core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fully working oc-k8s

Browse Source
This commit is contained in:
mr
2026-02-05 08:43:21 +01:00
parent 5acf96919c
commit 7fb81e9829
16 changed files with 253 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
utils/assets/templates/oc-catalog/deployment.yaml
View File

@@ -15,11 +15,6 @@ spec:
labels:
app: oc-catalog
spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
{{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
imagePullSecrets:
- name: regcred
@@ -31,6 +26,9 @@ spec:
- configMapRef:
name: opencloud-config
ports:
- containerPort: 4002
name: libp2p
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
@@ -47,8 +45,4 @@ spec:
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
{{- end }}

3
utils/assets/templates/oc-catalog/service.yaml
View File

@@ -7,6 +7,9 @@ metadata:
app: oc-catalog-svc
spec:
ports:
- port: 4002
targetPort: 4002
name: libp2p
- name: http
port: 8080
protocol: TCP

12
utils/assets/templates/oc-peer/deployment.yaml
View File

@@ -19,21 +19,12 @@ spec:
imagePullSecrets:
- name: regcred
{{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers:
- image: "{{ .Values.ocPeer.image }}"
name: oc-peer
envFrom:
- configMapRef:
name: opencloud-config
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
livenessProbe:
httpGet:
path: /oc/version
@@ -41,6 +32,9 @@ spec:
initialDelaySeconds: 10
periodSeconds: 30
ports:
- containerPort: 4001
name: libp2p
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP

3
utils/assets/templates/oc-peer/service.yaml
View File

@@ -7,6 +7,9 @@ metadata:
app: oc-peer-svc
spec:
ports:
- port: 4001
targetPort: 4001
name: libp2p
- name: http
port: 8080
protocol: TCP

8
utils/assets/templates/openCloudConf.yaml
View File

@@ -3,10 +3,13 @@ kind: ConfigMap
metadata:
name: opencloud-config
data:
OC_NAME: "{{ .Values.host }}"
OC_HOSTNAME: "{{ .Values.scheme }}://{{ .Values.host }}:{{ .Values.hostPort }}"
OC_NAMESPACE: "{{ .Release.Namespace }}"
OC_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}"
OC_PUBLIC_KEY_PATH: "/keys/public/public.pem"
OC_PRIVATE_KEY_PATH: "/keys/private/private.pem"
OC_PSK_PATH: "/etc/psk/psk"
OC_PUBLIC_KEY_PATH: "/etc/keys/public.pem"
OC_PRIVATE_KEY_PATH: "/etc/keys/private.pem"
OC_OAUTH2_CLIENT_SECRET_NAME: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
OC_AUTH: "{{ .Values.ocAuth.authType }}"
OC_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}"
@@ -21,6 +24,7 @@ data:
OC_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}"
OC_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}"
OC_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}"
OC_LDAP_USER_BASEDN: "{{ index .Values.ocAuth.ldap.userBaseDn }}"
OC_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
OC_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.rootUser }}:{{ index .Values.mongodb.auth.rootPassword }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}"
OC_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}"

54
utils/assets/values.yaml.template
View File

@@ -74,7 +74,7 @@ nats:
# if you already created the claim, set existingClaim:
existingClaim: nats-pvc
# storageClassName: local-path or standard (use the SC in your cluster)
storageClassName: ${OC_NATS_STORAGE:-""}
storageClassName: ${OC_NATS_STORAGE:-standard}
size: ${OC_NATS_SIZE:-50Gi}
# name is the volume name used in volumeMounts; keep it simple
name: nats-jetstream
@@ -96,9 +96,9 @@ openldap:
LDAP_BACKEND: "mdb"
LDAP_TLS: "${OC_LDAP_TLS:-false}"
LDAP_TLS_ENFORCE: "${OC_LDAP_TLS:-false}"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
adminPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
configPassword: "{SSHA}${OC_LDAP_CONFIG_PWD:-gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI}"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: ${OC_LDAP_ADMIN_PWD:-admin}
configPassword: ${OC_LDAP_CONFIG_PWD:-configadmin}
phpldapadmin:
enabled: false
persistence:
@@ -112,9 +112,9 @@ openldap:
enabled: false
externalLDAP:
enabled: ${OC_LDAP_EXTERNAL:-false}
url: ${OC_LDAP_EXTERNAL_ENDPOINT}
bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=opencloud,dc=com}
bindPassword: "{SSHA}${OC_LDAP_EXTERNAL_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
url: ${OC_LDAP_EXTERNAL_ENDPOINT:-389}
bindDN: ${OC_LDAP_EXTERNAL_DN:-uid=admin,dc=opencloud,dc=com}
bindPassword: ${OC_LDAP_EXTERNAL_PWD:-admin}
customLdifFiles:
01-schema.ldif: |-
dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
@@ -175,8 +175,8 @@ openldap:
cn: Admin
sn: Istrator
uid: ${OC_LDAP_ADMIN_USER:-admin}
userPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
mail: admin@example.com
userPassword: {SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}
mail: ${OC_LDAP_ADMIN_MAIL:-morgane.roques@irt-saintexupery.com}
ou: ${OC_LDAP_USERS_OU:-users}
dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
@@ -184,10 +184,10 @@ openldap:
ou: AppRoles
description: AppRoles
dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
dn: ou=${OC_LDAP_ORGANISATION:-Opencloud},ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: organizationalunit
ou: App1
description: App1
ou: ${OC_LDAP_ORGANISATION:-Opencloud}
description: ${OC_LDAP_ORGANISATION:-Opencloud}
prometheus:
enabled: ${OC_PROMETHEUS_ENABLED:-true}
@@ -300,7 +300,7 @@ loki:
commonConfig:
replication_factor: 1
storage:
storageClassName: standard
storageClassName: ${OC_LOKI_STORAGE:-standard}
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
@@ -339,7 +339,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: ${OC_LOKI_SIZE:-1Gi}
storageClassName: ${OC_LOKI_STORAGE:-"standard"}
storageClassName: ${OC_LOKI_STORAGE:-standard}
create: false
claimName: ${OC_LOKI_PVC:-loki-pvc}
@@ -419,16 +419,17 @@ argo-workflows:
ocAuth:
enabled: ${OC_AUTH_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_AUTH_IMAGE:-oc-auth:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-auth:${OC_AUTH_IMAGE_VERSION:-0.0.1}
authType: hydra
keto:
adminRole: admin
hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret
openCloudOauth2ClientSecretName: opencloud-oauth2-client-secret
ldap:
bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,ou=users,dc=opencloud,dc=com}
bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=opencloud,dc=com}
binPwd: ${OC_LDAP_ADMIN_PWD:-admin}
baseDn: ${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
userBaseDn: ${OC_LDAP_USER_DN:-ou=users,dc=opencloud,dc=com}
roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=opencloud,dc=com}
resources:
limits:
@@ -447,7 +448,7 @@ ocAuth:
ocFront:
enabled: ${OC_FRONT_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_FRONT_IMAGE:-oc-front:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-front:${OC_FRONT_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_FRONT_LIMITS_CPU:-128m}
@@ -465,7 +466,7 @@ ocFront:
ocWorkspace:
enabled: ${OC_WORKSPACE_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_WORKSPACE_IMAGE:-oc-workspace:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-workspace:${OC_WORKSPACE_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_WORKSPACE_LIMITS_CPU:-128m}
@@ -484,7 +485,7 @@ ocWorkspace:
ocShared:
enabled: ${OC_SHARED_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_SHARED_IMAGE:-oc-shared:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-shared:${OC_SHARED_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_SHARED_LIMITS_CPU:-128m}
@@ -502,7 +503,7 @@ ocShared:
ocWorkflow:
enabled: ${OC_WORKFLOW_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_WORKFLOW_IMAGE:-oc-workflow:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-workflow:${OC_WORKFLOW_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_WORKFLOW_LIMITS_CPU:-128m}
@@ -520,7 +521,7 @@ ocWorkflow:
ocCatalog:
enabled: ${OC_CATALOG_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_CATALOG_IMAGE:-oc-catalog:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-catalog:${OC_CATALOG_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_CATALOG_LIMITS_CPU:-128m}
@@ -538,7 +539,7 @@ ocCatalog:
ocPeer:
enabled: ${OC_PEER_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_PEER_IMAGE:-oc-peer:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-peer:${OC_PEER_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_PEER_LIMITS_CPU:-128m}
@@ -556,7 +557,7 @@ ocPeer:
ocDatacenter:
enabled: ${OC_DATACENTER_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_DATACENTER_IMAGE:-oc-datacenter:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-datacenter:${OC_DATACENTER_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_DATACENTER_LIMITS_CPU:-128m}
@@ -574,7 +575,7 @@ ocDatacenter:
ocSchedulerd:
enabled: ${OC_SCHEDULERD_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULERD_IMAGE:-oc-schedulerd:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-schedulerd:${OC_SCHEDULERD_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_SCHEDULERD_LIMITS_CPU:-128m}
@@ -592,7 +593,7 @@ ocSchedulerd:
ocScheduler:
enabled: ${OC_SCHEDULER_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULER_IMAGE:-oc-scheduler:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-scheduler:${OC_SCHEDULER_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_SCHEDULER_LIMITS_CPU:-128m}
@@ -621,7 +622,6 @@ docker-registry-ui:
claimName: docker-registry-pvc
persistence:
create: false
storageClassName: standard
existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce
storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}