sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
40aa9d0e63b78c5aff6a302a13c851cbd482cf6d
opendesk/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl

160 lines
6.4 KiB
Go Template
Raw Blame History

{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
exporter:
enabled: true
configuration:
server: "http://opendesk-nextcloud-aio"
token:
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 65532
runAsGroup: 65532
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.nextcloudExporter | toYaml | nindent 6 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloudExporter.registry | quote }}
repository: "{{ .Values.images.nextcloudExporter.repository }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloudExporter.tag | quote }}
podAnnotations: {}
prometheus:
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
labels:
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
prometheusRule:
enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
additionalLabels:
{{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
replicaCount: {{ .Values.replicas.nextcloudExporter }}
resources:
{{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }}
aio:
additionalAnnotations:
intents.otterize.com/service-name: "opendesk-nextcloud-aio"
configuration:
cache:
auth:
enabled: true
username:
value: {{ .Values.cache.nextcloud.username }}
password:
value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
host: {{ .Values.cache.nextcloud.host | quote }}
port: {{ .Values.cache.nextcloud.port | quote }}
tls: {{ .Values.cache.nextcloud.tls }}
database:
{{ if eq .Values.databases.nextcloud.type "mariadb" }}
type: "mysql"
{{ else if eq .Values.databases.nextcloud.type "postgresql" }}
type: "pgsql"
{{ else }}
{{ .Values.databases.nextcloud.type | quote }}
{{ end }}
host: {{ .Values.databases.nextcloud.host | quote }}
port: {{ .Values.databases.nextcloud.port | quote }}
name: {{ .Values.databases.nextcloud.name | quote }}
auth:
username:
value: {{ .Values.databases.nextcloud.username | quote }}
password:
{{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
{{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
{{- else }}
value: {{ .Values.databases.nextcloud.password | quote }}
{{- end }}
trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 101
runAsGroup: 101
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }}
cron:
successfulJobsHistoryLimit: {{ if .Values.debug.enabled }}"3"{{ else }}"0"{{ end }}
debug:
loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }}
{{- if .Values.certificate.selfSigned }}
extraEnvVars:
- name: "FS_IMPORT_CA_CERTIFICATES"
value: "true"
{{- end }}
{{- if .Values.certificate.selfSigned }}
extraVolumes:
- name: "trusted-cert-secret-volume"
secret:
secretName: "opendesk-certificates-ca-tls"
items:
- key: "ca.crt"
path: "ca-certificates.crt"
extraVolumeMounts:
- name: "trusted-cert-secret-volume"
mountPath: "/etc/ssl/certs/ca-certificates.crt"
subPath: "ca-certificates.crt"
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
repository: {{ .Values.images.nextcloud.repository | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.nextcloud.tag | quote }}
ingress:
enabled: {{ .Values.ingress.enabled }}
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.nextcloud }}"
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.nextcloud }}"
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.nextcloud }}"
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.nextcloud }}"
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.nextcloud }}s"
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.nextcloud }}s"
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
podAnnotations: {}
podSecurityContext:
fsGroup: 101
prometheus:
serviceMonitor:
enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
labels:
{{ .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
prometheusRule:
enabled: {{ .Values.monitoring.prometheus.prometheusRules.enabled }}
additionalLabels:
{{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
replicaCount: {{ .Values.replicas.nextcloud }}
resources:
{{ .Values.resources.nextcloud | toYaml | nindent 4 }}
...
Reference in New Issue View Git Blame Copy Permalink