feat: add nginx-no-snippets preset for OnlyOffice only (opencloud-eu#123)

- Add nginx-no-snippets support directly to OnlyOffice ingress template
- No complex helper functions or changes to other ingresses
- Minimal, focused solution for environments that forbid snippets
- Document the new preset in values.yaml and README

This is a simpler alternative to PR opencloud-eu#112 that adds the functionality
only where it's needed (OnlyOffice) without over-engineering.

Fixes opencloud-eu#105

Author: michaelstingl

charts/opencloud/README.md

@@ -434,6 +434,38 @@ This ensures the `X-Forwarded-Proto: https` header is added as required by OnlyO
 | `collaboration.enabled` | Enable collaboration service | `true` |
 | `collaboration.resources` | CPU/Memory resource requests/limits | `{}` |
 
+## Ingress Configuration
+
+This chart supports standard Kubernetes Ingress resources for exposing services. For environments requiring specific ingress controller features, annotation presets are available.
+
+### Ingress Settings
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `ingress.enabled` | Enable Ingress resources | `false` |
+| `ingress.ingressClassName` | Ingress class name (e.g., nginx, traefik) | `""` |
+| `ingress.annotationsPreset` | Preset for ingress controller annotations | `""` |
+| `ingress.annotations` | Custom annotations for all ingress resources | `{}` |
+
+### Annotation Presets
+
+The `annotationsPreset` parameter helps configure ingress controller-specific features, particularly for OnlyOffice which requires the X-Forwarded-Proto header:
+
+- `nginx` - Uses configuration snippets to inject headers
+- `nginx-no-snippets` - For environments where snippets are forbidden (e.g., Rackspace)
+- `traefik` - Creates required Middleware resources
+- `haproxy` - Uses HAProxy-specific header injection
+- `contour` - Uses Contour request headers
+- `istio` - Uses Istio EnvoyFilter
+
+Example for Rackspace or security-restricted environments:
+```yaml
+ingress:
+  enabled: true
+  ingressClassName: nginx
+  annotationsPreset: nginx-no-snippets
+```
+
 ## Gateway API Configuration
 
 This chart includes HTTPRoute resources that can be used to expose the OpenCloud, Keycloak, and MinIO services externally. The HTTPRoutes are configured to route traffic to the respective services.

charts/opencloud/templates/onlyoffice/ingress.yaml

@@ -9,6 +9,10 @@
 {{- else if eq .Values.ingress.annotationsPreset "nginx" }}
   # NGINX: inject custom header via configuration-snippet
   {{- $_ := set $annotations "nginx.ingress.kubernetes.io/configuration-snippet" "more_set_headers \"X-Forwarded-Proto: https\";" }}
+{{- else if eq .Values.ingress.annotationsPreset "nginx-no-snippets" }}
+  # NGINX without snippets: use built-in forwarded headers support
+  {{- $_ := set $annotations "nginx.ingress.kubernetes.io/use-forwarded-headers" "true" }}
+  {{- $_ := set $annotations "nginx.ingress.kubernetes.io/forwarded-for-header" "X-Forwarded-For" }}
 {{- else if eq .Values.ingress.annotationsPreset "haproxy" }}
   # HAProxy: inject custom header via request-set-headers
   {{- $_ := set $annotations "haproxy.ingress.kubernetes.io/request-set-headers" "X-Forwarded-Proto https" }}

charts/opencloud/values.yaml

@@ -712,7 +712,11 @@ ingress:
   # Some components (e.g., OnlyOffice) require the X-Forwarded-Proto header to be set.
   #
   # Set 'annotationsPreset' to inject known ingress-controller-specific annotations
-  # for injecting the header. Supported values: nginx, traefik, haproxy, contour, istio
+  # for injecting the header. Supported values: nginx, nginx-no-snippets, traefik, haproxy, contour, istio
+  #
+  # Use 'nginx-no-snippets' for environments where NGINX configuration snippets are forbidden
+  # (e.g., Rackspace, security-restricted clusters). This preset uses built-in NGINX features
+  # instead of custom configuration snippets.
   #
   # If set to "traefik" and OnlyOffice is enabled, the chart will create a Middleware
   # named 'add-x-forwarded-proto-https' for use in both Ingress and Gateway HTTPRoute.