b91c35c410
- Add gitops/observability umbrella chart with vendored Helm deps - Grafana Ingress: Traefik, letsencrypt-prod, grafana.k8s.selair.it + root_url - Argo Application: spec.sources (onelab + onelab-obs) - OneLab: configuration secret override, compliance/LDAP values, logs.path /logs - Docs: OBSERVABILITY, BOOTSTRAP, README, instance-overrides example Made-with: Cursor
35 lines
1.3 KiB
YAML
35 lines
1.3 KiB
YAML
# Copy to a private file (e.g. gitops/values/private-k3s.yaml, gitignored) or merge into your env values.
|
|
# Reference from Helm: -f ../../values/k3s-example.yaml -f ../../values/private-k3s.yaml
|
|
# Argo CD: add a second entry under helm.valueFiles (paths relative to chart path).
|
|
|
|
onelab:
|
|
compliance:
|
|
enabled: true
|
|
# Optional tweaks (defaults match chart values.yaml):
|
|
# requireElectronicSignature: true
|
|
# executionOperatorRestrictionPolicy: "reviewed"
|
|
# executionAdminExpertRestrictionPolicy: "reviewed"
|
|
# preventCsvImport: true
|
|
# preventManualMetadataEdit: true
|
|
# deviceRestart: true
|
|
|
|
ldap:
|
|
enabled: true
|
|
# timeout: 30
|
|
# encryption: "start_tls"
|
|
# policy: "your-policy"
|
|
# verifyCertificates: true
|
|
# Paths inside the ldap-worker container (mount certs via extraVolumes if needed):
|
|
# tlsCaPath: "/ldap/ca.crt"
|
|
# tlsCertPath: "/ldap/client.crt"
|
|
# tlsKeyPath: "/ldap/client.key"
|
|
# tlsCiphers: ""
|
|
# tlsSslVersion: ""
|
|
|
|
# Alternative: supply the full YAML yourself (no Helm templating of compliance/LDAP blocks).
|
|
# 1. kubectl create secret generic onelab-configurations-custom -n onelab \
|
|
# --from-file=configurations.yml=./my-configurations.yml
|
|
# 2. Set in values:
|
|
# configuration:
|
|
# existingSecretName: onelab-configurations-custom
|