b91c35c410
- Add gitops/observability umbrella chart with vendored Helm deps - Grafana Ingress: Traefik, letsencrypt-prod, grafana.k8s.selair.it + root_url - Argo Application: spec.sources (onelab + onelab-obs) - OneLab: configuration secret override, compliance/LDAP values, logs.path /logs - Docs: OBSERVABILITY, BOOTSTRAP, README, instance-overrides example Made-with: Cursor
237 lines
5.2 KiB
YAML
237 lines
5.2 KiB
YAML
# Default values for onelab — override per environment (see gitops/values/).
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
# If non-empty, workloads mount this Secret instead of chart-generated onelab-configurations.
|
|
# Secret must contain key `configurations.yml`. Chart will NOT create onelab-configurations.
|
|
configuration:
|
|
existingSecretName: ""
|
|
|
|
images:
|
|
registry: hub.andrewalliance.com/releases
|
|
tag: "1.27.0"
|
|
nginx: nginx
|
|
nginxTag: "1.29.5-alpine"
|
|
postgres: postgres
|
|
postgresTag: "17.8"
|
|
redis: redis
|
|
redisTag: "7.4.7-alpine"
|
|
rabbitmq: rabbitmq
|
|
rabbitmqTag: "3.13.7"
|
|
|
|
imagePullSecrets: []
|
|
# - name: hub-andrewalliance
|
|
|
|
# Same defaults as app/playbooks/tasks/manage-images.yml (docker login before pull).
|
|
registry:
|
|
createPullSecret: false
|
|
pullSecretName: hub-andrewalliance
|
|
server: hub.andrewalliance.com
|
|
username: public
|
|
password: Andrew01..Release
|
|
|
|
# hostPath: matches typical single-node Swarm-style install (shared /data and /logs).
|
|
# Use persistence.mode: pvc + a ReadWriteMany class for multi-node shared storage.
|
|
persistence:
|
|
mode: hostPath
|
|
storageClass: ""
|
|
hostPath:
|
|
data: /opt/onelab/data
|
|
logs: /opt/onelab/logs
|
|
postgres:
|
|
size: 20Gi
|
|
rabbitmq:
|
|
size: 5Gi
|
|
|
|
postgresql:
|
|
auth:
|
|
password: "DBPasswordPlaceholder"
|
|
resources: {}
|
|
|
|
redis:
|
|
resources: {}
|
|
|
|
rabbitmq:
|
|
resources: {}
|
|
# TLS: create Secret `onelab-rabbit-tls` in the release namespace (see README), or set embed: true.
|
|
tls:
|
|
secretName: onelab-rabbit-tls
|
|
embed: false
|
|
crt: ""
|
|
key: ""
|
|
fullchain: ""
|
|
|
|
syncWaves:
|
|
registry: "-5"
|
|
postgres: "-3"
|
|
statefulDeps: "-2"
|
|
apps: "0"
|
|
|
|
onelab:
|
|
domain: "https://localhost"
|
|
mailer:
|
|
noreply: "no-reply@andrewalliance.com"
|
|
secrets:
|
|
authTokenKey: "TokenAuthPlaceholder"
|
|
monitoringToken: "TokenMonitoringPlaceholder"
|
|
rabbitToken: "TokenRabbitPlaceholder"
|
|
# Mirrors app/configurations.yml params.compliance (enable without editing app/).
|
|
compliance:
|
|
enabled: false
|
|
requireElectronicSignature: true
|
|
executionOperatorRestrictionPolicy: "reviewed"
|
|
executionAdminExpertRestrictionPolicy: "reviewed"
|
|
preventCsvImport: true
|
|
preventManualMetadataEdit: true
|
|
deviceRestart: true
|
|
# Set enabled: true to turn on LDAP in configurations.yml and deploy ldap-worker (or use features.ldapWorker).
|
|
ldap:
|
|
enabled: false
|
|
timeout: ""
|
|
encryption: ""
|
|
policy: ""
|
|
tlsCaPath: ""
|
|
tlsCertPath: ""
|
|
tlsKeyPath: ""
|
|
tlsCiphers: ""
|
|
tlsSslVersion: ""
|
|
intercom:
|
|
appid: "zxvgsagz"
|
|
secret: "QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu"
|
|
|
|
features:
|
|
# Deprecated for LDAP: prefer onelab.ldap.enabled (either enables ldap-worker + ldap.enabled in config).
|
|
ldapWorker: false
|
|
mailerWorker: false
|
|
|
|
website:
|
|
ssr: true
|
|
|
|
revproxy:
|
|
serviceType: NodePort
|
|
nodePort: 30080
|
|
ipv6Listen: true
|
|
|
|
# HTTP routing to internal nginx (revproxy). On k3s, set className: traefik (default controller).
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
host: onelab.local
|
|
path: /
|
|
pathType: Prefix
|
|
annotations: {}
|
|
tls: false
|
|
tlsSecretName: ""
|
|
certManager:
|
|
# When set, adds cert-manager.io/cluster-issuer annotation (TLS secret is created automatically).
|
|
clusterIssuer: ""
|
|
|
|
# Replica counts (api.apidevice etc. override defaults in templates/workloads.yaml via this map)
|
|
replicas:
|
|
api: 2
|
|
apidevice: 1
|
|
apirabbit: 1
|
|
devices: 1
|
|
experiments: 1
|
|
images: 1
|
|
manual: 1
|
|
ws: 1
|
|
ldap: 1
|
|
mailer: 1
|
|
|
|
resources: {}
|
|
|
|
workloads:
|
|
- name: supervisor
|
|
image: onelab-supervisor-worker
|
|
replicas: 1
|
|
port: 0
|
|
config: true
|
|
mounts: [logs, data]
|
|
- name: file-worker
|
|
image: onelab-file-worker
|
|
replicas: 1
|
|
port: 0
|
|
config: true
|
|
mounts: [logs, data, shared]
|
|
- name: api
|
|
image: onelab-api
|
|
replicaKey: api
|
|
port: 3000
|
|
config: true
|
|
mounts: [logs, data]
|
|
- name: api-device
|
|
image: onelab-api-device
|
|
replicaKey: apidevice
|
|
port: 3000
|
|
config: true
|
|
mounts: [logs, data]
|
|
- name: api-rabbit
|
|
image: onelab-api-rabbit
|
|
replicaKey: apirabbit
|
|
port: 3000
|
|
config: true
|
|
mounts: [logs, data]
|
|
- name: devices-worker
|
|
image: onelab-devices-worker
|
|
replicaKey: devices
|
|
port: 0
|
|
config: true
|
|
mounts: [logs, data]
|
|
- name: experiments-worker
|
|
image: onelab-experiments-worker
|
|
replicaKey: experiments
|
|
port: 0
|
|
config: true
|
|
mounts: [logs]
|
|
- name: images-worker
|
|
image: onelab-images-worker
|
|
replicaKey: images
|
|
port: 0
|
|
config: true
|
|
mounts: [logs, data]
|
|
- name: manual-worker
|
|
image: onelab-manual-worker
|
|
replicaKey: manual
|
|
port: 0
|
|
config: true
|
|
mounts: [logs]
|
|
- name: websocket-worker
|
|
image: onelab-websocket-worker
|
|
replicaKey: ws
|
|
port: 3030
|
|
config: true
|
|
mounts: [logs]
|
|
- name: static
|
|
image: onelab-static
|
|
replicas: 1
|
|
port: 80
|
|
config: false
|
|
mounts: []
|
|
- name: main
|
|
image: onelab-main
|
|
replicas: 1
|
|
port: 80
|
|
config: false
|
|
mounts: []
|
|
- name: designer
|
|
image: onelab-designer
|
|
replicas: 1
|
|
port: 80
|
|
config: false
|
|
mounts: []
|
|
- name: runner
|
|
image: onelab-runner
|
|
replicas: 1
|
|
port: 80
|
|
config: false
|
|
mounts: []
|
|
- name: website
|
|
image: onelab-website
|
|
replicas: 1
|
|
port: 4000
|
|
config: false
|
|
mounts: []
|
|
website: true
|