env: dev # For storage class provisioning host: beta.opencloud.com # For reverse proxy rule scheme: http # For reverse proxy rule mongo-express: enabled: true mongodbServer: dev-mongodb.dev mongodbPort: 27017 mongodbEnableAdmin: true mongodbAdminUsername: root mongodbAdminPassword: rootpwd siteBaseUrl: /mongoexpress basicAuthUsername: test basicAuthPassword: testme mongodb: enabled: false mongodb: enabled: true global: defaultStorageClass: kind-sc storageClass: kind-sc architecture: standalone useStatefulSet: false auth: enabled: true rootUser: root rootPassword: rootpwd databases: ["DC_myDC"] usernames: ["opencloud"] passwords: ["opencloud"] resourcesPreset: "small" replicaCount: 1 persistence: enabled: true storageClass: kind-sc existingClaim: mongo-pvc accessModes: - ReadWriteOnce size: 100Mi persistentVolumeClaimRetentionPolicy: enabled: true whenDeleted: Retain whenScaled: Retain arbiter: enabled: false livenessProbe: enabled: true readinessProbe: enabled: true nats: enabled: true jetstream: enabled: true fileStore: size: 20Mi storageClassName: kind-sc openldap: enabled: true test: enabled: false ltb-passwd: enabled: false replicaCount: 1 image: repository: osixia/openldap tag: 1.5.0 tls: enabled: false env: LDAP_ORGANISATION: "Example opencloud" LDAP_DOMAIN: "example.com" LDAP_BACKEND: "mdb" LDAP_TLS: "false" LDAP_TLS_ENFORCE: "false" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" adminPassword: "admin@password" configPassword: "config@password" phpldapadmin: enabled: false persistence: enabled: true accessMode: ReadWriteOnce size: 10Mi storageClass: kind-sc replication: enabled: false customLdifFiles: 01-schema.ldif: |- dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit ou: groups dn: ou=users,dc=example,dc=com objectClass: organizationalUnit ou: users dn: cn=lastGID,dc=example,dc=com objectClass: device objectClass: top description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group. cn: lastGID serialNumber: 2001 dn: cn=lastUID,dc=example,dc=com objectClass: device objectClass: top serialNumber: 2001 description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account. cn: lastUID dn: cn=everybody,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup cn: everybody memberUid: admin gidNumber: 2003 02-ldapadmin.ldif : |- dn: cn=ldapadmin,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup cn: ldapadmin memberUid: ldapadmin gidNumber: 2001 dn: uid=ldapadmin,ou=users,dc=example,dc=com givenName: ldap sn: admin uid: ldapadmin cn: ldapadmin mail: ldapadmin@example.com objectClass: person objectClass: inetOrgPerson objectClass: posixAccount userPassword: ldapadmin uidNumber: 2001 gidNumber: 2001 loginShell: /bin/bash homeDirectory: /home/ldapadmin 03-opencloudadmin.ldif : |- dn: cn=admin,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup cn: admin memberUid: admin gidNumber: 2002 dn: uid=admin,ou=users,dc=example,dc=com givenName: John sn: Doe uid: admin mail: john.doe@example.com cn: JohnDoe objectClass: person objectClass: inetOrgPerson objectClass: posixAccount userPassword:: e0NSWVBUfSQ2JDdTZ0daU1FXJGw1ZWRTTHVDaDV6a0NvUlllZzFLd3MwUHRKQ jJQL09CQWdoc0RkbWhzTXJPcEpCbzR3b01yNWJQcjlubi8udWdzM25LcHlKQmt2eHVJWFM0eUQ1 cnox uidNumber: 2002 gidNumber: 2002 loginShell: /bin/bash homeDirectory: /home/admin # ldap user manager configuration ldapUserManager: enabled: true env: SERVER_HOSTNAME: "users.example.com" LDAP_BASE_DN: "dc=example,dc=com" LDAP_REQUIRE_STARTTLS: "false" LDAP_ADMINS_GROUP: "ldapadmin" LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com" LDAP_ADMIN_BIND_PWD: "admin@password" LDAP_IGNORE_CERT_ERRORS: "true" EMAIL_DOMAIN: "" NO_HTTPS: "true" SERVER_PATH: "/users" ORGANISATION_NAME: "Example" LDAP_USER_OU: "users" LDAP_GROUP_OU: "groups" ACCEPT_WEAK_PASSWORDS: "true" resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" traefik: enabled: true service: type: NodePort ingressRoute: dashboard: enabled: true matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`) entryPoints: [web] ports: web: nodePort: 30950 hydra: enabled: true maester: enabled: true secret: enabled: false nameOverride: hydra-secret hashSumEnabled: false hydra: dev: true existingSecret: hydra-secret config: dsn: memory urls: login: https://localhost-login/authentication/login consent: https://localhost-consent/consent/consent logout: https://localhost-logout/authentication/logout self: issuer: http://dev-hydra-public:4444/ keto: enabled: true keto: config: serve: read: port: 4466 write: port: 4467 metrics: port: 4468 namespaces: - id: 0 name: open-cloud dsn: memory loki: enabled: true loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: filesystem filesystem: chunks_directory: /var/loki/chunks rules_directory: /var/loki/rules admin_api_directory: /var/loki/admin storage_config: boltdb_shipper: active_index_directory: /var/loki/index filesystem: directory: /var/loki/chunks limits_config: allow_structured_metadata: false schemaConfig: configs: - from: "2020-01-01" store: boltdb-shipper object_store: filesystem schema: v11 index: prefix: index_ period: 24h ingester: chunk_encoding: snappy tracing: enabled: true querier: max_concurrent: 2 deploymentMode: SingleBinary singleBinary: extraVolumes: - name: loki-storage persistentVolumeClaim: claimName: loki-pvc persistence: enabled: false # Deactivate loki auto provisioning, rely on existing PVC accessMode: ReadWriteOnce size: 1Gi storageClassName: kind-sc claimName: loki-pvc extraVolumeMounts: - name: loki-storage mountPath: /var/loki replicas: 1 resources: limits: cpu: 3 memory: 4Gi requests: cpu: 1 memory: 0.5Gi extraEnv: - name: GOMEMLIMIT value: 3750MiB chunksCache: # default is 500MB, with limited memory keep this smaller writebackSizeLimit: 10MB # Enable minio for storage minio: enabled: false # Zero out replica counts of other deployment modes backend: replicas: 0 read: replicas: 0 write: replicas: 0 ingester: replicas: 0 querier: replicas: 0 queryFrontend: replicas: 0 queryScheduler: replicas: 0 distributor: replicas: 0 compactor: replicas: 0 indexGateway: replicas: 0 bloomCompactor: replicas: 0 bloomGateway: replicas: 0 grafana: enabled: false argo-workflows: enabled: true workflow: serviceAccount: create: false name: argo-workflow rbac: create: false # Manual provisioning controller: workflowNamespaces: [] #All of them controller: workflowDefaults: spec: serviceAccountName: argo-workflow ocAuth: enabled: true enableTraefikProxyIntegration: true image: oc/oc-auth:0.0.1 authType: hydra keto: adminRole: admin hydra: openCloudOauth2ClientSecretName: oc-oauth2-client-secret ldap: bindDn: "cn=admin,dc=example,dc=com" binPwd: "admin@password" baseDn: "dc=example,dc=com" roleBaseDn: "ou=AppRoles,dc=example,dc=com" resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocFront: enabled: true image: oc/oc-front:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocWorkspace: enabled: true image: oc/oc-workspace:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocShared: enabled: true image: oc/oc-shared:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocWorkflow: enabled: true image: oc/oc-workflow:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocCatalog: enabled: true image: oc/oc-catalog:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocPeer: enabled: true image: oc/oc-peer:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocDatacenter: enabled: true image: oc/oc-datacenter:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocSchedulerd: enabled: true image: oc/oc-schedulerd:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocDiscovery: enabled: true image: oc/oc-discovery:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocScheduler: enabled: true image: oc/oc-scheduler:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocAggregator: enabled: true image: oc/oc-aggregator:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" docker-registry-ui: enabled: true ui: title: "opencloud docker registry" proxy: true dockerRegistryUrl: "http://{{ .Release.Name }}-docker-registry-ui-registry-server.{{ .Release.Namespace }}.svc.cluster.local:5000" registry: secretName: regcred enabled: true dataVolume: persistentVolumeClaim: claimName: docker-registry-pvc persistence: accessMode: ReadWriteOnce storage: 200Mi storageClassName: kind-sc