Basics¶
Set the
global.dnsto your (sub) domain name.You should start going through the Site Settings in
global.settingssection:white-labeling: give you site a nice name via
site_name,site_description, logo, etc.contact information:
help_emailpolicy pages: configure them as multiline-yaml strings, which are formatted using Markdown.
Here, you’ll also have to tell the services how to connect to the database in
global.database. If you need TLS, see Database TLS for more details.Don’t forget to set
global.imagePullSecretsif the secret is notregcred(see Docker registry).Set
global.setup_registration_tokento restrict account creation – you probably want that.Via
global.setup_admin: {...}you define your initial admin account credentials.Tweak the default resource requests and limits of projects by adjusting the
global.settings.default_quotasparameters. See Architecture/Project for some context. Beyond that, Resource Management explains how to manage resource allocation for projects.Peek into
cocalc-eu.yamlto see how things are setup for that cluster.
Warning
Do not enable the SSH Gateway for the first installation deployment. It won’t work. Instead, make sure your cluster works well, and then enable it in a subsequent update.
Probably a good starting point is this:
1global:
2 dns: "my.domain.tld" # <<<<<<<<<<<<<<<< SET THIS
3
4 # the version of your kubernetes cluster
5 kubectl: "1.28" # enter it as a string, not a floating point number ;-)
6
7 imagePullSecrets:
8 - name: regcred
9
10 database:
11 host: "" # <<<<<<<<<<< hostname
12 user: "" # <<<<<<<<<<< username
13 database: "cocalc" # <<<<<<< name of the DB to use
14
15 setup_admin:
16 email: "[email protected]" # <<<<<<< adjust
17 password: "PASSWORD" # or pass in the real password via $ helm [...] --set global.setup_admin.password=[password]
18 name: "Your Name" # <<<<<<<<<<<<<
19
20 setup_registration_token: "SECRET_TOKEN" # <<<<<<<<<< set this to something nobody can guess
21
22 ingress:
23 class: "nginx"
24 # cert_manager:
25 # issuer: "letsencrypt-prod"
26 # tls:
27 # - hosts:
28 # - "my.domain.tld" # <<<<<<<<<<<< domain name
29 # secretName: cocalc-tls
30
31 networkingConfiguration:
32 hideMetrics: false # read https://onprem.cocalc.com/setup/networking.html before enabling it
33
34 ssh_gateway:
35 enabled: false # Note: on the very first helm deployment, it must be disabled.
36
37 # All settings have to match with the keys in the site settings config, see
38 # https://github.com/sagemathinc/cocalc/blob/master/src/packages/util/db-schema/site-defaults.ts
39 settings:
40 site_name: "CoCalc OnPrem"
41 site_description: "Test instance of CoCalc OnPrem"
42 organization_name: ""
43 organization_email: &EMAIL ""
44 organization_url: ""
45 terms_of_service_url: ""
46 help_email: *EMAIL
47 splash_image: ""
48 logo_square: ""
49 logo_rectangular: ""
50 share_server: "yes"
51 index_info_html: |
52 A temporary test instance, not intended for public consumption.
53 imprint: |
54 # This is a test instance, not intended for public consumption.
55 policies: |
56 <h1><i>This is a test instance, not intended for public consumption.</i></h1>
57 pii_retention: "3 month"
58 anonymous_signup: "no"
59 email_enabled: "yes"
60 verify_emails: "yes"
61 email_backend: "smtp"
62 #email_smtp_server: ""
63 #email_smtp_from: ""
64 #email_smtp_login: ""
65 #email_smtp_secure: "yes" # usually yes, and with port 465
66 #email_smtp_port: "465"
67
68 # CGroup quotas for a project, out of the box
69 # e.g. '{"internet":true,"idle_timeout":3600,"mem":1000,"cpu":1,"cpu_oc":10,"mem_oc":5}'
70 default_quotas: '{"internet":true,"idle_timeout":1800,"mem":2000,"cpu":1,"cpu_oc":20,"mem_oc":10}'
71
72
73# we configure PV/PVC on our own
74storage:
75 create: false
76
77manage:
78 prepull:
79 enabled: false # <<<<<<<<< only enable it, if you set the project node pool's taints correctly
80 project:
81 dedicatedProjectNodesTaint: "cocalc-projects"
82 dedicatedProjectNodesLabel: "cocalc-role"
83
84 # if you need this, enable it
85 fixPermissionsInit: false