sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
465f60d4a28ead7d7a715db71dad9d9992e8b89a
opendesk/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

1050 lines
50 KiB
Go Template
Raw Blame History

# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
global:
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
appsuite:
cookieHashSalt: {{ .Values.secrets.oxAppSuite.cookieHashSalt }}
shareCryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey }}
sessiondEncryptionKey: {{ .Values.secrets.oxAppSuite.sessiondEncryptionKey }}
mysql:
host: {{ .Values.databases.oxAppSuite.host | quote }}
database: {{ .Values.databases.oxAppSuite.name | quote }}
readHost: {{ .Values.databases.oxAppSuite.readHost | quote }}
readDatabase: {{ .Values.databases.oxAppSuite.name | quote }}
auth:
user: {{ .Values.databases.oxAppSuite.username | quote }}
password: {{ .Values.databases.oxAppSuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
rootPassword: {{ .Values.databases.oxAppSuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
readUser: {{ .Values.databases.oxAppSuite.readUser | default .Values.databases.oxAppSuite.username | quote }}
readPassword: {{ .Values.databases.oxAppSuite.readPassword | default .Values.databases.oxAppSuite.password | quote}}
nextcloud-integration-ui:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }}
repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }}
tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
podAnnotations:
{{ .Values.annotations.openxchangeNextcloudIntegrationUi.pod | toYaml | nindent 4 }}
replicaCount: {{ .Values.replicas.openxchangeNextcloudIntegrationUI }}
resources:
{{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeNextcloudIntegrationUI | toYaml | nindent 6 }}
serviceAccount:
create: false
public-sector-ui:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangePublicSectorUI.registry | quote }}
repository: {{ .Values.images.openxchangePublicSectorUI.repository | quote }}
tag: {{ .Values.images.openxchangePublicSectorUI.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
replicaCount: {{ .Values.replicas.openxchangePublicSectorUI }}
podAnnotations:
{{ .Values.annotations.openxchangePublicSectorUi.pod | toYaml | nindent 4 }}
resources:
{{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangePublicSectorUI | toYaml | nindent 6 }}
serviceAccount:
create: false
appsuite:
appsuite-toolkit:
enabled: false
switchboard:
enabled: false
istio:
enabled: false
ingress:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.ingress | toYaml | nindent 6 }}
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls:
enabled: true
existingSecret: {{ .Values.ingress.tls.secretName | quote }}
appsuite:
hosts:
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
dav:
enabled: {{ .Values.functional.groupware.davSupport.enabled }}
hosts:
- "{{ .Values.global.hosts.openxchangeDav }}.{{ .Values.global.domain }}"
routes:
appsuite-base:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.appsuitebase | toYaml | nindent 10 }}
rootredirect:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.rootredirect | toYaml | nindent 10 }}
trailslash:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.trailslash | toYaml | nindent 10 }}
rest-routes-admin:
{{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
enabled: false
{{- end }}
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesAdmin | toYaml | nindent 10 }}
rest-routes-advertisement:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesAdvertisement | toYaml | nindent 10 }}
rest-routes-chronos:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesChronos | toYaml | nindent 10 }}
rest-routes-preliminary:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesPreliminary | toYaml | nindent 10 }}
rest-routes-userfeedback:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.restRoutesUserfeedback | toYaml | nindent 10 }}
static-routes-servlet:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesServlet | toYaml | nindent 10 }}
static-routes-realtime:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesRealtime | toYaml | nindent 10 }}
static-routes-infostore:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesInfostore | toYaml | nindent 10 }}
static-routes-webservices:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.staticRoutesWebservices | toYaml | nindent 10 }}
drive-client-windows-ox-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.driveClientWindowsOxRoute | toYaml | nindent 10 }}
{{ if .Values.functional.groupware.mail.encryption.enabled }}
guard-api-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.guardApiRoute | toYaml | nindent 10 }}
guard-support-api-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.guardSupportApiRoute | toYaml | nindent 10 }}
guard-pgp-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.guardPgpRoute | toYaml | nindent 10 }}
{{ end }}
http-api-routes-api:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesApi | toYaml | nindent 10 }}
http-api-routes-ajax:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesAjax | toYaml | nindent 10 }}
http-api-routes-appsuite-api:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.oxAppSuite }}"
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.oxAppSuite }}"
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.oxAppSuite }}"
{{- with .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesAppsuiteApi }}
{{ . | toYaml | nindent 10 }}
{{- end }}
http-api-routes-app-root-api:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.httpApiRoutesAppRootApi | toYaml | nindent 10 }}
rt2-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.rt2Route | toYaml | nindent 10 }}
documents-help-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.documentsHelpRoute | toYaml | nindent 10 }}
drive-help-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.driveHelpRoute | toYaml | nindent 10 }}
core-help-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.coreHelpRoute | toYaml | nindent 10 }}
office-web-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.officeWebRoute | toYaml | nindent 10 }}
caldav-well-known-redirect:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.caldavWellKnownRedirect | toYaml | nindent 10 }}
carddav-well-known-redirect:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.carddavWellKnownRedirect | toYaml | nindent 10 }}
dav-infostore-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.davInfostoreRoute | toYaml | nindent 10 }}
dav-root-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.davRootRoute | toYaml | nindent 10 }}
wopi-server-route:
annotations:
{{ .Values.annotations.openxchangeAppsuiteIngress.wopiServerRoute | toYaml | nindent 10 }}
trailslash:
enabled: false
core-mw:
enabled: true
asConfig:
default:
host: "all"
productName: {{ .Values.theme.texts.productName | quote }}
oidcLogin: true
oidcPath: "/oidc/"
notificationMails:
button:
textColor: {{ .Values.theme.colors.white | quote }}
backgroundColor: {{ .Values.theme.colors.primary | quote }}
borderColor: {{ .Values.theme.colors.primary | quote }}
defaultScaling:
nodes:
default:
roles:
- http-api
- sync
- admin
- businessmobility
- request-analyzer
roles:
admin:
values:
features:
status:
admin: "enabled"
packages:
status:
open-xchange-admin-contextrestore: "enabled"
open-xchange-admin-oauth-provider: "enabled"
open-xchange-admin-soap: "enabled"
open-xchange-admin-soap-usercopy: "enabled"
open-xchange-admin-user-copy: "enabled"
{{- if .Values.functional.migration.oxAppSuite.enabled }}
migration:
values:
packages:
status:
open-xchange-oidc: "disabled"
open-xchange-authentication-masterpassword: "enabled"
properties:
com.openexchange.calendar.allowOrganizerPartStatChanges: "true"
# Mailfilter
com.openexchange.mail.filter.passwordSource: global
com.openexchange.mail.filter.masterPassword: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
com.openexchange.mail.filter.preferredSaslMech: ""
propertiesFiles:
/opt/open-xchange/etc/masterpassword-authentication.properties:
com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
services:
- type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
{{- end }}
scaling:
nodes:
{{- if .Values.functional.migration.oxAppSuite.enabled }}
migration:
replicas: 1
roles:
- "migration"
{{- end }}
{{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
groupware:
replicas: {{ .Values.replicas.openxchangeCoreMW }}
roles:
- "http-api"
- "sync"
- "businessmobility"
- "request-analyzer"
admin:
replicas: 1
roles:
- "admin"
{{- else }}
groupware:
replicas: {{ .Values.replicas.openxchangeCoreMW }}
roles:
- "http-api"
- "sync"
- "businessmobility"
- "request-analyzer"
- "admin"
{{- end }}
masterAdmin: "admin"
masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
hzGroupName: "hzgroup"
hzGroupPassword: {{ .Values.secrets.oxAppSuite.hzGroupPassword | quote }}
basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
jolokiaLogin: "jolokia"
jolokiaPassword: {{ .Values.secrets.oxAppSuite.jolokiaPassword | quote }}
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.pod | toYaml | nindent 6 }}
serviceAccount:
annotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.serviceAccount | toYaml | nindent 8 }}
create: true
features:
status:
# enable admin pack
# admin: enabled
documents: "disabled"
guard: {{ ternary "enabled" "disabled" .Values.functional.groupware.mail.encryption.enabled }}
# disabling admin role breaks webmail
# {{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
# admin: "disabled"
# {{- end }}
gotenberg:
enabled: true
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image:
repository: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeGotenberg.registry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
replicaCount: {{ .Values.replicas.openxchangeGotenberg }}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.gotenbergPod | toYaml | nindent 8 }}
resources:
{{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeGotenberg | toYaml | nindent 10 }}
serviceAccount:
create: false
{{ if .Values.functional.groupware.mail.encryption.enabled }}
hooks:
beforeAppsuiteStart:
create-guard-dir.sh: |
mkdir -p /opt/open-xchange/guard-files
chown open-xchange:open-xchange /opt/open-xchange/guard-files
{{ end }}
packages:
status:
open-xchange-oidc: "enabled"
open-xchange-authentication-masterpassword: "disabled"
open-xchange-authentication-oauth: "disabled"
open-xchange-authentication-database: "disabled"
open-xchange-authentication-ldap: "disabled"
# OX Documents (office-web) is not used in openDesk
open-xchange-documents-backend: "disabled"
open-xchange-documents-monitoring: "disabled"
open-xchange-documents-templates: "disabled"
# Required for the central contacts integration
open-xchange-oauth-provider: "enabled"
# Needed to set com.openexchange.hostname
open-xchange-hostname-config-cascade: "enabled"
# Enable s3 storage
open-xchange-filestore-s3: "enabled"
{{- if .Values.technical.oxAppSuite.provisioning.dedicatedCoreMwPod }}
# disabling admin feature breaks webmail, so only sub packages are disabled:
open-xchange-admin-contextrestore: "disabled"
open-xchange-admin-oauth-provider: "disabled"
open-xchange-admin-soap: "disabled"
open-xchange-admin-soap-usercopy: "disabled"
open-xchange-admin-user-copy: "disabled"
{{- end }}
open-xchange-authentication-application-storage-rdb: {{ ternary "enabled" "disabled" .Values.functional.groupware.davSupport.enabled }}
open-xchange-mail-categories: {{ ternary "enabled" "disabled" .Values.functional.groupware.mail.categories.enabled }}
properties:
com.openexchange.hostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
com.openexchange.share.guestHostname: {{ printf "%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
com.openexchange.UIWebPath: "/appsuite/"
com.openexchange.showAdmin: "false"
# Various Mail settings
com.openexchange.mail.deleteDraftOnTransport: "true"
com.openexchange.capability.document_preview_xrechnung: "true"
# PDF Export
com.openexchange.capability.mail_export_pdf: "true"
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
com.openexchange.mail.exportpdf.collabora.enabled: "true"
com.openexchange.mail.exportpdf.pdfa.collabora.enabled: "true"
com.openexchange.mail.exportpdf.collabora.url: "http://collabora:9980"
com.openexchange.mail.exportpdf.gotenberg.url: "http://open-xchange-gotenberg:3000"
# OIDC
com.openexchange.oidc.enabled: "true"
com.openexchange.oidc.autologinCookieMode: "ox_direct"
com.openexchange.oidc.backchannelLogoutEnabled: "true"
com.openexchange.oidc.clientId: "opendesk-oxappsuite"
com.openexchange.oidc.clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
com.openexchange.oidc.contextLookupClaim: "context"
com.openexchange.oidc.contextLookupNamePart: "full"
com.openexchange.oidc.opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
com.openexchange.oidc.opIssuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
com.openexchange.oidc.opJwkSetEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/auth"
com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/logout"
com.openexchange.oidc.ssoLogout: "true"
com.openexchange.oidc.startDefaultBackend: "true"
com.openexchange.oidc.userLookupClaim: "opendesk_username"
com.openexchange.oidc.userLookupNamePart: "full"
com.openexchange.oidc.enablePasswordGrant: "true"
com.openexchange.oidc.passwordGrantUserNamePart: "local-part"
# OAUTH
com.openexchange.oauth.provider.enabled: "true"
com.openexchange.oauth.provider.allowedIssuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
com.openexchange.oauth.provider.contextLookupClaim: "context"
com.openexchange.oauth.provider.contextLookupNamePart: "full"
com.openexchange.oauth.provider.jwt.jwksUri: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
com.openexchange.oauth.provider.mode: "expect_jwt"
com.openexchange.oauth.provider.userLookupNamePart: "full"
com.openexchange.oauth.provider.userLookupClaim: "opendesk_username"
# MAIL
com.openexchange.mail.authType: "xoauth2"
com.openexchange.mail.loginSource: "name"
com.openexchange.mail.mailServer: "dovecot"
com.openexchange.mail.mailServerSource: "global"
com.openexchange.mail.transport.authType: "xoauth2"
com.openexchange.mail.transportServer: "postfix-ox"
com.openexchange.mail.transportServerSource: "global"
com.openexchange.mail.maxMailSize: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
# Mail Login Resolver
com.openexchange.mail.login.resolver.enabled: "true"
com.openexchange.mail.login.resolver.ldap.enabled: "true"
com.openexchange.mail.login.resolver.ldap.clientId: "contactsLdapClient"
com.openexchange.mail.login.resolver.ldap.mailLoginSearchFilter: "(entryUUID=[mailLogin])"
com.openexchange.mail.login.resolver.ldap.userNameAttribute: "uid"
com.openexchange.mail.login.resolver.ldap.contextNameAttribute: "oxContextIDNum"
com.openexchange.mail.login.resolver.ldap.entitySearchFilter: "(&(oxContextIDNum=[cid])(uid=[uname]))"
com.openexchange.mail.login.resolver.ldap.mailLoginAttribute: "entryUUID"
# Contacts collector
# Ref.: https://documentation.open-xchange.com/components/middleware/config/8/#mode=search&term=contactCollect
com.openexchange.contactcollector.enabled: "true"
com.openexchange.user.contactCollectOnMailTransport: "true"
com.openexchange.user.contactCollectOnMailAccess: "false"
# Requirements for OX Connector
com.openexchange.user.enforceUniqueDisplayName: "false"
com.openexchange.folderstorage.database.preferDisplayName: "false"
# Mailfilter
com.openexchange.mail.filter.loginType: "global"
com.openexchange.mail.filter.credentialSource: "mail"
com.openexchange.mail.filter.server: "dovecot"
com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
# Dovecot
com.openexchange.imap.attachmentMarker.enabled: "true"
# Capabilities
# Old capability can be used to toggle all integrations with a single switch
com.openexchange.capability.public-sector: "true"
# New capabilities in 2.0
com.openexchange.capability.public-sector-element: {{ .Values.apps.element.enabled | quote }}
com.openexchange.capability.public-sector-navigation: "true"
com.openexchange.capability.client-onboarding: "true"
com.openexchange.capability.dynamic-theme: "true"
com.openexchange.capability.filestorage_nextcloud: "true"
com.openexchange.capability.filestorage_nextcloud_oauth: "true"
com.openexchange.capability.guard: {{ .Values.functional.groupware.mail.encryption.enabled | quote }}
com.openexchange.capability.guard-mail: {{ .Values.functional.groupware.mail.encryption.enabled | quote }}
com.openexchange.capability.smime: {{ .Values.functional.groupware.mail.encryption.enabled | quote }}
com.openexchange.capability.document_preview: "true"
# Mail Categories
com.openexchange.mail.categories: {{ .Values.functional.groupware.mail.categories.enabled | quote }}
{{ if .Values.functional.groupware.mail.categories.enabled }}
com.openexchange.mail.categories.general.name.fallback: "General"
com.openexchange.mail.categories.general.name.de_DE: "Allgemein"
com.openexchange.mail.categories.identifiers: "newsletter,invites,socialmedia"
com.openexchange.mail.categories.newsletter.flag: "$newsletter"
com.openexchange.mail.categories.newsletter.name.fallback: "Newsletter"
com.openexchange.mail.categories.newsletter.name.de_DE: "Newsletter"
com.openexchange.mail.categories.newsletter.description: "Emails containing newsletters or promotional content"
com.openexchange.mail.categories.newsletter.description.de_DE: "E-Mails mit Newslettern oder Werbeinhalten"
com.openexchange.mail.categories.newsletter.icon: "megaphone"
com.openexchange.mail.categories.invites.flag: "$invites"
com.openexchange.mail.categories.invites.name.fallback: "Invitations"
com.openexchange.mail.categories.invites.name.de_DE: "Einladungen"
com.openexchange.mail.categories.invites.description: "Emails with event invitations and RSVPs"
com.openexchange.mail.categories.invites.description.de_DE: "E-Mails mit Veranstaltungseinladungen und Rückmeldungen"
com.openexchange.mail.categories.invites.icon: "calendar-check"
com.openexchange.mail.categories.socialmedia.flag: "$socialmedia"
com.openexchange.mail.categories.socialmedia.name.fallback: "Social Media"
com.openexchange.mail.categories.socialmedia.name.de_DE: "Soziale Medien"
com.openexchange.mail.categories.socialmedia.description: "Updates and notifications from social media platforms"
com.openexchange.mail.categories.socialmedia.description.de_DE: "Aktualisierungen und Benachrichtigungen von sozialen Medien"
com.openexchange.mail.categories.socialmedia.icon: "people"
com.openexchange.mail.user.categories.identifiers: "uc1,uc2,uc3"
com.openexchange.mail.categories.uc1.flag: "$uc1"
com.openexchange.mail.categories.uc1.name.fallback: "Your category 1"
com.openexchange.mail.categories.uc1.name.de_DE: "Eigene Kategorie 1"
com.openexchange.mail.categories.uc2.flag: "$uc2"
com.openexchange.mail.categories.uc2.name.fallback: "Your category 2"
com.openexchange.mail.categories.uc2.name.de_DE: "Eigene Kategorie 2"
com.openexchange.mail.categories.uc3.flag: "$uc3"
com.openexchange.mail.categories.uc3.name.fallback: "Your category 3"
com.openexchange.mail.categories.uc3.name.de_DE: "Eigene Kategorie 3"
{{- end }}
# functional.groupware.mail.inbound.*
com.openexchange.capability.public-sector-autonotify: {{ .Values.functional.groupware.mail.inbound.notify.enabled | quote }}
{{- if not .Values.functional.groupware.mail.inbound.forward.enabled }}
com.openexchange.mail.filter.blacklist.actions: "redirect"
{{- end }}
com.openexchange.mail.filter.options.apply.blockedActions: "redirect,notify"
# functional.groupware.externalSharing.*
com.openexchange.capability.share_links: {{ .Values.functional.groupware.externalSharing.shareLinks.enabled | quote }}
com.openexchange.capability.invite_guests: {{ .Values.functional.groupware.externalSharing.inviteGuests.enabled | quote }}
com.openexchange.share.guestCapabilityMode: "inherit"
# Secondary Accounts
com.openexchange.mail.secondary.authType: "XOAUTH2"
com.openexchange.mail.transport.secondary.authType: "xoauth2"
# Nextcloud integration
com.openexchange.file.storage.nextcloud.oauth.url: "http://opendesk-nextcloud-aio/"
com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user"
com.openexchange.nextcloud.filepicker.includeAccessToken: "false"
# Element integration
com.openexchange.conference.element.enabled: {{ .Values.apps.element.enabled | quote }}
com.openexchange.conference.element.meetingHostUrl: http://matrix-neodatefix-bot
com.openexchange.conference.element.matrixLoginUrl: http://opendesk-synapse-web:8008/_matrix/client/v3/login
com.openexchange.conference.element.matrixUuidClaimName: {{ ternary "opendesk_useruuid" "opendesk_username" .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}
# GDPR
com.openexchange.gdpr.dataexport.enabled: "false"
com.openexchange.gdpr.dataexport.active: "false"
# Guard
{{- if .Values.functional.groupware.mail.encryption.enabled }}
com.openexchange.guard.storage.file.fileStorageType: "file"
com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/"
com.openexchange.guard.guestSMTPMailFrom: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
com.openexchange.guard.guestSMTPPassword: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
com.openexchange.guard.guestSMTPPort: "25"
com.openexchange.guard.guestSMTPServer: "postfix"
com.openexchange.guard.guestSMTPUsername: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
com.openexchange.guard.useStartTLS: "false"
# S/MIME
# Usage (in browser console after login):
# http = (await import('./io.ox/core/http.js')).default
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
com.openexchange.smime.test: {{ .Values.debug.enabled | quote }}
{{- end }}
{{- if or (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "LoadBalancer") }}
# Client Onboarding
com.openexchange.client.onboarding.mail.imap.host: {{ .Values.global.domain | quote }}
com.openexchange.client.onboarding.mail.imap.port: "993"
com.openexchange.client.onboarding.mail.imap.secure: "true"
com.openexchange.client.onboarding.mail.imap.requireTls: "false"
com.openexchange.client.onboarding.mail.smtp.host: {{ .Values.global.domain | quote }}
com.openexchange.client.onboarding.mail.smtp.port: "587"
com.openexchange.client.onboarding.mail.smtp.secure: "false"
com.openexchange.client.onboarding.mail.smtp.requireTls: "true"
{{- else }}
com.openexchange.client.onboarding.enabled: "false"
{{- end }}
# DAV
{{- if .Values.functional.groupware.davSupport.enabled }}
com.openexchange.caldav.enabled: "true"
com.openexchange.caldav.url: {{ printf "https://%s.%s/caldav/[folderId]" .Values.global.hosts.openxchangeDav .Values.global.domain }}
com.openexchange.carddav.enabled: "true"
com.openexchange.carddav.url: {{ printf "https://%s.%s/carddav/[folderId]" .Values.global.hosts.openxchangeDav .Values.global.domain }}
com.openexchange.client.onboarding.caldav.url: {{ printf "https://%s.%s/" .Values.global.hosts.openxchangeDav .Values.global.domain }}
com.openexchange.client.onboarding.carddav.url: {{ printf "https://%s.%s/" .Values.global.hosts.openxchangeDav .Values.global.domain }}
{{- else }}
com.openexchange.caldav.enabled: "false"
com.openexchange.carddav.enabled: "false"
{{- end }}
# Other
com.openexchange.secret.secretSource: "\"<user-id> + '@' + <context-id> + '/' + <random>\""
{{- if .Values.certificate.selfSigned }}
# Selfsigned
com.openexchange.net.ssl.default.truststore.enabled: "false"
com.openexchange.net.ssl.custom.truststore.enabled: "true"
com.openexchange.net.ssl.custom.truststore.path: "/etc/ssl/certs/truststore.jks"
com.openexchange.net.ssl.custom.truststore.password: {{ .Values.secrets.certificates.password | quote }}
{{- end }}
{{- if .Values.functional.groupware.davSupport.enabled }}
com.openexchange.authentication.application.appTypes: "caldav,carddav"
com.openexchange.authentication.application.enabled: "true"
com.openexchange.authentication.application.storage.rdb.loginNameSource: "mail"
com.openexchange.authentication.application.storage.rdb.contextLookupNamePart: "full"
{{- end }}
{{- if .Values.certificate.selfSigned }}
extraEnv:
- name: "JAVA_OPTS_APPEND"
value: {{ printf "%s %s=%s" "-Djavax.net.ssl.trustStore=/etc/ssl/certs/truststore.jks -Djavax.net.ssl.trustStoreType=jks" "-Djavax.net.ssl.trustStorePassword" .Values.secrets.certificates.password | quote }}
extraVolumes:
- name: "trusted-cert-secret-volume"
secret:
secretName: "opendesk-certificates-ca-tls"
items:
- key: "truststore.jks"
path: "truststore.jks"
- key: "ca.crt"
path: "ca-certificates.crt"
extraMounts:
- name: "trusted-cert-secret-volume"
mountPath: "/etc/ssl/certs/"
{{- end }}
secretProperties:
com.openexchange.cookie.hash.salt: {{ .Values.secrets.oxAppSuite.cookieHashSalt | quote }}
com.openexchange.sessiond.encryptionKey: {{ .Values.secrets.oxAppSuite.sessiondEncryptionKey | quote }}
com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey | quote }}
com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
propertiesFiles:
/opt/open-xchange/etc/AdminDaemon.properties:
MASTER_ACCOUNT_OVERRIDE: "true"
/opt/open-xchange/etc/AdminUser.properties:
USERNAME_CHANGEABLE: "true"
/opt/open-xchange/etc/antivirus.properties:
com.openexchange.antivirus.enabled: "true"
{{- if .Values.antivirus.icap.host }}
com.openexchange.antivirus.server: {{ .Values.antivirus.icap.host | quote }}
com.openexchange.antivirus.port: {{ .Values.antivirus.icap.port | quote }}
{{- else }}
{{- if .Values.apps.clamavDistributed.enabled }}
com.openexchange.antivirus.server: "clamav-icap"
{{- else if .Values.apps.clamavSimple.enabled }}
com.openexchange.antivirus.server: "clamav-simple"
{{- end }}
com.openexchange.antivirus.port: "1344"
{{- end }}
com.openexchange.antivirus.maxFileSize: "1024"
/opt/open-xchange/etc/filestore-s3.properties:
com.openexchange.filestore.s3.ox-filestore-s3.endpoint: {{ .Values.objectstores.openxchange.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
com.openexchange.filestore.s3.ox-filestore-s3.bucketName: {{ .Values.objectstores.openxchange.bucket | quote }}
com.openexchange.filestore.s3.ox-filestore-s3.accessKey: {{ .Values.objectstores.openxchange.username | quote }}
com.openexchange.filestore.s3.ox-filestore-s3.secretKey: {{ .Values.objectstores.openxchange.secretKey | default .Values.secrets.minio.openxchangeUser | quote }}
/opt/open-xchange/etc/ldapauth.properties:
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/{{ .Values.ldap.baseDn }}"
bindDN: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}"
bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
bindOnly: "false"
/opt/open-xchange/etc/noreply.properties:
com.openexchange.noreply.address: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.mailDomain | default .Values.global.domain }}"
com.openexchange.noreply.login: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
com.openexchange.noreply.password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
com.openexchange.noreply.server: "postfix"
com.openexchange.noreply.port: "25"
com.openexchange.noreply.secureMode: "plain"
/opt/open-xchange/etc/system.properties:
SERVER_NAME: "oxserver"
uiSettings:
io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
# Is user allowed to edit own display name
io.ox/mail//editRealName: {{ .Values.functional.groupware.userProfile.editRealName | quote }}
# Show the Enterprise Picker in the top right corner instead of the launcher drop-down
io.ox/core//features/enterprisePicker/showLauncher: "false"
io.ox/core//features/enterprisePicker/showTopRightLauncher: "true"
# Text and icon color in the topbar
io.ox/dynamic-theme//topbarColor: "#000"
io.ox/dynamic-theme//logoWidth: "82"
io.ox/dynamic-theme//topbarHover: "rgba(0, 0, 0, 0.1)"
# Resources
io.ox/core//features/resourceCalendars: "true"
io.ox/core//features/managedResources: "true"
# Features
io.ox/core//features/signatureDesigner: "true"
io.ox/core//features/categories: {{ .Values.functional.groupware.mail.categories.enabled | quote }}
io.ox/core//categories/predefined: >
[{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]
# Nextcloud integration
# io.ox.nextcloud//server: "https://ics.<DOMAIN>/fs/"
# Central navigation
io.ox.public-sector//navigation/oxtabname: "tab_groupware"
# io.ox.public-sector//ics/url: "https://ics.<DOMAIN>/"
io.ox/core//apps/quickLaunchCount: "0"
io.ox/core//coloredIcons: "false"
# Mail templates
io.ox/core//features/templates: "true"
# Dynamic theme
io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }}
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }}
io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }}
io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }}
io.ox/dynamic-theme//listHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
io.ox/dynamic-theme//folderBackground: {{ .Values.theme.colors.white | quote }}
io.ox/dynamic-theme//folderSelected: {{ .Values.theme.colors.primary15 | quote }}
io.ox/dynamic-theme//folderHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
# openDesk logo in top bar links to portal
io.ox/core//logoAction: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain | quote }}
{{ if .Values.functional.groupware.mail.encryption.enabled }}
secretETCFiles:
# Format of the OX Guard master key:
# MC+base64(20 random bytes)
# RC+base64(20 random bytes)
oxguardpass: |
{{ .Values.secrets.oxAppSuite.oxguardMC }}
{{ .Values.secrets.oxAppSuite.oxguardRC }}
{{ end }}
redis: &redisConfiguration
enabled: true
mode: "standalone"
hosts:
- {{ printf "%s:%v" .Values.cache.oxAppSuite.host .Values.cache.oxAppSuite.port | quote }}
auth:
enabled: true
username: {{ .Values.cache.oxAppSuite.username | quote }}
password: {{ .Values.cache.oxAppSuite.password | default .Values.secrets.redis.password | quote }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeCoreMW.registry | quote }}
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
# Security context for core-mw has no effect yet
# podSecurityContext: {}
# securityContext: {}
update:
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreMw.updatePod | toYaml | nindent 8 }}
image:
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
replicas: {{ .Values.replicas.openxchangeCoreMW }}
resources:
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
initContainer:
resources:
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 8 }}
{{- if .Values.functional.groupware.davSupport.enabled }}
yamlFiles:
app-password-apps.yml:
caldav:
displayName_t10e: "Calendar Client (CalDAV)"
restrictedScopes: [dav,read_caldav,write_caldav]
requiredCapabilities: [caldav]
sortOrder: 30
carddav:
displayName_t10e: "Addressbook Client (CardDAV)"
restrictedScopes: [dav,read_carddav,write_carddav]
requiredCapabilities: [carddav]
sortOrder: 40
{{- end }}
core-ui:
enabled: true
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeCoreUI.registry | quote }}
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
replicaCount: {{ .Values.replicas.openxchangeCoreUI }}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreUi.pod | toYaml | nindent 6 }}
resources:
{{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeCoreUI | toYaml | nindent 8 }}
serviceAccount:
create: false
core-ui-middleware:
enabled: true
ingress:
hosts:
- host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
enabled: false
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeCoreUIMiddleware.registry | quote }}
repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
overrides: {}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreUiMiddleware.pod | toYaml | nindent 6 }}
redis: *redisConfiguration
replicaCount: {{ .Values.replicas.openxchangeCoreUIMiddleware }}
resources:
{{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
updater:
resources:
{{ .Values.resources.openxchangeCoreUIMiddlewareUpdater | toYaml | nindent 8 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeCoreUIMiddleware | toYaml | nindent 8 }}
serviceAccount:
create: false
core-cacheservice:
enabled: false
core-documentconverter:
adminUser: "admin"
adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
enabled: true
documentConverter:
cache:
remoteCache:
enabled: false
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }}
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
{{- if .Values.annotations.openxchangeAppsuiteCoreDocumentconverter.pod }}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreDocumentconverter.pod | toYaml | nindent 6 }}
{{- end }}
redis: *redisConfiguration
replicaCount: {{ .Values.replicas.openxchangeCoreDocumentConverter }}
resources:
{{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }}
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 987
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- "ALL"
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeDocumentConverter | toYaml | nindent 8 }}
serviceAccount:
create: false
core-documents-collaboration:
enabled: false
office-web:
enabled: false
office-user-guide:
enabled: false
plugins-ui:
enabled: false
cloud-plugins-ui:
enabled: false
drive-client-windows-ox:
enabled: false
core-drive-help:
enabled: false
core-guidedtours:
enabled: true
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeCoreGuidedtours.registry | quote }}
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreGuidedtours.pod | toYaml | nindent 6 }}
replicaCount: {{ .Values.replicas.openxchangeCoreGuidedtours }}
resources:
{{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeCoreGuidedtours | toYaml | nindent 8 }}
serviceAccount:
create: false
core-imageconverter:
enabled: true
adminUser: "admin"
adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }}
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
objectCache:
s3ObjectStores:
- id: -1
endpoint: "."
accessKey: "."
secretKey: "."
{{- if .Values.annotations.openxchangeAppsuiteCoreImageconverter.pod }}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreImageconverter.pod | toYaml | nindent 6 }}
{{- end }}
redis: *redisConfiguration
replicaCount: {{ .Values.replicas.openxchangeCoreImageConverter }}
resources:
{{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }}
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 987
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- "ALL"
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeImageConverter | toYaml | nindent 8 }}
serviceAccount:
create: false
guard-ui:
enabled: {{ .Values.functional.groupware.mail.encryption.enabled }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeGuardUI.registry | quote }}
repository: {{ .Values.images.openxchangeGuardUI.repository | quote }}
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podAnnotations: {}
replicaCount: {{ .Values.replicas.openxchangeGuardUI }}
resources:
{{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeGuardUI | toYaml | nindent 8 }}
serviceAccount:
create: false
core-spellcheck:
enabled: false
core-user-guide:
enabled: true
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeCoreUserGuide.registry | quote }}
repository: {{ .Values.images.openxchangeCoreUserGuide.repository | quote }}
tag: {{ .Values.images.openxchangeCoreUserGuide.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
podAnnotations:
{{ .Values.annotations.openxchangeAppsuiteCoreUserGuide.pod | toYaml | nindent 6 }}
replicaCount: {{ .Values.replicas.openxchangeCoreUserGuide }}
resources:
{{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
privileged: false
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.openxchangeCoreUserGuide | toYaml | nindent 8 }}
serviceAccount:
create: false
...
Reference in New Issue View Git Blame Copy Permalink