mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
167 lines
6.2 KiB
Go Template
167 lines
6.2 KiB
Go Template
{{/*
|
|
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/}}
|
|
---
|
|
additionalAnnotations:
|
|
{{ .Values.annotations.nubusIntercomService.additional | toYaml | nindent 2 }}
|
|
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
enabled: true
|
|
privileged: false
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
seLinuxOptions:
|
|
{{ .Values.seLinuxOptions.intercom | toYaml | nindent 4 }}
|
|
|
|
{{- if .Values.certificate.selfSigned }}
|
|
extraVolumes:
|
|
- name: "trusted-cert-secret-volume"
|
|
secret:
|
|
secretName: "opendesk-certificates-ca-tls"
|
|
items:
|
|
- key: "ca.crt"
|
|
path: "ca-certificates.crt"
|
|
extraVolumeMounts:
|
|
- name: "trusted-cert-secret-volume"
|
|
mountPath: "/etc/ssl/certs/ca-certificates.crt"
|
|
subPath: "ca-certificates.crt"
|
|
{{- end }}
|
|
|
|
extraEnvVars:
|
|
- name: "REDIS_USER"
|
|
value: {{ .Values.cache.intercomService.username }}
|
|
{{- if .Values.certificate.selfSigned }}
|
|
- name: "NODE_EXTRA_CA_CERTS"
|
|
value: "/etc/ssl/certs/ca-certificates.crt"
|
|
{{- end }}
|
|
|
|
global:
|
|
domain: {{ .Values.global.domain | quote }}
|
|
hosts:
|
|
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
|
imagePullSecrets:
|
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
|
|
ics:
|
|
secret: {{ .Values.secrets.intercom.secret | quote }}
|
|
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
|
originRegex: "{{ .Values.global.domain }}"
|
|
enableSessionCookie: true
|
|
userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"opendesk_useruuid"{{ else }}"opendesk_username"{{ end }}
|
|
usernameClaim: "opendesk_username"
|
|
keycloak:
|
|
realm: {{ .Values.platform.realm | quote }}
|
|
default:
|
|
domain: {{ .Values.global.domain | quote }}
|
|
oidc:
|
|
id: "opendesk-intercom"
|
|
secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
|
matrix:
|
|
asSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
|
|
subdomain: {{ .Values.global.hosts.synapse | quote }}
|
|
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
|
|
nordeck:
|
|
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
|
|
portal:
|
|
apiKey: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
|
redis:
|
|
host: {{ .Values.cache.intercomService.host | quote }}
|
|
port: {{ .Values.cache.intercomService.port }}
|
|
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
|
|
openxchange:
|
|
oci: true
|
|
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
|
|
audience: "opendesk-oxappsuite"
|
|
xwiki:
|
|
subdomain: {{ .Values.global.hosts.xwiki | quote }}
|
|
audience: "opendesk-xwiki"
|
|
nextcloud:
|
|
origin: {{ .Values.global.hosts.nextcloud | quote }}
|
|
subdomain: {{ .Values.global.hosts.nextcloud | quote }}
|
|
audience: "opendesk-nextcloud"
|
|
image:
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.intercom.registry | quote }}
|
|
repository: {{ .Values.images.intercom.repository | quote }}
|
|
tag: {{ .Values.images.intercom.tag | quote }}
|
|
|
|
ingress:
|
|
host: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
|
|
enabled: {{ .Values.ingress.enabled }}
|
|
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
|
|
tls:
|
|
enabled: {{ .Values.ingress.tls.enabled }}
|
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
|
annotations:
|
|
{{ .Values.annotations.nubusIntercomService.ingress | toYaml | nindent 4 }}
|
|
|
|
podAnnotations:
|
|
{{ .Values.annotations.nubusIntercomService.pod | toYaml | nindent 2 }}
|
|
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: "Always"
|
|
|
|
provisioning:
|
|
# intercom OIDC client is created by opendesk-keycloak-bootstrap, as we have control over the
|
|
# client's claims this way.
|
|
enabled: false
|
|
config:
|
|
nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
|
|
keycloak:
|
|
url: "http://ums-keycloak:8080/realms/{{ .Values.platform.realm }}/"
|
|
username: "kcadmin"
|
|
realm: {{ .Values.platform.realm | quote }}
|
|
connection:
|
|
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
|
baseUrl: "http://ums-keycloak:8080"
|
|
credentialSecret:
|
|
name: "ums-opendesk-keycloak-credentials"
|
|
key: "admin_password"
|
|
ics_client:
|
|
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
|
credentialSecret:
|
|
key: "ics_secret"
|
|
image:
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
|
|
repository: {{ .Values.images.nubusWaitForDependency.repository | quote }}
|
|
tag: {{ .Values.images.nubusWaitForDependency.tag | quote }}
|
|
provisioningImage:
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
|
|
repository: {{ .Values.images.nubusKeycloakBootstrap.repository | quote }}
|
|
tag: {{ .Values.images.nubusKeycloakBootstrap.tag | quote }}
|
|
resources:
|
|
{{ .Values.resources.intercomService | toYaml | nindent 4 }}
|
|
securityContext:
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
seLinuxOptions:
|
|
{{ .Values.seLinuxOptions.intercom | toYaml | nindent 6 }}
|
|
|
|
replicaCount: {{ .Values.replicas.intercomService }}
|
|
|
|
resources:
|
|
{{ .Values.resources.intercomService | toYaml | nindent 2 }}
|
|
|
|
service:
|
|
annotations:
|
|
{{ .Values.annotations.nubusIntercomService.service | toYaml | nindent 4 }}
|
|
|
|
serviceAccount:
|
|
annotations:
|
|
{{ .Values.annotations.nubusIntercomService.serviceAccount | toYaml | nindent 4 }}
|
|
...
|