apps/nextcloud/main.yaml

apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/version: 16.3.0
    helm.sh/chart: postgresql-15.5.0
  name: nextcloud-postgresql
  namespace: nextcloud
---
apiVersion: v1
data:
  aliasgroup1: https://cloud.borninpain.de:443
  extra_params: --o:ssl.enable=false --o:ssl.termination=true
kind: ConfigMap
metadata:
  annotations:
    confighash: config-a0251c3c8340b1da71056e3746336992
  labels:
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: collabora
    app.kubernetes.io/version: 24.04.5.2.1
    helm.sh/chart: collabora-1.1.20
  name: nextcloud-collabora
---
apiVersion: v1
data:
  nextcloud-password: Y2hhbmdlbWU=
  nextcloud-username: YWRtaW4=
kind: Secret
metadata:
  labels:
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/version: 30.0.6
    helm.sh/chart: nextcloud-6.6.9
  name: nextcloud
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/version: 16.3.0
    helm.sh/chart: postgresql-15.5.0
  name: nextcloud-postgresql
  namespace: nextcloud
spec:
  ports:
  - name: tcp-postgresql
    nodePort: null
    port: 5432
    targetPort: tcp-postgresql
  selector:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/name: postgresql
  sessionAffinity: None
  type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
  labels:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/version: 16.3.0
    helm.sh/chart: postgresql-15.5.0
  name: nextcloud-postgresql-hl
  namespace: nextcloud
spec:
  clusterIP: None
  ports:
  - name: tcp-postgresql
    port: 5432
    targetPort: tcp-postgresql
  publishNotReadyAddresses: true
  selector:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/name: postgresql
  type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/version: 30.0.6
    helm.sh/chart: nextcloud-6.6.9
  name: nextcloud
spec:
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 80
  selector:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/name: nextcloud
  type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: collabora
    app.kubernetes.io/version: 24.04.5.2.1
    helm.sh/chart: collabora-1.1.20
    type: main
  name: nextcloud-collabora
spec:
  ports:
  - name: http
    port: 9980
    protocol: TCP
    targetPort: http
  selector:
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/name: collabora
    type: main
  type: ClusterIP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    helm.sh/resource-policy: keep
  labels:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/version: 30.0.6
    helm.sh/chart: nextcloud-6.6.9
  name: nextcloud-nextcloud
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  storageClassName: openebs-3-replicas
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nextcloud
    app.kubernetes.io/version: 30.0.6
    helm.sh/chart: nextcloud-6.6.9
  name: nextcloud
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/component: app
      app.kubernetes.io/instance: nextcloud
      app.kubernetes.io/name: nextcloud
  strategy:
    type: Recreate
  template:
    metadata:
      annotations:
        hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
        nextcloud-config-hash: 8266a725d5474acb6adbf9f0609a3494dc3340a3ac306db90eac9ddb1b851960
        php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
      labels:
        app.kubernetes.io/component: app
        app.kubernetes.io/instance: nextcloud
        app.kubernetes.io/name: nextcloud
    spec:
      containers:
      - env:
        - name: POSTGRES_HOST
          value: nextcloud-postgresql
        - name: POSTGRES_DB
          value: nextcloud
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              key: db-user
              name: nextcloud
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              key: db-pass
              name: nextcloud
        - name: NEXTCLOUD_ADMIN_USER
          valueFrom:
            secretKeyRef:
              key: nextcloud-username
              name: nextcloud
        - name: NEXTCLOUD_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              key: nextcloud-password
              name: nextcloud
        - name: NEXTCLOUD_TRUSTED_DOMAINS
          value: cloud.borninpain.de
        - name: NEXTCLOUD_DATA_DIR
          value: /var/www/html/data
        - name: REDIS_HOST
          value: nextcloud-redis-master
        - name: REDIS_HOST_PORT
          value: "6379"
        - name: REDIS_HOST_PASSWORD
          valueFrom:
            secretKeyRef:
              key: redis-pass
              name: nextcloud
        image: nextcloud:30.0.6-apache
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            httpHeaders:
            - name: Host
              value: cloud.borninpain.de
            path: /status.php
            port: 80
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        name: nextcloud
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            httpHeaders:
            - name: Host
              value: cloud.borninpain.de
            path: /status.php
            port: 80
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources: {}
        volumeMounts:
        - mountPath: /var/www/
          name: nextcloud-main
          subPath: root
        - mountPath: /var/www/html
          name: nextcloud-main
          subPath: html
        - mountPath: /var/www/html/data
          name: nextcloud-main
          subPath: data
        - mountPath: /var/www/html/config
          name: nextcloud-main
          subPath: config
        - mountPath: /var/www/html/custom_apps
          name: nextcloud-main
          subPath: custom_apps
        - mountPath: /var/www/tmp
          name: nextcloud-main
          subPath: tmp
        - mountPath: /var/www/html/themes
          name: nextcloud-main
          subPath: themes
      - command:
        - /cron.sh
        env:
        - name: POSTGRES_HOST
          value: nextcloud-postgresql
        - name: POSTGRES_DB
          value: nextcloud
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              key: db-user
              name: nextcloud
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              key: db-pass
              name: nextcloud
        - name: NEXTCLOUD_ADMIN_USER
          valueFrom:
            secretKeyRef:
              key: nextcloud-username
              name: nextcloud
        - name: NEXTCLOUD_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              key: nextcloud-password
              name: nextcloud
        - name: NEXTCLOUD_TRUSTED_DOMAINS
          value: cloud.borninpain.de
        - name: NEXTCLOUD_DATA_DIR
          value: /var/www/html/data
        image: nextcloud:30.0.6-apache
        imagePullPolicy: IfNotPresent
        name: nextcloud-cron
        resources: {}
        volumeMounts:
        - mountPath: /var/www/
          name: nextcloud-main
          subPath: root
        - mountPath: /var/www/html
          name: nextcloud-main
          subPath: html
        - mountPath: /var/www/html/data
          name: nextcloud-main
          subPath: data
        - mountPath: /var/www/html/config
          name: nextcloud-main
          subPath: config
        - mountPath: /var/www/html/custom_apps
          name: nextcloud-main
          subPath: custom_apps
        - mountPath: /var/www/tmp
          name: nextcloud-main
          subPath: tmp
        - mountPath: /var/www/html/themes
          name: nextcloud-main
          subPath: themes
      initContainers:
      - command:
        - sh
        - -c
        - until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ;
          done
        env:
        - name: POSTGRES_USER
          valueFrom:
            secretKeyRef:
              key: db-user
              name: nextcloud
        - name: POSTGRES_HOST
          value: nextcloud-postgresql
        image: docker.io/bitnami/postgresql:16.3.0-debian-12-r10
        name: postgresql-isready
        resources: {}
        securityContext: {}
      securityContext:
        fsGroup: 33
      volumes:
      - name: nextcloud-main
        persistentVolumeClaim:
          claimName: nextcloud-nextcloud
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: collabora
    app.kubernetes.io/version: 24.04.5.2.1
    helm.sh/chart: collabora-1.1.20
  name: nextcloud-collabora
spec:
  minReadySeconds: 0
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: nextcloud
      app.kubernetes.io/name: collabora
      type: main
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
        confighash: config-a0251c3c8340b1da71056e3746336992
      labels:
        app.kubernetes.io/instance: nextcloud
        app.kubernetes.io/name: collabora
        type: main
    spec:
      containers:
      - env:
        - name: username
          valueFrom:
            secretKeyRef:
              key: colla-user
              name: nextcloud
        - name: password
          valueFrom:
            secretKeyRef:
              key: colla-pass
              name: nextcloud
        envFrom:
        - configMapRef:
            name: nextcloud-collabora
        image: collabora/code:24.04.5.2.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 4
          httpGet:
            path: /
            port: 9980
            scheme: HTTP
          initialDelaySeconds: 0
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 30
        name: collabora
        ports:
        - containerPort: 9980
          name: http
          protocol: TCP
        readinessProbe:
          failureThreshold: 2
          httpGet:
            path: /
            port: 9980
            scheme: HTTP
          initialDelaySeconds: 0
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 30
        resources: {}
        securityContext: {}
        startupProbe:
          failureThreshold: 30
          httpGet:
            path: /
            port: 9980
            scheme: HTTP
          periodSeconds: 3
        volumeMounts:
        - mountPath: /tmp
          name: tmp
      securityContext: {}
      serviceAccountName: default
      terminationGracePeriodSeconds: 60
      volumes:
      - emptyDir: {}
        name: tmp
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/version: 16.3.0
    helm.sh/chart: postgresql-15.5.0
  name: nextcloud-postgresql
  namespace: nextcloud
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/component: primary
      app.kubernetes.io/instance: nextcloud
      app.kubernetes.io/name: postgresql
  serviceName: nextcloud-postgresql-hl
  template:
    metadata:
      labels:
        app.kubernetes.io/component: primary
        app.kubernetes.io/instance: nextcloud
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: postgresql
        app.kubernetes.io/version: 16.3.0
        helm.sh/chart: postgresql-15.5.0
      name: nextcloud-postgresql
    spec:
      affinity:
        nodeAffinity: null
        podAffinity: null
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchLabels:
                  app.kubernetes.io/component: primary
                  app.kubernetes.io/instance: nextcloud
                  app.kubernetes.io/name: postgresql
              topologyKey: kubernetes.io/hostname
            weight: 1
      automountServiceAccountToken: false
      containers:
      - env:
        - name: BITNAMI_DEBUG
          value: "false"
        - name: POSTGRESQL_PORT_NUMBER
          value: "5432"
        - name: POSTGRESQL_VOLUME_DIR
          value: /bitnami/postgresql
        - name: PGDATA
          value: /bitnami/postgresql/data
        - name: POSTGRES_USER
          value: nextcloud
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              key: db-user
              name: nextcloud
        - name: POSTGRES_POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              key: postgres-password
              name: nextcloud
        - name: POSTGRES_DATABASE
          value: nextcloud
        - name: POSTGRESQL_ENABLE_LDAP
          value: "no"
        - name: POSTGRESQL_ENABLE_TLS
          value: "no"
        - name: POSTGRESQL_LOG_HOSTNAME
          value: "false"
        - name: POSTGRESQL_LOG_CONNECTIONS
          value: "false"
        - name: POSTGRESQL_LOG_DISCONNECTIONS
          value: "false"
        - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
          value: "off"
        - name: POSTGRESQL_CLIENT_MIN_MESSAGES
          value: error
        - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
          value: pgaudit
        image: docker.io/bitnami/postgresql:16.3.0-debian-12-r10
        imagePullPolicy: IfNotPresent
        livenessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p
              5432
          failureThreshold: 6
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        name: postgresql
        ports:
        - containerPort: 5432
          name: tcp-postgresql
        readinessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - -e
            - |
              exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432
              [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
          failureThreshold: 6
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          limits:
            cpu: 150m
            ephemeral-storage: 1024Mi
            memory: 192Mi
          requests:
            cpu: 100m
            ephemeral-storage: 50Mi
            memory: 128Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          privileged: false
          readOnlyRootFilesystem: true
          runAsGroup: 1001
          runAsNonRoot: true
          runAsUser: 1001
          seLinuxOptions: {}
          seccompProfile:
            type: RuntimeDefault
        volumeMounts:
        - mountPath: /tmp
          name: empty-dir
          subPath: tmp-dir
        - mountPath: /opt/bitnami/postgresql/conf
          name: empty-dir
          subPath: app-conf-dir
        - mountPath: /opt/bitnami/postgresql/tmp
          name: empty-dir
          subPath: app-tmp-dir
        - mountPath: /dev/shm
          name: dshm
        - mountPath: /bitnami/postgresql
          name: data
      hostIPC: false
      hostNetwork: false
      securityContext:
        fsGroup: 1001
        fsGroupChangePolicy: Always
        supplementalGroups: []
        sysctls: []
      serviceAccountName: nextcloud-postgresql
      volumes:
      - emptyDir: {}
        name: empty-dir
      - emptyDir:
          medium: Memory
        name: dshm
  updateStrategy:
    rollingUpdate: {}
    type: RollingUpdate
  volumeClaimTemplates:
  - apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: data
    spec:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 8Gi
      storageClassName: openebs-3-replicas
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  labels:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/version: 16.3.0
    helm.sh/chart: postgresql-15.5.0
  name: nextcloud-postgresql
  namespace: nextcloud
spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      app.kubernetes.io/component: primary
      app.kubernetes.io/instance: nextcloud
      app.kubernetes.io/name: postgresql
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    app.kubernetes.io/component: primary
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: postgresql
    app.kubernetes.io/version: 16.3.0
    helm.sh/chart: postgresql-15.5.0
  name: nextcloud-postgresql
  namespace: nextcloud
spec:
  egress:
  - {}
  ingress:
  - ports:
    - port: 5432
  podSelector:
    matchLabels:
      app.kubernetes.io/component: primary
      app.kubernetes.io/instance: nextcloud
      app.kubernetes.io/name: postgresql
  policyTypes:
  - Ingress
  - Egress