core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Running all stack

Browse Source
This commit is contained in:
mr
2026-01-06 08:23:16 +01:00
parent 5a0651106d
commit 3d416169e3
56 changed files with 1974 additions and 435 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
opencloud/values/dev-values.yaml
View File

@@ -1,10 +1,10 @@
env: {{ .Release.Name }} # For storage class provisioning
env: dev # For storage class provisioning
host: beta.opencloud.com # For reverse proxy rule
scheme: http # For reverse proxy rule
mongo-express:
enabled: true
mongodbServer: "{{ .Release.Name }}-mongodb.d{{ .Release.Namespace }}ev"
mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}"
mongodbPort: 27017
mongodbEnableAdmin: true
mongodbAdminUsername: root

589
opencloud/values/exemple-values.yaml Normal file
View File

@@ -0,0 +1,589 @@
env: exemple # For storage class provisioning
host: truc # For reverse proxy rule
registryHost: oc # For reverse proxy rule
scheme: https # For reverse proxy rule
mongo-express:
enabled: true
mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}" # TO LOOK AFTER
mongodbPort: 27017
mongodbEnableAdmin: true
mongodbAdminUsername: admin
mongodbAdminPassword: admin
siteBaseUrl: /mongoexpress
basicAuthUsername: admin
basicAuthPassword: admin
mongodb:
enabled: false
mongodb:
enabled: true
global:
defaultStorageClass: longhorn-nor1
storageClass: longhorn-nor1
architecture: standalone
useStatefulSet: false
auth:
enabled: true
rootUser: admin
rootPassword: admin
databases: [ opencloud ]
usernames: [ admin ]
passwords: [ admin ]
resourcesPreset: "small"
replicaCount: 1
persistence:
enabled: true
storageClass: longhorn-nor1
existingClaim: mongo-pvc
accessModes:
- ReadWriteOnce
size: 5000Mi
persistentVolumeClaimRetentionPolicy:
enabled: true
whenDeleted: Retain
whenScaled: Retain
arbiter:
enabled: false
livenessProbe:
enabled: true
readinessProbe:
enabled: true
nats:
enabled: true
jetstream:
enabled: true
fileStore:
size: 20Mi
storageClassName: longhorn-nor1
openldap:
enabled: true
test:
enabled: false
ltb-passwd:
enabled: false
replicaCount: 1
image:
repository: osixia/openldap
tls:
enabled: false
env:
LDAP_ORGANISATION: Opencloud
LDAP_DOMAIN: opencloud.com
LDAP_BACKEND: "mdb"
LDAP_TLS: "false"
LDAP_TLS_ENFORCE: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: admin
configPassword: "config"
phpldapadmin:
enabled: false
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Mi
storageClass: longhorn-nor1
replication:
enabled: false
externalLDAP:
enabled: false
url: ${OC_LDAP_EXTERNAL_ENDPOINT}
bindDN: cn=admin,dc=example,dc=com
bindPassword: admin
customLdifFiles:
01-schema.ldif: |-
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
ou: users
dn: cn=lastGID,dc=example,dc=com
objectClass: device
objectClass: top
description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
cn: lastGID
serialNumber: 2001
dn: cn=lastUID,dc=example,dc=com
objectClass: device
objectClass: top
serialNumber: 2001
description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
cn: lastUID
dn: cn=everybody,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: everybody
memberUid: admin
gidNumber: 2003
02-ldapadmin.ldif : |-
dn: cn=ldapadmin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: ldapadmin
memberUid: ldapadmin
gidNumber: 2001
dn: uid=ldapadmin,ou=users,dc=example,dc=com
givenName: ldap
sn: admin
uid: ldapadmin
cn: ldapadmin
mail: ldapadmin@example.com
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword: sai1yeiT
uidNumber: 2001
gidNumber: 2001
loginShell: /bin/bash
homeDirectory: /home/ldapadmin
03-opencloudadmin.ldif : |-
dn: uid=admin,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
cn: Admin
sn: Istrator
uid: admin
userPassword: admin
mail: admin@example.com
ou: users
dn: ou=AppRoles,dc=example,dc=com
objectClass: organizationalunit
ou: AppRoles
description: AppRoles
dn: ou=App1,ou=AppRoles,dc=example,dc=com
objectClass: organizationalunit
ou: App1
description: App1
prometheus:
enabled: true
enableTraefikProxyIntegration: true
server:
persistentVolume:
enabled: true
size: 5Gi
service:
type: ClusterIP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 128m
memory: 256Mi
# ldap user manager configuration
ldapUserManager:
enabled: true
env:
SERVER_HOSTNAME: ldap.exemple.com
LDAP_BASE_DN: dc=example,dc=com
LDAP_REQUIRE_STARTTLS: "false"
LDAP_ADMINS_GROUP: ldapadmin
LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com
LDAP_ADMIN_BIND_PWD: admin
LDAP_IGNORE_CERT_ERRORS: "true"
EMAIL_DOMAIN:
NO_HTTPS: "true"
SERVER_PATH: "/users"
ORGANISATION_NAME: Opencloud
LDAP_USER_OU: users
LDAP_GROUP_OU: groups
ACCEPT_WEAK_PASSWORDS: "true"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
traefik:
enabled: true
service:
type: NodePort
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
entryPoints: [web]
ports:
web:
nodePort: 30950
hydra:
enabled: true
maester:
enabled: true
secret:
enabled: false
nameOverride: hydra-secret
hashSumEnabled: false
hydra:
dev: true
existingSecret: hydra-secret
config:
dsn: memory
urls:
# login: https://localhost-login/authentication/login
# consent: https://localhost-consent/consent/consent
# logout: https://localhost-logout/authentication/logout
self:
issuer: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/"
keto:
enabled: true
keto:
config:
serve:
read:
port: 4466
write:
port: 4467
metrics:
port: 4468
namespaces:
- id: 0
name: open-cloud
dsn: memory
loki:
enabled: true
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
admin_api_directory: /var/loki/admin
storage_config:
boltdb_shipper:
active_index_directory: /var/loki/index
filesystem:
directory: /var/loki/chunks
limits_config:
allow_structured_metadata: false
schemaConfig:
configs:
- from: "2020-01-01"
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
ingester:
chunk_encoding: snappy
tracing:
enabled: true
querier:
max_concurrent: 2
deploymentMode: SingleBinary
singleBinary:
extraVolumes:
- name: loki-storage
persistentVolumeClaim:
claimName: loki-pvc
persistence:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: 1Gi
storageClassName: longhorn-nor1
claimName: loki-pvc
extraVolumeMounts:
- name: loki-storage
mountPath: /var/loki
replicas: 1
resources:
limits:
cpu: 3
memory: 4Gi
requests:
cpu: 1
memory: 0.5Gi
extraEnv:
- name: GOMEMLIMIT
value: 3750MiB
chunksCache:
# default is 500MB, with limited memory keep this smaller
writebackSizeLimit: 10MB
# Enable minio for storage
minio:
enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0
grafana:
enabled: true
adminUser: admin
adminPassword: admin
persistence:
enabled: true
size: 1Gi
service:
type: ClusterIP
argo-workflows:
enabled: false
workflow:
serviceAccount:
create: false
name: argo-workflow
rbac:
create: false # Manual provisioning
controller:
workflowNamespaces: [] #All of them
controller:
workflowDefaults:
spec:
serviceAccountName: argo-workflow
ocAuth:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-auth:0.0.1"
authType: hydra
keto:
adminRole: admin
hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret
ldap:
bindDn: cn=admin,dc=example,dc=com
binPwd: admin
baseDn: dc=example,dc=com
roleBaseDn: ou=AppRoles,dc=example,dc=com
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocFront:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-front:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocWorkspace:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-workspace:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocShared:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-shared:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocWorkflow:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-workflow:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocCatalog:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-catalog:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocPeer:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-peer:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocDatacenter:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-datacenter:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocSchedulerd:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-schedulerd:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocScheduler:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-scheduler:0.0.1"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
docker-registry-ui:
enabled: true
ui:
title: "opencloud docker registry"
proxy: true
dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000"
registry:
secretName: regcred
enabled: true
dataVolume:
persistentVolumeClaim:
claimName: docker-registry-pvc
persistence:
accessMode: ReadWriteOnce
storage: 5000Mi
storageClassName: longhorn-nor1

119
opencloud/values/test-values.yaml
View File

@@ -1,11 +1,11 @@
env: {{ .Release.Name }} # For storage class provisioning
host: exemple.com # For reverse proxy rule
registryHost: registry.exemple.com # For reverse proxy rule
env: test # For storage class provisioning
host: beta.opencloud.com # For reverse proxy rule
registryHost: oc # For reverse proxy rule
scheme: https # For reverse proxy rule
mongo-express:
enabled: true
mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}" # TO LOOK AFTER
mongodbServer: "test-mongodb.test" # TO LOOK AFTER
mongodbPort: 27017
mongodbEnableAdmin: true
mongodbAdminUsername: admin
@@ -19,8 +19,8 @@ mongo-express:
mongodb:
enabled: true
global:
defaultStorageClass: longhorn-nor1
storageClass: longhorn-nor1
defaultStorageClass:
storageClass:
architecture: standalone
useStatefulSet: false
auth:
@@ -28,17 +28,18 @@ mongodb:
rootUser: admin
rootPassword: admin
databases: [ opencloud ]
usernames: []
passwords: []
usernames: [ admin ]
passwords: [ admin ]
resourcesPreset: "small"
replicaCount: 1
persistence:
enabled: true
storageClass: longhorn-nor1
create: false # do not auto-create
existingClaim: mongo-pvc
storageClassName:
accessModes:
- ReadWriteOnce
size: 5000Mi
- ReadWriteOnce
size: 5000Mi
persistentVolumeClaimRetentionPolicy:
enabled: true
whenDeleted: Retain
@@ -52,11 +53,45 @@ mongodb:
nats:
enabled: true
jetstream:
enabled: true
fileStore:
size: 20Mi
storageClassName: longhorn-nor1
extraEnv:
- name: NATS_MAX_FILE_DESCRIPTORS
value: "65536"
extraVolumeMounts:
- name: nats-config
mountPath: /etc/nats
config:
jetstream:
enabled: true
fileStore:
enabled: true
dir: /data/jetstream # mountPath used by template
# pvc block must live here
pvc:
enabled: true
# if you already created the claim, set existingClaim:
existingClaim: nats-pvc
# storageClassName: local-path or standard (use the SC in your cluster)
storageClassName:
size: 50Gi
# name is the volume name used in volumeMounts; keep it simple
name: nats-jetstream
reloader:
enabled: false
image: "natsio/nats-server-config-reloader:0.16.0-debian"
# Override ENTRYPOINT so we can raise ulimit before starting the real binary
command:
- /bin/sh
- -c
args:
- -pid
- /var/run/nats/nats.pid
- -config
- /etc/nats-config/nats.conf
# Required to allow ulimit raise
securityContext:
runAsUser: 0
openldap:
enabled: true
@@ -73,8 +108,8 @@ openldap:
LDAP_ORGANISATION: Opencloud
LDAP_DOMAIN: opencloud.com
LDAP_BACKEND: "mdb"
LDAP_TLS: false
LDAP_TLS_ENFORCE: false
LDAP_TLS: "false"
LDAP_TLS_ENFORCE: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: admin
configPassword: "config"
@@ -82,9 +117,11 @@ openldap:
enabled: false
persistence:
enabled: true
create: false # do not auto-create
existingClaim: openldap-pvc
accessMode: ReadWriteOnce
size: 10Mi
storageClass: longhorn-nor1
storageClassName:
replication:
enabled: false
externalLDAP:
@@ -154,7 +191,7 @@ openldap:
uid: admin
userPassword: admin
mail: admin@example.com
ou: Users
ou: users
dn: ou=AppRoles,dc=example,dc=com
objectClass: organizationalunit
@@ -168,6 +205,7 @@ openldap:
prometheus:
enabled: true
enableTraefikProxyIntegration: true
server:
persistentVolume:
enabled: true
@@ -188,13 +226,13 @@ ldapUserManager:
env:
SERVER_HOSTNAME: ldap.exemple.com
LDAP_BASE_DN: dc=example,dc=com
LDAP_REQUIRE_STARTTLS: false
LDAP_REQUIRE_STARTTLS: "false"
LDAP_ADMINS_GROUP: ldapadmin
LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com
LDAP_ADMIN_BIND_PWD: admin
LDAP_IGNORE_CERT_ERRORS: true
LDAP_IGNORE_CERT_ERRORS: "true"
EMAIL_DOMAIN:
NO_HTTPS: true
NO_HTTPS: "true"
SERVER_PATH: "/users"
ORGANISATION_NAME: Opencloud
LDAP_USER_OU: users
@@ -239,7 +277,7 @@ hydra:
# consent: https://localhost-consent/consent/consent
# logout: https://localhost-logout/authentication/logout
self:
issuer: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/"
issuer: "http://test-hydra-public.test:4444/"
keto:
enabled: true
@@ -303,8 +341,9 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: 1Gi
storageClassName: longhorn-nor1
claimName: loki-pvc
storageClassName:
create: false
claimName: loki-pvc
extraVolumeMounts:
- name: loki-storage
@@ -382,7 +421,7 @@ argo-workflows:
ocAuth:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-auth:0.0.1
image: "oc/oc-auth:0.0.1"
authType: hydra
keto:
adminRole: admin
@@ -410,7 +449,7 @@ ocAuth:
ocFront:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-front:0.0.1
image: "oc/oc-front:0.0.1"
resources:
limits:
cpu: 128m
@@ -428,7 +467,7 @@ ocFront:
ocWorkspace:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-workspace:0.0.1
image: "oc/oc-workspace:0.0.1"
resources:
limits:
cpu: 128m
@@ -447,7 +486,7 @@ ocWorkspace:
ocShared:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-shared:0.0.1
image: "oc/oc-shared:0.0.1"
resources:
limits:
cpu: 128m
@@ -465,7 +504,7 @@ ocShared:
ocWorkflow:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-workflow:0.0.1
image: "oc/oc-workflow:0.0.1"
resources:
limits:
cpu: 128m
@@ -483,7 +522,7 @@ ocWorkflow:
ocCatalog:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-catalog:0.0.1
image: "oc/oc-catalog:0.0.1"
resources:
limits:
cpu: 128m
@@ -501,7 +540,7 @@ ocCatalog:
ocPeer:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-peer:0.0.1
image: "oc/oc-peer:0.0.1"
resources:
limits:
cpu: 128m
@@ -519,7 +558,7 @@ ocPeer:
ocDatacenter:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-datacenter:0.0.1
image: "oc/oc-datacenter:0.0.1"
resources:
limits:
cpu: 128m
@@ -537,7 +576,7 @@ ocDatacenter:
ocSchedulerd:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-schedulerd:0.0.1
image: "oc/oc-schedulerd:0.0.1"
resources:
limits:
cpu: 128m
@@ -555,7 +594,7 @@ ocSchedulerd:
ocScheduler:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-scheduler:0.0.1
image: "oc/oc-scheduler:0.0.1"
resources:
limits:
cpu: 128m
@@ -575,7 +614,7 @@ docker-registry-ui:
ui:
title: "opencloud docker registry"
proxy: true
dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000"
dockerRegistryUrl: "http://test-docker-registry-ui-registry-server.test.svc.cluster.local:5000"
registry:
secretName: regcred
enabled: true
@@ -583,6 +622,8 @@ docker-registry-ui:
persistentVolumeClaim:
claimName: docker-registry-pvc
persistence:
create: false
existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce
storage: 5000Mi
storageClassName: longhorn-nor1
storage: 5Gi
storageClassName: