core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Volume

Browse Source
This commit is contained in:
mr
2026-01-15 15:48:10 +01:00
parent 8098a86dae
commit 1b77b8b6cf
55 changed files with 246 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/main.go
View File

@@ -38,7 +38,7 @@ func action() error {
if len(os.Args) > 2 {
args = os.Args[2:]
}
internal.Start(args...)
internal.Stop(args...)
case "extract":
what := os.Args[2]
switch what {

BIN
cmd/oc-k8s
View File

Binary file not shown.

2
cmd/opencloud-chart/Chart.lock
View File

@@ -36,4 +36,4 @@ dependencies:
repository: https://prometheus-community.github.io/helm-charts
version: 27.45.0
digest: sha256:11c96ddd86e2857872d7dafaa48b545870bef019169b0cc1c00ed3fb9f32b9ac
generated: "2026-01-08T21:09:54.004802973+01:00"
generated: "2026-01-15T15:35:28.283016654+01:00"

3
cmd/opencloud-chart/templates/hydra.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/hydra`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}
name: {{ .Release.Name }}-hydra-public
passHostHeader: true
port: 4444
---

1
cmd/opencloud-chart/templates/ldapUserManager.yaml
View File

@@ -104,7 +104,6 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/users`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-ldap-user-manager-svc

2
cmd/opencloud-chart/templates/mongo.yaml
View File

@@ -11,5 +11,5 @@ spec:
resources:
requests:
storage: {{ .Values.mongodb.persistence.size }}
storageClassName: {{ .Values.mongodb.persistence.storageClass }}
storageClassName: {{ .Values.mongodb.global.storageClass }}
{{- end }}

3
cmd/opencloud-chart/templates/mongoExpress.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/mongoexpress`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-mongo-express.{{ .Release.Namespace }}
name: {{ .Release.Name }}-mongo-express
passHostHeader: true
port: 8081
{{- end }}

18
cmd/opencloud-chart/templates/oc-front/config.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: front-config
data:
config.json: |
{
"WORKSPACE_HOST": "workspace",
"WORKFLOW_HOST": "workflow",
"CATALOG_HOST": "catalog",
"SCHEDULER_HOST": "scheduler",
"PEER_HOST": "peers",
"DATACENTER_HOST": "datacenter",
"COLLABORATIVE_AREA_HOST": "shared",
"HOST": "{{ .Values.scheme }}://{{ .Values.host }}",
}
{{- end }}

10
cmd/opencloud-chart/templates/oc-front/deployment.yaml
View File

@@ -1,4 +1,4 @@
{{- if .Values.ocFront.enabled }}
{{- if index .Values.ocFront.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -6,7 +6,7 @@ metadata:
app: oc-front
name: {{ .Release.Name }}-oc-front
spec:
replicas: {{ .Values.ocFront.replicas }}
replicas: 1
selector:
matchLabels:
app: oc-front
@@ -30,12 +30,6 @@ spec:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
resources:
limits:
cpu: "{{ .Values.ocFront.resources.limits.cpu }}"

5
cmd/opencloud-chart/templates/prometheus.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/monitor`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-monitor.{{ .Release.Namespace }}
name: {{ .Release.Name }}-prometheus-server
passHostHeader: true
port: 9090
port: 80
{{- end }}

2
cmd/opencloud-chart/templates/registry/docker-registry.yaml
View File

@@ -25,7 +25,6 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.registryHost }}`)
priority: 5
services:
- kind: Service
name: {{ .Values.env }}-docker-registry-ui-registry-server
@@ -43,7 +42,6 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`)
priority: 10
services:
- kind: Service
name: {{ .Values.env }}-docker-registry-ui-user-interface

2
cmd/opencloud-chart/templates/traefik.yaml → cmd/opencloud-chart/templates/traefik/traefik.yaml
View File

@@ -1,3 +1,4 @@
{{- if index .Values.traefik.enabled }}
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
@@ -6,3 +7,4 @@ spec:
forwardAuth:
address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward"
trustForwardHeader: true
{{- end }}

BIN
cmd/opencloud-chart/tmpcharts-699769/mongodb-16.3.1.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-699769/nats-1.2.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-699769/openldap-2.0.4.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-699769/traefik-33.0.0.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/mongo-express-6.5.2.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/mongodb-16.3.1.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/nats-1.2.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/openldap-2.0.4.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-734773/traefik-33.0.0.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/hydra-0.50.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/keto-0.50.2.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/loki-6.23.0.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/mongo-express-6.5.2.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/mongodb-16.3.1.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/nats-1.2.6.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/openldap-2.0.4.tgz
View File

Binary file not shown.

BIN
cmd/opencloud-chart/tmpcharts-760958/traefik-33.0.0.tgz
View File

Binary file not shown.

16
cmd/opencloud-chart/values.yaml.template
View File

@@ -1,5 +1,6 @@
env: ${RELEASE:-prod} # For storage class provisioning
name: ${CLUSTER_NAME:-opencloud}
clusterName: ${CLUSTER_NAME:-opencloud}
hostNetwork: true
host: ${HOST:-beta.opencloud.com}
registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule
scheme: https # For reverse proxy rule
@@ -20,8 +21,8 @@ mongo-express:
mongodb:
enabled: ${OC_MONGO_ENABLED:-true}
global:
defaultStorageClass: ${OC_MONGO_STORAGE:-""}
storageClass: ${OC_MONGO_STORAGE:-""}
defaultStorageClass: ${OC_MONGO_STORAGE:-"standard"}
storageClass: ${OC_MONGO_STORAGE:-"standard"}
architecture: standalone
useStatefulSet: false
auth:
@@ -37,7 +38,7 @@ mongodb:
enabled: true
create: false # do not auto-create
existingClaim: ${OC_MONGO_PVC:-mongo-pvc}
storageClassName: ${OC_MONGO_STORAGE:-""}
storageClassName: ${OC_MONGO_STORAGE:-"standard"}
accessModes:
- ReadWriteOnce
size: ${OC_MONGO_SIZE:-5000Mi}
@@ -242,7 +243,6 @@ traefik:
ports:
web:
nodePort: 30950
hydra:
enabled: ${OC_HYDRA_ENABLED:-true}
maester:
@@ -287,6 +287,7 @@ loki:
commonConfig:
replication_factor: 1
storage:
storageClassName: standard
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
@@ -325,7 +326,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: ${OC_LOKI_SIZE:-1Gi}
storageClassName: ${OC_LOKI_STORAGE:-""}
storageClassName: ${OC_LOKI_STORAGE:-"standard"}
create: false
claimName: ${OC_LOKI_PVC:-loki-pvc}
@@ -607,7 +608,8 @@ docker-registry-ui:
claimName: docker-registry-pvc
persistence:
create: false
storageClassName: standard
existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce
storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}
storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-""}
storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-"standard"}

22
cmd/test-values.yaml
View File

@@ -1,4 +1,4 @@
env: sqsdq # For storage class provisioning
env: test # For storage class provisioning
clusterName: opencloud
host: beta.opencloud.com
registryHost: oc # For reverse proxy rule
@@ -6,7 +6,7 @@ scheme: https # For reverse proxy rule
mongo-express:
enabled: true
mongodbServer: "sqsdq-mongodb.sqsdq" # TO LOOK AFTER
mongodbServer: "test-mongodb.test" # TO LOOK AFTER
mongodbPort: 27017
mongodbEnableAdmin: true
mongodbAdminUsername: admin
@@ -20,8 +20,8 @@ mongo-express:
mongodb:
enabled: true
global:
defaultStorageClass: ""
storageClass: ""
defaultStorageClass: "standard"
storageClass: "standard"
architecture: standalone
useStatefulSet: false
auth:
@@ -37,7 +37,7 @@ mongodb:
enabled: true
create: false # do not auto-create
existingClaim: mongo-pvc
storageClassName: ""
storageClassName: "standard"
accessModes:
- ReadWriteOnce
size: 5000Mi
@@ -53,7 +53,7 @@ mongodb:
enabled: true
nats:
enabled: false
enabled: true
extraEnv:
- name: NATS_MAX_FILE_DESCRIPTORS
value: "65536"
@@ -78,7 +78,7 @@ nats:
name: nats-jetstream
openldap:
enabled: false
enabled: true
test:
enabled: false
ltb-passwd:
@@ -261,7 +261,7 @@ hydra:
# consent: https://localhost-consent/consent/consent
# logout: https://localhost-logout/authentication/logout
self:
issuer: "http://sqsdq-hydra-public.sqsdq:4444/"
issuer: "http://test-hydra-public.test:4444/"
keto:
enabled: true
@@ -325,7 +325,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: 1Gi
storageClassName: ""
storageClassName: "standard"
create: false
claimName: loki-pvc
@@ -598,7 +598,7 @@ docker-registry-ui:
ui:
title: "opencloud docker registry"
proxy: true
dockerRegistryUrl: "http://sqsdq-docker-registry-ui-registry-server.sqsdq.svc.cluster.local:5000"
dockerRegistryUrl: "http://test-docker-registry-ui-registry-server.test.svc.cluster.local:5000"
registry:
secretName: regcred
enabled: true
@@ -610,4 +610,4 @@ docker-registry-ui:
existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce
storage: 5Gi
storageClassName: ""
storageClassName: "standard"

60
cmd/tmp.json Normal file
View File

@@ -0,0 +1,60 @@
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
"creationTimestamp": "2026-01-14T12:21:46Z",
"deletionTimestamp": "2026-01-15T07:35:29Z",
"labels": {
"kubernetes.io/metadata.name": "test",
"name": "test"
},
"name": "test",
"resourceVersion": "55940",
"uid": "4b990a37-71e7-44d8-9e70-cbaf10b8ed52"
},
"spec": {
"finalizers": [
"kubernetes"
]
},
"status": {
"conditions": [
{
"lastTransitionTime": "2026-01-15T13:06:55Z",
"message": "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: stale GroupVersion discovery: metrics.k8s.io/v1beta1",
"reason": "DiscoveryFailed",
"status": "True",
"type": "NamespaceDeletionDiscoveryFailure"
},
{
"lastTransitionTime": "2026-01-15T07:35:35Z",
"message": "All legacy kube types successfully parsed",
"reason": "ParsedGroupVersions",
"status": "False",
"type": "NamespaceDeletionGroupVersionParsingFailure"
},
{
"lastTransitionTime": "2026-01-15T07:35:35Z",
"message": "All content successfully deleted, may be waiting on finalization",
"reason": "ContentDeleted",
"status": "False",
"type": "NamespaceDeletionContentFailure"
},
{
"lastTransitionTime": "2026-01-15T07:36:19Z",
"message": "Some resources are remaining: oauth2clients.hydra.ory.sh has 1 resource instances",
"reason": "SomeResourcesRemain",
"status": "True",
"type": "NamespaceContentRemaining"
},
{
"lastTransitionTime": "2026-01-15T07:36:19Z",
"message": "Some content in the namespace has finalizers remaining: finalizer.ory.hydra.sh in 1 resource instances",
"reason": "SomeFinalizersRemain",
"status": "True",
"type": "NamespaceFinalizersRemaining"
}
],
"phase": "Terminating"
}
}

5
internal/cluster.go
View File

@@ -44,7 +44,6 @@ func Delete_Cluster(args ...string) error {
}
func Create_Cluster(args ...string) error {
Delete_Cluster(args...)
folder := "."
env := "dev"
if len(args) > 0 {
@@ -109,5 +108,9 @@ containerdConfigPatches:
if err := utils.Exec("kubectl config use-context kind-opencloud"); err != nil {
return err
}
if err := utils.Exec("docker start opencloud-control-plane"); err != nil {
return err
}
return nil
}

2
internal/func.go
View File

@@ -42,6 +42,8 @@ Usage:
func Start(args ...string) error {
utils.Exec("sudo sysctl -w fs.inotify.max_user_instances=256")
utils.Exec("sudo sysctl -w fs.inotify.max_user_watches=65536")
utils.Exec("sudo /etc/init.d/apache2 stop")
utils.Exec("sudo nginx -s stop")
Create_Cluster(args...)

24
internal/helm.go
View File

@@ -53,11 +53,11 @@ func Delete_Helm(args ...string) error {
func Create_Helm(args ...string) error {
tmp := "./opencloud-chart"
utils.Exec("sudo rm -rf " + tmp)
if err := os.MkdirAll(tmp, os.ModePerm); err != nil {
fmt.Println(err)
return err
}
defer os.RemoveAll(tmp)
ExtractTrees("assets", tmp)
folder := "."
@@ -77,22 +77,40 @@ func Create_Helm(args ...string) error {
if len(args) > 2 {
namespace = args[2]
}
fmt.Println("set up helm")
if err := utils.Exec("helm dependency update " + tmp); err != nil {
return err
}
fmt.Println("set up deps")
for name, repo := range utils.ExtractRepo() {
utils.Exec("helm repo add " + name + " " + repo)
}
if err := utils.Exec("helm dependency build " + tmp); err != nil {
return err
}
utils.Exec("kubectl delete sc longhorn-nor1")
if err := utils.Exec("helm install " + release + " " + tmp + " -n " + namespace + " --create-namespace -f " + folder + "/" + release + "-values.yaml --debug"); err != nil {
utils.Exec("sudo ulimit -n 1000000")
utils.Exec("helm repo add jetstack https://charts.jetstack.io")
utils.Exec("helm repo update")
utils.Exec("kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.crds.yaml")
utils.Exec("helm repo add jetstack https://charts.jetstack.io")
utils.Exec("helm repo update")
utils.Exec("helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.14.0")
utils.Exec("helm install admiralty oci://public.ecr.aws/admiralty/admiralty --namespace admiralty --create-namespace --version 0.17.0 --wait")
utils.Exec("helm repo add argo https://argoproj.github.io/argo-helm")
utils.Exec("helm repo update")
utils.Exec("helm install argo-workflows argo/argo-workflows --namespace argo --create-namespace")
if err := utils.Exec("helm upgrade --install " + release + " " + tmp + " -n " + namespace + " --create-namespace -f " + folder + "/" + release + "-values.yaml --debug"); err != nil {
return err
}
utils.Exec("kind get kubeconfig --name " + clusterName + " > ./deployed_config")
utils.Exec("kind export logs ./kind-logs")
utils.Exec("sudo rm -rf " + tmp)
return nil
}

1
internal/values.go
View File

@@ -58,6 +58,7 @@ func generateConfig(confFile string, release string, output_folder string) error
if err != nil {
return err
}
confs["RELEASE"] = release
rendered := renderTemplate(string(content), confs)

3
utils/assets/templates/hydra.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/hydra`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}
name: {{ .Release.Name }}-hydra-public
passHostHeader: true
port: 4444
---

1
utils/assets/templates/ldapUserManager.yaml
View File

@@ -104,7 +104,6 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/users`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-ldap-user-manager-svc

2
utils/assets/templates/mongo.yaml
View File

@@ -11,5 +11,5 @@ spec:
resources:
requests:
storage: {{ .Values.mongodb.persistence.size }}
storageClassName: {{ .Values.mongodb.persistence.storageClass }}
storageClassName: {{ .Values.mongodb.global.storageClass }}
{{- end }}

3
utils/assets/templates/mongoExpress.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/mongoexpress`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-mongo-express.{{ .Release.Namespace }}
name: {{ .Release.Name }}-mongo-express
passHostHeader: true
port: 8081
{{- end }}

7
utils/assets/templates/oc-auth/deployment.yaml
View File

@@ -16,6 +16,10 @@ spec:
app: oc-auth
spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
- name: public-key-volume
secret:
secretName: public-key-secret
@@ -37,6 +41,9 @@ spec:
- name: private-key-volume
mountPath: /keys/private/private.pem
subPath: private.pem
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom:
- configMapRef:
name: opencloud-config

9
utils/assets/templates/oc-catalog/deployment.yaml
View File

@@ -15,6 +15,11 @@ spec:
labels:
app: oc-catalog
spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
{{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
imagePullSecrets:
- name: regcred
@@ -42,4 +47,8 @@ spec:
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
{{- end }}

9
utils/assets/templates/oc-datacenter/deployment.yaml
View File

@@ -19,9 +19,18 @@ spec:
imagePullSecrets:
- name: regcred
{{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers:
- image: "{{ .Values.ocDatacenter.image }}"
name: oc-datacenter
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom:
- configMapRef:
name: opencloud-config

18
utils/assets/templates/oc-front/config.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if index .Values.ocFront.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: front-config
data:
config.json: |
{
"WORKSPACE_HOST": "workspace",
"WORKFLOW_HOST": "workflow",
"CATALOG_HOST": "catalog",
"SCHEDULER_HOST": "scheduler",
"PEER_HOST": "peers",
"DATACENTER_HOST": "datacenter",
"COLLABORATIVE_AREA_HOST": "shared",
"HOST": "{{ .Values.scheme }}://{{ .Values.host }}",
}
{{- end }}

12
utils/assets/templates/oc-front/deployment.yaml
View File

@@ -1,4 +1,4 @@
{{- if .Values.ocFront.enabled }}
{{- if index .Values.ocFront.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -6,7 +6,7 @@ metadata:
app: oc-front
name: {{ .Release.Name }}-oc-front
spec:
replicas: {{ .Values.ocFront.replicas }}
replicas: 1
selector:
matchLabels:
app: oc-front
@@ -28,14 +28,8 @@ spec:
name: oc-front
ports:
- name: http
containerPort: 80
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
resources:
limits:
cpu: "{{ .Values.ocFront.resources.limits.cpu }}"

2
utils/assets/templates/oc-front/service.yaml
View File

@@ -10,7 +10,7 @@ spec:
- name: http
port: 8080
protocol: TCP
targetPort: 80
targetPort: 8080
selector:
app: oc-front
type: ClusterIP

9
utils/assets/templates/oc-peer/deployment.yaml
View File

@@ -19,12 +19,21 @@ spec:
imagePullSecrets:
- name: regcred
{{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers:
- image: "{{ .Values.ocPeer.image }}"
name: oc-peer
envFrom:
- configMapRef:
name: opencloud-config
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
livenessProbe:
httpGet:
path: /oc/version

9
utils/assets/templates/oc-scheduler/deployment.yaml
View File

@@ -15,6 +15,11 @@ spec:
labels:
app: oc-scheduler
spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
serviceAccountName: scheduler-sa
{{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
imagePullSecrets:
@@ -23,6 +28,10 @@ spec:
containers:
- image: "{{ .Values.ocScheduler.image }}"
name: oc-scheduler
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom:
- configMapRef:
name: opencloud-config

9
utils/assets/templates/oc-shared/deployment.yaml
View File

@@ -19,9 +19,18 @@ spec:
imagePullSecrets:
- name: regcred
{{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers:
- image: "{{ .Values.ocShared.image }}"
name: oc-shared
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom:
- configMapRef:
name: opencloud-config

9
utils/assets/templates/oc-workflow/deployment.yaml
View File

@@ -19,9 +19,18 @@ spec:
imagePullSecrets:
- name: regcred
{{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers:
- image: "{{ .Values.ocWorkflow.image }}"
name: oc-shared
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom:
- configMapRef:
name: opencloud-config

9
utils/assets/templates/oc-workspace/deployment.yaml
View File

@@ -15,9 +15,18 @@ spec:
labels:
app: oc-workspace
spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers:
- image: "{{ .Values.ocWorkspace.image }}"
name: oc-workspace
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
envFrom:
- configMapRef:
name: opencloud-config

5
utils/assets/templates/prometheus.yaml
View File

@@ -9,10 +9,9 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.host }}`) && PathPrefix(`/monitor`)
priority: 10
services:
- kind: Service
name: {{ .Release.Name }}-monitor.{{ .Release.Namespace }}
name: {{ .Release.Name }}-prometheus-server
passHostHeader: true
port: 9090
port: 80
{{- end }}

2
utils/assets/templates/registry/docker-registry.yaml
View File

@@ -25,7 +25,6 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.registryHost }}`)
priority: 5
services:
- kind: Service
name: {{ .Values.env }}-docker-registry-ui-registry-server
@@ -43,7 +42,6 @@ spec:
routes:
- kind: Rule
match: Host(`{{ .Values.registryHost }}`) && PathPrefix(`/ui`)
priority: 10
services:
- kind: Service
name: {{ .Values.env }}-docker-registry-ui-user-interface

2
utils/assets/templates/traefik.yaml → utils/assets/templates/traefik/traefik.yaml
View File

@@ -1,3 +1,4 @@
{{- if index .Values.traefik.enabled }}
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
@@ -6,3 +7,4 @@ spec:
forwardAuth:
address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward"
trustForwardHeader: true
{{- end }}

16
utils/assets/values.yaml.template
View File

@@ -1,5 +1,6 @@
env: ${RELEASE:-prod} # For storage class provisioning
name: ${CLUSTER_NAME:-opencloud}
clusterName: ${CLUSTER_NAME:-opencloud}
hostNetwork: true
host: ${HOST:-beta.opencloud.com}
registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule
scheme: https # For reverse proxy rule
@@ -20,8 +21,8 @@ mongo-express:
mongodb:
enabled: ${OC_MONGO_ENABLED:-true}
global:
defaultStorageClass: ${OC_MONGO_STORAGE:-""}
storageClass: ${OC_MONGO_STORAGE:-""}
defaultStorageClass: ${OC_MONGO_STORAGE:-"standard"}
storageClass: ${OC_MONGO_STORAGE:-"standard"}
architecture: standalone
useStatefulSet: false
auth:
@@ -37,7 +38,7 @@ mongodb:
enabled: true
create: false # do not auto-create
existingClaim: ${OC_MONGO_PVC:-mongo-pvc}
storageClassName: ${OC_MONGO_STORAGE:-""}
storageClassName: ${OC_MONGO_STORAGE:-"standard"}
accessModes:
- ReadWriteOnce
size: ${OC_MONGO_SIZE:-5000Mi}
@@ -242,7 +243,6 @@ traefik:
ports:
web:
nodePort: 30950
hydra:
enabled: ${OC_HYDRA_ENABLED:-true}
maester:
@@ -287,6 +287,7 @@ loki:
commonConfig:
replication_factor: 1
storage:
storageClassName: standard
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
@@ -325,7 +326,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: ${OC_LOKI_SIZE:-1Gi}
storageClassName: ${OC_LOKI_STORAGE:-""}
storageClassName: ${OC_LOKI_STORAGE:-"standard"}
create: false
claimName: ${OC_LOKI_PVC:-loki-pvc}
@@ -607,7 +608,8 @@ docker-registry-ui:
claimName: docker-registry-pvc
persistence:
create: false
storageClassName: standard
existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce
storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}
storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-""}
storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-"standard"}