100 lines
2.9 KiB
YAML
100 lines
2.9 KiB
YAML
init:
|
|
version: 0
|
|
namespace: "bases"
|
|
|
|
commons:
|
|
# -- masterPassword to generate secrets
|
|
# @section -- Commons
|
|
masterPassword: "CHANGEME"
|
|
|
|
helm:
|
|
release:
|
|
# -- install of FluxCD HelmRelease
|
|
# @section -- Commons helm release
|
|
install: {}
|
|
# -- test of FluxCD HelmRelease
|
|
# @section -- Commons helm release
|
|
test: {}
|
|
# -- upgrade of FluxCD HelmRelease
|
|
# @section -- Commons helm release
|
|
upgrade: {}
|
|
# -- driftDetection of FluxCD HelmRelease
|
|
# @section -- Commons helm release
|
|
driftDetection: {}
|
|
|
|
ingress:
|
|
# -- top domain for all services
|
|
# @section -- Commons Ingress
|
|
domain: "wrenix.eu"
|
|
# -- annotations for all ingress objects
|
|
# @section -- Commons Ingress
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
tls:
|
|
# -- tls on every ingress
|
|
# @section -- Commons Ingress
|
|
enabled: true
|
|
# -- use own definition of tls (e.g. for own or wildcard certificate)
|
|
# @section -- Commons Ingress
|
|
override: []
|
|
|
|
prometheus:
|
|
monitor:
|
|
# -- labels on Pod- and Service-Monitor
|
|
# @section -- Commons Monitoring
|
|
labels: {}
|
|
rules:
|
|
# -- labels on PrometheusRules
|
|
# @section -- Commons Monitoring
|
|
labels: {}
|
|
|
|
grafana:
|
|
dashboards:
|
|
# -- labels of grafana dashboard configmap
|
|
# @section -- Commons Monitoring
|
|
labels: {}
|
|
# -- annotations of grafana dashboard configmap
|
|
# @section -- Commons Monitoring
|
|
annotations: {}
|
|
|
|
|
|
ingress:
|
|
# -- default: fs.(Values.commons.ingress.domain)
|
|
host:
|
|
# -- ingress annotatations - default are all the best practise of collabora
|
|
annotations:
|
|
# nginx controller
|
|
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
|
|
nginx.ingress.kubernetes.io/server-snippet: |
|
|
location /cool/getMetrics { deny all; return 403; }
|
|
location /cool/adminws/ { deny all; return 403; }
|
|
location /browser/dist/admin/admin.html { deny all; return 403; }
|
|
# haproxy community
|
|
haproxy-ingress.github.io/timeout-tunnel: 3600s
|
|
haproxy-ingress.github.io/assign-backend-server-id: "true"
|
|
haproxy-ingress.github.io/balance-algorithm: url_param WOPISrc
|
|
haproxy-ingress.github.io/config-backend:
|
|
hash-type consistent
|
|
acl admin_url path_beg /cool/getMetrics
|
|
acl admin_url path_beg /cool/adminws/
|
|
acl admin_url path_beg /browser/dist/admin/admin.html
|
|
http-request deny if admin_url
|
|
|
|
|
|
# -- adminPassword to access collabora admin platform
|
|
adminPassword:
|
|
|
|
remoteFont:
|
|
# -- remote font setup
|
|
# @section -- Remote font
|
|
enabled: true
|
|
# -- url to remote font
|
|
# default (set to nextcloud)
|
|
# @section -- Remote font
|
|
url:
|
|
|
|
# -- allowed host to use this collabora instance
|
|
# if not set we allow defaults (like nextcloud)
|
|
# example:
|
|
# main.host.de: [ "alias1.host.de", "alias2.host.de" ]
|
|
allowedHosts: {}
|