mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
78 lines
3.2 KiB
Go Template
78 lines
3.2 KiB
Go Template
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
---
|
|
guardianManagementApi:
|
|
home: "/guardian_service_dir"
|
|
isUniventionAppCenter: 0
|
|
guardianManagementCorsAllowedOrigins: "*"
|
|
guardianManagementAdapterSettingsPort: "env"
|
|
guardianManagementAdapterAppPersistencePort: "sql"
|
|
guardianManagementAdapterConditionPersistencePort: "sql"
|
|
guardianManagementAdapterContextPersistencePort: "sql"
|
|
guardianManagementAdapterNamespacePersistencePort: "sql"
|
|
guardianManagementAdapterPermissionPersistencePort: "sql"
|
|
guardianManagementAdapterRolePersistencePort: "sql"
|
|
guardianManagementAdapterCapabilityPersistencePort: "sql"
|
|
guardianManagementAdapterAuthenticationPort: "fast_api_oauth"
|
|
guardianManagementAdapterAuthorizationApiUrl: "http://ums-guardian-authorization-api/guardian/authorization"
|
|
guardianManagementAdapterResourceAuthorizationPort: "always"
|
|
guardianManagementLoggingLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
|
|
guardianManagementLoggingStructured: false
|
|
guardianManagementLoggingFormat: "<green>{time:YYYY-MM-DD HH:mm:ss.SSS ZZ}</green> | <level>{level}</level> | <level>{message}</level> | {extra}"
|
|
guardianManagementBaseUrl: "http://0.0.0.0:8000"
|
|
oauthAdapterM2mSecretFile: "/var/secrets/oauthAdapterM2mSecret"
|
|
oauthAdapterM2mSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
|
oauthAdapterWellKnownUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration"
|
|
sqlPersistenceAdapterDialect: "postgresql"
|
|
sqlPersistenceAdapterDbName: "postgres"
|
|
|
|
image:
|
|
registry: {{ .Values.global.imageRegistry | default .Values.images.umsGuardianManagementApi.registry | quote }}
|
|
repository: {{ .Values.images.umsGuardianManagementApi.repository | quote }}
|
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
tag: {{ .Values.images.umsGuardianManagementApi.tag | quote }}
|
|
pullSecrets:
|
|
{{- range .Values.global.imagePullSecrets }}
|
|
- name: {{ . | quote }}
|
|
{{- end }}
|
|
|
|
postgresql:
|
|
bundled: false
|
|
connection:
|
|
host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
|
|
port: {{ .Values.databases.umsGuardianManagementApi.port | quote }}
|
|
auth:
|
|
username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
|
database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
|
|
password: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
|
|
|
resources:
|
|
{{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 2 }}
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
add:
|
|
- "CHOWN"
|
|
- "DAC_OVERRIDE"
|
|
- "FOWNER"
|
|
- "FSETID"
|
|
- "KILL"
|
|
- "SETGID"
|
|
- "SETUID"
|
|
- "SETPCAP"
|
|
- "NET_BIND_SERVICE"
|
|
- "NET_RAW"
|
|
- "SYS_CHROOT"
|
|
privileged: false
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: false
|
|
|
|
...
|