keycloak limits

Your Name · Your Name · commit 500a112fcaa3 · 2025-08-25T12:04:47.000Z
diff --git a/charts/opencloud-microservices/deployments/helm/helmfile.yaml b/charts/opencloud-microservices/deployments/helm/helmfile.yaml
@@ -32,11 +32,17 @@ releases:
           config:
             persistence:
               size: "40Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
       - onlyoffice:
           enabled: false
           domain: onlyoffice.opencloud.test # Domain for OnlyOffice.
           persistence:
-            size: "2Gi" # Added
+            size: "2Gi"
+            accessModes:
+              - ReadWriteOnce
+            storageClassName: 
 
       - collabora:
           enabled: true
@@ -118,31 +124,49 @@ releases:
             persistence:
               enabled: true
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           search:
             persistence:
               enabled: true
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
             extractor:
               type: tika
           storagesystem:
             persistence:
               enabled: true
               size: "5Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           storageusers:
             persistence:
               enabled: true
-              size: "50Gi"
+              size: "60Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
             storageBackend:
               driver: decomposeds3
  
           thumbnails:
             persistence:
               enabled: true
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           web:
             persistence:
               enabled: true
               size: "1Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
             config:
               oidc:
                 webClientID: web
@@ -215,10 +239,16 @@ releases:
             persistence:
               enabled: false
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           ocm:
             persistence:
               enabled: false
               size: "1Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
       - extraResources:
           - |
             apiVersion: v1
diff --git a/charts/opencloud-microservices/deployments/timoni/configmap.yaml b/charts/opencloud-microservices/deployments/timoni/configmap.yaml
@@ -26,17 +26,27 @@ data:
   GATEWAY_HTTPROUTE_ENABLED: "true"
   APPS_INTEGRATION_ENABLED: "true"
   WEB_OIDC_WEB_CLIENT_ID: "web"
+
+  ###############################################################################
+  # Persistence StorageClass and AccessModes (global defaults)
+  ###############################################################################
+  PERSISTENCE_STORAGE_CLASS_NAME: "ceph-cephfs"
+  # Comma-separated for runtime to split into a list, e.g. "ReadWriteMany" or "ReadWriteOnce,ReadOnlyMany"
+  PERSISTENCE_ACCESS_MODES: "ReadWriteMany"
+
+  ###############################################################################
+  # Persistence (service PVC sizes and toggles)
+  ###############################################################################
   IDM_PERSISTENCE_ENABLED: "false"
   IDM_PERSISTENCE_SIZE: "10Gi"
   NATS_PERSISTENCE_ENABLED: "true"
   NATS_PERSISTENCE_SIZE: "10Gi"
   OCM_PERSISTENCE_ENABLED: "false"
   OCM_PERSISTENCE_SIZE: "1Gi"
   ONLYOFFICE_PERSISTENCE_SIZE: "2Gi"
-  SEARCH_EXTRACTOR_TYPE: "tika"
   SEARCH_PERSISTENCE_ENABLED: "true"
   SEARCH_PERSISTENCE_SIZE: "10Gi"
-  STORAGE_USERS_BACKEND_DRIVER: "decomposeds3"
+  STORAGE_USERS_BACKEND_DRIVER: "posix"
   STORAGE_SYSTEM_PERSISTENCE_ENABLED: "true"
   STORAGE_SYSTEM_PERSISTENCE_SIZE: "5Gi"
   STORAGE_USERS_PERSISTENCE_ENABLED: "true"
@@ -46,8 +56,9 @@ data:
   WEB_PERSISTENCE_ENABLED: "true"
   WEB_PERSISTENCE_SIZE: "1Gi"
 
-  OIDC_IDP_INSECURE: "true"
-  OC_HTTP_API_INSECURE: "true"
+  # NATS specific persistence options
+  # When true, a root init container will chown the NATS data volume before the main container starts.
+  NATS_PERSISTENCE_CHOWN_INIT_CONTAINER: "false"
 
   ###############################################################################
   # Internal Keycloak (for testing only)
@@ -89,6 +100,11 @@ data:
   OIDC_USER_ID_CLAIM_ATTRIBUTE_MAPPING: "username"
   OIDC_ROLE_ASSIGNMENT_CLAIM: "roles"
 
+  ###############################################################################
+  # Search Configuration
+  ###############################################################################
+  SEARCH_EXTRACTOR_TYPE: "tika"
+
   ###############################################################################
   # Collabora Configuration
   ###############################################################################
diff --git a/charts/opencloud-microservices/deployments/timoni/opencloud.cue b/charts/opencloud-microservices/deployments/timoni/opencloud.cue
@@ -21,11 +21,11 @@ bundle: {
             namespace: "opencloud"
             values: {
                 repository: {
-                    url: "oci://ghcr.io/opencloud-eu/helm-charts"
+                    url: "oci://ghcr.io/suse-coder/helm-charts"
                 }
                 chart: {
                     name:    "opencloud-microservices"
-                    version: "0.1.0"
+                    version: "0.2.0"
                 }
                 sync: {
                     timeout: 10
diff --git a/charts/opencloud-microservices/templates/keycloak/deployment.yaml b/charts/opencloud-microservices/templates/keycloak/deployment.yaml
@@ -80,23 +80,33 @@ spec:
               subPath: opencloud-realm.json
           resources:
             limits:
-              cpu: 1000m
-              memory: 1Gi
+              cpu: 3000m
+              memory: 5Gi
             requests:
               cpu: 500m
               memory: 512Mi
+          startupProbe:
+            httpGet:
+              path: /health/ready
+              port: http
+            periodSeconds: 10
+            failureThreshold: 30
           readinessProbe:
             httpGet:
-              path: /realms/master
+              path: /health/ready
               port: http
             initialDelaySeconds: 30
+            periodSeconds: 10
             timeoutSeconds: 5
+            failureThreshold: 12
           livenessProbe:
             httpGet:
-              path: /realms/master
+              path: /health/live
               port: http
-            initialDelaySeconds: 60
+            initialDelaySeconds: 90
+            periodSeconds: 10
             timeoutSeconds: 5
+            failureThreshold: 6
       volumes:
         - name: script
           configMap:

Original file line number	Diff line number	Diff line change
`@@ -21,11 +21,11 @@ bundle: {`
`21`	`21`	`namespace: "opencloud"`
`22`	`22`	`values: {`
`23`	`23`	`repository: {`
`24`		`- url: "oci://ghcr.io/opencloud-eu/helm-charts"`
	`24`	`+ url: "oci://ghcr.io/suse-coder/helm-charts"`
`25`	`25`	`}`
`26`	`26`	`chart: {`
`27`	`27`	`name: "opencloud-microservices"`
`28`		`- version: "0.1.0"`
	`28`	`+ version: "0.2.0"`
`29`	`29`	`}`
`30`	`30`	`sync: {`
`31`	`31`	`timeout: 10`