mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
191 lines
10 KiB
Go Template
191 lines
10 KiB
Go Template
{{/*
|
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/}}
|
|
---
|
|
image:
|
|
name: "{{ .Values.global.imageRegistry | default .Values.images.xwiki.registry }}/{{ .Values.images.xwiki.repository }}"
|
|
tag: {{ .Values.images.xwiki.tag | quote }}
|
|
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
|
|
|
imagePullSecrets: {{ .Values.global.imagePullSecrets }}
|
|
|
|
externalDB:
|
|
password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
|
database: {{ .Values.databases.xwiki.name | quote }}
|
|
user: {{ .Values.databases.xwiki.username | quote }}
|
|
host: {{ .Values.databases.xwiki.host | quote }}
|
|
customKeyRef:
|
|
enabled: false
|
|
|
|
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 101
|
|
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
enabled: true
|
|
privileged: false
|
|
runAsUser: 100
|
|
runAsGroup: 101
|
|
runAsNonRoot: true
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
readOnlyRootFilesystem: false
|
|
seLinuxOptions:
|
|
{{ .Values.seLinuxOptions.xwiki | toYaml | nindent 4 }}
|
|
|
|
customConfigs:
|
|
xwiki.cfg:
|
|
xwiki.url.protocol: "https"
|
|
## Indicate the LDAP field defining the user UID
|
|
xwiki.authentication.ldap.UID_attr: "uid"
|
|
## Indicate the LDAP field defining the user profile picture
|
|
xwiki.authentication.ldap.photo_attribute: "jpegPhoto"
|
|
## Enable the synchronization of the LDAP profile picture
|
|
xwiki.authentication.ldap.update_photo: 1
|
|
## Password of default user
|
|
xwiki.superadminpassword: {{ .Values.secrets.xwiki.superadminpassword | quote }}
|
|
## LDAP Server configuration
|
|
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
|
|
xwiki.authentication.ldap.port: 389
|
|
## Authentication to the LDAP server
|
|
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
|
|
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionManagementStack.ldapSearch.xwiki | quote }}
|
|
## Base DN used for searching for users
|
|
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
|
## Allow short update cycles of the LDAP group cache
|
|
xwiki.authentication.ldap.groupcache_expiration: 300
|
|
|
|
xwiki.properties:
|
|
oidc.clientid: "opendesk-xwiki"
|
|
oidc.endpoint.token.auth_method: "client_secret_basic"
|
|
oidc.endpoint.userinfo.method: "GET"
|
|
oidc.logoutMechanism: "rpInitiated"
|
|
oidc.provider: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/opendesk"
|
|
oidc.scope: "openid,profile,email,address,opendesk"
|
|
oidc.secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
|
|
oidc.skipped: false
|
|
oidc.user.nameFormater: "${oidc.user.opendesk_username._clean._lowerCase}"
|
|
oidc.user.subjectFormater: "${oidc.user.opendesk_username._lowerCase}"
|
|
# Using the claims below some user based information can be passed through OIDC to XWiki that partitially has an
|
|
# impact on the user experience. E.g. you can define the default editor for the user `xwiki_user_editor` or if
|
|
# the `xwiki_user_usertype` is advanced or simple.
|
|
# yamllint disable-line rule:line-length
|
|
oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
|
|
url.trustedDomains: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
|
workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
|
|
workplaceServices.base: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
|
workplaceServices.portalSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
|
openoffice.serverType: "0"
|
|
|
|
ingress:
|
|
enabled: {{ .Values.ingress.enabled }}
|
|
className: {{ .Values.ingress.ingressClassName | quote }}
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.xwiki }}"
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.xwiki }}"
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.xwiki }}"
|
|
nginx.org/client-max-body-size: "{{ .Values.ingress.parameters.bodySize.xwiki }}"
|
|
nginx.org/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.xwiki }}s"
|
|
nginx.org/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.xwiki }}s"
|
|
haproxy-ingress.github.io/headers: "X-Forwarded-Host {{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
|
hosts:
|
|
- host: "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
|
paths:
|
|
- path: /
|
|
pathType: "ImplementationSpecific"
|
|
tls:
|
|
- secretName: {{ .Values.ingress.tls.secretName | quote }}
|
|
hosts:
|
|
- "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
|
|
|
istio:
|
|
enabled: false
|
|
|
|
mariadb:
|
|
enabled: false
|
|
|
|
mysql:
|
|
enabled: false
|
|
|
|
persistence:
|
|
size: {{ .Values.persistence.size.xwiki | quote }}
|
|
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
|
|
|
postgresql:
|
|
enabled: false
|
|
|
|
properties:
|
|
"attachment:xwiki:FlamingoThemes.Iceberg@logo.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvg | b64enc }}"
|
|
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.faviconSvg | b64enc }}"
|
|
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon16.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon16PngB64 }}"
|
|
"attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon144.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon144PngB64 }}"
|
|
## SMTP settings
|
|
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
|
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ .Values.smtp.host | quote }}
|
|
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": {{ .Values.smtp.port | quote }}
|
|
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ .Values.smtp.username | quote }}
|
|
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.password": {{ .Values.smtp.password | quote }}
|
|
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=true"
|
|
## Link LDAP users and users authenticated through OIDC
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
|
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.colorTheme": "FlamingoThemes.Iceberg"
|
|
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.default_language": "de_DE"
|
|
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.timezone": "Europe/Berlin"
|
|
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.languages": "de_DE"
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.link-color": "@brand-primary"
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.btn-primary-bg": "@brand-primary"
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-color": "@brand-primary"
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-color": "@brand-primary"
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-color":
|
|
"@brand-primary"
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-active-color":
|
|
"@brand-primary"
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.brand-primary": {{ .Values.theme.colors.primary | quote }}
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-bg": {{ .Values.theme.colors.white | quote }}
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.navbar-default-link-hover-bg": {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
|
# yamllint disable-line rule:line-length
|
|
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "li#tmWorkplaceServices { padding-left: 16px; padding-top: 5px; } .navbar-right { padding-top: 8px; } .navbar { border-bottom: 1px solid #ddd !important; height: 64px;} div#companylogo { width: 90px; height: auto; padding-top: 7px; padding-left: 9px; }"
|
|
|
|
"property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc"
|
|
## Fields to search in when importing users from the administration UI (not completely in scope for now)
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes":
|
|
"sn,givenname,uid"
|
|
## Restrict user import in the UI to global administrators
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.usersAllowedToImport": "globalAdmin"
|
|
## Enable group and user synchronization
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupsUpdate": 1
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.triggerGroupImport": 1
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.forceXWikiUsersGroupMembershipUpdate":
|
|
1
|
|
## Base DN under which groups should be searched for
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
|
"dc=swp-ldap,dc=internal"
|
|
## LDAP filter to only synchronize some groups
|
|
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
|
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
|
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.title": "{{ .Values.theme.texts.productName }} Wissen - $!tdoc.displayTitle"
|
|
|
|
cluster:
|
|
replicas: {{ .Values.replicas.xwiki }}
|
|
|
|
resources:
|
|
{{ .Values.resources.xwiki | toYaml | nindent 2 }}
|
|
|
|
service:
|
|
externalPort: 80
|
|
enabled: true
|
|
|
|
volumePermissions:
|
|
enabled: true
|
|
|
|
...
|