env: dev # For storage class provisioning host: beta.opencloud.com # For reverse proxy rule scheme: http # For reverse proxy rule mongo-express: enabled: true mongodbServer: dev-mongodb.dev mongodbPort: 27017 mongodbEnableAdmin: true mongodbAdminUsername: root mongodbAdminPassword: rootpwd siteBaseUrl: /mongoexpress basicAuthUsername: test basicAuthPassword: testme mongodb: enabled: false mongodb: enabled: true global: defaultStorageClass: kind-sc storageClass: kind-sc architecture: standalone useStatefulSet: false auth: enabled: true rootUser: root rootPassword: rootpwd databases: ["DC_myDC"] usernames: ["opencloud"] passwords: ["opencloud"] resourcesPreset: "small" replicaCount: 1 persistence: enabled: true storageClass: kind-sc existingClaim: mongo-pvc accessModes: - ReadWriteOnce size: 100Mi persistentVolumeClaimRetentionPolicy: enabled: true whenDeleted: Retain whenScaled: Retain arbiter: enabled: false livenessProbe: enabled: true readinessProbe: enabled: true nats: enabled: true jetstream: enabled: true fileStore: size: 20Mi storageClassName: kind-sc openldap: enabled: true test: enabled: false ltb-passwd: enabled: false replicaCount: 1 image: repository: osixia/openldap tag: 1.5.0 tls: enabled: false env: LDAP_ORGANISATION: "Example opencloud" LDAP_DOMAIN: "example.com" LDAP_BACKEND: "mdb" LDAP_TLS: "false" LDAP_TLS_ENFORCE: "false" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" adminPassword: "admin@password" configPassword: "config@password" phpldapadmin: enabled: false persistence: enabled: true accessMode: ReadWriteOnce size: 10Mi storageClass: kind-sc replication: enabled: false customLdifFiles: 01-schema.ldif: |- dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit ou: groups dn: ou=users,dc=example,dc=com objectClass: organizationalUnit ou: users dn: cn=lastGID,dc=example,dc=com objectClass: device objectClass: top description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group. cn: lastGID serialNumber: 2001 dn: cn=lastUID,dc=example,dc=com objectClass: device objectClass: top serialNumber: 2001 description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account. cn: lastUID dn: cn=everybody,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup cn: everybody memberUid: admin gidNumber: 2003 02-ldapadmin.ldif : |- dn: cn=ldapadmin,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup cn: ldapadmin memberUid: ldapadmin gidNumber: 2001 dn: uid=ldapadmin,ou=users,dc=example,dc=com givenName: ldap sn: admin uid: ldapadmin cn: ldapadmin mail: ldapadmin@example.com objectClass: person objectClass: inetOrgPerson objectClass: posixAccount userPassword: ldapadmin uidNumber: 2001 gidNumber: 2001 loginShell: /bin/bash homeDirectory: /home/ldapadmin 03-opencloudadmin.ldif : |- dn: cn=admin,ou=groups,dc=example,dc=com objectClass: top objectClass: posixGroup cn: admin memberUid: admin gidNumber: 2002 dn: uid=admin,ou=users,dc=example,dc=com givenName: John sn: Doe uid: admin mail: john.doe@example.com cn: JohnDoe objectClass: person objectClass: inetOrgPerson objectClass: posixAccount userPassword:: e0NSWVBUfSQ2JDdTZ0daU1FXJGw1ZWRTTHVDaDV6a0NvUlllZzFLd3MwUHRKQ jJQL09CQWdoc0RkbWhzTXJPcEpCbzR3b01yNWJQcjlubi8udWdzM25LcHlKQmt2eHVJWFM0eUQ1 cnox uidNumber: 2002 gidNumber: 2002 loginShell: /bin/bash homeDirectory: /home/admin # ldap user manager configuration ldapUserManager: enabled: true env: SERVER_HOSTNAME: "users.example.com" LDAP_BASE_DN: "dc=example,dc=com" LDAP_REQUIRE_STARTTLS: "false" LDAP_ADMINS_GROUP: "ldapadmin" LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com" LDAP_ADMIN_BIND_PWD: "admin@password" LDAP_IGNORE_CERT_ERRORS: "true" EMAIL_DOMAIN: "" NO_HTTPS: "true" SERVER_PATH: "/users" ORGANISATION_NAME: "Example" LDAP_USER_OU: "users" LDAP_GROUP_OU: "groups" ACCEPT_WEAK_PASSWORDS: "true" resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" traefik: enabled: true service: type: NodePort ingressRoute: dashboard: enabled: true matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`) entryPoints: [web] ports: web: nodePort: 30950 hydra: enabled: true maester: enabled: true hydra: dev: true config: dsn: memory urls: login: http://localhost/authentication/login consent: http://localhost/consent/consent logout: http://localhost/authentication/logout self: issuer: http://localhost/idp keto: enabled: true keto: config: serve: read: port: 4466 write: port: 4467 metrics: port: 4468 namespaces: - id: 0 name: open-cloud dsn: memory ocAuth: enabled: true image: oc/oc-auth:0.0.1 authType: hydra keto: adminRole: admin hydra: openCloudOauth2ClientSecretName: oc-auth-got-secret ldap: bindDn: "cn=admin,dc=example,dc=com" binPwd: "admin@password" baseDn: "dc=example,dc=com" roleBaseDn: "ou=AppRoles,dc=example,dc=com" resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocFront: enabled: true image: oc/oc-front:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocWorkspace: enabled: true image: oc/oc-workspace:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocShared: enabled: true image: oc/oc-shared:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" ocWorkflow: enabled: true image: oc/oc-workflow:0.0.1 resources: limits: cpu: "128m" memory: "256Mi" requests: cpu: "128m" memory: "256Mi" loki: enabled: false grafana: enabled: false