Running all stack

opencloud/values.yaml.template

@@ -1,11 +1,11 @@
-env: {{ .Release.Name }} # For storage class provisioning
-host: ${HOST:-exemple.com}  # For reverse proxy rule
-registryHost: ${REGISTRY_HOST:-registry.exemple.com} # For reverse proxy rule
+env: ${RELEASE:-prod} # For storage class provisioning
+host: ${HOST:-beta.opencloud.com}  # For reverse proxy rule
+registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule
 scheme: https # For reverse proxy rule
 
 mongo-express:
   enabled: ${OC_MONGOEXPRESS_ENABLED:-true}
-  mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}" # TO LOOK AFTER
+  mongodbServer: "${RELEASE:-prod}-mongodb.${RELEASE:-prod}" # TO LOOK AFTER
   mongodbPort: 27017
   mongodbEnableAdmin: true
   mongodbAdminUsername: ${OC_MONGO_ADMIN:-admin}
@@ -19,26 +19,27 @@ mongo-express:
 mongodb:
   enabled: ${OC_MONGO_ENABLED:-true}
   global:
-    defaultStorageClass: longhorn-nor1
-    storageClass: longhorn-nor1
+    defaultStorageClass: ${OC_MONGO_STORAGE:-""}
+    storageClass: ${OC_MONGO_STORAGE:-""}
   architecture: standalone
   useStatefulSet: false
   auth:
     enabled: true
-    rootUser: ${OC_MONGO_ADMIN:-admin}
-    rootPassword: ${OC_MONGO_PWD:-admin}
+    rootUser: ${OC_MONGO_ADMIN_USERNAME:-admin}
+    rootPassword: ${OC_MONGO_ADMIN_PWD:-admin}
     databases: [ ${OC_MONGO_DATABASE:-opencloud} ]
-    usernames: []
-    passwords: []
+    usernames: [ ${OC_MONGO_USERNAME:-admin} ]
+    passwords: [ ${OC_MONGO_PWD:-admin} ]
   resourcesPreset: "small"
   replicaCount: 1
   persistence:
     enabled: true
-    storageClass: longhorn-nor1
-    existingClaim: mongo-pvc
+    create: false            # do not auto-create
+    existingClaim: ${OC_MONGO_PVC:-mongo-pvc}
+    storageClassName: ${OC_MONGO_STORAGE:-""}
     accessModes: 
-    - ReadWriteOnce
-    size: ${OC_MONGO_SIZE:-5000Mi} 
+      - ReadWriteOnce
+    size: ${OC_MONGO_SIZE:-5000Mi}
   persistentVolumeClaimRetentionPolicy:
     enabled: true
     whenDeleted: Retain
@@ -52,11 +53,28 @@ mongodb:
 
 nats:
   enabled: ${OC_NATS_ENABLED:-true}
-  jetstream:
-    enabled: true
-    fileStore:
-      size: ${OC_NATS_SIZE:-20Mi} 
-      storageClassName: longhorn-nor1
+  extraEnv:
+    - name: NATS_MAX_FILE_DESCRIPTORS
+      value: "65536"
+  extraVolumeMounts:
+    - name: nats-config
+      mountPath: /etc/nats
+  config:
+    jetstream:
+      enabled: true
+      fileStore:
+        enabled: true
+        dir: /data/jetstream        # mountPath used by template
+        # pvc block must live here
+        pvc:
+          enabled: true
+          # if you already created the claim, set existingClaim:
+          existingClaim: nats-pvc
+          # storageClassName: local-path or standard (use the SC in your cluster)
+          storageClassName: ${OC_NATS_STORAGE:-""}
+          size: ${OC_NATS_SIZE:-50Gi} 
+          # name is the volume name used in volumeMounts; keep it simple
+          name: nats-jetstream
 
 openldap:
   enabled: ${OC_LDAP_ENABLED:-true}
@@ -73,8 +91,8 @@ openldap:
     LDAP_ORGANISATION: ${OC_LDAP_ORGANISATION:-Opencloud}
     LDAP_DOMAIN: ${OC_LDAP_DOMAIN:-opencloud.com}
     LDAP_BACKEND: "mdb"
-    LDAP_TLS: ${OC_LDAP_TLS:-false}
-    LDAP_TLS_ENFORCE: ${OC_LDAP_TLS:-false}
+    LDAP_TLS: "${OC_LDAP_TLS:-false}"
+    LDAP_TLS_ENFORCE: "${OC_LDAP_TLS:-false}"
     LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
   adminPassword: ${OC_LDAP_ADMIN_PWD:-admin}
   configPassword: "${OC_LDAP_CONFIG_PWD:-config}"
@@ -82,9 +100,11 @@ openldap:
     enabled: false
   persistence:
     enabled: true
+    create: false            # do not auto-create
+    existingClaim: openldap-pvc
     accessMode: ReadWriteOnce
     size: ${OC_LDAP_SIZE:-10Mi}
-    storageClass: longhorn-nor1
+    storageClassName: ${OC_LDAP_STORAGE:-""}
   replication:
     enabled: false
   externalLDAP:
@@ -168,6 +188,7 @@ openldap:
 
 prometheus:
   enabled: ${OC_PROMETHEUS_ENABLED:-true}
+  enableTraefikProxyIntegration: true
   server:
     persistentVolume:
       enabled: true
@@ -188,13 +209,13 @@ ldapUserManager:
   env:
     SERVER_HOSTNAME: ${OC_LDAP_MNGT_HOST:-ldap.exemple.com}
     LDAP_BASE_DN: ${OC_LDAP_MNGT_DN:-dc=example,dc=com}
-    LDAP_REQUIRE_STARTTLS: ${OC_LDAP_MNGT_REQUIRE_TLS:-false} 
+    LDAP_REQUIRE_STARTTLS: "${OC_LDAP_MNGT_REQUIRE_TLS:-false}" 
     LDAP_ADMINS_GROUP: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin}
     LDAP_ADMIN_BIND_DN: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=example,dc=com}
     LDAP_ADMIN_BIND_PWD: ${OC_LDAP_MNGT_ADMIN_PWD:-admin}
-    LDAP_IGNORE_CERT_ERRORS: ${OC_LDAP_MNGT_IGNORE_CERTS_ERRORS:-true}
-    EMAIL_DOMAIN: ${OC_LDAP_MNGT_EMAIL_DOMAIN:- }
-    NO_HTTPS: ${OC_LDAP_MNGT_NO_HTTPS:-true} 
+    LDAP_IGNORE_CERT_ERRORS: "${OC_LDAP_MNGT_IGNORE_CERTS_ERRORS:-true}"
+    EMAIL_DOMAIN: ${OC_LDAP_MNGT_EMAIL_DOMAIN:-""}
+    NO_HTTPS: "${OC_LDAP_MNGT_NO_HTTPS:-true}"
     SERVER_PATH: "/users"
     ORGANISATION_NAME: ${OC_LDAP_ORGANISATION:-Opencloud}
     LDAP_USER_OU: ${OC_LDAP_USERS_OU:-users} 
@@ -239,7 +260,7 @@ hydra:
       #  consent: https://localhost-consent/consent/consent
       #  logout: https://localhost-logout/authentication/logout
         self:
-          issuer: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/"
+          issuer: "http://${RELEASE:-prod}-hydra-public.${RELEASE:-prod}:4444/"
 
 keto:
   enabled: ${OC_KETO_ENABLED:-true}
@@ -303,8 +324,9 @@ loki:
       enabled: false # Deactivate loki auto provisioning, rely on existing PVC
       accessMode: ReadWriteOnce
       size: ${OC_LOKI_SIZE:-1Gi}
-      storageClassName: longhorn-nor1
-      claimName: loki-pvc
+      storageClassName: ${OC_LOKI_STORAGE:-""}
+      create: false 
+      claimName: ${OC_LOKI_PVC:-loki-pvc} 
 
     extraVolumeMounts:
       - name: loki-storage
@@ -382,7 +404,7 @@ argo-workflows:
 ocAuth:
   enabled: ${OC_AUTH_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_AUTH_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-auth:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_AUTH_IMAGE:-oc-auth:0.0.1}"
   authType: hydra
   keto:
     adminRole: admin
@@ -410,7 +432,7 @@ ocAuth:
 ocFront:
   enabled: ${OC_FRONT_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_FRONT_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-front:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_FRONT_IMAGE:-oc-front:0.0.1}"
   resources:
     limits:
       cpu: ${OC_FRONT_LIMITS_CPU:-128m}
@@ -428,7 +450,7 @@ ocFront:
 ocWorkspace:
   enabled: ${OC_WORKSPACE_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_WORKSPACE_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-workspace:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_WORKSPACE_IMAGE:-oc-workspace:0.0.1}"
   resources:
     limits:
       cpu: ${OC_WORKSPACE_LIMITS_CPU:-128m}
@@ -447,7 +469,7 @@ ocWorkspace:
 ocShared:
   enabled: ${OC_SHARED_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_SHARED_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-shared:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_SHARED_IMAGE:-oc-shared:0.0.1}"
   resources:
     limits:
       cpu: ${OC_SHARED_LIMITS_CPU:-128m}
@@ -465,7 +487,7 @@ ocShared:
 ocWorkflow:
   enabled: ${OC_WORKFLOW_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_WORKFLOW_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-workflow:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_WORKFLOW_IMAGE:-oc-workflow:0.0.1}"
   resources:
     limits:
       cpu: ${OC_WORKFLOW_LIMITS_CPU:-128m}
@@ -483,7 +505,7 @@ ocWorkflow:
 ocCatalog:
   enabled: ${OC_CATALOG_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_CATALOG_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-catalog:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_CATALOG_IMAGE:-oc-catalog:0.0.1}"
   resources:
     limits:
       cpu: ${OC_CATALOG_LIMITS_CPU:-128m}
@@ -501,7 +523,7 @@ ocCatalog:
 ocPeer:
   enabled: ${OC_PEER_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_PEER_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-peer:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_PEER_IMAGE:-oc-peer:0.0.1}"
   resources:
     limits:
       cpu: ${OC_PEER_LIMITS_CPU:-128m}
@@ -519,7 +541,7 @@ ocPeer:
 ocDatacenter:
   enabled: ${OC_DATACENTER_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_DATACENTER_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-datacenter:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_DATACENTER_IMAGE:-oc-datacenter:0.0.1}"
   resources:
     limits:
       cpu: ${OC_DATACENTER_LIMITS_CPU:-128m}
@@ -537,7 +559,7 @@ ocDatacenter:
 ocSchedulerd:
   enabled: ${OC_SCHEDULERD_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_SCHEDULERD_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-schedulerd:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULERD_IMAGE:-oc-schedulerd:0.0.1}"
   resources:
     limits:
       cpu: ${OC_SCHEDULERD_LIMITS_CPU:-128m}
@@ -555,7 +577,7 @@ ocSchedulerd:
 ocScheduler:
   enabled: ${OC_SCHEDULER_ENABLED:-true}
   enableTraefikProxyIntegration: true
-  image: ${OC_SCHEDULER_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-scheduler:0.0.1}
+  image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULER_IMAGE:-oc-scheduler:0.0.1}"
   resources:
     limits:
       cpu: ${OC_SCHEDULER_LIMITS_CPU:-128m}
@@ -575,7 +597,7 @@ docker-registry-ui:
   ui:
     title: "opencloud docker registry"
     proxy: true
-    dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000"
+    dockerRegistryUrl: "http://${RELEASE:-prod}-docker-registry-ui-registry-server.${RELEASE:-prod}.svc.cluster.local:5000"
   registry:
     secretName: regcred
     enabled: true
@@ -583,6 +605,8 @@ docker-registry-ui:
       persistentVolumeClaim:
         claimName: docker-registry-pvc
     persistence:
+      create: false
+      existingClaim: docker-registry-pvc
       accessMode: ReadWriteOnce
-      storage: 5000Mi
-      storageClassName: longhorn-nor1
+      storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}
+      storageClassName: ${OC_DOCKER_REGISTRY_STORAGE:-""}