mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
96 lines
2.8 KiB
Go Template
96 lines
2.8 KiB
Go Template
{{/*
|
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/}}
|
|
---
|
|
image:
|
|
registry: {{ .Values.global.imageRegistry | default .Values.images.dovecot.registry | quote }}
|
|
repository: {{ .Values.images.dovecot.repository | quote }}
|
|
tag: {{ .Values.images.dovecot.tag | quote }}
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
|
|
imagePullSecrets:
|
|
{{- range .Values.global.imagePullSecrets }}
|
|
- name: {{ . | quote }}
|
|
{{- end }}
|
|
|
|
dovecot:
|
|
mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
|
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
|
ldap:
|
|
enabled: true
|
|
host: {{ .Values.ldap.host | quote }}
|
|
port: 389
|
|
base: "dc=swp-ldap,dc=internal"
|
|
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
|
password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }}
|
|
oidc:
|
|
enabled: true
|
|
clientID: "opendesk-dovecot"
|
|
clientSecret: {{ .Values.secrets.keycloak.clientSecret.dovecot | quote }}
|
|
introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
|
|
introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect"
|
|
usernameAttribute: "opendesk_username"
|
|
loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }}
|
|
|
|
submission:
|
|
enabled: true
|
|
ssl: "no"
|
|
host: "postfix:25"
|
|
|
|
certificate:
|
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
|
|
|
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
|
replicaCount: {{ .Values.replicas.dovecot }}
|
|
{{- else }}
|
|
replicaCount: 1
|
|
{{- end }}
|
|
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
add:
|
|
- "CHOWN"
|
|
- "DAC_OVERRIDE"
|
|
- "KILL"
|
|
- "NET_BIND_SERVICE"
|
|
- "SETGID"
|
|
- "SETUID"
|
|
- "SYS_CHROOT"
|
|
enabled: true
|
|
readOnlyRootFilesystem: true
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
seLinuxOptions:
|
|
{{ .Values.seLinuxOptions.dovecot | toYaml | nindent 4 }}
|
|
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1000
|
|
|
|
persistence:
|
|
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
|
storageClassName: {{ .Values.persistence.storageClassNames.RWX | quote }}
|
|
accessModes:
|
|
- "ReadWriteMany"
|
|
{{- else }}
|
|
storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
|
accessModes:
|
|
- "ReadWriteOnce"
|
|
{{- end }}
|
|
size: {{ .Values.persistence.size.dovecot | quote }}
|
|
|
|
resources:
|
|
{{ .Values.resources.dovecot | toYaml | nindent 2 }}
|
|
|
|
{{- if or (eq .Values.cluster.service.type "NodePort") (eq .Values.cluster.service.type "LoadBalancer") }}
|
|
service:
|
|
external:
|
|
enabled: true
|
|
type: {{ .Values.cluster.service.type | quote }}
|
|
{{- end }}
|
|
...
|