core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update K8S to include an auto generator of values template

Browse Source
This commit is contained in:
mr
2025-11-12 13:13:43 +01:00
parent 7ad4bf0b5d
commit 9f9b1849eb
141 changed files with 13168 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

588
opencloud/values/test-values.yaml Normal file
View File

@@ -0,0 +1,588 @@
env: {{ .Release.Name }} # For storage class provisioning
host: exemple.com # For reverse proxy rule
registryHost: registry.exemple.com # For reverse proxy rule
scheme: https # For reverse proxy rule
mongo-express:
enabled: true
mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}" # TO LOOK AFTER
mongodbPort: 27017
mongodbEnableAdmin: true
mongodbAdminUsername: admin
mongodbAdminPassword: admin
siteBaseUrl: /mongoexpress
basicAuthUsername: admin
basicAuthPassword: admin
mongodb:
enabled: false
mongodb:
enabled: true
global:
defaultStorageClass: longhorn-nor1
storageClass: longhorn-nor1
architecture: standalone
useStatefulSet: false
auth:
enabled: true
rootUser: admin
rootPassword: admin
databases: [ opencloud ]
usernames: []
passwords: []
resourcesPreset: "small"
replicaCount: 1
persistence:
enabled: true
storageClass: longhorn-nor1
existingClaim: mongo-pvc
accessModes:
- ReadWriteOnce
size: 5000Mi
persistentVolumeClaimRetentionPolicy:
enabled: true
whenDeleted: Retain
whenScaled: Retain
arbiter:
enabled: false
livenessProbe:
enabled: true
readinessProbe:
enabled: true
nats:
enabled: true
jetstream:
enabled: true
fileStore:
size: 20Mi
storageClassName: longhorn-nor1
openldap:
enabled: true
test:
enabled: false
ltb-passwd:
enabled: false
replicaCount: 1
image:
repository: osixia/openldap
tls:
enabled: false
env:
LDAP_ORGANISATION: Opencloud
LDAP_DOMAIN: opencloud.com
LDAP_BACKEND: "mdb"
LDAP_TLS: false
LDAP_TLS_ENFORCE: false
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: admin
configPassword: "config"
phpldapadmin:
enabled: false
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Mi
storageClass: longhorn-nor1
replication:
enabled: false
externalLDAP:
enabled: false
url: ${OC_LDAP_EXTERNAL_ENDPOINT}
bindDN: cn=admin,dc=example,dc=com
bindPassword: admin
customLdifFiles:
01-schema.ldif: |-
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
ou: users
dn: cn=lastGID,dc=example,dc=com
objectClass: device
objectClass: top
description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
cn: lastGID
serialNumber: 2001
dn: cn=lastUID,dc=example,dc=com
objectClass: device
objectClass: top
serialNumber: 2001
description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
cn: lastUID
dn: cn=everybody,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: everybody
memberUid: admin
gidNumber: 2003
02-ldapadmin.ldif : |-
dn: cn=ldapadmin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: ldapadmin
memberUid: ldapadmin
gidNumber: 2001
dn: uid=ldapadmin,ou=users,dc=example,dc=com
givenName: ldap
sn: admin
uid: ldapadmin
cn: ldapadmin
mail: ldapadmin@example.com
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword: sai1yeiT
uidNumber: 2001
gidNumber: 2001
loginShell: /bin/bash
homeDirectory: /home/ldapadmin
03-opencloudadmin.ldif : |-
dn: uid=admin,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
cn: Admin
sn: Istrator
uid: admin
userPassword: admin
mail: admin@example.com
ou: Users
dn: ou=AppRoles,dc=example,dc=com
objectClass: organizationalunit
ou: AppRoles
description: AppRoles
dn: ou=App1,ou=AppRoles,dc=example,dc=com
objectClass: organizationalunit
ou: App1
description: App1
prometheus:
enabled: true
server:
persistentVolume:
enabled: true
size: 5Gi
service:
type: ClusterIP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 128m
memory: 256Mi
# ldap user manager configuration
ldapUserManager:
enabled: true
env:
SERVER_HOSTNAME: ldap.exemple.com
LDAP_BASE_DN: dc=example,dc=com
LDAP_REQUIRE_STARTTLS: false
LDAP_ADMINS_GROUP: ldapadmin
LDAP_ADMIN_BIND_DN: cn=admin,dc=example,dc=com
LDAP_ADMIN_BIND_PWD: admin
LDAP_IGNORE_CERT_ERRORS: true
EMAIL_DOMAIN:
NO_HTTPS: true
SERVER_PATH: "/users"
ORGANISATION_NAME: Opencloud
LDAP_USER_OU: users
LDAP_GROUP_OU: groups
ACCEPT_WEAK_PASSWORDS: "true"
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
traefik:
enabled: true
service:
type: NodePort
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
entryPoints: [web]
ports:
web:
nodePort: 30950
hydra:
enabled: true
maester:
enabled: true
secret:
enabled: false
nameOverride: hydra-secret
hashSumEnabled: false
hydra:
dev: true
existingSecret: hydra-secret
config:
dsn: memory
urls:
# login: https://localhost-login/authentication/login
# consent: https://localhost-consent/consent/consent
# logout: https://localhost-logout/authentication/logout
self:
issuer: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/"
keto:
enabled: true
keto:
config:
serve:
read:
port: 4466
write:
port: 4467
metrics:
port: 4468
namespaces:
- id: 0
name: open-cloud
dsn: memory
loki:
enabled: true
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
admin_api_directory: /var/loki/admin
storage_config:
boltdb_shipper:
active_index_directory: /var/loki/index
filesystem:
directory: /var/loki/chunks
limits_config:
allow_structured_metadata: false
schemaConfig:
configs:
- from: "2020-01-01"
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
ingester:
chunk_encoding: snappy
tracing:
enabled: true
querier:
max_concurrent: 2
deploymentMode: SingleBinary
singleBinary:
extraVolumes:
- name: loki-storage
persistentVolumeClaim:
claimName: loki-pvc
persistence:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: 1Gi
storageClassName: longhorn-nor1
claimName: loki-pvc
extraVolumeMounts:
- name: loki-storage
mountPath: /var/loki
replicas: 1
resources:
limits:
cpu: 3
memory: 4Gi
requests:
cpu: 1
memory: 0.5Gi
extraEnv:
- name: GOMEMLIMIT
value: 3750MiB
chunksCache:
# default is 500MB, with limited memory keep this smaller
writebackSizeLimit: 10MB
# Enable minio for storage
minio:
enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0
grafana:
enabled: true
adminUser: admin
adminPassword: admin
persistence:
enabled: true
size: 1Gi
service:
type: ClusterIP
argo-workflows:
enabled: false
workflow:
serviceAccount:
create: false
name: argo-workflow
rbac:
create: false # Manual provisioning
controller:
workflowNamespaces: [] #All of them
controller:
workflowDefaults:
spec:
serviceAccountName: argo-workflow
ocAuth:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-auth:0.0.1
authType: hydra
keto:
adminRole: admin
hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret
ldap:
bindDn: cn=admin,dc=example,dc=com
binPwd: admin
baseDn: dc=example,dc=com
roleBaseDn: ou=AppRoles,dc=example,dc=com
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocFront:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-front:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocWorkspace:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-workspace:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocShared:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-shared:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocWorkflow:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-workflow:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocCatalog:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-catalog:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocPeer:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-peer:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocDatacenter:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-datacenter:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocSchedulerd:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-schedulerd:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
ocScheduler:
enabled: true
enableTraefikProxyIntegration: true
image: registry-opencloud.pf.irt-saintexupery.com/oc-scheduler:0.0.1
resources:
limits:
cpu: 128m
memory: 256Mi
requests:
cpu: 128m
memory: 256Mi
replicas: 1
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
docker-registry-ui:
enabled: true
ui:
title: "opencloud docker registry"
proxy: true
dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000"
registry:
secretName: regcred
enabled: true
dataVolume:
persistentVolumeClaim:
claimName: docker-registry-pvc
persistence:
accessMode: ReadWriteOnce
storage: 5000Mi
storageClassName: longhorn-nor1