sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee9668cfe0852c2eab66ef68b7b84e76aa66afd1
opendesk/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
Sven-Erik Schmidt 7aa717c050 fix(helmfile): Streamline annotations
2025-11-12 11:28:49 +01:00

172 lines
6.2 KiB
Go Template
Raw Blame History

# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
additionalAnnotations:
{{ .Values.annotations.nubusIntercomService.additional | toYaml | nindent 2 }}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 1000
runAsGroup: 1000
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.intercom | toYaml | nindent 4 }}
{{- if .Values.certificate.selfSigned }}
extraVolumes:
- name: "trusted-cert-secret-volume"
secret:
secretName: "opendesk-certificates-ca-tls"
items:
- key: "ca.crt"
path: "ca-certificates.crt"
extraVolumeMounts:
- name: "trusted-cert-secret-volume"
mountPath: "/etc/ssl/certs/ca-certificates.crt"
subPath: "ca-certificates.crt"
{{- end }}
extraEnvVars:
- name: "REDIS_USER"
value: {{ .Values.cache.intercomService.username }}
{{- if .Values.certificate.selfSigned }}
- name: "NODE_EXTRA_CA_CERTS"
value: "/etc/ssl/certs/ca-certificates.crt"
{{- end }}
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
ics:
session:
secret: {{ .Values.secrets.intercom.secret | quote }}
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
originRegex: "{{ .Values.global.domain }}"
enableSessionCookie: true
userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"opendesk_useruuid"{{ else }}"opendesk_username"{{ end }}
usernameClaim: "opendesk_username"
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
keycloak:
realm: {{ .Values.platform.realm | quote }}
default:
domain: {{ .Values.global.domain | quote }}
oidc:
id: "opendesk-intercom"
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
matrix:
subdomain: {{ .Values.global.hosts.synapse | quote }}
serverName: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
auth:
applicationServiceSecret: {{ .Values.secrets.intercom.synapseAsToken | quote }}
nordeck:
subdomain: {{ .Values.global.hosts.matrixNeoDateFixBot | quote }}
portal:
auth:
sharedSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
redis:
host: {{ .Values.cache.intercomService.host | quote }}
port: {{ .Values.cache.intercomService.port }}
auth:
password: {{ .Values.cache.intercomService.password | default .Values.secrets.redis.password | quote }}
openxchange:
oci: true
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
audience: "opendesk-oxappsuite"
xwiki:
subdomain: {{ .Values.global.hosts.xwiki | quote }}
audience: "opendesk-xwiki"
nextcloud:
origin: {{ .Values.global.hosts.nextcloud | quote }}
subdomain: {{ .Values.global.hosts.nextcloud | quote }}
audience: "opendesk-nextcloud"
image:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.intercom.registry | quote }}
repository: {{ .Values.images.intercom.repository | quote }}
tag: {{ .Values.images.intercom.tag | quote }}
ingress:
host: "{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
enabled: {{ .Values.ingress.enabled }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
tls:
enabled: {{ .Values.ingress.tls.enabled }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
annotations:
{{ .Values.annotations.nubusIntercomService.ingress | toYaml | nindent 4 }}
podAnnotations:
intents.otterize.com/service-name: "intercom-service"
{{- with .Values.annotations.nubusIntercomService.pod }}
{{ . | toYaml | nindent 2}}
{{- end }}
podSecurityContext:
enabled: true
fsGroup: 1000
fsGroupChangePolicy: "Always"
provisioning:
# intercom OIDC client is created by opendesk-keycloak-bootstrap, as we have control over the
# client's claims this way.
enabled: false
config:
clientBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
keycloak:
realm: {{ .Values.platform.realm | quote }}
connection:
protocol: "http"
host: "ums-keycloak"
port: 8080
auth:
username: "kcadmin"
existingSecret:
name: "ums-opendesk-keycloak-credentials"
keyMapping:
password: "admin_password"
key: "admin_password"
image:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
repository: {{ .Values.images.nubusWaitForDependency.repository | quote }}
tag: {{ .Values.images.nubusWaitForDependency.tag | quote }}
provisioningImage:
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusKeycloakBootstrap.registry | quote }}
repository: {{ .Values.images.nubusKeycloakBootstrap.repository | quote }}
tag: {{ .Values.images.nubusKeycloakBootstrap.tag | quote }}
resources:
{{ .Values.resources.intercomService | toYaml | nindent 4 }}
securityContext:
seccompProfile:
type: "RuntimeDefault"
seLinuxOptions:
{{ .Values.seLinuxOptions.intercom | toYaml | nindent 6 }}
replicaCount: {{ .Values.replicas.intercomService }}
resources:
{{ .Values.resources.intercomService | toYaml | nindent 2 }}
service:
annotations:
{{ .Values.annotations.nubusIntercomService.service | toYaml | nindent 4 }}
serviceAccount:
annotations:
{{ .Values.annotations.nubusIntercomService.serviceAccount | toYaml | nindent 4 }}
...
Reference in New Issue View Git Blame Copy Permalink