{{/* SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" SPDX-License-Identifier: Apache-2.0 */}} --- dispatcher: image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningDispatcher.registry | quote }} repository: {{ .Values.images.umsProvisioningDispatcher.repository | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} tag: {{ .Values.images.umsProvisioningDispatcher.tag | quote }} pullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} resources: {{ .Values.resources.umsProvisioning | toYaml | nindent 4 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" privileged: false seccompProfile: type: "RuntimeDefault" runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true readOnlyRootFilesystem: false events-and-consumer-api: image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningEventsAndConsumerApi.registry | quote }} repository: {{ .Values.images.umsProvisioningEventsAndConsumerApi.repository | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} tag: {{ .Values.images.umsProvisioningEventsAndConsumerApi.tag | quote }} pullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} rootPath: "/univention/provisioning-api" ingress: # copied from values-common.yaml.gotmpl # Intentionally not using the Ingress configuration of the UMS stack at the # moment, since it does depend on rewriting capabilities of the ingress # controller. Those are encapsulated into the release "stack-gateway" so that # the compatibility with all ingress controllers is increased. enabled: false host: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} resources: {{ .Values.resources.umsProvisioning | toYaml | nindent 4 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" privileged: false seccompProfile: type: "RuntimeDefault" runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true readOnlyRootFilesystem: false udm-listener: image: registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmListener.registry | quote }} repository: {{ .Values.images.umsProvisioningUdmListener.repository | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} tag: {{ .Values.images.umsProvisioningUdmListener.tag | quote }} pullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . | quote }} {{- end }} config: ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapHost: {{ .Values.ldap.host | quote }} ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }} ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} resources: {{ .Values.resources.umsProvisioning | toYaml | nindent 4 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" add: - "CHOWN" - "DAC_OVERRIDE" - "FOWNER" - "FSETID" - "KILL" - "SETGID" - "SETUID" - "SETPCAP" - "NET_BIND_SERVICE" - "NET_RAW" - "SYS_CHROOT" privileged: false seccompProfile: type: "RuntimeDefault" runAsUser: 0 runAsGroup: 0 runAsNonRoot: false readOnlyRootFilesystem: false nats: global: image: pullPolicy: {{ .Values.global.imagePullPolicy | quote }} pullSecretNames: {{ .Values.global.imagePullSecrets }} registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningNats.registry | quote }} container: image: registry: {{ .Values.global.imageRegistry }} repository: {{ .Values.images.umsProvisioningNats.repository | quote }} tag: {{ .Values.images.umsProvisioningNats.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} natsBox: container: image: registry: {{ .Values.global.imageRegistry }} repository: {{ .Values.images.umsProvisioningNatsBox.repository | quote }} tag: {{ .Values.images.umsProvisioningNatsBox.tag | quote }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} reloader: image: repository: {{ .Values.images.umsProvisioningNatsReloader.repository | quote }} tag: {{ .Values.images.umsProvisioningNatsReloader.tag | quote }} registry: {{ .Values.global.imageRegistry }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} ...