values.yaml Description

Chart Version: 0.5.0

Values for the ocis Helm Chart
Key Type Default Description

autoscaling.enabled

bool

false

Enables autoscaling. When set to true, replicas is no longer applied.

autoscaling.maxReplicas

int

10

Sets maximum replicas for autoscaling.

autoscaling.metrics

list

[]

Metrics to use for autoscaling

autoscaling.minReplicas

int

3

Sets minimum replicas for autoscaling.

cache.nodes

list

[]

Nodes of the cache to use.

cache.type

string

""

Type of the cache to use. It defaults to no cache or a in memory cache depending on the service. To disable the cache, set to "noop". Can be set to "redis", "redis-sentinel" or "etcd", then the address of Redis (Sentinel) / etcd node(s) needs to be set to cache.nodes.

configRefs.graphConfigRef

string

""

Reference to an existing graph config.

configRefs.storageusersConfigRef

string

""

Reference to an existing storage-users config.

configRefs.webThemeAssetsConfigRef

string

""

Optional reference to an existing web theme assets config. Will be mounted to /var/lib/ocis/web/assets/themes/owncloud/assets for Web. Does not get autogenerated. Hint: if you set this, you’ll no longer be able to change the instance logo via the Web UI.

configRefs.webThemeConfigRef

string

""

Optional reference to an existing web theme config. Will be mounted to /var/lib/ocis/web/assets/themes/owncloud for Web. Does not get autogenerated. Hint: if you set this, you’ll no longer be able to change the instance logo via the Web UI.

debug.profiling

bool

false

Profiling enables the http://<pod>:<debug-metrics>/debug/pprof endpoint to inspect various Go runtime internals. You can use the endpoint on your machine by forwarding the port, eg: kubectl port-forward -n ocis pod/authbasic-8587dc9d64-fs24l 9147:9147 and then accessing the port on https://localhost:9147/debug/pprof or using the pprof command line tool: go tool pprof -web http://localhost:9147/debug/pprof/symbol\?seconds\=10

deploymentStrategy

object

{"type":"RollingUpdate"}

Deployment strategy.

externalDomain

string

"ocis.owncloud.test"

Domain where oCIS is reachable for the outside world

extraLabels

object

{}

Custom labels for all manifests

extraResources

list

[]

Extra resources to be included.

features.appsIntegration.enabled

bool

false

Enables the apps integration.

features.appsIntegration.mimetypes

list

default configuration of oCIS, see doc.owncloud.com

Mimetype configuration. Let’s you configure a mimetypes' default application, if it is allowed to create a new file and more.

features.appsIntegration.wopiIntegration.officeSuites[0].enabled

bool

false

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[0].iconURI

string

"https://collabora.owncloud.test/favicon.ico"

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].insecure

bool

false

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[0].name

string

"Collabora"

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].uri

string

"https://collabora.owncloud.test"

URI of the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].disableChat

bool

false

Disables Chat functionality of OnlyOffice

features.appsIntegration.wopiIntegration.officeSuites[1].enabled

bool

false

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].iconURI

string

"https://onlyoffice.owncloud.test/web-apps/apps/documenteditor/main/resources/img/favicon.ico"

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].insecure

bool

false

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[1].name

string

"OnlyOffice"

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].uri

string

"https://onlyoffice.owncloud.test"

URI of the office suite.

features.appsIntegration.wopiIntegration.wopiFolderURI

string

"https://{{ .Values.externalDomain }}"

Base url to navigate back from the app to the containing folder in the file list.

features.appsIntegration.wopiIntegration.wopiFolderURIPathTemplate

string

nil

Path template for the url to navigate back from the app to the containing folder in the file list. null uses the default value of oCIS, so that one also can set it to "" to not have a path template.

features.appsIntegration.wopiIntegration.wopiServerURI

string

"https://wopiserver.owncloud.test"

URL of the cs3org/wopiserver. Can be deployed with this Chart.

features.archiver.maxNumFiles

int

10000

Max number of files that can be packed into an archive.

features.archiver.maxSize

int

1073741824

Max size in bytes of the zip archive the archiver can create.

features.basicAuthentication

bool

false

Enable basic authentication. Not recommended for production installations.

features.demoUsers

bool

false

Create demo users on the first startup. Not recommended for production installations.

features.edition

string

"Community"

Edition of ownCloud Infinite Scale.

features.emailNotifications.branding.enabled

bool

false

Enables mail branding. If enabled, you need to provide the text and html template ConfigMap. The image ConfigMap is optional.

features.emailNotifications.branding.htmlMailImagesConfigRef

string

"html-mail-images"

Reference to a ConfigMap containing images that can be referenced from the html mail template. This ConfigMap is optional and can be omitted when images are not used.

features.emailNotifications.branding.htmlMailTemplatesConfigRef

string

"html-mail-templates"

Reference to a ConfigMap containing the html mail template. The template file must be named "email.html.tmpl". The default template can be seen here: https://github.com/owncloud/ocis/blob/master/services/notifications/pkg/email/templates/html/email.html.tmpl

features.emailNotifications.branding.textMailTemplatesConfigRef

string

"text-mail-templates"

Reference to a ConfigMap containing the text mail template. The template file must be named "email.text.tmpl". The default template can be seen here: https://github.com/owncloud/ocis/blob/master/services/notifications/pkg/email/templates/text/email.text.tmpl

features.emailNotifications.enabled

bool

false

Enables email notifications.

features.emailNotifications.smtp.authentication

string

"none"

Authentication method for the SMTP communication. Possible values are ‘login’, ‘plain’, ‘crammd5’, ‘none’ If set to another value than none, a secret referenced by notificationsSmtpSecretRef needs to be present.

features.emailNotifications.smtp.encryption

string

"none"

Encryption method for the SMTP communication. Possible values are ‘starttls’, ‘ssl’, ‘ssltls’, ‘tls’ and ‘none’.

features.emailNotifications.smtp.host

string

nil

SMTP host to connect to.

features.emailNotifications.smtp.port

string

nil

Port of the SMTP host to connect to.

features.emailNotifications.smtp.sender

string

nil

Sender address of emails that will be sent. Example: 'ownCloud <noreply@example.com>'

features.externalUserManagement.adminUUID

string

""

UUID of the inital admin user. If the given value matches a user’s value from features.externalUserManagement.oidc.userIDClaim, the admin role will be assigned. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. Note: Enabling roleAssignment will disable adminUUID.

features.externalUserManagement.enabled

bool

false

Enables external user management (and disables internal user management). Needs an external OpenID Connect Identity Provider and an external LDAP server.

features.externalUserManagement.ldap.bindDN

string

"uid=ocis,ou=system-users,dc=owncloud,dc=test"

DN of the user to use to bind to the LDAP server. The password for the user needs to be set in the secret referenced by secretRefs.ldapSecretRef as reva-ldap-bind-password. The user needs to have permission to list users and groups.

features.externalUserManagement.ldap.certTrusted

bool

true

Set only to false, if the certificate of your LDAP secure service is not trusted. If set to false, you need to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"

features.externalUserManagement.ldap.disableUsers

object

{"disableMechanism":"none","disabledUsersGroupDN":"cn=DisabledUsersGroup,ou=groups,o=libregraph-idm","userEnabledAttribute":"ownCloudUserEnabled"}

When using external user management, users can be set as disabled by either belonging to a group or using an ldap attribute.

features.externalUserManagement.ldap.disableUsers.disableMechanism

string

"none"

Enables disabling users if configured as "attribute" or "group"

features.externalUserManagement.ldap.disableUsers.disabledUsersGroupDN

string

"cn=DisabledUsersGroup,ou=groups,o=libregraph-idm"

Group that a user can be added to and by that being marked as disabled.

features.externalUserManagement.ldap.disableUsers.userEnabledAttribute

string

"ownCloudUserEnabled"

Attribute to use for disabling users.

features.externalUserManagement.ldap.group.baseDN

string

"ou=groups,dc=owncloud,dc=com"

Search base DN for looking up LDAP groups.

features.externalUserManagement.ldap.group.createBaseDN

string

""

BaseDN where new groups are created and are considered as editable. All existing groups with a DN outside the features.externalUserManagement.ldap.group.createBaseDN will be treated as read-only groups. Defaults to the value features.externalUserManagement.ldap.group.baseDN. Only applicable if features.externalUserManagement.ldap.writeable is set to true

features.externalUserManagement.ldap.group.filter

string

nil

LDAP filter to add to the default filters for group searches.

features.externalUserManagement.ldap.group.objectClass

string

"groupOfNames"

The object class to use for groups in the default group search filter like groupOfNames.

features.externalUserManagement.ldap.group.schema.displayName

string

"cn"

LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).

features.externalUserManagement.ldap.group.schema.groupName

string

"cn"

LDAP Attribute to use for the name of groups.

features.externalUserManagement.ldap.group.schema.id

string

"ownclouduuid"

LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.

features.externalUserManagement.ldap.group.schema.idIsOctetString

bool

false

Set this to true if the defined id attribute for groups is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the group ID`s.

features.externalUserManagement.ldap.group.schema.mail

string

"mail"

LDAP Attribute to use for the email address of groups (can be empty).

features.externalUserManagement.ldap.group.schema.member

string

"member"

LDAP Attribute that is used for group members.

features.externalUserManagement.ldap.group.scope

string

"sub"

LDAP search scope to use when looking up groups. Supported values are base, one and sub.

features.externalUserManagement.ldap.insecure

bool

false

For self signed certificates, consider to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef" Not recommended for production installations.

features.externalUserManagement.ldap.passwordModifyExOpEnabled

bool

false

Use the Password Modify Extended Operation for updating user passwords.

features.externalUserManagement.ldap.readOnlyAttributes

list

[]

If the LDAP server is set to writable in general, some user attributes can be restricted to read only in the UI. Note: This only disables editing in the UI. The readonly permissions need to be enforced in the LDAP server itself.

features.externalUserManagement.ldap.refintEnabled

bool

false

Signals that the LDAP server has the refint plugin enabled, which makes some actions not needed.

features.externalUserManagement.ldap.uri

string

"ldaps://ldaps.owncloud.test"

URI to connect to the LDAP secure server.

features.externalUserManagement.ldap.useServerUUID

bool

false

If set to true, rely on the LDAP Server to generate a unique ID for users and groups, like when using 'entryUUID' as the user ID attribute.

features.externalUserManagement.ldap.user.baseDN

string

"ou=users,dc=owncloud,dc=com"

Search base DN for looking up LDAP users.

features.externalUserManagement.ldap.user.filter

string

nil

LDAP filter to add to the default filters for user search like (objectclass=ownCloud).

features.externalUserManagement.ldap.user.objectClass

string

"inetOrgPerson"

The object class to use for users in the default user search filter like inetOrgPerson.

features.externalUserManagement.ldap.user.schema.displayName

string

"displayname"

LDAP Attribute to use for the displayname of users.

features.externalUserManagement.ldap.user.schema.id

string

"ownclouduuid"

LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.

features.externalUserManagement.ldap.user.schema.idIsOctetString

bool

false

Set this to true if the defined id attribute for users is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the user ID`s.

features.externalUserManagement.ldap.user.schema.mail

string

"mail"

LDAP Attribute to use for the email address of users.

features.externalUserManagement.ldap.user.schema.userName

string

"uid"

LDAP Attribute to use for username of users.

features.externalUserManagement.ldap.user.schema.userType

string

"ownCloudUserType"

LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'ownCloudUserType'.

features.externalUserManagement.ldap.user.scope

string

"sub"

LDAP search scope to use when looking up users. Supported values are base, one and sub.

features.externalUserManagement.ldap.user.substringFilterType

string

"any"

Type of substring search filter to use for substring searches for users. Possible values: initial for doing prefix only searches, final for doing suffix only searches or any for doing full substring searches

features.externalUserManagement.ldap.writeable

bool

true

Writeable configures if oCIS is allowed to write to the LDAP server, to eg. create or edit users.

features.externalUserManagement.oidc.accessTokenVerifyMethod

string

"jwt"

OIDC Acces Token Verify Method Set to "jwt" or "none"

features.externalUserManagement.oidc.editAccountLink

string

""

Link to the OIDC provider’s user accessible account editing page. This will be shown to the user on the personal account page. When using Keycloak with the a realm named "ocis" this could point to eg. https://keycloak.owncloud.test/realms/ocis/account/

features.externalUserManagement.oidc.issuerURI

string

"https://idp.owncloud.test/realms/ocis"

Issuer URI of the OpenID Connect Identity Provider. If the IDP doesn’t have valid / trusted SSL certificates, certificate validation can be disabled with the insecure.oidcIdpInsecure option.

features.externalUserManagement.oidc.roleAssignment

object

{"claim":"roles","enabled":false,"mapping":[{"claim_value":"ocisAdmin","role_name":"admin"},{"claim_value":"ocisSpaceAdmin","role_name":"spaceadmin"},{"claim_value":"ocisUser","role_name":"user"},{"claim_value":"ocisGuest","role_name":"guest"}]}

Configure OIDC role assignment. If activated, oCIS will read the role assigment from the OIDC token, see Automatic Role Assignments

features.externalUserManagement.oidc.roleAssignment.claim

string

"roles"

The name of the OIDC claim holding the role assignment

features.externalUserManagement.oidc.roleAssignment.mapping

list

[{"claim_value":"ocisAdmin","role_name":"admin"},{"claim_value":"ocisSpaceAdmin","role_name":"spaceadmin"},{"claim_value":"ocisUser","role_name":"user"},{"claim_value":"ocisGuest","role_name":"guest"}]

Configure the mapping for the role assignment

features.externalUserManagement.oidc.sessionManagementLink

string

""

Link to the OIDC provider’s user accessible session management. This will be shown to the user on the personal account page. When using Keycloak with the a realm named "ocis" this could point to eg. https://keycloak.owncloud.test/realms/ocis/account/

features.externalUserManagement.oidc.userIDClaim

string

"ocis.user.uuid"

Claim to take an unique user identifier from. It will be used to look up the user on the LDAP server.

features.externalUserManagement.oidc.userIDClaimAttributeMapping

string

"userid"

Attribute mapping of for the userIDClaim. Set to userid if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.id. Set to mail if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.mail. Set to username if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.userName.

features.externalUserManagement.oidc.webClientID

string

"web"

Specify the client ID which the web frontend will use

features.gdprReport.integrations

object

{"keycloak":{"basePath":"https://keycloak.owncloud.test","clientID":"gdpr-exporter","clientRealm":"master","enabled":false,"insecure":false,"userRealm":"oCIS"}}

Controls the separate GDPR integrations

features.gdprReport.integrations.keycloak.basePath

string

"https://keycloak.owncloud.test"

Base URI of keycloak.

features.gdprReport.integrations.keycloak.clientID

string

"gdpr-exporter"

Client ID to authenticate against keycloak with.

features.gdprReport.integrations.keycloak.clientRealm

string

"master"

Realm that the client ID is configured in, usually master.

features.gdprReport.integrations.keycloak.enabled

bool

false

Enable keycloak data export.

features.gdprReport.integrations.keycloak.insecure

bool

false

Disables SSL certificate checking for connections to the GDPR export service. Not recommended for production installations.

features.gdprReport.integrations.keycloak.userRealm

string

"oCIS"

Realm that the users are in.

features.policies.enabled

bool

false

Enables policies

features.policies.engineTimeout

string

"10s"

Sets the timeout the rego expression evaluation can take. The timeout can be set as number followed by a unit identifier like ms, s, etc. Rules default to deny if the timeout was reached.

features.policies.policies

list

[]

Sets the policies. Each policy file is defined by a fileName and a content. The content takes the rego script as text. For further information, please have a look at https://doc.owncloud.com/ocis/next/deployment/services/s-list/policies.html Attention: All scripts provided here will end up in a ConfigMap. The data stored in a ConfigMap cannot exceed 1 MiB. see https://kubernetes.io/docs/concepts/configuration/configmap/#:~:text=The%20data%20stored%20in%20a,separate%20database%20or%20file%20service.

features.quotas.default

string

nil

Sets the default quota for spaces in bytes. So 1000 sets the default quota to 1KB. 0 means unlimited.

features.quotas.max

string

nil

Sets the maximum quota for spaces in bytes. So 1000 sets the max quota to 1KB.

features.quotas.roles

object

{}

Sets specific quotas for roles

features.roles.customRoles

string

""

Define the roles by providing the JSON text here.

features.roles.customRolesConfigRef

string

nil

Define the roles by specifying a name of a ConfigMap which already contains the the role description (might also be defined in the extraResources section). The ConfigMap needs to contain a file named custom-roles.json which holds the role description in JSON format Please note that you have to restart the settings service manually if you change the content of you ConfigMap.

features.sharing.publiclink.writeableShareMustHavePassword

bool

false

Enforce a password on writable public link shares.

features.sharing.users.resharing

bool

true

Allow a share receiver to share the share with a 3rd person.

features.sharing.users.search.minLengthLimit

int

3

Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.

features.virusscan.enabled

bool

false

Enables virus scanning

features.virusscan.icap

object

{"service":"avscan","timeout":300,"url":"icap://127.0.0.1:1344"}

Define icap parameters

features.virusscan.icap.service

string

"avscan"

Sets the service to be used in icap

features.virusscan.icap.timeout

int

300

Sets the timeout for icap scans

features.virusscan.icap.url

string

"icap://127.0.0.1:1344"

Sets the icap url

features.virusscan.infectedFileHandling

string

"delete"

Define what should happen with infected files. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.

features.virusscan.maxScanSize

string

nil

Sets a maximum file size for scans. Only this many bytes of a file will be scanned. 0 means unlimited and is the default. Usable common abbreviations: [KB, KiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.

http.cors.allow_origins

list

[]

image.pullPolicy

string

"IfNotPresent"

Image pull policy

image.pullSecrets

list

[]

Names of the secret containing the credentials to pull an image from the registry. More information how a secret can be defined at https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ Note: These secrets also apply to initContainers, so you need to provide secrets for the initContainer image here as well.

image.repository

string

"owncloud/ocis"

Image repository

image.sha

string

""

Image sha / digest (optional).

image.tag

string

""

Image tag. Defaults to the chart’s appVersion.

ingress.annotations

object

{}

Ingress annotations.

ingress.enabled

bool

false

Enables the Ingress.

ingress.ingressClassName

string

nil

Ingress class to use. Uses the default ingress class if not set.

ingress.labels

object

{}

Labels for the ingress.

ingress.tls

list

[]

Ingress TLS configuration.

initContainerImage

object

{"pullPolicy":"IfNotPresent","repository":"busybox","sha":"","tag":"stable"}

InitContainer image used for oCIS services. Only used if services.xxx.persistence.chownInitContainer.enabled is set to true for at least one service.

initContainerImage.pullPolicy

string

"IfNotPresent"

Image pull policy

initContainerImage.repository

string

"busybox"

Image repository

initContainerImage.sha

string

""

Image sha / digest (optional).

initContainerImage.tag

string

"stable"

Image tag.

insecure.ocisHttpApiInsecure

bool

false

Disables SSL certificate checking for connections to the oCIS http apis. Not recommended for production installations.

insecure.oidcIdpInsecure

bool

false

Disables SSL certificate checking for connections to the openID connect identity provider. Not recommended for production installations.

jobNodeSelector

object

{}

Default nodeSelector to apply to all jobs, except per-service job nodeSelector configuration in services.<service-name>.jobNodeSelector is set.

jobResources

object

{}

Default resources to apply to all jobs in services, except per-service resources configuration in services.<service-name>.jobResources is set. Best practice is to: - set memory request == memory limit (compare to https://home.robusta.dev/blog/kubernetes-memory-limit) - set cpu request and omit cpu limit (compare to https://home.robusta.dev/blog/stop-using-cpu-limits)

logging.color

string

"false"

Activates colorized log output. Not recommended for production installations.

logging.level

string

"info"

Log level. Valid values: panic, fatal, error, warn, info, debug, trace.

logging.pretty

string

"false"

Activates pretty log output. Not recommended for production installations.

messagingSystem.external.cluster

string

"ocis-cluster"

Cluster name to use with the messaging system.

messagingSystem.external.enabled

bool

false

Use an external NATS messaging system instead of the internal one. Recommended for all production instances. Needs to be used if HighAvailability is needed. Needs to be used if oCIS shall be used by more than a 2-digit user count.

messagingSystem.external.endpoint

string

"nats.ocis-nats.svc.cluster.local:4222"

Endpoint of the messaging system.

messagingSystem.external.tls.certTrusted

bool

true

Set only to false, if the certificate of your messaging system service is not trusted. If set to false, you need to put the CA cert of the messaging system server into the secret referenced by "messagingSystemCaRef"

messagingSystem.external.tls.enabled

bool

true

Enables TLS encrypted communication with the messaging system. Recommended for production installations.

messagingSystem.external.tls.insecure

bool

false

For self signed certificates, consider to put the CA cert of the messaging system secure server into the secret referenced by "messagingSystemCaRef" Not recommended for production installations.

monitoring

object

{"enabled":false,"interval":"60s","scrapeTimeout":"60s"}

Service monitoring configuration. Requires the monitoring.coreos.com/v1 CRDs to be installed.

monitoring.enabled

bool

false

Enable service monitoring.

monitoring.interval

string

"60s"

Interval at which to scrape metrics.

monitoring.scrapeTimeout

string

"60s"

Scrape timeout.

namespaceOverride

string

nil

Override the deployment namespace of all resources in this Helm chart.

nodeSelector

object

{}

Default nodeSelector to apply to all services, except per-service nodeSelector configuration in services.<service-name>.nodeSelector is set.

podDisruptionBudget

object

{}

registry.nodes

list

[]

Nodes of the service registry to use.

registry.type

string

"kubernetes"

Configure the service registry type. Defaults to "kubernetes". Can be set to "etcd" or "nats", then the address of etcd / nats node(s) needs to be set to registry.nodes.

replicas

int

1

Number of replicas for each scalable service. Has no effect when autoscaling.enabled is set to true.

resources

object

{}

Default resources to apply to all services, except per-service resources configuration in services.<service-name>.resources is set. Best practice is to: - set memory request == memory limit (compare to https://home.robusta.dev/blog/kubernetes-memory-limit) - set cpu request and omit cpu limit (compare to https://home.robusta.dev/blog/stop-using-cpu-limits)

secretRefs.adminUserSecretRef

string

""

Reference to an existing admin user secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.gdprExportClientSecretRef

string

""

Reference to an existing keycloak client secret, used for the GDPR export. Only used if features.externalUserManagement.gdprExport.enabled equals true.

secretRefs.idpSecretRef

string

""

Reference to an existing IDP secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.jwtSecretRef

string

""

Reference to an existing JWT secret (see Secrets).

secretRefs.ldapCaRef

string

""

Reference to an existing LDAP certificate authority secret (see Secrets)

secretRefs.ldapCertRef

string

""

Reference to an existing LDAP cert secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.ldapSecretRef

string

""

Reference to an existing LDAP bind secret (see Secrets).

secretRefs.machineAuthApiKeySecretRef

string

""

Reference to an existing machine auth api key secret (see Secrets)

secretRefs.messagingSystemCaRef

string

""

Reference to an existing messaging system certificate authority secret (see Secrets)

secretRefs.notificationsSmtpSecretRef

string

""

Reference to an existing SMTP email server settings secret (see Secrets). Not used if features.emailNotifications.enabled equals false. Not used if features.emailNotifications.smtp.authentication equals none.

secretRefs.s3CredentialsSecretRef

string

""

Reference to an existing s3 secret (see Secrets) If not filled in, will attempt to use values in .storageusers.storageBackend.s3.driverConfig.s3ng instead.

secretRefs.storagesystemJwtSecretRef

string

""

Reference to an existing storage-system JWT secret (see Secrets)

secretRefs.storagesystemSecretRef

string

""

Reference to an existing storage-system secret (see Secrets)

secretRefs.thumbnailsSecretRef

string

""

Reference to an existing thumbnails transfer secret (see Secrets)

secretRefs.transferSecretSecretRef

string

""

Reference to an existing transfer secret (see Secrets)

securityContext.fsGroup

int

1000

File system group for all volumes.

securityContext.fsGroupChangePolicy

string

"OnRootMismatch"

File system group change policy for all volumes. Possible values "Always" and "OnRootMismatch". This will also apply to all services' chownInitContainer.

securityContext.runAsGroup

int

1000

Group ID that all processes within any containers will run with.

securityContext.runAsUser

int

1000

User ID that all processes within any containers will run with.

services.antivirus

object

see detailed service configuration options below

ANTIVIRUS service. Not used if features.virusscan.enabled equals false.

services.antivirus.affinity

object

{}

Affinity settings for the antivirus service. See the documentation of this setting in approvider for examples.

services.antivirus.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.antivirus.extraLabels

object

{}

Per-service custom labels

services.antivirus.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.antivirus.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.antivirus.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.appprovider

object

see detailed service configuration options below

APP PROVIDER service. Not used if features.appsIntegration.enabled equals false.

services.appprovider.affinity

object

{}

Affinity settings for the approvider service.

services.appprovider.extraLabels

object

{}

Per-service custom labels

services.appprovider.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.appprovider.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.appregistry

object

see detailed service configuration options below

APP REGISTRY service. Not used if features.appsIntegration.enabled equals false.

services.appregistry.affinity

object

{}

Affinity settings for the appregistry service. See the documentation of this setting in approvider for examples.

services.appregistry.extraLabels

object

{}

Per-service custom labels

services.appregistry.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.appregistry.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.audit

object

see detailed service configuration options below

AUDIT service.

services.audit.affinity

object

{}

Affinity settings for the audit service. See the documentation of this setting in approvider for examples.

services.audit.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.audit.extraLabels

object

{}

Per-service custom labels

services.audit.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.audit.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.audit.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.authbasic

object

see detailed service configuration options below

AUTH BASIC service. Not used if features.externalUserManagement.enabled equals true.

services.authbasic.affinity

object

{}

Affinity settings for the authbasic service. See the documentation of this setting in approvider for examples.

services.authbasic.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.authbasic.extraLabels

object

{}

Per-service custom labels

services.authbasic.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.authbasic.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.authbasic.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.authmachine

object

see detailed service configuration options below

AUTH MACHINE service.

services.authmachine.affinity

object

{}

Affinity settings for the authmachine service. See the documentation of this setting in approvider for examples.

services.authmachine.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.authmachine.extraLabels

object

{}

Per-service custom labels

services.authmachine.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.authmachine.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.authmachine.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.eventhistory

object

see detailed service configuration options below

EVENT HISTORY service.

services.eventhistory.affinity

object

{}

Affinity settings for the eventhistory service. See the documentation of this setting in approvider for examples.

services.eventhistory.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.eventhistory.extraLabels

object

{}

Per-service custom labels

services.eventhistory.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.eventhistory.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.eventhistory.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.eventhistory.store

object

{}

Per-service store configuration for the eventhistory service. Overrides the default setting from store if set.

services.frontend

object

see detailed service configuration options below

FRONTEND service.

services.frontend.affinity

object

{}

Affinity settings for the frontend service. See the documentation of this setting in approvider for examples.

services.frontend.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.frontend.extraLabels

object

{}

Per-service custom labels

services.frontend.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.frontend.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.frontend.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.gateway

object

see detailed service configuration options below

GATEWAY service.

services.gateway.affinity

object

{}

Affinity settings for the gateway service. See the documentation of this setting in approvider for examples.

services.gateway.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.gateway.extraLabels

object

{}

Per-service custom labels

services.gateway.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.gateway.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.gateway.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.graph

object

see detailed service configuration options below

GRAPH service.

services.graph.affinity

object

{}

Affinity settings for the graph service. See the documentation of this setting in approvider for examples.

services.graph.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.graph.extraLabels

object

{}

Per-service custom labels

services.graph.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.graph.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.graph.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.groups

object

see detailed service configuration options below

GROUPS service.

services.groups.affinity

object

{}

Affinity settings for the groups service. See the documentation of this setting in approvider for examples.

services.groups.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.groups.extraLabels

object

{}

Per-service custom labels

services.groups.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.groups.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.groups.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.idm

object

see detailed service configuration options below

IDM service. Not used if features.externalUserManagement.enabled equals true.

services.idm.affinity

object

{}

Affinity settings for the idm service. See the documentation of this setting in approvider for examples.

services.idm.extraLabels

object

{}

Per-service custom labels

services.idm.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.idm.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.idm.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.idm.persistence.annotations

object

{}

Persistent volume annotations.

services.idm.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.idm.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.idm.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations, except features.externalUserManagement.enabled equals true. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.idm.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.idm.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.idm.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.idm.persistence.size

string

"10Gi"

Size of the persistent volume.

services.idm.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.idm.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.idp

object

see detailed service configuration options below

IDP service. Not used if features.externalUserManagement.enabled equals true.

services.idp.affinity

object

{}

Affinity settings for the idp service. See the documentation of this setting in approvider for examples.

services.idp.extraLabels

object

{}

Per-service custom labels

services.idp.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.idp.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.nats

object

see detailed service configuration options below

NATS service. Not used if messagingSystem.external.enabled equals true.

services.nats.affinity

object

{}

Affinity settings for the nats service. See the documentation of this setting in approvider for examples.

services.nats.extraLabels

object

{}

Per-service custom labels

services.nats.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.nats.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.nats.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.nats.persistence.annotations

object

{}

Persistent volume annotations.

services.nats.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.nats.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.nats.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations, except messagingSystem.external.enabled equals true. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.nats.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.nats.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.nats.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.nats.persistence.size

string

"10Gi"

Size of the persistent volume.

services.nats.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.nats.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.notifications

object

see detailed service configuration options below

NOTIFICATIONS service. Not used if features.emailNotifications.enabled equals true.

services.notifications.affinity

object

{}

Affinity settings for the notifications service. See the documentation of this setting in approvider for examples.

services.notifications.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.notifications.extraLabels

object

{}

Per-service custom labels

services.notifications.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.notifications.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.notifications.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.ocdav

object

see detailed service configuration options below

OCDAV service.

services.ocdav.affinity

object

{}

Affinity settings for the ocdav service. See the documentation of this setting in approvider for examples.

services.ocdav.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.ocdav.extraLabels

object

{}

Per-service custom labels

services.ocdav.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.ocdav.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.ocdav.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.ocs

object

see detailed service configuration options below

OCS service.

services.ocs.affinity

object

{}

Affinity settings for the ocs service. See the documentation of this setting in approvider for examples.

services.ocs.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.ocs.extraLabels

object

{}

Per-service custom labels

services.ocs.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.ocs.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.ocs.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.policies

object

see detailed service configuration options below

POLICIES service.

services.policies.affinity

object

{}

Affinity settings for the policies service. See the documentation of this setting in approvider for examples.

services.policies.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.policies.extraLabels

object

{}

Per-service custom labels

services.policies.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.policies.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.policies.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.postprocessing

object

see detailed service configuration options below

POSTPROCESSING service.

services.postprocessing.affinity

object

{}

Affinity settings for the postprocessing service. See the documentation of this setting in approvider for examples.

services.postprocessing.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.postprocessing.extraLabels

object

{}

Per-service custom labels

services.postprocessing.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.postprocessing.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.postprocessing.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.postprocessing.store

object

{}

Per-service store configuration for the eventhistory service. Overrides the default setting from store if set.

services.proxy

object

see detailed service configuration options below

PROXY service.

services.proxy.affinity

object

{}

Affinity settings for the proxy service. See the documentation of this setting in approvider for examples.

services.proxy.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.proxy.extraLabels

object

{}

Per-service custom labels

services.proxy.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.proxy.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.proxy.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.search

object

see detailed service configuration options below

SEARCH service.

services.search.affinity

object

{}

Affinity settings for the search service. See the documentation of this setting in approvider for examples.

services.search.extraLabels

object

{}

Per-service custom labels

services.search.extractor

object

see detailed search extractor configuration options below

Search Extractor settings.

services.search.extractor.sizeLimit

string

nil

Configures the maximum file size in bytes that is allowed for content extraction. For the default value see https://doc.owncloud.com/ocis/next/deployment/services/s-list/search.html

services.search.extractor.tika.url

string

"http://tika.tika.svc.cluster.local:9998"

Set the URL to Tika. Only applicable if services.search.extractor.type == tika.

services.search.extractor.type

string

"basic"

Configures the search extractor type to be used. Possible extractors: - basic: the default search extractor. - tika: the Tika search extractor. If set to this value, additional settings in the tika section apply.

services.search.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.search.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.search.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.search.persistence.annotations

object

{}

Persistent volume annotations.

services.search.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.search.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.search.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.search.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.search.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.search.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.search.persistence.size

string

"10Gi"

Size of the persistent volume.

services.search.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.search.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.search.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.settings

object

see detailed service configuration options below

SETTINGS service.

services.settings.affinity

object

{}

Affinity settings for the settings service. See the documentation of this setting in approvider for examples.

services.settings.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.settings.extraLabels

object

{}

Per-service custom labels

services.settings.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.settings.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.settings.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.sharing

object

see detailed service configuration options below

SHARING service.

services.sharing.affinity

object

{}

Affinity settings for the sharing service. See the documentation of this setting in approvider for examples.

services.sharing.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.sharing.extraLabels

object

{}

Per-service custom labels

services.sharing.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.sharing.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.sharing.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storagepubliclink

object

see detailed service configuration options below

STORAGE-PUBLICLINK service.

services.storagepubliclink.affinity

object

{}

Affinity settings for the storagepubliclink service. See the documentation of this setting in approvider for examples.

services.storagepubliclink.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storagepubliclink.extraLabels

object

{}

Per-service custom labels

services.storagepubliclink.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storagepubliclink.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storagepubliclink.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageshares

object

see detailed service configuration options below

STORAGE-SHARES service.

services.storageshares.affinity

object

{}

Affinity settings for the storageshares service. See the documentation of this setting in approvider for examples.

services.storageshares.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storageshares.extraLabels

object

{}

Per-service custom labels

services.storageshares.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storageshares.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storageshares.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storagesystem

object

see detailed service configuration options below

STORAGE-SYSTEM service.

services.storagesystem.affinity

object

{}

Affinity settings for the storagesystem service. See the documentation of this setting in approvider for examples.

services.storagesystem.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storagesystem.extraLabels

object

{}

Per-service custom labels

services.storagesystem.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storagesystem.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.storagesystem.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.storagesystem.persistence.annotations

object

{}

Persistent volume annotations.

services.storagesystem.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.storagesystem.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.storagesystem.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.storagesystem.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.storagesystem.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.storagesystem.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.storagesystem.persistence.size

string

"5Gi"

Size of the persistent volume.

services.storagesystem.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.storagesystem.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storagesystem.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageusers

object

see detailed service configuration options below

STORAGE-USERS service.

services.storageusers.affinity

object

{}

Affinity settings for the storageusers service. See the documentation of this setting in approvider for examples.

services.storageusers.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.storageusers.extraLabels

object

{}

Per-service custom labels

services.storageusers.jobNodeSelector

object

{}

Per-service jobNodeSelector configuration. Overrides the default setting from jobNodeSelector if set.

services.storageusers.jobResources

object

{}

Per-service jobResources configuration. Overrides the default setting from jobResources if set.

services.storageusers.maintenance.cleanUpExpiredUploads.enabled

bool

false

Enables a job, that cleans up expired uploads. Requires persistence to be enabled and RWX storage.

services.storageusers.maintenance.cleanUpExpiredUploads.schedule

string

"* * * * *"

Cron pattern for the job to be run. Defaults to every minute.

services.storageusers.maintenance.cleanUpExpiredUploads.uploadExpiration

int

86400

Duration in seconds after which uploads will expire. WARNING: Setting this to a low number will lead to uploads being cancelled before they are finished and returning a 403 to the user.

services.storageusers.maintenance.image

object

{"pullPolicy":null,"repository":"","sha":"","tag":""}

Image for the storageusers service maintenance jobs Defaults to the same values as image

services.storageusers.maintenance.image.pullPolicy

string

nil

Image pull policy

services.storageusers.maintenance.image.repository

string

""

Image repository

services.storageusers.maintenance.image.sha

string

""

Image sha / digest (optional).

services.storageusers.maintenance.image.tag

string

""

Image tag.

services.storageusers.maintenance.purgeExpiredTrashBinItems.enabled

bool

false

Enables a job, that purges expired trash bin items. Requires persistence to be enabled.

services.storageusers.maintenance.purgeExpiredTrashBinItems.personalDeleteBefore

string

"30d"

Setting that makes the command delete all trashed personal files older than the value. The value is a number and a unit "d", "h", "m", "s".

services.storageusers.maintenance.purgeExpiredTrashBinItems.projectDeleteBefore

string

"30d"

Setting that makes the command delete all trashed project files older than the value. The value is a number and a unit "d", "h", "m", "s".

services.storageusers.maintenance.purgeExpiredTrashBinItems.purgeTrashBinUserID

string

""

User ID of a user that has permissions to list all personal and project spaces.

services.storageusers.maintenance.purgeExpiredTrashBinItems.schedule

string

"* * * * *"

Cron pattern for the job to be run. Defaults to every minute.

services.storageusers.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.storageusers.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.storageusers.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.storageusers.persistence.annotations

object

{}

Persistent volume annotations.

services.storageusers.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.storageusers.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.storageusers.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.storageusers.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.storageusers.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.storageusers.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.storageusers.persistence.size

string

"50Gi"

Size of the persistent volume.

services.storageusers.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.storageusers.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.storageusers.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageusers.storageBackend.driver

string

"ocis"

Configures the storage driver. Possible values are "ocis" and "s3ng". The oCIS driver stores all data in the persistent volume if persistence is enabled. The S3NG driver stores all metadata in the persistent volume and uploads blobs to s3 if persistence is enabled.

services.storageusers.storageBackend.driverConfig.ocis.metadataBackend

string

"messagepack"

Metadata backend to use for the oCIS storage driver. Valid values are: "messagepack", "xattrs".

services.storageusers.storageBackend.driverConfig.s3ng.accessKey

string

""

S3 access key to use for the S3NG driver. Only used if driver is set to "s3ng". DEPRECATION WARNING: These values will be removed in the future. Predefine secretRefs.s3CredentialsSecretRef instead.

services.storageusers.storageBackend.driverConfig.s3ng.bucket

string

"example-bucket"

S3 bucket to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageusers.storageBackend.driverConfig.s3ng.endpoint

string

"https://localhost:1234"

S3 endpoint to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageusers.storageBackend.driverConfig.s3ng.metadataBackend

string

"messagepack"

Metadata backend to use for the S3NG storage driver. Valid values are: "messagepack", "xattrs".

services.storageusers.storageBackend.driverConfig.s3ng.region

string

"default"

S3 region to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageusers.storageBackend.driverConfig.s3ng.secretKey

string

""

S3 secret key to use for the S3NG driver. Only used if driver is set to "s3ng". DEPRECATION WARNING: These values will be removed in the future. Predefine secretRefs.s3CredentialsSecretRef instead.

services.store

object

see detailed service configuration options below

STORE service.

services.store.affinity

object

{}

Affinity settings for the store service. See the documentation of this setting in approvider for examples.

services.store.extraLabels

object

{}

Per-service custom labels

services.store.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.store.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.store.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.store.persistence.annotations

object

{}

Persistent volume annotations.

services.store.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.store.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.store.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.store.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.store.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.store.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.store.persistence.size

string

"5Gi"

Size of the persistent volume.

services.store.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.store.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.thumbnails

object

see detailed service configuration options below

THUMBNAILS service.

services.thumbnails.affinity

object

{}

Affinity settings for the thumbnails service. See the documentation of this setting in approvider for examples.

services.thumbnails.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.thumbnails.extraLabels

object

{}

Per-service custom labels

services.thumbnails.jobNodeSelector

object

{}

Per-service jobNodeSelector configuration. Overrides the default setting from jobNodeSelector if set.

services.thumbnails.jobResources

object

{}

Per-service jobResources configuration. Overrides the default setting from jobResources if set.

services.thumbnails.maintenance

object

{"cleanUpOldThumbnails":{"deleteBefore":30,"enabled":false,"method":"atime","schedule":"* * * * *"},"image":{"pullPolicy":"IfNotPresent","repository":"busybox","sha":"","tag":"stable"}}

Maintenance configuration for cleanup jobs.

services.thumbnails.maintenance.cleanUpOldThumbnails.deleteBefore

int

30

Setting that makes the command delete all thumbnails older than the value. The value is a number in days.

services.thumbnails.maintenance.cleanUpOldThumbnails.enabled

bool

false

Enables a job, that cleans up old thumbnails. Requires persistence to be enabled.

services.thumbnails.maintenance.cleanUpOldThumbnails.method

string

"atime"

Method to use with BusyBox "find" for finding old thumbnails. Can be mtime, atime or ctime.

services.thumbnails.maintenance.cleanUpOldThumbnails.schedule

string

"* * * * *"

Cron pattern for the job to be run. Defaults to every minute.

services.thumbnails.maintenance.image.pullPolicy

string

"IfNotPresent"

Image pull policy

services.thumbnails.maintenance.image.repository

string

"busybox"

Image repository

services.thumbnails.maintenance.image.sha

string

""

Image sha / digest (optional).

services.thumbnails.maintenance.image.tag

string

"stable"

Image tag.

services.thumbnails.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.thumbnails.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.thumbnails.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance or persistence needs to be disabled.

services.thumbnails.persistence.annotations

object

{}

Persistent volume annotations.

services.thumbnails.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.thumbnails.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.thumbnails.persistence.enabled

bool

false

Enables persistence. Is recommended to be enabled on production installations. If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances. If not enabled, thumbnail generation might lead to higher CPU usage.

services.thumbnails.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.thumbnails.persistence.finalizers

list

[]

Persistent volume finalizers.

services.thumbnails.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.thumbnails.persistence.size

string

"10Gi"

Size of the persistent volume.

services.thumbnails.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.thumbnails.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.thumbnails.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.userlog

object

see detailed service configuration options below

USERLOG service.

services.userlog.affinity

object

{}

Affinity settings for the userlog service. See the documentation of this setting in approvider for examples.

services.userlog.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.userlog.extraLabels

object

{}

Per-service custom labels

services.userlog.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.userlog.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.userlog.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.userlog.store

object

{}

Per-service store configuration for the userlog service. Overrides the default setting from store if set.

services.users

object

see detailed service configuration options below

USERS service.

services.users.affinity

object

{}

Affinity settings for the users service. See the documentation of this setting in approvider for examples.

services.users.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.users.extraLabels

object

{}

Per-service custom labels

services.users.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.users.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.users.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.web

object

see detailed service configuration options below

ownCloud WEB service.

services.web.affinity

object

{}

Affinity settings for the web service. See the documentation of this setting in approvider for examples.

services.web.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.web.config.applications

list

[]

Configure the {"applications": []} section in the Web config.json.

services.web.config.apps

list

[]

Configure the {"apps": []} section in the Web config.json.

services.web.config.contextHelpersReadMore.enabled

bool

true

Specifies whether the “Read more” link should be displayed or not.

services.web.config.customTranslations

list

[]

Configure custom translations

services.web.config.externalApplications

list

[]

Configure the {"external_apps": []} section in the Web config.json.

services.web.config.feedbackLink.ariaLabel

string

""

Screen reader accessible label for the feedback link. Uses the ownCloud default label if empty.

services.web.config.feedbackLink.description

string

""

Description to be shown for the feedback link. Uses the ownCloud default description if empty.

services.web.config.feedbackLink.enabled

bool

true

Enables the feedback link in the Web UI.

services.web.config.feedbackLink.href

string

""

URI where the feedback link points. Uses the ownCloud default href if empty.

services.web.config.previewFileMimeTypes

list

[]

Specifies which mimeTypes will be previewed in the UI.

services.web.config.scripts

list

[]

Configure the {"styles": []} section in the Web config.json.

services.web.config.styles

list

[]

Configure the {"styles": []} section in the Web config.json.

services.web.config.theme.path

string

""

URL path to load themes from. The theme server will be prepended. Defaults to the ownCloud Web default theme.

services.web.config.theme.server

string

""

URL to load themes from. Will be prepended to the theme path. Defaults to the value of "externalDomain".

services.web.extraLabels

object

{}

Per-service custom labels

services.web.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.web.persistence

object

see detailed persistence configuration options below

Persistence settings.

services.web.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance or persistence needs to be disabled.

services.web.persistence.annotations

object

{}

Persistent volume annotations.

services.web.persistence.chownInitContainer

bool

false

Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in initContainerImage will be used for this container.

services.web.persistence.claimName

string

""

Use a custom name for the PVC instead of the default one.

services.web.persistence.enabled

bool

false

Enables persistence. Is recommended to be enabled on production installations. If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances. If not enabled, thumbnail generation might lead to higher CPU usage.

services.web.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.web.persistence.finalizers

list

[]

Persistent volume finalizers.

services.web.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.web.persistence.size

string

"1Gi"

Size of the persistent volume.

services.web.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.web.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.web.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

services.webdav

object

see detailed service configuration options below

WEBDAV service.

services.webdav.affinity

object

{}

Affinity settings for the webdav service. See the documentation of this setting in approvider for examples.

services.webdav.autoscaling

object

{}

Per-service autoscaling. Overrides the default setting from autoscaling if set.

services.webdav.extraLabels

object

{}

Per-service custom labels

services.webdav.nodeSelector

object

{}

Per-service nodeSelector configuration. Overrides the default setting from nodeSelector if set.

services.webdav.podDisruptionBudget

object

{}

Per-service PodDisruptionBudget. Overrides the default setting from podDisruptionBudget if set.

services.webdav.resources

object

{}

Per-service resources configuration. Overrides the default setting from resources if set.

store.nodes

list

["{{ .appNameNats }}:9233"]

Nodes of the store to use.

store.type

string

"nats-js"

Configure the store type. To disable the cache, set to "noop". Defaults to "nats-js". Therefore store.nodes defaults to the address of the builtin NATS. Can be set to "redis", "redis-sentinel" or "etcd", then the address of Redis (Sentinel) / etcd node(s) needs to be set to cache.nodes.

topologySpreadConstraints

string

""

TopologySpreadConstraints controls how Pods of a service are spread across the cluster among failure-domains. Defaults to allow skew no more then 1 node per node. Passed through tpl and therefore needs to be configured as string.

tracing.collector

string

""

The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector.observability.svc.cluster.local:14268/api/traces. Only used if the tracing endpoint is unset.

tracing.enabled

bool

false

Tracing enables sending traces

tracing.endpoint

string

""

Endpoint of the tracing system, jaeger-agent.observability.svc.cluster.local:6831 or similar.

tracing.type

string

"jaeger"

Type of trace provider to use