core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

values

Browse Source
This commit is contained in:
mr
2026-01-21 14:36:51 +01:00
parent 7a8a4f678a
commit 5acf96919c
4 changed files with 51 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
cmd/oc-k8s
View File

Binary file not shown.

52
cmd/test-values.yaml
View File

@@ -1,9 +1,9 @@
env: test # For storage class provisioning env: test # For storage class provisioning
clusterName: opencloud2 clusterName: opencloud
hostNetwork: true hostNetwork: true
host: beta.opencloud.com host: beta.opencloud.com
hostPort: 80
registryHost: oc registryHost: oc
hostPort: 9000
scheme: http scheme: http
mongo-express: mongo-express:
@@ -42,7 +42,7 @@ mongodb:
storageClassName: "standard" storageClassName: "standard"
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
size: 5000Mi size: 5Gi
persistentVolumeClaimRetentionPolicy: persistentVolumeClaimRetentionPolicy:
enabled: true enabled: true
whenDeleted: Retain whenDeleted: Retain
@@ -96,9 +96,9 @@ openldap:
LDAP_BACKEND: "mdb" LDAP_BACKEND: "mdb"
LDAP_TLS: "false" LDAP_TLS: "false"
LDAP_TLS_ENFORCE: "false" LDAP_TLS_ENFORCE: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
adminPassword: admin adminPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE"
configPassword: "config" configPassword: "{SSHA}gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI"
phpldapadmin: phpldapadmin:
enabled: false enabled: false
persistence: persistence:
@@ -113,33 +113,33 @@ openldap:
externalLDAP: externalLDAP:
enabled: false enabled: false
url: ${OC_LDAP_EXTERNAL_ENDPOINT} url: ${OC_LDAP_EXTERNAL_ENDPOINT}
bindDN: cn=admin,dc=example,dc=com bindDN: cn=admin,dc=opencloud,dc=com
bindPassword: admin bindPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE"
customLdifFiles: customLdifFiles:
01-schema.ldif: |- 01-schema.ldif: |-
dn: ou=groups,dc=example,dc=com dn: ou=groups,dc=opencloud,dc=com
objectClass: organizationalUnit objectClass: organizationalUnit
ou: groups ou: groups
dn: ou=users,dc=example,dc=com dn: ou=users,dc=opencloud,dc=com
objectClass: organizationalUnit objectClass: organizationalUnit
ou: users ou: users
dn: cn=lastGID,dc=example,dc=com dn: cn=lastGID,dc=opencloud,dc=com
objectClass: device objectClass: device
objectClass: top objectClass: top
description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group. description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
cn: lastGID cn: lastGID
serialNumber: 2001 serialNumber: 2001
dn: cn=lastUID,dc=example,dc=com dn: cn=lastUID,dc=opencloud,dc=com
objectClass: device objectClass: device
objectClass: top objectClass: top
serialNumber: 2001 serialNumber: 2001
description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account. description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
cn: lastUID cn: lastUID
dn: cn=everybody,ou=groups,dc=example,dc=com dn: cn=everybody,ou=groups,dc=opencloud,dc=com
objectClass: top objectClass: top
objectClass: posixGroup objectClass: posixGroup
cn: everybody cn: everybody
@@ -147,14 +147,14 @@ openldap:
gidNumber: 2003 gidNumber: 2003
02-ldapadmin.ldif : |- 02-ldapadmin.ldif : |-
dn: cn=ldapadmin,ou=groups,dc=example,dc=com dn: cn=ldapadmin,ou=groups,dc=opencloud,dc=com
objectClass: top objectClass: top
objectClass: posixGroup objectClass: posixGroup
cn: ldapadmin cn: ldapadmin
memberUid: ldapadmin memberUid: ldapadmin
gidNumber: 2001 gidNumber: 2001
dn: uid=ldapadmin,ou=users,dc=example,dc=com dn: uid=ldapadmin,ou=users,dc=opencloud,dc=com
givenName: ldap givenName: ldap
sn: admin sn: admin
uid: ldapadmin uid: ldapadmin
@@ -170,21 +170,21 @@ openldap:
homeDirectory: /home/ldapadmin homeDirectory: /home/ldapadmin
03-opencloudadmin.ldif : |- 03-opencloudadmin.ldif : |-
dn: uid=admin,ou=users,dc=example,dc=com dn: uid=admin,ou=users,dc=opencloud,dc=com
objectClass: inetOrgPerson objectClass: inetOrgPerson
cn: Admin cn: Admin
sn: Istrator sn: Istrator
uid: admin uid: admin
userPassword: admin userPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE"
mail: admin@example.com mail: admin@example.com
ou: users ou: users
dn: ou=AppRoles,dc=example,dc=com dn: ou=AppRoles,dc=opencloud,dc=com
objectClass: organizationalunit objectClass: organizationalunit
ou: AppRoles ou: AppRoles
description: AppRoles description: AppRoles
dn: ou=App1,ou=AppRoles,dc=example,dc=com dn: ou=App1,ou=AppRoles,dc=opencloud,dc=com
objectClass: organizationalunit objectClass: organizationalunit
ou: App1 ou: App1
description: App1 description: App1
@@ -210,12 +210,12 @@ prometheus:
ldapUserManager: ldapUserManager:
enabled: true enabled: true
env: env:
SERVER_HOSTNAME: ldap.exemple.com SERVER_HOSTNAME: ldap.opencloud.com
LDAP_BASE_DN: dc=example,dc=com LDAP_BASE_DN: dc=opencloud,dc=com
LDAP_REQUIRE_STARTTLS: "false" LDAP_REQUIRE_STARTTLS: "false"
LDAP_ADMINS_GROUP: ldapadmin LDAP_ADMINS_GROUP: ldapadmin
LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com LDAP_ADMIN_BIND_DN: cn=admin,dc=opencloud,dc=com
LDAP_ADMIN_BIND_PWD: admin LDAP_ADMIN_BIND_PWD: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE"
LDAP_IGNORE_CERT_ERRORS: "true" LDAP_IGNORE_CERT_ERRORS: "true"
EMAIL_DOMAIN: "" EMAIL_DOMAIN: ""
NO_HTTPS: "true" NO_HTTPS: "true"
@@ -426,10 +426,10 @@ ocAuth:
hydra: hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret openCloudOauth2ClientSecretName: oc-oauth2-client-secret
ldap: ldap:
bindDn: cn=admin,dc=example,dc=com bindDn: cn=admin,ou=users,dc=opencloud,dc=com
binPwd: admin binPwd: admin
baseDn: dc=example,dc=com baseDn: dc=opencloud,dc=com
roleBaseDn: ou=AppRoles,dc=example,dc=com roleBaseDn: ou=AppRoles,dc=opencloud,dc=com
resources: resources:
limits: limits:
cpu: 128m cpu: 128m

3
internal/values.go
View File

@@ -90,7 +90,7 @@ func loadEnvFile(path string) (map[string]string, error) {
} }
func renderTemplate(input string, envs map[string]string) string { func renderTemplate(input string, envs map[string]string) string {
return varPattern.ReplaceAllStringFunc(input, func(match string) string { s := varPattern.ReplaceAllStringFunc(input, func(match string) string {
sub := varPattern.FindStringSubmatch(match) sub := varPattern.FindStringSubmatch(match)
varName := sub[1] varName := sub[1]
defaultVal := sub[2][1:] defaultVal := sub[2][1:]
@@ -100,4 +100,5 @@ func renderTemplate(input string, envs map[string]string) string {
} }
return defaultVal return defaultVal
}) })
return s
} }

46
utils/assets/values.yaml.template
View File

@@ -96,9 +96,9 @@ openldap:
LDAP_BACKEND: "mdb" LDAP_BACKEND: "mdb"
LDAP_TLS: "${OC_LDAP_TLS:-false}" LDAP_TLS: "${OC_LDAP_TLS:-false}"
LDAP_TLS_ENFORCE: "${OC_LDAP_TLS:-false}" LDAP_TLS_ENFORCE: "${OC_LDAP_TLS:-false}"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
adminPassword: ${OC_LDAP_ADMIN_PWD:-admin} adminPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
configPassword: "${OC_LDAP_CONFIG_PWD:-config}" configPassword: "{SSHA}${OC_LDAP_CONFIG_PWD:-gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI}"
phpldapadmin: phpldapadmin:
enabled: false enabled: false
persistence: persistence:
@@ -113,33 +113,33 @@ openldap:
externalLDAP: externalLDAP:
enabled: ${OC_LDAP_EXTERNAL:-false} enabled: ${OC_LDAP_EXTERNAL:-false}
url: ${OC_LDAP_EXTERNAL_ENDPOINT} url: ${OC_LDAP_EXTERNAL_ENDPOINT}
bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=example,dc=com} bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=opencloud,dc=com}
bindPassword: ${OC_LDAP_EXTERNAL_PWD:-admin} bindPassword: "{SSHA}${OC_LDAP_EXTERNAL_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
customLdifFiles: customLdifFiles:
01-schema.ldif: |- 01-schema.ldif: |-
dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: organizationalUnit objectClass: organizationalUnit
ou: ${OC_LDAP_GROUPS_OU:-groups} ou: ${OC_LDAP_GROUPS_OU:-groups}
dn: ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: organizationalUnit objectClass: organizationalUnit
ou: ${OC_LDAP_USERS_OU:-users} ou: ${OC_LDAP_USERS_OU:-users}
dn: cn=lastGID,${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: cn=lastGID,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: device objectClass: device
objectClass: top objectClass: top
description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group. description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
cn: lastGID cn: lastGID
serialNumber: 2001 serialNumber: 2001
dn: cn=lastUID,${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: cn=lastUID,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: device objectClass: device
objectClass: top objectClass: top
serialNumber: 2001 serialNumber: 2001
description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account. description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
cn: lastUID cn: lastUID
dn: cn=everybody,ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: cn=everybody,ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: top objectClass: top
objectClass: posixGroup objectClass: posixGroup
cn: everybody cn: everybody
@@ -147,14 +147,14 @@ openldap:
gidNumber: 2003 gidNumber: 2003
02-ldapadmin.ldif : |- 02-ldapadmin.ldif : |-
dn: cn=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: cn=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: top objectClass: top
objectClass: posixGroup objectClass: posixGroup
cn: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} cn: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin}
memberUid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} memberUid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin}
gidNumber: 2001 gidNumber: 2001
dn: uid=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: uid=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
givenName: ldap givenName: ldap
sn: admin sn: admin
uid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} uid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin}
@@ -170,21 +170,21 @@ openldap:
homeDirectory: /home/ldapadmin homeDirectory: /home/ldapadmin
03-opencloudadmin.ldif : |- 03-opencloudadmin.ldif : |-
dn: uid=admin,ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: uid=admin,ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: inetOrgPerson objectClass: inetOrgPerson
cn: Admin cn: Admin
sn: Istrator sn: Istrator
uid: ${OC_LDAP_ADMIN_USER:-admin} uid: ${OC_LDAP_ADMIN_USER:-admin}
userPassword: ${OC_LDAP_ADMIN_PWD:-admin} userPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
mail: admin@example.com mail: admin@example.com
ou: ${OC_LDAP_USERS_OU:-users} ou: ${OC_LDAP_USERS_OU:-users}
dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: organizationalunit objectClass: organizationalunit
ou: AppRoles ou: AppRoles
description: AppRoles description: AppRoles
dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=example,dc=com} dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: organizationalunit objectClass: organizationalunit
ou: App1 ou: App1
description: App1 description: App1
@@ -210,12 +210,12 @@ prometheus:
ldapUserManager: ldapUserManager:
enabled: true enabled: true
env: env:
SERVER_HOSTNAME: ${OC_LDAP_MNGT_HOST:-ldap.exemple.com} SERVER_HOSTNAME: ${OC_LDAP_MNGT_HOST:-ldap.opencloud.com}
LDAP_BASE_DN: ${OC_LDAP_MNGT_DN:-dc=example,dc=com} LDAP_BASE_DN: ${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
LDAP_REQUIRE_STARTTLS: "${OC_LDAP_MNGT_REQUIRE_TLS:-false}" LDAP_REQUIRE_STARTTLS: "${OC_LDAP_MNGT_REQUIRE_TLS:-false}"
LDAP_ADMINS_GROUP: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} LDAP_ADMINS_GROUP: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin}
LDAP_ADMIN_BIND_DN: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=example,dc=com} LDAP_ADMIN_BIND_DN: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=opencloud,dc=com}
LDAP_ADMIN_BIND_PWD: ${OC_LDAP_MNGT_ADMIN_PWD:-admin} LDAP_ADMIN_BIND_PWD: "{SSHA}${OC_LDAP_MNGT_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
LDAP_IGNORE_CERT_ERRORS: "${OC_LDAP_MNGT_IGNORE_CERTS_ERRORS:-true}" LDAP_IGNORE_CERT_ERRORS: "${OC_LDAP_MNGT_IGNORE_CERTS_ERRORS:-true}"
EMAIL_DOMAIN: ${OC_LDAP_MNGT_EMAIL_DOMAIN:-""} EMAIL_DOMAIN: ${OC_LDAP_MNGT_EMAIL_DOMAIN:-""}
NO_HTTPS: "${OC_LDAP_MNGT_NO_HTTPS:-true}" NO_HTTPS: "${OC_LDAP_MNGT_NO_HTTPS:-true}"
@@ -426,10 +426,10 @@ ocAuth:
hydra: hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret openCloudOauth2ClientSecretName: oc-oauth2-client-secret
ldap: ldap:
bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=example,dc=com} bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,ou=users,dc=opencloud,dc=com}
binPwd: ${OC_LDAP_ADMIN_PWD:-admin} binPwd: ${OC_LDAP_ADMIN_PWD:-admin}
baseDn: ${OC_LDAP_MNGT_DN:-dc=example,dc=com} baseDn: ${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=example,dc=com} roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=opencloud,dc=com}
resources: resources:
limits: limits:
cpu: ${OC_AUTH_LIMITS_CPU:-128m} cpu: ${OC_AUTH_LIMITS_CPU:-128m}