OneLab Kubernetes GitOps (Argo CD)

- Helm charts: onelab app + observability (Loki/Promtail/Grafana) - Values under gitops/values/ with public-safe placeholders - Argo CD Application (spec.sources, 2.6+) Made-with: Cursor
2026-03-20 12:27:45 +01:00
commit 68f9745c06
44 changed files with 2466 additions and 0 deletions
--- a/gitops/values/instance-overrides.example.yaml
+++ b/gitops/values/instance-overrides.example.yaml
@@ -0,0 +1,38 @@
+# Copy to a private file (e.g. gitops/values/overrides.local.yaml, gitignored) or merge into gitops/values/env-example.yaml.
+#
+# Argo CD: under spec.sources, for the source with path gitops/charts/onelab, add another path to helm.valueFiles
+# (paths are relative to that chart directory), e.g.:
+#   - ../../values/env-example.yaml
+#   - ../../values/secrets.local.yaml
+#   - ../../values/overrides.local.yaml
+
+onelab:
+  compliance:
+    enabled: true
+    # Optional tweaks (defaults match chart values.yaml):
+    # requireElectronicSignature: true
+    # executionOperatorRestrictionPolicy: "reviewed"
+    # executionAdminExpertRestrictionPolicy: "reviewed"
+    # preventCsvImport: true
+    # preventManualMetadataEdit: true
+    # deviceRestart: true
+
+  ldap:
+    enabled: true
+    # timeout: 30
+    # encryption: "start_tls"
+    # policy: "your-policy"
+    # verifyCertificates: true
+    # Paths inside the ldap-worker container (mount certs via extraVolumes if needed):
+    # tlsCaPath: "/ldap/ca.crt"
+    # tlsCertPath: "/ldap/client.crt"
+    # tlsKeyPath: "/ldap/client.key"
+    # tlsCiphers: ""
+    # tlsSslVersion: ""
+
+# Alternative: supply the full YAML yourself (bypasses chart templates in configurations.gotmpl for those keys).
+# 1. kubectl create secret generic onelab-configurations-custom -n onelab \
+#      --from-file=configurations.yml=./my-configurations.yml
+# 2. Set in values:
+# configuration:
+#   existingSecretName: onelab-configurations-custom