values.yaml Description

autoscaling.enabled

Enables autoscaling. When set to true, replicas is no longer applied.

autoscaling.maxReplicas

Sets maximum replicas for autoscaling.

autoscaling.metrics

Metrics to use for autoscaling

autoscaling.minReplicas

Sets minimum replicas for autoscaling.

cache.nodes

Nodes of the cache to use.

cache.type

Type of the cache to use. To disable the cache, set to "noop". Can be set to "redis", then the address of Redis nodes needs to be set to cache.nodes.

configRefs.storageUsersConfigRef

Reference to an existing storage-users config.

debug.profiling

Profiling enables the http://<pod>:<debug-metrics>/debug/pprof endpoint to inspect various Go runtime internals. You can use the endpoint on your machine by forwarding the port, eg: kubectl port-forward -n ocis pod/auth-basic-8587dc9d64-fs24l 9147:9147 and then accessing the port on https://localhost:9147/debug/pprof or using the pprof command line tool: go tool pprof -web http://localhost:9147/debug/pprof/symbol\?seconds\=10

deploymentStrategy

Deployment strategy.

externalDomain

Domain where oCIS is reachable for the outside world

extraLabels

Custom labels for all manifests

extraResources

Extra resources to be included.

features.appsIntegration.enabled

Enables the apps integration.

features.appsIntegration.mimetypes

Mimetype configuration. Let’s you configure a mimetypes' default application, if it is allowed to create a new file and more.

features.appsIntegration.wopiIntegration.officeSuites[0].enabled

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[0].iconURI

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].insecure

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[0].name

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[0].uri

URI of the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].enabled

Enables the office suite.

features.appsIntegration.wopiIntegration.officeSuites[1].iconURI

URI for the icon of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].insecure

Disables SSL certificate checking for connections to the office suites http api. Not recommended for production installations.

features.appsIntegration.wopiIntegration.officeSuites[1].name

Name of the office suite. Will be displayed to the users.

features.appsIntegration.wopiIntegration.officeSuites[1].uri

URI of the office suite.

features.appsIntegration.wopiIntegration.wopiServerURI

URL of the cs3org/wopiserver. Can be deployed with this Chart.

features.basicAuthentication

Enable basic authentication. Not recommended for production installations.

features.demoUsers

Create demo users on the first startup. Not recommended for production installations.

features.emailNotifications.enabled

Enables email notifications. This features needs the secret from notificationsSmtpSecretRef present.

features.emailNotifications.smtp.authentication

Authentication method for the SMTP communication. Possible values are ‘login’, ‘plain’, ‘crammd5’, ‘none’

features.emailNotifications.smtp.encryption

Encryption method for the SMTP communication. Possible values are ‘starttls’, ‘ssl’, ‘ssltls’, ‘tls’ and ‘none’.

features.emailNotifications.smtp.host

SMTP host to connect to.

features.emailNotifications.smtp.port

Port of the SMTP host to connect to.

features.emailNotifications.smtp.sender

Sender address of emails that will be sent. Example: 'ownCloud <noreply@example.com>'

features.externalUserManagement.adminUUID

UUID of the inital admin user. If the given value matches a user’s value from features.externalUserManagement.oidc.userIDClaim, the admin role will be assigned.

features.externalUserManagement.enabled

Enables external user management (and disables internal user management). Needs an external OpenID Connect Identity Provider and an external LDAP server.

features.externalUserManagement.ldap.bindDN

DN of the user to use to bind to the LDAP server. The password for the user needs to be set in the secret referenced by secretRefs.ldapSecretRef as reva-ldap-bind-password. The user needs to have permission to list users and groups.

features.externalUserManagement.ldap.certTrusted

Set only to false, if the certificate of your LDAP secure service is not trusted. If set to false, you need to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"

features.externalUserManagement.ldap.group.baseDN

Search base DN for looking up LDAP groups.

features.externalUserManagement.ldap.group.filter

LDAP filter to add to the default filters for group searches.

features.externalUserManagement.ldap.group.objectClass

The object class to use for groups in the default group search filter like groupOfNames.

features.externalUserManagement.ldap.group.schema.displayName

LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).

features.externalUserManagement.ldap.group.schema.groupName

LDAP Attribute to use for the name of groups.

features.externalUserManagement.ldap.group.schema.id

LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.

features.externalUserManagement.ldap.group.schema.idIsOctetString

Set this to true if the defined id attribute for groups is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the group ID`s.

features.externalUserManagement.ldap.group.schema.mail

LDAP Attribute to use for the email address of groups (can be empty).

features.externalUserManagement.ldap.group.schema.member

LDAP Attribute that is used for group members.

features.externalUserManagement.ldap.group.scope

LDAP search scope to use when looking up groups. Supported values are base, one and sub.

features.externalUserManagement.ldap.insecure

For self signed certificates, consider to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef" Not recommended for production installations.

features.externalUserManagement.ldap.uri

URI to connect to the LDAP secure server.

features.externalUserManagement.ldap.user.baseDN

Search base DN for looking up LDAP users.

features.externalUserManagement.ldap.user.filter

LDAP filter to add to the default filters for user search like (objectclass=ownCloud).

features.externalUserManagement.ldap.user.objectClass

The object class to use for users in the default user search filter like inetOrgPerson.

features.externalUserManagement.ldap.user.schema.displayName

LDAP Attribute to use for the displayname of users.

features.externalUserManagement.ldap.user.schema.id

LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.

features.externalUserManagement.ldap.user.schema.idIsOctetString

Set this to true if the defined id attribute for users is of the OCTETSTRING syntax. This is e.g. required when using the objectGUID attribute of Active Directory for the user ID`s.

features.externalUserManagement.ldap.user.schema.mail

LDAP Attribute to use for the email address of users.

features.externalUserManagement.ldap.user.schema.userName

LDAP Attribute to use for username of users.

features.externalUserManagement.ldap.user.scope

LDAP search scope to use when looking up users. Supported values are base, one and sub.

features.externalUserManagement.ldap.user.substringFilterType

Type of substring search filter to use for substring searches for users. Possible values: initial for doing prefix only searches, final for doing suffix only searches or any for doing full substring searches

features.externalUserManagement.oidc.issuerURI

Issuer URI of the OpenID Connect Identity Provider. If the IDP doesn’t have valid / trusted SSL certificates, certificate validation can be disabled with the insecure.oidcIdpInsecure option.

features.externalUserManagement.oidc.userIDClaim

Claim to take an unique user identifier from. It will be used to look up the user on the LDAP server.

features.externalUserManagement.oidc.userIDClaimAttributeMapping

Attribute mapping of for the userIDClaim. Set to userid if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.id. Set to mail if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.mail. Set to username if the claim specified in …​oidc.userIDClaim holds the value of the ldap user attribute specified in …​ldap.user.schema.id.

image.pullPolicy

Image pull policy

image.repository

Image repository

image.sha

Image sha / digest (optional).

image.tag

Image tag. Defaults to the chart’s appVersion.

ingress.annotations

Ingress annotations.

ingress.enabled

Enables the Ingress.

ingress.ingressClassName

Ingress class to use. Uses the default ingress class if not set.

ingress.labels

Labels for the ingress.

ingress.tls

Ingress TLS configuration.

insecure.ocisHttpApiInsecure

Disables SSL certificate checking for connections to the oCIS http apis. Not recommended for production installations.

insecure.oidcIdpInsecure

Disables SSL certificate checking for connections to the openID connect identity provider. Not recommended for production installations.

logging.color

Activates colorized log output. Not recommended for production installations.

logging.level

Log level. Valid values: panic, fatal, error, warn, info, debug, trace.

logging.pretty

Activates pretty log output. Not recommended for production installations.

namespaceOverride

Override the deployment namespace of all resources in this Helm chart.

replicas

Number of replicas for each scalable service. Has no effect when autoscaling.enabled is set to true.

resources

Default resources to apply to all services, except per-service resources configuration in services.<service-name>.resources is set. Best practice is to: - set memory request == memory limit (compare to https://home.robusta.dev/blog/kubernetes-memory-limit) - set cpu request and omit cpu limit (compare to https://home.robusta.dev/blog/stop-using-cpu-limits)

secretRefs.adminUserSecretRef

Reference to an existing admin user secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.idpSecretRef

Reference to an existing IDP secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.jwtSecretRef

Reference to an existing JWT secret (see Secrets).

secretRefs.ldapCaRef

Reference to an existing LDAP certificate authority secret (see Secrets)

secretRefs.ldapCertRef

Reference to an existing LDAP cert secret (see Secrets). Not used if features.externalUserManagement.enabled equals true.

secretRefs.ldapSecretRef

Reference to an existing LDAP bind secret (see Secrets).

secretRefs.machineAuthApiKeySecretRef

Reference to an existing machine auth api key secret (see Secrets)

secretRefs.notificationsSmtpSecretRef

Reference to an existing SMTP email server settings secret (see Secrets). Not used if features.emailNotifications.enabled equals false.

secretRefs.storageSystemJwtSecretRef

Reference to an existing storage-system JWT secret (see Secrets)

secretRefs.storageSystemSecretRef

Reference to an existing storage-system secret (see Secrets)

secretRefs.thumbnailsSecretRef

Reference to an existing thumbnails transfer secret (see Secrets)

secretRefs.transferSecretSecretRef

Reference to an existing transfer secret (see Secrets)

securityContext.fsGroup

File system group for all volumes.

securityContext.fsGroupChangePolicy

File system group change policy for all volumes. Possible values "Always" and "OnRootMismatch".

securityContext.runAsGroup

Group ID that all processes within any containers will run with.

securityContext.runAsUser

User ID that all processes within any containers will run with.

services.appProvider

APP PROVIDER service. Not used if features.appsIntegration.enabled equals false.

services.appProvider.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.appRegistry

APP REGISTRY service. Not used if features.appsIntegration.enabled equals false.

services.appRegistry.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.audit

AUDIT service.

services.audit.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.authBasic

AUTH BASIC service. Not used if features.externalUserManagement.enabled equals true.

services.authBasic.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.authMachine

AUTH MACHINE service.

services.authMachine.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.frontend

FRONTEND service.

services.frontend.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.gateway

GATEWAY service.

services.gateway.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.graph

GRAPH service.

services.graph.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.groups

GROUPS service.

services.groups.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.idm

IDM service. Not used if features.externalUserManagement.enabled equals true.

services.idm.persistence.accessModes

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.idm.persistence.annotations

Persistent volume annotations.

services.idm.persistence.chownInitContainer

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.idm.persistence.enabled

Enables persistence. Needs to be enabled on production installations, except features.externalUserManagement.enabled equals true. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.idm.persistence.existingClaim

Use an existing PersistentVolumeClaim for persistence.

services.idm.persistence.finalizers

Persistent volume finalizers.

services.idm.persistence.selectorLabels

Persistent volume selector labels.

services.idm.persistence.size

Size of the persistent volume.

services.idm.persistence.storageClassName

Storage class to use. Uses the default storage class if not set.

services.idm.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.idp

IDP service. Not used if features.externalUserManagement.enabled equals true.

services.idp.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.nats

NATS service.

services.nats.persistence.accessModes

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.nats.persistence.annotations

Persistent volume annotations.

services.nats.persistence.chownInitContainer

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.nats.persistence.enabled

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.nats.persistence.existingClaim

Use an existing PersistentVolumeClaim for persistence.

services.nats.persistence.finalizers

Persistent volume finalizers.

services.nats.persistence.selectorLabels

Persistent volume selector labels.

services.nats.persistence.size

Size of the persistent volume.

services.nats.persistence.storageClassName

Storage class to use. Uses the default storage class if not set.

services.nats.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.notifications

NOTIFICATIONS service. Not used if features.emailNotifications.enabled equals true.

services.notifications.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.ocdav

OCDAV service.

services.ocdav.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.ocs

OCS service.

services.ocs.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.proxy

PROXY service.

services.proxy.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.search

SEARCH service.

services.search.persistence.accessModes

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.search.persistence.annotations

Persistent volume annotations.

services.search.persistence.chownInitContainer

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.search.persistence.enabled

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.search.persistence.existingClaim

Use an existing PersistentVolumeClaim for persistence.

services.search.persistence.finalizers

Persistent volume finalizers.

services.search.persistence.selectorLabels

Persistent volume selector labels.

services.search.persistence.size

Size of the persistent volume.

services.search.persistence.storageClassName

Storage class to use. Uses the default storage class if not set.

services.search.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.settings

SETTINGS service.

services.settings.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.sharing

SHARING service.

services.sharing.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.storagePublicLink

STORAGE-PUBLICLINK service.

services.storagePublicLink.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageShares

STORAGE-SHARES service.

services.storageShares.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageSystem

STORAGE-SYSTEM service.

services.storageSystem.persistence.accessModes

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.storageSystem.persistence.annotations

Persistent volume annotations.

services.storageSystem.persistence.chownInitContainer

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.storageSystem.persistence.enabled

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.storageSystem.persistence.existingClaim

Use an existing PersistentVolumeClaim for persistence.

services.storageSystem.persistence.finalizers

Persistent volume finalizers.

services.storageSystem.persistence.selectorLabels

Persistent volume selector labels.

services.storageSystem.persistence.size

Size of the persistent volume.

services.storageSystem.persistence.storageClassName

Storage class to use. Uses the default storage class if not set.

services.storageSystem.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageUsers

STORAGE-USERS service.

services.storageUsers.maintenance.cleanUpExpiredUploads.enabled

Enables a job, that cleans up expired uploads. Requires persistence to be enabled and RWX storage.

services.storageUsers.maintenance.cleanUpExpiredUploads.schedule

Cron pattern for the job to be run. Defaults to every minute.

services.storageUsers.persistence.accessModes

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.storageUsers.persistence.annotations

Persistent volume annotations.

services.storageUsers.persistence.chownInitContainer

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.storageUsers.persistence.enabled

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.storageUsers.persistence.existingClaim

Use an existing PersistentVolumeClaim for persistence.

services.storageUsers.persistence.finalizers

Persistent volume finalizers.

services.storageUsers.persistence.selectorLabels

Persistent volume selector labels.

services.storageUsers.persistence.size

Size of the persistent volume.

services.storageUsers.persistence.storageClassName

Storage class to use. Uses the default storage class if not set.

services.storageUsers.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.storageUsers.storageBackend.driver

Configures the storage driver. Possible values are "ocis" and "s3ng". The oCIS driver stores all data in the persistent volume if persistence is enabled. The S3NG driver stores all metadata in the persistent volume and uploads blobs to s3 if persistence is enabled.

services.storageUsers.storageBackend.driverConfig.s3ng.accessKey

S3 access key to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.bucket

S3 bucket to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.endpoint

S3 endpoint to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.region

S3 region to use for the S3NG driver. Only used if driver is set to "s3ng".

services.storageUsers.storageBackend.driverConfig.s3ng.secretKey

S3 secret key to use for the S3NG driver. Only used if driver is set to "s3ng".

services.store

STORE service.

services.store.persistence.accessModes

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance.

services.store.persistence.annotations

Persistent volume annotations.

services.store.persistence.chownInitContainer

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.store.persistence.enabled

Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service beyond one instance is not possible if the service instances don’t share the same storage.

services.store.persistence.existingClaim

Use an existing PersistentVolumeClaim for persistence.

services.store.persistence.finalizers

Persistent volume finalizers.

services.store.persistence.selectorLabels

Persistent volume selector labels.

services.store.persistence.size

Size of the persistent volume.

services.store.persistence.storageClassName

Storage class to use. Uses the default storage class if not set.

services.store.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.thumbnails

THUMBNAILS service.

services.thumbnails.persistence.accessModes

Persistent volume access modes. Needs to be ["ReadWriteMany"] when scaling this service beyond one instance or persistence needs to be disabled.

services.thumbnails.persistence.annotations

Persistent volume annotations.

services.thumbnails.persistence.chownInitContainer

Enables a initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext.

services.thumbnails.persistence.enabled

Enables persistence. Is recommended to be enabled on production installations. If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances. If not enabled, thumbnail generation might lead to higher CPU usage.

services.thumbnails.persistence.existingClaim

Use an existing PersistentVolumeClaim for persistence.

services.thumbnails.persistence.finalizers

Persistent volume finalizers.

services.thumbnails.persistence.selectorLabels

Persistent volume selector labels.

services.thumbnails.persistence.size

Size of the persistent volume.

services.thumbnails.persistence.storageClassName

Storage class to use. Uses the default storage class if not set.

services.thumbnails.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.users

USERS service.

services.users.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.web

ownCloud WEB service.

services.web.config.applications

Configure the {"applications": []} section in the Web config.json.

services.web.config.apps

Configure the {"apps": []} section in the Web config.json.

services.web.config.disableFeedbackLink

Disables the feedback link in the Web UI.

services.web.config.externalApplications

Configure the {"external_apps": []} section in the Web config.json.

services.web.config.theme.path

URL path to load themes from. The theme server will be prepended. Defaults to the ownCloud Web default theme.

services.web.config.theme.server

URL to load themes from. Will be prepended to the theme path. Defaults to the value of "externalDomain".

services.web.resources

Per-service resources configuration. Overrides the default setting from resources if set.

services.webdav

WEBDAV service.

services.webdav.resources

Per-service resources configuration. Overrides the default setting from resources if set.

topologySpreadConstraints

TopologySpreadConstraints controls how Pods of a service are spread across the cluster among failure-domains. Defaults to allow skew no more then 1 node per node. Passed through tpl and therefore needs to be configured as string.