sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 23:41:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e0ff58a3a42665662183e1b45dff35ae19b42bc4
opendesk/helmfile/apps/univention-management-stack/values-provisioning.yaml.gotmpl
Dominik Kaminski 02d04faa2a fix(helmfile): Add seLinuxOptions for all applications
2024-02-14 11:53:53 +00:00

138 lines
4.9 KiB
Go Template
Raw Blame History

{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
dispatcher:
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningDispatcher.registry | quote }}
repository: {{ .Values.images.umsProvisioningDispatcher.repository | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.umsProvisioningDispatcher.tag | quote }}
pullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
resources:
{{ .Values.resources.umsProvisioning | toYaml | nindent 4 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
seccompProfile:
type: "RuntimeDefault"
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
readOnlyRootFilesystem: false
seLinuxOptions: {{ .Values.seLinuxOptions.umsProvisioningDispatcher }}
events-and-consumer-api:
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningEventsAndConsumerApi.registry | quote }}
repository: {{ .Values.images.umsProvisioningEventsAndConsumerApi.repository | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.umsProvisioningEventsAndConsumerApi.tag | quote }}
pullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
rootPath: "/univention/provisioning-api"
ingress:
# copied from values-common.yaml.gotmpl
# Intentionally not using the Ingress configuration of the UMS stack at the
# moment, since it does depend on rewriting capabilities of the ingress
# controller. Those are encapsulated into the release "stack-gateway" so that
# the compatibility with all ingress controllers is increased.
enabled: false
host: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
resources:
{{ .Values.resources.umsProvisioning | toYaml | nindent 4 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
privileged: false
seccompProfile:
type: "RuntimeDefault"
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
readOnlyRootFilesystem: false
seLinuxOptions: {{ .Values.seLinuxOptions.umsProvisioningEventsAndConsumerApi }}
udm-listener:
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmListener.registry | quote }}
repository: {{ .Values.images.umsProvisioningUdmListener.repository | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
tag: {{ .Values.images.umsProvisioningUdmListener.tag | quote }}
pullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
config:
ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
ldapHost: {{ .Values.ldap.host | quote }}
ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
resources:
{{ .Values.resources.umsProvisioning | toYaml | nindent 4 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
add:
- "CHOWN"
- "DAC_OVERRIDE"
- "FOWNER"
- "FSETID"
- "KILL"
- "SETGID"
- "SETUID"
- "SETPCAP"
- "NET_BIND_SERVICE"
- "NET_RAW"
- "SYS_CHROOT"
privileged: false
seccompProfile:
type: "RuntimeDefault"
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
seLinuxOptions: {{ .Values.seLinuxOptions.umsProvisioningUdmListener }}
nats:
global:
image:
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
pullSecretNames: {{ .Values.global.imagePullSecrets }}
registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningNats.registry | quote }}
container:
image:
registry: {{ .Values.global.imageRegistry }}
repository: {{ .Values.images.umsProvisioningNats.repository | quote }}
tag: {{ .Values.images.umsProvisioningNats.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
natsBox:
container:
image:
registry: {{ .Values.global.imageRegistry }}
repository: {{ .Values.images.umsProvisioningNatsBox.repository | quote }}
tag: {{ .Values.images.umsProvisioningNatsBox.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
reloader:
image:
repository: {{ .Values.images.umsProvisioningNatsReloader.repository | quote }}
tag: {{ .Values.images.umsProvisioningNatsReloader.tag | quote }}
registry: {{ .Values.global.imageRegistry }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
...
Reference in New Issue View Git Blame Copy Permalink