## Official nextcloud image version ## ref: https://hub.docker.com/r/library/nextcloud/tags/ ## image: repository: nextcloud flavor: apache # default is generated by flavor and appVersion tag: 31.0.5-apache pullPolicy: IfNotPresent # pullSecrets: # - myRegistrKeySecretName nameOverride: "" fullnameOverride: "" podAnnotations: {} deploymentAnnotations: {} deploymentLabels: {} # Number of replicas to be deployed replicaCount: 1 ## Allowing use of ingress controllers ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: enabled: false # className: nginx annotations: {} # nginx.ingress.kubernetes.io/proxy-body-size: 4G # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: letsencrypt-prod # # Keep this in sync with the README.md: # nginx.ingress.kubernetes.io/server-snippet: |- # server_tokens off; # proxy_hide_header X-Powered-By; # rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; # rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; # location = /.well-known/carddav { # return 301 $scheme://$host/remote.php/dav; # } # location = /.well-known/caldav { # return 301 $scheme://$host/remote.php/dav; # } # location = /robots.txt { # allow all; # log_not_found off; # access_log off; # } # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { # deny all; # } # location ~ ^/(?:autotest|occ|issue|indie|db_|console) { # deny all; # } # tls: # - secretName: nextcloud-tls # hosts: # - nextcloud.kube.home labels: {} path: / pathType: Prefix # Allow configuration of lifecycle hooks # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ lifecycle: {} # postStartCommand: [] # preStopCommand: [] phpClientHttpsFix: enabled: false protocol: https nextcloud: host: cloud.borninpain.de username: admin password: changeme ## Use an existing secret existingSecret: enabled: false # secretName: nameofsecret usernameKey: nextcloud-username passwordKey: nextcloud-password tokenKey: "" smtpUsernameKey: smtp-username smtpPasswordKey: smtp-password smtpHostKey: smtp-host update: 0 # If web server is not binding default port, you can define it containerPort: 80 datadir: /var/www/html/data persistence: subPath: # if set, we'll template this list to the NEXTCLOUD_TRUSTED_DOMAINS env var trustedDomains: [] ## SMTP configuration mail: enabled: false # the user we send email as fromAddress: user # the domain we send email from domain: domain.com smtp: host: domain.com secure: ssl port: 465 authtype: LOGIN name: user password: pass ## Primary ObjectStore options # see: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#configuring-object-storage-as-primary-storage objectStore: # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3 s3: enabled: false # ignored if nextcloud.objectstore.s3.existingSecret is not empty string accessKey: "" # ignored if nextcloud.objectstore.s3.existingSecret is not empty string secretKey: "" # use legacy auth method legacyAuth: false # s3 endpoint to use; only required if you're not using AWS host: "" # use TLS/SSL for S3 connections ssl: true # default port that can be changed based on your object store, e.g. for minio, you can use 9000 port: "443" # this is the default in the nextcloud docs region: "eu-west-1" # required if using s3, the name of the bucket you'd like to use bucket: "" # object prefix in bucket prefix: "" # set to true if you are not using DNS for your buckets. usePathStyle: false # autocreate the bucket autoCreate: false # optonal parameter: you probably want to keep this as default storageClass: "STANDARD" # server side encryption key. learn more: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#s3-sse-c-encryption-support sse_c_key: "" # use an existingSecret for S3 credentials. If set, we ignore the following under nextcloud.objectStore.s3 # endpoint, accessKey, secretKey existingSecret: "" secretKeys: # key in nextcloud.objectStore.s3.existingSecret to use for s3 endpoint host: "" # key in nextcloud.objectStore.s3.existingSecret to use for s3 accessKeyID accessKey: "" # key in nextcloud.objectStore.s3.existingSecret to use for s3 secretAccessKey secretKey: "" # key in nextcloud.objectStore.s3.existingSecret to use for the s3 bucket bucket: "" # key in nextcloud.objectStore.s3.existingSecret to use for the s3 sse_c_key sse_c_key: "" ## options related to using Swift as a primary object storage # https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html#openstack-swift swift: enabled: false # swift user info user: domain: "Default" name: "" password: "" # swift project info project: name: "" domain: "Default" # The Identity / Keystone endpoint url: "" region: "" # optional on some swift implementations service: "swift" # the container to store the data in container: "" # autocreate container autoCreate: false ## PHP Configuration files # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true phpConfigs: {} ## Default config files that utilize environment variables: # see: https://github.com/nextcloud/docker/tree/master#auto-configuration-via-environment-variables # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/.config defaultConfigs: # To protect /var/www/html/config .htaccess: true # Apache configuration for rewrite urls apache-pretty-urls.config.php: true # Define APCu as local cache apcu.config.php: true # Apps directory configs apps.config.php: true # Used for auto configure database autoconfig.php: true # Redis default configuration redis.config.php: true # Reverse proxy default configuration reverse-proxy.config.php: true # S3 Object Storage as primary storage s3.config.php: true # SMTP default configuration via environment variables smtp.config.php: true # Swift Object Storage as primary storage swift.config.php: true # disables the web based updater as the default nextcloud docker image does not support it upgrade-disable-web.config.php: true # -- imaginary support config imaginary.config.php: false # Extra config files created in /var/www/html/config/ # ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file configs: {} # For example, to enable image and text file previews: # previews.config.php: |- # true, # 'enabledPreviewProviders' => array ( # 'OC\Preview\Movie', # 'OC\Preview\PNG', # 'OC\Preview\JPEG', # 'OC\Preview\GIF', # 'OC\Preview\BMP', # 'OC\Preview\XBitmap', # 'OC\Preview\MP3', # 'OC\Preview\MP4', # 'OC\Preview\TXT', # 'OC\Preview\MarkDown', # 'OC\Preview\PDF' # ), # ); # Hooks for auto configuration # Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d//helm.sh` # ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders hooks: pre-installation: post-installation: pre-upgrade: post-upgrade: before-starting: ## Strategy used to replace old pods ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy strategy: type: Recreate # type: RollingUpdate # rollingUpdate: # maxSurge: 1 # maxUnavailable: 0 ## ## Extra environment variables extraEnv: # - name: SOME_SECRET_ENV # valueFrom: # secretKeyRef: # name: nextcloud # key: secret_key # Extra init containers that runs before pods start. extraInitContainers: [] # - name: do-something # image: busybox # command: ['do', 'something'] # Extra sidecar containers. extraSidecarContainers: [] # - name: nextcloud-logger # image: busybox # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log'] # volumeMounts: # - name: nextcloud-data # mountPath: /run/nextcloud/data # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume # to NextCloud pods in Kubernetes. This can then be configured in External Storage extraVolumes: # - name: nfs # nfs: # server: "10.0.0.1" # path: "/nextcloud_data" # readOnly: false extraVolumeMounts: # - name: nfs # mountPath: "/legacy_data" # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container). # For example, you may need to define runAsNonRoot directive securityContext: {} # runAsUser: 33 # runAsGroup: 33 # runAsNonRoot: true # readOnlyRootFilesystem: false # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive podSecurityContext: {} # runAsUser: 33 # runAsGroup: 33 # runAsNonRoot: true # readOnlyRootFilesystem: false # Settings for the MariaDB init container mariaDbInitContainer: resources: {} # Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive securityContext: {} # Settings for the PostgreSQL init container postgreSqlInitContainer: resources: {} # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive securityContext: {} nginx: ## You need to set an fpm version of the image for nextcloud if you want to use nginx! enabled: false image: repository: nginx tag: alpine pullPolicy: IfNotPresent containerPort: 80 # This configures nginx to listen on either IPv4, IPv6 or both ipFamilies: - IPv4 # - IPv6 config: # This generates the default nginx config as per the nextcloud documentation default: true headers: # -- HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. # Example: # "Strict-Transport-Security": "max-age=15768000; includeSubDomains; preload;" "Strict-Transport-Security": "" "Referrer-Policy": "no-referrer" "X-Content-Type-Options": "nosniff" "X-Download-Options": "noopen" "X-Frame-Options": "SAMEORIGIN" "X-Permitted-Cross-Domain-Policies": "none" "X-Robots-Tag": "noindex, nofollow" "X-XSS-Protection": "1; mode=block" custom: # custom: |- # worker_processes 1;.. resources: {} # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive securityContext: {} # the nginx alpine container default user is 82 # runAsUser: 82 # runAsGroup: 33 # runAsNonRoot: true # readOnlyRootFilesystem: true ## Extra environment variables extraEnv: [] # - name: SOME_ENV # value: ENV_VALUE internalDatabase: enabled: false name: nextcloud ## ## External database configuration ## externalDatabase: enabled: true ## Supported database engines: mysql or postgresql type: postgresql ## Database host. You can optionally include a colon delimited port like "myhost:1234" host: nextcloud-postgresql ## Database user user: nextcloud ## Database password password: nextcloud ## Database name database: nextcloud ## Use a existing secret existingSecret: enabled: true secretName: nextcloud usernameKey: db-user passwordKey: db-pass # hostKey: db-hostname-or-ip # databaseKey: db-name ## ## MariaDB chart configuration ## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb ## mariadb: ## Whether to deploy a mariadb server from the bitnami mariab db helm chart # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters enabled: false # see: https://github.com/bitnami/charts/tree/main/bitnami/mariadb#global-parameters global: # overwrites the primary.persistence.storageClass value defaultStorageClass: "" auth: database: nextcloud username: nextcloud password: changeme # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored). # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password existingSecret: "" architecture: standalone ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## primary: persistence: enabled: false # Use an existing Persistent Volume Claim (must be created ahead of time) existingClaim: "" storageClass: "" accessMode: ReadWriteOnce size: 8Gi ## ## PostgreSQL chart configuration ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql ## postgresql: enabled: true global: postgresql: # global.postgresql.auth overrides postgresql.auth auth: username: oc_philiph password: "" database: nextcloud # Name of existing secret to use for PostgreSQL credentials. # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret. # secret might also contains the key ldap-password if LDAP is enabled. # ldap.bind_password will be ignored and picked from this secret in this case. existingSecret: nextcloud # Names of keys in existing secret to use for PostgreSQL credentials secretKeys: adminPasswordKey: postgres-password userPasswordKey: db-pass replicationPasswordKey: postgres-repl-pass primary: persistence: enabled: true # Use an existing Persistent Volume Claim (must be created ahead of time) # existingClaim: "" storageClass: openebs-3-replicas ## ## Redis chart configuration ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis ## redis: enabled: false auth: enabled: true password: 'changeme' # name of an existing secret with RedisĀ® credentials (instead of auth.password), must be created ahead of time existingSecret: "" # Password key to be retrieved from existing secret existingSecretPasswordKey: "" # Since Redis is used for caching only, you might want to use a storageClass with different reclaim policy and backup settings global: storageClass: openebs-3-replicas master: persistence: enabled: true replica: persistence: enabled: true ## ## Collabora chart configuration ## for more options see https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online ## collabora: enabled: true autoscaling: # enable autocaling, please check collabora README.md first enabled: false collabora: ## HTTPS nextcloud domain, if needed aliasgroups: - host: https://cloud.borninpain.de:443 # set extra parameters for collabora # you may need to add --o:ssl.termination=true extra_params: --o:ssl.enable=false --o:ssl.termination=true ## Specify server_name when the hostname is not reachable directly for # example behind reverse-proxy. example: collabora.domain server_name: null existingSecret: # set to true to to get collabora admin credentials from an existin secret # if set, ignores collabora.collabora.username and password enabled: true # name of existing Kubernetes Secret with collboara admin credentials secretName: nextcloud usernameKey: colla-user passwordKey: colla-pass # setup admin login credentials, these are ignored if # collabora.collabora.existingSecret.enabled=true password: examplepass username: admin # setup ingress ingress: # enable ingress for collabora online enabled: false className: "" # please check collabora values.yaml for nginx/haproxy annotations examples annotations: {} hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: collabora-ingress-tls # hosts: # - collabora.domain # see collabora helm README.md for recommended values resources: {} ## Cronjob to execute Nextcloud background tasks ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron ## cronjob: enabled: true ## Cronjob sidecar resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} # Allow configuration of lifecycle hooks # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ lifecycle: {} # postStartCommand: [] # preStopCommand: [] # Set securityContext parameters. For example, you may need to define runAsNonRoot directive securityContext: {} # runAsUser: 33 # runAsGroup: 33 # runAsNonRoot: true # readOnlyRootFilesystem: true # The command the cronjob container executes. command: - /cron.sh service: type: ClusterIP port: 8080 loadBalancerIP: "" nodePort: # -- use additional annotation on service for nextcloud annotations: {} ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: # Nextcloud Data (/var/www/html) enabled: true annotations: {} ## nextcloud data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: openebs-3-replicas ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: accessMode: ReadWriteOnce size: 25Gi ## Use an additional pvc for the data directory rather than a subpath of the default PVC ## Useful to store data on a different storageClass (e.g. on slower disks) nextcloudData: enabled: false subPath: annotations: {} storageClass: nfs-storage # existingClaim: accessMode: ReadWriteOnce size: 8Gi resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi ## Liveness and readiness probe values ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 startupProbe: enabled: false initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 30 successThreshold: 1 ## Enable pod autoscaling using HorizontalPodAutoscaler ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## hpa: enabled: false cputhreshold: 60 minPods: 1 maxPods: 10 nodeSelector: {} tolerations: [] affinity: {} dnsConfig: {} # Custom dns config for Nextcloud containers. # You can for example configure ndots. This may be needed in some clusters with alpine images. # options: # - name: ndots # value: "1" imaginary: # -- Start Imgaginary enabled: false # -- Number of imaginary pod replicas to deploy replicaCount: 1 image: # -- Imaginary image registry registry: docker.io # -- Imaginary image name repository: h2non/imaginary # -- Imaginary image tag tag: 1.2.4 # -- Imaginary image pull policy pullPolicy: IfNotPresent # -- Imaginary image pull secrets pullSecrets: [] # -- Additional annotations for imaginary podAnnotations: {} # -- Additional labels for imaginary podLabels: {} # -- Imaginary pod nodeSelector nodeSelector: {} # -- Imaginary pod tolerations tolerations: [] # -- imaginary resources resources: {} # -- Optional security context for the Imaginary container securityContext: runAsUser: 1000 runAsNonRoot: true # allowPrivilegeEscalation: false # capabilities: # drop: # - ALL # -- Optional security context for the Imaginary pod (applies to all containers in the pod) podSecurityContext: {} # runAsNonRoot: true # seccompProfile: # type: RuntimeDefault readinessProbe: enabled: true failureThreshold: 3 successThreshold: 1 periodSeconds: 10 timeoutSeconds: 1 livenessProbe: enabled: true failureThreshold: 3 successThreshold: 1 periodSeconds: 10 timeoutSeconds: 1 service: # -- Imaginary: Kubernetes Service type type: ClusterIP # -- Imaginary: LoadBalancerIp for service type LoadBalancer loadBalancerIP: # -- Imaginary: NodePort for service type NodePort nodePort: # -- Additional annotations for service imaginary annotations: {} # -- Additional labels for service imaginary labels: {} ## Prometheus Exporter / Metrics ## metrics: enabled: false replicaCount: 1 # Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container. # Without it, we will use the full name of the nextcloud service server: "" # The metrics exporter needs to know how you serve Nextcloud either http or https https: false # Use API token if set, otherwise fall back to password authentication # https://github.com/xperimental/nextcloud-exporter#token-authentication # Currently you still need to set the token manually in your nextcloud install token: "" timeout: 5s # if set to true, exporter skips certificate verification of Nextcloud server. tlsSkipVerify: false info: # Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container. # Enables gathering of apps-related metrics. Defaults to false apps: false image: repository: xperimental/nextcloud-exporter tag: 0.6.2 pullPolicy: IfNotPresent # pullSecrets: # - myRegistrKeySecretName ## Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} # -- Metrics exporter pod Annotation podAnnotations: {} # -- Metrics exporter pod Labels podLabels: {} # -- Metrics exporter pod nodeSelector nodeSelector: {} # -- Metrics exporter pod tolerations tolerations: [] # -- Metrics exporter pod affinity affinity: {} service: type: ClusterIP # Use serviceLoadBalancerIP to request a specific static IP, # otherwise leave blank loadBalancerIP: annotations: prometheus.io/scrape: "true" prometheus.io/port: "9205" labels: {} # -- security context for the metrics CONTAINER in the pod securityContext: runAsUser: 1000 runAsNonRoot: true # allowPrivilegeEscalation: false # capabilities: # drop: # - ALL # -- security context for the metrics POD podSecurityContext: {} # runAsNonRoot: true # seccompProfile: # type: RuntimeDefault ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## namespace: "" ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace) namespaceSelector: ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## interval: 30s ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## scrapeTimeout: "" ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor ## labels: {} rbac: enabled: false serviceaccount: create: true name: nextcloud-serviceaccount annotations: {} ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead securityContext: {}