From e49d3818432f067afb1d283fbdc5da34e481b9a6 Mon Sep 17 00:00:00 2001 From: Philip Haupt <“der.mad.mob@gmail.com”> Date: Sun, 12 Oct 2025 18:56:03 +0200 Subject: [PATCH] nextcloud db switch --- nextcloud/main.yaml | 345 +++----------------------------------- nextcloud/src/values.yaml | 12 +- 2 files changed, 30 insertions(+), 327 deletions(-) diff --git a/nextcloud/main.yaml b/nextcloud/main.yaml index 760a7af..ebe06d8 100644 --- a/nextcloud/main.yaml +++ b/nextcloud/main.yaml @@ -1,17 +1,4 @@ apiVersion: v1 -automountServiceAccountToken: false -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 17.5.0 - helm.sh/chart: postgresql-16.7.4 - name: nextcloud-postgresql - namespace: nextcloud ---- -apiVersion: v1 data: aliasgroup1: https://cloud.borninpain.de:443 extra_params: --o:ssl.enable=false --o:ssl.termination=true @@ -29,56 +16,6 @@ metadata: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 17.5.0 - helm.sh/chart: postgresql-16.7.4 - name: nextcloud-postgresql - namespace: nextcloud -spec: - ports: - - name: tcp-postgresql - nodePort: null - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: postgresql - sessionAffinity: None - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 17.5.0 - helm.sh/chart: postgresql-16.7.4 - name: nextcloud-postgresql-hl - namespace: nextcloud -spec: - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - publishNotReadyAddresses: true - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: postgresql - type: ClusterIP ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/component: app @@ -178,19 +115,25 @@ spec: containers: - env: - name: POSTGRES_HOST - value: nextcloud-postgresql + valueFrom: + secretKeyRef: + key: host + name: cnpg-nextcloud-cluster-app - name: POSTGRES_DB - value: nextcloud + valueFrom: + secretKeyRef: + key: dbname + name: cnpg-nextcloud-cluster-app - name: POSTGRES_USER valueFrom: secretKeyRef: - key: db-user - name: nextcloud + key: user + name: cnpg-nextcloud-cluster-app - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: db-pass - name: nextcloud + key: password + name: cnpg-nextcloud-cluster-app - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: @@ -263,19 +206,25 @@ spec: - /cron.sh env: - name: POSTGRES_HOST - value: nextcloud-postgresql + valueFrom: + secretKeyRef: + key: host + name: cnpg-nextcloud-cluster-app - name: POSTGRES_DB - value: nextcloud + valueFrom: + secretKeyRef: + key: dbname + name: cnpg-nextcloud-cluster-app - name: POSTGRES_USER valueFrom: secretKeyRef: - key: db-user - name: nextcloud + key: user + name: cnpg-nextcloud-cluster-app - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: db-pass - name: nextcloud + key: password + name: cnpg-nextcloud-cluster-app - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: @@ -316,24 +265,6 @@ spec: - mountPath: /var/www/html/themes name: nextcloud-main subPath: themes - initContainers: - - command: - - sh - - -c - - until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; - done - env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: db-user - name: nextcloud - - name: POSTGRES_HOST - value: nextcloud-postgresql - image: docker.io/bitnamilegacy/postgresql:17.6.0-debian-12-r4 - name: postgresql-isready - resources: {} - securityContext: {} securityContext: fsGroup: 33 volumes: @@ -435,207 +366,6 @@ spec: - emptyDir: {} name: tmp --- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 17.5.0 - helm.sh/chart: postgresql-16.7.4 - name: nextcloud-postgresql - namespace: nextcloud -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: postgresql - serviceName: nextcloud-postgresql-hl - template: - metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 17.5.0 - helm.sh/chart: postgresql-16.7.4 - name: nextcloud-postgresql - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: postgresql - topologyKey: kubernetes.io/hostname - weight: 1 - automountServiceAccountToken: false - containers: - - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_USER - value: oc_philiph - - name: POSTGRES_PASSWORD_FILE - value: /opt/bitnami/postgresql/secrets/db-pass - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: /opt/bitnami/postgresql/secrets/postgres-password - - name: POSTGRES_DATABASE - value: nextcloud - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - - name: POSTGRESQL_ENABLE_TLS - value: "no" - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnamilegacy/postgresql:17.6.0-debian-12-r4 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "oc_philiph" -d "dbname=nextcloud" -h 127.0.0.1 -p - 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "oc_philiph" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 150m - ephemeral-storage: 2Gi - memory: 192Mi - requests: - cpu: 100m - ephemeral-storage: 50Mi - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - seLinuxOptions: {} - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: empty-dir - subPath: tmp-dir - - mountPath: /opt/bitnami/postgresql/conf - name: empty-dir - subPath: app-conf-dir - - mountPath: /opt/bitnami/postgresql/tmp - name: empty-dir - subPath: app-tmp-dir - - mountPath: /opt/bitnami/postgresql/secrets/ - name: postgresql-password - - mountPath: /dev/shm - name: dshm - - mountPath: /bitnami/postgresql - name: data - hostIPC: false - hostNetwork: false - securityContext: - fsGroup: 1001 - fsGroupChangePolicy: Always - supplementalGroups: [] - sysctls: [] - serviceAccountName: nextcloud-postgresql - volumes: - - emptyDir: {} - name: empty-dir - - name: postgresql-password - secret: - secretName: nextcloud - - emptyDir: - medium: Memory - name: dshm - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - volumeClaimTemplates: - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi - storageClassName: openebs-3-replicas ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 17.5.0 - helm.sh/chart: postgresql-16.7.4 - name: nextcloud-postgresql - namespace: nextcloud -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: postgresql ---- apiVersion: batch/v1 kind: Job metadata: @@ -681,33 +411,6 @@ spec: name: alpine restartPolicy: Never --- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - app.kubernetes.io/version: 17.5.0 - helm.sh/chart: postgresql-16.7.4 - name: nextcloud-postgresql - namespace: nextcloud -spec: - egress: - - {} - ingress: - - ports: - - port: 5432 - podSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: postgresql - policyTypes: - - Ingress - - Egress ---- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: diff --git a/nextcloud/src/values.yaml b/nextcloud/src/values.yaml index fc9e633..c4de8dc 100644 --- a/nextcloud/src/values.yaml +++ b/nextcloud/src/values.yaml @@ -405,11 +405,11 @@ externalDatabase: ## Use a existing secret existingSecret: enabled: true - secretName: nextcloud - usernameKey: db-user - passwordKey: db-pass - # hostKey: db-hostname-or-ip - # databaseKey: db-name + secretName: cnpg-nextcloud-cluster-app + usernameKey: user + passwordKey: password + hostKey: host + databaseKey: dbname ## ## MariaDB chart configuration @@ -453,7 +453,7 @@ mariadb: ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql ## postgresql: - enabled: true + enabled: false image: repository: bitnamilegacy/postgresql tag: 17.6.0-debian-12-r4