values.yaml Description

Chart Version: 0.0.0

Values for the ocis Helm Chart
Key Type Default Description

autoscaling.enabled

bool

false

Enables autoscaling. When set to true, replicas is no longer applied.

autoscaling.maxReplicas

int

10

Sets maximum replicas for autoscaling.

autoscaling.metrics

list

[]

Metrics to use for autoscaling

autoscaling.minReplicas

int

3

Sets minimum replicas for autoscaling.

deploymentStrategy

object

{"type":"RollingUpdate"}

Deployment strategy.

externalDomain

string

"ocis.owncloud.test"

Domain where oCIS is reachable for the outside world

extraLabels

object

{}

Custom labels for all manifests

extraResources

list

[]

Extra resources to be included.

features.appsIntegration.enabled

bool

false

Enables the apps integration.

features.appsIntegration.mimetypes

list

Mimetype configuration. Let’s you configure a mimetypes' default application, if it is allowed to create a new file and more.

features.appsIntegration.wopiIntegration.officeSuites[0].enabled

bool

false

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[0].iconURI

string

"https://collabora.owncloud.test/favicon.ico"

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].insecure

bool

false

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[0].name

string

"Collabora"

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].uri

string

"https://collabora.owncloud.test"

URI of the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].enabled

bool

false

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].iconURI

string

"https://onlyoffice.owncloud.test/web-apps/apps/documenteditor/main/resources/img/favicon.ico"

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].insecure

bool

false

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[1].name

string

"OnlyOffice"

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].uri

string

"https://onlyoffice.owncloud.test"

URI of the office suite.

features.appsIntegration.wopiIntegration.wopiServerURI

string

"https://wopiserver.owncloud.test"

URL of the [cs3org/wopiserver](https://github.com/cs3org/wopiserver). Can be deployed [with this Chart](https://artifacthub.io/packages/helm/cs3org/wopiserver).

features.basicAuthentication

bool

false

Enable basic authentication. Not recommended for production installations.

features.demoUsers

bool

false

Create demo users on the first startup. Not recommended for production installations.

features.emailNotifications.enabled

bool

false

Enables email notifications. This features needs the secret from notificationsSmtpSecretRef present.

features.emailNotifications.smtp.authentication

string

"none"

Authentication method for the SMTP communication. Possible values are ‘login’, ‘plain’, ‘crammd5’, ‘none’

features.emailNotifications.smtp.encryption

string

"none"

Encryption method for the SMTP communication. Possible values are ‘starttls’, ‘ssl’, ‘ssltls’, ‘tls’ and ‘none’.

features.emailNotifications.smtp.host

string

nil

SMTP host to connect to.

features.emailNotifications.smtp.port

string

nil

Port of the SMTP host to connect to.

features.emailNotifications.smtp.sender

string

nil

Sender address of emails that will be sent. Example: 'ownCloud <noreply@example.com>'

features.externalUserManagement.enabled

bool

false

Enables external user management (and disables internal user management). Needs an external OpenID Connect Identity Provider and an external LDAP server.

features.externalUserManagement.ldap.bindDN

string

"uid=ocis,ou=system-users,dc=owncloud,dc=test"

DN of the user to use to bind to the LDAP server. The password for the user needs to be set in the secret referenced by secretRefs.ldapSecretRef as reva-ldap-bind-password. The user needs to have permission to list users and groups.

features.externalUserManagement.ldap.certTrusted

bool

true

Set only to false, if the certificate of your LDAP secure service is not trusted. If set to false, you need to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"

features.externalUserManagement.ldap.group.baseDN

string

"ou=groups,dc=owncloud,dc=com"

Search base DN for looking up LDAP groups.

features.externalUserManagement.ldap.group.filter

string

nil

LDAP filter to add to the default filters for group searches.

features.externalUserManagement.ldap.group.objectClass

string

"groupOfNames"

The object class to use for groups in the default group search filter like groupOfNames.

features.externalUserManagement.ldap.group.schema.displayName

string

"cn"

LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).

features.externalUserManagement.ldap.group.schema.groupName

string

"cn"

LDAP Attribute to use for the name of groups.

features.externalUserManagement.ldap.group.schema.id

string

"ownclouduuid"

LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.

features.externalUserManagement.ldap.group.schema.idIsOctetString

bool

false

Set this to true if the defined id attribute for groups is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the group ID`s.

features.externalUserManagement.ldap.group.schema.mail

string

"mail"

LDAP Attribute to use for the email address of groups (can be empty).

features.externalUserManagement.ldap.group.schema.member

string

"member"

LDAP Attribute that is used for group members.

features.externalUserManagement.ldap.group.scope

string

"sub"

LDAP search scope to use when looking up groups. Supported values are base, one and sub.

features.externalUserManagement.ldap.insecure

bool

false

For self signed certificates, consider to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef" Not recommended for production installations.

features.externalUserManagement.ldap.uri

string

"ldaps://ldaps.owncloud.test"

URI to connect to the LDAP secure server.

features.externalUserManagement.ldap.user.baseDN

string

"ou=users,dc=owncloud,dc=com"

Search base DN for looking up LDAP users.

features.externalUserManagement.ldap.user.filter

string

nil

LDAP filter to add to the default filters for user search like (objectclass=ownCloud).

features.externalUserManagement.ldap.user.objectClass

string

"inetOrgPerson"

The object class to use for users in the default user search filter like inetOrgPerson.

features.externalUserManagement.ldap.user.schema.displayName

string

"displayname"

LDAP Attribute to use for the displayname of users.

features.externalUserManagement.ldap.user.schema.id

string

"ownclouduuid"

LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.

features.externalUserManagement.ldap.user.schema.idIsOctetString

bool

false

Set this to true if the defined id attribute for users is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the user ID`s.

features.externalUserManagement.ldap.user.schema.mail

string

"mail"

LDAP Attribute to use for the email address of users.

features.externalUserManagement.ldap.user.schema.userName

string

"uid"

LDAP Attribute to use for username of users.

features.externalUserManagement.ldap.user.scope

string

"sub"

LDAP search scope to use when looking up users. Supported values are base, one and sub.

features.externalUserManagement.ldap.user.substringFilterType

string

"any"

Type of substring search filter to use for substring searches for users. Possible values: initial for doing prefix only searches, final for doing suffix only searches or any for doing full substring searches

features.externalUserManagement.oidc.issuerURI

string

"https://idp.owncloud.test/realms/ocis"

Issuer URI of the OpenID Connect Identity Provider. If the IDP doesn’t have valid / trusted SSL certificates, certificate validation can be disabled with the insecure.oidcIdpInsecure option.

features.externalUserManagement.oidc.userIDClaim

string

"ocis.user.uuid"

Claim to take an unique user identifier from. It will be used to look up the user on the LDAP server.

features.externalUserManagement.oidc.userIDClaimAttributeMapping

string

"userid"

Attribute mapping of for the userIDClaim. Set to userid if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.id. Set to mail if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.mail. Set to username if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.id.

image.pullPolicy

string

"IfNotPresent"

Image pull policy

image.repository

string

"owncloud/ocis"

Image repository

image.sha

string

""

Image sha / digest (optional).

image.tag

string

""

Image tag. Defaults to the chart’s appVersion.

ingress.annotations

object

{}

Ingress annotations.

ingress.enabled

bool

false

Enables the Ingress.

ingress.ingressClassName

string

nil

Ingress class to use. Uses the default ingress class if not set.

ingress.labels

object

{}

Labels for the ingress.

ingress.tls

list

[]

Ingress TLS configuration.

insecure.ocisHttpApiInsecure

bool

false

Disables SSL certificate checking for connections to the oCIS http apis. Not recommended for production installations.

insecure.oidcIdpInsecure

bool

false

Disables SSL certificate checking for connections to the openID connect identity provider. Not recommended for production installations.

logging.color

string

"false"

Activates colorized log output. Not recommended for production installations.

logging.level

string

"error"

Log level. Valid values: panic, fatal, error, warn, info, debug, trace.

logging.pretty

string

"false"

Activates pretty log output. Not recommended for production installations.

namespaceOverride

string

nil

Override the deployment namespace of all resources in this Helm chart.

replicas

int

1

Number of replicas for each scalable service. Has no effect when autoscaling.enabled is set to true.

resources

object

{}

Resources to apply to all services.

secretRefs.adminUserSecretRef

string

"admin-user"

Reference to an existing admin user secret (see Secrets)

secretRefs.idpSecretRef

string

"idp-secrets"

Reference to an existing IDP secret (see Secrets)

secretRefs.jwtSecretRef

string

"jwt-secret"

Reference to an existing JWT secret (see Secrets)

secretRefs.ldapCaRef

string

"ldap-ca"

Reference to an existing LDAP certificate authority secret (see Secrets)

secretRefs.ldapCertRef

string

"ldap-cert"

Reference to an existing LDAP cert secret (see Secrets)

secretRefs.ldapSecretRef

string

"ldap-bind-secrets"

Reference to an existing LDAP bind secret (see Secrets)

secretRefs.machineAuthApiKeySecretRef

string

"machine-auth-api-key"

Reference to an existing machine auth api key secret (see Secrets)

secretRefs.notificationsSmtpSecretRef

string

"notifications-smtp-secret"

Reference to an existing SMTP email server settings secret (see Secrets)

secretRefs.storageSystemJwtSecretRef

string

"storage-system-jwt-secret"

Reference to an existing storage-system JWT secret (see Secrets)

secretRefs.storageSystemSecretRef

string

"storage-system"

Reference to an existing storage-system secret (see Secrets)

secretRefs.thumbnailsSecretRef

string

"thumbnails-transfer-secret"

Reference to an existing thumbnails transfer secret (see Secrets)

secretRefs.transferSecretSecretRef

string

"transfer-secret"

Reference to an existing transfer secret (see Secrets)

securityContext.fsGroup

int

1000

File system group for all volumes.

securityContext.fsGroupChangePolicy

string

"OnRootMismatch"

File system group change policy for all volumes. Possible values "Always" and "OnRootMismatch".

securityContext.runAsGroup

int

1000

Group ID that all processes within any containers will run with.

securityContext.runAsUser

int

1000

User ID that all processes within any containers will run with.

services.idm.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.idm.persistence.annotations

object

{}

Persistent volume annotations.

services.idm.persistence.chownInitContainer

bool

false

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.idm.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.idm.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.idm.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.idm.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.idm.persistence.size

string

"10Gi"

Size of the persistent volume.

services.idm.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.nats.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.nats.persistence.annotations

object

{}

Persistent volume annotations.

services.nats.persistence.chownInitContainer

bool

false

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.nats.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.nats.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.nats.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.nats.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.nats.persistence.size

string

"10Gi"

Size of the persistent volume.

services.nats.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.search.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.search.persistence.annotations

object

{}

Persistent volume annotations.

services.search.persistence.chownInitContainer

bool

false

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.search.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.search.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.search.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.search.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.search.persistence.size

string

"10Gi"

Size of the persistent volume.

services.search.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.storageSystem.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.storageSystem.persistence.annotations

object

{}

Persistent volume annotations.

services.storageSystem.persistence.chownInitContainer

bool

false

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.storageSystem.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.storageSystem.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.storageSystem.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.storageSystem.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.storageSystem.persistence.size

string

"5Gi"

Size of the persistent volume.

services.storageSystem.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.storageUsers.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.storageUsers.persistence.annotations

object

{}

Persistent volume annotations.

services.storageUsers.persistence.chownInitContainer

bool

false

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.storageUsers.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.storageUsers.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.storageUsers.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.storageUsers.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.storageUsers.persistence.size

string

"50Gi"

Size of the persistent volume.

services.storageUsers.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.storageUsers.storageBackend.driver

string

"ocis"

Configures the storage driver. Possible values are "ocis" and "s3ng". The oCIS driver stores all data in the persistent volume if persistence is enabled. The S3NG driver stores all metadata in the persistent volume and uploads blobs to s3 if persistence is enabled.

services.storageUsers.storageBackend.driverConfig.s3ng.accessKey

string

"lorem-ipsum"

S3 access key to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.bucket

string

"example-bucket"

S3 bucket to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.endpoint

string

"https://localhost:1234"

S3 endpoint to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.region

string

"default"

S3 region to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.secretKey

string

"lorem-ipsum"

S3 secret key to use for the S3NG driver. Only used if driver is set to "s3ng".

services.store.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.store.persistence.annotations

object

{}

Persistent volume annotations.

services.store.persistence.chownInitContainer

bool

false

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.store.persistence.enabled

bool

false

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.store.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.store.persistence.finalizers

list

["kubernetes.io/pvc-protection"]

Persistent volume finalizers.

services.store.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.store.persistence.size

string

"5Gi"

Size of the persistent volume.

services.store.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.

services.thumbnails.persistence.accessModes

list

["ReadWriteMany"]

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance or persistence needs to be disabled.

services.thumbnails.persistence.annotations

object

{}

Persistent volume annotations.

services.thumbnails.persistence.chownInitContainer

bool

false

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.thumbnails.persistence.enabled

bool

false

Enables persistence. Is recommended to be enabled on production installations. If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances. If not enabled, thumbnail generation might lead to higher CPU usage.

services.thumbnails.persistence.existingClaim

string

nil

Use an existing PersistentVolumeClaim for persistence.

services.thumbnails.persistence.finalizers

list

[]

Persistent volume finalizers.

services.thumbnails.persistence.selectorLabels

object

{}

Persistent volume selector labels.

services.thumbnails.persistence.size

string

"10Gi"

Size of the persistent volume.

services.thumbnails.persistence.storageClassName

string

nil

Storage class to use. Uses the default storage class if not set.