sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
50dc5ecc60e7e866b2593cb8404e2121f783cd81
opendesk/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
Thomas Kaltenbrunner 50dc5ecc60 fix(dovecot): Enable shared mailboxes
2025-05-14 19:29:06 +02:00

147 lines
5.2 KiB
Go Template
Raw Blame History

{{/*
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
commonAnnotations:
{{ .Values.annotations.openxchangeDovecot.common | toYaml | nindent 2 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.dovecot.registry | quote }}
repository: {{ .Values.images.dovecot.repository | quote }}
tag: {{ .Values.images.dovecot.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imageInitDovecot:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.dovecotBootstrap.registry | quote }}
repository: {{ .Values.images.dovecotBootstrap.repository | quote }}
tag: {{ .Values.images.dovecotBootstrap.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 2 }}
dovecot:
mailDomains: {{ toYaml (prepend .Values.global.additionalMailDomains (.Values.global.mailDomain | default .Values.global.domain) | uniq) | nindent 4 }}
defaultMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
password:
value: {{ .Values.secrets.dovecot.doveadm | quote }}
migration:
enabled: {{ .Values.functional.migration.oxAppSuite.enabled }}
masterPassword:
value: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
ldap:
enabled: true
host: {{ .Values.ldap.host | quote }}
port: 389
base: "{{ .Values.ldap.baseDn }}"
dn: "uid=ldapsearch_dovecot,cn=users,{{ .Values.ldap.baseDn }}"
password:
value: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }}
oidc:
enabled: true
clientID:
value: "opendesk-dovecot"
clientSecret:
value: {{ .Values.secrets.keycloak.clientSecret.dovecot | quote }}
introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect"
usernameAttribute: "opendesk_username"
loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }}
sharedMailboxes:
type: "postgresql"
enabled: true
host: {{ .Values.databases.dovecotACL.host | quote }}
port: {{ .Values.databases.dovecotACL.port }}
username: {{ .Values.databases.dovecotACL.username | quote }}
password:
value: {{ .Values.secrets.postgresql.dovecotACLUser | quote }}
database: {{ .Values.databases.dovecotACL.name | quote }}
submission:
enabled: true
ssl: "no"
host: "{{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain }}:25"
certificate:
secretName: {{ .Values.ingress.tls.secretName | quote }}
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
replicaCount: {{ .Values.replicas.dovecot }}
{{- else }}
replicaCount: 1
{{- end }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
add:
- "CHOWN"
- "DAC_OVERRIDE"
- "KILL"
- "NET_BIND_SERVICE"
- "SETGID"
- "SETUID"
- "SYS_CHROOT"
enabled: true
readOnlyRootFilesystem: true
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.dovecot | toYaml | nindent 4 }}
{{- if .Values.certificate.selfSigned }}
extraVolumes:
- name: "trusted-cert-secret-volume"
secret:
secretName: "opendesk-certificates-ca-tls"
items:
- key: "ca.crt"
path: "ca-certificates.crt"
extraVolumeMounts:
- name: "trusted-cert-secret-volume"
mountPath: "/etc/ssl/certs/ca-certificates.crt"
subPath: "ca-certificates.crt"
{{- end }}
podSecurityContext:
enabled: true
fsGroup: 1000
persistence:
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
storageClassName: {{ coalesce .Values.persistence.storages.dovecot.storageClassName .Values.persistence.storageClassNames.RWX | quote }}
accessModes:
- "ReadWriteMany"
{{- else }}
storageClassName: {{ coalesce .Values.persistence.storages.dovecot.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
accessModes:
- "ReadWriteOnce"
{{- end }}
size: {{ .Values.persistence.storages.dovecot.size | quote }}
annotations:
{{ .Values.annotations.openxchangeDovecot.persistence | toYaml | nindent 4 }}
podAnnotations:
{{ .Values.annotations.openxchangeDovecot.pod | toYaml | nindent 2 }}
resources:
{{ .Values.resources.dovecot | toYaml | nindent 2 }}
{{- if or (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "LoadBalancer") }}
service:
annotations:
{{ .Values.annotations.openxchangeDovecot.service | toYaml | nindent 4 }}
external:
enabled: true
type: {{ coalesce .Values.service.type.dovecot .Values.cluster.service.type | quote }}
{{- end }}
serviceAccount:
annotations:
{{ .Values.annotations.openxchangeDovecot.serviceAccount | toYaml | nindent 4 }}
...
Reference in New Issue View Git Blame Copy Permalink