owncloud · Excds · May 23, 2023 · May 22, 2023 · May 22, 2023 · May 22, 2023
diff --git a/deployments/development-install/README.md b/deployments/development-install/README.md
@@ -0,0 +1,49 @@
+# oCIS development deployment example
+
+## Introduction
+
+This example will deploy a mostly default oCIS setup to kubernetes. The intent is that this will
+work "out of the box" after a `helmfile sync`.
+
+***Note***: This example is not intended for production use. It is intended to get a working oCIS
+development running in kubernetes as quickly as possible. It is not hardened in any way.
+
+## Getting started
+
+### Prerequisites
+
+This example requires the following things to be installed:
+
+- [Kubernetes](https://kubernetes.io/) cluster, with an ingress controller installed.
+- [Helm](https://helm.sh/) v3
+- [Helm diff](https://github.com/databus23/helm-diff)
+- [Helmfile](https://github.com/roboll/helmfile)
+
+### End result
+
+After following the steps in this guide, you should be able to access the following endpoint, you 
+may want to add these to your `/etc/hosts` file pointing to your ingress controller IP:
+
+- https://ocis.kube.owncloud.test
+
+Note that if you want to use your own host, you will have to change the `externalDomain` value.
+
+### Deploying
+
+In this directory, run the following commands:
+
+```bash
+$ helmfile sync
+```
+
+This will deploy all the needed steps.
+
+### Logging in
+
+You can get the admin password with the following command: 
+
+```bash
+$ kubectl -n ocis get secret admin-user -o go-template --template="{{.data.password | base64decode }}"
+```
+
+You can use this password to login with the user `admin`.
diff --git a/deployments/development-install/helmfile.yaml b/deployments/development-install/helmfile.yaml
@@ -0,0 +1,188 @@
+releases:
+  - name: ocis
+    chart: ../../charts/ocis
+    namespace: ocis
+    values:
+      - externalDomain: ocis.kube.owncloud.test
+      - ingress:
+          enabled: true
+          ingressClassName: nginx
+          annotations:
+            nginx.ingress.kubernetes.io/proxy-body-size: 1024m
+
+      - logging:
+          level: debug
+
+      - insecure:
+          oidcIdpInsecure: true
+          ocisHttpApiInsecure: true
+
+      - services:
+          idm:
+            persistence:
+              enabled: true
+              chownInitContainer: true
+              accessModes:
+                - ReadWriteOnce
+
+          nats:
+            persistence:
+              enabled: true
+              chownInitContainer: true
+              accessModes:
+                - ReadWriteOnce
+
+          search:
+            persistence:
+              enabled: true
+              chownInitContainer: true
+              accessModes:
+                - ReadWriteOnce
+
+          storagesystem:
+            persistence:
+              enabled: true
+              chownInitContainer: true
+              accessModes:
+                - ReadWriteOnce
+
+          storageusers:
+            persistence:
+              enabled: true
+              chownInitContainer: true
+              accessModes:
+                - ReadWriteOnce
+
+          store:
+            persistence:
+              enabled: true
+              chownInitContainer: true
+              accessModes:
+                - ReadWriteOnce
+            extraLabels:
+              foo: bar
+
+          thumbnails:
+            persistence:
+              enabled: true
+              chownInitContainer: true
+              accessModes:
+                - ReadWriteOnce
+
+      - extraResources:
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: jwt-secret
+            type: Opaque
+            data:
+              jwt-secret: {{ randAlphaNum 30 | b64enc | quote }}
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: machine-auth-api-key
+            type: Opaque
+            data:
+              machine-auth-api-key: {{ randAlphaNum 30 | b64enc | quote }}
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: storage-system-jwt-secret
+            type: Opaque
+            data:
+              storage-system-jwt-secret: {{ randAlphaNum 30 | b64enc | quote }}
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: storage-system
+            type: Opaque
+            data:
+              api-key: {{ randAlphaNum 30 | b64enc | quote }}
+              user-id: {{ uuidv4 | b64enc | quote }}
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: transfer-secret
+            type: Opaque
+            data:
+              transfer-secret: {{ randAlphaNum 30 | b64enc | quote }}
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: thumbnails-transfer-secret
+            type: Opaque
+            data:
+              thumbnails-transfer-secret: {{ randAlphaNum 30 | b64enc | quote }}
+
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: ldap-bind-secrets
+            type: Opaque
+            data:
+              reva-ldap-bind-password: {{ randAlphaNum 30 | b64enc | quote }}
+              idp-ldap-bind-password: {{ randAlphaNum 30 | b64enc | quote }}
+              graph-ldap-bind-password: {{ randAlphaNum 30 | b64enc | quote }}
+
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: ldap-ca
+            type: Opaque
+            {{ $ca := genCA "ldap-ca" 365 -}}
+            data:
+              ldap-ca.crt: {{ $ca.Cert | b64enc | quote }}
+
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: ldap-cert
+            type: Opaque
+            {{ $lcapCert := genSignedCert "idm" nil (list "idm") 365 $ca -}}
+            data:
+              ldap.key: {{ $lcapCert.Key | b64enc | quote }}
+              ldap.crt: {{ $lcapCert.Cert | b64enc | quote }}
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: admin-user
+            type: Opaque
+            data:
+              user-id: {{ uuidv4 | b64enc | quote }}
+              password: {{ randAlphaNum 10 | b64enc | quote }}
+
+          - |
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: idp-secrets
+            type: Opaque
+            {{ $privKey := genPrivateKey "rsa" }}
+            data:
+              encryption.key: {{ randAscii 32 | b64enc | quote }}
+              private-key.pem: {{ $privKey | b64enc | quote }}
+          - |
+            apiVersion: v1
+            kind: ConfigMap
+            metadata:
+              name: storage-users
+            data:
+              storage-uuid: 1284d238-aa92-42ce-bdc4-0b0000009157
+
+          - |
+            apiVersion: v1
+            kind: ConfigMap
+            metadata:
+              name: graph
+            data:
+              application-id: 6daae694-6fc4-4421-82a5-7a9c7d7e58b4