mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
83 lines
2.8 KiB
Go Template
83 lines
2.8 KiB
Go Template
{{/*
|
|
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/}}
|
|
---
|
|
global:
|
|
domain: {{ .Values.global.domain | quote }}
|
|
hosts:
|
|
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
|
registry: {{ .Values.global.imageRegistry | quote }}
|
|
imagePullSecrets:
|
|
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
|
|
|
image:
|
|
registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakBootstrap.registry | quote }}
|
|
repository: {{ .Values.images.umsKeycloakBootstrap.repository | quote }}
|
|
tag: {{ .Values.images.umsKeycloakBootstrap.tag | quote }}
|
|
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
|
|
|
cleanup:
|
|
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
|
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
|
|
|
config:
|
|
keycloak:
|
|
adminUser: "kcadmin"
|
|
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
|
realm: {{ .Values.platform.realm | quote }}
|
|
intraCluster:
|
|
enabled: true
|
|
internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
|
|
loginLinks:
|
|
- link_number: 1
|
|
language: "de"
|
|
description: "Passwort vergessen?"
|
|
href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
|
|
- link_number: 1
|
|
language: "en"
|
|
description: "Forgot password?"
|
|
href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
|
|
ums:
|
|
ldap:
|
|
internalHostname: {{ .Values.ldap.host | quote }}
|
|
baseDN: {{ .Values.ldap.baseDn | quote }}
|
|
readUserDN: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal"
|
|
readUserPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }}
|
|
mappers:
|
|
- ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin"
|
|
- ldapAndUserModelAttributeName: "oxContextIDNum"
|
|
saml:
|
|
serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
|
twoFactorAuthentication:
|
|
enabled: true
|
|
group: "2fa-users"
|
|
|
|
containerSecurityContext:
|
|
enabled: true
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
readOnlyRootFilesystem: false
|
|
privileged: false
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakBootstrap }}
|
|
|
|
podAnnotations:
|
|
intents.otterize.com/service-name: "ums-keycloak-bootstrap"
|
|
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: "Always"
|
|
|
|
resources:
|
|
{{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 2 }}
|
|
|
|
...
|