite:
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
replicaCount: {{ .Values.replicas.openxchangeGotenberg }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.gotenbergPod | toYaml | nindent 8 }}
resources:
{{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
securityContext:
@@ -421,6 +519,8 @@ appsuite:
# podSecurityContext: {}
# securityContext: {}
update:
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.updatePod | toYaml | nindent 8 }}
image:
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
@@ -447,7 +547,8 @@ appsuite:
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
replicaCount: {{ .Values.replicas.openxchangeCoreUI }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreUi.pod | toYaml | nindent 6 }}
resources:
{{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
securityContext:
@@ -483,7 +584,8 @@ appsuite:
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
overrides: {}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreUiMiddleware.pod | toYaml | nindent 6 }}
redis: *redisConfiguration
replicaCount: {{ .Values.replicas.openxchangeCoreUIMiddleware }}
resources:
@@ -526,7 +628,8 @@ appsuite:
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreDocumentconverter.pod | toYaml | nindent 6 }}
redis: *redisConfiguration
replicaCount: {{ .Values.replicas.openxchangeCoreDocumentConverter }}
resources:
@@ -576,7 +679,8 @@ appsuite:
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreGuidedtours.pod | toYaml | nindent 6 }}
replicaCount: {{ .Values.replicas.openxchangeCoreGuidedtours }}
resources:
{{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
@@ -614,7 +718,8 @@ appsuite:
endpoint: "."
accessKey: "."
secretKey: "."
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreImageconverter.pod | toYaml | nindent 6 }}
redis: *redisConfiguration
replicaCount: {{ .Values.replicas.openxchangeCoreImageConverter }}
resources:
@@ -683,7 +788,8 @@ appsuite:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreUserGuide.pod | toYaml | nindent 6 }}
replicaCount: {{ .Values.replicas.openxchangeCoreUserGuide }}
resources:
{{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}

5
helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
View File

@@ -69,7 +69,8 @@ persistence:
size: {{ .Values.persistence.storages.oxConnector.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.nubusOxConnector.pod | toYaml | nindent 2 }}
replicaCount: {{ .Values.replicas.oxConnector }}
@@ -92,6 +93,8 @@ securityContext:
{{ .Values.seLinuxOptions.oxConnector | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusOxConnector.serviceAccount | toYaml | nindent 4 }}
create: true
...

5
helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
View File

@@ -84,7 +84,8 @@ postfix:
virtualMailboxDomains: {{ if .Values.global.additionalMailDomains }}{{ printf "%s,%s" (.Values.global.mailDomain | default .Values.global.domain) .Values.global.additionalMailDomains }}{{ else }}{{ .Values.global.mailDomain | default .Values.global.domain | quote }}{{ end }}
virtualTransport: "lmtps:dovecot:24"
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openxchangePostfix.pod | toYaml | nindent 2 }}
replicaCount: {{ .Values.replicas.postfix }}
@@ -93,6 +94,8 @@ resources:
{{- if or (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "LoadBalancer") }}
service:
annotations:
{{ .Values.annotations.openxchangePostfix.service | toYaml | nindent 4 }}
external:
enabled: true
type: {{ coalesce .Values.service.type.postfix .Values.cluster.service.type | quote }}

10
helmfile/apps/opendesk-migrations-post/values.yaml.gotmpl
View File

@@ -3,7 +3,15 @@
SPDX-License-Identifier: Apache-2.0
*/}}
---
podAnnotations: {}
additionalAnnotations:
{{ .Values.annotations.opendeskMigrationsPost.additional | toYaml | nindent 2 }}
podAnnotations:
{{ .Values.annotations.opendeskMigrationsPost.pod | toYaml | nindent 2 }}
serviceAccount:
annotations:
{{ .Values.annotations.opendeskMigrationsPost.serviceAccount | toYaml | nindent 4 }}
migrations:
stage: "POST"

10
helmfile/apps/opendesk-migrations-pre/values.yaml.gotmpl
View File

@@ -3,7 +3,15 @@
SPDX-License-Identifier: Apache-2.0
*/}}
---
podAnnotations: {}
additionalAnnotations:
{{ .Values.annotations.opendeskMigrationsPre.additional | toYaml | nindent 2 }}
podAnnotations:
{{ .Values.annotations.opendeskMigrationsPre.pod | toYaml | nindent 2 }}
serviceAccount:
annotations:
{{ .Values.annotations.opendeskMigrationsPre.serviceAccount | toYaml | nindent 4 }}
migrations:
stage: "PRE"

6
helmfile/apps/opendesk-openproject-bootstrap/values.yaml.gotmpl
View File

@@ -11,6 +11,9 @@ global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
additionalAnnotations:
{{ .Values.annotations.openprojectBootstrap.additional | toYaml | nindent 2 }}
cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
@@ -72,6 +75,9 @@ image:
job:
enabled: true
podAnnotations:
{{ .Values.annotations.openprojectBootstrap.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
fsGroup: 1000

5
helmfile/apps/opendesk-services/values-home.yaml.gotmpl
View File

@@ -3,6 +3,9 @@ SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlic
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.opendeskServicesHome.additional | toYaml | nindent 2 }}
global:
domain: {{ .Values.global.domain | quote }}
hosts:
@@ -12,4 +15,6 @@ ingress:
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.opendeskServicesHome.ingress | toYaml | nindent 4 }}
...

14
helmfile/apps/opendesk-services/values-opendesk-static-files.yaml.gotmpl
View File

@@ -10,6 +10,9 @@ global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
additionalAnnotations:
{{ .Values.annotations.opendeskServicesStaticFiles.additional | toYaml | nindent 2 }}
assets:
element:
subdomain: {{ .Values.global.hosts.element }}
@@ -96,6 +99,8 @@ ingress:
host: "{{ .Values.global.hosts.static }}.{{ .Values.global.domain }}"
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.opendeskServicesStaticFiles.ingress | toYaml | nindent 4 }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.opendeskStaticFiles.registry | quote }}
@@ -103,6 +108,8 @@ image:
tag: {{ .Values.images.opendeskStaticFiles.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations:
{{ .Values.annotations.opendeskServicesStaticFiles.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -116,4 +123,11 @@ resources:
service:
type: "ClusterIP"
annotations:
{{ .Values.annotations.opendeskServicesStaticFiles.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.opendeskServicesStaticFiles.serviceAccount | toYaml | nindent 4 }}
...

3
helmfile/apps/opendesk-services/values-otterize.yaml.gotmpl
View File

@@ -8,6 +8,9 @@ global:
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
additionalAnnotations:
{{ .Values.annotations.opendeskServicesOtterize.additional | toYaml | nindent 2 }}
apps:
clamavDistributed:
enabled: {{ .Values.apps.clamavDistributed.enabled }}

15
helmfile/apps/openproject/values.yaml.gotmpl
View File

@@ -131,7 +131,8 @@ memcached:
persistence:
enabled: false
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.openproject.pod | toYaml | nindent 2 }}
postgresql:
bundled: false
@@ -179,6 +180,12 @@ openproject:
login: "opendesk_username"
admin: "openproject_admin"
useTmpVolumes: true
tmpVolumesAnnotations:
{{ .Values.annotations.openproject.openprojectTempVolumes | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.openproject.serviceAccount | toYaml | nindent 4 }}
ingress:
annotations:
@@ -188,6 +195,9 @@ ingress:
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.openproject }}"
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.openproject }}s"
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.openproject }}s"
{{- with .Values.annotations.openproject.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
host: "{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
@@ -221,6 +231,9 @@ seederJob:
intents.otterize.com/service-name: "openproject-seeder"
argocd.argoproj.io/hook: "Sync"
argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
{{- with .Values.annotations.openproject.seederJob }}
{{ . | toYaml | nindent 4 }}
{{- end }}
resources:
{{ .Values.resources.openprojectSeederJob | toYaml | nindent 4 }}

11
helmfile/apps/services-external/values-cassandra.yaml.gotmpl
View File

@@ -33,6 +33,10 @@ image:
tag: {{ .Values.images.cassandra.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
ingress:
annotations:
{{ .Values.annotations.cassandra.ingress | toYaml | nindent 6 }}
initDB:
initUserData.cql: >
CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
@@ -70,7 +74,8 @@ persistence:
size: {{ .Values.persistence.storages.cassandra.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.cassandra.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.cassandra.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -92,6 +97,10 @@ replicaCount: {{ .Values.replicas.cassandra }}
resources:
{{ .Values.resources.cassandra | toYaml | nindent 2 }}
serviceAccount:
annotations:
{{ .Values.annotations.cassandra.serviceAccount | toYaml | nindent 4 }}
startupProbe:
enabled: false
initialDelaySeconds: 0

46
helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl
View File

@@ -5,6 +5,8 @@ SPDX-License-Identifier: Apache-2.0
*/}}
---
clamd:
commonAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.clamdCommon | toYaml | nindent 4 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -25,7 +27,8 @@ clamd:
repository: {{ .Values.images.clamd.repository | quote }}
tag: {{ .Values.images.clamd.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.clamdPod | toYaml | nindent 4 }}
podSecurityContext:
enabled: true
fsGroup: 101
@@ -33,6 +36,13 @@ clamd:
replicaCount: {{ .Values.replicas.clamd }}
resources:
{{ .Values.resources.clamd | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.clamdService | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.clamdServiceAccount | toYaml | nindent 6 }}
containerSecurityContext:
allowPrivilegeEscalation: false
@@ -50,6 +60,8 @@ containerSecurityContext:
{{ .Values.seLinuxOptions.clamav | toYaml | nindent 4 }}
freshclam:
commonAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.freshclamCommon | toYaml | nindent 4 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -70,7 +82,8 @@ freshclam:
repository: {{ .Values.images.freshclam.repository | quote }}
tag: {{ .Values.images.freshclam.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.freshclamPod | toYaml | nindent 4 }}
podSecurityContext:
enabled: true
fsGroup: 101
@@ -78,6 +91,9 @@ freshclam:
replicaCount: {{ .Values.replicas.freshclam }}
resources:
{{ .Values.resources.freshclam | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.freshclamServiceAccount | toYaml | nindent 6 }}
settings:
database:
auth:
@@ -92,6 +108,8 @@ global:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
icap:
commonAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.icapCommon | toYaml | nindent 4 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -112,7 +130,8 @@ icap:
repository: {{ .Values.images.icap.repository | quote }}
tag: {{ .Values.images.icap.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.icapPod | toYaml | nindent 4 }}
podSecurityContext:
enabled: true
fsGroup: 101
@@ -120,8 +139,17 @@ icap:
replicaCount: {{ .Values.replicas.icap }}
resources:
{{ .Values.resources.icap | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.icapService | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.icapServiceAccount | toYaml | nindent 6 }}
milter:
commonAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.milterCommon | toYaml | nindent 4 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -142,7 +170,8 @@ milter:
repository: {{ .Values.images.milter.repository | quote }}
tag: {{ .Values.images.milter.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.servicesExternalClamavDistributed.milterPod | toYaml | nindent 4 }}
podSecurityContext:
enabled: true
fsGroup: 101
@@ -150,8 +179,17 @@ milter:
replicaCount: {{ .Values.replicas.milter }}
resources:
{{ .Values.resources.milter | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.milterService | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.milterServiceAccount | toYaml | nindent 6 }}
persistence:
size: {{ .Values.persistence.storages.clamav.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.clamav.storageClassName .Values.persistence.storageClassNames.RWX | quote }}
annotations:
{{ .Values.annotations.servicesExternalClamavDistributed.persistence | toYaml | nindent 4 }}
...

17
helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.servicesExternalClamavSimple.common | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -39,8 +42,11 @@ image:
persistence:
size: {{ .Values.persistence.storages.clamav.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.clamav.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
annotations:
{{ .Values.annotations.servicesExternalClamavSimple.persistence | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.servicesExternalClamavSimple.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -62,4 +68,13 @@ settings:
url: {{ .Values.repositories.clamav.mirror.url | quote }}
customURLs:
{{ .Values.repositories.clamav.customURLs | toYaml | nindent 8 }}
service:
annotations:
{{ .Values.annotations.servicesExternalClamavSimple.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalClamavSimple.serviceAccount | toYaml | nindent 4 }}
...

15
helmfile/apps/services-external/values-dkimpy.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
additionalAnnotations:
{{ .Values.annotations.servicesExternalDkimpy.additional | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities: {}
@@ -28,6 +31,9 @@ image:
tag: {{ .Values.images.dkimpy.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations:
{{ .Values.annotations.servicesExternalDkimpy.service | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
fsGroup: 1000
@@ -44,4 +50,13 @@ replicaCount: {{ .Values.replicas.dkimpy }}
resources:
{{ .Values.resources.dkimpy | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.servicesExternalDkimpy.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalDkimpy.serviceAccount | toYaml | nindent 4 }}
...

16
helmfile/apps/services-external/values-mariadb.yaml.gotmpl
View File

@@ -8,6 +8,9 @@ cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
commonAnnotations:
{{ .Values.annotations.servicesExternalMariadb.common | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -73,10 +76,15 @@ mariadb:
persistence:
size: {{ .Values.persistence.storages.mariadb.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.mariadb.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
annotations:
{{ .Values.annotations.servicesExternalMariadb.persistence | toYaml | nindent 4 }}
podAnnotations:
argocd.argoproj.io/hook: "PostSync"
argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
{{- with .Values.annotations.servicesExternalMariadb.pod }}
{{ . | toYaml | nindent 2 }}
{{- end }}
podSecurityContext:
enabled: true
@@ -88,4 +96,12 @@ replicaCount: {{ .Values.replicas.mariadb }}
resources:
{{ .Values.resources.mariadb | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.servicesExternalMariadb.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalMariadb.serviceAccount | toYaml | nindent 4 }}
...

13
helmfile/apps/services-external/values-memcached.yaml.gotmpl
View File

@@ -6,6 +6,9 @@ SPDX-License-Identifier: Apache-2.0
---
architecture: {{ if gt .Values.replicas.memcached 1 }}"high-availability"{{ else }}"standalone"{{ end }}
commonAnnotations:
{{ .Values.annotations.servicesExternalMemcached.common | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -32,13 +35,21 @@ image:
tag: {{ .Values.images.memcached.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.servicesExternalMemcached.pod | toYaml | nindent 2 }}
replicaCount: {{ .Values.replicas.memcached }}
resources:
{{ .Values.resources.memcached | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.servicesExternalMemcached.service | toYaml | nindent 4 }}
serviceAccount:
create: true
annotations:
{{ .Values.annotations.servicesExternalMemcached.serviceAccount | toYaml | nindent 4 }}
...

27
helmfile/apps/services-external/values-minio.yaml.gotmpl
View File

@@ -15,10 +15,16 @@ apiIngress:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "4G"
nginx.org/client-max-body-size: "4G"
{{- with .Values.annotations.servicesExternalMinio.apiIngress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
auth:
rootPassword: {{ .Values.secrets.minio.rootPassword | quote }}
commonAnnotations:
{{ .Values.annotations.servicesExternalMinio.common | toYaml | nindent 2 }}
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
@@ -66,6 +72,9 @@ ingress:
secretName: "{{ .Values.ingress.tls.secretName }}"
annotations:
nginx.org/websocket-services: "minio"
{{- with .Values.annotations.servicesExternalMinio.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
{{- end }}
livenessProbe:
@@ -92,6 +101,8 @@ podSecurityContext:
persistence:
size: {{ .Values.persistence.storages.minio.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.minio.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
annotations:
{{ .Values.annotations.servicesExternalMinio.persistence | toYaml | nindent 4 }}
provisioning:
enabled: true
@@ -121,6 +132,8 @@ provisioning:
versioning: "Suspended"
withLock: false
{{- end }}
podAnnotations:
{{ .Values.annotations.servicesExternalMinio.provisioningPod | toYaml | nindent 4 }}
policies:
- name: "migrations-bucket-policy"
statements:
@@ -238,7 +251,8 @@ provisioning:
resources:
{{ .Values.resources.minio | toYaml | nindent 4 }}
podAnnotations: {}
podAnnotations:
{{ .Values.annotations.servicesExternalMinio.pod | toYaml | nindent 2 }}
readinessProbe:
enabled: true
@@ -249,6 +263,17 @@ readinessProbe:
resources:
{{ .Values.resources.minio | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.servicesExternalMinio.serviceService | toYaml | nindent 4 }}
headless:
annotations:
{{ .Values.annotations.servicesExternalMinio.serviceHeadless | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalMinio.serviceAccount | toYaml | nindent 4 }}
startupProbe:
enabled: true
periodSeconds: 10

14
helmfile/apps/services-external/values-postfix.yaml.gotmpl
View File

@@ -9,6 +9,9 @@ certificate:
request:
enabled: false
commonAnnotations:
{{ .Values.annotations.servicesExternalPostfix.common | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities: {}
@@ -36,6 +39,11 @@ image:
persistence:
size: {{ .Values.persistence.storages.postfix.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.postfix.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
annotations:
{{ .Values.annotations.servicesExternalPostfix.persistence | toYaml | nindent 4 }}
podAnnotations:
{{ .Values.annotations.servicesExternalPostfix.pod | toYaml | nindent 2 }}
podSecurityContext:
enabled: true
@@ -99,6 +107,12 @@ resources:
{{ .Values.resources.postfix | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.servicesExternalPostfix.service | toYaml | nindent 4 }}
external:
enabled: false
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalPostfix.serviceAccount | toYaml | nindent 4 }}
...

17
helmfile/apps/services-external/values-postgresql.yaml.gotmpl
View File

@@ -8,6 +8,9 @@ cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
commonAnnotations:
{{ .Values.annotations.servicesExternalPostgresql.common | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -110,10 +113,15 @@ job:
persistence:
size: {{ .Values.persistence.storages.postgresql.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.postgresql.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
annotations:
{{ .Values.annotations.servicesExternalPostgresql.persistence | toYaml | nindent 4 }}
podAnnotations:
argocd.argoproj.io/hook: "PostSync"
argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
{{- with .Values.annotations.servicesExternalPostgresql.pod}}
{{ . | toYaml | nindent 2 }}
{{- end }}
postgres:
user: "postgres"
@@ -121,4 +129,13 @@ postgres:
resources:
{{ .Values.resources.postgresql | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.servicesExternalPostgresql.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalPostgresql.serviceAccount | toYaml | nindent 4 }}
...

34
helmfile/apps/services-external/values-redis.yaml.gotmpl
View File

@@ -9,6 +9,9 @@ architecture: "standalone"
auth:
password: {{ .Values.secrets.redis.password | quote }}
commonAnnotations:
{{ .Values.annotations.servicesExternalRedis.common | toYaml | nindent 2 }}
global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
@@ -21,6 +24,8 @@ image:
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
master:
annotations:
{{ .Values.annotations.servicesExternalRedis.masterMaster | toYaml | nindent 4 }}
containerSecurityContext:
privileged: false
readOnlyRootFilesystem: true
@@ -38,13 +43,40 @@ master:
count: {{ .Values.replicas.redis }}
persistence:
size: {{ .Values.persistence.storages.redis.size | quote }}
podAnnotations: {}
annotations:
{{ .Values.annotations.servicesExternalRedis.masterPersistence | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.servicesExternalRedis.masterPod | toYaml | nindent 4 }}
resources:
{{ .Values.resources.redis | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.servicesExternalRedis.masterService | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalRedis.masterServiceAccount | toYaml | nindent 6 }}
metrics:
enabled: false
replica:
annotations:
{{ .Values.annotations.servicesExternalRedis.replicaReplica | toYaml | nindent 4 }}
persistence:
annotations:
{{ .Values.annotations.servicesExternalRedis.replicaPersistence | toYaml | nindent 6 }}
podAnnotations:
{{ .Values.annotations.servicesExternalRedis.replicaPod | toYaml | nindent 4 }}
service:
annotations:
{{ .Values.annotations.servicesExternalRedis.replicaService | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.servicesExternalRedis.replicaServiceAccount | toYaml | nindent 6 }}
secretAnnotations:
{{ .Values.annotations.servicesExternalRedis.secret | toYaml | nindent 2 }}
sentinel:
enabled: false

14
helmfile/apps/xwiki/values.yaml.gotmpl
View File

@@ -4,6 +4,9 @@ SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG Ze
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.xwiki.common | toYaml | nindent 2 }}
image:
{{- if eq .Values.databases.xwiki.type "mariadb" }}
name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwikiMariadb.registry }}/{{ .Values.images.xwikiMariadb.repository }}"
@@ -129,6 +132,9 @@ ingress:
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.xwiki }}s"
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.xwiki }}s"
haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
{{- with .Values.annotations.xwiki.ingress }}
{{ . | toYaml | nindent 4 }}
{{- end }}
hosts:
- host: "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
paths:
@@ -149,6 +155,8 @@ mysql:
enabled: false
persistence:
annotations:
{{ .Values.annotations.xwiki.persistence | toYaml | nindent 4 }}
size: {{ .Values.persistence.storages.xwiki.size | quote }}
storageClass: {{ coalesce .Values.persistence.storages.xwiki.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
@@ -217,9 +225,15 @@ resources:
{{ .Values.resources.xwiki | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.xwiki.service | toYaml | nindent 4 }}
externalPort: 80
enabled: true
serviceAccount:
annotations:
{{ .Values.annotations.xwiki.serviceAccount | toYaml | nindent 4 }}
volumePermissions:
enabled: true

440
helmfile/environments/default/annotations.yaml.gotmpl Normal file
View File

@@ -0,0 +1,440 @@
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
annotations:
cassandra:
ingress: ~
pod: ~
serviceAccount: ~
coco:
ingress: ~
pod: ~
serviceAccount: ~
collabora:
ingress: ~
pod: ~
service: ~
serviceAccount: ~
cryptpad:
ingress: ~
pod: ~
serviceAccount: ~
element:
common: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
elementMatrixNeoboardWidget:
additional: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
elementMatrixNeochoiceWidget:
additional: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
elementMatrixNeodatefixBot:
additional: ~
ingress: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
elementMatrixNeodatefixBotBootstrap:
pod: ~
serviceAccount: ~
elementMatrixNeodatefixWidget:
additional: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
elementMatrixUserVerificationService:
additional: ~
pod: ~
service: ~
serviceAccount: ~
elementMatrixUserVerificationServiceBootstrap:
pod: ~
serviceAccount: ~
elementSynapse:
common: ~
federationIngress: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
elementSynapseWeb:
common: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
elementWellKnown:
common: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
jitsi:
pod: ~
serviceAccount: ~
jitsiGlobal:
pod: ~
jitsiJibri:
pod: ~
jitsiJicofo:
pod: ~
jitsiJigasi:
pod: ~
jitsiJitsiPatchJVB:
serviceAccount: ~
jitsiJvb:
pod: ~
service: ~
metricsPrometheus: ~
metricsGrafana: ~
jitsiProsody:
pod: ~
jitsiWeb:
ingress: ~
pod: ~
nextcloudAio:
additional: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
nextcloudExporter:
additional: ~
ingress: ~
pod: ~
serviceAccount: ~
nextcloudNextcloudMgmt:
additional: ~
pod: ~
serviceAccount: ~
notes:
ingressAdmin: ~
ingressCollaborationWS: ~
ingressCollaborationAPI: ~
ingressMedia: ~
serviceMedia: ~
notesBackend:
migrateJob: ~
pod: ~
service: ~
notesFrontend:
pod: ~
service: ~
notesYProvider:
pod: ~
service: ~
nubus:
additional: ~
ingress: ~
nubusGuardian:
authorizationApiPod: ~
globalPod: ~
ingressIngress: ~
ingressManagementUi: ~
ingressManagementApi: ~
ingressAuthorizationApi: ~
managementApiPod: ~
managementUiPod: ~
serviceAccount: ~
nubusIntercomService:
additional: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
nubusKeycloak:
common: ~
pod: ~
service: ~
serviceAccount: ~
nubusKeycloakBootstrap:
additional: ~
pod: ~
service: ~
serviceAccount: ~
nubusKeycloakBootstrapNubus:
additional: ~
pod: ~
serviceAccount: ~
nubusKeycloakExtensions:
handlerAdditional: ~
handlerPod: ~
handlerService: ~
handlerServiceAccount: ~
proxyAdditional: ~
proxyIngress: ~
proxyPod: ~
proxyService: ~
proxyServiceAccount: ~
nubusLdapNotifier:
additional: ~
pod: ~
service: ~
serviceAccount: ~
nubusLdapServer:
additional: ~
pod: ~
service: ~
serviceAccount: ~
nubusNotificationsApi:
additional: ~
ingress: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
nubusOxConnector:
pod: ~
serviceAccount: ~
nubusPortalConsumer:
pod: ~
nubusPortalFrontend:
additional: ~
ingressIngress: ~
ingressRewrites: ~
ingressRedirects: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
nubusPortalServer:
additional: ~
ingress: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
nubusProvisioning:
additional: ~
apiAdditional: ~
apiPod: ~
dispatcherAdditional: ~
dispatcherPod: ~
natsAdditional: ~
natsPod: ~
udmTransformerAdditional: ~
udmTransformerPod: ~
pod: ~
prefillAdditional: ~
prefillPod: ~
registerConsumersAdditional: ~
registerConsumersPod: ~
service: ~
serviceAccount: ~
nubusNginxS3Gateway:
additional: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
nubusSelfserviceConsumer:
pod: ~
serviceAccount: ~
nubusStackDataUms:
additional: ~
pod: ~
serviceAccount: ~
nubusUdmListener:
pod: ~
serviceAccount: ~
nubusUdmRestApi:
additional: ~
ingress: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
nubusUmcGateway:
ingress: ~
pod: ~
serviceAccount: ~
nubusUmcServer:
additional: ~
ingress: ~
pod: ~
serviceAccount: ~
opendeskMigrationsPost:
additional: ~
pod: ~
serviceAccount: ~
opendeskMigrationsPre:
additional: ~
pod: ~
serviceAccount: ~
opendeskServicesHome:
additional: ~
ingress: ~
opendeskServicesOtterize:
additional: ~
opendeskServicesStaticFiles:
additional: ~
ingress: ~
pod: ~
service: ~
serviceAccount: ~
openproject:
ingress: ~
pod: ~
openprojectTempVolumes: ~
serviceAccount: ~
seederJob: ~
openprojectBootstrap:
additional: ~
pod: ~
openxchangeAppsuiteCoreDocumentconverter:
pod: ~
openxchangeAppsuiteCoreGuidedtours:
pod: ~
openxchangeAppsuiteCoreImageconverter:
pod: ~
openxchangeAppsuiteCoreUi:
pod: ~
openxchangeAppsuiteCoreUiMiddleware:
pod: ~
openxchangeAppsuiteCoreMw:
gotenbergPod: ~
pod: ~
serviceAccount: ~
updatePod: ~
openxchangeAppsuiteCoreUserGuide:
pod: ~
openxchangeAppsuiteIngress:
appsuitebase: ~
ingress: ~
rootredirect: ~
trailslash: ~
restRoutesAdmin: ~
restRoutesAdvertisement: ~
restRoutesChronos: ~
restRoutesPreliminary: ~
restRoutesUserfeedback: ~
staticRoutesServlet: ~
staticRoutesRealtime: ~
staticRoutesInfostore: ~
staticRoutesWebservices: ~
driveClientWindowsOxRoute: ~
guardApiRoute: ~
guardSupportApiRoute: ~
guardPgpRoute: ~
httpApiRoutesApi: ~
httpApiRoutesAjax: ~
httpApiRoutesAppsuiteApi: ~
httpApiRoutesAppRootApi: ~
rt2Route: ~
documentsHelpRoute: ~
driveHelpRoute: ~
coreHelpRoute: ~
officeWebRoute: ~
caldavWellKnownRedirect: ~
carddavWellKnownRedirect: ~
davInfostoreRoute: ~
davRootRoute: ~
wopiServerRoute: ~
openxchangeBootstrap:
additional: ~
serviceAccount: ~
openxchangeDovecot:
common: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
openxchangeEnterpriseContactPicker:
appsuiteCoreMw:
appsuiteCoreMwPod: ~
appsuiteCoreMwServiceAccount: ~
openxchangeNextcloudIntegrationUi:
pod: ~
openxchangePostfix:
pod: ~
service: ~
openxchangePublicSectorUi:
pod: ~
servicesExternalClamavDistributed:
clamdCommon: ~
clamdPod: ~
clamdService: ~
clamdServiceAccount: ~
freshclamCommon: ~
freshclamService: ~
freshclamServiceAccount: ~
milterCommon: ~
milterPod: ~
milterService: ~
milterServiceAccount: ~
persistence: ~
servicesExternalClamavSimple:
common: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
servicesExternalDkimpy:
additional: ~
pod: ~
service: ~
serviceAccount: ~
servicesExternalMariadb:
common: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
servicesExternalMemcached:
common: ~
pod: ~
service: ~
serviceAccount: ~
servicesExternalMinio:
apiIngress: ~
common:
ingress: ~
persistence: ~
provisioningPod: ~
pod: ~
serviceService: ~
serviceHeadless: ~
serviceAccount: ~
servicesExternalPostfix:
common: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
servicesExternalPostgresql:
common: ~
persistence: ~
pod: ~
service: ~
serviceAccount: ~
servicesExternalRedis:
common: ~
masterMaster: ~
masterPersistence: ~
masterPod: ~
masterService: ~
masterServiceAccount: ~
replicaReplica: ~
replicaPersistence: ~
replicaPod: ~
replicaService: ~
replicaServiceAccount: ~
secret: ~
xwiki:
common: ~
ingress: ~
persistence: ~
service: ~
serviceAccount: ~
...