values.yaml Description

Chart Version: latest

Values for the ocis Helm Chart
Key Type Default Description

autoscaling.enabled

bool

false

Enables autoscaling. When set to true, replicas is no longer applied.

autoscaling.maxReplicas

int

10

Sets maximum replicas for autoscaling.

autoscaling.metrics

list

[]

Metrics to use for autoscaling

autoscaling.minReplicas

int

3

Sets minimum replicas for autoscaling.

backup.configMapLabels

object

{}

Labels that are added to ConfigMaps that are manged by this Chart and must be included in a backup when backing up Kubernetes resources.

backup.pvcLabels

object

{}

Labels that are added to PVCs that are manged by this Chart and must be included in a backup when backing up Kubernetes resources.

backup.secretLabels

object

{}

Labels that are added to Secrets that are manged by this Chart and must be included in a backup when backing up Kubernetes resources.

cache.nodes

list

["{{ .appNameNats }}:9233"]

Nodes of the cache to use.

cache.type

string

"nats-js-kv"

Type of the cache to use. Can be set to "nats-js-kv" or "redis-sentinel". There are also the non-recommended options "memory" and "noop". The address of NATS / Redis Sentinel node(s) needs to be set to cache.nodes.

configRefs.authServiceConfigRef

string

""

Reference to an existing authservice config.

configRefs.graphConfigRef

string

""

Reference to an existing graph config.

configRefs.storageusersConfigRef

string

""

Reference to an existing storage-users config.

configRefs.webThemeAssetsConfigRef

string

""

Optional reference to an existing web theme assets config. Will be mounted to /var/lib/ocis/web/assets/themes/owncloud/assets for Web. Does not get autogenerated. Hint: if you set this, you’ll no longer be able to change the instance logo via the Web UI.

configRefs.webThemeConfigRef

string

""

Optional reference to an existing web theme config. Will be mounted to /var/lib/ocis/web/assets/themes/owncloud for Web. Does not get autogenerated. Hint: if you set this, you’ll no longer be able to change the instance logo via the Web UI.

debug.profiling

bool

false

Profiling enables the http://<pod>:<debug-metrics>/debug/pprof endpoint to inspect various Go runtime internals. You can use the endpoint on your machine by forwarding the port, eg: kubectl port-forward -n ocis pod/proxy-8587dc9d64-fs24l 9205:9205 and then accessing the port on https://localhost:9147/debug/pprof or using the pprof command line tool: go tool pprof -web http://localhost:9205/debug/pprof/symbol\?seconds\=10

deploymentStrategy

object

{"type":"RollingUpdate"}

Deployment strategy.

externalDomain

string

""

Domain where oCIS is reachable for the outside world

extraLabels

object

{}

Custom labels for all manifests

extraResources

list

[]

Extra resources to be included.

features.appsIntegration.enabled

bool

false

Enables the apps integration.

features.appsIntegration.mimetypes

list

default configuration of oCIS, see doc.owncloud.com

Mimetype configuration. Let’s you configure a mimetypes' default application, if it is allowed to create a new file and more.

features.appsIntegration.wopiIntegration.officeSuites[0].disableChat

bool

false

Disables the chat in the office suite. Note: This currently only applies to OnlyOffice

features.appsIntegration.wopiIntegration.officeSuites[0].disableProof

bool

false

Disables verifying requests via WOPI proof keys. Not recommended to be disabled for production installations.

features.appsIntegration.wopiIntegration.officeSuites[0].enabled

bool

false

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[0].iconURI

string

""

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].ingress.annotations

object

{}

Ingress annotations.

features.appsIntegration.wopiIntegration.officeSuites[0].ingress.domain

string

""

Domain of the Ingress.

features.appsIntegration.wopiIntegration.officeSuites[0].ingress.enabled

bool

false

Enables the Ingress. Only needed if the office application is not running within the same cluster.

features.appsIntegration.wopiIntegration.officeSuites[0].ingress.ingressClassName

string

nil

Ingress class to use. Uses the default ingress class if not set.

features.appsIntegration.wopiIntegration.officeSuites[0].ingress.labels

object

{}

Labels for the ingress.

features.appsIntegration.wopiIntegration.officeSuites[0].ingress.tls

list

[]

Ingress TLS configuration.

features.appsIntegration.wopiIntegration.officeSuites[0].insecure

bool

false

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[0].name

string

"Collabora"

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].secureViewEnabled

bool

false

Enable secure view for this office suite

features.appsIntegration.wopiIntegration.officeSuites[0].uri

string

""

URI of the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].disableChat

bool

false

Disables the chat in the office suite. Note: This currently only applies to OnlyOffice

features.appsIntegration.wopiIntegration.officeSuites[1].disableProof

bool

false

Disables verifying requests via WOPI proof keys. Not recommended to be disabled for production installations.

features.appsIntegration.wopiIntegration.officeSuites[1].enabled

bool

false

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].iconURI

string

""

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].ingress.annotations

object

{}

Ingress annotations.

features.appsIntegration.wopiIntegration.officeSuites[1].ingress.domain

string

""

Domain of the Ingress.

features.appsIntegration.wopiIntegration.officeSuites[1].ingress.enabled

bool

false

Enables the Ingress. Only needed if the office application is not running within the same cluster.

features.appsIntegration.wopiIntegration.officeSuites[1].ingress.ingressClassName

string

nil

Ingress class to use. Uses the default ingress class if not set.

features.appsIntegration.wopiIntegration.officeSuites[1].ingress.labels

object

{}

Labels for the ingress.

features.appsIntegration.wopiIntegration.officeSuites[1].ingress.tls

list

[]

Ingress TLS configuration.

features.appsIntegration.wopiIntegration.officeSuites[1].insecure

bool

false

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[1].name

string

"OnlyOffice"

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].secureViewEnabled

bool

false

Enable secure view for this office suite. Note: OnlyOffice doesn’t support secureView right now

features.appsIntegration.wopiIntegration.officeSuites[1].uri

string

""

URI of the office suite.

features.appsIntegration.wopiIntegration.wopiFolderURI

string

"https://{{ .Values.externalDomain }}"

Base url to navigate back from the app to the containing folder in the file list.

features.appsIntegration.wopiIntegration.wopiFolderURIPathTemplate

string

nil

Path template for the url to navigate back from the app to the containing folder in the file list. null uses the default value of oCIS, so that one also can set it to "" to not have a path template.

features.appsIntegration.wopiIntegration.wopiServerURI

string

""

URL of the cs3org/wopiserver. Can be deployed with this Chart.

features.archiver.maxNumFiles

int

10000

Max number of files that can be packed into an archive.

features.archiver.maxSize

int

1073741824

Max size in bytes of the zip archive the archiver can create.

features.demoUsers

bool

false

Create demo users on the first startup. Not recommended for production installations.

features.edition

string

"Community"

Edition of ownCloud Infinite Scale.

features.emailNotifications.branding.enabled

bool

false

Enables mail branding. If enabled, you need to provide the text and html template ConfigMap. The image ConfigMap is optional.

features.emailNotifications.branding.htmlMailImagesConfigRef

string

"html-mail-images"

Reference to a ConfigMap containing images that can be referenced from the html mail template. This ConfigMap is optional and can be omitted when images are not used.

features.emailNotifications.branding.htmlMailTemplatesConfigRef

string

"html-mail-templates"

Reference to a ConfigMap containing the html mail template. The template file must be named "email.html.tmpl". The default template can be seen here: https://github.com/owncloud/ocis/blob/master/services/notifications/pkg/email/templates/html/email.html.tmpl

features.emailNotifications.branding.textMailTemplatesConfigRef

string

"text-mail-templates"

Reference to a ConfigMap containing the text mail template. The template file must be named "email.text.tmpl". The default template can be seen here: https://github.com/owncloud/ocis/blob/master/services/notifications/pkg/email/templates/text/email.text.tmpl

features.emailNotifications.enabled

bool

false

Enables email notifications.

features.emailNotifications.smtp.authentication

string

"auto"

Authentication method for the SMTP communication. Possible values are ‘login’, ‘plain’, ‘crammd5’, ‘none’, 'auto' If set to another value than none, a secret referenced by notificationsSmtpSecretRef needs to be present.

features.emailNotifications.smtp.encryption

string

"ssltls"

Encryption method for the SMTP communication. Possible values are starttls, ssl, ssltls, tls and none

features.emailNotifications.smtp.host

string

nil

SMTP host to connect to.

features.emailNotifications.smtp.port

string

nil

Port of the SMTP host to connect to.

features.emailNotifications.smtp.sender

string

nil

Sender address of emails that will be sent. Example: 'ownCloud <noreply@example.com>'

features.externalUserManagement.adminUUID

string

""

UUID of the inital admin user. If the given value matches a user’s value from features.externalUserManagement.oidc.userIDClaim, the admin role will be assigned. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. Note: Enabling roleAssignment will disable adminUUID.

features.externalUserManagement.autoprovisionAccounts

object

{"claimDisplayname":"name","claimEmail":"email","claimGroups":"groups","claimUserName":"sub","enabled":false}

Enables account auto provisioning. It will create missing users on the LDAP server from OIDC information. Needs features.externalUserManagement.ldap.writeable to be be set to true.

features.externalUserManagement.autoprovisionAccounts.claimDisplayname

string

"name"

The name of the OIDC claim that holds the display name.

features.externalUserManagement.autoprovisionAccounts.claimEmail

string

"email"

The name of the OIDC claim that holds the email.

features.externalUserManagement.autoprovisionAccounts.claimGroups

string

"groups"

The name of the OIDC claim that holds the groups.

features.externalUserManagement.autoprovisionAccounts.claimUserName

string

"sub"

The name of the OIDC claim that holds the username.

features.externalUserManagement.autoprovisionAccounts.enabled

bool

false

Enables account auto provisioning. It will create missing users on the LDAP server from OIDC information. Needs features.externalUserManagement.ldap.writeable to be be set to true.

features.externalUserManagement.enabled

bool

false

Enables external user management (and disables internal user management). Needs an external OpenID Connect Identity Provider and an external LDAP server.

features.externalUserManagement.ldap.bindDN

string

"uid=ocis,ou=system-users,dc=owncloud,dc=test"

DN of the user to use to bind to the LDAP server. The password for the user needs to be set in the secret referenced by secretRefs.ldapSecretRef as reva-ldap-bind-password. The user needs to have permission to list users and groups.

features.externalUserManagement.ldap.certTrusted

bool

true

Set only to false, if the certificate of your LDAP secure service is not trusted. If set to false, you need to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"

features.externalUserManagement.ldap.disableUsers.disableMechanism

string

"none"

Enables disabling users if configured as "attribute" or "group"

features.externalUserManagement.ldap.disableUsers.disabledUsersGroupDN

string

"cn=DisabledUsersGroup,ou=groups,o=libregraph-idm"

Group that a user can be added to and by that being marked as disabled.

features.externalUserManagement.ldap.disableUsers.userEnabledAttribute

string

"ownCloudUserEnabled"

Attribute to use for disabling users.

features.externalUserManagement.ldap.group.baseDN

string

"ou=groups,dc=owncloud,dc=com"

Search base DN for looking up LDAP groups.

features.externalUserManagement.ldap.group.createBaseDN

string

""

BaseDN where new groups are created and are considered as editable. All existing groups with a DN outside the features.externalUserManagement.ldap.group.createBaseDN will be treated as read-only groups. Defaults to the value features.externalUserManagement.ldap.group.baseDN. Only applicable if features.externalUserManagement.ldap.writeable is set to true

features.externalUserManagement.ldap.group.filter

string

nil

LDAP filter to add to the default filters for group searches.

features.externalUserManagement.ldap.group.objectClass

string

"groupOfNames"

The object class to use for groups in the default group search filter like groupOfNames.

features.externalUserManagement.ldap.group.schema.displayName

string

"cn"

LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).

features.externalUserManagement.ldap.group.schema.groupName

string

"cn"

LDAP Attribute to use for the name of groups.

features.externalUserManagement.ldap.group.schema.id

string

"ownclouduuid"

LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.

features.externalUserManagement.ldap.group.schema.idIsOctetString

bool

false

Set this to true if the defined id attribute for groups is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the group ID`s.

features.externalUserManagement.ldap.group.schema.mail

string

"mail"

LDAP Attribute to use for the email address of groups (can be empty).

features.externalUserManagement.ldap.group.schema.member

string

"member"

LDAP Attribute that is used for group members.

features.externalUserManagement.ldap.group.scope

string

"sub"

LDAP search scope to use when looking up groups. Supported values are base, one and sub.

features.externalUserManagement.ldap.insecure

bool

false

For self signed certificates, consider to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef" Not recommended for production installations.

features.externalUserManagement.ldap.passwordModifyExOpEnabled

bool

false

Use the Password Modify Extended Operation for updating user passwords.

features.externalUserManagement.ldap.readOnlyAttributes

list

[]

If the LDAP server is set to writable in general, some user attributes can be restricted to read only in the UI. Note: This only disables editing in the UI. The readonly permissions need to be enforced in the LDAP server itself.

features.externalUserManagement.ldap.refintEnabled

bool

false

Signals that the LDAP server has the refint plugin enabled, which makes some actions not needed.

features.externalUserManagement.ldap.uri

string

"ldaps://ldaps.owncloud.test"

URI to connect to the LDAP secure server.

features.externalUserManagement.ldap.useServerUUID

bool

false

If set to true, rely on the LDAP Server to generate a unique ID for users and groups, like when using 'entryUUID' as the user ID attribute.

features.externalUserManagement.ldap.user.baseDN

string

"ou=users,dc=owncloud,dc=com"

Search base DN for looking up LDAP users.

features.externalUserManagement.ldap.user.filter

string

nil

LDAP filter to add to the default filters for user search like (objectclass=ownCloud).

features.externalUserManagement.ldap.user.objectClass

string

"inetOrgPerson"

The object class to use for users in the default user search filter like inetOrgPerson.

features.externalUserManagement.ldap.user.schema.displayName

string

"displayname"

LDAP Attribute to use for the displayname of users.

features.externalUserManagement.ldap.user.schema.id

string

"ownclouduuid"

LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.

features.externalUserManagement.ldap.user.schema.idIsOctetString

bool

false

Set this to true if the defined id attribute for users is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the user ID`s.

features.externalUserManagement.ldap.user.schema.mail

string

"mail"

LDAP Attribute to use for the email address of users.

features.externalUserManagement.ldap.user.schema.userName

string

"uid"

LDAP Attribute to use for username of users.

features.externalUserManagement.ldap.user.schema.userType

string

"ownCloudUserType"

LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'ownCloudUserType'.

features.externalUserManagement.ldap.user.scope

string

"sub"

LDAP search scope to use when looking up users. Supported values are base, one and sub.

features.externalUserManagement.ldap.user.substringFilterType

string

"any"

Type of substring search filter to use for substring searches for users. Possible values: initial for doing prefix only searches, final for doing suffix only searches or any for doing full substring searches

features.externalUserManagement.ldap.user.userNameMatch

string

"default"

Apply restrictions to usernames. Supported values are 'default' and 'none'. When set to 'default', user names must not start with a number and are restricted to ASCII characters. When set to 'none', no restrictions are applied. The default value is 'default'.

features.externalUserManagement.ldap.writeable

bool

true

Writeable configures if oCIS is allowed to write to the LDAP server, to eg. create or edit users.

features.externalUserManagement.oidc.accessTokenVerifyMethod

string

"jwt"

OIDC Acces Token Verify Method Set to "jwt" or "none"

features.externalUserManagement.oidc.editAccountLink

string

""

Link to the OIDC provider’s user accessible account editing page. This will be shown to the user on the personal account page. When using Keycloak with the a realm named "ocis" this could point to eg. https://keycloak.owncloud.test/realms/ocis/account/

features.externalUserManagement.oidc.issuerURI

string

""

Issuer URI of the OpenID Connect Identity Provider. If the IDP doesn’t have valid / trusted SSL certificates, certificate validation can be disabled with the insecure.oidcIdpInsecure option. The issuerURI will be automatically be added to http.csp.directives.connectSrc

features.externalUserManagement.oidc.roleAssignment.claim

string

"roles"

The name of the OIDC claim holding the role assignment

features.externalUserManagement.oidc.roleAssignment.enabled

bool

false

enable OIDC role assignment.

features.externalUserManagement.oidc.roleAssignment.mapping

list

[{"claim_value":"ocisAdmin","role_name":"admin"},{"claim_value":"ocisSpaceAdmin","role_name":"spaceadmin"},{"claim_value":"ocisUser","role_name":"user"},{"claim_value":"ocisGuest","role_name":"user-light"}]

Configure the mapping for the role assignment

features.externalUserManagement.oidc.sessionManagementLink

string

""

Link to the OIDC provider’s user accessible session management. This will be shown to the user on the personal account page. When using Keycloak with the a realm named "ocis" this could point to eg. https://keycloak.owncloud.test/realms/ocis/account/

features.externalUserManagement.oidc.skipUserInfo

bool

false

Do not look up user claims at the userinfo endpoint and directly read them from the access token. Incompatible with 'accessTokenVerifyMethod=none'

features.externalUserManagement.oidc.userIDClaim

string

"ocis.user.uuid"

Claim to take an unique user identifier from. It will be used to look up the user on the LDAP server.

features.externalUserManagement.oidc.userIDClaimAttributeMapping

string

"userid"

Attribute mapping of for the userIDClaim. Set to userid if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.id. Set to mail if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.mail. Set to username if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.userName.

features.gdprReport.integrations.keycloak.basePath

string

""

Base URI of keycloak.

features.gdprReport.integrations.keycloak.clientID

string

""

Client ID to authenticate against keycloak with.

features.gdprReport.integrations.keycloak.clientRealm

string

""

Realm that the client ID is configured in, usually master.

features.gdprReport.integrations.keycloak.enabled

bool

false

Enable keycloak data export.

features.gdprReport.integrations.keycloak.insecure

bool

false

Disables SSL certificate checking for connections to the GDPR export service. Not recommended for production installations.

features.gdprReport.integrations.keycloak.userRealm

string

""

Realm that the users are in.

features.language.default

string

"en"

The default language. If not defined, English will be used as default. See the documentation for more details.

features.policies.enabled

bool

false

Enables policies

features.policies.engineTimeout

string

"10s"

Sets the timeout the rego expression evaluation can take. The timeout can be set as number followed by a unit identifier like ms, s, etc. Rules default to deny if the timeout was reached.

features.policies.policies

list

[]

Sets the policies. Each policy file is defined by a fileName and a content. The content takes the rego script as text. For further information, please have a look at https://doc.owncloud.com/ocis/next/deployment/services/s-list/policies.html Attention: All scripts provided here will end up in a ConfigMap. The data stored in a ConfigMap cannot exceed 1 MiB. see https://kubernetes.io/docs/concepts/configuration/configmap/#:~:text=The%20data%20stored%20in%20a,separate%20database%20or%20file%20service.

features.quotas.default

string

nil

Sets the default quota for spaces in bytes. So 1000 sets the default quota to 1KB. 0 means unlimited.

features.quotas.max

string

nil

Sets the maximum quota for spaces in bytes. So 1000 sets the max quota to 1KB.

features.quotas.roles

object

{}

Sets specific quotas for roles

features.roles.availableUnifiedRoles

list

[]

Define a list of unified roles to make them available. The default of an empty list means all unified roles are available. You can read about unified roles in https://doc.owncloud.com/ocis/next/deployment/services/s-list/graph.html. The IDs of the roles and a description can be found by running: kubectl -n ocis exec deployments/graph — ocis graph list-unified-roles

features.roles.customRoles

string

""

Define the roles by providing the JSON text here.

features.roles.customRolesConfigRef

string

nil

Define the roles by specifying a name of a ConfigMap which already contains the the role description (might also be defined in the extraResources section). The ConfigMap needs to contain a file named custom-roles.json which holds the role description in JSON format Please note that you have to restart the settings service manually if you change the content of you ConfigMap.

features.sharing.autoAcceptShares

bool

true

automatically accept incoming shares

features.sharing.passwordPolicies.bannedPasswords

list

[]

list of banned passwords

features.sharing.passwordPolicies.minCharacters

int

0

the minimum amount of characters the password needs to have

features.sharing.passwordPolicies.minDigits

int

0

the minimum amount of digits the password needs to have

features.sharing.passwordPolicies.minLowerCharacters

int

0

the minimum amount of lower case characters the password needs to have

features.sharing.passwordPolicies.minSpecialCharacters

int

0

the minimum amount of special characters the password needs to have

features.sharing.passwordPolicies.minUpperCharacters

int

0

the minimum amount of upper case characters the password needs to have

features.sharing.publiclink.shareMustHavePassword

bool

false

Enforce a password on all public link shares.

features.sharing.publiclink.writeableShareMustHavePassword

bool

false

Enforce a password only on writable public link shares. Is already enforced if features.sharing.publiclink.shareMustHavePassword option is set to true`.

features.sharing.users.search.minLengthLimit

int

3

Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.

features.sharing.users.search.showUserEmail

bool

false

Show user email when searching for other users to share with.

features.virusscan.enabled

bool

false

Enables virus scanning

features.virusscan.icap.service

string

"avscan"

Sets the service to be used in icap

features.virusscan.icap.timeout

int

300

Sets the timeout for icap scans

features.virusscan.icap.url

string

"icap://127.0.0.1:1344"

Sets the icap url

features.virusscan.infectedFileHandling

string

"delete"

Define what should happen with infected files. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.

features.virusscan.maxScanSize

string

nil

Sets a maximum file size for scans. Only this many bytes of a file will be scanned. 0 means unlimited and is the default. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.

hostAliases

list

[]

provide custom hostnames to every oCIS pods

http.cors.allow_origins

list

[]

http.csp.directives.childSrc

list

["'self'"]

child-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/child-src

http.csp.directives.connectSrc

list

["'self'"]

connect-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src

http.csp.directives.defaultSrc

list

["'none'"]

default-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src

http.csp.directives.fontSrc

list

["'self'"]

front-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/front-src

http.csp.directives.frameAncestors

list

["'self'"]

frame-ancestors directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

http.csp.directives.frameSrc

list

["'self'","blob:"]

frame-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src

http.csp.directives.imgSrc

list

["'self'","data:","blob:"]

img-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src

http.csp.directives.manifestSrc

list

["'self'"]

manifest-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src

http.csp.directives.mediaSrc

list

["'self'"]

media-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/media-src

http.csp.directives.objectSrc

list

["'self'","blob:"]

object-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src

http.csp.directives.scriptSrc

list

["'self'","'unsafe-inline'"]

script-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

http.csp.directives.styleSrc

list

["'self'","'unsafe-inline'"]

style-src directive, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src

image.pullPolicy

string

"IfNotPresent"

Image pull policy

image.pullSecrets

list

[]

Names of the secret containing the credentials to pull an image from the registry. More information how a secret can be defined at https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ Note: These secrets also apply to initContainers, so you need to provide secrets for the initContainer image here as well.

image.repository

string

"owncloud/ocis-rolling"

Image repository

image.sha

string

""

Image sha / digest (optional).

image.tag

string

""

Image tag. Defaults to the chart’s appVersion.

ingress.annotations

object

{}

Ingress annotations.

ingress.enabled

bool

false

Enables the Ingress.

ingress.ingressClassName

string

nil

Ingress class to use. Uses the default ingress class if not set.

ingress.labels

object

{}

Labels for the ingress.

ingress.tls

list

[]

Ingress TLS configuration.

initContainerImage.pullPolicy

string

"IfNotPresent"

Image pull policy

initContainerImage.repository

string

"busybox"

Image repository

initContainerImage.sha

string

""

Image sha / digest (optional).

initContainerImage.tag

string

"stable"

Image tag.

insecure.ocisHttpApiInsecure

bool

false

Disables SSL certificate checking for connections to the oCIS http apis. Not recommended for production installations.

insecure.oidcIdpInsecure

bool

false

Disables SSL certificate checking for connections to the openID connect identity provider. Not recommended for production installations.

jobNodeSelector

object

{}

Default nodeSelector to apply to all jobs, except per-service job nodeSelector configuration in services.<service-name>.jobNodeSelector is set.

jobPriorityClassName

string

""

Default priorityClassName to apply to all services, except per-service jobPriorityClassName configuration in services.<service-name>.jobPriorityClassName is set.

jobResources

object

{}

Default resources to apply to all jobs in services, except per-service resources configuration in services.<service-name>.jobResources is set. Best practice is to: - set memory request == memory limit (compare to https://home.robusta.dev/blog/kubernetes-memory-limit) - set cpu request and omit cpu limit (compare to https://home.robusta.dev/blog/stop-using-cpu-limits)

logging.color

string

"false"

Activates colorized log output. Not recommended for production installations.

logging.level

string

"info"

Log level. Valid values: panic, fatal, error, warn, info, debug, trace.

logging.pretty

string

"false"

Activates pretty log output. Not recommended for production installations.

messagingSystem.external.cluster

string

"ocis-cluster"

Cluster name to use with the messaging system.

messagingSystem.external.enabled

bool

false

Use an external NATS messaging system instead of the internal one. Recommended for all production instances. Needs to be used if HighAvailability is needed. Needs to be used if oCIS shall be used by more than a 2-digit user count.

messagingSystem.external.endpoint

string

"nats.ocis-nats.svc.cluster.local:4222"

Endpoint of the messaging system.

messagingSystem.external.tls.certTrusted

bool

true

Set only to false, if the certificate of your messaging system service is not trusted. If set to false, you need to put the CA cert of the messaging system server into the secret referenced by "messagingSystemCaRef"

messagingSystem.external.tls.enabled

bool

true

Enables TLS encrypted communication with the messaging system. Recommended for production installations.

messagingSystem.external.tls.insecure

bool

false

For self signed certificates, consider to put the CA cert of the messaging system secure server into the secret referenced by "messagingSystemCaRef" Not recommended for production installations.

monitoring.enabled

bool

false

Enable service monitoring.

monitoring.interval

string

"60s"

Interval at which to scrape metrics.

monitoring.scrapeTimeout

string

"60s"

Scrape timeout.

namespaceOverride

string

nil

Override the deployment namespace of all resources in this Helm chart.

nodeSelector

object

{}

Default nodeSelector to apply to all services, except per-service nodeSelector configuration in services.<service-name>.nodeSelector is set.

podDisruptionBudget

object

{}

Default PodDisruptionBudget to apply to all services, except per-service PodDisruptionBudget configuration in services.<service-name>.podDisruptionBudget is set.

priorityClassName

string

""

Default priorityClassName to apply to all services, except per-service priorityClassName configuration in services.<service-name>.priorityClassName is set.

registry.nodes

list

["{{ .appNameNats }}:9233"]

Nodes of the service registry to use.

registry.type

string

"nats-js-kv"

Configure the service registry type. Can be set to "nats-js-kv". The address of NATS node(s) needs to be set to cache.nodes.

replicas

int

1

Number of replicas for each scalable service. Has no effect when autoscaling.enabled is set to true.

resources

object

{}

Default resources to apply to all services, except per-service resources configuration in services.<service-name>.resources is set. Best practice is to: - set memory request == memory limit (compare to https://home.robusta.dev/blog/kubernetes-memory-limit) - set cpu request and omit cpu limit (compare to https://home.robusta.dev/blog/stop-using-cpu-limits)

secretRefs.adminUserSecretRef

string

""

Reference to an existing admin user secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.collaborationWopiSecret

string

""

secretRefs.gdprExportClientSecretRef

string

""

Reference to an existing keycloak client secret, used for the GDPR export. Only used if features.externalUserManagement.gdprExport.enabled equals true.

secretRefs.globalNotificationsSecretRef

string

""

The secret to secure the global notifications endpoint. Only system admins and users knowing that secret can call the global notifications POST/DELETE endpoints.

secretRefs.idpSecretRef

string

""

Reference to an existing IDP secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.jwtSecretRef

string

""

Reference to an existing JWT secret (see Secrets).

secretRefs.ldapCaRef

string

""

Reference to an existing LDAP certificate authority secret (see Secrets)

secretRefs.ldapCertRef

string

""

Reference to an existing LDAP cert secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.ldapSecretRef

string

""

Reference to an existing LDAP bind secret (see Secrets).

secretRefs.machineAuthApiKeySecretRef

string

""

Reference to an existing machine auth api key secret (see Secrets)

secretRefs.messagingSystemCaRef

string

""

Reference to an existing messaging system certificate authority secret (see Secrets)

secretRefs.notificationsSmtpSecretRef

string

""

Reference to an existing SMTP email server settings secret (see Secrets). Not used if features.emailNotifications.enabled equals false. Not used if features.emailNotifications.smtp.authentication equals none.

secretRefs.s3CredentialsSecretRef

string

""

Reference to an existing s3 secret (see Secrets) If not filled in, will attempt to use values in .storageusers.storageBackend.s3.driverConfig.s3ng instead.

secretRefs.serviceAccountSecretRef

string

""

Reference to an existing service account secret (see Secrets)

secretRefs.storagesystemJwtSecretRef

string

""

Reference to an existing storage-system JWT secret (see Secrets)

secretRefs.storagesystemSecretRef

string

""

Reference to an existing storage-system secret (see Secrets)

secretRefs.thumbnailsSecretRef

string

""

Reference to an existing thumbnails transfer secret (see Secrets)

secretRefs.transferSecretSecretRef

string

""

Reference to an existing transfer secret (see Secrets)

securityContext.fsGroup

int

1000

File system group for all volumes.

securityContext.fsGroupChangePolicy

string

"OnRootMismatch"

File system group change policy for all volumes. Possible values "Always" and "OnRootMismatch". This will also apply to all services' chownInitContainer.

securityContext.runAsGroup

int

1000

Group ID that all processes within any containers will run with.

securityContext.runAsUser

int

1000

User ID that all processes within any containers will run with.

service.appProtocol.grpc

string

"grpc"

appProtocol to be used for service ports that use the grpc protocol.

service.appProtocol.http

string

"http"

appProtocol to be used for service ports that use the http protocol.

service.appProtocol.ldaps

string

"tcp"

appProtocol to be used for service ports that use the ldaps protocol. Not used if features.externalUserManagement.enabled equals true.

service.appProtocol.nats

string

"tcp"

appProtocol to be used for service ports that use the nats wire protocol. Not used if messagingSystem.external.enabled equals true.

services.activitylog

object

see detailed service configuration options below

ACTIVITYLOG service.

services.activitylog.affinity

object

{}

Affinity settings for the activitylog service. See the documentation of this setting in approvider for examples.

services.activitylog.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.activitylog.extraLabels

object

{}

Per-service custom labels

services.activitylog.image.pullPolicy

string

nil

Image pull policy

services.activitylog.image.repository

string

""

Image repository

services.activitylog.image.sha

string

""

Image sha / digest (optional).

services.activitylog.image.tag

string

""

Image tag.

services.activitylog.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.activitylog.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.activitylog.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.activitylog.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.activitylog.store

object

{}

Per-service store configuration for the activitylog service. Overrides the default setting from store if set.

services.antivirus

object

see detailed service configuration options below

ANTIVIRUS service. Not used if features.virusscan.enabled equals false.

services.antivirus.affinity

object

{}

Affinity settings for the antivirus service. See the documentation of this setting in approvider for examples.

services.antivirus.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.antivirus.extraLabels

object

{}

Per-service custom labels

services.antivirus.image.pullPolicy

string

nil

Image pull policy

services.antivirus.image.repository

string

""

Image repository

services.antivirus.image.sha

string

""

Image sha / digest (optional).

services.antivirus.image.tag

string

""

Image tag.

services.antivirus.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.antivirus.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.antivirus.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.antivirus.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.appregistry

object

see detailed service configuration options below

APP REGISTRY service. Not used if features.appsIntegration.enabled equals false.

services.appregistry.affinity

object

{}

Affinity settings for the appregistry service. See the documentation of this setting in approvider for examples.

services.appregistry.extraLabels

object

{}

Per-service custom labels

services.appregistry.image.pullPolicy

string

nil

Image pull policy

services.appregistry.image.repository

string

""

Image repository

services.appregistry.image.sha

string

""

Image sha / digest (optional).

services.appregistry.image.tag

string

""

Image tag.

services.appregistry.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.appregistry.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.appregistry.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.audit

object

see detailed service configuration options below

AUDIT service.

services.audit.affinity

object

{}

Affinity settings for the audit service. See the documentation of this setting in approvider for examples.

services.audit.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.audit.extraLabels

object

{}

Per-service custom labels

services.audit.image.pullPolicy

string

nil

Image pull policy

services.audit.image.repository

string

""

Image repository

services.audit.image.sha

string

""

Image sha / digest (optional).

services.audit.image.tag

string

""

Image tag.

services.audit.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.audit.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.audit.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.audit.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.authmachine

object

see detailed service configuration options below

AUTH MACHINE service.

services.authmachine.affinity

object

{}

Affinity settings for the authmachine service. See the documentation of this setting in approvider for examples.

services.authmachine.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.authmachine.extraLabels

object

{}

Per-service custom labels

services.authmachine.image.pullPolicy

string

nil

Image pull policy

services.authmachine.image.repository

string

""

Image repository

services.authmachine.image.sha

string

""

Image sha / digest (optional).

services.authmachine.image.tag

string

""

Image tag.

services.authmachine.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.authmachine.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.authmachine.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.authmachine.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.authservice

object

see detailed service configuration options below

AUTH SERVICE service.

services.authservice.affinity

object

{}

Affinity settings for the authservice service. See the documentation of this setting in approvider for examples.

services.authservice.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.authservice.extraLabels

object

{}

Per-service custom labels

services.authservice.image.pullPolicy

string

nil

Image pull policy

services.authservice.image.repository

string

""

Image repository

services.authservice.image.sha

string

""

Image sha / digest (optional).

services.authservice.image.tag

string

""

Image tag.

services.authservice.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.authservice.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.authservice.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.authservice.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.clientlog

object

see detailed service configuration options below

CLIENTLOG service.

services.clientlog.affinity

object

{}

Affinity settings for the clientlog service. See the documentation of this setting in approvider for examples.

services.clientlog.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.clientlog.extraLabels

object

{}

Per-service custom labels

services.clientlog.image.pullPolicy

string

nil

Image pull policy

services.clientlog.image.repository

string

""

Image repository

services.clientlog.image.sha

string

""

Image sha / digest (optional).

services.clientlog.image.tag

string

""

Image tag.

services.clientlog.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.clientlog.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.clientlog.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.clientlog.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.collaboration

object

see detailed service configuration options below

COLLABORATION service. Not used if features.appsIntegration.enabled equals false.

services.collaboration.affinity

object

{}

Affinity settings for the approvider service.

services.collaboration.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.collaboration.extraLabels

object

{}

Per-service custom labels

services.collaboration.image.pullPolicy

string

nil

Image pull policy

services.collaboration.image.repository

string

""

Image repository

services.collaboration.image.sha

string

""

Image sha / digest (optional).

services.collaboration.image.tag

string

""

Image tag.

services.collaboration.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.collaboration.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.collaboration.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.collaboration.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.eventhistory

object

see detailed service configuration options below

EVENT HISTORY service.

services.eventhistory.affinity

object

{}

Affinity settings for the eventhistory service. See the documentation of this setting in approvider for examples.

services.eventhistory.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.eventhistory.extraLabels

object

{}

Per-service custom labels

services.eventhistory.image.pullPolicy

string

nil

Image pull policy

services.eventhistory.image.repository

string

""

Image repository

services.eventhistory.image.sha

string

""

Image sha / digest (optional).

services.eventhistory.image.tag

string

""

Image tag.

services.eventhistory.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.eventhistory.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.eventhistory.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.eventhistory.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.eventhistory.store

object

{}

Per-service store configuration for the eventhistory service. Overrides the default setting from store if set.

services.frontend

object

see detailed service configuration options below

FRONTEND service.

services.frontend.affinity

object

{}

Affinity settings for the frontend service. See the documentation of this setting in approvider for examples.

services.frontend.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.frontend.extraLabels

object

{}

Per-service custom labels

services.frontend.image.pullPolicy

string

nil

Image pull policy

services.frontend.image.repository

string

""

Image repository

services.frontend.image.sha

string

""

Image sha / digest (optional).

services.frontend.image.tag

string

""

Image tag.

services.frontend.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.frontend.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.frontend.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.frontend.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.gateway

object

see detailed service configuration options below

GATEWAY service.

services.gateway.affinity

object

{}

Affinity settings for the gateway service. See the documentation of this setting in approvider for examples.

services.gateway.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.gateway.extraLabels

object

{}

Per-service custom labels

services.gateway.image.pullPolicy

string

nil

Image pull policy

services.gateway.image.repository

string

""

Image repository

services.gateway.image.sha

string

""

Image sha / digest (optional).

services.gateway.image.tag

string

""

Image tag.

services.gateway.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.gateway.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.gateway.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.gateway.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.graph

object

see detailed service configuration options below

GRAPH service.

services.graph.affinity

object

{}

Affinity settings for the graph service. See the documentation of this setting in approvider for examples.

services.graph.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.graph.extraLabels

object

{}

Per-service custom labels

services.graph.image.pullPolicy

string

nil

Image pull policy

services.graph.image.repository

string

""

Image repository

services.graph.image.sha

string

""

Image sha / digest (optional).

services.graph.image.tag

string

""

Image tag.

services.graph.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.graph.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.graph.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.graph.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.groups

object

see detailed service configuration options below

GROUPS service.

services.groups.affinity

object

{}

Affinity settings for the groups service. See the documentation of this setting in approvider for examples.

services.groups.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.groups.extraLabels

object

{}

Per-service custom labels

services.groups.image.pullPolicy

string

nil

Image pull policy

services.groups.image.repository

string

""

Image repository

services.groups.image.sha

string

""

Image sha / digest (optional).

services.groups.image.tag

string

""

Image tag.

services.groups.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.groups.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.groups.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.groups.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.idm

object

see detailed service configuration options below

IDM service. Not used if features.externalUserManagement.enabled equals true.

services.idm.affinity

object

{}

Affinity settings for the idm service. See the documentation of this setting in approvider for examples.

services.idm.extraLabels

object

{}

Per-service custom labels

services.idm.image.pullPolicy

string

nil

Image pull policy

services.idm.image.repository

string

""

Image repository

services.idm.image.sha

string

""

Image sha / digest (optional).

services.idm.image.tag

string

""

Image tag.

services.idm.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.idm.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.idm.persistence.accessModes

list

["ReadWriteOnce"]

Persistent volume access modes.

services.idm.persistence.annotations

object

{}

Persistent volume annotations.

services.idm.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.idm.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.idm.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations, except features.externalUserManagement.enabled equals true. If not enabled, pod restarts will lead to data loss.

services.idm.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.idm.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.idm.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.idm.persistence.size

string

"10Gi"

Size of the persistent volume.

services.idm.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.idm.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.idm.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.idp

object

see detailed service configuration options below

IDP service. Not used if features.externalUserManagement.enabled equals true.

services.idp.affinity

object

{}

Affinity settings for the idp service. See the documentation of this setting in approvider for examples.

services.idp.extraLabels

object

{}

Per-service custom labels

services.idp.image.pullPolicy

string

nil

Image pull policy

services.idp.image.repository

string

""

Image repository

services.idp.image.sha

string

""

Image sha / digest (optional).

services.idp.image.tag

string

""

Image tag.

services.idp.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.idp.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.idp.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.nats

object

see detailed service configuration options below

NATS service. Not used if messagingSystem.external.enabled equals true.

services.nats.affinity

object

{}

Affinity settings for the nats service. See the documentation of this setting in approvider for examples.

services.nats.extraLabels

object

{}

Per-service custom labels

services.nats.image.pullPolicy

string

nil

Image pull policy

services.nats.image.repository

string

""

Image repository

services.nats.image.sha

string

""

Image sha / digest (optional).

services.nats.image.tag

string

""

Image tag.

services.nats.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.nats.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.nats.persistence.accessModes

list

["ReadWriteOnce"]

Persistent volume access modes.

services.nats.persistence.annotations

object

{}

Persistent volume annotations.

services.nats.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.nats.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.nats.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations, except messagingSystem.external.enabled equals true. If not enabled, pod restarts will lead to data loss.

services.nats.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.nats.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.nats.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.nats.persistence.size

string

"10Gi"

Size of the persistent volume.

services.nats.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.nats.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.nats.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.notifications

object

see detailed service configuration options below

NOTIFICATIONS service. Not used if features.emailNotifications.enabled equals true.

services.notifications.affinity

object

{}

Affinity settings for the notifications service. See the documentation of this setting in approvider for examples.

services.notifications.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.notifications.extraLabels

object

{}

Per-service custom labels

services.notifications.image.pullPolicy

string

nil

Image pull policy

services.notifications.image.repository

string

""

Image repository

services.notifications.image.sha

string

""

Image sha / digest (optional).

services.notifications.image.tag

string

""

Image tag.

services.notifications.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.notifications.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.notifications.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.notifications.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.ocdav

object

see detailed service configuration options below

OCDAV service.

services.ocdav.affinity

object

{}

Affinity settings for the ocdav service. See the documentation of this setting in approvider for examples.

services.ocdav.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.ocdav.extraLabels

object

{}

Per-service custom labels

services.ocdav.image.pullPolicy

string

nil

Image pull policy

services.ocdav.image.repository

string

""

Image repository

services.ocdav.image.sha

string

""

Image sha / digest (optional).

services.ocdav.image.tag

string

""

Image tag.

services.ocdav.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.ocdav.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.ocdav.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.ocdav.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.ocs

object

see detailed service configuration options below

OCS service.

services.ocs.affinity

object

{}

Affinity settings for the ocs service. See the documentation of this setting in approvider for examples.

services.ocs.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.ocs.extraLabels

object

{}

Per-service custom labels

services.ocs.image.pullPolicy

string

nil

Image pull policy

services.ocs.image.repository

string

""

Image repository

services.ocs.image.sha

string

""

Image sha / digest (optional).

services.ocs.image.tag

string

""

Image tag.

services.ocs.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.ocs.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.ocs.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.ocs.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.policies

object

see detailed service configuration options below

POLICIES service.

services.policies.affinity

object

{}

Affinity settings for the policies service. See the documentation of this setting in approvider for examples.

services.policies.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.policies.extraLabels

object

{}

Per-service custom labels

services.policies.image.pullPolicy

string

nil

Image pull policy

services.policies.image.repository

string

""

Image repository

services.policies.image.sha

string

""

Image sha / digest (optional).

services.policies.image.tag

string

""

Image tag.

services.policies.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.policies.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.policies.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.policies.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.postprocessing

object

see detailed service configuration options below

POSTPROCESSING service.

services.postprocessing.affinity

object

{}

Affinity settings for the postprocessing service. See the documentation of this setting in approvider for examples.

services.postprocessing.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.postprocessing.extraLabels

object

{}

Per-service custom labels

services.postprocessing.image.pullPolicy

string

nil

Image pull policy

services.postprocessing.image.repository

string

""

Image repository

services.postprocessing.image.sha

string

""

Image sha / digest (optional).

services.postprocessing.image.tag

string

""

Image tag.

services.postprocessing.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.postprocessing.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.postprocessing.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.postprocessing.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.postprocessing.store

object

{}

Per-service store configuration for the eventhistory service. Overrides the default setting from store if set.

services.proxy

object

see detailed service configuration options below

PROXY service.

services.proxy.additionalPolicies

list

[]

Specifies additional policies for the proxy service. Routes are appended to the default routes of specified policies. The policy name should always be 'ocis'.

services.proxy.affinity

object

{}

Affinity settings for the proxy service. See the documentation of this setting in approvider for examples.

services.proxy.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.proxy.extraLabels

object

{}

Per-service custom labels

services.proxy.image.pullPolicy

string

nil

Image pull policy

services.proxy.image.repository

string

""

Image repository

services.proxy.image.sha

string

""

Image sha / digest (optional).

services.proxy.image.tag

string

""

Image tag.

services.proxy.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.proxy.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.proxy.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.proxy.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.search

object

see detailed service configuration options below

SEARCH service.

services.search.affinity

object

{}

Affinity settings for the search service. See the documentation of this setting in approvider for examples.

services.search.extraLabels

object

{}

Per-service custom labels

services.search.extractor

object

see detailed search extractor configuration options below

Search Extractor settings.

services.search.extractor.sizeLimit

string

nil

Configures the maximum file size in bytes that is allowed for content extraction. For the default value see https://doc.owncloud.com/ocis/next/deployment/services/s-list/search.html

services.search.extractor.tika.cleanStopWords

bool

true

Defines if stop words should be cleaned or not.

services.search.extractor.tika.url

string

""

Set the URL to Tika. Only applicable if services.search.extractor.type == tika.

services.search.extractor.type

string

"basic"

Configures the search extractor type to be used. Possible extractors: - basic: the default search extractor. - tika: the Tika search extractor. If set to this value, additional settings in the tika section apply.

services.search.image.pullPolicy

string

nil

Image pull policy

services.search.image.repository

string

""

Image repository

services.search.image.sha

string

""

Image sha / digest (optional).

services.search.image.tag

string

""

Image tag.

services.search.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.search.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.search.persistence.accessModes

list

["ReadWriteOnce"]

Persistent volume access modes.

services.search.persistence.annotations

object

{}

Persistent volume annotations.

services.search.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.search.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.search.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss.

services.search.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.search.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.search.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.search.persistence.size

string

"10Gi"

Size of the persistent volume.

services.search.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.search.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.search.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.search.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.settings

object

see detailed service configuration options below

SETTINGS service.

services.settings.affinity

object

{}

Affinity settings for the settings service. See the documentation of this setting in approvider for examples.

services.settings.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.settings.extraLabels

object

{}

Per-service custom labels

services.settings.image.pullPolicy

string

nil

Image pull policy

services.settings.image.repository

string

""

Image repository

services.settings.image.sha

string

""

Image sha / digest (optional).

services.settings.image.tag

string

""

Image tag.

services.settings.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.settings.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.settings.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.settings.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.sharing

object

see detailed service configuration options below

SHARING service.

services.sharing.affinity

object

{}

Affinity settings for the sharing service. See the documentation of this setting in approvider for examples.

services.sharing.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.sharing.extraLabels

object

{}

Per-service custom labels

services.sharing.image.pullPolicy

string

nil

Image pull policy

services.sharing.image.repository

string

""

Image repository

services.sharing.image.sha

string

""

Image sha / digest (optional).

services.sharing.image.tag

string

""

Image tag.

services.sharing.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.sharing.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.sharing.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.sharing.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.sse

object

see detailed service configuration options below

SSE service

services.sse.affinity

object

{}

Affinity settings for the postprocessing service. See the documentation of this setting in approvider for examples.

services.sse.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.sse.extraLabels

object

{}

Per-service custom labels

services.sse.image.pullPolicy

string

nil

Image pull policy

services.sse.image.repository

string

""

Image repository

services.sse.image.sha

string

""

Image sha / digest (optional).

services.sse.image.tag

string

""

Image tag.

services.sse.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.sse.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.sse.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.sse.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.sse.store

object

{}

Per-service store configuration for the eventhistory service. Overrides the default setting from store if set.

services.storagepubliclink

object

see detailed service configuration options below

STORAGE-PUBLICLINK service.

services.storagepubliclink.affinity

object

{}

Affinity settings for the storagepubliclink service. See the documentation of this setting in approvider for examples.

services.storagepubliclink.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storagepubliclink.extraLabels

object

{}

Per-service custom labels

services.storagepubliclink.image.pullPolicy

string

nil

Image pull policy

services.storagepubliclink.image.repository

string

""

Image repository

services.storagepubliclink.image.sha

string

""

Image sha / digest (optional).

services.storagepubliclink.image.tag

string

""

Image tag.

services.storagepubliclink.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storagepubliclink.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storagepubliclink.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.storagepubliclink.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageshares

object

see detailed service configuration options below

STORAGE-SHARES service.

services.storageshares.affinity

object

{}

Affinity settings for the storageshares service. See the documentation of this setting in approvider for examples.

services.storageshares.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storageshares.extraLabels

object

{}

Per-service custom labels

services.storageshares.image.pullPolicy

string

nil

Image pull policy

services.storageshares.image.repository

string

""

Image repository

services.storageshares.image.sha

string

""

Image sha / digest (optional).

services.storageshares.image.tag

string

""

Image tag.

services.storageshares.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storageshares.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storageshares.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.storageshares.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storagesystem

object

see detailed service configuration options below

STORAGE-SYSTEM service.

services.storagesystem.affinity

object

{}

Affinity settings for the storagesystem service. See the documentation of this setting in approvider for examples.

services.storagesystem.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storagesystem.extraLabels

object

{}

Per-service custom labels

services.storagesystem.image.pullPolicy

string

nil

Image pull policy

services.storagesystem.image.repository

string

""

Image repository

services.storagesystem.image.sha

string

""

Image sha / digest (optional).

services.storagesystem.image.tag

string

""

Image tag.

services.storagesystem.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storagesystem.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.storagesystem.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when having more than one replica for this service.

services.storagesystem.persistence.annotations

object

{}

Persistent volume annotations.

services.storagesystem.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.storagesystem.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.storagesystem.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service to more than one replica is not possible if the pods don’t share the same volume.

services.storagesystem.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.storagesystem.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.storagesystem.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.storagesystem.persistence.size

string

"5Gi"

Size of the persistent volume.

services.storagesystem.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.storagesystem.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storagesystem.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.storagesystem.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageusers

object

see detailed service configuration options below

STORAGE-USERS service.

services.storageusers.affinity

object

{}

Affinity settings for the storageusers service. See the documentation of this setting in approvider for examples.

services.storageusers.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storageusers.events.consumer.concurrency

int

10

Number of event consumers to be started that concurrently consume events (eg. postprocessing related events)

services.storageusers.extraLabels

object

{}

Per-service custom labels

services.storageusers.image.pullPolicy

string

nil

Image pull policy

services.storageusers.image.repository

string

""

Image repository

services.storageusers.image.sha

string

""

Image sha / digest (optional).

services.storageusers.image.tag

string

""

Image tag.

services.storageusers.jobNodeSelector

object

{}

Per-service jobNodeSelector configuration. Overrides the default setting from jobNodeSelector if set.

services.storageusers.jobPriorityClassName

string

""

Per-service jobPriorityClassName configuration. Overrides the default setting from jobPriorityClassName if set.

services.storageusers.jobResources

object

{}

Per-service jobResources configuration. Overrides the default setting from jobResources if set.

services.storageusers.maintenance.cleanUpExpiredUploads.enabled

bool

false

Enables a job, that cleans up expired uploads. Requires persistence to be enabled and RWX storage.

services.storageusers.maintenance.cleanUpExpiredUploads.schedule

string

"0 * * * *"

Cron pattern for the job to be run.

services.storageusers.maintenance.cleanUpExpiredUploads.startingDeadlineSeconds

int

600

Defines the a deadline (in whole seconds) for starting the Job, if that Job misses its scheduled time for any reason.

services.storageusers.maintenance.cleanUpExpiredUploads.uploadExpiration

int

86400

Duration in seconds after which uploads will expire. WARNING: Setting this to a low number will lead to uploads being cancelled before they are finished and returning a 403 to the user.

services.storageusers.maintenance.image.pullPolicy

string

nil

Image pull policy

services.storageusers.maintenance.image.repository

string

""

Image repository

services.storageusers.maintenance.image.sha

string

""

Image sha / digest (optional).

services.storageusers.maintenance.image.tag

string

""

Image tag.

services.storageusers.maintenance.purgeExpiredTrashBinItems.enabled

bool

false

Enables a job, that purges expired trash bin items. Requires persistence to be enabled.

services.storageusers.maintenance.purgeExpiredTrashBinItems.personalDeleteBefore

string

"30d"

Setting that makes the command delete all trashed personal files older than the value. The value is a number and a unit "d", "h", "m", "s".

services.storageusers.maintenance.purgeExpiredTrashBinItems.projectDeleteBefore

string

"30d"

Setting that makes the command delete all trashed project files older than the value. The value is a number and a unit "d", "h", "m", "s".

services.storageusers.maintenance.purgeExpiredTrashBinItems.schedule

string

"0 * * * *"

Cron pattern for the job to be run.

services.storageusers.maintenance.purgeExpiredTrashBinItems.startingDeadlineSeconds

int

600

Defines the a deadline (in whole seconds) for starting the Job, if that Job misses its scheduled time for any reason.

services.storageusers.maintenance.restartPostprocessing.enabled

bool

false

Enables a job, that restarts postprocessing for uploads that are currently in postprocessing state. Requires persistence to be enabled.

services.storageusers.maintenance.restartPostprocessing.schedule

string

"0 * * * *"

Cron pattern for the job to be run.

services.storageusers.maintenance.restartPostprocessing.startingDeadlineSeconds

int

600

Defines the a deadline (in whole seconds) for starting the Job, if that Job misses its scheduled time for any reason.

services.storageusers.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storageusers.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.storageusers.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when having more than one replica for this service.

services.storageusers.persistence.annotations

object

{}

Persistent volume annotations.

services.storageusers.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.storageusers.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.storageusers.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service to more than one replica is not possible if the pods don’t share the same volume.

services.storageusers.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.storageusers.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.storageusers.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.storageusers.persistence.size

string

"50Gi"

Size of the persistent volume.

services.storageusers.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.storageusers.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storageusers.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.storageusers.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageusers.storageBackend.driver

string

"ocis"

Configures the storage driver. Possible values are "ocis" and "s3ng". The oCIS driver stores all data in the persistent volume if persistence is enabled. The S3NG driver stores all metadata in the persistent volume and uploads blobs to s3 if persistence is enabled.

services.storageusers.storageBackend.driverConfig.ocis.maxConcurrency

int

100

Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system.

services.storageusers.storageBackend.driverConfig.s3ng.bucket

string

""

S3 bucket to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageusers.storageBackend.driverConfig.s3ng.disableContentSHA256

bool

false

Disable sending content sha256 when copying objects to S3.

services.storageusers.storageBackend.driverConfig.s3ng.endpoint

string

""

S3 endpoint to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageusers.storageBackend.driverConfig.s3ng.maxConcurrency

int

100

Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system.

services.storageusers.storageBackend.driverConfig.s3ng.putObject.concurrentStreamParts

bool

true

Always precreate parts when copying objects to S3.

services.storageusers.storageBackend.driverConfig.s3ng.putObject.disableMultipart

bool

false

Disable multipart uploads when copying objects to S3

services.storageusers.storageBackend.driverConfig.s3ng.putObject.numThreads

int

4

Number of concurrent uploads to use when copying objects to S3.

services.storageusers.storageBackend.driverConfig.s3ng.putObject.partSize

int

0

Part size for concurrent uploads to S3.

services.storageusers.storageBackend.driverConfig.s3ng.putObject.sendContentMD5

bool

true

Send a Content-MD5 header when copying objects to S3.

services.storageusers.storageBackend.driverConfig.s3ng.region

string

"default"

S3 region to use for the S3NG driver. Only used if driver is set to "s3ng".

services.thumbnails

object

see detailed service configuration options below

THUMBNAILS service.

services.thumbnails.affinity

object

{}

Affinity settings for the thumbnails service. See the documentation of this setting in approvider for examples.

services.thumbnails.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.thumbnails.extraLabels

object

{}

Per-service custom labels

services.thumbnails.image.pullPolicy

string

nil

Image pull policy

services.thumbnails.image.repository

string

""

Image repository

services.thumbnails.image.sha

string

""

Image sha / digest (optional).

services.thumbnails.image.tag

string

""

Image tag.

services.thumbnails.jobNodeSelector

object

{}

Per-service jobNodeSelector configuration. Overrides the default setting from jobNodeSelector if set.

services.thumbnails.jobPriorityClassName

string

""

Per-service jobPriorityClassName configuration. Overrides the default setting from jobPriorityClassName if set.

services.thumbnails.jobResources

object

{}

Per-service jobResources configuration. Overrides the default setting from jobResources if set.

services.thumbnails.maintenance.cleanUpOldThumbnails.deleteBefore

int

30

Setting that makes the command delete all thumbnails older than the value. The value is a number in days.

services.thumbnails.maintenance.cleanUpOldThumbnails.enabled

bool

false

Enables a job, that cleans up old thumbnails. Requires persistence to be enabled.

services.thumbnails.maintenance.cleanUpOldThumbnails.method

string

"atime"

Method to use with BusyBox "find" for finding old thumbnails. Can be mtime, atime or ctime.

services.thumbnails.maintenance.cleanUpOldThumbnails.schedule

string

"0 * * * *"

Cron pattern for the job to be run.

services.thumbnails.maintenance.cleanUpOldThumbnails.startingDeadlineSeconds

int

600

Defines the a deadline (in whole seconds) for starting the Job, if that Job misses its scheduled time for any reason.

services.thumbnails.maintenance.image.pullPolicy

string

"IfNotPresent"

Image pull policy

services.thumbnails.maintenance.image.repository

string

"busybox"

Image repository

services.thumbnails.maintenance.image.sha

string

""

Image sha / digest (optional).

services.thumbnails.maintenance.image.tag

string

"stable"

Image tag.

services.thumbnails.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.thumbnails.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.thumbnails.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when having more than one replica for this service or persistence needs to be disabled.

services.thumbnails.persistence.annotations

object

{}

Persistent volume annotations.

services.thumbnails.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.thumbnails.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.thumbnails.persistence.enabled

bool

false

Enables persistence. Is recommended to be enabled on production installations. If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances. If not enabled, thumbnail generation might lead to higher CPU usage.

services.thumbnails.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.thumbnails.persistence.finalizers

list

[]

Persistent volume finalizers.

services.thumbnails.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.thumbnails.persistence.size

string

"10Gi"

Size of the persistent volume.

services.thumbnails.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.thumbnails.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.thumbnails.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.thumbnails.quota.maxConcurrencyRequests

int

0

Number of maximum concurrent thumbnail requests. Default is 0 which is unlimited.

services.thumbnails.quota.maxFileSize

string

"50MB"

Sets a maximum file size of an input image which is being processed. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.

services.thumbnails.quota.maxInputHeight

int

7680

Sets a maximium height of an imput image which is being processed.

services.thumbnails.quota.maxInputWitdth

int

7680

Sets a maximium width of an imput image which is being processed.

services.thumbnails.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.userlog

object

see detailed service configuration options below

USERLOG service.

services.userlog.affinity

object

{}

Affinity settings for the userlog service. See the documentation of this setting in approvider for examples.

services.userlog.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.userlog.extraLabels

object

{}

Per-service custom labels

services.userlog.image.pullPolicy

string

nil

Image pull policy

services.userlog.image.repository

string

""

Image repository

services.userlog.image.sha

string

""

Image sha / digest (optional).

services.userlog.image.tag

string

""

Image tag.

services.userlog.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.userlog.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.userlog.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.userlog.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.userlog.store

object

{}

Per-service store configuration for the userlog service. Overrides the default setting from store if set.

services.users

object

see detailed service configuration options below

USERS service.

services.users.affinity

object

{}

Affinity settings for the users service. See the documentation of this setting in approvider for examples.

services.users.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.users.extraLabels

object

{}

Per-service custom labels

services.users.image.pullPolicy

string

nil

Image pull policy

services.users.image.repository

string

""

Image repository

services.users.image.sha

string

""

Image sha / digest (optional).

services.users.image.tag

string

""

Image tag.

services.users.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.users.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.users.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.users.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.web

object

see detailed service configuration options below

ownCloud WEB service.

services.web.additionalInitContainers

list

[]

Additional init containers for the Web pods.

services.web.affinity

object

{}

Affinity settings for the web service. See the documentation of this setting in approvider for examples.

services.web.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.web.config.apps

list

[]

Configure the {"apps": []} section in the Web config.json.

services.web.config.contextHelpersReadMore.enabled

bool

true

Specifies whether the “Read more” link should be displayed or not.

services.web.config.customTranslations

list

[]

Configure custom translations

services.web.config.externalApps

object

{}

Configure external apps in Web’s app.yaml

services.web.config.feedbackLink.ariaLabel

string

""

Screen reader accessible label for the feedback link. Uses the ownCloud default label if empty.

services.web.config.feedbackLink.description

string

""

Description to be shown for the feedback link. Uses the ownCloud default description if empty.

services.web.config.feedbackLink.enabled

bool

true

Enables the feedback link in the Web UI.

services.web.config.feedbackLink.href

string

""

URI where the feedback link points. Uses the ownCloud default href if empty.

services.web.config.oidc.loginURL

string

nil

Specifies the target url valid for the logged out / access denied page.

services.web.config.oidc.postLogoutRedirectURI

string

""

URI where to redirect the user after a logout was performed. Defaults to the URI of the login page.

services.web.config.oidc.webClientID

string

"web"

Specify the client ID which the web frontend will use

services.web.config.oidc.webClientScope

string

"openid profile email"

OIDC scopes to request during authentication to authorize access to user details. Defaults to ‘openid profile email’. Values are separated by blank. More example values but not limited to are ‘address’ or ‘phone’ etc.

services.web.config.scripts

list

[]

Configure the {"styles": []} section in the Web config.json.

services.web.config.styles

list

[]

Configure the {"styles": []} section in the Web config.json.

services.web.config.theme.path

string

"/themes/owncloud/theme.json"

URL path to load themes from. The theme server will be prepended. Defaults to the ownCloud Web default theme.

services.web.config.theme.server

string

""

URL to load themes from. Will be prepended to the theme path. Defaults to the value of "externalDomain".

services.web.config.theme.themeNameConfigRefs

string

"owncloud"

Name of the theme you provide via configRefs.webThemeConfigRef and configRefs.webThemeAssetsConfigRef. If you change this when providing a custom theme, you must also change theme.path.

services.web.extraLabels

object

{}

Per-service custom labels

services.web.image.pullPolicy

string

nil

Image pull policy

services.web.image.repository

string

""

Image repository

services.web.image.sha

string

""

Image sha / digest (optional).

services.web.image.tag

string

""

Image tag.

services.web.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.web.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.web.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when having more than one replica for this service or persistence needs to be disabled.

services.web.persistence.annotations

object

{}

Persistent volume annotations.

services.web.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.web.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.web.persistence.enabled

bool

false

Enables persistence. Only needed if you want to change the oCIS instance logo via the Web UI.

services.web.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.web.persistence.finalizers

list

[]

Persistent volume finalizers.

services.web.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.web.persistence.size

string

"1Gi"

Size of the persistent volume.

services.web.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.web.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.web.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.web.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.webdav

object

see detailed service configuration options below

WEBDAV service.

services.webdav.affinity

object

{}

Affinity settings for the webdav service. See the documentation of this setting in approvider for examples.

services.webdav.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.webdav.extraLabels

object

{}

Per-service custom labels

services.webdav.image.pullPolicy

string

nil

Image pull policy

services.webdav.image.repository

string

""

Image repository

services.webdav.image.sha

string

""

Image sha / digest (optional).

services.webdav.image.tag

string

""

Image tag.

services.webdav.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.webdav.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.webdav.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.webdav.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.webfinger

object

see detailed service configuration options below

WEBFINGER service.

services.webfinger.affinity

object

{}

Affinity settings for the webfinger service. See the documentation of this setting in approvider for examples.

services.webfinger.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.webfinger.extraLabels

object

{}

Per-service custom labels

services.webfinger.image.pullPolicy

string

nil

Image pull policy

services.webfinger.image.repository

string

""

Image repository

services.webfinger.image.sha

string

""

Image sha / digest (optional).

services.webfinger.image.tag

string

""

Image tag.

services.webfinger.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.webfinger.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.webfinger.priorityClassName

string

""

Per-service priorityClassName configuration. Overrides the default setting from priorityClassName if set.

services.webfinger.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

store.nodes

list

["{{ .appNameNats }}:9233"]

Nodes of the store to use.

store.type

string

"nats-js-kv"

Configure the store type. Can be set to "nats-js-kv" or "redis-sentinel". There is also the non-recommended option "memory". The address of NATS / Redis Sentinel node(s) needs to be set to cache.nodes.

topologySpreadConstraints

string

""

TopologySpreadConstraints controls how Pods of a service are spread across the cluster among failure-domains. Defaults to allow skew no more then 1 node per node. Passed through tpl and therefore needs to be configured as string.

tracing.collector

string

""

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector.observability.svc.cluster.local:14268/api/traces. Only used if the tracing endpoint is unset.

tracing.enabled

bool

false

Tracing enables sending traces

tracing.endpoint

string

""

Endpoint of the tracing system, jaeger-agent.observability.svc.cluster.local:6831 or similar.

tracing.type

string

"jaeger"

Type of trace provider to use