oc-k8s/opencloud/dev-values.yaml

env: dev # For storage class provisioning
host: localhost # For reverse proxy rule

mongo-express:
  enabled: true
  mongodbServer: dev-mongodb.dev
  mongodbPort: 27017
  mongodbEnableAdmin: true
  mongodbAdminUsername: root
  mongodbAdminPassword: rootpwd
  siteBaseUrl: /mongoexpress
  basicAuthUsername: test
  basicAuthPassword: testme
  mongodb:
    enabled: false

mongodb:
  enabled: true
  global:
    defaultStorageClass: kind-sc
    storageClass: kind-sc
  architecture: standalone
  useStatefulSet: false
  auth:
    rootUser: root
    rootPassword: rootpwd
    usernames: []
    passwords: []
  resourcesPreset: "small"
  replicaCount: 1
  persistence:
    enabled: true
    storageClass: kind-sc
    existingClaim: mongo-pvc
    accessModes: 
    - ReadWriteOnce
    size: 100Mi
  persistentVolumeClaimRetentionPolicy:
    enabled: true
    whenDeleted: Retain
    whenScaled: Retain
  arbiter:
    enabled: false
  livenessProbe:
    enabled: true
  readinessProbe:
    enabled: true

nats:
  enabled: true
  jetstream:
    enabled: true
    fileStore:
      size: 20Mi
      storageClassName: kind-sc


openldap:
  enabled: true
  test:
    enabled: false
  ltb-passwd:
    enabled: false
  replicaCount: 1
  image:
    repository: osixia/openldap
    tag: 1.5.0
  tls:
    enabled: false
  env:
    LDAP_ORGANISATION: "Example opencloud"
    LDAP_DOMAIN: "example.com"
    LDAP_BACKEND: "mdb"
    LDAP_TLS: "false"
    LDAP_TLS_ENFORCE: "false"
    LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
  adminPassword: "admin@password"
  configPassword: "config@password"
  phpldapadmin:
    enabled: false
  persistence:
    enabled: true
    accessMode: ReadWriteOnce
    size: 10Mi
    storageClass: kind-sc
  replication:
    enabled: false
  customLdifFiles:

    01-schema.ldif: |-
      dn: ou=groups,dc=example,dc=com
      objectClass: organizationalUnit
      ou: groups

      dn: ou=users,dc=example,dc=com
      objectClass: organizationalUnit
      ou: users

      dn: cn=lastGID,dc=example,dc=com
      objectClass: device
      objectClass: top
      description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
      cn: lastGID
      serialNumber: 2001

      dn: cn=lastUID,dc=example,dc=com
      objectClass: device
      objectClass: top
      serialNumber: 2001
      description: Records the last UID used to create a Posix account. This prevents the re-use of a UID from a deleted account.
      cn: lastUID      

    02-ldapadmin.ldif : |-
      dn: cn=ldapadmin,ou=groups,dc=example,dc=com
      objectClass: top
      objectClass: posixGroup
      cn: ldapadmin
      memberUid: ldapadmin
      gidNumber: 2001

      dn: uid=ldapadmin,ou=users,dc=example,dc=com
      givenName: ldap
      sn: admin
      uid: ldapadmin
      cn: ldapadmin
      mail: ldapadmin@example.com
      objectClass: person
      objectClass: inetOrgPerson
      objectClass: posixAccount
      userPassword: ldapadmin
      uidNumber: 2001
      gidNumber: 2001
      loginShell: /bin/bash
      homeDirectory: /home/ldapadmin      

# ldap user manager configuration
ldapUserManager:
  enabled: true
  env:
    SERVER_HOSTNAME: "users.example.com"
    LDAP_BASE_DN: "dc=example,dc=com"
    LDAP_REQUIRE_STARTTLS: "false"
    LDAP_ADMINS_GROUP: "ldapadmin"
    LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com"
    LDAP_ADMIN_BIND_PWD: "admin@password"
    LDAP_IGNORE_CERT_ERRORS: "true"
    EMAIL_DOMAIN: ""
    NO_HTTPS: "true"
    SERVER_PATH: "/users"
    ORGANISATION_NAME: "Example"
    LDAP_USER_OU: "users"
    LDAP_GROUP_OU: "groups"
    ACCEPT_WEAK_PASSWORDS: "true"
  resources:
    limits:
      cpu: "128m"
      memory: "256Mi"
    requests:
      cpu: "128m"
      memory: "256Mi"

traefik:
  enabled: true
  service:
    type: NodePort
  ingressRoute:
    dashboard:
      enabled: true
      matchRule: Host(`localhost`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)
      entryPoints: [web]
  ports:
    web:
      nodePort: 30950

hydra:
  enabled: true
  maester:
    enabled: true
  hydra:
    dev: true
    config:
      dsn: memory
      urls:
        login: http://localhost/authentication/login
        consent: http://localhost/consent/consent
        logout: http://localhost/authentication/logout
        self:
          issuer: http://localhost/idp

keto:
  enabled: true

ocAuth:
  enabled: false
  image: oc-auth:latest
  authType: hydra
  hydra:
    adminRole: admin
    openCloudOauth2ClientSecretName: oc-auth-got-secret
  ldap:
    bindDn: "cn=admin,dc=example,dc=com"
    binPwd: "password"
    baseDn: "dc=example,dc=com"
    roleBaseDn: "ou=AppRoles,dc=example,dc=com"
  resources:
    limits:
      cpu: "128m"
      memory: "128Mi"
    requests:
      cpu: "128m"
      memory: "256Mi"