values.yaml
Chart Version: 0.1.0
Note, to improve readbility, syntax highlighting is used. A drawback is that, links in comments are not clickable. See the Values Description page where the links can be clicked.
---
# Image for oCIS services
image:
# -- Image repository
repository: owncloud/ocis
# -- Image tag. Defaults to the chart's appVersion.
tag: ""
# -- Image sha / digest (optional).
sha: ""
# -- Image pull policy
pullPolicy: IfNotPresent
# Logging settings for oCIS services
logging:
# -- Log level. Valid values: `panic`, `fatal`, `error`, `warn`, `info`, `debug`, `trace`.
level: "error"
# -- Activates pretty log output.
# Not recommended for production installations.
pretty: "false"
# -- Activates colorized log output.
# Not recommended for production installations.
color: "false"
# Debug settings for the oCIS service
debug:
# -- Profiling enables the http://<pod>:<debug-metrics>/debug/pprof endpoint to inspect various Go runtime internals.
# You can use the endpoint on your machine by forwarding the port, eg: `kubectl port-forward -n ocis pod/auth-basic-8587dc9d64-fs24l 9147:9147`
# and then accessing the port on https://localhost:9147/debug/pprof or using the pprof command line tool: `go tool pprof -web http://localhost:9147/debug/pprof/symbol\?seconds\=10`
profiling: false
# -- Deployment strategy.
deploymentStrategy:
type: RollingUpdate
# -- Domain where oCIS is reachable for the outside world
externalDomain: ocis.owncloud.test
# Insecure options.
# These are useful for some limited environments like CI or on a test cluster.
insecure:
# -- Disables SSL certificate checking for connections to the openID connect identity provider.
# Not recommended for production installations.
oidcIdpInsecure: false
# -- Disables SSL certificate checking for connections to the oCIS http apis.
# Not recommended for production installations.
ocisHttpApiInsecure: false
cache:
# -- Type of the cache to use. To disable the cache, set to "noop".
# Can be set to "redis", then the address of Redis nodes needs to be set to `cache.nodes`.
type: noop
# -- Nodes of the cache to use.
nodes: []
# nodes:
# - redis-master-1.ocis-redis.svc.cluster.local:6379
# - redis-master-2.ocis-redis.svc.cluster.local:6379
# Feature options.
# Enable or disable features of oCIS.
features:
# -- Enable basic authentication.
# Not recommended for production installations.
basicAuthentication: false
# -- Create demo users on the first startup.
# Not recommended for production installations.
demoUsers: false
emailNotifications:
# -- Enables email notifications.
# This features needs the secret from notificationsSmtpSecretRef present.
enabled: false
smtp:
# -- SMTP host to connect to.
host:
# -- Port of the SMTP host to connect to.
port:
# -- Sender address of emails that will be sent. Example: 'ownCloud <noreply@example.com>'
sender:
# -- Authentication method for the SMTP communication. Possible values are ‘login’, ‘plain’, ‘crammd5’, ‘none’
authentication: none
# -- Encryption method for the SMTP communication. Possible values are ‘starttls’, ‘ssl’, ‘ssltls’, ‘tls’ and ‘none’.
encryption: none
# Apps integration
appsIntegration:
# -- Enables the apps integration.
enabled: false
# WOPI (office suite integration) needs an cs3org/wopiserver and at least one office suite.
wopiIntegration:
# -- URL of the cs3org/wopiserver. Can be deployed with this Chart.
wopiServerURI: https://wopiserver.owncloud.test
# List of WOPI compliant office suites.
officeSuites:
- # -- Name of the office suite. Will be displayed to the users.
name: Collabora
# -- Enables the office suite.
enabled: false
# -- URI of the office suite.
uri: https://collabora.owncloud.test
# -- URI for the icon of the office suite. Will be displayed to the users.
iconURI: https://collabora.owncloud.test/favicon.ico
# -- Disables SSL certificate checking for connections to the office suites http api.
# Not recommended for production installations.
insecure: false
- # -- Name of the office suite. Will be displayed to the users.
name: OnlyOffice
# -- Enables the office suite.
enabled: false
# -- URI of the office suite.
uri: https://onlyoffice.owncloud.test
# -- URI for the icon of the office suite. Will be displayed to the users.
iconURI: https://onlyoffice.owncloud.test/web-apps/apps/documenteditor/main/resources/img/favicon.ico
# -- Disables SSL certificate checking for connections to the office suites http api.
# Not recommended for production installations.
insecure: false
# -- Mimetype configuration.
# Let's you configure a mimetypes' default application, if it is allowed to create a new file and more.
# @default -- default configuration of oCIS, see doc.owncloud.com
mimetypes: []
# - mime_type: application/vnd.oasis.opendocument.text
# extension: odt
# name: OpenDocument
# description: OpenDocument text document
# icon: ""
# default_app: ""
# allow_creation: true
# External user management
externalUserManagement:
# -- Enables external user management (and disables internal user management).
# Needs an external OpenID Connect Identity Provider and an external LDAP server.
enabled: false
# -- UUID of the inital admin user.
# If the given value matches a user's value from `features.externalUserManagement.oidc.userIDClaim`, the admin role will be assigned.
adminUUID: ""
# OpenID Connect Identity provider related settings.
oidc:
# -- Issuer URI of the OpenID Connect Identity Provider.
# If the IDP doesn't have valid / trusted SSL certificates, certificate validation can be disabled with the `insecure.oidcIdpInsecure` option.
issuerURI: https://idp.owncloud.test/realms/ocis
# -- Claim to take an unique user identifier from. It will be used to look up the user on the LDAP server.
userIDClaim: ocis.user.uuid
# -- Attribute mapping of for the userIDClaim.
# Set to `userid` if the claim specified in `...oidc.userIDClaim` holds the value of the ldap user attribute specified in `...ldap.user.schema.id`.
# Set to `mail` if the claim specified in `...oidc.userIDClaim` holds the value of the ldap user attribute specified in `...ldap.user.schema.mail`.
# Set to `username` if the claim specified in `...oidc.userIDClaim` holds the value of the ldap user attribute specified in `...ldap.user.schema.id`.
userIDClaimAttributeMapping: userid
# LDAP related settings.
ldap:
# -- URI to connect to the LDAP secure server.
uri: ldaps://ldaps.owncloud.test
# -- Set only to false, if the certificate of your LDAP secure service is not trusted.
# If set to false, you need to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"
certTrusted: true
# -- Disables SSL certificate checking for connections to the LDAP server.
# -- For self signed certificates, consider to put the CA cert of the LDAP secure server into the secret referenced by "ldapCaRef"
# Not recommended for production installations.
insecure: false
# -- DN of the user to use to bind to the LDAP server.
# The password for the user needs to be set in the secret referenced by `secretRefs.ldapSecretRef` as `reva-ldap-bind-password`.
# The user needs to have permission to list users and groups.
bindDN: uid=ocis,ou=system-users,dc=owncloud,dc=test
user:
schema:
# -- LDAP Attribute to use as the unique id for users. This should be a stable globally unique id like a UUID.
id: ownclouduuid
# -- Set this to true if the defined `id` attribute for users is of the `OCTETSTRING` syntax. This is e.g. required when using the `objectGUID` attribute of Active Directory for the user ID`s.
idIsOctetString: false
# -- LDAP Attribute to use for the email address of users.
mail: mail
# -- LDAP Attribute to use for the displayname of users.
displayName: displayname
# -- LDAP Attribute to use for username of users.
userName: uid
# -- Search base DN for looking up LDAP users.
baseDN: ou=users,dc=owncloud,dc=com
# -- LDAP search scope to use when looking up users. Supported values are `base`, `one` and `sub`.
scope: sub
# -- Type of substring search filter to use for substring searches for users. Possible values: `initial` for doing prefix only searches, `final` for doing suffix only searches or `any` for doing full substring searches
substringFilterType: any
# -- LDAP filter to add to the default filters for user search like `(objectclass=ownCloud)`.
filter:
# -- The object class to use for users in the default user search filter like `inetOrgPerson`.
objectClass: inetOrgPerson
group:
schema:
# -- LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID.
id: ownclouduuid
# -- Set this to true if the defined `id` attribute for groups is of the `OCTETSTRING` syntax. This is e.g. required when using the `objectGUID` attribute of Active Directory for the group ID`s.
idIsOctetString: false
# -- LDAP Attribute to use for the email address of groups (can be empty).
mail: mail
# -- LDAP Attribute to use for the displayname of groups (often the same as groupname attribute).
displayName: cn
# -- LDAP Attribute to use for the name of groups.
groupName: cn
# -- LDAP Attribute that is used for group members.
member: member
# -- Search base DN for looking up LDAP groups.
baseDN: ou=groups,dc=owncloud,dc=com
# -- LDAP search scope to use when looking up groups. Supported values are `base`, `one` and `sub`.
scope: sub
# -- LDAP filter to add to the default filters for group searches.
filter:
# -- The object class to use for groups in the default group search filter like `groupOfNames`.
objectClass: groupOfNames
# Ingress for oCIS.
ingress:
# -- Enables the Ingress.
enabled: false
# -- Ingress class to use.
# Uses the default ingress class if not set.
ingressClassName:
# -- Ingress annotations.
annotations: {}
# -- Labels for the ingress.
labels: {}
# -- Ingress TLS configuration.
tls: []
# - secretName: chart-example-tls
# hosts:
# - ocis.owncloud.test
# References to ConfigMaps.
# The ConfigMaps need to be manually created.
# See doc.owncloud.com for how to generate them.
configRefs:
# -- Reference to an existing storage-users config.
storageUsersConfigRef: "storage-users"
# References to secrets.
# The secrets need to be manually created.
# See doc.owncloud.com for how to generate them.
secretRefs:
# -- Reference to an existing admin user secret (see Secrets). Not used if `features.externalUserManagement.enabled` equals `true`.
adminUserSecretRef: "admin-user"
# -- Reference to an existing IDP secret (see Secrets). Not used if `features.externalUserManagement.enabled` equals `true`.
idpSecretRef: "idp-secrets"
# -- Reference to an existing JWT secret (see Secrets).
jwtSecretRef: "jwt-secret"
# -- Reference to an existing LDAP certificate authority secret (see Secrets)
ldapCaRef: "ldap-ca"
# -- Reference to an existing LDAP cert secret (see Secrets). Not used if `features.externalUserManagement.enabled` equals `true`.
ldapCertRef: "ldap-cert"
# -- Reference to an existing LDAP bind secret (see Secrets).
ldapSecretRef: "ldap-bind-secrets"
# -- Reference to an existing machine auth api key secret (see Secrets)
machineAuthApiKeySecretRef: "machine-auth-api-key"
# -- Reference to an existing SMTP email server settings secret (see Secrets). Not used if `features.emailNotifications.enabled` equals `false`.
notificationsSmtpSecretRef: "notifications-smtp-secret"
# -- Reference to an existing storage-system JWT secret (see Secrets)
storageSystemJwtSecretRef: "storage-system-jwt-secret"
# -- Reference to an existing storage-system secret (see Secrets)
storageSystemSecretRef: "storage-system"
# -- Reference to an existing thumbnails transfer secret (see Secrets)
thumbnailsSecretRef: "thumbnails-transfer-secret"
# -- Reference to an existing transfer secret (see Secrets)
transferSecretSecretRef: "transfer-secret"
# Security context options.
securityContext:
# -- File system group for all volumes.
fsGroup: 1000
# -- File system group change policy for all volumes.
# Possible values "Always" and "OnRootMismatch".
fsGroupChangePolicy: "OnRootMismatch"
# -- User ID that all processes within any containers will run with.
runAsUser: 1000
# -- Group ID that all processes within any containers will run with.
runAsGroup: 1000
# -- TopologySpreadConstraints controls how Pods of a service are spread across the cluster among failure-domains.
# Defaults to allow skew no more then 1 node per node.
# Passed through tpl and therefore needs to be configured as string.
topologySpreadConstraints: "" # |
# - maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app: {{ .appName }}
# -- Custom labels for all manifests
extraLabels: {}
# -- Override the deployment namespace of all resources in this Helm chart.
namespaceOverride:
# -- Number of replicas for each scalable service. Has no effect when `autoscaling.enabled` is set to `true`.
replicas: 1
# Autoscaling settings.
autoscaling:
# -- Enables autoscaling. When set to `true`, `replicas` is no longer applied.
enabled: false
# -- Sets minimum replicas for autoscaling.
minReplicas: 3
# -- Sets maximum replicas for autoscaling.
maxReplicas: 10
# -- Metrics to use for autoscaling
metrics: []
# Kubernetes pre 1.25
# metrics:
# - type: Resource
# resource:
# name: cpu
# targetAverageUtilization: 60
# - type: Resource
# resource:
# name: memory
# targetAverageUtilization: 60
# Kubernetes 1.25+
# metrics:
# - type: Resource
# resource:
# name: cpu
# target:
# type: Utilization
# averageUtilization: 60
# - type: Resource
# resource:
# name: memory
# target:
# type: Utilization
# averageUtilization: 60
# -- Default resources to apply to all services, except per-service resources configuration in `services.<service-name>.resources` is set.
# Best practice is to:
# - set memory request == memory limit (compare to https://home.robusta.dev/blog/kubernetes-memory-limit)
# - set cpu request and omit cpu limit (compare to https://home.robusta.dev/blog/stop-using-cpu-limits)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Include arbitrary resources, eg. config maps or a cert-manager issuer (see example below)
# -- Extra resources to be included.
extraResources: []
# - |
# apiVersion: cert-manager.io/v1alpha2
# kind: Issuer
# metadata:
# name: ocis-certificate-issuer
# namespace: ocis
# spec:
# acme:
# server: https://acme-v02.api.letsencrypt.org/directory
# email: test@example.com
# privateKeySecretRef:
# name: ocis-certificate-issuer
# solvers:
# - http01:
# ingress:
# class: nginx
# per-service configuration.
services:
# -- APP PROVIDER service. Not used if `features.appsIntegration.enabled` equals `false`.
# @default -- see detailed service configuration options below
appProvider:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- APP REGISTRY service. Not used if `features.appsIntegration.enabled` equals `false`.
# @default -- see detailed service configuration options below
appRegistry:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- AUDIT service.
# @default -- see detailed service configuration options below
audit:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- AUTH BASIC service. Not used if `features.externalUserManagement.enabled` equals `true`.
# @default -- see detailed service configuration options below
authBasic:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- AUTH MACHINE service.
# @default -- see detailed service configuration options below
authMachine:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- FRONTEND service.
# @default -- see detailed service configuration options below
frontend:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- GATEWAY service.
# @default -- see detailed service configuration options below
gateway:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- GRAPH service.
# @default -- see detailed service configuration options below
graph:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- GROUPS service.
# @default -- see detailed service configuration options below
groups:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- IDM service. Not used if `features.externalUserManagement.enabled` equals `true`.
# @default -- see detailed service configuration options below
idm:
persistence:
# -- Enables persistence.
# Needs to be enabled on production installations, except `features.externalUserManagement.enabled` equals `true`.
# If not enabled, pod restarts will lead to data loss.
# Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
enabled: false
# -- Enables a initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
accessModes:
- ReadWriteMany
# -- Size of the persistent volume.
size: 10Gi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers:
- kubernetes.io/pvc-protection
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- IDP service. Not used if `features.externalUserManagement.enabled` equals `true`.
# @default -- see detailed service configuration options below
idp:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- NATS service.
# @default -- see detailed service configuration options below
nats:
persistence:
# -- Enables persistence.
# Needs to be enabled on production installations.
# If not enabled, pod restarts will lead to data loss.
# Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
enabled: false
# -- Enables a initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
accessModes:
- ReadWriteMany
# -- Size of the persistent volume.
size: 10Gi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers:
- kubernetes.io/pvc-protection
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- NOTIFICATIONS service. Not used if `features.emailNotifications.enabled` equals `true`.
# @default -- see detailed service configuration options below
notifications:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- OCDAV service.
# @default -- see detailed service configuration options below
ocdav:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- OCS service.
# @default -- see detailed service configuration options below
ocs:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- PROXY service.
# @default -- see detailed service configuration options below
proxy:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- SEARCH service.
# @default -- see detailed service configuration options below
search:
persistence:
# -- Enables persistence.
# Needs to be enabled on production installations.
# If not enabled, pod restarts will lead to data loss.
# Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
enabled: false
# -- Enables a initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
accessModes:
- ReadWriteMany
# -- Size of the persistent volume.
size: 10Gi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers:
- kubernetes.io/pvc-protection
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- SETTINGS service.
# @default -- see detailed service configuration options below
settings:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- SHARING service.
# @default -- see detailed service configuration options below
sharing:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- STORAGE-PUBLICLINK service.
# @default -- see detailed service configuration options below
storagePublicLink:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- STORAGE-SHARES service.
# @default -- see detailed service configuration options below
storageShares:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- STORAGE-SYSTEM service.
# @default -- see detailed service configuration options below
storageSystem:
persistence:
# -- Enables persistence.
# Needs to be enabled on production installations.
# If not enabled, pod restarts will lead to data loss.
# Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
enabled: false
# -- Enables a initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
accessModes:
- ReadWriteMany
# -- Size of the persistent volume.
size: 5Gi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers:
- kubernetes.io/pvc-protection
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- STORAGE-USERS service.
# @default -- see detailed service configuration options below
storageUsers:
storageBackend:
# -- Configures the storage driver. Possible values are "ocis" and "s3ng".
# The oCIS driver stores all data in the persistent volume if persistence is enabled.
# The S3NG driver stores all metadata in the persistent volume and uploads blobs to s3 if persistence is enabled.
driver: ocis
driverConfig:
s3ng:
# The S3NG driver needs an existing S3 bucket with following permissions:
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Sid": "ListObjectsInBucket",
# "Effect": "Allow",
# "Action": ["s3:ListBucket"],
# "Resource": ["arn:aws:s3:::bucket-name"]
# },
# {
# "Sid": "AllObjectActions",
# "Effect": "Allow",
# "Action": "s3:*Object",
# "Resource": ["arn:aws:s3:::bucket-name/*"]
# }
# ]
# }
# -- S3 endpoint to use for the S3NG driver. Only used if driver is set to "s3ng".
endpoint: https://localhost:1234
# -- S3 region to use for the S3NG driver. Only used if driver is set to "s3ng".
region: default
# -- S3 bucket to use for the S3NG driver. Only used if driver is set to "s3ng".
bucket: example-bucket
# -- S3 access key to use for the S3NG driver. Only used if driver is set to "s3ng".
accessKey: lorem-ipsum
# -- S3 secret key to use for the S3NG driver. Only used if driver is set to "s3ng".
secretKey: lorem-ipsum
maintenance:
# Expired uploads can be cleaned up automatically by enabling the clean up job.
cleanUpExpiredUploads:
# -- Enables a job, that cleans up expired uploads. Requires persistence to be enabled and RWX storage.
enabled: false
# -- Cron pattern for the job to be run. Defaults to every minute.
schedule: "* * * * *"
persistence:
# -- Enables persistence.
# Needs to be enabled on production installations.
# If not enabled, pod restarts will lead to data loss.
# Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
enabled: false
# -- Enables a initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
accessModes:
- ReadWriteMany
# -- Size of the persistent volume.
size: 50Gi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers:
- kubernetes.io/pvc-protection
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- STORE service.
# @default -- see detailed service configuration options below
store:
persistence:
# -- Enables persistence.
# Needs to be enabled on production installations.
# If not enabled, pod restarts will lead to data loss.
# Also scaling this service beyond one instance is not possible if the service instances don't share the same storage.
enabled: false
# -- Enables a initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance.
accessModes:
- ReadWriteMany
# -- Size of the persistent volume.
size: 5Gi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers:
- kubernetes.io/pvc-protection
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- THUMBNAILS service.
# @default -- see detailed service configuration options below
thumbnails:
persistence:
# -- Enables persistence.
# Is recommended to be enabled on production installations.
# If enabled, generated thumbnails are cached on this volume and available across pod restarts and service instances.
# If not enabled, thumbnail generation might lead to higher CPU usage.
enabled: false
# -- Enables a initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when scaling this service beyond one instance or persistence needs to be disabled.
accessModes:
- ReadWriteMany
# -- Size of the persistent volume.
size: 10Gi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers: []
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- USERS service.
# @default -- see detailed service configuration options below
users:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- ownCloud WEB service.
# @default -- see detailed service configuration options below
web:
# Configuration for web, that ends up in the config.json file.
config:
# -- Disables the feedback link in the Web UI.
disableFeedbackLink: false
# -- Configure the {"apps": []} section in the Web config.json.
apps: []
# default apps, add and remove apps as desired
# - files
# - search
# - text-editor
# - pdf-viewer
# - external
# - user-management
# -- Configure the {"applications": []} section in the Web config.json.
applications: []
# example for an user manual homepage, that will be linked in the app drawer
# - icon: book-read
# url: "https://manual.owncloud.test"
# target: _blank
# title:
# de: Anleitung
# en: Manual
# -- Configure the {"external_apps": []} section in the Web config.json.
externalApplications: []
# default external application of Web, add and remove apps as desired
# - id: preview
# path: web-app-preview
# config:
# mimeTypes:
# - image/tiff
# - image/bmp
# - image/x-ms-bmp
# - id: settings
# path: /settings.js
theme:
# -- URL to load themes from. Will be prepended to the theme path. Defaults to the value of "externalDomain".
server: ""
# -- URL path to load themes from. The theme server will be prepended. Defaults to the ownCloud Web default theme.
path: ""
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- WEBDAV service.
# @default -- see detailed service configuration options below
webdav:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}