my-values.yaml

To deploy your instance, you have to overwrite some global or chart-specific values. For that, maintain your own values file – which will be called my-values.yaml in the following.

Please create that file outside the upstream Git repository of CoCalc OnPrem’s HELM charts. Do not edit the values.yaml in the upstream repository, because otherwise you end up with merge conflicts, etc. Also, we recommend using Git to keep track of your changes – see Backup and Restore.

  • In /cocalc is a central values.yaml file. It defines the configuration for the sub-charts and some global values. All parameters are explained in detail inside that file as comments.

  • Your configurations will be added on top of that file. It is also read in by default, when you tell helm the location of that chart.

  • Feel free to check out the sub-directories in ./charts in case you want to know more about all details.

  • After familiarizing with that, create your own my-values.yaml file. This will overwrite the default values with the ones relevant for your setup using the -f my-values.yaml switch of helm (ref: Helm Install). You can call it however you like – just point to it with the -f [filename.yaml] switch.

    • To overwrite values in sub-charts, write the values indented under their "sub-chart-name": section.

    • To define global values, list them in the global: section.

    For example, to configure the storage backend, the chart files are in /cocalc/charts/storage/, which means these settings come under storage:. There are also global storage settings used by other charts, which come under global.storage:.

    Learn more about HELM sub-charts and global values.

Note

Regarding YAML, global.storage in the text above means that these values come under the global: section in the my-values.yaml file. In that large indented block is a storage: section, which is indented even further. The actual values are defined inside that double-indented block.

The global: section is particularly important, since it – as its name suggests – defines global parameters.

Probably a good starting point is this:

 1global:
 2  dns: "my.domain.tld"  # <<<<<<<<<<<<<<<< SET THIS
 3
 4  # the version of your kubernetes cluster
 5  kubectl: "1.28" # enter it as a string, not a floating point number ;-)
 6
 7  imagePullSecrets:
 8    - name: regcred
 9
10  database:
11    host: ""  # <<<<<<<<<<< hostname
12    user: ""  # <<<<<<<<<<< username
13    database: "cocalc"  # <<<<<<< name of the DB to use
14
15  setup_admin:
16    email: "[email protected]"  # <<<<<<< adjust
17    password: "PASSWORD"  # or pass in the real password via $ helm [...] --set global.setup_admin.password=[password]
18    name: "Your Name"   # <<<<<<<<<<<<<
19
20  setup_registration_token: "SECRET_TOKEN"  # <<<<<<<<<< set this to something nobody can guess
21
22  ingress:
23    class: "nginx"
24  #  cert_manager:
25  #    issuer: "letsencrypt-prod"
26  #  tls:
27  #    - hosts:
28  #        - "my.domain.tld" #  <<<<<<<<<<<< domain name
29  #      secretName: cocalc-tls
30
31  networkingConfiguration:
32    hideMetrics: false     # read https://onprem.cocalc.com/setup/networking.html before enabling it
33
34  ssh_gateway:
35    enabled: false # Note: on the very first helm deployment, it must be disabled.
36
37  # All settings have to match with the keys in the site settings config, see
38  # https://github.com/sagemathinc/cocalc/blob/master/src/packages/util/db-schema/site-defaults.ts
39  settings:
40    site_name: "CoCalc OnPrem"
41    site_description: "Test instance of CoCalc OnPrem"
42    organization_name: ""
43    organization_email: &EMAIL ""
44    organization_url: ""
45    terms_of_service_url: ""
46    help_email: *EMAIL
47    splash_image: ""
48    logo_square: ""
49    logo_rectangular: ""
50    share_server: "yes"
51    index_info_html: |
52      A temporary test instance, not intended for public consumption.
53    imprint: |
54      # This is a test instance, not intended for public consumption.
55    policies: |
56      <h1><i>This is a test instance, not intended for public consumption.</i></h1>
57    pii_retention: "3 month"
58    anonymous_signup: "no"
59    email_enabled: "yes"
60    verify_emails: "yes"
61    email_backend: "smtp"
62    #email_smtp_server: ""
63    #email_smtp_from: ""
64    #email_smtp_login: ""
65    #email_smtp_secure: "yes" # usually yes, and with port 465
66    #email_smtp_port: "465"
67
68    # CGroup quotas for a project, out of the box
69    # e.g. '{"internet":true,"idle_timeout":3600,"mem":1000,"cpu":1,"cpu_oc":10,"mem_oc":5}'
70    default_quotas: '{"internet":true,"idle_timeout":1800,"mem":2000,"cpu":1,"cpu_oc":20,"mem_oc":10}'
71
72
73# we configure PV/PVC on our own
74storage:
75  create: false
76
77manage:
78  prepull:
79    enabled: false   # <<<<<<<<< only enable it, if you set the project node pool's taints correctly
80  project:
81    dedicatedProjectNodesTaint: "cocalc-projects"
82    dedicatedProjectNodesLabel: "cocalc-role"
83
84    # if you need this, enable it
85    fixPermissionsInit: false