diff --git a/nextcloud/kustomization.yaml b/nextcloud/kustomization.yaml new file mode 100644 index 0000000..b1d20b0 --- /dev/null +++ b/nextcloud/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - main.yaml diff --git a/nextcloud/main.yaml b/nextcloud/main.yaml new file mode 100644 index 0000000..69039b9 --- /dev/null +++ b/nextcloud/main.yaml @@ -0,0 +1,1487 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql + namespace: nextcloud +--- +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-master + namespace: nextcloud +--- +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-replica + namespace: nextcloud +--- +apiVersion: v1 +data: + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-configuration + namespace: nextcloud +--- +apiVersion: v1 +data: + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-health + namespace: nextcloud +--- +apiVersion: v1 +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_PASSWORD}") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" + start-replica.sh: | + #!/bin/bash + + get_port() { + hostname="$1" + type="$2" + + port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") + port=${!port_var} + + if [ -z "$port" ]; then + case $type in + "SENTINEL") + echo 26379 + ;; + "REDIS") + echo 6379 + ;; + esac + else + echo $port + fi + } + + get_full_hostname() { + hostname="$1" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + echo "${full_hostname}" + } + + REDISPORT=$(get_port "$HOSTNAME" "REDIS") + HEADLESS_SERVICE="nextcloud-redis-headless.nextcloud.svc.cluster.local" + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/replica.conf ]];then + cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + + echo "" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf + echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + exec redis-server "${ARGS[@]}" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-scripts + namespace: nextcloud +--- +apiVersion: v1 +data: + extra_params: --o:ssl.enable=false +kind: ConfigMap +metadata: + annotations: + confighash: config-6e69d2cadb783866e0a85a1462729e7d + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: collabora + app.kubernetes.io/version: 24.04.5.2.1 + helm.sh/chart: collabora-1.1.20 + name: nextcloud-collabora +--- +apiVersion: v1 +data: + password: Y2hhbmdlbWU= + postgres-password: YTJvRlV1ZmZIeQ== +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql + namespace: nextcloud +type: Opaque +--- +apiVersion: v1 +data: + redis-password: Y2hhbmdlbWU= +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis + namespace: nextcloud +type: Opaque +--- +apiVersion: v1 +data: + nextcloud-password: Y2hhbmdlbWU= + nextcloud-username: YWRtaW4= +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: nextcloud + app.kubernetes.io/version: 30.0.6 + helm.sh/chart: nextcloud-6.6.9 + name: nextcloud +type: Opaque +--- +apiVersion: v1 +data: + password: ZXhhbXBsZXBhc3M= + username: YWRtaW4= +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: collabora + app.kubernetes.io/version: 24.04.5.2.1 + helm.sh/chart: collabora-1.1.20 + name: nextcloud-collabora +--- +apiVersion: v1 +data: + db-password: Y2hhbmdlbWU= + db-username: bmV4dGNsb3Vk +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: nextcloud + app.kubernetes.io/version: 30.0.6 + helm.sh/chart: nextcloud-6.6.9 + name: nextcloud-db +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql + namespace: nextcloud +spec: + ports: + - name: tcp-postgresql + nodePort: null + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: postgresql + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql-hl + namespace: nextcloud +spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: postgresql + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-headless + namespace: nextcloud +spec: + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-master + namespace: nextcloud +spec: + internalTrafficPolicy: Cluster + ports: + - name: tcp-redis + nodePort: null + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-replicas + namespace: nextcloud +spec: + internalTrafficPolicy: Cluster + ports: + - name: tcp-redis + nodePort: null + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: nextcloud + app.kubernetes.io/version: 30.0.6 + helm.sh/chart: nextcloud-6.6.9 + name: nextcloud +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 80 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: nextcloud + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: collabora + app.kubernetes.io/version: 24.04.5.2.1 + helm.sh/chart: collabora-1.1.20 + type: main + name: nextcloud-collabora +spec: + ports: + - name: http + port: 9980 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: collabora + type: main + type: ClusterIP +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: nextcloud + app.kubernetes.io/version: 30.0.6 + helm.sh/chart: nextcloud-6.6.9 + name: nextcloud-nextcloud +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: openebs-3-replicas +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: nextcloud + app.kubernetes.io/version: 30.0.6 + helm.sh/chart: nextcloud-6.6.9 + name: nextcloud +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: nextcloud + strategy: + type: Recreate + template: + metadata: + annotations: + hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + nextcloud-config-hash: 8266a725d5474acb6adbf9f0609a3494dc3340a3ac306db90eac9ddb1b851960 + php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: nextcloud + nextcloud-redis-client: "true" + spec: + containers: + - env: + - name: SQLITE_DATABASE + value: nextcloud + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + key: nextcloud-username + name: nextcloud + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: nextcloud-password + name: nextcloud + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: cloud.borninpain.de + - name: NEXTCLOUD_DATA_DIR + value: /var/www/html/data + - name: REDIS_HOST + value: nextcloud-redis-master + - name: REDIS_HOST_PORT + value: "6379" + - name: REDIS_HOST_PASSWORD + value: changeme + image: nextcloud:30.0.6-apache + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + - name: Host + value: cloud.borninpain.de + path: /status.php + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: nextcloud + ports: + - containerPort: 80 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + - name: Host + value: cloud.borninpain.de + path: /status.php + port: 80 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + volumeMounts: + - mountPath: /var/www/ + name: nextcloud-main + subPath: root + - mountPath: /var/www/html + name: nextcloud-main + subPath: html + - mountPath: /var/www/html/data + name: nextcloud-main + subPath: data + - mountPath: /var/www/html/config + name: nextcloud-main + subPath: config + - mountPath: /var/www/html/custom_apps + name: nextcloud-main + subPath: custom_apps + - mountPath: /var/www/tmp + name: nextcloud-main + subPath: tmp + - mountPath: /var/www/html/themes + name: nextcloud-main + subPath: themes + - command: + - /cron.sh + env: + - name: SQLITE_DATABASE + value: nextcloud + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + key: nextcloud-username + name: nextcloud + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: nextcloud-password + name: nextcloud + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: cloud.borninpain.de + - name: NEXTCLOUD_DATA_DIR + value: /var/www/html/data + - name: REDIS_HOST + value: nextcloud-redis-master + - name: REDIS_HOST_PORT + value: "6379" + - name: REDIS_HOST_PASSWORD + value: changeme + image: nextcloud:30.0.6-apache + imagePullPolicy: IfNotPresent + name: nextcloud-cron + resources: {} + volumeMounts: + - mountPath: /var/www/ + name: nextcloud-main + subPath: root + - mountPath: /var/www/html + name: nextcloud-main + subPath: html + - mountPath: /var/www/html/data + name: nextcloud-main + subPath: data + - mountPath: /var/www/html/config + name: nextcloud-main + subPath: config + - mountPath: /var/www/html/custom_apps + name: nextcloud-main + subPath: custom_apps + - mountPath: /var/www/tmp + name: nextcloud-main + subPath: tmp + - mountPath: /var/www/html/themes + name: nextcloud-main + subPath: themes + initContainers: + - command: + - sh + - -c + - until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; + done + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: db-username + name: nextcloud-db + - name: POSTGRES_HOST + value: nextcloud-postgresql + image: docker.io/bitnami/postgresql:16.3.0-debian-12-r10 + name: postgresql-isready + resources: {} + securityContext: {} + securityContext: + fsGroup: 33 + volumes: + - name: nextcloud-main + persistentVolumeClaim: + claimName: nextcloud-nextcloud +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: collabora + app.kubernetes.io/version: 24.04.5.2.1 + helm.sh/chart: collabora-1.1.20 + name: nextcloud-collabora +spec: + minReadySeconds: 0 + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: collabora + type: main + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + confighash: config-6e69d2cadb783866e0a85a1462729e7d + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: collabora + type: main + spec: + containers: + - env: + - name: username + valueFrom: + secretKeyRef: + key: username + name: nextcloud-collabora + - name: password + valueFrom: + secretKeyRef: + key: password + name: nextcloud-collabora + envFrom: + - configMapRef: + name: nextcloud-collabora + image: collabora/code:24.04.5.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 4 + httpGet: + path: / + port: 9980 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + name: collabora + ports: + - containerPort: 9980 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 2 + httpGet: + path: / + port: 9980 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + resources: {} + securityContext: {} + startupProbe: + failureThreshold: 30 + httpGet: + path: / + port: 9980 + scheme: HTTP + periodSeconds: 3 + volumeMounts: + - mountPath: /tmp + name: tmp + securityContext: {} + serviceAccountName: default + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: tmp +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql + namespace: nextcloud +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: postgresql + serviceName: nextcloud-postgresql-hl + template: + metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: postgresql + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: false + containers: + - env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: nextcloud + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: nextcloud-postgresql + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: nextcloud-postgresql + - name: POSTGRES_DATABASE + value: nextcloud + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:16.3.0-debian-12-r10 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p + 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 150m + ephemeral-storage: 1024Mi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir + - mountPath: /opt/bitnami/postgresql/conf + name: empty-dir + subPath: app-conf-dir + - mountPath: /opt/bitnami/postgresql/tmp + name: empty-dir + subPath: app-tmp-dir + - mountPath: /dev/shm + name: dshm + - mountPath: /bitnami/postgresql + name: data + hostIPC: false + hostNetwork: false + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: nextcloud-postgresql + volumes: + - emptyDir: {} + name: empty-dir + - emptyDir: + medium: Memory + name: dshm + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: openebs-3-replicas +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-master + namespace: nextcloud +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + serviceName: nextcloud-redis-headless + template: + metadata: + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: 562e2a83c8a1d7db11dc86aac80d50852c6534d5a46bc93757b51efdb9103df3 + checksum/secret: 1e28e5ae561812b3504142ef19d3676b5a8439e7ca16e5a6481316fd591f1fff + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: false + containers: + - args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + command: + - /bin/bash + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "no" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: nextcloud-redis + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + image: docker.io/bitnami/redis:7.2.5-debian-12-r4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 6 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 150m + ephemeral-storage: 1024Mi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/bitnami/scripts/start-scripts + name: start-scripts + - mountPath: /health + name: health + - mountPath: /data + name: redis-data + - mountPath: /opt/bitnami/redis/mounted-etc + name: config + - mountPath: /opt/bitnami/redis/etc/ + name: empty-dir + subPath: app-conf-dir + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir + enableServiceLinks: true + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: nextcloud-redis-master + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 493 + name: nextcloud-redis-scripts + name: start-scripts + - configMap: + defaultMode: 493 + name: nextcloud-redis-health + name: health + - configMap: + name: nextcloud-redis-configuration + name: config + - emptyDir: {} + name: empty-dir + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + name: redis-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: openebs-3-replicas +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-replicas + namespace: nextcloud +spec: + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + serviceName: nextcloud-redis-headless + template: + metadata: + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: 562e2a83c8a1d7db11dc86aac80d50852c6534d5a46bc93757b51efdb9103df3 + checksum/secret: 1e28e5ae561812b3504142ef19d3676b5a8439e7ca16e5a6481316fd591f1fff + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + topologyKey: kubernetes.io/hostname + weight: 1 + automountServiceAccountToken: false + containers: + - args: + - -c + - /opt/bitnami/scripts/start-scripts/start-replica.sh + command: + - /bin/bash + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: replica + - name: REDIS_MASTER_HOST + value: nextcloud-redis-master-0.nextcloud-redis-headless.nextcloud.svc.cluster.local + - name: REDIS_MASTER_PORT_NUMBER + value: "6379" + - name: ALLOW_EMPTY_PASSWORD + value: "no" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: nextcloud-redis + - name: REDIS_MASTER_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: nextcloud-redis + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + image: docker.io/bitnami/redis:7.2.5-debian-12-r4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - sh + - -c + - /health/ping_liveness_local_and_master.sh 5 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 6 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/ping_readiness_local_and_master.sh 1 + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 150m + ephemeral-storage: 1024Mi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + startupProbe: + failureThreshold: 22 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: redis + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/bitnami/scripts/start-scripts + name: start-scripts + - mountPath: /health + name: health + - mountPath: /data + name: redis-data + - mountPath: /opt/bitnami/redis/mounted-etc + name: config + - mountPath: /opt/bitnami/redis/etc + name: empty-dir + subPath: app-conf-dir + - mountPath: /tmp + name: empty-dir + subPath: tmp-dir + enableServiceLinks: true + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: nextcloud-redis-replica + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 493 + name: nextcloud-redis-scripts + name: start-scripts + - configMap: + defaultMode: 493 + name: nextcloud-redis-health + name: health + - configMap: + name: nextcloud-redis-configuration + name: config + - emptyDir: {} + name: empty-dir + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + name: redis-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: openebs-3-replicas +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql + namespace: nextcloud +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: postgresql +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-master + namespace: nextcloud +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: master + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis-replicas + namespace: nextcloud +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: replica + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 16.3.0 + helm.sh/chart: postgresql-15.5.0 + name: nextcloud-postgresql + namespace: nextcloud +spec: + egress: + - {} + ingress: + - ports: + - port: 5432 + podSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: postgresql + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.2.5 + helm.sh/chart: redis-19.6.4 + name: nextcloud-redis + namespace: nextcloud +spec: + egress: + - {} + ingress: + - ports: + - port: 6379 + podSelector: + matchLabels: + app.kubernetes.io/instance: nextcloud + app.kubernetes.io/name: redis + policyTypes: + - Ingress + - Egress diff --git a/nextcloud/src/kustomization.yaml b/nextcloud/src/kustomization.yaml new file mode 100644 index 0000000..42f5328 --- /dev/null +++ b/nextcloud/src/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: + - name: nextcloud + repo: https://nextcloud.github.io/helm/ + version: 6.6.9 + releaseName: nextcloud + includeCRDs: true + namespace: nextcloud + valuesFile: values.yaml \ No newline at end of file diff --git a/nextcloud/src/values.yaml b/nextcloud/src/values.yaml new file mode 100644 index 0000000..0a97061 --- /dev/null +++ b/nextcloud/src/values.yaml @@ -0,0 +1,877 @@ +## Official nextcloud image version +## ref: https://hub.docker.com/r/library/nextcloud/tags/ +## +image: + repository: nextcloud + flavor: apache + # default is generated by flavor and appVersion + tag: + pullPolicy: IfNotPresent + # pullSecrets: + # - myRegistrKeySecretName + +nameOverride: "" +fullnameOverride: "" +podAnnotations: {} +deploymentAnnotations: {} +deploymentLabels: {} + +# Number of replicas to be deployed +replicaCount: 1 + +## Allowing use of ingress controllers +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + enabled: false + # className: nginx + annotations: {} + # nginx.ingress.kubernetes.io/proxy-body-size: 4G + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: letsencrypt-prod + # # Keep this in sync with the README.md: + # nginx.ingress.kubernetes.io/server-snippet: |- + # server_tokens off; + # proxy_hide_header X-Powered-By; + # rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; + # rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; + # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + # location = /.well-known/carddav { + # return 301 $scheme://$host/remote.php/dav; + # } + # location = /.well-known/caldav { + # return 301 $scheme://$host/remote.php/dav; + # } + # location = /robots.txt { + # allow all; + # log_not_found off; + # access_log off; + # } + # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + # deny all; + # } + # location ~ ^/(?:autotest|occ|issue|indie|db_|console) { + # deny all; + # } + # tls: + # - secretName: nextcloud-tls + # hosts: + # - nextcloud.kube.home + labels: {} + path: / + pathType: Prefix + + +# Allow configuration of lifecycle hooks +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ +lifecycle: {} + # postStartCommand: [] + # preStopCommand: [] + +phpClientHttpsFix: + enabled: false + protocol: https + +nextcloud: + host: cloud.borninpain.de + username: admin + password: changeme + ## Use an existing secret + existingSecret: + enabled: false + # secretName: nameofsecret + usernameKey: nextcloud-username + passwordKey: nextcloud-password + tokenKey: "" + smtpUsernameKey: smtp-username + smtpPasswordKey: smtp-password + smtpHostKey: smtp-host + update: 0 + # If web server is not binding default port, you can define it + containerPort: 80 + datadir: /var/www/html/data + persistence: + subPath: + # if set, we'll template this list to the NEXTCLOUD_TRUSTED_DOMAINS env var + trustedDomains: [] + ## SMTP configuration + mail: + enabled: false + # the user we send email as + fromAddress: user + # the domain we send email from + domain: domain.com + smtp: + host: domain.com + secure: ssl + port: 465 + authtype: LOGIN + name: user + password: pass + ## Primary ObjectStore options + # see: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#configuring-object-storage-as-primary-storage + objectStore: + # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3 + s3: + enabled: false + # ignored if nextcloud.objectstore.s3.existingSecret is not empty string + accessKey: "" + # ignored if nextcloud.objectstore.s3.existingSecret is not empty string + secretKey: "" + # use legacy auth method + legacyAuth: false + # s3 endpoint to use; only required if you're not using AWS + host: "" + # use TLS/SSL for S3 connections + ssl: true + # default port that can be changed based on your object store, e.g. for minio, you can use 9000 + port: "443" + # this is the default in the nextcloud docs + region: "eu-west-1" + # required if using s3, the name of the bucket you'd like to use + bucket: "" + # object prefix in bucket + prefix: "" + # set to true if you are not using DNS for your buckets. + usePathStyle: false + # autocreate the bucket + autoCreate: false + # optonal parameter: you probably want to keep this as default + storageClass: "STANDARD" + # server side encryption key. learn more: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#s3-sse-c-encryption-support + sse_c_key: "" + # use an existingSecret for S3 credentials. If set, we ignore the following under nextcloud.objectStore.s3 + # endpoint, accessKey, secretKey + existingSecret: "" + secretKeys: + # key in nextcloud.objectStore.s3.existingSecret to use for s3 endpoint + host: "" + # key in nextcloud.objectStore.s3.existingSecret to use for s3 accessKeyID + accessKey: "" + # key in nextcloud.objectStore.s3.existingSecret to use for s3 secretAccessKey + secretKey: "" + # key in nextcloud.objectStore.s3.existingSecret to use for the s3 bucket + bucket: "" + # key in nextcloud.objectStore.s3.existingSecret to use for the s3 sse_c_key + sse_c_key: "" + ## options related to using Swift as a primary object storage + # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#openstack-swift + swift: + enabled: false + # swift user info + user: + domain: "Default" + name: "" + password: "" + # swift project info + project: + name: "" + domain: "Default" + # The Identity / Keystone endpoint + url: "" + region: "" + # optional on some swift implementations + service: "swift" + # the container to store the data in + container: "" + # autocreate container + autoCreate: false + + ## PHP Configuration files + # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true + phpConfigs: {} + ## Default config files that utilize environment variables: + # see: https://github.com/nextcloud/docker/tree/master#auto-configuration-via-environment-variables + # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself + # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/.config + defaultConfigs: + # To protect /var/www/html/config + .htaccess: true + # Apache configuration for rewrite urls + apache-pretty-urls.config.php: true + # Define APCu as local cache + apcu.config.php: true + # Apps directory configs + apps.config.php: true + # Used for auto configure database + autoconfig.php: true + # Redis default configuration + redis.config.php: true + # Reverse proxy default configuration + reverse-proxy.config.php: true + # S3 Object Storage as primary storage + s3.config.php: true + # SMTP default configuration via environment variables + smtp.config.php: true + # Swift Object Storage as primary storage + swift.config.php: true + # disables the web based updater as the default nextcloud docker image does not support it + upgrade-disable-web.config.php: true + # -- imaginary support config + imaginary.config.php: false + + # Extra config files created in /var/www/html/config/ + # ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file + configs: {} + # For example, to enable image and text file previews: + # previews.config.php: |- + # true, + # 'enabledPreviewProviders' => array ( + # 'OC\Preview\Movie', + # 'OC\Preview\PNG', + # 'OC\Preview\JPEG', + # 'OC\Preview\GIF', + # 'OC\Preview\BMP', + # 'OC\Preview\XBitmap', + # 'OC\Preview\MP3', + # 'OC\Preview\MP4', + # 'OC\Preview\TXT', + # 'OC\Preview\MarkDown', + # 'OC\Preview\PDF' + # ), + # ); + + # Hooks for auto configuration + # Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d//helm.sh` + # ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders + hooks: + pre-installation: + post-installation: + pre-upgrade: + post-upgrade: + before-starting: + + ## Strategy used to replace old pods + ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + strategy: + type: Recreate + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + + ## + ## Extra environment variables + extraEnv: + # - name: SOME_SECRET_ENV + # valueFrom: + # secretKeyRef: + # name: nextcloud + # key: secret_key + + # Extra init containers that runs before pods start. + extraInitContainers: [] + # - name: do-something + # image: busybox + # command: ['do', 'something'] + + # Extra sidecar containers. + extraSidecarContainers: [] + # - name: nextcloud-logger + # image: busybox + # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log'] + # volumeMounts: + # - name: nextcloud-data + # mountPath: /run/nextcloud/data + + # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume + # to NextCloud pods in Kubernetes. This can then be configured in External Storage + extraVolumes: + # - name: nfs + # nfs: + # server: "10.0.0.1" + # path: "/nextcloud_data" + # readOnly: false + extraVolumeMounts: + # - name: nfs + # mountPath: "/legacy_data" + + # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container). + # For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: false + + # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive + podSecurityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: false + + # Settings for the MariaDB init container + mariaDbInitContainer: + resources: {} + # Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + + # Settings for the PostgreSQL init container + postgreSqlInitContainer: + resources: {} + # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + + +nginx: + ## You need to set an fpm version of the image for nextcloud if you want to use nginx! + enabled: false + + image: + repository: nginx + tag: alpine + pullPolicy: IfNotPresent + + containerPort: 80 + # This configures nginx to listen on either IPv4, IPv6 or both + ipFamilies: + - IPv4 + # - IPv6 + config: + # This generates the default nginx config as per the nextcloud documentation + default: true + headers: + # -- HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + # Example: + # "Strict-Transport-Security": "max-age=15768000; includeSubDomains; preload;" + "Strict-Transport-Security": "" + "Referrer-Policy": "no-referrer" + "X-Content-Type-Options": "nosniff" + "X-Download-Options": "noopen" + "X-Frame-Options": "SAMEORIGIN" + "X-Permitted-Cross-Domain-Policies": "none" + "X-Robots-Tag": "noindex, nofollow" + "X-XSS-Protection": "1; mode=block" + + custom: + # custom: |- + # worker_processes 1;.. + + resources: {} + + # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # the nginx alpine container default user is 82 + # runAsUser: 82 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: true + + ## Extra environment variables + extraEnv: [] + # - name: SOME_ENV + # value: ENV_VALUE + +internalDatabase: + enabled: true + name: nextcloud + +## +## External database configuration +## +externalDatabase: + enabled: false + + ## Supported database engines: mysql or postgresql + type: mysql + + ## Database host. You can optionally include a colon delimited port like "myhost:1234" + host: "" + + ## Database user + user: nextcloud + + ## Database password + password: "" + + ## Database name + database: nextcloud + + ## Use a existing secret + existingSecret: + enabled: false + # secretName: nameofsecret + usernameKey: db-username + passwordKey: db-password + # hostKey: db-hostname-or-ip + # databaseKey: db-name + +## +## MariaDB chart configuration +## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb +## +mariadb: + ## Whether to deploy a mariadb server from the bitnami mariab db helm chart + # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true + # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters + enabled: false + + # see: https://github.com/bitnami/charts/tree/main/bitnami/mariadb#global-parameters + global: + # overwrites the primary.persistence.storageClass value + defaultStorageClass: "" + + auth: + database: nextcloud + username: nextcloud + password: changeme + # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored). + # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password + existingSecret: "" + + architecture: standalone + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + primary: + persistence: + enabled: false + # Use an existing Persistent Volume Claim (must be created ahead of time) + existingClaim: "" + storageClass: "" + accessMode: ReadWriteOnce + size: 8Gi + +## +## PostgreSQL chart configuration +## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql +## +postgresql: + enabled: true + global: + postgresql: + # global.postgresql.auth overrides postgresql.auth + auth: + username: nextcloud + password: changeme + database: nextcloud + # Name of existing secret to use for PostgreSQL credentials. + # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret. + # secret might also contains the key ldap-password if LDAP is enabled. + # ldap.bind_password will be ignored and picked from this secret in this case. + existingSecret: "" + # Names of keys in existing secret to use for PostgreSQL credentials + secretKeys: + adminPasswordKey: "" + userPasswordKey: "" + replicationPasswordKey: "" + primary: + persistence: + enabled: true + # Use an existing Persistent Volume Claim (must be created ahead of time) + # existingClaim: "" + storageClass: openebs-3-replicas + +## +## Redis chart configuration +## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis +## + +redis: + enabled: true + auth: + enabled: true + password: 'changeme' + # name of an existing secret with RedisĀ® credentials (instead of auth.password), must be created ahead of time + existingSecret: "" + # Password key to be retrieved from existing secret + existingSecretPasswordKey: "" + # Since Redis is used for caching only, you might want to use a storageClass with different reclaim policy and backup settings + global: + storageClass: openebs-3-replicas + master: + persistence: + enabled: true + replica: + persistence: + enabled: true + +## +## Collabora chart configuration +## for more options see https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online +## +collabora: + enabled: true + + autoscaling: + # enable autocaling, please check collabora README.md first + enabled: false + + collabora: + ## HTTPS nextcloud domain, if needed + aliasgroups: [] + # - host: "https://nextcloud.domain:443" + + # set extra parameters for collabora + # you may need to add --o:ssl.termination=true + extra_params: --o:ssl.enable=false + + ## Specify server_name when the hostname is not reachable directly for + # example behind reverse-proxy. example: collabora.domain + server_name: null + + existingSecret: + # set to true to to get collabora admin credentials from an existin secret + # if set, ignores collabora.collabora.username and password + enabled: false + # name of existing Kubernetes Secret with collboara admin credentials + secretName: "" + usernameKey: "username" + passwordKey: "password" + + # setup admin login credentials, these are ignored if + # collabora.collabora.existingSecret.enabled=true + password: examplepass + username: admin + + # setup ingress + ingress: + # enable ingress for collabora online + enabled: false + className: "" + # please check collabora values.yaml for nginx/haproxy annotations examples + annotations: {} + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: collabora-ingress-tls + # hosts: + # - collabora.domain + + # see collabora helm README.md for recommended values + resources: {} + + +## Cronjob to execute Nextcloud background tasks +## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron +## +cronjob: + enabled: true + + ## Cronjob sidecar resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + + # Allow configuration of lifecycle hooks + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ + lifecycle: {} + # postStartCommand: [] + # preStopCommand: [] + # Set securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: true + + # The command the cronjob container executes. + command: + - /cron.sh + +service: + type: ClusterIP + port: 8080 + loadBalancerIP: "" + nodePort: + # -- use additional annotation on service for nextcloud + annotations: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + # Nextcloud Data (/var/www/html) + enabled: true + annotations: {} + ## nextcloud data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: openebs-3-replicas + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 8Gi + + ## Use an additional pvc for the data directory rather than a subpath of the default PVC + ## Useful to store data on a different storageClass (e.g. on slower disks) + nextcloudData: + enabled: false + subPath: + annotations: {} + storageClass: nfs-storage + # existingClaim: + accessMode: ReadWriteOnce + size: 8Gi + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +## Liveness and readiness probe values +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + + +## Enable pod autoscaling using HorizontalPodAutoscaler +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## +hpa: + enabled: false + cputhreshold: 60 + minPods: 1 + maxPods: 10 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +dnsConfig: {} +# Custom dns config for Nextcloud containers. +# You can for example configure ndots. This may be needed in some clusters with alpine images. +# options: +# - name: ndots +# value: "1" + +imaginary: + # -- Start Imgaginary + enabled: false + # -- Number of imaginary pod replicas to deploy + replicaCount: 1 + + image: + # -- Imaginary image registry + registry: docker.io + # -- Imaginary image name + repository: h2non/imaginary + # -- Imaginary image tag + tag: 1.2.4 + # -- Imaginary image pull policy + pullPolicy: IfNotPresent + # -- Imaginary image pull secrets + pullSecrets: [] + + # -- Additional annotations for imaginary + podAnnotations: {} + # -- Additional labels for imaginary + podLabels: {} + # -- Imaginary pod nodeSelector + nodeSelector: {} + # -- Imaginary pod tolerations + tolerations: [] + + # -- imaginary resources + resources: {} + + # -- Optional security context for the Imaginary container + securityContext: + runAsUser: 1000 + runAsNonRoot: true + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + + # -- Optional security context for the Imaginary pod (applies to all containers in the pod) + podSecurityContext: {} + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + + readinessProbe: + enabled: true + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + timeoutSeconds: 1 + livenessProbe: + enabled: true + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + timeoutSeconds: 1 + + service: + # -- Imaginary: Kubernetes Service type + type: ClusterIP + # -- Imaginary: LoadBalancerIp for service type LoadBalancer + loadBalancerIP: + # -- Imaginary: NodePort for service type NodePort + nodePort: + # -- Additional annotations for service imaginary + annotations: {} + # -- Additional labels for service imaginary + labels: {} + +## Prometheus Exporter / Metrics +## +metrics: + enabled: false + + replicaCount: 1 + # Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container. + # Without it, we will use the full name of the nextcloud service + server: "" + # The metrics exporter needs to know how you serve Nextcloud either http or https + https: false + # Use API token if set, otherwise fall back to password authentication + # https://github.com/xperimental/nextcloud-exporter#token-authentication + # Currently you still need to set the token manually in your nextcloud install + token: "" + timeout: 5s + # if set to true, exporter skips certificate verification of Nextcloud server. + tlsSkipVerify: false + info: + # Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container. + # Enables gathering of apps-related metrics. Defaults to false + apps: false + + image: + repository: xperimental/nextcloud-exporter + tag: 0.6.2 + pullPolicy: IfNotPresent + # pullSecrets: + # - myRegistrKeySecretName + + ## Metrics exporter resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + + # -- Metrics exporter pod Annotation + podAnnotations: {} + + # -- Metrics exporter pod Labels + podLabels: {} + + # -- Metrics exporter pod nodeSelector + nodeSelector: {} + + # -- Metrics exporter pod tolerations + tolerations: [] + + # -- Metrics exporter pod affinity + affinity: {} + + service: + type: ClusterIP + # Use serviceLoadBalancerIP to request a specific static IP, + # otherwise leave blank + loadBalancerIP: + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9205" + labels: {} + + # -- security context for the metrics CONTAINER in the pod + securityContext: + runAsUser: 1000 + runAsNonRoot: true + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + + # -- security context for the metrics POD + podSecurityContext: {} + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + + ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace) + namespaceSelector: + + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: 30s + + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + + +rbac: + enabled: false + serviceaccount: + create: true + name: nextcloud-serviceaccount + annotations: {} + + +## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead +securityContext: {} +