values.yaml

Chart Version: latest

Note, to improve readbility, syntax highlighting is used. A drawback is that links in comments are not clickable. See the Values Description page where the links can be clicked.

---

# Image for oCIS services
image:
  # -- Image repository
  repository: owncloud/ocis
  # -- Image tag. Defaults to the chart's appVersion.
  tag: ""
  # -- Image sha / digest (optional).
  sha: ""
  # -- Image pull policy
  pullPolicy: IfNotPresent

# Logging settings for oCIS services
logging:
  # -- Log level. Valid values: `panic`, `fatal`, `error`, `warn`, `info`, `debug`, `trace`.
  level: "error"
  # -- Activates pretty log output.
  # Not recommended for production installations.
  pretty: "false"
  # -- Activates colorized log output.
  # Not recommended for production installations.
  color: "false"

# Debug settings for the oCIS service
debug:
  # -- Profiling enables the http://<pod>:<debug-metrics>/debug/pprof endpoint to inspect various Go runtime internals.
  # You can use the endpoint on your machine by forwarding the port, eg: `kubectl port-forward -n ocis pod/auth-basic-8587dc9d64-fs24l 9147:9147`
  # and then accessing the port on https://localhost:9147/debug/pprof or using the pprof command line tool: `go tool pprof -web http://localhost:9147/debug/pprof/symbol\?seconds\=10`
  profiling: false

# -- Deployment strategy.
deploymentStrategy:
  type: RollingUpdate

# -- Domain where oCIS is reachable for the outside world
externalDomain: ocis.owncloud.test

# Insecure options.
# These are useful for some limited environments like CI or on a test cluster.
insecure:
  # -- Disables SSL certificate checking for connections to the openID connect identity provider.
  # Not recommended for production installations.
  oidcIdpInsecure: false
  # -- Disables SSL certificate checking for connections to the oCIS http apis.
  # Not recommended for production installations.
  ocisHttpApiInsecure: false

cache:
  # -- Type of the cache to use. To disable the cache, set to "noop".
  # Can be set to "redis", then the address of Redis nodes needs to be set to `cache.nodes`.
  type: noop
  # -- Nodes of the cache to use.
  nodes: []
  # nodes:
  #   - redis-master-1.ocis-redis.svc.cluster.local:6379
  #   - redis-master-2.ocis-redis.svc.cluster.local:6379

# Feature options.
# Enable or disable features of oCIS.
features:
  # -- Enable basic authentication.
  # Not recommended for production installations.
  basicAuthentication: false
  # -- Create demo users on the first startup.
  # Not recommended for production installations.
  demoUsers: false
  emailNotifications:
    # -- Enables email notifications.
    # This features needs the secret from notificationsSmtpSecretRef present.
    enabled: false
    smtp:
      # -- SMTP host to connect to.
      host:
      # -- Port of the SMTP host to connect to.
      port:
      # -- Sender address of emails that will be sent. Example: 'ownCloud <noreply@example.com>'
      sender:
      # -- Authentication method for the SMTP communication. Possible values are ‘login’, ‘plain’, ‘crammd5’, ‘none’
      authentication: none
      # -- Encryption method for the SMTP communication. Possible values are ‘starttls’, ‘ssl’, ‘ssltls’, ‘tls’ and ‘none’.
      encryption: none
  # Apps integration
  appsIntegration:
    # -- Enables the apps integration.
    enabled: false
    # WOPI (office suite integration) needs an cs3org/wopiserver and at least one office suite.
    wopiIntegration:
      # -- URL of the cs3org/wopiserver. Can be deployed with this Chart.
      wopiServerURI: https://wopiserver.owncloud.test
      # List of WOPI compliant office suites.
      officeSuites:
        - # -- Name of the office suite. Will be displayed to the users.
          name: Collabora
          # -- Enables the office suite.
          enabled: false
          # -- URI of the office suite.
          uri: https://collabora.owncloud.test
          # -- URI for the icon of the office suite. Will be displayed to the users.
          iconURI: https://collabora.owncloud.test/favicon.ico
          # -- Disables SSL certificate checking for connections to the office suites http api.
          # Not recommended for production installations.
          insecure: false
        - # -- Name of the office suite. Will be displayed to the users.
          name: OnlyOffice
          # -- Enables the office suite.
          enabled: false
          # -- URI of the office suite.
          uri: https://onlyoffice.owncloud.test
          # -- URI for the icon of the office suite. Will be displayed to the users.
          iconURI: https://onlyoffice.owncloud.test/web-apps/apps/documenteditor/main/resources/img/favicon.ico
          # -- Disables SSL certificate checking for connections to the office suites http api.
          # Not recommended for production installations.
          insecure: false
    # -- Mimetype configuration.
    # Let's you configure a mimetypes' default application, if it is allowed to create a new file and more.
    # @default -- default configuration of oCIS, see doc.owncloud.com
    mimetypes: []
      # - mime_type: application/vnd.oasis.opendocument.text
        # extension: odt
        # name: OpenDocument
        # description: OpenDocument text document
        # icon: ""
        # default_app: ""
        # allow_creation: true
  # External user management
  externalUserManagement:
    # -- Enables external user management (and disables internal user management).
    # Needs an external OpenID Connect Identity Provider and an external LDAP server.
    enabled: false
    # -- UUID of the inital admin user.
    # If the given value matches a user's value from `features.externalUserManagement.oidc.userIDClaim`, the admin role will be assigned.
    adminUUID: ""
    # OpenID Connect Identity provider related settings.
    oidc:
      # -- Issuer URI of the OpenID Connect Identity Provider.
      # If the IDP doesn't have valid / trusted SSL certificates, certificate validation can be disabled with the `insecure.oidcIdpInsecure` option.
      issuerURI: https://idp.owncloud.test/realms/ocis

      # -- Claim to take an unique user identifier from. It will be used to look up the user on the LDAP server.
      userIDClaim: ocis.user.uuid
      # -- Attribute mapping of for the userIDClaim.
      # Set to `userid` if the claim specified in `...oidc.userIDClaim` holds the value of the ldap user attribute specified in `...ldap.user.schema.id`.
      # Set to `mail` if the claim specified in `...oidc.userIDClaim` holds the value of the ldap user attribute specified in  `...ldap.user.schema.mail`.
      # Set to `username` if the claim specified in `...oidc.userIDClaim` holds the value of the ldap user attribute specified in `...ldap.user.schema.id`.
      userIDClaimAttributeMapping: userid

    # LDAP related settings.
    ldap:
      # -- URI to connect to the LDAP secure server.
      uri: ldaps://ldaps.owncloud.test
      # -- Set only to false, if the certificate of your LDAP secure service is not trusted.
      # If set to false, you need to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"
      certTrusted: true
      # -- Disables SSL certificate checking for connections to the LDAP server.
      # -- For self signed certificates, consider to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"
      # Not recommended for production installations.
      insecure: false
      # -- DN of the user to use to bind to the LDAP server.
      # The password for the user needs to be set in the secret referenced by `secretRefs.ldapSecretRef` as `reva-ldap-bind-password`.
      # The user needs to have permission to list users and groups.
      bindDN: uid=ocis,ou=system-users,dc=owncloud,dc=test
      user:
        schema:
          # -- LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.
          id: ownclouduuid
          # -- Set this to true if the defined `id` attribute for users is of the `OCTETSTRING` syntax. This is e.g. required when using the `objectGUID` attribute of Active Directory for the user ID`s.
          idIsOctetString: false
          # -- LDAP Attribute to use for the email address of users.
          mail: mail
          # -- LDAP Attribute to use for the displayname of users.
          displayName: displayname
          # -- LDAP Attribute to use for username of users.
          userName: uid
        # -- Search base DN for looking up LDAP users.
        baseDN: ou=users,dc=owncloud,dc=com
        # -- LDAP search scope to use when looking up users. Supported values are `base`, `one` and `sub`.
        scope: sub
        # -- Type of substring search filter to use for substring searches for users. Possible values: `initial` for doing prefix only searches, `final` for doing suffix only searches or `any` for doing full substring searches
        substringFilterType: any
        # -- LDAP filter to add to the default filters for user search like `(objectclass=ownCloud)`.
        filter:
        # -- The object class to use for users in the default user search filter like `inetOrgPerson`.
        objectClass: inetOrgPerson
      group:
        schema:
          # -- LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.
          id: ownclouduuid
          # -- Set this to true if the defined `id` attribute for groups is of the `OCTETSTRING` syntax. This is e.g. required when using the `objectGUID` attribute of Active Directory for the group ID`s.
          idIsOctetString: false
          # -- LDAP Attribute to use for the email address of groups (can be empty).
          mail: mail
          # -- LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).
          displayName: cn
          # -- LDAP Attribute to use for the name of groups.
          groupName: cn
          # -- LDAP Attribute that is used for group members.
          member: member
        # -- Search base DN for looking up LDAP groups.
        baseDN: ou=groups,dc=owncloud,dc=com
        # -- LDAP search scope to use when looking up groups. Supported values are `base`, `one` and `sub`.
        scope: sub
        # -- LDAP filter to add to the default filters for group searches.
        filter:
        # -- The object class to use for groups in the default group search filter like `groupOfNames`.
        objectClass: groupOfNames

# Ingress for oCIS.
ingress:
  # -- Enables the Ingress.
  enabled: false
  # -- Ingress class to use.
  # Uses the default ingress class if not set.
  ingressClassName:
  # -- Ingress annotations.
  annotations: {}
  # -- Labels for the ingress.
  labels: {}
  # -- Ingress TLS configuration.
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - ocis.owncloud.test

# References to ConfigMaps.
# The ConfigMaps need to be manually created.
# See doc.owncloud.com for how to generate them.
configRefs:
  # -- Reference to an existing storage-users config.
  storageUsersConfigRef: "storage-users"

# References to secrets.
# The secrets need to be manually created.
# See doc.owncloud.com for how to generate them.
secretRefs:
  # -- Reference to an existing admin user secret (see Secrets). Not used if `features.externalUserManagement.enabled` equals `true`.
  adminUserSecretRef: "admin-user"
  # -- Reference to an existing IDP secret (see Secrets). Not used if `features.externalUserManagement.enabled` equals `true`.
  idpSecretRef: "idp-secrets"
  # -- Reference to an existing JWT secret (see Secrets).
  jwtSecretRef: "jwt-secret"
  # -- Reference to an existing LDAP certificate authority secret (see Secrets)
  ldapCaRef: "ldap-ca"
  # -- Reference to an existing LDAP cert secret (see Secrets). Not used if `features.externalUserManagement.enabled` equals `true`.
  ldapCertRef: "ldap-cert"
  # -- Reference to an existing LDAP bind secret (see Secrets).
  ldapSecretRef: "ldap-bind-secrets"
  # -- Reference to an existing machine auth api key secret (see Secrets)
  machineAuthApiKeySecretRef: "machine-auth-api-key"
  # -- Reference to an existing SMTP email server settings secret (see Secrets). Not used if `features.emailNotifications.enabled` equals `false`.
  notificationsSmtpSecretRef: "notifications-smtp-secret"
  # -- Reference to an existing storage-system JWT secret (see Secrets)
  storageSystemJwtSecretRef: "storage-system-jwt-secret"
  # -- Reference to an existing storage-system secret (see Secrets)
  storageSystemSecretRef: "storage-system"
  # -- Reference to an existing thumbnails transfer secret (see Secrets)
  thumbnailsSecretRef: "thumbnails-transfer-secret"
  # -- Reference to an existing transfer secret (see Secrets)
  transferSecretSecretRef: "transfer-secret"

# Security context options.
securityContext:
  # -- File system group for all volumes.
  fsGroup: 1000
  # -- File system group change policy for all volumes.
  # Possible values "Always" and "OnRootMismatch".
  fsGroupChangePolicy: "OnRootMismatch"
  # -- User ID that all processes within any containers will run with.
  runAsUser: 1000
  # -- Group ID that all processes within any containers will run with.
  runAsGroup: 1000

# -- TopologySpreadConstraints controls how Pods of a service are spread across the cluster among failure-domains.
# Defaults to allow skew no more then 1 node per node.
# Passed through tpl and therefore needs to be configured as string.
topologySpreadConstraints: "" # |
#  - maxSkew: 1
#    topologyKey: kubernetes.io/hostname
#    whenUnsatisfiable: DoNotSchedule
#    labelSelector:
#      matchLabels:
#        app: {{ .appName }}

# -- Custom labels for all manifests
extraLabels: {}

# -- Override the deployment namespace of all resources in this Helm chart.
namespaceOverride:

# -- Number of replicas for each scalable service. Has no effect when `autoscaling.enabled` is set to `true`.
replicas: 1

# Autoscaling settings.
autoscaling:
  # -- Enables autoscaling. When set to `true`, `replicas` is no longer applied.
  enabled: false
  # -- Sets minimum replicas for autoscaling.
  minReplicas: 3
  # -- Sets maximum replicas for autoscaling.
  maxReplicas: 10
  # -- Metrics to use for autoscaling
  metrics: []
# Kubernetes pre 1.25
#   metrics:
#   - type: Resource
#     resource:
#       name: cpu
#       targetAverageUtilization: 60
#   - type: Resource
#     resource:
#       name: memory
#       targetAverageUtilization: 60
# Kubernetes 1.25+
#   metrics:
#   - type: Resource
#     resource:
#       name: cpu
#       target:
#         type: Utilization
#         averageUtilization: 60
#   - type: Resource
#     resource:
#       name: memory
#       target:
#         type: Utilization
#         averageUtilization: 60

# -- Default resources to apply to all services, except per-service resources configuration in `services.<service-name>.resources` is set.
# Best practice is to:
# - set memory request == memory limit (compare to https://home.robusta.dev/blog/kubernetes-memory-limit)
# - set cpu request and omit cpu limit (compare to https://home.robusta.dev/blog/stop-using-cpu-limits)
resources: {}
  # limits:
    # cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi


# Include arbitrary resources, eg. config maps or a cert-manager issuer (see example below)
# -- Extra resources to be included.
extraResources: []
#  - |
#    apiVersion: cert-manager.io/v1alpha2
#    kind: Issuer
#    metadata:
#      name: ocis-certificate-issuer
#      namespace: ocis
#    spec:
#      acme:
#        server: https://acme-v02.api.letsencrypt.org/directory
#        email: test@example.com
#        privateKeySecretRef:
#          name: ocis-certificate-issuer
#        solvers:
#        - http01:
#            ingress:
#              class: nginx


# per-service configuration.
services:
  # -- APP PROVIDER service. Not used if `features.appsIntegration.enabled` equals `false`.
  # @default -- see detailed service configuration options below
  appProvider:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- APP REGISTRY service. Not used if `features.appsIntegration.enabled` equals `false`.
  # @default -- see detailed service configuration options below
  appRegistry:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- AUDIT service.
  # @default -- see detailed service configuration options below
  audit:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- AUTH BASIC service. Not used if `features.externalUserManagement.enabled` equals `true`.
  # @default -- see detailed service configuration options below
  authBasic:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- AUTH MACHINE service.
  # @default -- see detailed service configuration options below
  authMachine:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- FRONTEND service.
  # @default -- see detailed service configuration options below
  frontend:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- GATEWAY service.
  # @default -- see detailed service configuration options below
  gateway:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- GRAPH service.
  # @default -- see detailed service configuration options below
  graph:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- GROUPS service.
  # @default -- see detailed service configuration options below
  groups:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- IDM service. Not used if `features.externalUserManagement.enabled` equals `true`.
  # @default -- see detailed service configuration options below
  idm:
    persistence:
      # -- Enables persistence.
      # Needs to be enabled on production installations, except `features.externalUserManagement.enabled` equals `true`.
      # If not enabled, pod restarts will lead to data loss.
      # Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
      enabled: false
      # -- Enables a initContainer to chown the volume.
      # The initContainer is run as root.
      # This is not needed if the driver applies the fsGroup from the securityContext.
      chownInitContainer: false
      # -- Storage class to use.
      # Uses the default storage class if not set.
      storageClassName:
      # -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
      accessModes:
        - ReadWriteMany
      # -- Size of the persistent volume.
      size: 10Gi
      # -- Persistent volume annotations.
      annotations: {}
      # -- Persistent volume finalizers.
      finalizers:
        - kubernetes.io/pvc-protection
      # -- Persistent volume selector labels.
      selectorLabels: {}
      # -- Use an existing PersistentVolumeClaim for persistence.
      existingClaim:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- IDP service. Not used if `features.externalUserManagement.enabled` equals `true`.
  # @default -- see detailed service configuration options below
  idp:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- NATS service.
  # @default -- see detailed service configuration options below
  nats:
    persistence:
      # -- Enables persistence.
      # Needs to be enabled on production installations.
      # If not enabled, pod restarts will lead to data loss.
      # Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
      enabled: false
      # -- Enables a initContainer to chown the volume.
      # The initContainer is run as root.
      # This is not needed if the driver applies the fsGroup from the securityContext.
      chownInitContainer: false
      # -- Storage class to use.
      # Uses the default storage class if not set.
      storageClassName:
      # -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
      accessModes:
        - ReadWriteMany
      # -- Size of the persistent volume.
      size: 10Gi
      # -- Persistent volume annotations.
      annotations: {}
      # -- Persistent volume finalizers.
      finalizers:
        - kubernetes.io/pvc-protection
      # -- Persistent volume selector labels.
      selectorLabels: {}
      # -- Use an existing PersistentVolumeClaim for persistence.
      existingClaim:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}


  # -- NOTIFICATIONS service. Not used if `features.emailNotifications.enabled` equals `true`.
  # @default -- see detailed service configuration options below
  notifications:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- OCDAV service.
  # @default -- see detailed service configuration options below
  ocdav:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- OCS service.
  # @default -- see detailed service configuration options below
  ocs:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- PROXY service.
  # @default -- see detailed service configuration options below
  proxy:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- SEARCH service.
  # @default -- see detailed service configuration options below
  search:
    persistence:
      # -- Enables persistence.
      # Needs to be enabled on production installations.
      # If not enabled, pod restarts will lead to data loss.
      # Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
      enabled: false
      # -- Enables a initContainer to chown the volume.
      # The initContainer is run as root.
      # This is not needed if the driver applies the fsGroup from the securityContext.
      chownInitContainer: false
      # -- Storage class to use.
      # Uses the default storage class if not set.
      storageClassName:
      # -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
      accessModes:
        - ReadWriteMany
      # -- Size of the persistent volume.
      size: 10Gi
      # -- Persistent volume annotations.
      annotations: {}
      # -- Persistent volume finalizers.
      finalizers:
        - kubernetes.io/pvc-protection
      # -- Persistent volume selector labels.
      selectorLabels: {}
      # -- Use an existing PersistentVolumeClaim for persistence.
      existingClaim:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- SETTINGS service.
  # @default -- see detailed service configuration options below
  settings:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- SHARING service.
  # @default -- see detailed service configuration options below
  sharing:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- STORAGE-PUBLICLINK service.
  # @default -- see detailed service configuration options below
  storagePublicLink:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- STORAGE-SHARES service.
  # @default -- see detailed service configuration options below
  storageShares:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- STORAGE-SYSTEM service.
  # @default -- see detailed service configuration options below
  storageSystem:
    persistence:
      # -- Enables persistence.
      # Needs to be enabled on production installations.
      # If not enabled, pod restarts will lead to data loss.
      # Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
      enabled: false
      # -- Enables a initContainer to chown the volume.
      # The initContainer is run as root.
      # This is not needed if the driver applies the fsGroup from the securityContext.
      chownInitContainer: false
      # -- Storage class to use.
      # Uses the default storage class if not set.
      storageClassName:
      # -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
      accessModes:
        - ReadWriteMany
      # -- Size of the persistent volume.
      size: 5Gi
      # -- Persistent volume annotations.
      annotations: {}
      # -- Persistent volume finalizers.
      finalizers:
        - kubernetes.io/pvc-protection
      # -- Persistent volume selector labels.
      selectorLabels: {}
      # -- Use an existing PersistentVolumeClaim for persistence.
      existingClaim:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- STORAGE-USERS service.
  # @default -- see detailed service configuration options below
  storageUsers:
    storageBackend:
      # -- Configures the storage driver. Possible values are "ocis" and "s3ng".
      # The oCIS driver stores all data in the persistent volume if persistence is enabled.
      # The S3NG driver stores all metadata in the persistent volume and uploads blobs to s3 if persistence is enabled.
      driver: ocis
      driverConfig:
        s3ng:
          # The S3NG driver needs an existing S3 bucket with following permissions:
          # {
          #     "Version": "2012-10-17",
          #     "Statement": [
          #         {
          #             "Sid": "ListObjectsInBucket",
          #             "Effect": "Allow",
          #             "Action": ["s3:ListBucket"],
          #             "Resource": ["arn:aws:s3:::bucket-name"]
          #         },
          #         {
          #             "Sid": "AllObjectActions",
          #             "Effect": "Allow",
          #             "Action": "s3:*Object",
          #             "Resource": ["arn:aws:s3:::bucket-name/*"]
          #         }
          #     ]
          # }

          # -- S3 endpoint to use for the S3NG driver. Only used if driver is set to "s3ng".
          endpoint: https://localhost:1234
          # -- S3 region to use for the S3NG driver. Only used if driver is set to "s3ng".
          region: default
          # -- S3 bucket to use for the S3NG driver. Only used if driver is set to "s3ng".
          bucket: example-bucket
          # -- S3 access key to use for the S3NG driver. Only used if driver is set to "s3ng".
          accessKey: lorem-ipsum
          # -- S3 secret key to use for the S3NG driver. Only used if driver is set to "s3ng".
          secretKey: lorem-ipsum
    maintenance:
      # Expired uploads can be cleaned up automatically by enabling the clean up job.
      cleanUpExpiredUploads:
        # -- Enables a job, that cleans up expired uploads. Requires persistence to be enabled and RWX storage.
        enabled: false
        # -- Cron pattern for the job to be run. Defaults to every minute.
        schedule: "* * * * *"
    persistence:
      # -- Enables persistence.
      # Needs to be enabled on production installations.
      # If not enabled, pod restarts will lead to data loss.
      # Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
      enabled: false
      # -- Enables a initContainer to chown the volume.
      # The initContainer is run as root.
      # This is not needed if the driver applies the fsGroup from the securityContext.
      chownInitContainer: false
      # -- Storage class to use.
      # Uses the default storage class if not set.
      storageClassName:
      # -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
      accessModes:
        - ReadWriteMany
      # -- Size of the persistent volume.
      size: 50Gi
      # -- Persistent volume annotations.
      annotations: {}
      # -- Persistent volume finalizers.
      finalizers:
        - kubernetes.io/pvc-protection
      # -- Persistent volume selector labels.
      selectorLabels: {}
      # -- Use an existing PersistentVolumeClaim for persistence.
      existingClaim:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}


  # -- STORE service.
  # @default -- see detailed service configuration options below
  store:
    persistence:
      # -- Enables persistence.
      # Needs to be enabled on production installations.
      # If not enabled, pod restarts will lead to data loss.
      # Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
      enabled: false
      # -- Enables a initContainer to chown the volume.
      # The initContainer is run as root.
      # This is not needed if the driver applies the fsGroup from the securityContext.
      chownInitContainer: false
      # -- Storage class to use.
      # Uses the default storage class if not set.
      storageClassName:
      # -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
      accessModes:
        - ReadWriteMany
      # -- Size of the persistent volume.
      size: 5Gi
      # -- Persistent volume annotations.
      annotations: {}
      # -- Persistent volume finalizers.
      finalizers:
        - kubernetes.io/pvc-protection
      # -- Persistent volume selector labels.
      selectorLabels: {}
      # -- Use an existing PersistentVolumeClaim for persistence.
      existingClaim:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- THUMBNAILS service.
  # @default -- see detailed service configuration options below
  thumbnails:
    persistence:
      # -- Enables persistence.
      # Is recommended to be enabled on production installations.
      # If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances.
      # If not enabled, thumbnail generation might lead to higher CPU usage.
      enabled: false
      # -- Enables a initContainer to chown the volume.
      # The initContainer is run as root.
      # This is not needed if the driver applies the fsGroup from the securityContext.
      chownInitContainer: false
      # -- Storage class to use.
      # Uses the default storage class if not set.
      storageClassName:
      # -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance or persistence needs to be disabled.
      accessModes:
        - ReadWriteMany
      # -- Size of the persistent volume.
      size: 10Gi
      # -- Persistent volume annotations.
      annotations: {}
      # -- Persistent volume finalizers.
      finalizers: []
      # -- Persistent volume selector labels.
      selectorLabels: {}
      # -- Use an existing PersistentVolumeClaim for persistence.
      existingClaim:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- USERS service.
  # @default -- see detailed service configuration options below
  users:
      # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- ownCloud WEB service.
  # @default -- see detailed service configuration options below
  web:
    # Configuration for web, that ends up in the config.json file.
    config:
      # -- Disables the feedback link in the Web UI.
      disableFeedbackLink: false
      # -- Configure the {"apps": []} section in the Web config.json.
      apps: []
        # default apps, add and remove apps as desired
        # - files
        # - search
        # - text-editor
        # - pdf-viewer
        # - external
        # - user-management
      # -- Configure the {"applications": []} section in the Web config.json.
      applications: []
        # example for an user manual homepage, that will be linked in the app drawer
        # - icon: book-read
        #   url: "https://manual.owncloud.test"
        #   target: _blank
        #   title:
        #     de: Anleitung
        #     en: Manual
      # -- Configure the {"external_apps": []} section in the Web config.json.
      externalApplications: []
        # default external application of Web, add and remove apps as desired
        # - id: preview
        #   path: web-app-preview
        #   config:
        #     mimeTypes:
        #       - image/tiff
        #       - image/bmp
        #       - image/x-ms-bmp
        # - id: settings
        #   path: /settings.js
      theme:
        # -- URL to load themes from. Will be prepended to the theme path. Defaults to the value of "externalDomain".
        server: ""
        # -- URL path to load themes from. The theme server will be prepended. Defaults to the ownCloud Web default theme.
        path: ""
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}

  # -- WEBDAV service.
  # @default -- see detailed service configuration options below
  webdav:
    # -- Per-service resources configuration. Overrides the default setting from `resources` if set.
    resources: {}