A Configuration Parameters for the oud-ds-rs Helm Chart
The following table lists the configurable parameters of the oud-ds-rs
chart and their default values.
| Parameter | Description | Default Value |
|---|---|---|
| replicaCount | Number of DS+RS instances/pods/services to be created with replication enabled against a base Oracle Unified Directory instance/pod. | 3 |
| restartPolicyName | restartPolicy to be configured for each POD containing Oracle Unified Directory instance | OnFailure |
| image.repository | Oracle Unified Directory Image Registry/Repository and name. Based on this, image parameter would be configured for Oracle Unified Directory pods/containers. | oracle/oud |
| image.tag | Oracle Unified Directory Image Tag. Based on this, image parameter would be configured for Oracle Unified Directory pods/containers. | 14.1.2.1.0 |
| image.pullPolicy | Policy to pull the image. | IfnotPresent |
| imagePullSecrets.name | Name of Secret resource containing private registry credentials. | regcred |
| nameOverride | override the fullname with this name. | |
| fullnameOverride | Overrides the fullname with the provided string. | |
| serviceAccount.create | Specifies whether a service account should be created. | true |
| serviceAccount.name | If not set and create is true, a name is generated using the fullname template. | oud-ds-rs-< fullname >-token-< randomalphanum > |
| podSecurityContext | Security context policies to add to the controller pod. | |
| securityContext | Security context policies to add by default. | |
| service.type | Type of controller service to create. | ClusterIP |
| nodeSelector | Node labels for pod assignment. | |
| tolerations | Node taints to tolerate. | |
| affinity | Node/pod affinities. | |
| ingress.enabled | true | |
| ingress.type | Supported value: nginx. | nginx |
| ingress.nginx.http.host | Hostname to be used with Ingress Rules. If not set, hostname would be configured according to fullname. Hosts would be configured as < fullname >-http.< domain >, < fullname >-http-0.< domain >, < fullname >-http-1.< domain >, etc. | |
| ingress.nginx.http.domain | Domain name to be used with Ingress Rules. In ingress rules, hosts would be configured as < host >.< domain >, < host >-0.< domain >, < host >-1.< domain >, etc. | |
| ingress.nginx.http.backendPort | http | |
| ingress.nginx.http.nginxAnnotation | { ingressClassName: “nginx" } | |
| ingress.nginx.admin.host | Hostname to be used with Ingress Rules. If not set, hostname would be configured according to fullname. Hosts would be configured as < fullname >-admin.< domain >, < fullname >-admin-0.< domain >, < fullname >-admin-1.< domain >, etc. | |
| ingress.nginx.admin.domain | Domain name to be used with Ingress Rules. In ingress rules, hosts would be configured as < host >.< domain >, < host >-0.< domain >, < host >-1.< domain >, etc. | |
| ingress.nginx.admin.nginxAnnotations | { ingressClassName: “nginx” nginx.ingress.kubernetes.io/backend-protocol: “https"} | |
| ingress.ingress.tlsSecret | Secret name to use an already created TLS Secret. If such secret is not provided, one would be created with name < fullname >-tls-cert. If the TLS Secret is in different namespace, name can be mentioned as < namespace >/< tlsSecretName > | |
| ingress.certCN | Subject’s common name (cn) for SelfSigned Cert. | < fullname > |
| secret.enabled | If enabled it will use the secret created with base64 encoding. if value is false, secret would not be used and input values (through –set, –values, etc.) would be used while creation of pods. | true |
| secret.name | Secret name to use an already created xecret. | oud-ds-rs-< fullname >-creds |
| secret.type | Specifies the type of the secret | Opaque |
| persistence.enabled | If enabled, it will use the persistent volume. if value is false, PV and PVC would not be used and pods would be using the default emptyDir mount volume. | true |
| persistence.pvname | pvname to use an already created Persistent Volume , If blank will use the default name. | oud-ds-rs-< fullname >-pv |
| persistence.pvcname | pvcname to use an already created Persistent Volume Claim , If blank will use default name. | oud-ds-rs-< fullname >-pvc |
| persistence.type | supported values: either filesystem or networkstorage or blockstorage or custom. | filesystem |
| persistence.filesystem.hostPath.path | The path location mentioned should be created and accessible from the local host provided with necessary privileges for the user. | /scratch/shared/oud_user_projects |
| persistence.networkstorage.nfs.path | Path of NFS Share location. | /scratch/shared/oud_user_projects |
| persistence.networkstorage.nfs.server | IP or hostname of NFS Server. | 0.0.0.0 |
| persistence.custom.* | Based on values/data, YAML content would be included in PersistenceVolume Object. | |
| persistence.accessMode | Specifies the access mode of the location provided. ReadWriteMany for Filesystem/NFS, ReadWriteOnce for block storage. | ReadWriteMany |
| persistence.size | Specifies the size of the storage. | 10Gi |
| persistence.storageClassCreate | If true, it will create the storageclass. if value is false, please provide existing storage class (storageClass) to be used. | empty |
| persistence.storageClass | Specifies the storageclass of the persistence volume. | empty |
| persistence.provisioner | If storageClassCreate is true, provide the custom provisioner if any. | kubernetes.io/is-default-class |
| persistence.annotations | specifies any annotations that will be used. | { } |
| configVolume.enabled | If enabled, it will use the persistent volume. If value is false, PV and PVC would not be used and pods would be using the default emptyDir mount volume. | true |
| configVolume.mountPath | If enabled, it will use the persistent volume. If value is false, PV and PVC would not be used and there would not be any mount point available for config. | false |
| configVolume.pvname | pvname to use an already created Persistent Volume , If blank will use the default name. | oud-ds-rs-< fullname >-pv-config |
| configVolume.pvcname | pvcname to use an already created Persistent Volume Claim , If blank will use default name | oud-ds-rs-< fullname >-pvc-config |
| configVolume.type | supported values: either filesystem or networkstorage or custom. | filesystem |
| configVolume.filesystem.hostPath.path | The path location mentioned should be created and accessible from the local host provided with necessary privileges for the user. | /scratch/shared/oud_user_projects |
| configVolume.networkstorage.nfs.path | Path of NFS Share location. | /scratch/shared/oud_config |
| configVolume.networkstorage.nfs.server | IP or hostname of NFS Server. | 0.0.0.0 |
| configVolume.custom.* | Based on values/data, YAML content would be included in PersistenceVolume Object. | |
| configVolume.accessMode | Specifies the access mode of the location provided. | ReadWriteMany |
| configVolume.size | Specifies the size of the storage. | 10Gi |
| configVolume.storageClass | Specifies the storageclass of the persistence volume. | empty |
| configVolume.annotations | Specifies any annotations that will be used. | { } |
| configVolume.storageClassCreate | If true, it will create the storageclass. if value is false, provide existing storage class (storageClass) to be used. | true |
| configVolume.provisioner | If configVolume.storageClassCreate is true, please provide the custom provisioner if any. | kubernetes.io/is-default-class |
| oudPorts.adminldaps | Port on which Oracle Unified Directory Instance in the container should listen for Administration Communication over LDAPS Protocol. | 1444 |
| oudPorts.adminhttps | Port on which Oracle Unified Directory Instance in the container should listen for Administration Communication over HTTPS Protocol. | 1888 |
| oudPorts.ldap | Port on which Oracle Unified Directory Instance in the container should listen for LDAP Communication. | 1389 |
| oudPorts.ldaps | Port on which Oracle Unified Directory Instance in the container should listen for LDAPS Communication. | 1636 |
| oudPorts.http | Port on which Oracle Unified Directory Instance in the container should listen for HTTP Communication. | 1080 |
| oudPorts.https | Port on which Oracle Unified Directory Instance in the container should listen for HTTPS Communication. | 1081 |
| oudPorts.replication | Port value to be used while setting up replication server. | 1898 |
| oudConfig.baseDN | BaseDN for Oracle Unified Directory Instances. | dc=example,dc=com |
| oudConfig.rootUserDN | Root User DN for Oracle Unified Directory Instances. | cn=Directory Manager |
| oudConfig.rootUserPassword | Password for Root User DN. | RandomAlphanum |
| oudConfig.sampleData | To specify that the database should be populated with the specified number of sample entries. | 0 |
| oudConfig.sleepBeforeConfig | Based on the value for this parameter, initialization/configuration of each Oracle Unified Directory replica would be delayed. | 120 |
| oudConfig.adminUID | AdminUID to be configured with each replicated Oracle Unified Directory instance. | admin |
| oudConfig.adminPassword | Password for AdminUID. If the value is not passed, value of rootUserPassword would be used as password for AdminUID. | rootUserPassword |
| baseOUD.envVarsConfigMap | Reference to ConfigMap which can contain additional environment variables to be passed on to POD for Base Oracle Unified Directory Instance. Following are the environment variables which would not be honored from the ConfigMap. instanceType, sleepBeforeConfig, OUD_INSTANCE_NAME, hostname, baseDN, rootUserDN, rootUserPassword, adminConnectorPort, httpAdminConnectorPort, ldapPort, ldapsPort, httpPort, httpsPort, replicationPort, sampleData. | rootUserPassword |
| baseOUD.envVarsConfigMap | Reference to ConfigMap which can contain additional environment variables to be passed on to POD for Base Oracle Unified Directory Instance. Following are the environment variables which would not be honored from the ConfigMap. instanceType, sleepBeforeConfig, OUD_INSTANCE_NAME, hostname, baseDN, rootUserDN, rootUserPassword, adminConnectorPort, httpAdminConnectorPort, ldapPort, ldapsPort, httpPort, httpsPort, replicationPort, sampleData. | |
| baseOUD.envVars | Environment variables in Yaml Map format. This is helpful when its requried to pass environment variables through –values file. List of env variables which would not be honored from envVars map is same as list of env var names mentioned for envVarsConfigMap. For a full list of environment variables, see < Environment Variables>. | |
| replOUD.envVarsConfigMap | Reference to ConfigMap which can contain additional environment variables to be passed on to PODs for Replicated Oracle Unified Directory Instances. Following are the environment variables which would not be honored from the ConfigMap. instanceType, sleepBeforeConfig, OUD_INSTANCE_NAME, hostname, baseDN, rootUserDN, rootUserPassword, adminConnectorPort, httpAdminConnectorPort, ldapPort, ldapsPort, httpPort, httpsPort, replicationPort, sampleData, sourceHost, sourceServerPorts, sourceAdminConnectorPort, sourceReplicationPort, dsreplication_1, dsreplication_2, dsreplication_3, dsreplication_4, post_dsreplication_dsconfig_1, post_dsreplication_dsconfig_2 - replOUD.envVars Environment variables in Yaml Map format. This is helpful when its required to pass environment variables through –values file. List of env variables which would not be honored from envVars map is same as list of env var names mentioned for envVarsConfigMap. For a full list of environment variables, see <Environment Variables>. | |
| podManagementPolicy | Defines the policy for pod management within the statefulset. Typical values are OrderedReady/Parallel. | OrderedReady |
| updateStrategy | Allows you to configure and disable automated rolling updates for containers, labels, resource request/limits, and annotations for the Pods in a StatefulSet. Typical values are OnDelete/RollingUpdate. | RollingUpdate |
| podManagementPolicy | Defines the policy for pod management within the statefulset. Typical values are OrderedReady/Parallel. | OrderedReady |
| updateStrategy | Allows you to configure and disable automated rolling updates for containers, labels, resource request/limits, and annotations for the Pods in a StatefulSet. Typical values are OnDelete/RollingUpdate | RollingUpdate |
| busybox.image | busy box image name. Used for initcontainers. | busybox |
| oudConfig.cleanupbeforeStart | Used to remove the individual pod directories during restart. Recommended value is false. Note: Do not change the default value (false) as it will delete the existing data and clone it from base pod again. | false |
| oudConfig.disablereplicationbeforeStop | This parameter is used to disable replication when a pod is restarted. Recommended value is false. Note Do not change the default value (false), as changing the value will result in an issue where the pod won’t join the replication topology after a restart. | false |
| oudConfig.resources.requests.memory | This parameter is used to set the memory request for the OUD pod. | 4Gi |
| oudConfig.resources.requests.cpu | This parameter is used to set the cpu request for the OUD pod. | 0.5 |
| oudConfig.resources.limits.memory | This parameter is used to set the memory limit for the OUD pod. | 4Gi |
| oudConfig.resources.limits.cpu | This parameter is used to set the cpu limit for the OUD pod. | 1 |
| replOUD.groupId | Group ID to be used/configured with each Oracle Unified Directory instance in replicated topology. | 1 |
| service.lbrtype | Type of load balancer Service to be created for admin, http,ldap services. Values allowed: ClusterIP/NodePort. | ClusterIP |
| oudPorts.nodePorts.adminldaps | Public port on which the OUD instance in the container should listen for administration communication over LDAPS Protocol. The port number should be between 30000-32767. No duplicate values are allowed. Note: Set only if service.lbrtype is set as NodePort. If left blank then k8s will assign random ports in between 30000 and 32767. | |
| oudPorts.nodePorts.adminhttps | Public port on which the OUD instance in the container should listen for administration communication over HTTPS Protocol. The port number should be between 30000-32767. No duplicate values are allowed. Note: Set only if service.lbrtype is set as NodePort. If left blank then k8s will assign random ports in between 30000 and 32767. | |
| oudPorts.nodePorts.ldap | Public port on which the OUD instance in the container should listen for LDAP communication. The port number should be between 30000-32767. No duplicate values are allowed. Note: Set only if service.lbrtype is set as NodePort. If left blank then k8s will assign random ports in between 30000 and 32767. | |
| oudPorts.nodePorts.ldaps | Public port on which the OUD instance in the container should listen for LDAPS communication. The port number should be between 30000-32767. No duplicate values are allowed. Note: Set only if service.lbrtype is set as NodePort. If left blank then k8s will assign random ports in between 30000 and 32767. | |
| oudPorts.nodePorts.http | Public port on which the OUD instance in the container should listen for HTTP communication. The port number should be between 30000-32767. No duplicate values are allowed. Note: Set only if service.lbrtype is set as NodePort. If left blank then k8s will assign random ports in between 30000 and 32767. | |
| oudPorts.nodePorts.https | Public port on which the OUD instance in the container should listen for HTTPS communication. The port number should be between 30000-32767. No duplicate values are allowed. Note: Set only if service.lbrtype is set as NodePort. If left blank then k8s will assign random ports in between 30000 and 32767. | |
| oudConfig.integration | Specifies which Oracle components the server can be integrated with. It is recommended to choose the option covering your minimal requirements. Allowed values: no-integration (no integration), basic (Directory Integration Platform), generic (Directory Integration Platform, Database Net Services and E-Business Suite integration), eus (Directory Integration Platform, Database Net Services, E-Business Suite and Enterprise User Security integration). | no-integration |
| elk.logStashImage | The version of logstash you want to install. | logstash:8.3.1 |
| elk.sslenabled | If SSL is enabled for ELK set the value to true, or if NON-SSL set to false. This value must be lowercase. | TRUE |
| elk.eshosts | The URL for sending logs to Elasticsearch. HTTP if NON-SSL is used. | https://elasticsearch.example.com:9200 |
| elk.esuser | The name of the user for logstash to access Elasticsearch. | logstash_internal |
| elk.espassword | The password for ELK_USER. | password |
| elk.esapikey | The API key details. | apikey |
| elk.esindex | The log name. | oudlogs-00001 |
| elk.imagePullSecrets | Secret to be used for pulling logstash image. | dockercred |