sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
277a1f5a65e340180feeb84cce2097be5a2157e1
opendesk/helmfile/apps/services-external/values-minio.yaml.gotmpl

217 lines
6.1 KiB
Go Template
Raw Blame History

{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
apiIngress:
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
hostname: "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
extraTls:
- hosts:
- "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
secretName: "{{ .Values.ingress.tls.secretName }}"
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "4G"
nginx.org/client-max-body-size: "4G"
auth:
rootPassword: {{ .Values.secrets.minio.rootPassword | quote }}
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
runAsUser: 1000
runAsGroup: 0
runAsNonRoot: true
readOnlyRootFilesystem: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.minio | toYaml | nindent 4 }}
defaultBuckets: "openproject,openxchange,ums,nextcloud"
global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.minio.registry | quote }}
repository: "{{ .Values.images.minio.repository }}"
tag: "{{ .Values.images.minio.tag }}"
pullPolicy: "{{ .Values.global.imagePullPolicy }}"
{{- if .Values.debug.enabled }}
ingress:
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
hostname: "{{ .Values.global.hosts.minioConsole }}.{{ .Values.global.domain }}"
extraTls:
- hosts:
- "{{ .Values.global.hosts.minioConsole }}.{{ .Values.global.domain }}"
secretName: "{{ .Values.ingress.tls.secretName }}"
annotations:
nginx.org/websocket-services: "minio"
{{- end }}
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 10
mode: {{ if gt .Values.replicas.minio 1 }}"distributed"{{ else }}"standalone"{{ end }}
metrics:
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
additionalLabels:
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 6 }}
networkPolicy:
enabled: false
podSecurityContext:
enabled: true
fsGroup: 1000
persistence:
storageClass: "{{ .Values.persistence.storageClassNames.RWO }}"
size: "{{ .Values.persistence.size.minio }}"
provisioning:
enabled: true
cleanupAfterFinished:
enabled: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
seconds: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
extraCommands:
- "mc anonymous set download provisioning/ums/portal-assets"
buckets:
- name: {{ .Values.objectstores.migrations.bucket | quote }}
versioning: false
withLock: false
- name: {{ .Values.objectstores.nextcloud.bucket | quote }}
versioning: true
withLock: false
- name: {{ .Values.objectstores.openproject.bucket | quote }}
versioning: true
withLock: false
- name: {{ .Values.objectstores.nubus.bucket | quote }}
versioning: false
withLock: false
policies:
- name: "migrations-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::migrations"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::migrations/*"
effect: "Allow"
actions:
- "s3:*"
- name: "nextcloud-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::nextcloud"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::nextcloud/*"
effect: "Allow"
actions:
- "s3:*"
- name: "openproject-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::openproject"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::openproject/*"
effect: "Allow"
actions:
- "s3:*"
- name: "ums-bucket-policy"
statements:
- resources:
- "arn:aws:s3:::ums"
effect: "Allow"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::ums/*"
effect: "Allow"
actions:
- "s3:*"
users:
- username: {{ .Values.objectstores.migrations.username | quote }}
password: {{ .Values.secrets.minio.migrationsUser | quote }}
disabled: false
policies:
- "migrations-bucket-policy"
setPolicies: true
- username: {{ .Values.objectstores.nextcloud.username | quote }}
password: {{ .Values.secrets.minio.nextcloudUser | quote }}
disabled: false
policies:
- "nextcloud-bucket-policy"
setPolicies: true
- username: {{ .Values.objectstores.openproject.username | quote }}
password: {{ .Values.secrets.minio.openprojectUser | quote }}
disabled: false
policies:
- "openproject-bucket-policy"
setPolicies: true
- username: {{ .Values.objectstores.nubus.username | quote }}
password: {{ .Values.secrets.minio.umsUser | quote }}
disabled: false
policies:
- "ums-bucket-policy"
setPolicies: true
resources:
{{ .Values.resources.minio | toYaml | nindent 4 }}
podAnnotations: {}
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 10
resources:
{{ .Values.resources.minio | toYaml | nindent 2 }}
startupProbe:
enabled: true
periodSeconds: 10
timeoutSeconds: 10
statefulset:
replicaCount: {{ .Values.replicas.minio }}
{{- if .Values.certificate.selfSigned }}
extraVolumes:
- name: "trusted-cert-secret-volume"
secret:
secretName: "opendesk-certificates-ca-tls"
items:
- key: "ca.crt"
path: "public.crt"
extraVolumeMounts:
- name: "trusted-cert-secret-volume"
mountPath: "/certs/CAs"
{{- end }}
...
Reference in New Issue View Git Blame Copy Permalink