119 lines
3.6 KiB
YAML
119 lines
3.6 KiB
YAML
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: "{{ .Release.Name }}-hr"
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: "{{ .Release.Name }}-repo"
|
|
chart: "collabora-online"
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
autoscaling:
|
|
enabled: false
|
|
|
|
image:
|
|
tag: "24.04.5.1.1"
|
|
|
|
{{- $host := .Values.ingress.host | default (printf "collabora.%s" .Values.commons.ingress.domain) }}
|
|
collabora:
|
|
username: collabora-admin
|
|
password: {{ .Values.adminPassword | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "admin_password") | quote }}
|
|
extra_params: >
|
|
--o:user_interface.mode=tabbed
|
|
--o:ssl.enable=false
|
|
--o:ssl.termination=true
|
|
--o:fetch_update_check=0
|
|
{{- if .Values.remoteFont.enabled }}
|
|
{{- with .Values.remoteFont.url }}
|
|
--o:remote_font_config.url={{ . }}
|
|
{{- else }}
|
|
--o:remote_font_config.url=https://fs.{{ .Values.commons.ingress.domain }}/apps/richdocuments/settings/fonts.json
|
|
{{- end }}
|
|
{{- end }}
|
|
--o:net.proto=all
|
|
|
|
server_name: {{ $host | quote }}
|
|
aliasgroups:
|
|
{{- range $host, $aliases := .Values.allowedHosts }}
|
|
- host: "https://{{ $host }}{{ gt (len $aliases) 0 | ternary (printf "|%s" (join "|" $aliases)) "" }}"
|
|
{{- else }}
|
|
- host: "https://fs.{{ .Values.commons.ingress.domain }}"
|
|
{{- end }}
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
{{- with .Values.commons.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.ingress.annotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
hosts:
|
|
- host: {{ $host | quote }}
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
{{- if .Values.commons.ingress.tls.enabled }}
|
|
tls:
|
|
{{- with .Values.commons.ingress.tls.override }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- else }}
|
|
- secretName: "mycloud-collabora-cert"
|
|
hosts:
|
|
- "{{ $host }}"
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
prometheus:
|
|
servicemonitor:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
labels:
|
|
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
|
|
rules:
|
|
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
|
|
additionalLabels:
|
|
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
|
|
|
|
grafana:
|
|
dashboards:
|
|
enabled: true
|
|
labels:
|
|
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }}
|
|
annotations:
|
|
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }}
|
|
|
|
serviceAccount:
|
|
create: true
|
|
|
|
podSecurityContext:
|
|
fsGroup: 100
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: true
|
|
privileged: false
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: true
|
|
runAsUser: 100
|
|
runAsGroup: 101
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
add:
|
|
- "CHOWN"
|
|
- "FOWNER"
|
|
- "SYS_CHROOT"
|