k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud 2

Browse Source
This commit is contained in:
Philip Haupt
2025-05-20 21:01:15 +02:00
parent f4febc1ad2
commit 3e1ba08f4e
2 changed files with 64 additions and 859 deletions
Download Patch File Download Diff File Expand all files Collapse all files

881
nextcloud/main.yaml
View File

@@ -12,258 +12,13 @@ metadata:
namespace: nextcloud namespace: nextcloud
--- ---
apiVersion: v1 apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-master
namespace: nextcloud
---
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-replica
namespace: nextcloud
---
apiVersion: v1
data: data:
master.conf: |- aliasgroup1: https://cloud.borninpain.de:443
dir /data extra_params: --o:ssl.enable=false --o:ssl.termination=true
# User-supplied master configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of master configuration
redis.conf: |-
# User-supplied common configuration:
# Enable AOF https://redis.io/topics/persistence#append-only-file
appendonly yes
# Disable RDB persistence, AOF persistence already enabled.
save ""
# End of common configuration
replica.conf: |-
dir /data
# User-supplied replica configuration:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# End of replica configuration
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-configuration
namespace: nextcloud
---
apiVersion: v1
data:
ping_liveness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}')
if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then
echo "$response"
exit 1
fi
ping_liveness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_liveness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}')
if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then
echo "$response"
exit 1
fi
ping_readiness_local.sh: |-
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
response=$(
timeout -s 15 $1 \
redis-cli \
-h localhost \
-p $REDIS_PORT \
ping
)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
ping_readiness_local_and_master.sh: |-
script_dir="$(dirname "$0")"
exit_status=0
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
exit $exit_status
ping_readiness_master.sh: |-
#!/bin/bash
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
[[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
response=$(
timeout -s 15 $1 \
redis-cli \
-h $REDIS_MASTER_HOST \
-p $REDIS_MASTER_PORT_NUMBER \
ping
)
if [ "$?" -eq "124" ]; then
echo "Timed out"
exit 1
fi
if [ "$response" != "PONG" ]; then
echo "$response"
exit 1
fi
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-health
namespace: nextcloud
---
apiVersion: v1
data:
start-master.sh: |
#!/bin/bash
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then
cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
fi
if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
exec redis-server "${ARGS[@]}"
start-replica.sh: |
#!/bin/bash
get_port() {
hostname="$1"
type="$2"
port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g")
port=${!port_var}
if [ -z "$port" ]; then
case $type in
"SENTINEL")
echo 26379
;;
"REDIS")
echo 6379
;;
esac
else
echo $port
fi
}
get_full_hostname() {
hostname="$1"
full_hostname="${hostname}.${HEADLESS_SERVICE}"
echo "${full_hostname}"
}
REDISPORT=$(get_port "$HOSTNAME" "REDIS")
HEADLESS_SERVICE="nextcloud-redis-headless.nextcloud.svc.cluster.local"
[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
[[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then
cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
fi
if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then
cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
fi
echo "" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf
echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf
ARGS=("--port" "${REDIS_PORT}")
ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
ARGS+=("--requirepass" "${REDIS_PASSWORD}")
ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
exec redis-server "${ARGS[@]}"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-scripts
namespace: nextcloud
---
apiVersion: v1
data:
extra_params: --o:ssl.enable=false
kind: ConfigMap kind: ConfigMap
metadata: metadata:
annotations: annotations:
confighash: config-6e69d2cadb783866e0a85a1462729e7d confighash: config-a0251c3c8340b1da71056e3746336992
labels: labels:
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
@@ -273,37 +28,6 @@ metadata:
name: nextcloud-collabora name: nextcloud-collabora
--- ---
apiVersion: v1 apiVersion: v1
data:
password: Y2hhbmdlbWU=
postgres-password: YTJvRlV1ZmZIeQ==
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 16.3.0
helm.sh/chart: postgresql-15.5.0
name: nextcloud-postgresql
namespace: nextcloud
type: Opaque
---
apiVersion: v1
data:
redis-password: Y2hhbmdlbWU=
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis
namespace: nextcloud
type: Opaque
---
apiVersion: v1
data: data:
nextcloud-password: Y2hhbmdlbWU= nextcloud-password: Y2hhbmdlbWU=
nextcloud-username: YWRtaW4= nextcloud-username: YWRtaW4=
@@ -319,35 +43,6 @@ metadata:
type: Opaque type: Opaque
--- ---
apiVersion: v1 apiVersion: v1
data:
password: ZXhhbXBsZXBhc3M=
username: YWRtaW4=
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: collabora
app.kubernetes.io/version: 24.04.5.2.1
helm.sh/chart: collabora-1.1.20
name: nextcloud-collabora
---
apiVersion: v1
data:
db-password: Y2hhbmdlbWU=
db-username: bmV4dGNsb3Vk
kind: Secret
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 30.0.6
helm.sh/chart: nextcloud-6.6.9
name: nextcloud-db
type: Opaque
---
apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
@@ -401,80 +96,6 @@ spec:
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-headless
namespace: nextcloud
spec:
clusterIP: None
ports:
- name: tcp-redis
port: 6379
targetPort: redis
selector:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-master
namespace: nextcloud
spec:
internalTrafficPolicy: Cluster
ports:
- name: tcp-redis
nodePort: null
port: 6379
targetPort: redis
selector:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-replicas
namespace: nextcloud
spec:
internalTrafficPolicy: Cluster
ports:
- name: tcp-redis
nodePort: null
port: 6379
targetPort: redis
selector:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata: metadata:
labels: labels:
app.kubernetes.io/component: app app.kubernetes.io/component: app
@@ -570,12 +191,23 @@ spec:
app.kubernetes.io/component: app app.kubernetes.io/component: app
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
nextcloud-redis-client: "true"
spec: spec:
containers: containers:
- env: - env:
- name: SQLITE_DATABASE - name: POSTGRES_HOST
value: nextcloud-postgresql
- name: POSTGRES_DB
value: nextcloud value: nextcloud
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: db-user
name: nextcloud
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: db-pass
name: nextcloud
- name: NEXTCLOUD_ADMIN_USER - name: NEXTCLOUD_ADMIN_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -595,7 +227,10 @@ spec:
- name: REDIS_HOST_PORT - name: REDIS_HOST_PORT
value: "6379" value: "6379"
- name: REDIS_HOST_PASSWORD - name: REDIS_HOST_PASSWORD
value: changeme valueFrom:
secretKeyRef:
key: redis-pass
name: nextcloud
image: nextcloud:30.0.6-apache image: nextcloud:30.0.6-apache
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
@@ -653,8 +288,20 @@ spec:
- command: - command:
- /cron.sh - /cron.sh
env: env:
- name: SQLITE_DATABASE - name: POSTGRES_HOST
value: nextcloud-postgresql
- name: POSTGRES_DB
value: nextcloud value: nextcloud
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: db-user
name: nextcloud
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: db-pass
name: nextcloud
- name: NEXTCLOUD_ADMIN_USER - name: NEXTCLOUD_ADMIN_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -669,12 +316,6 @@ spec:
value: cloud.borninpain.de value: cloud.borninpain.de
- name: NEXTCLOUD_DATA_DIR - name: NEXTCLOUD_DATA_DIR
value: /var/www/html/data value: /var/www/html/data
- name: REDIS_HOST
value: nextcloud-redis-master
- name: REDIS_HOST_PORT
value: "6379"
- name: REDIS_HOST_PASSWORD
value: changeme
image: nextcloud:30.0.6-apache image: nextcloud:30.0.6-apache
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: nextcloud-cron name: nextcloud-cron
@@ -711,8 +352,8 @@ spec:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: db-username key: db-user
name: nextcloud-db name: nextcloud
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: nextcloud-postgresql value: nextcloud-postgresql
image: docker.io/bitnami/postgresql:16.3.0-debian-12-r10 image: docker.io/bitnami/postgresql:16.3.0-debian-12-r10
@@ -753,7 +394,7 @@ spec:
metadata: metadata:
annotations: annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true" cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
confighash: config-6e69d2cadb783866e0a85a1462729e7d confighash: config-a0251c3c8340b1da71056e3746336992
labels: labels:
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: collabora app.kubernetes.io/name: collabora
@@ -764,13 +405,13 @@ spec:
- name: username - name: username
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: username key: colla-user
name: nextcloud-collabora name: nextcloud
- name: password - name: password
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: password key: colla-pass
name: nextcloud-collabora name: nextcloud
envFrom: envFrom:
- configMapRef: - configMapRef:
name: nextcloud-collabora name: nextcloud-collabora
@@ -880,13 +521,13 @@ spec:
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: password key: db-user
name: nextcloud-postgresql name: nextcloud
- name: POSTGRES_POSTGRES_PASSWORD - name: POSTGRES_POSTGRES_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: postgres-password key: postgres-password
name: nextcloud-postgresql name: nextcloud
- name: POSTGRES_DATABASE - name: POSTGRES_DATABASE
value: nextcloud value: nextcloud
- name: POSTGRESQL_ENABLE_LDAP - name: POSTGRESQL_ENABLE_LDAP
@@ -1003,377 +644,6 @@ spec:
storage: 8Gi storage: 8Gi
storageClassName: openebs-3-replicas storageClassName: openebs-3-replicas
--- ---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-master
namespace: nextcloud
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
serviceName: nextcloud-redis-headless
template:
metadata:
annotations:
checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
checksum/scripts: 562e2a83c8a1d7db11dc86aac80d50852c6534d5a46bc93757b51efdb9103df3
checksum/secret: 1e28e5ae561812b3504142ef19d3676b5a8439e7ca16e5a6481316fd591f1fff
labels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
spec:
affinity:
nodeAffinity: null
podAffinity: null
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
topologyKey: kubernetes.io/hostname
weight: 1
automountServiceAccountToken: false
containers:
- args:
- -c
- /opt/bitnami/scripts/start-scripts/start-master.sh
command:
- /bin/bash
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: master
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: nextcloud-redis
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
image: docker.io/bitnami/redis:7.2.5-debian-12-r4
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- sh
- -c
- /health/ping_liveness_local.sh 5
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 6
name: redis
ports:
- containerPort: 6379
name: redis
readinessProbe:
exec:
command:
- sh
- -c
- /health/ping_readiness_local.sh 1
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
resources:
limits:
cpu: 150m
ephemeral-storage: 1024Mi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /opt/bitnami/scripts/start-scripts
name: start-scripts
- mountPath: /health
name: health
- mountPath: /data
name: redis-data
- mountPath: /opt/bitnami/redis/mounted-etc
name: config
- mountPath: /opt/bitnami/redis/etc/
name: empty-dir
subPath: app-conf-dir
- mountPath: /tmp
name: empty-dir
subPath: tmp-dir
enableServiceLinks: true
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
serviceAccountName: nextcloud-redis-master
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 493
name: nextcloud-redis-scripts
name: start-scripts
- configMap:
defaultMode: 493
name: nextcloud-redis-health
name: health
- configMap:
name: nextcloud-redis-configuration
name: config
- emptyDir: {}
name: empty-dir
updateStrategy:
type: RollingUpdate
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
name: redis-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
storageClassName: openebs-3-replicas
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-replicas
namespace: nextcloud
spec:
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
serviceName: nextcloud-redis-headless
template:
metadata:
annotations:
checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
checksum/scripts: 562e2a83c8a1d7db11dc86aac80d50852c6534d5a46bc93757b51efdb9103df3
checksum/secret: 1e28e5ae561812b3504142ef19d3676b5a8439e7ca16e5a6481316fd591f1fff
labels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
spec:
affinity:
nodeAffinity: null
podAffinity: null
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
topologyKey: kubernetes.io/hostname
weight: 1
automountServiceAccountToken: false
containers:
- args:
- -c
- /opt/bitnami/scripts/start-scripts/start-replica.sh
command:
- /bin/bash
env:
- name: BITNAMI_DEBUG
value: "false"
- name: REDIS_REPLICATION_MODE
value: replica
- name: REDIS_MASTER_HOST
value: nextcloud-redis-master-0.nextcloud-redis-headless.nextcloud.svc.cluster.local
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
- name: ALLOW_EMPTY_PASSWORD
value: "no"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: nextcloud-redis
- name: REDIS_MASTER_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: nextcloud-redis
- name: REDIS_TLS_ENABLED
value: "no"
- name: REDIS_PORT
value: "6379"
image: docker.io/bitnami/redis:7.2.5-debian-12-r4
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- sh
- -c
- /health/ping_liveness_local_and_master.sh 5
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 6
name: redis
ports:
- containerPort: 6379
name: redis
readinessProbe:
exec:
command:
- sh
- -c
- /health/ping_readiness_local_and_master.sh 1
failureThreshold: 5
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
resources:
limits:
cpu: 150m
ephemeral-storage: 1024Mi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
startupProbe:
failureThreshold: 22
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: redis
timeoutSeconds: 5
volumeMounts:
- mountPath: /opt/bitnami/scripts/start-scripts
name: start-scripts
- mountPath: /health
name: health
- mountPath: /data
name: redis-data
- mountPath: /opt/bitnami/redis/mounted-etc
name: config
- mountPath: /opt/bitnami/redis/etc
name: empty-dir
subPath: app-conf-dir
- mountPath: /tmp
name: empty-dir
subPath: tmp-dir
enableServiceLinks: true
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
serviceAccountName: nextcloud-redis-replica
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 493
name: nextcloud-redis-scripts
name: start-scripts
- configMap:
defaultMode: 493
name: nextcloud-redis-health
name: health
- configMap:
name: nextcloud-redis-configuration
name: config
- emptyDir: {}
name: empty-dir
updateStrategy:
type: RollingUpdate
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
name: redis-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
storageClassName: openebs-3-replicas
---
apiVersion: policy/v1 apiVersion: policy/v1
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:
@@ -1394,46 +664,6 @@ spec:
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql app.kubernetes.io/name: postgresql
--- ---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-master
namespace: nextcloud
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/component: master
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis-replicas
namespace: nextcloud
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/component: replica
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
@@ -1460,28 +690,3 @@ spec:
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: redis
app.kubernetes.io/version: 7.2.5
helm.sh/chart: redis-19.6.4
name: nextcloud-redis
namespace: nextcloud
spec:
egress:
- {}
ingress:
- ports:
- port: 6379
podSelector:
matchLabels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: redis
policyTypes:
- Ingress
- Egress

42
nextcloud/src/values.yaml
View File

@@ -373,36 +373,36 @@ nginx:
# value: ENV_VALUE # value: ENV_VALUE
internalDatabase: internalDatabase:
enabled: true enabled: false
name: nextcloud name: nextcloud
## ##
## External database configuration ## External database configuration
## ##
externalDatabase: externalDatabase:
enabled: false enabled: true
## Supported database engines: mysql or postgresql ## Supported database engines: mysql or postgresql
type: mysql type: postgresql
## Database host. You can optionally include a colon delimited port like "myhost:1234" ## Database host. You can optionally include a colon delimited port like "myhost:1234"
host: "" host: nextcloud-postgresql
## Database user ## Database user
user: nextcloud user: nextcloud
## Database password ## Database password
password: "" password: nextcloud
## Database name ## Database name
database: nextcloud database: nextcloud
## Use a existing secret ## Use a existing secret
existingSecret: existingSecret:
enabled: false enabled: true
# secretName: nameofsecret secretName: nextcloud
usernameKey: db-username usernameKey: db-user
passwordKey: db-password passwordKey: db-pass
# hostKey: db-hostname-or-ip # hostKey: db-hostname-or-ip
# databaseKey: db-name # databaseKey: db-name
@@ -460,12 +460,12 @@ postgresql:
# auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret. # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret.
# secret might also contains the key ldap-password if LDAP is enabled. # secret might also contains the key ldap-password if LDAP is enabled.
# ldap.bind_password will be ignored and picked from this secret in this case. # ldap.bind_password will be ignored and picked from this secret in this case.
existingSecret: "" existingSecret: nextcloud
# Names of keys in existing secret to use for PostgreSQL credentials # Names of keys in existing secret to use for PostgreSQL credentials
secretKeys: secretKeys:
adminPasswordKey: "" adminPasswordKey: postgres-password
userPasswordKey: "" userPasswordKey: db-user
replicationPasswordKey: "" replicationPasswordKey: db-pass
primary: primary:
persistence: persistence:
enabled: true enabled: true
@@ -479,7 +479,7 @@ postgresql:
## ##
redis: redis:
enabled: true enabled: false
auth: auth:
enabled: true enabled: true
password: 'changeme' password: 'changeme'
@@ -510,12 +510,12 @@ collabora:
collabora: collabora:
## HTTPS nextcloud domain, if needed ## HTTPS nextcloud domain, if needed
aliasgroups: [] aliasgroups:
# - host: "https://nextcloud.domain:443" - host: https://cloud.borninpain.de:443
# set extra parameters for collabora # set extra parameters for collabora
# you may need to add --o:ssl.termination=true # you may need to add --o:ssl.termination=true
extra_params: --o:ssl.enable=false extra_params: --o:ssl.enable=false --o:ssl.termination=true
## Specify server_name when the hostname is not reachable directly for ## Specify server_name when the hostname is not reachable directly for
# example behind reverse-proxy. example: collabora.domain # example behind reverse-proxy. example: collabora.domain
@@ -524,11 +524,11 @@ collabora:
existingSecret: existingSecret:
# set to true to to get collabora admin credentials from an existin secret # set to true to to get collabora admin credentials from an existin secret
# if set, ignores collabora.collabora.username and password # if set, ignores collabora.collabora.username and password
enabled: false enabled: true
# name of existing Kubernetes Secret with collboara admin credentials # name of existing Kubernetes Secret with collboara admin credentials
secretName: "" secretName: nextcloud
usernameKey: "username" usernameKey: colla-user
passwordKey: "password" passwordKey: colla-pass
# setup admin login credentials, these are ignored if # setup admin login credentials, these are ignored if
# collabora.collabora.existingSecret.enabled=true # collabora.collabora.existingSecret.enabled=true