plm/oc-k8s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1ef92e5975
oc-k8s/opencloud/prod-values.yaml

521 lines
11 KiB
YAML
Raw Normal View History

Fixing stuff for production deployment
2025-02-24 10:00:06 +01:00
env: prod # For storage class provisioning
host: opencloud.pf.irt-saintexupery.com # For reverse proxy rule
registryHost: registry-opencloud.pf.irt-saintexupery.com # For reverse proxy rule
scheme: https # For reverse proxy rule
mongo-express:
enabled: true
mongodbServer: prod-mongodb.prod
mongodbPort: 27017
mongodbEnableAdmin: true
mongodbAdminUsername: mongroot
mongodbAdminPassword: AaRahr9E
siteBaseUrl: /mongoexpress
basicAuthUsername: mongobserver
basicAuthPassword: ieSei4du
mongodb:
enabled: false
mongodb:
enabled: true
global:
defaultStorageClass: longhorn-nor1
storageClass: longhorn-nor1
architecture: standalone
useStatefulSet: false
auth:
enabled: true
rootUser: mongroot
rootPassword: AaRahr9E
databases: ["DC_myDC"]
usernames: ["opencloud"]
passwords: ["Sudoko5o"]
resourcesPreset: "small"
replicaCount: 1
persistence:
enabled: true
storageClass: longhorn-nor1
existingClaim: mongo-pvc
accessModes:
- ReadWriteOnce
size: 5000Mi
persistentVolumeClaimRetentionPolicy:
enabled: true
whenDeleted: Retain
whenScaled: Retain
arbiter:
enabled: false
livenessProbe:
enabled: true
readinessProbe:
enabled: true
nats:
enabled: true
jetstream:
enabled: true
fileStore:
size: 20Mi
storageClassName: longhorn-nor1
openldap:
enabled: true
test:
enabled: false
ltb-passwd:
enabled: false
replicaCount: 1
image:
repository: osixia/openldap
tag: 1.5.0
tls:
enabled: false
env:
LDAP_ORGANISATION: "Demo opencloud"
LDAP_DOMAIN: "example.com"
LDAP_BACKEND: "mdb"
LDAP_TLS: "false"
LDAP_TLS_ENFORCE: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: "ohwaiQu3"
configPassword: "oR5jiv3e"
phpldapadmin:
enabled: false
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Mi
storageClass: longhorn-nor1
replication:
enabled: false
customLdifFiles:
01-schema.ldif: |-
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
ou: users
dn: cn=lastGID,dc=example,dc=com
objectClass: device
objectClass: top
description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
cn: lastGID
serialNumber: 2001
dn: cn=lastUID,dc=example,dc=com
objectClass: device
objectClass: top
serialNumber: 2001
description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
cn: lastUID
dn: cn=everybody,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: everybody
memberUid: admin
gidNumber: 2003
02-ldapadmin.ldif : |-
dn: cn=ldapadmin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: ldapadmin
memberUid: ldapadmin
gidNumber: 2001
dn: uid=ldapadmin,ou=users,dc=example,dc=com
givenName: ldap
sn: admin
uid: ldapadmin
cn: ldapadmin
mail: ldapadmin@example.com
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword: sai1yeiT
uidNumber: 2001
gidNumber: 2001
loginShell: /bin/bash
homeDirectory: /home/ldapadmin
03-opencloudadmin.ldif : |-
dn: cn=admin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: admin
memberUid: admin
gidNumber: 2002
dn: uid=admin,ou=users,dc=example,dc=com
givenName: John
sn: Doe
uid: admin
mail: john.doe@example.com
cn: JohnDoe
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword: diiVei8y
uidNumber: 2002
gidNumber: 2002
loginShell: /bin/bash
homeDirectory: /home/admin
# ldap user manager configuration
ldapUserManager:
enabled: true
env:
SERVER_HOSTNAME: "opencloud.pf.irt-saintexupery.com"
LDAP_BASE_DN: "dc=example,dc=com"
LDAP_REQUIRE_STARTTLS: "false"
LDAP_ADMINS_GROUP: "ldapadmin"
LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com"
LDAP_ADMIN_BIND_PWD: "ohwaiQu3"
LDAP_IGNORE_CERT_ERRORS: "true"
EMAIL_DOMAIN: ""
NO_HTTPS: "true"
SERVER_PATH: "/users"
ORGANISATION_NAME: "Demo"
LDAP_USER_OU: "users"
LDAP_GROUP_OU: "groups"
ACCEPT_WEAK_PASSWORDS: "true"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
traefik:
enabled: false
service:
type: NodePort
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
entryPoints: [web]
ports:
web:
nodePort: 30950
hydra:
enabled: true
maester:
enabled: true
secret:
enabled: false
nameOverride: hydra-secret
hashSumEnabled: false
hydra:
dev: true
existingSecret: hydra-secret
config:
dsn: memory
urls:
login: https://localhost-login/authentication/login
consent: https://localhost-consent/consent/consent
logout: https://localhost-logout/authentication/logout
self:
issuer: http://prod-hydra-public:4444/
keto:
enabled: true
keto:
config:
serve:
read:
port: 4466
write:
port: 4467
metrics:
port: 4468
namespaces:
- id: 0
name: open-cloud
dsn: memory
loki:
enabled: true
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
admin_api_directory: /var/loki/admin
storage_config:
boltdb_shipper:
active_index_directory: /var/loki/index
filesystem:
directory: /var/loki/chunks
limits_config:
allow_structured_metadata: false
schemaConfig:
configs:
- from: "2020-01-01"
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
ingester:
chunk_encoding: snappy
tracing:
enabled: true
querier:
max_concurrent: 2
deploymentMode: SingleBinary
singleBinary:
extraVolumes:
- name: loki-storage
persistentVolumeClaim:
claimName: loki-pvc
persistence:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: 1Gi
storageClassName: longhorn-nor1
claimName: loki-pvc
extraVolumeMounts:
- name: loki-storage
mountPath: /var/loki
replicas: 1
resources:
limits:
cpu: 3
memory: 4Gi
requests:
cpu: 1
memory: 0.5Gi
extraEnv:
- name: GOMEMLIMIT
value: 3750MiB
chunksCache:
# default is 500MB, with limited memory keep this smaller
writebackSizeLimit: 10MB
# Enable minio for storage
minio:
enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0
grafana:
enabled: false
argo-workflows:
enabled: true
workflow:
serviceAccount:
create: false
name: argo-workflow
rbac:
create: false # Manual provisioning
controller:
workflowNamespaces: [] #All of them
controller:
workflowDefaults:
spec:
serviceAccountName: argo-workflow
ocAuth:
enabled: true
enableTraefikProxyIntegration: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-auth:0.0.1"
authType: hydra
keto:
adminRole: admin
hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret
ldap:
bindDn: "cn=admin,dc=example,dc=com"
binPwd: "ohwaiQu3"
baseDn: "dc=example,dc=com"
roleBaseDn: "ou=AppRoles,dc=example,dc=com"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocFront:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-front:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocWorkspace:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-workspace:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocShared:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-shared:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocWorkflow:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-workflow:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocCatalog:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-catalog:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocPeer:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-peer:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocDatacenter:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-datacenter:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocSchedulerd:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-schedulerd:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocDiscovery:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-discovery:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocScheduler:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-scheduler:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
ocAggregator:
enabled: true
image: "registry-opencloud.pf.irt-saintexupery.com/oc-aggregator:0.0.1"
resources:
limits:
cpu: "128m"
memory: "256Mi"
requests:
cpu: "128m"
memory: "256Mi"
docker-registry-ui:
enabled: true
ui:
title: "opencloud docker registry"
proxy: true
dockerRegistryUrl: "http://prod-docker-registry-ui-registry-server.prod.svc.cluster.local:5000"
registry:
secretName: regcred
enabled: true
dataVolume:
persistentVolumeClaim:
claimName: docker-registry-pvc
persistence:
accessMode: ReadWriteOnce
storage: 5000Mi
storageClassName: longhorn-nor1
Reference in New Issue Copy Permalink