forked from opencloud-eu/helm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalues.yaml
513 lines (480 loc) · 13.4 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
# OpenCloud Helm Chart Values
# This is a YAML-formatted file with configuration values for the OpenCloud Helm chart.
# The file is organized into logical sections for different components of the system.
# =====================================================================
# SECURITY WARNING
# =====================================================================
# IMPORTANT: The following default credentials MUST be changed in production environments.
# Using these default values in production is a significant security risk.
#
# Credentials that need to be changed:
# 1. Keycloak Admin: adminUser: admin, adminPassword: admin
# 2. OpenCloud Admin: adminPassword: admin
# 3. PostgreSQL: user: keycloak, password: keycloak
# 4. MinIO: rootUser: opencloud, rootPassword: opencloud-secret-key
# 5. OnlyOffice Secret Keys: secret.inbox/outbox/session.string: B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu
# 6. RabbitMQ: url: amqp://guest:guest@localhost
# =====================================================================
# GLOBAL SETTINGS
# =====================================================================
# Namespace to install the chart into
namespace: ""
# Create the namespace if it doesn't exist
createNamespace: true
# Global settings that apply across components
global:
# Domain settings for various services
domain:
# Main domain for OpenCloud
opencloud: cloud.opencloud.test
# Domain for Keycloak
keycloak: keycloak.opencloud.test
# Domain for MinIO
minio: minio.opencloud.test
# Domain for WOPI server
wopi: wopiserver.opencloud.test
# Domain for OnlyOffice
onlyoffice: onlyoffice.opencloud.test
# Domain for Companion
companion: companion.opencloud.test
# TLS settings for secure connections
tls:
# Enable TLS (set to false when using gateway TLS termination externally)
enabled: false
# Use self-signed certificates. Disable if you don't want to use cert-manager to generate self-signed certs for cilium gateway-api
selfSigned: true
# ACME email for Let's Encrypt
acmeEmail: [email protected]
# ACME CA server
acmeCAServer: https://acme-v02.api.letsencrypt.org/directory
# Global storage settings
storage:
# Storage class for persistent volumes
storageClass: ""
# =====================================================================
# IDENTITY PROVIDER (KEYCLOAK)
# =====================================================================
# Keycloak settings for identity and access management
keycloak:
# Enable Keycloak
enabled: true
# Keycloak image settings
image:
# Keycloak image repository
repository: quay.io/keycloak/keycloak
# Keycloak image tag
tag: "26.1.4"
# Image pull policy
pullPolicy: IfNotPresent
# Internal test Keycloak instance
internal:
# Enable internal test Keycloak (default: true)
enabled: true
# Use external Keycloak
external:
# Enable external Keycloak
enabled: false
# External Keycloak URL
url: ""
# External Keycloak realm
realm: "openCloud"
# External Keycloak client ID
clientId: "web"
# Number of Keycloak replicas
replicas: 1
# Admin user
adminUser: admin
# Admin password
adminPassword: admin
# CORS settings for cross-origin requests
cors:
# Enable CORS
enabled: true
# Allow all origins
allowAllOrigins: true
# Allowed origins (used if allowAllOrigins is false)
origins: []
# Allowed methods
methods: "GET,HEAD,OPTIONS,POST,PUT,DELETE"
# Allowed headers
headers: "Authorization,Content-Type,Accept,Origin,X-Requested-With"
# Exposed headers
exposedHeaders: "Content-Disposition,Content-Length,Content-Type"
# Allow credentials
allowCredentials: true
# Max age
maxAge: 3600
# Token settings
token:
# Access token lifespan in seconds
accessTokenLifespan: 3600
# Resources allocation
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
# Realm name
realm: openCloud
# Persistence configuration
persistence:
enabled: true
# Size of the persistent volume
size: 1Gi
# Storage class
storageClass: ""
# Access mode
accessMode: ReadWriteOnce
# PostgreSQL settings for Keycloak
postgres:
# Enable PostgreSQL
enabled: true
# PostgreSQL image settings
image:
# PostgreSQL image repository
repository: postgres
# PostgreSQL image tag
tag: "alpine"
# Image pull policy
pullPolicy: IfNotPresent
# Database name
database: keycloak
# Database user
user: keycloak
# Database password
password: keycloak
# Resources allocation
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
# Persistence configuration
persistence:
enabled: true
# Size of the persistent volume
size: 1Gi
# Storage class
storageClass: ""
# Access mode
accessMode: ReadWriteOnce
# =====================================================================
# EXTENSIONS
# =====================================================================
# Tika settings for full-text search
tika:
# Enable Tika
enabled: true
# Tika image repository
repository: apache/tika
# Tika image tag
tag: "2.9.2.1-full"
# Image pull policy
pullPolicy: IfNotPresent
# Resources allocation
resources:
requests:
cpu: 100m
memory: 1Gi
limits:
cpu: 1000m
memory: 3Gi
# Web Extensions settings
webExtensions:
# Enable web extensions
enabled: true
# List of extensions to install
extensions:
# Draw.io extension
drawio:
enabled: true
repository: opencloudeu/web-extensions
tag: draw-io-1.0.0
# External Sites extension
externalsites:
enabled: true
repository: opencloudeu/web-extensions
tag: external-sites-1.0.0
# Importer extension
importer:
enabled: true
repository: opencloudeu/web-extensions
tag: importer-1.0.0
# JSON Viewer extension
jsonviewer:
enabled: true
repository: opencloudeu/web-extensions
tag: json-viewer-1.0.0
# Progress Bars extension
progressbars:
enabled: true
repository: opencloudeu/web-extensions
tag: progress-bars-1.0.0
# Unzip extension
unzip:
enabled: true
repository: opencloudeu/web-extensions
tag: unzip-1.0.0
# =====================================================================
# COLLABORATION (ONLYOFFICE)
# =====================================================================
# OnlyOffice settings for document collaboration
onlyoffice:
# Enable OnlyOffice
enabled: true
# OnlyOffice image repository
repository: onlyoffice/documentserver
# OnlyOffice image tag
tag: 8.2.2
# Image pull policy
pullPolicy: IfNotPresent
# WOPI settings
wopi:
# Enable WOPI
enabled: true
# Use unauthorized storage (for self-signed certificates)
useUnauthorizedStorage: true
# Database configuration
db:
# Use existing secret for database password
existingSecret: ""
# Key in the existing secret that contains the password
secretKeyName: "password"
# Persistence configuration
persistence:
# Enable persistence
enabled: true
# Size of the persistent volume
size: 2Gi
# Resources allocation
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 5000m
memory: 10Gi
# Configuration for local.json
config:
# CoAuthoring service settings
coAuthoring:
# SQL database settings
sql:
type: "postgres"
dbHost: "localhost"
dbPort: "5432"
dbName: "onlyoffice"
dbUser: "onlyoffice"
# Token settings
token:
enable:
request:
inbox: true
outbox: true
browser: true
inbox:
header: "Authorization"
outbox:
header: "Authorization"
# Secret settings
secret:
inbox:
string: "Dd0SXIe1k9oCfdffgrfNmA0TK1bb1B1d38OFSb"
outbox:
string: "Dd0SXIe1k9oCfdffgrfNmA0TK1bb1B1d38OFSb"
session:
string: "Dd0SXIe1k9oCfdffgrfNmA0TK1bb1B1d38OFSb"
# RabbitMQ settings
rabbitmq:
url: "amqp://guest:Dd0SXIe1k9osdfjkmA0TK1bb1B1d38OFSb@localhost"
# File converter settings
fileConverter:
converter:
inputLimits:
- type: "docx;dotx;docm;dotm"
zip:
uncompressed: "1GB"
template: "*.xml"
- type: "xlsx;xltx;xlsm;xltm"
zip:
uncompressed: "1GB"
template: "*.xml"
- type: "pptx;ppsx;potx;pptm;ppsm;potm"
zip:
uncompressed: "1GB"
template: "*.xml"
# Collaboration service settings
collaboration:
# Enable collaboration service
enabled: true
# Resources allocation
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 5000m
memory: 10Gi
# =====================================================================
# OPENCLOUD CORE
# =====================================================================
# Image settings for OpenCloud
image:
# OpenCloud image repository
repository: docker.io/opencloudeu/opencloud-rolling
# OpenCloud image tag
tag: "2.1.0"
# Image pull policy
pullPolicy: IfNotPresent
# Image pull secrets
pullSecrets: []
# OpenCloud core settings
opencloud:
# Enable OpenCloud
enabled: true
# JWT secret for collaboration (will be auto-generated if not provided)
jwtSecret: ""
# WOPI secret for collaboration (will be auto-generated if not provided)
wopiSecret: ""
# Number of replicas (Note: When using multiple replicas, persistence should be disabled
# or use a storage class that supports ReadWriteMany access mode)
replicas: 1
# Log level
logLevel: info
# Log color
logColor: false
# Log pretty
logPretty: false
# Insecure mode (for self-signed certificates)
insecure: true
# Enable basic auth (set to false to use Keycloak only)
enableBasicAuth: false
# Admin password
adminPassword: admin
# Create demo users
createDemoUsers: false
# Additional services to start (comma-separated list)
additionalServices: ""
# Services to exclude from starting
excludeServices: "idp"
# Resources allocation
resources:
requests:
cpu: 128m
memory: 128Mi
limits:
memory: 20Gi
# Persistence configuration
persistence:
# Enable persistence
enabled: true
# Size of the persistent volume for data
size: 30Gi
# Size of the persistent volume for config
configSize: 5Gi
# Storage class
storageClass: ""
# Access mode (ReadWriteOnce or ReadWriteMany for multiple replicas)
accessMode: ReadWriteOnce
# Configuration files
config:
# App registry configuration
appRegistry: {}
# CSP configuration
csp: {}
# Banned password list
bannedPasswordList: []
# =====================================================================
# EMAIL (SMTP)
# =====================================================================
# SMTP settings for email notifications
smtp:
# Enable SMTP
enabled: false
# SMTP host
host: ""
# SMTP port
port: "587"
# SMTP sender
sender: ""
# SMTP username
username: ""
# SMTP password
password: ""
# SMTP insecure (allow self-signed certificates)
insecure: "false"
# SMTP authentication method
authentication: "plain"
# SMTP encryption method
encryption: "starttls"
# =====================================================================
# STORAGE CONFIGURATION
# =====================================================================
# Storage configuration
storage:
# S3 storage configuration
s3:
# Internal MinIO instance
internal:
# Enable internal test MinIO instance (default: true)
enabled: true
# Minio Root user
rootUser: opencloud
# Minio Root password
rootPassword: opencloud-secret-key
# Bucket name
bucketName: opencloud-bucket
# Region (optional)
region: "default"
# Resources allocation
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 1000m
memory: 2Gi
# Persistence configuration
persistence:
enabled: true
# Size of the persistent volume
size: 30Gi
# Storage class
storageClass: ""
# Access mode
accessMode: ReadWriteOnce
# External S3 (can be S3, Ceph, or external MinIO)
external:
# Enable external S3
enabled: false
# External S3 endpoint URL
endpoint: ""
# External S3 region
region: "default"
# External S3 access key
accessKey: ""
# External S3 secret key
secretKey: ""
# External S3 bucket
bucket: ""
# Create bucket if it doesn't exist
createBucket: true
# =====================================================================
# GATEWAY (CILIUM, PROXY)
# =====================================================================
# Cilium Gateway API configuration
cilium:
# HTTPRoute configuration
httproute:
# Enable HTTPRoute
enabled: true
# Gateway configuration
gateway:
# Gateway name
name: cilium-gateway
# Gateway namespace (defaults to Release.Namespace)
namespace: "kube-system"