mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
117 lines
3.4 KiB
Go Template
117 lines
3.4 KiB
Go Template
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
---
|
|
|
|
extraIngresses:
|
|
redirects:
|
|
# Using "stack-gateway" currently.
|
|
enabled: false
|
|
# The TLS configuration is on the "master" Ingress, see below.
|
|
tls:
|
|
enabled: false
|
|
master:
|
|
# Using "stack-gateway" currently.
|
|
enabled: false
|
|
tls:
|
|
enabled: {{ .Values.ingress.tls.enabled }}
|
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
|
|
|
# See "extraVolumeMounts" below
|
|
custom-favicon:
|
|
# Using "stack-gateway" at the moment
|
|
enabled: false
|
|
annotations:
|
|
nginx.org/mergeable-ingress-type: "minion"
|
|
paths:
|
|
- pathType: "Exact"
|
|
path: "/favicon.ico"
|
|
tls: {}
|
|
|
|
extraVolumes:
|
|
- name: "opendesk-branding"
|
|
configMap:
|
|
name: "ums-stack-data-swp-branding"
|
|
|
|
extraVolumeMounts:
|
|
- name: "opendesk-branding"
|
|
mountPath: "/var/www/html/favicon.ico"
|
|
subPath: "favicon.ico"
|
|
- name: "opendesk-branding"
|
|
mountPath: "/var/www/html/css/custom.css"
|
|
subPath: "custom.css"
|
|
- name: "opendesk-branding"
|
|
mountPath: "/var/www/html/icons/logo.svg"
|
|
subPath: "logo.svg"
|
|
- name: "opendesk-branding"
|
|
mountPath: "/var/www/html/icons/logo_small_border.svg"
|
|
subPath: "logo_small_border.svg"
|
|
- name: "opendesk-branding"
|
|
mountPath: "/var/www/html/custom/portal_background_image.png"
|
|
subPath: "portal_background_image.png"
|
|
- name: "opendesk-branding"
|
|
mountPath: "/var/www/html/custom/portal_background_image.svg"
|
|
subPath: "portal_background_image.svg"
|
|
|
|
image:
|
|
registry: {{ .Values.global.imageRegistry | default .Values.images.umsPortalFrontend.registry | quote }}
|
|
repository: {{ .Values.images.umsPortalFrontend.repository | quote }}
|
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
tag: {{ .Values.images.umsPortalFrontend.tag | quote }}
|
|
pullSecrets:
|
|
{{- range .Values.global.imagePullSecrets }}
|
|
- name: {{ . | quote }}
|
|
{{- end }}
|
|
|
|
# See "extraVolumeMounts" below
|
|
custom-branding:
|
|
# Using "stack-gateway" at the moment
|
|
enabled: false
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
rewrite ^/univention/portal(/.*)$ $1 break;
|
|
nginx.org/location-snippets: |
|
|
rewrite ^/univention/portal(/.*)$ $1 break;
|
|
nginx.org/mergeable-ingress-type: "minion"
|
|
paths:
|
|
# This relies on the correct implementation of the matching for paths of
|
|
# type "Prefix" since "/univention/portal/icons/entries/" is owned by
|
|
# store-dav.
|
|
# See: https://kubernetes.io/docs/concepts/services-networking/ingress/#multiple-matches
|
|
- pathType: "Prefix"
|
|
path: "/univention/portal/icons/"
|
|
- pathType: "Prefix"
|
|
path: "/univention/portal/custom/"
|
|
tls: {}
|
|
|
|
replicaCount: {{ .Values.replicas.umsPortalFrontend }}
|
|
|
|
resources:
|
|
{{ .Values.resources.umsPortalFrontend | toYaml | nindent 2 }}
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
add:
|
|
- "CHOWN"
|
|
- "DAC_OVERRIDE"
|
|
- "FOWNER"
|
|
- "FSETID"
|
|
- "KILL"
|
|
- "SETGID"
|
|
- "SETUID"
|
|
- "SETPCAP"
|
|
- "NET_BIND_SERVICE"
|
|
- "NET_RAW"
|
|
- "SYS_CHROOT"
|
|
privileged: false
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
readOnlyRootFilesystem: false
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
seLinuxOptions: {{ .Values.seLinuxOptions.umsPortalFrontend | toYaml | nindent 4 }}
|
|
...
|