OneLab Kubernetes GitOps (Argo CD)

- Helm charts: onelab app + observability (Loki/Promtail/Grafana) - Values under gitops/values/ with public-safe placeholders - Argo CD Application (spec.sources, 2.6+) Made-with: Cursor
2026-03-20 12:27:45 +01:00
commit 68f9745c06
44 changed files with 2466 additions and 0 deletions
--- a/gitops/charts/onelab/files/configurations.gotmpl
+++ b/gitops/charts/onelab/files/configurations.gotmpl
@@ -0,0 +1,133 @@
+---
+onelab:
+  domain: {{ .Values.onelab.domain | quote }}
+  logs:
+    path: "/logs"
+    level: info
+  assets:
+    purge: 1d
+  shared:
+    inputs:
+      path: "./data/shared/inputs"
+      archive_path: "./data/shared/archived"
+  security:
+    cors: '*'
+    auth:
+      token:
+        expiration: 5m
+        key: {{ .Values.onelab.secrets.authTokenKey | quote }}
+      password:
+        expiration: 90d
+        min_length: 8
+        prevent_reuse: 5
+      allow_list: []
+      block_list: []
+      authentifier: "email"
+    ratelimit:
+      ip:
+        max: 1000
+        duration: 1d
+      auth:
+        max: 5
+        duration: 5m
+        delay_after: 2
+        delay_ms: 1000
+    devices:
+        cors: '*'
+    monitoring:
+        token: {{ .Values.onelab.secrets.monitoringToken | quote }}
+  params:
+    session:
+      idle: 45m
+      remember_me: true
+    lab:
+      creation_policy: many
+{{- if .Values.onelab.compliance.enabled }}
+    compliance:
+      require_electronic_signature: {{ .Values.onelab.compliance.requireElectronicSignature }}
+      execution_operator_restriction_policy: {{ .Values.onelab.compliance.executionOperatorRestrictionPolicy | quote }}
+      execution_admin_expert_restriction_policy: {{ .Values.onelab.compliance.executionAdminExpertRestrictionPolicy | quote }}
+      prevent_csv_import: {{ .Values.onelab.compliance.preventCsvImport }}
+      prevent_manual_metadata_edit: {{ .Values.onelab.compliance.preventManualMetadataEdit }}
+      device_restart: {{ .Values.onelab.compliance.deviceRestart }}
+{{- end }}
+    signup: false
+{{- if .Values.onelab.intercom.appid }}
+    intercom:
+      appid: {{ .Values.onelab.intercom.appid | quote }}
+      secret: {{ .Values.onelab.intercom.secret | quote }}
+{{- end }}
+  mailer:
+    noreply: {{ .Values.onelab.mailer.noreply | quote }}
+    queue:
+      scheduling: 15
+      maxsize: 50
+    error:
+      maxtries: 3
+      timeout: 60
+  ldap:
+    enabled: {{ if or .Values.onelab.ldap.enabled .Values.features.ldapWorker }}true{{ else }}false{{ end }}
+{{- if or .Values.onelab.ldap.enabled .Values.features.ldapWorker }}
+    {{- if .Values.onelab.ldap.timeout }}
+    timeout: {{ .Values.onelab.ldap.timeout | int }}
+    {{- end }}
+    {{- if .Values.onelab.ldap.encryption }}
+    encryption: {{ .Values.onelab.ldap.encryption | quote }}
+    {{- end }}
+    {{- if .Values.onelab.ldap.policy }}
+    policy: {{ .Values.onelab.ldap.policy | quote }}
+    {{- end }}
+    {{- if kindIs "bool" .Values.onelab.ldap.verifyCertificates }}
+    verify_certificates: {{ .Values.onelab.ldap.verifyCertificates }}
+    {{- end }}
+    {{- if or .Values.onelab.ldap.tlsCaPath .Values.onelab.ldap.tlsCertPath .Values.onelab.ldap.tlsKeyPath .Values.onelab.ldap.tlsCiphers .Values.onelab.ldap.tlsSslVersion }}
+    tls:
+      {{- if .Values.onelab.ldap.tlsCaPath }}
+      ca: {{ .Values.onelab.ldap.tlsCaPath | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsCertPath }}
+      cert: {{ .Values.onelab.ldap.tlsCertPath | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsKeyPath }}
+      key: {{ .Values.onelab.ldap.tlsKeyPath | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsCiphers }}
+      ciphers: {{ .Values.onelab.ldap.tlsCiphers | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsSslVersion }}
+      ssl_version: {{ .Values.onelab.ldap.tlsSslVersion | quote }}
+      {{- end }}
+    {{- end }}
+{{- end }}
+  services:
+    db:
+      host: db
+      database: postgres
+      username: postgres
+      password: {{ .Values.postgresql.auth.password | quote }}
+      schema: onelab
+    redis:
+      host: redis
+      port: "6379"
+    rabbit:
+      url: rabbitmq
+      port: 5671
+      token: {{ .Values.onelab.secrets.rabbitToken | quote }}
+    api:
+      replicas: {{ .Values.replicas.api }}
+    apidevice:
+      replicas: {{ .Values.replicas.apidevice }}
+    apirabbit:
+      replicas: {{ .Values.replicas.apirabbit }}
+    devices:
+      replicas: {{ .Values.replicas.devices }}
+    experiments:
+      replicas: {{ .Values.replicas.experiments }}
+    images:
+      replicas: {{ .Values.replicas.images }}
+    manual:
+      replicas: {{ .Values.replicas.manual }}
+    website:
+      ssr: {{ .Values.website.ssr }}
+    ws:
+      replicas: {{ .Values.replicas.ws }}