env: {{ .Release.Name }} # For storage class provisioning host: ${HOST:-exemple.com} # For reverse proxy rule registryHost: ${REGISTRY_HOST:-registry.exemple.com} # For reverse proxy rule scheme: https # For reverse proxy rule mongo-express: enabled: ${OC_MONGOEXPRESS_ENABLED:-true} mongodbServer: "{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}" # TO LOOK AFTER mongodbPort: 27017 mongodbEnableAdmin: true mongodbAdminUsername: ${OC_MONGO_ADMIN:-admin} mongodbAdminPassword: ${OC_MONGO_PWD:-admin} siteBaseUrl: /mongoexpress basicAuthUsername: ${OC_MONGOEXPRESS_ADMIN:-admin} basicAuthPassword: ${OC_MONGOEXPRESS_PWD:-admin} mongodb: enabled: false mongodb: enabled: ${OC_MONGO_ENABLED:-true} global: defaultStorageClass: longhorn-nor1 storageClass: longhorn-nor1 architecture: standalone useStatefulSet: false auth: enabled: true rootUser: ${OC_MONGO_ADMIN:-admin} rootPassword: ${OC_MONGO_PWD:-admin} databases: [ ${OC_MONGO_DATABASE:-opencloud} ] usernames: [] passwords: [] resourcesPreset: "small" replicaCount: 1 persistence: enabled: true storageClass: longhorn-nor1 existingClaim: mongo-pvc accessModes: - ReadWriteOnce size: ${OC_MONGO_SIZE:-5000Mi} persistentVolumeClaimRetentionPolicy: enabled: true whenDeleted: Retain whenScaled: Retain arbiter: enabled: false livenessProbe: enabled: true readinessProbe: enabled: true nats: enabled: ${OC_NATS_ENABLED:-true} jetstream: enabled: true fileStore: size: ${OC_NATS_SIZE:-20Mi} storageClassName: longhorn-nor1 openldap: enabled: ${OC_LDAP_ENABLED:-true} test: enabled: false ltb-passwd: enabled: false replicaCount: 1 image: repository: ${OC_LDAP_IMAGE:-osixia/openldap} tls: enabled: false env: LDAP_ORGANISATION: ${OC_LDAP_ORGANISATION:-Opencloud} LDAP_DOMAIN: ${OC_LDAP_DOMAIN:-opencloud.com} LDAP_BACKEND: "mdb" LDAP_TLS: ${OC_LDAP_TLS:-false} LDAP_TLS_ENFORCE: ${OC_LDAP_TLS:-false} LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" adminPassword: ${OC_LDAP_ADMIN_PWD:-admin} configPassword: "${OC_LDAP_CONFIG_PWD:-config}" phpldapadmin: enabled: false persistence: enabled: true accessMode: ReadWriteOnce size: ${OC_LDAP_SIZE:-10Mi} storageClass: longhorn-nor1 replication: enabled: false externalLDAP: enabled: ${OC_LDAP_EXTERNAL:-false} url: ${OC_LDAP_EXTERNAL_ENDPOINT} bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=example,dc=com} bindPassword: ${OC_LDAP_EXTERNAL_PWD:-admin} customLdifFiles: 01-schema.ldif: |- dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: organizationalUnit ou: ${OC_LDAP_GROUPS_OU:-groups} dn: ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: organizationalUnit ou: ${OC_LDAP_USERS_OU:-users} dn: cn=lastGID,${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: device objectClass: top description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group. cn: lastGID serialNumber: 2001 dn: cn=lastUID,${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: device objectClass: top serialNumber: 2001 description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account. cn: lastUID dn: cn=everybody,ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: top objectClass: posixGroup cn: everybody memberUid: admin gidNumber: 2003 02-ldapadmin.ldif : |- dn: cn=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: top objectClass: posixGroup cn: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} memberUid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} gidNumber: 2001 dn: uid=${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin},ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} givenName: ldap sn: admin uid: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} cn: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} mail: ldapadmin@example.com objectClass: person objectClass: inetOrgPerson objectClass: posixAccount userPassword: sai1yeiT uidNumber: 2001 gidNumber: 2001 loginShell: /bin/bash homeDirectory: /home/ldapadmin 03-opencloudadmin.ldif : |- dn: uid=admin,ou=${OC_LDAP_USERS_OU:-users},${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: inetOrgPerson cn: Admin sn: Istrator uid: ${OC_LDAP_ADMIN_USER:-admin} userPassword: ${OC_LDAP_ADMIN_PWD:-admin} mail: admin@example.com ou: ${OC_LDAP_USERS_OU:-users} dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: organizationalunit ou: AppRoles description: AppRoles dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=example,dc=com} objectClass: organizationalunit ou: App1 description: App1 prometheus: enabled: ${OC_PROMETHEUS_ENABLED:-true} server: persistentVolume: enabled: true size: ${OC_PROMETHEUS_SIZE:-5Gi} service: type: ClusterIP resources: limits: cpu: ${OC_PROMETHEUS_LIMITS_CPU:-500m} memory: ${OC_PROMETHEUS_LIMITS_MEMORY:-512Mi} requests: cpu: ${OC_PROMETHEUS_REQUESTS_CPU:-128m} memory: ${OC_PROMETHEUS_REQUESTS_MEMORY:-256Mi} # ldap user manager configuration ldapUserManager: enabled: true env: SERVER_HOSTNAME: ${OC_LDAP_MNGT_HOST:-ldap.exemple.com} LDAP_BASE_DN: ${OC_LDAP_MNGT_DN:-dc=example,dc=com} LDAP_REQUIRE_STARTTLS: ${OC_LDAP_MNGT_REQUIRE_TLS:-false} LDAP_ADMINS_GROUP: ${OC_LDAP_MNGT_ADMIN_GROUP:-ldapadmin} LDAP_ADMIN_BIND_DN: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=example,dc=com} LDAP_ADMIN_BIND_PWD: ${OC_LDAP_MNGT_ADMIN_PWD:-admin} LDAP_IGNORE_CERT_ERRORS: ${OC_LDAP_MNGT_IGNORE_CERTS_ERRORS:-true} EMAIL_DOMAIN: ${OC_LDAP_MNGT_EMAIL_DOMAIN:- } NO_HTTPS: ${OC_LDAP_MNGT_NO_HTTPS:-true} SERVER_PATH: "/users" ORGANISATION_NAME: ${OC_LDAP_ORGANISATION:-Opencloud} LDAP_USER_OU: ${OC_LDAP_USERS_OU:-users} LDAP_GROUP_OU: ${OC_LDAP_GROUPS_OU:-groups} ACCEPT_WEAK_PASSWORDS: "true" resources: limits: cpu: ${OC_FRONT_LIMITS_CPU:-128m} memory: ${OC_FRONT_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_FRONT_REQUESTS_CPU:-128m} memory: ${OC_FRONT_REQUESTS_MEMORY:-256Mi} traefik: enabled: ${OC_TRAEFIK_ENABLED:-true} service: type: NodePort ingressRoute: dashboard: enabled: true matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`) entryPoints: [web] ports: web: nodePort: 30950 hydra: enabled: ${OC_HYDRA_ENABLED:-true} maester: enabled: true secret: enabled: false nameOverride: hydra-secret hashSumEnabled: false hydra: dev: true existingSecret: hydra-secret config: dsn: memory urls: # login: https://localhost-login/authentication/login # consent: https://localhost-consent/consent/consent # logout: https://localhost-logout/authentication/logout self: issuer: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/" keto: enabled: ${OC_KETO_ENABLED:-true} keto: config: serve: read: port: 4466 write: port: 4467 metrics: port: 4468 namespaces: - id: 0 name: open-cloud dsn: memory loki: enabled: ${OC_LOKI_ENABLED:-true} loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: filesystem filesystem: chunks_directory: /var/loki/chunks rules_directory: /var/loki/rules admin_api_directory: /var/loki/admin storage_config: boltdb_shipper: active_index_directory: /var/loki/index filesystem: directory: /var/loki/chunks limits_config: allow_structured_metadata: false schemaConfig: configs: - from: "2020-01-01" store: boltdb-shipper object_store: filesystem schema: v11 index: prefix: index_ period: 24h ingester: chunk_encoding: snappy tracing: enabled: true querier: max_concurrent: 2 deploymentMode: SingleBinary singleBinary: extraVolumes: - name: loki-storage persistentVolumeClaim: claimName: loki-pvc persistence: enabled: false # Deactivate loki auto provisioning, rely on existing PVC accessMode: ReadWriteOnce size: ${OC_LOKI_SIZE:-1Gi} storageClassName: longhorn-nor1 claimName: loki-pvc extraVolumeMounts: - name: loki-storage mountPath: /var/loki replicas: 1 resources: limits: cpu: ${OC_LOKI_LIMITS_CPU:-3} memory: ${OC_LOKI_LIMITS_MEMORY:-4Gi} requests: cpu: ${OC_LOKI_REQUESTS_CPU:-1} memory: ${OC_LOKI_REQUESTS_MEMORY:-0.5Gi} extraEnv: - name: GOMEMLIMIT value: 3750MiB chunksCache: # default is 500MB, with limited memory keep this smaller writebackSizeLimit: 10MB # Enable minio for storage minio: enabled: ${OC_MINIO_ENABLED:-false} # Zero out replica counts of other deployment modes backend: replicas: 0 read: replicas: 0 write: replicas: 0 ingester: replicas: 0 querier: replicas: 0 queryFrontend: replicas: 0 queryScheduler: replicas: 0 distributor: replicas: 0 compactor: replicas: 0 indexGateway: replicas: 0 bloomCompactor: replicas: 0 bloomGateway: replicas: 0 grafana: enabled: ${OC_GRAFANA_ENABLED:-true} adminUser: ${OC_GRAFANA_ADMIN_USER:-admin} adminPassword: ${OC_GRAFANA_ADMIN_PWD:-admin} persistence: enabled: true size: ${OC_GRAFANA_SIZE:-1Gi} service: type: ClusterIP argo-workflows: enabled: ${OC_ARGO_ENABLED:-false} workflow: serviceAccount: create: false name: argo-workflow rbac: create: false # Manual provisioning controller: workflowNamespaces: [] #All of them controller: workflowDefaults: spec: serviceAccountName: argo-workflow ocAuth: enabled: ${OC_AUTH_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_AUTH_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-auth:0.0.1} authType: hydra keto: adminRole: admin hydra: openCloudOauth2ClientSecretName: oc-oauth2-client-secret ldap: bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=example,dc=com} binPwd: ${OC_LDAP_ADMIN_PWD:-admin} baseDn: ${OC_LDAP_MNGT_DN:-dc=example,dc=com} roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=example,dc=com} resources: limits: cpu: ${OC_AUTH_LIMITS_CPU:-128m} memory: ${AUTH_LIMITS_MEMORY:-256Mi} requests: cpu: ${AUTH_REQUESTS_CPU:-128m} memory: ${AUTH_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_AUTH_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_AUTH_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_AUTH_REPLICAS_USAGE:-80} ocFront: enabled: ${OC_FRONT_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_FRONT_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-front:0.0.1} resources: limits: cpu: ${OC_FRONT_LIMITS_CPU:-128m} memory: ${OC_FRONT_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_FRONT_REQUESTS_CPU:-128m} memory: ${OC_FRONT_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_FRONT_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_FRONT_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_FRONT_REPLICAS_USAGE:-80} ocWorkspace: enabled: ${OC_WORKSPACE_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_WORKSPACE_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-workspace:0.0.1} resources: limits: cpu: ${OC_WORKSPACE_LIMITS_CPU:-128m} memory: ${OC_WORKSPACE_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_WORKSPACE_REQUESTS_CPU:-128m} memory: ${OC_WORKSPACE_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_WORKSPACE_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_WORKSPACE_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_WORKSPACE_REPLICAS_USAGE:-80} ocShared: enabled: ${OC_SHARED_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_SHARED_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-shared:0.0.1} resources: limits: cpu: ${OC_SHARED_LIMITS_CPU:-128m} memory: ${OC_SHARED_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_SHARED_REQUESTS_CPU:-128m} memory: ${OC_SHARED_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_SHARED_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_SHARED_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_SHARED_REPLICAS_USAGE:-80} ocWorkflow: enabled: ${OC_WORKFLOW_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_WORKFLOW_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-workflow:0.0.1} resources: limits: cpu: ${OC_WORKFLOW_LIMITS_CPU:-128m} memory: ${WORKFLOW_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_WORKFLOW_REQUESTS_CPU:-128m} memory: ${OC_WORKFLOW_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_WORKFLOW_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_WORKFLOW_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_WORKFLOW_REPLICAS_USAGE:-80} ocCatalog: enabled: ${OC_CATALOG_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_CATALOG_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-catalog:0.0.1} resources: limits: cpu: ${OC_CATALOG_LIMITS_CPU:-128m} memory: ${OC_CATALOG_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_CATALOG_REQUESTS_CPU:-128m} memory: ${OC_CATALOG_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_CATALOG_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_CATALOG_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_CATALOG_REPLICAS_USAGE:-80} ocPeer: enabled: ${OC_PEER_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_PEER_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-peer:0.0.1} resources: limits: cpu: ${OC_PEER_LIMITS_CPU:-128m} memory: ${OC_PEER_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_PEER_REQUESTS_CPU:-128m} memory: ${OC_PEER_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_CATALOG_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_CATALOG_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_CATALOG_REPLICAS_USAGE:-80} ocDatacenter: enabled: ${OC_DATACENTER_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_DATACENTER_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-datacenter:0.0.1} resources: limits: cpu: ${OC_DATACENTER_LIMITS_CPU:-128m} memory: ${OC_DATACENTER_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_DATACENTER_REQUESTS_CPU:-128m} memory: ${OC_DATACENTER_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_DATACENTER_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_DATACENTER_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_DATACENTER_REPLICAS_USAGE:-80} ocSchedulerd: enabled: ${OC_SCHEDULERD_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_SCHEDULERD_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-schedulerd:0.0.1} resources: limits: cpu: ${OC_SCHEDULERD_LIMITS_CPU:-128m} memory: ${SCHEDULERD_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_SCHEDULERD_REQUESTS_CPU:-128m} memory: ${OC_SCHEDULERD_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_SCHEDULERD_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_SCHEDULERD_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_SCHEDULERD_REPLICAS_USAGE:-80} ocScheduler: enabled: ${OC_SCHEDULER_ENABLED:-true} enableTraefikProxyIntegration: true image: ${OC_SCHEDULER_IMAGE:-registry-opencloud.pf.irt-saintexupery.com/oc-scheduler:0.0.1} resources: limits: cpu: ${OC_SCHEDULER_LIMITS_CPU:-128m} memory: ${OC_SCHEDULER_LIMITS_MEMORY:-256Mi} requests: cpu: ${OC_SCHEDULER_REQUESTS_CPU:-128m} memory: ${OC_SCHEDULER_REQUESTS_MEMORY:-256Mi} replicas: 1 hpa: enabled: ${OC_SCHEDULER_REPLICAS_ENABLED:-true} minReplicas: 1 maxReplicas: ${OC_SCHEDULER_REPLICAS_MAX:-5} targetCPUUtilizationPercentage: ${OC_SCHEDULER_REPLICAS_USAGE:-80} docker-registry-ui: enabled: true ui: title: "opencloud docker registry" proxy: true dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000" registry: secretName: regcred enabled: true dataVolume: persistentVolumeClaim: claimName: docker-registry-pvc persistence: accessMode: ReadWriteOnce storage: 5000Mi storageClassName: longhorn-nor1