{{/* SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" SPDX-License-Identifier: Apache-2.0 */}} --- global: hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" appsuite: cookieHashSalt: {{ .Values.secrets.oxAppsuite.cookieHashSalt }} shareCryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey }} sessiondEncryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey }} mysql: host: {{ .Values.databases.oxAppsuite.host | quote }} database: {{ .Values.databases.oxAppsuite.name | quote }} auth: user: {{ .Values.databases.oxAppsuite.username | quote }} password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} nextcloud-integration-ui: image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }} repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }} tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }} imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} resources: {{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" privileged: false readOnlyRootFilesystem: false runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeNextcloudIntegrationUI | toYaml | nindent 6 }} public-sector-ui: image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangePublicSectorUI.registry | quote }} repository: {{ .Values.images.openxchangePublicSectorUI.repository | quote }} tag: {{ .Values.images.openxchangePublicSectorUI.tag | quote }} imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} resources: {{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" privileged: false readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangePublicSectorUI | toYaml | nindent 6 }} appsuite: appsuite-toolkit: enabled: false switchboard: enabled: false istio: enabled: false ingress: enabled: {{ .Values.ingress.enabled }} ingressClassName: {{ .Values.ingress.ingressClassName | quote }} tls: enabled: true existingSecret: {{ .Values.ingress.tls.secretName | quote }} appsuite: hosts: - "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" dav: hosts: - "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" routes: http-api-routes-appsuite-api: annotations: nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.openXchangeAppSuite }}" nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.openXchangeAppSuite }}" nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.openXchangeAppSuite }}" trailslash: enabled: false core-mw: enabled: true asConfig: default: host: "all" pageHeaderPrefix: "as8.souvap App Suite" oidcLogin: true oidcPath: "/oidc" masterAdmin: "admin" masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} hzGroupName: "hzgroup" hzGroupPassword: {{ .Values.secrets.oxAppsuite.hzGroupPassword | quote }} basicAuthLogin: "oxlogin" basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} jolokiaLogin: "jolokia" jolokiaPassword: {{ .Values.secrets.oxAppsuite.jolokiaPassword | quote }} hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" serviceAccount: create: true features: status: # enable admin pack # admin: enabled documents: "disabled" guard: "enabled" gotenberg: enabled: true imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} image: repository: "{{ .Values.global.imageRegistry | default .Values.images.openxchangeGotenberg.registry }}/{{ .Values.images.openxchangeGotenberg.repository }}" tag: {{ .Values.images.openxchangeGotenberg.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} resources: {{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" privileged: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeGotenberg | toYaml | nindent 10 }} hooks: beforeAppsuiteStart: create-guard-dir.sh: | mkdir -p /opt/open-xchange/guard-files chown open-xchange:open-xchange /opt/open-xchange/guard-files packages: status: open-xchange-oidc: "enabled" open-xchange-authentication-database: "disabled" open-xchange-authentication-oauth: "enabled" properties: com.openexchange.UIWebPath: "/appsuite/" com.openexchange.showAdmin: "false" # PDF Export com.openexchange.capability.mail_export_pdf: "true" com.openexchange.mail.exportpdf.gotenberg.enabled: "true" com.openexchange.mail.exportpdf.collabora.enabled: "true" com.openexchange.mail.exportpdf.pdfa.collabora.enabled: "true" com.openexchange.mail.exportpdf.collabora.url: "http://collabora:9980" com.openexchange.mail.exportpdf.gotenberg.url: "http://open-xchange-gotenberg:3000" # OIDC com.openexchange.oidc.enabled: "true" com.openexchange.oidc.autologinCookieMode: "ox_direct" com.openexchange.oidc.backchannelLogoutEnabled: "true" com.openexchange.oidc.clientId: "opendesk-oxappsuite" com.openexchange.oidc.clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }} com.openexchange.oidc.contextLookupClaim: "context" com.openexchange.oidc.contextLookupNamePart: "full" com.openexchange.oidc.opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth" com.openexchange.oidc.opIssuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" com.openexchange.oidc.opJwkSetEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs" com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout" com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token" com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/auth" com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/logout" com.openexchange.oidc.ssoLogout: "true" com.openexchange.oidc.startDefaultBackend: "true" com.openexchange.oidc.userLookupClaim: "opendesk_username" com.openexchange.oidc.userLookupNamePart: "full" # OAUTH com.openexchange.oauth.provider.enabled: "true" com.openexchange.oauth.provider.allowedIssuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" com.openexchange.oauth.provider.contextLookupClaim: "context" com.openexchange.oauth.provider.contextLookupNamePart: "full" com.openexchange.oauth.provider.jwt.jwksUri: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs" com.openexchange.oauth.provider.mode: "expect_jwt" com.openexchange.oauth.provider.userLookupNamePart: "full" com.openexchange.oauth.provider.userLookupClaim: "opendesk_username" com.openexchange.authentication.oauth.clientId: "opendesk-oxappsuite" com.openexchange.authentication.oauth.tokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token" com.openexchange.authentication.oauth.clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }} # MAIL com.openexchange.mail.authType: "xoauth2" com.openexchange.mail.loginSource: "mail" com.openexchange.mail.mailServer: "dovecot" com.openexchange.mail.mailServerSource: "global" com.openexchange.mail.transport.authType: "xoauth2" com.openexchange.mail.transportServer: "postfix" com.openexchange.mail.transportServerSource: "global" # Mailfilter com.openexchange.mail.filter.loginType: "global" com.openexchange.mail.filter.credentialSource: "mail" com.openexchange.mail.filter.server: "dovecot" com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2" # Dovecot com.openexchange.imap.attachmentMarker.enabled: "true" # Capabilities # Old capability can be used to toggle all integrations with a single switch com.openexchange.capability.public-sector: "true" # New capabilities in 2.0 com.openexchange.capability.public-sector-element: "true" com.openexchange.capability.public-sector-navigation: "true" com.openexchange.capability.client-onboarding: "true" com.openexchange.capability.dynamic-theme: "true" com.openexchange.capability.filestorage_nextcloud: "true" com.openexchange.capability.filestorage_nextcloud_oauth: "true" com.openexchange.capability.guard: "true" com.openexchange.capability.guard-mail: "true" com.openexchange.capability.smime: "true" com.openexchange.capability.share_links: "false" com.openexchange.capability.invite_guests: "false" com.openexchange.capability.document_preview: "true" # Secondary Accounts com.openexchange.mail.secondary.authType: "XOAUTH2" com.openexchange.mail.transport.secondary.authType: "xoauth2" # Nextcloud integration com.openexchange.file.storage.nextcloud.oauth.url: "http://opendesk-nextcloud-apache2/" com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user" com.openexchange.nextcloud.filepicker.includeAccessToken: "false" # Element integration com.openexchange.conference.element.enabled: "true" com.openexchange.conference.element.meetingHostUrl: http://matrix-neodatefix-bot com.openexchange.conference.element.matrixLoginUrl: http://opendesk-synapse-web:8008/_matrix/client/v3/login com.openexchange.conference.element.matrixUuidClaimName: opendesk_useruuid # GDPR com.openexchange.gdpr.dataexport.enabled: "false" com.openexchange.gdpr.dataexport.active: "false" # Guard com.openexchange.guard.storage.file.fileStorageType: "file" com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/" com.openexchange.guard.guestSMTPServer: "postfix" # S/MIME # Usage (in browser console after login): # http = (await import('./io.ox/core/http.js')).default # await http.POST({ module: 'oxguard/smime', params: { action: 'test' } }) com.openexchange.smime.test: "true" # Other com.openexchange.secret.secretSource: "\" + '@' + + '/' + \"" secretProperties: com.openexchange.cookie.hash.salt: {{ .Values.secrets.oxAppsuite.cookieHashSalt | quote }} com.openexchange.sessiond.encryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey | quote }} com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }} com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }} propertiesFiles: /opt/open-xchange/etc/AdminDaemon.properties: MASTER_ACCOUNT_OVERRIDE: "true" /opt/open-xchange/etc/AdminUser.properties: USERNAME_CHANGEABLE: "true" /opt/open-xchange/etc/system.properties: SERVER_NAME: "oxserver" /opt/open-xchange/etc/ldapauth.properties: java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal" bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} bindOnly: "false" /opt/open-xchange/etc/antivirus.properties: com.openexchange.antivirus.enabled: "true" {{- if .Values.clamavDistributed.enabled }} com.openexchange.antivirus.server: "clamav-icap" {{- else if .Values.clamavSimple.enabled }} com.openexchange.antivirus.server: "clamav-simple" {{- end }} com.openexchange.antivirus.port: "1344" com.openexchange.antivirus.maxFileSize: "1024" uiSettings: io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/" io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/" # Show the Enterprise Picker in the top right corner instead of the launcher drop-down io.ox/core//features/enterprisePicker/showLauncher: "false" io.ox/core//features/enterprisePicker/showTopRightLauncher: "true" # Text and icon color in the topbar io.ox/dynamic-theme//topbarColor: "#000" io.ox/dynamic-theme//logoWidth: "82" io.ox/dynamic-theme//topbarHover: "rgba(0, 0, 0, 0.1)" # Resources io.ox/core//features/resourceCalendars: "true" io.ox/core//features/managedResources: "true" # Categories io.ox/core//features/categories: "true" io.ox/core//categories/predefined: > [{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }] # Nextcloud integration # io.ox.nextcloud//server: "https://ics./fs/" # Central navigation io.ox.public-sector//navigation/oxtabname: "tab_groupware" # io.ox.public-sector//ics/url: "https://ics./" io.ox/core//apps/quickLaunchCount: "0" io.ox/core//coloredIcons: "false" # Mail templates io.ox/core//features/templates: "true" # Contact Collector io.ox/mail//contactCollectOnMailTransport: "true" # io.ox/mail//contactCollectOnMailAccess: "true" # Dynamic theme io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }} io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }} io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }} io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }} io.ox/dynamic-theme//listHover: {{ .Values.theme.colors.secondaryGreyLight | quote }} io.ox/dynamic-theme//folderBackground: {{ .Values.theme.colors.white | quote }} io.ox/dynamic-theme//folderSelected: {{ .Values.theme.colors.primary15 | quote }} io.ox/dynamic-theme//folderHover: {{ .Values.theme.colors.secondaryGreyLight | quote }} secretETCFiles: # Format of the OX Guard master key: # MC+base64(20 random bytes) # RC+base64(20 random bytes) oxguardpass: | {{ .Values.secrets.oxAppsuite.oxguardMC }} {{ .Values.secrets.oxAppsuite.oxguardRC }} redis: &redisConfiguration enabled: true mode: "standalone" hosts: - "redis-master:6379" auth: enabled: true password: {{ .Values.secrets.redis.password | quote }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreMW.registry | quote }} repository: {{ .Values.images.openxchangeCoreMW.repository | quote }} tag: {{ .Values.images.openxchangeCoreMW.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} # Security context for core-mw has no effect yet # podSecurityContext: {} # securityContext: {} update: image: repository: {{ .Values.images.openxchangeCoreMW.repository | quote }} tag: {{ .Values.images.openxchangeCoreMW.tag | quote }} imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} resources: {{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }} core-ui: enabled: true imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUI.registry | quote }} repository: {{ .Values.images.openxchangeCoreUI.repository | quote }} tag: {{ .Values.images.openxchangeCoreUI.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} resources: {{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreUI | toYaml | nindent 8 }} core-ui-middleware: enabled: true ingress: hosts: - host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" enabled: false imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUIMiddleware.registry | quote }} repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository | quote }} tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} overrides: {} redis: *redisConfiguration resources: {{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }} updater: resources: {{ .Values.resources.openxchangeCoreUIMiddlewareUpdater | toYaml | nindent 8 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreUIMiddleware | toYaml | nindent 8 }} core-cacheservice: enabled: false core-documentconverter: adminUser: "admin" adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} basicAuthLogin: "oxlogin" basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} enabled: true documentConverter: cache: remoteCache: enabled: false image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeDocumentConverter.registry | quote }} repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }} tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }} redis: *redisConfiguration resources: {{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }} securityContext: runAsGroup: 1000 runAsNonRoot: true runAsUser: 987 seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: false allowPrivilegeEscalation: false privileged: false capabilities: drop: - "ALL" seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeDocumentConverter | toYaml | nindent 8 }} core-documents-collaboration: enabled: false office-web: enabled: false office-user-guide: enabled: false plugins-ui: enabled: false cloud-plugins-ui: enabled: false drive-client-windows-ox: enabled: false core-drive-help: enabled: false core-guidedtours: enabled: true imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreGuidedtours.registry | quote }} repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }} tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} resources: {{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreGuidedtours | toYaml | nindent 8 }} core-imageconverter: enabled: true adminUser: "admin" adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} basicAuthLogin: "oxlogin" basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeImageConverter.registry | quote }} repository: {{ .Values.images.openxchangeImageConverter.repository | quote }} tag: {{ .Values.images.openxchangeImageConverter.tag | quote }} objectCache: s3ObjectStores: - id: -1 endpoint: "." accessKey: "." secretKey: "." redis: *redisConfiguration resources: {{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }} securityContext: runAsGroup: 1000 runAsNonRoot: true runAsUser: 987 seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: false allowPrivilegeEscalation: false privileged: false capabilities: drop: - "ALL" seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeImageConverter | toYaml | nindent 8 }} guard-ui: enabled: true imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeGuardUI.registry | quote }} repository: {{ .Values.images.openxchangeGuardUI.repository | quote }} tag: {{ .Values.images.openxchangeGuardUI.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} resources: {{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeGuardUI | toYaml | nindent 8 }} core-spellcheck: enabled: false core-user-guide: enabled: true image: registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUserGuide.registry | quote }} repository: {{ .Values.images.openxchangeCoreUserGuide.repository | quote }} tag: {{ .Values.images.openxchangeCoreUserGuide.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} resources: {{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 privileged: false seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreUserGuide | toYaml | nindent 8 }} ...