One file to rule them all

utils/assets/charts/mongodb/templates/mongo_seed_data.yml

@@ -3,7 +3,7 @@ kind: ConfigMap
 metadata:
   name: mongo-seed-data
 data:
-{{- range $path, $_ := .Files.Glob (printf "start_files/%s/*.json" .Values.clusterName) }}
+{{- range $path, $_ := .Files.Glob (printf "start_files/%s/*.json" .Values.name) }}
   {{ base $path }}: |
 {{ $.Files.Get $path | indent 4 }}
 {{- end }}

utils/assets/values.yaml.template

@@ -1,5 +1,5 @@
 env: ${RELEASE:-prod} # For storage class provisioning
-clusterName: ${CLUSTER_NAME:-opencloud}
+name: ${CLUSTER_NAME:-opencloud}
 host: ${HOST:-beta.opencloud.com}
 registryHost: ${REGISTRY_HOST:-oc} # For reverse proxy rule
 scheme: https # For reverse proxy rule

utils/assets/values/dev-values.yaml

@@ -0,0 +1,513 @@
+env: dev # For storage class provisioning
+host: beta.opencloud.com # For reverse proxy rule
+scheme: http # For reverse proxy rule
+
+mongo-express:
+  enabled: true
+  mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}"
+  mongodbPort: 27017
+  mongodbEnableAdmin: true
+  mongodbAdminUsername: root
+  mongodbAdminPassword: rootpwd
+  siteBaseUrl: /mongoexpress
+  basicAuthUsername: test
+  basicAuthPassword: testme
+  mongodb:
+    enabled: false
+
+mongodb:
+  enabled: true
+  global:
+    defaultStorageClass: kind-sc
+    storageClass: kind-sc
+  architecture: standalone
+  useStatefulSet: false
+  auth:
+    enabled: true
+    rootUser: root
+    rootPassword: rootpwd
+    databases: ["DC_myDC"]
+    usernames: ["opencloud"]
+    passwords: ["opencloud"]
+  resourcesPreset: "small"
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: kind-sc
+    existingClaim: mongo-pvc
+    accessModes: 
+    - ReadWriteOnce
+    size: 100Mi
+  persistentVolumeClaimRetentionPolicy:
+    enabled: true
+    whenDeleted: Retain
+    whenScaled: Retain
+  arbiter:
+    enabled: false
+  livenessProbe:
+    enabled: true
+  readinessProbe:
+    enabled: true
+
+nats:
+  enabled: true
+  jetstream:
+    enabled: true
+    fileStore:
+      size: 20Mi
+      storageClassName: kind-sc
+
+
+prometheus:
+  replicaCount: 1
+
+  image:
+    repository: prom/prometheus
+    tag: v2.52.0
+    pullPolicy: IfNotPresent
+
+  service:
+    type: ClusterIP
+    port: 9090
+
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 200m
+      memory: 256Mi
+
+openldap:
+  enabled: true
+  test:
+    enabled: false
+  ltb-passwd:
+    enabled: false
+  replicaCount: 1
+  image:
+    repository: osixia/openldap
+    tag: 1.5.0
+  tls:
+    enabled: false
+  env:
+    LDAP_ORGANISATION: "Example opencloud"
+    LDAP_DOMAIN: "example.com"
+    LDAP_BACKEND: "mdb"
+    LDAP_TLS: "false"
+    LDAP_TLS_ENFORCE: "false"
+    LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+  adminPassword: "admin@password"
+  configPassword: "config@password"
+  phpldapadmin:
+    enabled: false
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 10Mi
+    storageClass: kind-sc
+  replication:
+    enabled: false
+  customLdifFiles:
+
+    01-schema.ldif: |-
+      dn: ou=groups,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: groups
+
+      dn: ou=users,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: users
+
+      dn: cn=lastGID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
+      cn: lastGID
+      serialNumber: 2001
+
+      dn: cn=lastUID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      serialNumber: 2001
+      description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
+      cn: lastUID
+
+      dn: cn=everybody,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: everybody
+      memberUid: admin
+      gidNumber: 2002
+
+    02-ldapadmin.ldif : |-
+      dn: cn=ldapadmin,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: ldapadmin
+      memberUid: ldapadmin
+      gidNumber: 2001
+
+      dn: uid=ldapadmin,ou=users,dc=example,dc=com
+      givenName: ldap
+      sn: admin
+      uid: ldapadmin
+      cn: ldapadmin
+      mail: ldapadmin@example.com
+      objectClass: person
+      objectClass: inetOrgPerson
+      objectClass: posixAccount
+      userPassword: ldapadmin
+      uidNumber: 2001
+      gidNumber: 2001
+      loginShell: /bin/bash
+      homeDirectory: /home/ldapadmin
+
+    03-opencloudadmin.ldif : |-
+      dn: uid=admin,ou=Users,dc=example,dc=com
+      objectClass: inetOrgPerson
+      cn: Admin
+      sn: Istrator
+      uid: admin
+      userPassword: admin
+      mail: admin@example.com
+      ou: Users
+
+      dn: ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: AppRoles
+      description: AppRoles
+
+      dn: ou=App1,ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: App1
+      description: App1
+
+# ldap user manager configuration
+ldapUserManager:
+  enabled: true
+  env:
+    SERVER_HOSTNAME: "users.example.com"
+    LDAP_BASE_DN: "dc=example,dc=com"
+    LDAP_REQUIRE_STARTTLS: "false"
+    LDAP_ADMINS_GROUP: "ldapadmin"
+    LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com"
+    LDAP_ADMIN_BIND_PWD: "admin@password"
+    LDAP_IGNORE_CERT_ERRORS: "true"
+    EMAIL_DOMAIN: ""
+    NO_HTTPS: "true"
+    SERVER_PATH: "/users"
+    ORGANISATION_NAME: "Example"
+    LDAP_USER_OU: "users"
+    LDAP_GROUP_OU: "groups"
+    ACCEPT_WEAK_PASSWORDS: "true"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+traefik:
+  enabled: true
+  service:
+    type: NodePort
+  ingressRoute:
+    dashboard:
+      enabled: true
+      matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
+      entryPoints: [web]
+  ports:
+    web:
+      nodePort: 30950
+
+hydra:
+  enabled: true
+  maester:
+    enabled: true
+  secret:
+    enabled: false
+    nameOverride: hydra-secret
+    hashSumEnabled: false
+  hydra:
+    dev: true
+    existingSecret: hydra-secret
+    config:
+      dsn: memory
+      urls:
+        #login: https://localhost-login/authentication/login
+        #consent: https://localhost-consent/consent/consent
+        #logout: https://localhost-logout/authentication/logout
+        self:
+          issuer: "http://{{ .Release.Name }}-hydra-public:4444/"
+
+keto:
+  enabled: true
+  keto:
+    config:
+      serve:
+        read:
+          port: 4466
+        write:
+          port: 4467
+        metrics:
+          port: 4468
+      namespaces:
+        - id: 0
+          name: open-cloud
+      dsn: memory
+
+loki:
+  enabled: true
+  loki:
+    auth_enabled: false
+    commonConfig:
+      replication_factor: 1
+    storage:
+      type: filesystem
+      filesystem:
+        chunks_directory: /var/loki/chunks
+        rules_directory: /var/loki/rules
+        admin_api_directory: /var/loki/admin
+    storage_config:
+      boltdb_shipper:
+        active_index_directory: /var/loki/index
+      filesystem:
+        directory: /var/loki/chunks
+    limits_config:
+      allow_structured_metadata: false
+    schemaConfig:
+      configs:
+        - from: "2020-01-01"
+          store: boltdb-shipper
+          object_store: filesystem
+          schema: v11
+          index:
+            prefix: index_
+            period: 24h
+    ingester:
+      chunk_encoding: snappy
+    tracing:
+      enabled: true
+    querier:
+      max_concurrent: 2
+
+  deploymentMode: SingleBinary
+  singleBinary:
+    extraVolumes:
+      - name: loki-storage
+        persistentVolumeClaim:
+          claimName: loki-pvc
+    persistence:
+      enabled: false # Deactivate loki auto provisioning, rely on existing PVC
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      storageClassName: kind-sc
+      claimName: loki-pvc
+
+
+    extraVolumeMounts:
+      - name: loki-storage
+        mountPath: /var/loki 
+    replicas: 1
+    resources:
+      limits:
+        cpu: 3
+        memory: 4Gi
+      requests:
+        cpu: 1
+        memory: 0.5Gi
+    extraEnv:
+      - name: GOMEMLIMIT
+        value: 3750MiB
+
+  chunksCache:
+    # default is 500MB, with limited memory keep this smaller
+    writebackSizeLimit: 10MB
+
+  # Enable minio for storage
+  minio:
+    enabled: false
+
+  # Zero out replica counts of other deployment modes
+  backend:
+    replicas: 0
+  read:
+    replicas: 0
+  write:
+    replicas: 0
+  ingester:
+    replicas: 0
+  querier:
+    replicas: 0
+  queryFrontend:
+    replicas: 0
+  queryScheduler:
+    replicas: 0
+  distributor:
+    replicas: 0
+  compactor:
+    replicas: 0
+  indexGateway:
+    replicas: 0
+  bloomCompactor:
+    replicas: 0
+  bloomGateway:
+    replicas: 0
+
+grafana:
+  enabled: false
+
+argo-workflows:
+  enabled: true
+  workflow:
+    serviceAccount:
+      create: false
+      name: argo-workflow
+    rbac:
+      create: false # Manual provisioning
+  controller:
+    workflowNamespaces: [] #All of them
+    controller:
+    workflowDefaults:
+      spec:
+        serviceAccountName: argo-workflow
+
+ocAuth:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: oc/oc-auth:0.0.1
+  authType: hydra
+  keto:
+    adminRole: admin
+  hydra:
+    openCloudOauth2ClientSecretName: oc-oauth2-client-secret
+  ldap:
+    bindDn: "cn=admin,dc=example,dc=com"
+    binPwd: "admin@password"
+    baseDn: "dc=example,dc=com"
+    roleBaseDn: "ou=AppRoles,dc=example,dc=com"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocFront:
+  enabled: true
+  image: oc/oc-front:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocWorkspace:
+  enabled: true
+  image: oc/oc-workspace:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocShared:
+  enabled: true
+  image: oc/oc-shared:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocWorkflow:
+  enabled: true
+  image: oc/oc-workflow:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocCatalog:
+  enabled: true
+  image: oc/oc-catalog:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocPeer:
+  enabled: true
+  image: oc/oc-peer:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocDatacenter:
+  enabled: true
+  image: oc/oc-datacenter:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocSchedulerd:
+  enabled: true
+  image: oc/oc-schedulerd:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocScheduler:
+  enabled: true
+  image: oc/oc-scheduler:0.0.1
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+docker-registry-ui:
+  enabled: true
+  ui:
+    title: "opencloud docker registry"
+    proxy: true
+    dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000"
+  registry:
+    secretName: regcred
+    enabled: true
+    dataVolume:
+      persistentVolumeClaim:
+        claimName: docker-registry-pvc
+    persistence:
+      accessMode: ReadWriteOnce
+      storage: 200Mi
+      storageClassName: kind-sc

utils/assets/values/exemple-values.yaml

@@ -0,0 +1,589 @@
+env: exemple # For storage class provisioning
+host: truc  # For reverse proxy rule
+registryHost: oc # For reverse proxy rule
+scheme: https # For reverse proxy rule
+
+mongo-express:
+  enabled: true
+  mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}" # TO LOOK AFTER
+  mongodbPort: 27017
+  mongodbEnableAdmin: true
+  mongodbAdminUsername: admin
+  mongodbAdminPassword: admin
+  siteBaseUrl: /mongoexpress
+  basicAuthUsername: admin
+  basicAuthPassword: admin
+  mongodb:
+    enabled: false
+
+mongodb:
+  enabled: true
+  global:
+    defaultStorageClass: longhorn-nor1
+    storageClass: longhorn-nor1
+  architecture: standalone
+  useStatefulSet: false
+  auth:
+    enabled: true
+    rootUser: admin
+    rootPassword: admin
+    databases: [ opencloud ]
+    usernames: [ admin ]
+    passwords: [ admin ]
+  resourcesPreset: "small"
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: longhorn-nor1
+    existingClaim: mongo-pvc
+    accessModes: 
+    - ReadWriteOnce
+    size: 5000Mi 
+  persistentVolumeClaimRetentionPolicy:
+    enabled: true
+    whenDeleted: Retain
+    whenScaled: Retain
+  arbiter:
+    enabled: false
+  livenessProbe:
+    enabled: true
+  readinessProbe:
+    enabled: true
+
+nats:
+  enabled: true
+  jetstream:
+    enabled: true
+    fileStore:
+      size: 20Mi 
+      storageClassName: longhorn-nor1
+
+openldap:
+  enabled: true
+  test:
+    enabled: false
+  ltb-passwd:
+    enabled: false
+  replicaCount: 1
+  image:
+    repository: osixia/openldap
+  tls:
+    enabled: false
+  env:
+    LDAP_ORGANISATION: Opencloud
+    LDAP_DOMAIN: opencloud.com
+    LDAP_BACKEND: "mdb"
+    LDAP_TLS: "false"
+    LDAP_TLS_ENFORCE: "false"
+    LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+  adminPassword: admin
+  configPassword: "config"
+  phpldapadmin:
+    enabled: false
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 10Mi
+    storageClass: longhorn-nor1
+  replication:
+    enabled: false
+  externalLDAP:
+    enabled: false
+    url: ${OC_LDAP_EXTERNAL_ENDPOINT}
+    bindDN: cn=admin,dc=example,dc=com
+    bindPassword: admin
+  customLdifFiles:
+    01-schema.ldif: |-
+      dn: ou=groups,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: groups
+
+      dn: ou=users,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: users
+
+      dn: cn=lastGID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
+      cn: lastGID
+      serialNumber: 2001
+
+      dn: cn=lastUID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      serialNumber: 2001
+      description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
+      cn: lastUID
+
+      dn: cn=everybody,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: everybody
+      memberUid: admin
+      gidNumber: 2003
+
+    02-ldapadmin.ldif : |-
+      dn: cn=ldapadmin,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: ldapadmin
+      memberUid: ldapadmin
+      gidNumber: 2001
+
+      dn: uid=ldapadmin,ou=users,dc=example,dc=com
+      givenName: ldap
+      sn: admin
+      uid: ldapadmin
+      cn: ldapadmin
+      mail: ldapadmin@example.com
+      objectClass: person
+      objectClass: inetOrgPerson
+      objectClass: posixAccount
+      userPassword: sai1yeiT
+      uidNumber: 2001
+      gidNumber: 2001
+      loginShell: /bin/bash
+      homeDirectory: /home/ldapadmin
+
+    03-opencloudadmin.ldif : |-
+      dn: uid=admin,ou=users,dc=example,dc=com
+      objectClass: inetOrgPerson
+      cn: Admin
+      sn: Istrator
+      uid: admin
+      userPassword: admin
+      mail: admin@example.com
+      ou: users
+
+      dn: ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: AppRoles
+      description: AppRoles
+
+      dn: ou=App1,ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: App1
+      description: App1
+
+prometheus:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  server:
+    persistentVolume:
+      enabled: true
+      size: 5Gi
+    service:
+        type: ClusterIP
+    resources:
+      limits:
+        cpu: 500m
+        memory: 512Mi
+      requests:
+        cpu: 128m
+        memory: 256Mi
+
+# ldap user manager configuration
+ldapUserManager:
+  enabled: true
+  env:
+    SERVER_HOSTNAME: ldap.exemple.com
+    LDAP_BASE_DN: dc=example,dc=com
+    LDAP_REQUIRE_STARTTLS: "false" 
+    LDAP_ADMINS_GROUP: ldapadmin
+    LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com
+    LDAP_ADMIN_BIND_PWD: admin
+    LDAP_IGNORE_CERT_ERRORS: "true"
+    EMAIL_DOMAIN: 
+    NO_HTTPS: "true"
+    SERVER_PATH: "/users"
+    ORGANISATION_NAME: Opencloud
+    LDAP_USER_OU: users 
+    LDAP_GROUP_OU: groups
+    ACCEPT_WEAK_PASSWORDS: "true"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+
+traefik:
+  enabled: true
+  service:
+    type: NodePort
+  ingressRoute:
+    dashboard:
+      enabled: true
+      matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
+      entryPoints: [web]
+  ports:
+    web:
+      nodePort: 30950
+
+hydra:
+  enabled: true
+  maester:
+    enabled: true
+  secret:
+    enabled: false
+    nameOverride: hydra-secret
+    hashSumEnabled: false
+  hydra:
+    dev: true
+    existingSecret: hydra-secret
+    config:
+      dsn: memory
+      urls:
+      #  login: https://localhost-login/authentication/login
+      #  consent: https://localhost-consent/consent/consent
+      #  logout: https://localhost-logout/authentication/logout
+        self:
+          issuer: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/"
+
+keto:
+  enabled: true
+  keto:
+    config:
+      serve:
+        read:
+          port: 4466
+        write:
+          port: 4467
+        metrics:
+          port: 4468
+      namespaces:
+        - id: 0
+          name: open-cloud
+      dsn: memory
+
+
+loki:
+  enabled: true
+  loki:
+    auth_enabled: false
+    commonConfig:
+      replication_factor: 1
+    storage:
+      type: filesystem
+      filesystem:
+        chunks_directory: /var/loki/chunks
+        rules_directory: /var/loki/rules
+        admin_api_directory: /var/loki/admin
+    storage_config:
+      boltdb_shipper:
+        active_index_directory: /var/loki/index
+      filesystem:
+        directory: /var/loki/chunks
+    limits_config:
+      allow_structured_metadata: false
+    schemaConfig:
+      configs:
+        - from: "2020-01-01"
+          store: boltdb-shipper
+          object_store: filesystem
+          schema: v11
+          index:
+            prefix: index_
+            period: 24h
+    ingester:
+      chunk_encoding: snappy
+    tracing:
+      enabled: true
+    querier:
+      max_concurrent: 2
+
+  deploymentMode: SingleBinary
+  singleBinary:
+    extraVolumes:
+      - name: loki-storage
+        persistentVolumeClaim:
+          claimName: loki-pvc
+    persistence:
+      enabled: false # Deactivate loki auto provisioning, rely on existing PVC
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      storageClassName: longhorn-nor1
+      claimName: loki-pvc
+
+    extraVolumeMounts:
+      - name: loki-storage
+        mountPath: /var/loki 
+    replicas: 1
+    resources:
+      limits:
+        cpu: 3
+        memory: 4Gi
+      requests:
+        cpu: 1
+        memory: 0.5Gi
+    extraEnv:
+      - name: GOMEMLIMIT
+        value: 3750MiB
+
+  chunksCache:
+    # default is 500MB, with limited memory keep this smaller
+    writebackSizeLimit: 10MB
+
+  # Enable minio for storage
+  minio:
+    enabled: false
+  # Zero out replica counts of other deployment modes
+  backend:
+    replicas: 0
+  read:
+    replicas: 0
+  write:
+    replicas: 0
+  ingester:
+    replicas: 0
+  querier:
+    replicas: 0
+  queryFrontend:
+    replicas: 0
+  queryScheduler:
+    replicas: 0
+  distributor:
+    replicas: 0
+  compactor:
+    replicas: 0
+  indexGateway:
+    replicas: 0
+  bloomCompactor:
+    replicas: 0
+  bloomGateway:
+    replicas: 0
+
+grafana:
+  enabled: true
+  adminUser: admin
+  adminPassword: admin
+  persistence:
+    enabled: true
+    size: 1Gi
+  service:
+    type: ClusterIP
+
+argo-workflows:
+  enabled: false
+  workflow:
+    serviceAccount:
+      create: false
+      name: argo-workflow
+    rbac:
+      create: false # Manual provisioning
+  controller:
+    workflowNamespaces: [] #All of them
+    controller:
+    workflowDefaults:
+      spec:
+        serviceAccountName: argo-workflow
+
+ocAuth:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-auth:0.0.1"
+  authType: hydra
+  keto:
+    adminRole: admin
+  hydra:
+    openCloudOauth2ClientSecretName: oc-oauth2-client-secret
+  ldap:
+    bindDn: cn=admin,dc=example,dc=com
+    binPwd: admin
+    baseDn: dc=example,dc=com
+    roleBaseDn: ou=AppRoles,dc=example,dc=com
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocFront:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-front:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocWorkspace:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-workspace:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+
+ocShared:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-shared:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocWorkflow:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-workflow:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocCatalog:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-catalog:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocPeer:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-peer:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocDatacenter:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-datacenter:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocSchedulerd:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-schedulerd:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocScheduler:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-scheduler:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+docker-registry-ui:
+  enabled: true
+  ui:
+    title: "opencloud docker registry"
+    proxy: true
+    dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000"
+  registry:
+    secretName: regcred
+    enabled: true
+    dataVolume:
+      persistentVolumeClaim:
+        claimName: docker-registry-pvc
+    persistence:
+      accessMode: ReadWriteOnce
+      storage: 5000Mi
+      storageClassName: longhorn-nor1

utils/assets/values/prod-values.yaml

@@ -0,0 +1,515 @@
+env: prod # For storage class provisioning
+host: opencloud.pf.irt-saintexupery.com # For reverse proxy rule
+registryHost: registry-opencloud.pf.irt-saintexupery.com # For reverse proxy rule
+scheme: https # For reverse proxy rule
+
+mongo-express:
+  enabled: true
+  mongodbServer: prod-mongodb.prod
+  mongodbPort: 27017
+  mongodbEnableAdmin: true
+  mongodbAdminUsername: mongroot
+  mongodbAdminPassword: AaRahr9E
+  siteBaseUrl: /mongoexpress
+  basicAuthUsername: mongobserver
+  basicAuthPassword: ieSei4du
+  mongodb:
+    enabled: false
+
+mongodb:
+  enabled: true
+  global:
+    defaultStorageClass: longhorn-nor1
+    storageClass: longhorn-nor1
+  architecture: standalone
+  useStatefulSet: false
+  auth:
+    enabled: true
+    rootUser: mongroot
+    rootPassword: AaRahr9E
+    databases: ["DC_myDC"]
+    usernames: ["opencloud"]
+    passwords: ["Sudoko5o"]
+  resourcesPreset: "small"
+  replicaCount: 1
+  persistence:
+    enabled: true
+    storageClass: longhorn-nor1
+    existingClaim: mongo-pvc
+    accessModes: 
+    - ReadWriteOnce
+    size: 5000Mi
+  persistentVolumeClaimRetentionPolicy:
+    enabled: true
+    whenDeleted: Retain
+    whenScaled: Retain
+  arbiter:
+    enabled: false
+  livenessProbe:
+    enabled: true
+  readinessProbe:
+    enabled: true
+
+nats:
+  enabled: true
+  jetstream:
+    enabled: true
+    fileStore:
+      size: 20Mi
+      storageClassName: longhorn-nor1
+
+
+openldap:
+  enabled: true
+  test:
+    enabled: false
+  ltb-passwd:
+    enabled: false
+  replicaCount: 1
+  image:
+    repository: osixia/openldap
+    tag: 1.5.0
+  tls:
+    enabled: false
+  env:
+    LDAP_ORGANISATION: "Demo opencloud"
+    LDAP_DOMAIN: "example.com"
+    LDAP_BACKEND: "mdb"
+    LDAP_TLS: "false"
+    LDAP_TLS_ENFORCE: "false"
+    LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+  adminPassword: "ohwaiQu3"
+  configPassword: "oR5jiv3e"
+  phpldapadmin:
+    enabled: false
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 10Mi
+    storageClass: longhorn-nor1
+  replication:
+    enabled: false
+  customLdifFiles:
+
+    01-schema.ldif: |-
+      dn: ou=groups,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: groups
+
+      dn: ou=users,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: users
+
+      dn: cn=lastGID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
+      cn: lastGID
+      serialNumber: 2001
+
+      dn: cn=lastUID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      serialNumber: 2001
+      description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
+      cn: lastUID
+
+      dn: cn=everybody,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: everybody
+      memberUid: admin
+      gidNumber: 2003
+
+    02-ldapadmin.ldif : |-
+      dn: cn=ldapadmin,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: ldapadmin
+      memberUid: ldapadmin
+      gidNumber: 2001
+
+      dn: uid=ldapadmin,ou=users,dc=example,dc=com
+      givenName: ldap
+      sn: admin
+      uid: ldapadmin
+      cn: ldapadmin
+      mail: ldapadmin@example.com
+      objectClass: person
+      objectClass: inetOrgPerson
+      objectClass: posixAccount
+      userPassword: sai1yeiT
+      uidNumber: 2001
+      gidNumber: 2001
+      loginShell: /bin/bash
+      homeDirectory: /home/ldapadmin
+
+    03-opencloudadmin.ldif : |-
+      dn: uid=admin,ou=Users,dc=example,dc=com
+      objectClass: inetOrgPerson
+      cn: Admin
+      sn: Istrator
+      uid: admin
+      userPassword: admin
+      mail: admin@example.com
+      ou: Users
+
+      dn: ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: AppRoles
+      description: AppRoles
+
+      dn: ou=App1,ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: App1
+      description: App1
+
+prometheus:
+  replicaCount: 1
+
+  image:
+    repository: prom/prometheus
+    tag: v2.52.0
+    pullPolicy: IfNotPresent
+
+  service:
+    type: ClusterIP
+    port: 9090
+
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 200m
+      memory: 256Mi
+
+# ldap user manager configuration
+ldapUserManager:
+  enabled: true
+  env:
+    SERVER_HOSTNAME: "opencloud.pf.irt-saintexupery.com"
+    LDAP_BASE_DN: "dc=example,dc=com"
+    LDAP_REQUIRE_STARTTLS: "false"
+    LDAP_ADMINS_GROUP: "ldapadmin"
+    LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com"
+    LDAP_ADMIN_BIND_PWD: "ohwaiQu3"
+    LDAP_IGNORE_CERT_ERRORS: "true"
+    EMAIL_DOMAIN: ""
+    NO_HTTPS: "true"
+    SERVER_PATH: "/users"
+    ORGANISATION_NAME: "Demo"
+    LDAP_USER_OU: "users"
+    LDAP_GROUP_OU: "groups"
+    ACCEPT_WEAK_PASSWORDS: "true"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+traefik:
+  enabled: false
+  service:
+    type: NodePort
+  ingressRoute:
+    dashboard:
+      enabled: true
+      matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
+      entryPoints: [web]
+  ports:
+    web:
+      nodePort: 30950
+
+hydra:
+  enabled: true
+  maester:
+    enabled: true
+  secret:
+    enabled: false
+    nameOverride: hydra-secret
+    hashSumEnabled: false
+  hydra:
+    dev: true
+    existingSecret: hydra-secret
+    config:
+      dsn: memory
+      urls:
+        login: https://localhost-login/authentication/login
+        consent: https://localhost-consent/consent/consent
+        logout: https://localhost-logout/authentication/logout
+        self:
+          issuer: http://prod-hydra-public:4444/
+
+keto:
+  enabled: true
+  keto:
+    config:
+      serve:
+        read:
+          port: 4466
+        write:
+          port: 4467
+        metrics:
+          port: 4468
+      namespaces:
+        - id: 0
+          name: open-cloud
+      dsn: memory
+
+
+loki:
+  enabled: true
+  loki:
+    auth_enabled: false
+    commonConfig:
+      replication_factor: 1
+    storage:
+      type: filesystem
+      filesystem:
+        chunks_directory: /var/loki/chunks
+        rules_directory: /var/loki/rules
+        admin_api_directory: /var/loki/admin
+    storage_config:
+      boltdb_shipper:
+        active_index_directory: /var/loki/index
+      filesystem:
+        directory: /var/loki/chunks
+    limits_config:
+      allow_structured_metadata: false
+    schemaConfig:
+      configs:
+        - from: "2020-01-01"
+          store: boltdb-shipper
+          object_store: filesystem
+          schema: v11
+          index:
+            prefix: index_
+            period: 24h
+    ingester:
+      chunk_encoding: snappy
+    tracing:
+      enabled: true
+    querier:
+      max_concurrent: 2
+
+  deploymentMode: SingleBinary
+  singleBinary:
+    extraVolumes:
+      - name: loki-storage
+        persistentVolumeClaim:
+          claimName: loki-pvc
+    persistence:
+      enabled: false # Deactivate loki auto provisioning, rely on existing PVC
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      storageClassName: longhorn-nor1
+      claimName: loki-pvc
+
+
+    extraVolumeMounts:
+      - name: loki-storage
+        mountPath: /var/loki 
+    replicas: 1
+    resources:
+      limits:
+        cpu: 3
+        memory: 4Gi
+      requests:
+        cpu: 1
+        memory: 0.5Gi
+    extraEnv:
+      - name: GOMEMLIMIT
+        value: 3750MiB
+
+  chunksCache:
+    # default is 500MB, with limited memory keep this smaller
+    writebackSizeLimit: 10MB
+
+  # Enable minio for storage
+  minio:
+    enabled: false
+
+  # Zero out replica counts of other deployment modes
+  backend:
+    replicas: 0
+  read:
+    replicas: 0
+  write:
+    replicas: 0
+  ingester:
+    replicas: 0
+  querier:
+    replicas: 0
+  queryFrontend:
+    replicas: 0
+  queryScheduler:
+    replicas: 0
+  distributor:
+    replicas: 0
+  compactor:
+    replicas: 0
+  indexGateway:
+    replicas: 0
+  bloomCompactor:
+    replicas: 0
+  bloomGateway:
+    replicas: 0
+
+grafana:
+  enabled: false
+
+argo-workflows:
+  enabled: true
+  workflow:
+    serviceAccount:
+      create: false
+      name: argo-workflow
+    rbac:
+      create: false # Manual provisioning
+  controller:
+    workflowNamespaces: [] #All of them
+    controller:
+    workflowDefaults:
+      spec:
+        serviceAccountName: argo-workflow
+
+ocAuth:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-auth:0.0.1"
+  authType: hydra
+  keto:
+    adminRole: admin
+  hydra:
+    openCloudOauth2ClientSecretName: oc-oauth2-client-secret
+  ldap:
+    bindDn: "cn=admin,dc=example,dc=com"
+    binPwd: "ohwaiQu3"
+    baseDn: "dc=example,dc=com"
+    roleBaseDn: "ou=AppRoles,dc=example,dc=com"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocFront:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-front:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocWorkspace:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-workspace:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocShared:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-shared:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocWorkflow:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-workflow:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocCatalog:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-catalog:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocPeer:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-peer:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocDatacenter:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-datacenter:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocSchedulerd:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-schedulerd:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+ocScheduler:
+  enabled: true
+  image: "registry-opencloud.pf.irt-saintexupery.com/oc-scheduler:0.0.1"
+  resources:
+    limits:
+      cpu: "128m"
+      memory: "256Mi"
+    requests:
+      cpu: "128m"
+      memory: "256Mi"
+
+docker-registry-ui:
+  enabled: true
+  ui:
+    title: "opencloud docker registry"
+    proxy: true
+    dockerRegistryUrl: "http://prod-docker-registry-ui-registry-server.prod.svc.cluster.local:5000"
+  registry:
+    secretName: regcred
+    enabled: true
+    dataVolume:
+      persistentVolumeClaim:
+        claimName: docker-registry-pvc
+    persistence:
+      accessMode: ReadWriteOnce
+      storage: 5000Mi
+      storageClassName: longhorn-nor1

utils/assets/values/test-values.yaml

@@ -0,0 +1,613 @@
+env: test # For storage class provisioning
+name: opencloud
+host: beta.opencloud.com
+registryHost: oc # For reverse proxy rule
+scheme: https # For reverse proxy rule
+
+mongo-express:
+  enabled: true
+  mongodbServer: "test-mongodb.test" # TO LOOK AFTER
+  mongodbPort: 27017
+  mongodbEnableAdmin: true
+  mongodbAdminUsername: admin
+  mongodbAdminPassword: admin
+  siteBaseUrl: /mongoexpress
+  basicAuthUsername: admin
+  basicAuthPassword: admin
+  mongodb:
+    enabled: false
+
+mongodb:
+  enabled: true
+  global:
+    defaultStorageClass: 
+    storageClass: 
+  architecture: standalone
+  useStatefulSet: false
+  auth:
+    enabled: true
+    rootUser: admin
+    rootPassword: admin
+    databases: [ opencloud ]
+    usernames: [ admin ]
+    passwords: [ admin ]
+  resourcesPreset: "small"
+  replicaCount: 1
+  persistence:
+    enabled: true
+    create: false            # do not auto-create
+    existingClaim: mongo-pvc
+    storageClassName: 
+    accessModes: 
+      - ReadWriteOnce
+    size: 5000Mi
+  persistentVolumeClaimRetentionPolicy:
+    enabled: true
+    whenDeleted: Retain
+    whenScaled: Retain
+  arbiter:
+    enabled: false
+  livenessProbe:
+    enabled: true
+  readinessProbe:
+    enabled: true
+
+nats:
+  enabled: true
+  extraEnv:
+    - name: NATS_MAX_FILE_DESCRIPTORS
+      value: "65536"
+  extraVolumeMounts:
+    - name: nats-config
+      mountPath: /etc/nats
+  config:
+    jetstream:
+      enabled: true
+      fileStore:
+        enabled: true
+        dir: /data/jetstream        # mountPath used by template
+        # pvc block must live here
+        pvc:
+          enabled: true
+          # if you already created the claim, set existingClaim:
+          existingClaim: nats-pvc
+          # storageClassName: local-path or standard (use the SC in your cluster)
+          storageClassName: 
+          size: 50Gi 
+          # name is the volume name used in volumeMounts; keep it simple
+          name: nats-jetstream
+
+openldap:
+  enabled: true
+  test:
+    enabled: false
+  ltb-passwd:
+    enabled: false
+  replicaCount: 1
+  image:
+    repository: osixia/openldap
+  tls:
+    enabled: false
+  env:
+    LDAP_ORGANISATION: Opencloud
+    LDAP_DOMAIN: opencloud.com
+    LDAP_BACKEND: "mdb"
+    LDAP_TLS: "false"
+    LDAP_TLS_ENFORCE: "false"
+    LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+  adminPassword: admin
+  configPassword: "config"
+  phpldapadmin:
+    enabled: false
+  persistence:
+    enabled: true
+    create: false            # do not auto-create
+    existingClaim: openldap-pvc
+    accessMode: ReadWriteOnce
+    size: 10Mi
+    storageClassName: 
+  replication:
+    enabled: false
+  externalLDAP:
+    enabled: false
+    url: ${OC_LDAP_EXTERNAL_ENDPOINT}
+    bindDN: cn=admin,dc=example,dc=com
+    bindPassword: admin
+  customLdifFiles:
+    01-schema.ldif: |-
+      dn: ou=groups,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: groups
+
+      dn: ou=users,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: users
+
+      dn: cn=lastGID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
+      cn: lastGID
+      serialNumber: 2001
+
+      dn: cn=lastUID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      serialNumber: 2001
+      description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
+      cn: lastUID
+
+      dn: cn=everybody,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: everybody
+      memberUid: admin
+      gidNumber: 2003
+
+    02-ldapadmin.ldif : |-
+      dn: cn=ldapadmin,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: ldapadmin
+      memberUid: ldapadmin
+      gidNumber: 2001
+
+      dn: uid=ldapadmin,ou=users,dc=example,dc=com
+      givenName: ldap
+      sn: admin
+      uid: ldapadmin
+      cn: ldapadmin
+      mail: ldapadmin@example.com
+      objectClass: person
+      objectClass: inetOrgPerson
+      objectClass: posixAccount
+      userPassword: sai1yeiT
+      uidNumber: 2001
+      gidNumber: 2001
+      loginShell: /bin/bash
+      homeDirectory: /home/ldapadmin
+
+    03-opencloudadmin.ldif : |-
+      dn: uid=admin,ou=users,dc=example,dc=com
+      objectClass: inetOrgPerson
+      cn: Admin
+      sn: Istrator
+      uid: admin
+      userPassword: admin
+      mail: admin@example.com
+      ou: users
+
+      dn: ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: AppRoles
+      description: AppRoles
+
+      dn: ou=App1,ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: App1
+      description: App1
+
+prometheus:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  server:
+    persistentVolume:
+      enabled: true
+      size: 5Gi
+    service:
+        type: ClusterIP
+    resources:
+      limits:
+        cpu: 500m
+        memory: 512Mi
+      requests:
+        cpu: 128m
+        memory: 256Mi
+
+# ldap user manager configuration
+ldapUserManager:
+  enabled: true
+  env:
+    SERVER_HOSTNAME: ldap.exemple.com
+    LDAP_BASE_DN: dc=example,dc=com
+    LDAP_REQUIRE_STARTTLS: "false" 
+    LDAP_ADMINS_GROUP: ldapadmin
+    LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com
+    LDAP_ADMIN_BIND_PWD: admin
+    LDAP_IGNORE_CERT_ERRORS: "true"
+    EMAIL_DOMAIN: 
+    NO_HTTPS: "true"
+    SERVER_PATH: "/users"
+    ORGANISATION_NAME: Opencloud
+    LDAP_USER_OU: users 
+    LDAP_GROUP_OU: groups
+    ACCEPT_WEAK_PASSWORDS: "true"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+
+traefik:
+  enabled: true
+  service:
+    type: NodePort
+  ingressRoute:
+    dashboard:
+      enabled: true
+      matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
+      entryPoints: [web]
+  ports:
+    web:
+      nodePort: 30950
+
+hydra:
+  enabled: true
+  maester:
+    enabled: true
+  secret:
+    enabled: false
+    nameOverride: hydra-secret
+    hashSumEnabled: false
+  hydra:
+    dev: true
+    existingSecret: hydra-secret
+    config:
+      dsn: memory
+      urls:
+      #  login: https://localhost-login/authentication/login
+      #  consent: https://localhost-consent/consent/consent
+      #  logout: https://localhost-logout/authentication/logout
+        self:
+          issuer: "http://test-hydra-public.test:4444/"
+
+keto:
+  enabled: true
+  keto:
+    config:
+      serve:
+        read:
+          port: 4466
+        write:
+          port: 4467
+        metrics:
+          port: 4468
+      namespaces:
+        - id: 0
+          name: open-cloud
+      dsn: memory
+
+
+loki:
+  enabled: true
+  loki:
+    auth_enabled: false
+    commonConfig:
+      replication_factor: 1
+    storage:
+      type: filesystem
+      filesystem:
+        chunks_directory: /var/loki/chunks
+        rules_directory: /var/loki/rules
+        admin_api_directory: /var/loki/admin
+    storage_config:
+      boltdb_shipper:
+        active_index_directory: /var/loki/index
+      filesystem:
+        directory: /var/loki/chunks
+    limits_config:
+      allow_structured_metadata: false
+    schemaConfig:
+      configs:
+        - from: "2020-01-01"
+          store: boltdb-shipper
+          object_store: filesystem
+          schema: v11
+          index:
+            prefix: index_
+            period: 24h
+    ingester:
+      chunk_encoding: snappy
+    tracing:
+      enabled: true
+    querier:
+      max_concurrent: 2
+
+  deploymentMode: SingleBinary
+  singleBinary:
+    extraVolumes:
+      - name: loki-storage
+        persistentVolumeClaim:
+          claimName: loki-pvc
+    persistence:
+      enabled: false # Deactivate loki auto provisioning, rely on existing PVC
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      storageClassName: 
+      create: false 
+      claimName: loki-pvc 
+
+    extraVolumeMounts:
+      - name: loki-storage
+        mountPath: /var/loki 
+    replicas: 1
+    resources:
+      limits:
+        cpu: 3
+        memory: 4Gi
+      requests:
+        cpu: 1
+        memory: 0.5Gi
+    extraEnv:
+      - name: GOMEMLIMIT
+        value: 3750MiB
+
+  chunksCache:
+    # default is 500MB, with limited memory keep this smaller
+    writebackSizeLimit: 10MB
+
+  # Enable minio for storage
+  minio:
+    enabled: false
+  # Zero out replica counts of other deployment modes
+  backend:
+    replicas: 0
+  read:
+    replicas: 0
+  write:
+    replicas: 0
+  ingester:
+    replicas: 0
+  querier:
+    replicas: 0
+  queryFrontend:
+    replicas: 0
+  queryScheduler:
+    replicas: 0
+  distributor:
+    replicas: 0
+  compactor:
+    replicas: 0
+  indexGateway:
+    replicas: 0
+  bloomCompactor:
+    replicas: 0
+  bloomGateway:
+    replicas: 0
+
+grafana:
+  enabled: true
+  adminUser: admin
+  adminPassword: admin
+  persistence:
+    enabled: true
+    size: 1Gi
+  service:
+    type: ClusterIP
+
+argo-workflows:
+  enabled: false
+  workflow:
+    serviceAccount:
+      create: false
+      name: argo-workflow
+    rbac:
+      create: false # Manual provisioning
+  controller:
+    workflowNamespaces: [] #All of them
+    controller:
+    workflowDefaults:
+      spec:
+        serviceAccountName: argo-workflow
+
+ocAuth:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-auth:0.0.1"
+  authType: hydra
+  keto:
+    adminRole: admin
+  hydra:
+    openCloudOauth2ClientSecretName: oc-oauth2-client-secret
+  ldap:
+    bindDn: cn=admin,dc=example,dc=com
+    binPwd: admin
+    baseDn: dc=example,dc=com
+    roleBaseDn: ou=AppRoles,dc=example,dc=com
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocFront:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-front:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocWorkspace:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-workspace:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+
+ocShared:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-shared:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocWorkflow:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-workflow:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocCatalog:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-catalog:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocPeer:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-peer:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocDatacenter:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-datacenter:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocSchedulerd:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-schedulerd:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocScheduler:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-scheduler:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+docker-registry-ui:
+  enabled: true
+  ui:
+    title: "opencloud docker registry"
+    proxy: true
+    dockerRegistryUrl: "http://test-docker-registry-ui-registry-server.test.svc.cluster.local:5000"
+  registry:
+    secretName: regcred
+    enabled: true
+    dataVolume:
+      persistentVolumeClaim:
+        claimName: docker-registry-pvc
+    persistence:
+      create: false
+      existingClaim: docker-registry-pvc
+      accessMode: ReadWriteOnce
+      storage: 5Gi
+      storageClassName: 

utils/oc-k8s.sh

@@ -0,0 +1,430 @@
+#!/bin/bash
+REPOS=(
+    "oc-auth"
+    "oc-catalog"
+    "oc-datacenter"
+    "oc-front"
+    "oc-monitord"
+    "oc-peer"
+    "oc-shared"
+    "oc-scheduler"
+    "oc-schedulerd"
+    "oc-workflow"
+    "oc-workspace"
+)
+
+
+main_replace_db() {
+  FILES=$(ls $1 | grep .json)
+  RELEASE=${2:-dev}
+  DB_NAME=${3:-opencloud}
+  
+  POD_NAME=$(kubectl get pods --all-namespaces -o=name | grep $RELEASE-mongodb-*)
+  main_delete_db
+  main_install_db
+}
+
+main_delete_db() {
+  FILES=$(ls $1 | grep .json)
+  RELEASE=${2:-dev}
+  DB_NAME=${3:-opencloud}
+
+
+  POD_NAME=$(kubectl get pods --all-namespaces -o=name | grep $RELEASE-mongodb-*)
+  kubectl exec /pod\//}: -- mongosh --eval "db.getSiblingDB('$DB_NAME').dropDatabase()"
+}
+
+main_install_db() {
+  FILES=$(ls $1 | grep .json)
+  RELEASE=${2:-dev}
+  DB_NAME=${3:-opencloud}
+
+
+  POD_NAME=$(kubectl get pods --all-namespaces -o=name | grep $RELEASE-mongodb-*)
+
+  for file in "${FILES[@]}"; do
+      echo "ADD file $file in collection ${file/.json/} : ${POD_NAME/pod\//}"
+      kubectl cp $file ${POD_NAME/pod\//}:/tmp/$file
+      kubectl exec ${POD_NAME/pod\//}: -- mongoimport --db $DB_NAME --collection ${file/.json/} --file /tmp/$file --jsonArray
+  done
+}
+
+
+main_install() {
+  main_install_k3s
+  main_install_kind ${@:1}
+  main_install_helm 
+}
+
+main_install_k3s() {
+  sudo /usr/local/bin/k3s-uninstall.sh | true
+  sudo rm -rf /etc/rancher /var/lib/rancher | true
+  curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644
+  sudo cp/etc/rancher/k3s/k3s.yaml  ~/.kube/config
+  sudo systemctl status k3s
+}
+
+main_install_helm() {
+  curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash # install helm
+  helm version
+}
+
+main_install_kind() {
+  ARCH=${1:-linux-amd64} # linux-amd64 linux-arm64 darwin-amd64 darwin-arm64 windows-amd64.exe
+  VERSION=${2:-v0.30.0}
+  if [[ "$ARCH" =~ *windows* ]]; then
+    ARCH=${ARCH}.exe
+  fi
+  curl -Lo kind-linux-amd64 https://kind.sigs.k8s.io/dl/${VERSION}/kind-${ARCH}
+}
+# values template 
+main_create_values() {
+  set -euo pipefail
+
+  if [[ -z "${1:-}" ]]; then
+    echo "Error: No RELEASE PROVIDED."
+    main_help_values
+    exit 1
+  fi 
+
+  TEMPLATE_FILE=./opencloud/values.yaml.template
+  ENV_FILE=${2:-}
+  OUTPUT_FILE="./opencloud/values/$1-values.yaml"
+
+  # Load environment variables from env file
+  if [[ -f "$ENV_FILE" ]]; then
+    set -a
+    source "$ENV_FILE"
+    set +a
+  fi
+  export RELEASE=$1
+  # Process the template
+  awk '
+  {
+    line = $0
+    # match ${VAR:-default} patterns
+    while (match(line, /\$\{([A-Za-z_][A-Za-z0-9_]*):-([^}]+)\}/, arr)) {
+      varname = arr[1]
+      defaultval = arr[2]
+      # get environment value or default
+      cmd = "bash -c '\''echo ${" varname ":-" defaultval "}'\''"
+      cmd | getline value
+      close(cmd)
+      line = substr(line, 1, RSTART-1) value substr(line, RSTART+RLENGTH)
+    }
+    print line
+  }' "$TEMPLATE_FILE" > "$OUTPUT_FILE"
+
+  echo "Rendered $OUTPUT_FILE from $TEMPLATE_FILE using $ENV_FILE"
+}
+
+# HELM SERVICE
+main_create_helm() {
+    RELEASE_NAME=${1:-dev}
+    RELEASE_NAMESPACE=${1:-dev}
+    main_delete_helm "${1:-dev}" | true
+    helm dependency update
+    helm dependency build
+    kubectl delete sc longhorn-nor1
+
+    #kubectl apply -f ./opencloud/templates/sc-longhorn-nor1.yaml
+    #kubectl label storageclass longhorn-nor1 app.kubernetes.io/managed-by=Helm
+    #kubectl annotate storageclass longhorn-nor1 \
+    #  meta.helm.sh/release-name=${RELEASE_NAMESPACE} \
+    #  meta.helm.sh/release-namespace=${RELEASE_NAMESPACE}
+    ulimit -n 1000000
+    helm install ${RELEASE_NAME} opencloud -n ${RELEASE_NAMESPACE} --create-namespace -f ./opencloud/values/${RELEASE_NAME}-values.yaml --debug
+
+    kind get kubeconfig --name opencloud > ./deployed_config
+
+    kind export logs ./kind-logs
+}
+
+main_upgrade_helm() {
+  RELEASE_NAME=${1:-dev}
+  RELEASE_NAMESPACE=${1:-dev}
+
+  helm upgrade ${RELEASE_NAME} opencloud -n ${RELEASE_NAMESPACE} --create-namespace -f ./opencloud/values/${RELEASE_NAME}-values.yaml
+}
+
+main_delete_helm() {
+    RELEASE_NAME=${1:-dev}
+    RELEASE_NAMESPACE=${1:-dev}
+
+    helm uninstall ${RELEASE_NAME} -n ${RELEASE_NAMESPACE}
+    kubectl delete namespace ${RELEASE_NAMESPACE} &
+
+    export KUBECONFIG=$(realpath ~/.kube/config)
+}
+# CLUSTER SERVICE
+
+build_service() {
+    local repo_url="https://cloud.o-forge.io/core/$1.git"
+    local branch=${2:-main}
+    local target=${3:-all}
+    local hostname=${4:-beta.opencloud.com}
+    local repo_name=$(basename "$repo_url" .git)
+
+    server=$(grep 'server:' ~/.kube/config | awk '{print $2}')
+
+    host=$(ip -4 addr show $(ip route | awk '/default/ {print $5}') | awk '/inet / {print $2}' | cut -d/ -f1)
+    port=6443
+    ca=$(kubectl config view --raw --minify -o jsonpath='{.clusters[0].cluster.certificate-authority-data}')
+    cert=$(kubectl config view --raw --minify -o jsonpath='{.users[0].user.client-certificate-data}')
+    key=$(kubectl config view --raw --minify -o jsonpath='{.users[0].user.client-key-data}')
+
+    echo "Processing repository: $repo_name"
+
+    if [ ! -d "$1" ]; then
+        echo "Cloning repository: $repo_name"
+        git clone "$repo_url"
+        if [ $? -ne 0 ]; then
+            echo "Error cloning $repo_url"
+            exit 1
+        fi
+    fi
+    echo "Repository '$repo_name' now exists. Pulling latest changes..."
+    cd "$repo_name" && git checkout $branch && git pull 
+    
+    echo "Running 'make $target' in $repo_name"
+    export HOST="$hostname" && export KUBERNETES_SERVICE_HOST=$host && export KUBERNETES_SERVICE_PORT=$port \
+      && export KUBE_CA=$ca && export KUBE_CERT=$cert && export KUBE_DATA=$key && make "$target"
+    if [ $? -ne 0 ]; then
+        echo "Error: make $target failed in $dir"
+        exit 1 
+    fi
+    cd ..
+}
+
+main_build_services() {
+    local env=${1:-dev}
+    local branch=${2:-main}
+    local target=${3:-all}
+    local hostname=$(grep 'host:' ./opencloud/values/$env-values.yaml | awk '{print $2}')
+    # docker system prune -af
+    cd ..
+    # Iterate through each repository in the list
+    for repo in "${REPOS[@]}"; do
+        build_service "$repo" "$branch" "$target" "$hostname"
+    done
+    echo "All repositories processed successfully."
+}
+
+# CLUSTER CONTROLLER
+
+main_delete_cluster() {
+    kind delete cluster --name opencloud | true
+}
+
+main_create_cluster() {
+    main_delete_cluster | true
+    kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.9.0/deploy/longhorn.yaml
+    cat <<EOF | kind create cluster  --name opencloud --config=-
+  kind: Cluster
+  apiVersion: kind.x-k8s.io/v1alpha4
+  nodes:
+  - role: control-plane
+    kubeadmConfigPatches:
+    - |
+      kind: InitConfiguration
+      nodeRegistration:
+        kubeletExtraArgs:
+          node-labels: "ingress-ready=true"
+    extraPortMappings:
+    - containerPort: 30950
+      hostPort: 80
+      protocol: TCP
+    - containerPort: 30951
+      hostPort: 443
+      protocol: TCP
+  containerdConfigPatches:
+  - |-
+      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."locahost:5000"]
+        endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
+      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
+        endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
+      [plugins."io.containerd.grpc.v1.cri".registry.configs."dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000".tls]
+        insecure_skip_verify = true
+        cert_file = ""
+        key_file = ""
+        ca_file = ""
+EOF
+    echo "[WARNING] New cluster shoulw be merged into your current config !"
+
+    # Export the kind cluster kubeconfig to a temporary file
+    kind get kubeconfig --name opencloud > /tmp/kind-opencloud.kubeconfig
+
+    # Merge the temporary kubeconfig with your existing one safely
+    KUBECONFIG=~/.kube/config:/tmp/kind-opencloud.kubeconfig kubectl config view --flatten --merge --minify > /tmp/merged-kubeconfig.yaml
+
+    # Replace the original kubeconfig safely
+    mv /tmp/merged-kubeconfig.yaml ~/.kube/config
+    chmod 600 ~/.kube/config
+
+    # Verify the contexts
+    kubectl config get-contexts
+    # Switch to the new kind cluster context
+    kubectl config use-context kind-opencloud
+}
+
+main_help_k3s() {
+  echo "
+Cluster commands: oc-k8s <action> k3s
+  install  - Install k3s
+  help     - Show this help message
+
+Usage:
+  oc-k8s install k3s
+  oc-k8s help values 
+"
+}
+
+main_help_kind() {
+  echo "
+Cluster commands: oc-k8s <action> kind
+  install  - Install kind
+  help     - Show this help message
+
+Usage:
+  oc-k8s install kind [arch] [version]
+    arch - Arch of OS (required)
+    kind_version - version of kind (required)
+  oc-k8s help values 
+"
+}
+
+main_help_values() {
+  echo "
+Cluster commands: oc-k8s <action> values
+  create   - Create a new values release yaml
+  help     - Show this help message
+
+Usage:
+  oc-k8s create values [release] [env_file (optionnal)]
+    release - Release values name (required)
+    env_file - env to map (optionnal)
+  oc-k8s help values 
+"
+}
+
+main_help_db() {
+  echo "
+Cluster commands: oc-k8s <action> cluster
+  create   - Add datas in db
+  replace  - Replace datas in db
+  delete   - Delete datas in db
+  help     - Show this help message
+
+Usage:
+  oc-k8s create db [file_path] [release] [db_name]
+    file_path - Datas folder files path (required)
+    release   - Release values name (default: dev)
+    db_name   - db name (default: opencloud)
+  oc-k8s replace db [file_path] [release] [db_name]
+    file_path - Datas folder files path (required)
+    release   - Release values name (default: dev)
+    db_name   - db name (default: opencloud)
+  oc-k8s delete db [file_path] [release] [db_name]
+    file_path - Datas folder files path (required)
+    release   - Release values name (default: dev)
+    db_name   - db name (default: opencloud)
+  oc-k8s help db 
+"
+}
+
+main_help_cluster() {
+  echo "
+Cluster commands: oc-k8s <action> cluster
+  create   - Create a new kind cluster named 'opencloud'
+  delete   - Delete the kind cluster named 'opencloud'
+  help     - Show this help message
+
+Usage:
+  oc-k8s create cluster
+  oc-k8s delete cluster
+  oc-k8s help cluster 
+"
+}
+
+main_help_services() {
+  echo "
+Service commands: oc-k8s <action> services 
+  build    - Build all opencloud services
+  help     - Show this help message
+
+Usage:
+   oc-k8s build services [branch] [target]
+    branch - Git branch to build (default: main)
+    target - make target (default: all)
+   oc-k8s help services 
+"
+}
+
+main_help_helm() {
+  echo "
+Helm commands: oc-k8s <action> helm
+  install  - Install Helm
+  create   - Install a helm release for the given environment (default: dev)
+  delete   - Uninstall a helm release for the given environment (default: dev)
+  help     - Show this help message
+
+Usage:
+  oc-k8s install helm 
+  oc-k8s create helm [env]
+    env - environnement selected (default: dev)
+  oc-k8s upgrade helm [env]
+    env - environnement selected (default: dev)
+  oc-k8s delete helm [env]
+    env - environnement selected (default: dev)
+  oc-k8sh help helm
+"
+}
+
+main_help_all() {
+   echo "
+Main commands: oc-k8s <action>
+  install  - Install opencloud dependancies [arch] [version]
+  start    - Start opencloud k8s
+  stop     - Stop opencloud k8s
+Usage:
+   oc-k8s install [arch] [version]
+    arch - Arch of OS (required)
+    kind_version - version of kind (required)
+   oc-k8s start [env] [branch] [target] [hostname]
+    env - environnement selected (default: dev)
+    branch - Git branch to build (default: main)
+    target - make target (default: all)
+   oc-k8s stop
+"
+  main_help_cluster
+  main_help_services
+  main_help_helm
+  main_help_values
+  main_help_k3s
+  main_help_kind
+  main_help_db
+}
+
+main_start() {
+  sudo sysctl -w fs.inotify.max_user_instances=256
+  sudo /etc/init.d/apache2 stop
+  sudo nginx -s stop
+  main_create_cluster
+  main_build_services "${@:1}"
+  cd ./oc-k8s
+  main_create_helm $1
+}
+
+main_stop() {
+  main_delete_helm "${@:1}" | true
+  main_delete_cluster "${@:1}" | true
+}
+
+if declare -f main_${1} > /dev/null; then
+    main_${1} "${@:2}"
+elif declare -f main_${1}_${2} > /dev/null; then
+    main_${1}_${2} "${@:3}"
+else
+    echo "Function does not exist"
+    main_help_all
+fi

utils/test-values.yaml

@@ -0,0 +1,618 @@
+env: sqsdq # For storage class provisioning
+clusterName: opencloud
+host: beta.opencloud.com
+registryHost: oc # For reverse proxy rule
+scheme: https # For reverse proxy rule
+
+mongo-express:
+  enabled: true
+  mongodbServer: "sqsdq-mongodb.sqsdq" # TO LOOK AFTER
+  mongodbPort: 27017
+  mongodbEnableAdmin: true
+  mongodbAdminUsername: admin
+  mongodbAdminPassword: admin
+  siteBaseUrl: /mongoexpress
+  basicAuthUsername: admin
+  basicAuthPassword: admin
+  mongodb:
+    enabled: false
+
+mongodb:
+  enabled: true
+  global:
+    defaultStorageClass: ""
+    storageClass: ""
+  architecture: standalone
+  useStatefulSet: false
+  auth:
+    enabled: true
+    rootUser: admin
+    rootPassword: admin
+    databases: [ opencloud ]
+    usernames: [ admin ]
+    passwords: [ admin ]
+  resourcesPreset: "small"
+  replicaCount: 1
+  persistence:
+    enabled: true
+    create: false            # do not auto-create
+    existingClaim: mongo-pvc
+    storageClassName: ""
+    accessModes: 
+      - ReadWriteOnce
+    size: 5000Mi
+  persistentVolumeClaimRetentionPolicy:
+    enabled: true
+    whenDeleted: Retain
+    whenScaled: Retain
+  arbiter:
+    enabled: false
+  livenessProbe:
+    enabled: true
+  readinessProbe:
+    enabled: true
+
+nats:
+  enabled: true
+  extraEnv:
+    - name: NATS_MAX_FILE_DESCRIPTORS
+      value: "65536"
+  extraVolumeMounts:
+    - name: nats-config
+      mountPath: /etc/nats
+  config:
+    jetstream:
+      enabled: true
+      fileStore:
+        enabled: true
+        dir: /data/jetstream        # mountPath used by template
+        # pvc block must live here
+        pvc:
+          enabled: true
+          # if you already created the claim, set existingClaim:
+          existingClaim: nats-pvc
+          # storageClassName: local-path or standard (use the SC in your cluster)
+          storageClassName: ""
+          size: 50Gi 
+          # name is the volume name used in volumeMounts; keep it simple
+          name: nats-jetstream
+
+openldap:
+  enabled: true
+  test:
+    enabled: false
+  ltb-passwd:
+    enabled: false
+  replicaCount: 1
+  image:
+    repository: osixia/openldap
+  tls:
+    enabled: false
+  env:
+    LDAP_ORGANISATION: Opencloud
+    LDAP_DOMAIN: opencloud.com
+    LDAP_BACKEND: "mdb"
+    LDAP_TLS: "false"
+    LDAP_TLS_ENFORCE: "false"
+    LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+  adminPassword: admin
+  configPassword: "config"
+  phpldapadmin:
+    enabled: false
+  persistence:
+    enabled: true
+    create: false            # do not auto-create
+    existingClaim: openldap-pvc
+    accessMode: ReadWriteOnce
+    size: 10Mi
+    storageClassName: ""
+  replication:
+    enabled: false
+  externalLDAP:
+    enabled: false
+    url: ${OC_LDAP_EXTERNAL_ENDPOINT}
+    bindDN: cn=admin,dc=example,dc=com
+    bindPassword: admin
+  customLdifFiles:
+    01-schema.ldif: |-
+      dn: ou=groups,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: groups
+
+      dn: ou=users,dc=example,dc=com
+      objectClass: organizationalUnit
+      ou: users
+
+      dn: cn=lastGID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
+      cn: lastGID
+      serialNumber: 2001
+
+      dn: cn=lastUID,dc=example,dc=com
+      objectClass: device
+      objectClass: top
+      serialNumber: 2001
+      description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
+      cn: lastUID
+
+      dn: cn=everybody,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: everybody
+      memberUid: admin
+      gidNumber: 2003
+
+    02-ldapadmin.ldif : |-
+      dn: cn=ldapadmin,ou=groups,dc=example,dc=com
+      objectClass: top
+      objectClass: posixGroup
+      cn: ldapadmin
+      memberUid: ldapadmin
+      gidNumber: 2001
+
+      dn: uid=ldapadmin,ou=users,dc=example,dc=com
+      givenName: ldap
+      sn: admin
+      uid: ldapadmin
+      cn: ldapadmin
+      mail: ldapadmin@example.com
+      objectClass: person
+      objectClass: inetOrgPerson
+      objectClass: posixAccount
+      userPassword: sai1yeiT
+      uidNumber: 2001
+      gidNumber: 2001
+      loginShell: /bin/bash
+      homeDirectory: /home/ldapadmin
+
+    03-opencloudadmin.ldif : |-
+      dn: uid=admin,ou=users,dc=example,dc=com
+      objectClass: inetOrgPerson
+      cn: Admin
+      sn: Istrator
+      uid: admin
+      userPassword: admin
+      mail: admin@example.com
+      ou: users
+
+      dn: ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: AppRoles
+      description: AppRoles
+
+      dn: ou=App1,ou=AppRoles,dc=example,dc=com
+      objectClass: organizationalunit
+      ou: App1
+      description: App1
+
+prometheus:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  server:
+    persistentVolume:
+      enabled: true
+      size: 5Gi
+    service:
+        type: ClusterIP
+    resources:
+      limits:
+        cpu: 500m
+        memory: 512Mi
+      requests:
+        cpu: 128m
+        memory: 256Mi
+
+# ldap user manager configuration
+ldapUserManager:
+  enabled: true
+  env:
+    SERVER_HOSTNAME: ldap.exemple.com
+    LDAP_BASE_DN: dc=example,dc=com
+    LDAP_REQUIRE_STARTTLS: "false" 
+    LDAP_ADMINS_GROUP: ldapadmin
+    LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com
+    LDAP_ADMIN_BIND_PWD: admin
+    LDAP_IGNORE_CERT_ERRORS: "true"
+    EMAIL_DOMAIN: ""
+    NO_HTTPS: "true"
+    SERVER_PATH: "/users"
+    ORGANISATION_NAME: Opencloud
+    LDAP_USER_OU: users 
+    LDAP_GROUP_OU: groups
+    ACCEPT_WEAK_PASSWORDS: "true"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+
+traefik:
+  enabled: true
+  service:
+    type: NodePort
+  ingressRoute:
+    dashboard:
+      enabled: true
+      matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
+      entryPoints: [web]
+  ports:
+    web:
+      nodePort: 30950
+
+hydra:
+  enabled: true
+  maester:
+    enabled: true
+  secret:
+    enabled: false
+    nameOverride: hydra-secret
+    hashSumEnabled: false
+  hydra:
+    dev: true
+    existingSecret: hydra-secret
+    config:
+      dsn: memory
+      urls:
+      #  login: https://localhost-login/authentication/login
+      #  consent: https://localhost-consent/consent/consent
+      #  logout: https://localhost-logout/authentication/logout
+        self:
+          issuer: "http://sqsdq-hydra-public.sqsdq:4444/"
+
+keto:
+  enabled: true
+  keto:
+    config:
+      serve:
+        read:
+          port: 4466
+        write:
+          port: 4467
+        metrics:
+          port: 4468
+      namespaces:
+        - id: 0
+          name: open-cloud
+      dsn: memory
+
+
+loki:
+  enabled: true
+  loki:
+  
+    auth_enabled: false
+    commonConfig:
+      replication_factor: 1
+    storage:
+      bucketNames:
+        chunks: chunks
+        ruler: ruler
+        admin: admin
+        type: filesystem
+      filesystem:
+        chunks_directory: /var/loki/chunks
+        rules_directory: /var/loki/rules
+        admin_api_directory: /var/loki/admin
+    storage_config:
+      boltdb_shipper:
+        active_index_directory: /var/loki/index
+      filesystem:
+        directory: /var/loki/chunks
+    limits_config:
+      allow_structured_metadata: false
+    schemaConfig:
+      configs:
+        - from: "2020-01-01"
+          store: boltdb-shipper
+          object_store: filesystem
+          schema: v11
+          index:
+            prefix: index_
+            period: 24h
+    ingester:
+      chunk_encoding: snappy
+    tracing:
+      enabled: true
+    querier:
+      max_concurrent: 2
+
+  deploymentMode: SingleBinary
+  singleBinary:
+    extraVolumes:
+      - name: loki-storage
+        persistentVolumeClaim:
+          claimName: loki-pvc
+    persistence:
+      enabled: false # Deactivate loki auto provisioning, rely on existing PVC
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      storageClassName: ""
+      create: false 
+      claimName: loki-pvc 
+
+    extraVolumeMounts:
+      - name: loki-storage
+        mountPath: /var/loki 
+    replicas: 1
+    resources:
+      limits:
+        cpu: 3
+        memory: 4Gi
+      requests:
+        cpu: 1
+        memory: 0.5Gi
+    extraEnv:
+      - name: GOMEMLIMIT
+        value: 3750MiB
+
+  chunksCache:
+    # default is 500MB, with limited memory keep this smaller
+    writebackSizeLimit: 10MB
+
+  # Enable minio for storage
+  minio:
+    enabled: false
+  # Zero out replica counts of other deployment modes
+  backend:
+    replicas: 0
+  read:
+    replicas: 0
+  write:
+    replicas: 0
+  ingester:
+    replicas: 0
+  querier:
+    replicas: 0
+  queryFrontend:
+    replicas: 0
+  queryScheduler:
+    replicas: 0
+  distributor:
+    replicas: 0
+  compactor:
+    replicas: 0
+  indexGateway:
+    replicas: 0
+  bloomCompactor:
+    replicas: 0
+  bloomGateway:
+    replicas: 0
+
+grafana:
+  enabled: true
+  adminUser: admin
+  adminPassword: admin
+  persistence:
+    enabled: true
+    size: 1Gi
+  service:
+    type: ClusterIP
+
+argo-workflows:
+  enabled: false
+  workflow:
+    serviceAccount:
+      create: false
+      name: argo-workflow
+    rbac:
+      create: false # Manual provisioning
+  controller:
+    workflowNamespaces: [] #All of them
+    controller:
+    workflowDefaults:
+      spec:
+        serviceAccountName: argo-workflow
+
+ocAuth:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-auth:0.0.1"
+  authType: hydra
+  keto:
+    adminRole: admin
+  hydra:
+    openCloudOauth2ClientSecretName: oc-oauth2-client-secret
+  ldap:
+    bindDn: cn=admin,dc=example,dc=com
+    binPwd: admin
+    baseDn: dc=example,dc=com
+    roleBaseDn: ou=AppRoles,dc=example,dc=com
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocFront:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-front:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocWorkspace:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-workspace:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+
+ocShared:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-shared:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocWorkflow:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-workflow:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocCatalog:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-catalog:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocPeer:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-peer:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocDatacenter:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-datacenter:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocSchedulerd:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-schedulerd:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+ocScheduler:
+  enabled: true
+  enableTraefikProxyIntegration: true
+  image: "oc/oc-scheduler:0.0.1"
+  resources:
+    limits:
+      cpu: 128m
+      memory: 256Mi
+    requests:
+      cpu: 128m
+      memory: 256Mi
+  replicas: 1
+  hpa:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+docker-registry-ui:
+  enabled: true
+  ui:
+    title: "opencloud docker registry"
+    proxy: true
+    dockerRegistryUrl: "http://sqsdq-docker-registry-ui-registry-server.sqsdq.svc.cluster.local:5000"
+  registry:
+    secretName: regcred
+    enabled: true
+    dataVolume:
+      persistentVolumeClaim:
+        claimName: docker-registry-pvc
+    persistence:
+      create: false
+      existingClaim: docker-registry-pvc
+      accessMode: ReadWriteOnce
+      storage: 5Gi
+      storageClassName: ""

utils/utils.go

@@ -2,24 +2,81 @@ package utils
 
 import (
 	"embed"
+	"fmt"
 	"os"
 	"os/exec"
 	"strings"
+
+	"gopkg.in/yaml.v3"
 )
 
-//go:embed assets/*
+//go:embed assets/**/**/**/**/**/**/.*
+var FS11 embed.FS
+
+//go:embed assets/**
+var FS10 embed.FS
+
+//go:embed assets/**/**/**/**/.*
+var FS9 embed.FS
+
+//go:embed assets/**/**/**/.*
+var FS8 embed.FS
+
+//go:embed assets/**/**/.*
+var FS7 embed.FS
+
+//go:embed assets/**/**/**/**/**/**/**/**/_*
+var FS6 embed.FS
+
+//go:embed assets/**/**/**/**/**/**/**/_*
+var FS5 embed.FS
+
+//go:embed assets/**/**/**/**/**/**/_*
+var FS4 embed.FS
+
+//go:embed assets/**/**/**/**/**/_*
+var FS3 embed.FS
+
+//go:embed assets/**/**/**/**/_*
+var FS2 embed.FS
+
+//go:embed assets/**/**/**/_*
+var FS1 embed.FS
+
+//go:embed assets
 var FS embed.FS
 
+var FSS = []embed.FS{FS, FS1, FS2, FS3, FS4, FS5, FS6, FS7, FS8, FS9, FS10, FS11}
+
 func Exec(args ...string) error {
 	fArgs := []string{"-c"}
 	if len(args) > 0 {
 		fArgs = append(fArgs, args...)
 	}
-	cmd := exec.Command("bash", fArgs...)
-	cmd.Stdin = os.Stdin
-	cmd.Stderr = os.Stderr
+	// Execute 'echo $HOME' in bash
+	cmd := exec.Command("bash", "-c", "echo $HOME")
+	out, err := cmd.Output()
+	if err != nil {
+		return err
+	}
+	home := strings.TrimSpace(string(out))
+	cmd2 := exec.Command("bash", fArgs...)
+	if strings.Contains(args[0], "helm") {
+		cmd2.Env = append(cmd2.Env, "HOME="+home)
+		out, err := cmd2.Output()
+		if err != nil {
+			fmt.Println("ERR helm ", args[0], err)
+			return err
+		}
+		fmt.Println("OUTPUT", string(out))
+		return nil
+	}
+	//  // inject HOME
 
-	return cmd.Run()
+	cmd2.Stdin = os.Stdin
+	cmd2.Stderr = os.Stderr
+
+	return cmd2.Run()
 }
 
 func ReadFS(filePath string) (string, error) {
@@ -45,3 +102,31 @@ func Extract(content string, key string) (string, bool) {
 
 	return strings.TrimSpace(content[start : start+end]), true
 }
+
+type Chart struct {
+	Dependencies []struct {
+		Name       string `yaml:"name"`
+		Version    string `yaml:"version"`
+		Repository string `yaml:"repository"`
+	} `yaml:"dependencies"`
+}
+
+func ExtractRepo() map[string]string {
+	repos := make(map[string]string) // to avoid duplicates
+
+	// Walk through embedded charts
+	data, err := FS.ReadFile("assets/Chart.yaml")
+	if err != nil {
+		return repos
+	}
+
+	var chart Chart
+	if err := yaml.Unmarshal(data, &chart); err != nil {
+		return repos
+	}
+
+	for _, dep := range chart.Dependencies {
+		repos[dep.Name] = dep.Repository
+	}
+	return repos
+}