gitops: observability stack (Loki/Promtail/Grafana), Grafana Ingress, Argo multi-source

- Add gitops/observability umbrella chart with vendored Helm deps
- Grafana Ingress: Traefik, letsencrypt-prod, grafana.k8s.selair.it + root_url
- Argo Application: spec.sources (onelab + onelab-obs)
- OneLab: configuration secret override, compliance/LDAP values, logs.path /logs
- Docs: OBSERVABILITY, BOOTSTRAP, README, instance-overrides example

Made-with: Cursor

gitops/charts/onelab/files/configurations.gotmpl

@@ -2,6 +2,7 @@
 onelab:
   domain: {{ .Values.onelab.domain | quote }}
   logs:
+    path: "/logs"
     level: info
   assets:
     purge: 1d
@@ -41,6 +42,15 @@ onelab:
       remember_me: true
     lab:
       creation_policy: many
+{{- if .Values.onelab.compliance.enabled }}
+    compliance:
+      require_electronic_signature: {{ .Values.onelab.compliance.requireElectronicSignature }}
+      execution_operator_restriction_policy: {{ .Values.onelab.compliance.executionOperatorRestrictionPolicy | quote }}
+      execution_admin_expert_restriction_policy: {{ .Values.onelab.compliance.executionAdminExpertRestrictionPolicy | quote }}
+      prevent_csv_import: {{ .Values.onelab.compliance.preventCsvImport }}
+      prevent_manual_metadata_edit: {{ .Values.onelab.compliance.preventManualMetadataEdit }}
+      device_restart: {{ .Values.onelab.compliance.deviceRestart }}
+{{- end }}
     signup: false
 {{- if .Values.onelab.intercom.appid }}
     intercom:
@@ -56,7 +66,39 @@ onelab:
       maxtries: 3
       timeout: 60
   ldap:
-    enabled: {{ .Values.features.ldapWorker }}
+    enabled: {{ if or .Values.onelab.ldap.enabled .Values.features.ldapWorker }}true{{ else }}false{{ end }}
+{{- if or .Values.onelab.ldap.enabled .Values.features.ldapWorker }}
+    {{- if .Values.onelab.ldap.timeout }}
+    timeout: {{ .Values.onelab.ldap.timeout | int }}
+    {{- end }}
+    {{- if .Values.onelab.ldap.encryption }}
+    encryption: {{ .Values.onelab.ldap.encryption | quote }}
+    {{- end }}
+    {{- if .Values.onelab.ldap.policy }}
+    policy: {{ .Values.onelab.ldap.policy | quote }}
+    {{- end }}
+    {{- if kindIs "bool" .Values.onelab.ldap.verifyCertificates }}
+    verify_certificates: {{ .Values.onelab.ldap.verifyCertificates }}
+    {{- end }}
+    {{- if or .Values.onelab.ldap.tlsCaPath .Values.onelab.ldap.tlsCertPath .Values.onelab.ldap.tlsKeyPath .Values.onelab.ldap.tlsCiphers .Values.onelab.ldap.tlsSslVersion }}
+    tls:
+      {{- if .Values.onelab.ldap.tlsCaPath }}
+      ca: {{ .Values.onelab.ldap.tlsCaPath | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsCertPath }}
+      cert: {{ .Values.onelab.ldap.tlsCertPath | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsKeyPath }}
+      key: {{ .Values.onelab.ldap.tlsKeyPath | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsCiphers }}
+      ciphers: {{ .Values.onelab.ldap.tlsCiphers | quote }}
+      {{- end }}
+      {{- if .Values.onelab.ldap.tlsSslVersion }}
+      ssl_version: {{ .Values.onelab.ldap.tlsSslVersion | quote }}
+      {{- end }}
+    {{- end }}
+{{- end }}
   services:
     db:
       host: db