truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-23 10:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

NAS-123919 / 24.04 / re-adds nextcloud chart with version 26 (#1548)

Browse Source 
* re-adds nextcloud chart with version 26

* add to_keep_versions
This commit is contained in:
Stavros Kois
2023-10-06 16:44:43 +03:00
committed by GitHub
parent 9f061cf600
commit 15667f36a6
28 changed files with 1219 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
charts/nextcloud/1.6.29/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
charts/nextcloud/1.6.29/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common/2304.0.1
version: 2304.0.1
digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670
generated: "2023-04-24T13:40:41.468936547+03:00"

30
charts/nextcloud/1.6.29/Chart.yaml Normal file
View File

@@ -0,0 +1,30 @@
name: nextcloud
description: A file sharing server that puts the control and security of your own
data back into your hands.
annotations:
title: Nextcloud
type: application
version: 1.6.29
apiVersion: v2
appVersion: 26.0.2
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
email: dev@ixsystems.com
dependencies:
- name: common
repository: file://../../../common/2304.0.1
version: 2304.0.1
home: https://nextcloud.com/
icon: https://cdn.rawgit.com/docker-library/docs/defa5ffc7123177acd60ddef6e16bddf694cc35f/nextcloud/logo.svg
sources:
- https://github.com/nextcloud/docker
- https://github.com/nextcloud/helm
- https://github.com/truenas/charts/tree/master/library/ix-dev/charts/nextcloud
keywords:
- nextcloud
- storage
- http
- web
- php

11
charts/nextcloud/1.6.29/README.md Normal file
View File

@@ -0,0 +1,11 @@
# nextcloud
[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
## Introduction
This chart bootstraps an [nextcloud](https://hub.docker.com/_/nextcloud/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Configuration
Please refer to questions.yaml for a detailed overview on supported configurable values.

3
charts/nextcloud/1.6.29/app-readme.md Normal file
View File

@@ -0,0 +1,3 @@
# nextcloud
[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.

BIN
charts/nextcloud/1.6.29/charts/common-2304.0.1.tgz Normal file
View File

Binary file not shown.

36
charts/nextcloud/1.6.29/ci/test-values.yaml Normal file
View File

@@ -0,0 +1,36 @@
appVolumeMounts:
nextcloud-data:
emptyDir: true
mountPath: /var/www
cronjob:
enabled: false
schedule: 1 */24 * * *
dnsConfig:
options: []
emptyDirVolumes: true
environmentVariables: []
ixChartContext: {}
nextcloud:
datadir: /var/www/html/data
host: nextcloud.kube.home
install_ffmpeg: true
password: changeme
username: admin
postgresAppVolumeMounts:
postgres-backup:
emptyDir: true
mountPath: /postgres_backups
postgres-data:
emptyDir: true
mountPath: /var/lib/postgresql/data
postgresql:
backupVolume:
datasetName: ix-postgres_backups
mountPath: /postgres_backups
dataVolume:
datasetName: ix-postgres_data
mountPath: /var/lib/postgresql/data
service:
nodePort: 31000
updateStrategy: Recreate
useServiceNameForHost: true

10
charts/nextcloud/1.6.29/ix_values.yaml Normal file
View File

@@ -0,0 +1,10 @@
image:
pullPolicy: IfNotPresent
repository: nextcloud
tag: 26.0.2
nginx:
image:
pullPolicy: IfNotPresent
repository: nginx
tag: 1.23.3
useServiceNameForHost: false

46
charts/nextcloud/1.6.29/metadata.yaml Normal file
View File

@@ -0,0 +1,46 @@
runAsContext:
- userName: root
groupName: root
gid: 0
uid: 0
description: Nextcloud runs as root user.
- userName: root
groupName: root
gid: 0
uid: 0
description: Postgres runs as root user.
- userName: root
groupName: root
gid: 0
uid: 0
description: Nginx runs as root user. (Nginx only runs when certificate is provided)
capabilities:
- name: CHOWN
description: Nextcloud, Nginx and Postgres are able to chown files.
- name: FOWNER
description: Nextcloud, Nginx and Postgres are able to bypass permission checks for it's sub-processes.
- name: SYS_CHROOT
description: Nextcloud, Nginx and Postgres are able to use chroot.
- name: MKNOD
description: Nextcloud, Nginx and Postgres are able to create device nodes.
- name: DAC_OVERRIDE
description: Nextcloud, Nginx and Postgres are able to bypass permission checks.
- name: FSETID
description: Nextcloud, Nginx and Postgres are able to set file capabilities.
- name: KILL
description: Nextcloud, Nginx and Postgres are able to kill processes.
- name: SETGID
description: Nextcloud, Nginx and Postgres are able to set group ID for it's sub-processes.
- name: SETUID
description: Nextcloud, Nginx and Postgres are able to set user ID for it's sub-processes.
- name: SETPCAP
description: Nextcloud, Nginx and Postgres are able to set process capabilities.
- name: NET_BIND_SERVICE
description: Nextcloud, Nginx and Postgres are able to bind to privileged ports.
- name: SETFCAP
description: Nextcloud, Nginx and Postgres are able to set file capabilities.
- name: NET_RAW
description: Nextcloud, Nginx and Postgres are able to use raw sockets.
- name: AUDIT_WRITE
description: Nextcloud, Nginx and Postgres are able to write to audit log.
hostMounts: []

26
charts/nextcloud/1.6.29/migrations/migrate_from_1.1.0 Executable file
View File

@@ -0,0 +1,26 @@
#!/usr/bin/python3
import json
import os
import sys
def migrate(values):
values.update({
'appVolumeMounts': {
'nextcloud-data': {
'hostPathEnabled': values['nextcloudDataHostPathEnabled'],
**({'hostPath': values['nextcloudHostPath']} if values.get('nextcloudHostPath') else {})
},
},
'updateStrategy': values.get('nextcloud').get('strategy', 'Recreate'),
})
return values
if __name__ == '__main__':
if len(sys.argv) != 2:
exit(1)
if os.path.exists(sys.argv[1]):
with open(sys.argv[1], 'r') as f:
print(json.dumps(migrate(json.loads(f.read()))))

356
charts/nextcloud/1.6.29/questions.yaml Normal file
View File

@@ -0,0 +1,356 @@
groups:
- name: "Container Images"
description: "Image to be used for container"
- name: "Nextcloud Configuration"
description: "Configuration details for Nextcloud workload"
- name: "Storage"
description: "Configure Storage for Nextcloud"
- name: "Container Configuration"
description: "Configure nextcloud container parameters"
- name: "Postgresql Configuration"
description: "Configure Postgresql for nextcloud"
- name: "CronJob configuration"
description: "Configure CronJob for nextcloud"
- name: "Scaling/Upgrade Policy"
description: "Configure how pods are replaced when configuration is upgraded"
- name: "Advanced DNS Settings"
description: "Configure DNS settings"
- name: "Resource Limits"
description: "Set CPU/memory limits for Kubernetes Pod"
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_nginx-configuration_protocol"
host:
- "$variable-nextcloud.host"
ports:
- "$variable-service.nodePort"
questions:
- variable: dnsConfig
label: "DNS Configuration"
group: "Advanced DNS Settings"
schema:
type: dict
attrs:
- variable: options
label: "DNS Options"
schema:
type: list
items:
- variable: optionsEntry
label: "Option Entry Configuration"
schema:
type: dict
attrs:
- variable: name
label: "Option Name"
schema:
type: string
required: true
- variable: value
label: "Option Value"
schema:
type: string
required: true
- variable: certificate
description: "Configure Certificate for Nextcloud"
label: "Certificate Configuration"
group: "Nextcloud Configuration"
schema:
type: int
$ref:
- "definitions/certificate"
- variable: nextcloud
description: "Nextcloud configuration details"
label: "Nextcloud Configuration"
group: "Nextcloud Configuration"
schema:
type: dict
required: true
additional_attrs: true
attrs:
- variable: host
description: "Nextcloud host to create application URLs"
label: "Nextcloud host"
schema:
type: string
$ref:
- "definitions/nodeIP"
- variable: username
label: "Username"
description: "Name of the Nextcloud admin user"
schema:
type: string
default: "admin"
required: true
- variable: password
label: "Password"
description: "Password for the Nextcloud admin user"
schema:
type: string
private: true
default: "changeme"
required: true
- variable: datadir
label: "Nextcloud data directory"
description: "Configures the data directory where nextcloud stores all files from the users"
schema:
type: path
default: "/var/www/html/data"
required: true
- variable: install_ffmpeg
label: "Install ffmpeg"
description: "Automatically Install ffmpeg when the container starts"
schema:
type: boolean
default: false
- variable: cronjob
description: "Setup cronjob for nextcloud"
label: "Setup cronjob for nextcloud"
group: "CronJob configuration"
schema:
type: dict
attrs:
- variable: enabled
label: "Enable cronjobs for nextcloud"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: schedule
label: Schedule
schema:
type: string
default: "1 */24 * * *"
empty: false
# Update strategy
- variable: updateStrategy
description: "Upgrade Policy"
label: "Update Strategy"
group: "Scaling/Upgrade Policy"
schema:
type: string
default: "Recreate"
enum:
- value: "RollingUpdate"
description: "Create new pods and then kill old ones"
- value: "Recreate"
description: "Kill existing pods before creating new ones"
- variable: service
description: "Nextcloud Service Configuration"
label: "Nextcloud Service Configuration"
group: "Nextcloud Configuration"
schema:
type: dict
required: true
attrs:
- variable: nodePort
label: "Node Port to use for Nextcloud"
schema:
type: int
min: 9000
max: 65535
default: 9001
required: true
- variable: appVolumeMounts
label: "Nextcloud Storage"
group: "Storage"
schema:
type: dict
attrs:
- variable: nextcloud-data
label: "Nextcloud Data Volume"
schema:
type: dict
attrs:
- variable: datasetName
label: "Nextcloud Data Volume Name"
schema:
type: string
hidden: true
$ref:
- "normalize/ixVolume"
show_if: [["hostPathEnabled", "=", false]]
default: "ix-nextcloud_data"
editable: false
- variable: mountPath
label: "Nextcloud Data Mount Path"
description: "Path where the volume will be mounted inside the pod"
schema:
type: path
hidden: true
editable: false
default: "/var/www"
- variable: hostPathEnabled
label: "Enable Host Path for Nextcloud Data Volume"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: "Host Path for Nextcloud Data Volume"
schema:
type: hostpath
required: true
- variable: extraAppVolumeMounts
label: "Nextcloud Extra Host Path Volumes"
group: "Storage"
schema:
type: list
items:
- variable: extraAppVolume
label: "Nextcloud Host Path Volume"
description: "Add an extra host path volume for nextcloud application"
schema:
type: dict
attrs:
- variable: mountPath
label: "Mount Path in Pod"
description: "Path where the volume will be mounted inside the pod"
schema:
type: path
required: true
- variable: hostPath
label: "Host Path"
description: "Host path"
schema:
type: hostpath
required: true
- variable: postgresAppVolumeMounts
label: "Postgres Storage"
group: "Storage"
schema:
type: dict
attrs:
- variable: postgres-data
label: "Postgres Data Volume"
schema:
type: dict
attrs:
- variable: datasetName
label: "Postgres Data Volume Name"
schema:
type: string
hidden: true
$ref:
- "normalize/ixVolume"
default: "ix-postgres_data"
show_if: [["hostPathEnabled", "=", false]]
editable: false
- variable: mountPath
label: "Postgresql Data Mount Path"
description: "Path where the volume will be mounted inside the pod"
schema:
type: path
hidden: true
editable: false
default: "/var/lib/postgresql/data"
- variable: hostPathEnabled
label: "Enable Host Path for Postgres Data Volume"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: "Host Path for Postgres Data Volume"
schema:
type: hostpath
required: true
- variable: postgres-backup
label: "Postgres Backup Volume"
schema:
type: dict
attrs:
- variable: datasetName
label: "Postgres Backup Volume Name"
schema:
type: string
hidden: true
$ref:
- "normalize/ixVolume"
default: "ix-postgres_backups"
show_if: [["hostPathEnabled", "=", false]]
editable: false
- variable: mountPath
label: "Postgresql Backup Mount Path"
description: "Path where the volume will be mounted inside the pod"
schema:
type: path
hidden: true
editable: false
default: "/postgres_backups"
- variable: hostPathEnabled
label: "Enable Host Path for Postgres Backup Volume"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: "Host Path for Postgres Backup Volume"
schema:
type: hostpath
required: true
- variable: enableResourceLimits
label: "Enable Pod resource limits"
group: "Resource Limits"
schema:
type: boolean
default: false
- variable: cpuLimit
label: "CPU Limresource limitsit"
description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100."
group: "Resource Limits"
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
default: "4000m"
- variable: memLimit
label: "Memory Limit"
group: "Resource Limits"
description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi"
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
default: "8Gi"
- variable: environmentVariables
label: "Nextcloud environment"
group: "Nextcloud Configuration"
schema:
type: list
default: []
items:
- variable: environmentVariable
label: "Environment Variable"
schema:
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string

3
charts/nextcloud/1.6.29/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,3 @@
1. Get the nextcloud URL by running:
echo http://{{ .Values.nextcloud.host }}:{{ .Values.service.nodePort }}/

79
charts/nextcloud/1.6.29/templates/_nginx.tpl Normal file
View File

@@ -0,0 +1,79 @@
{{/*
Retrieve true/false if certificate is configured
*/}}
{{- define "nginx.certAvailable" -}}
{{- if .Values.certificate -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{- template "common.resources.cert_present" $values -}}
{{- else -}}
{{- false -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve public key of certificate
*/}}
{{- define "nginx.cert.publicKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve private key of certificate
*/}}
{{- define "nginx.cert.privateKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve configured protocol scheme for nextcloud
*/}}
{{- define "nginx.scheme" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
{{- print "https" -}}
{{- else -}}
{{- print "http" -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve nginx certificate secret name
*/}}
{{- define "nginx.secretName" -}}
{{- print "nginx-secret" -}}
{{- end -}}
{{/*
Formats volumeMount for tls keys and trusted certs
*/}}
{{- define "nginx.tlsKeysVolumeMount" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
- name: cert-secret-volume
mountPath: "/etc/nginx-certs"
{{- end -}}
{{- end -}}
{{/*
Formats volume for tls keys and trusted certs
*/}}
{{- define "nginx.tlsKeysVolume" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
- name: cert-secret-volume
secret:
secretName: {{ include "nginx.secretName" . }}
items:
- key: certPublicKey
path: public.crt
- key: certPrivateKey
path: private.key
{{- end -}}
{{- end -}}

49
charts/nextcloud/1.6.29/templates/_postgres.tpl Normal file
View File

@@ -0,0 +1,49 @@
{{/*
Get Nextloud Postgres Database Name
*/}}
{{- define "postgres.DatabaseName" -}}
{{- print "nextcloud" -}}
{{- end -}}
{{- define "postgres.imageName" -}}
{{- print "postgres:13.1" -}}
{{- end -}}
{{/*
Retrieve postgres backup name
This will return a unique name based on revision and chart numbers specified.
*/}}
{{- define "postgres.backupName" -}}
{{- $upgradeDict := .Values.ixChartContext.upgradeMetadata -}}
{{- printf "postgres-backup-from-%s-to-%s-revision-%d" $upgradeDict.oldChartVersion $upgradeDict.newChartVersion (int64 $upgradeDict.preUpgradeRevision) -}}
{{- end }}
{{/*
Retrieve postgres credentials for environment variables configuration
*/}}
{{- define "postgres.envVariableConfiguration" -}}
{{ $envList := list }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-user") }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-password") }}
{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) }}
{{- end -}}
{{/*
Retrieve postgres volume configuration
*/}}
{{- define "postgres.volumeConfiguration" -}}
{{ include "common.storage.configureAppVolumes" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts "emptyDirVolumes" .Values.emptyDirVolumes "ixVolumes" .Values.ixVolumes) | nindent 0 }}
{{- end -}}
{{/*
Retrieve postgres volume mounts configuration
*/}}
{{- define "postgres.volumeMountsConfiguration" -}}
{{ include "common.storage.configureAppVolumeMountsInContainer" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts ) | nindent 0 }}
{{- end -}}

15
charts/nextcloud/1.6.29/templates/backup-postgres-config.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "postgres-backup-hook-config-map"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
data:
entrypoint.sh: |-
#!/bin/sh
cmd="/docker-entrypoint.sh postgres"
eval "${cmd}" & disown;
until pg_isready; do
sleep 5;
done;
pg_dump -U $POSTGRES_USER -d {{ template "postgres.DatabaseName" . }} > /postgres_backups/$BACKUP_NAME;

39
charts/nextcloud/1.6.29/templates/backup-postgres-hook.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if .Values.ixChartContext.isUpgrade -}}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
apiVersion: batch/v1
kind: Job
metadata:
name: "pre-upgrade-hook2"
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
rollme: {{ randAlphaNum 5 | quote }}
spec:
template:
metadata:
name: "pre-upgrade-hook2"
spec:
restartPolicy: Never
serviceAccountName: "{{ template "common.names.serviceAccountName" . }}"
containers:
- name: {{ .Chart.Name }}-postgres-backup
image: {{ template "postgres.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
- name: BACKUP_NAME
value: {{ template "postgres.backupName" . }}
volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
- name: backup-script-configmap
mountPath: /bin/backup_entrypoint.sh
readOnly: true
subPath: entrypoint.sh
command:
- "/bin/backup_entrypoint.sh"
volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
- name: backup-script-configmap
configMap:
defaultMode: 0700
name: "postgres-backup-hook-config-map"
{{- end -}}

49
charts/nextcloud/1.6.29/templates/cronjob.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{ $cronjob_values := (. | mustDeepCopy) }}
{{ $_ := set $cronjob_values "common" (dict "nameSuffix" "cronjob") }}
{{ $hostName := .Values.nextcloud.host }}
{{ if .Values.useServiceNameForHost }}
{{ $hostName = (include "common.names.fullname" .) }}
{{ end }}
{{if .Values.cronjob.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ template "common.names.fullname" $cronjob_values }}
labels:
app: {{ template "common.names.name" $cronjob_values }}
chart: {{ template "common.names.chart" $cronjob_values }}
release: {{ .Release.Name }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
schedule: "{{ .Values.cronjob.schedule }}"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 2
successfulJobsHistoryLimit: 1
jobTemplate:
metadata:
labels:
app: {{ template "common.names.name" $cronjob_values }}
release: {{ .Release.Name }}
{{- include "common.labels.selectorLabels" $cronjob_values | nindent 8 }}
spec:
template:
metadata:
labels:
app: {{ template "common.names.name" $cronjob_values }}
release: {{ .Release.Name }}
{{- include "common.labels.selectorLabels" $cronjob_values | nindent 12 }}
spec:
restartPolicy: Never
containers:
- name: {{ .Chart.Name }}-cronjob
image: "{{.Values.image.repository }}:{{.Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.certificate }}
command: [ "curl" ,"-k" , "https://{{ $hostName }}:{{.Values.service.nodePort}}/cron.php"]
{{- else }}
command: [ "curl" , "http://{{ $hostName }}:{{.Values.service.nodePort}}/cron.php"]
{{- end }}
{{ end }}

202
charts/nextcloud/1.6.29/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,202 @@
{{ include "common.storage.hostPathValidate" .Values }}
{{ $postgres_values := (. | mustDeepCopy) }}
{{ $_ := set $postgres_values "common" (dict "nameSuffix" "postgres") }}
{{ include "common.deployment.common_config" . | nindent 0 }}
spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
template: {{ include "common.deployment.pod.metadata" . | nindent 4 }}
spec:
initContainers:
- name: init-postgresdb
image: {{ template "postgres.imageName" . }}
command: ['sh', '-c', "until pg_isready -U $POSTGRES_USER -d {{ include "postgres.DatabaseName" .Values }} -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"]
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }}
containers:
{{ if eq (include "nginx.certAvailable" .) "true" }}
- name: nginx
{{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }}
volumeMounts:
- name: nginx-configuration
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
{{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }}
ports:
- name: nginx-http
containerPort: 8000
protocol: TCP
- name: nginx-https
containerPort: 443
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTPS
path: /status.php
port: 443
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: /status.php
port: 443
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
startupProbe:
httpGet:
scheme: HTTPS
path: /status.php
port: 443
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
{{ end }}
- name: {{ .Chart.Name }}
{{ include "common.resources.limitation" . | nindent 8 }}
{{ include "common.containers.imageConfig" .Values.image | nindent 8 }}
env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }}
{{ $secretName := (include "common.names.fullname" .) }}
{{ $envList := (default list .Values.environmentVariables) }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }}
{{ if eq (include "nginx.certAvailable" .) "true" }}
{{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
{{ if and .Values.nextcloud.host .Values.service.nodePort }}
{{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }}
{{ end }}
{{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }}
{{ $envList = mustAppend $envList (dict "name" "TRUSTED_PROXIES" "value" "127.0.0.1") }}
{{ end }}
{{ $hostName := .Values.nextcloud.host }}
{{ if .Values.useServiceNameForHost }}
{{ $hostName = (include "common.names.fullname" .) }}
{{ end }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" $hostName) }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }}
{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 10 }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /status.php
port: http
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
path: /status.php
port: http
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
startupProbe:
{{- if .Values.nextcloud.install_ffmpeg }}
exec:
command:
- /bin/sh
- -c
- |
command -v ffmpeg /dev/null 2>&1 || exit 1
{{- else }}
httpGet:
path: /status.php
port: http
httpHeaders:
- name: Host
value: localhost
{{- end }}
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/
subPath: "root"
- name: nextcloud-data
mountPath: /var/www/html
subPath: "html"
- name: nextcloud-data
mountPath: {{ .Values.nextcloud.datadir }}
subPath: "data"
- name: nextcloud-data
mountPath: /var/www/html/config
subPath: "config"
- name: nextcloud-data
mountPath: /var/www/html/custom_apps
subPath: "custom_apps"
- name: nextcloud-data
mountPath: /var/www/tmp
subPath: "tmp"
- name: nextcloud-data
mountPath: /var/www/html/themes
subPath: "themes"
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
mountPath: {{ $hostPathConfiguration.mountPath }}
{{ end }}
{{- if .Values.nextcloud.install_ffmpeg }}
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
echo "Installing ffmpeg..."
apt update && \
apt install -y --no-install-recommends \
ffmpeg || echo "Failed to install ffmpeg"
echo "Finished."
{{- end }}
{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
volumes:
- name: nginx-configuration
configMap:
defaultMode: 0700
name: "nginx-configuration"
{{ include "nginx.tlsKeysVolume" . | nindent 8 }}
{{ if .Values.appVolumeMounts }}
{{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
{{ end }}
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
hostPath:
path: {{ $hostPathConfiguration.hostPath }}
{{ end }}
# Will mount configuration files as www-data (id: 33) for nextcloud
securityContext:
fsGroup: 33

67
charts/nextcloud/1.6.29/templates/nginx-configmap.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "nginx-configuration"
data:
protocol: {{ include "nginx.scheme" . }}
nginx.conf: |-
events {}
http {
# redirects all http requests to https requests
server {
listen 8000 default_server;
listen [::]:8000 default_server;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen 443 ssl http2;
listen [::]:433 ssl http2;
ssl_certificate '/etc/nginx-certs/public.crt';
ssl_certificate_key '/etc/nginx-certs/private.key';
# maximum 3GB Upload File; change to fit your needs
client_max_body_size 3G;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
proxy_pass http://localhost;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_request_buffering off;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Proxy timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
}

10
charts/nextcloud/1.6.29/templates/nginx-secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "nginx.secretName" . }}
type: Opaque
data:
{{ if eq (include "nginx.certAvailable" .) "true" }}
certPublicKey: {{ (include "nginx.cert.publicKey" .) | toString | b64enc | quote }}
certPrivateKey: {{ (include "nginx.cert.privateKey" .) | toString | b64enc | quote }}
{{ end }}

24
charts/nextcloud/1.6.29/templates/nuke-deployments-hook.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.ixChartContext.isUpgrade -}}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
apiVersion: batch/v1
kind: Job
metadata:
name: "pre-upgrade-hook1"
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-1"
"helm.sh/hook-delete-policy": hook-succeeded
rollme: {{ randAlphaNum 5 | quote }}
spec:
template:
metadata:
name: "pre-upgrade-hook1"
spec:
restartPolicy: Never
serviceAccountName: "{{ template "common.names.serviceAccountName" . }}"
containers:
- name: kubectl
image: "bitnami/kubectl:1.19"
command: ["kubectl", "delete" , "deployment", "{{ template "common.names.fullname" . }}", "{{ template "common.names.fullname" $values }}"]
{{- end -}}

50
charts/nextcloud/1.6.29/templates/postgres-deployment.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
{{ include "common.deployment.common_config" $values | nindent 0 }}
spec: {{ include "common.deployment.common_spec" $values | nindent 2 }}
template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }}
spec:
containers:
- name: {{ .Chart.Name }}-postgres
image: {{ template "postgres.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
ports:
- name: postgres-tcp
containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
livenessProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
startupProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}

22
charts/nextcloud/1.6.29/templates/postgres-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- $secretName := "db-details" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
data:
{{/*
Lookup for the user shouldn't be needed in normal circumstances
But there was a typo before that resulted to a db-user with weird
characters. So to keep that user for existing installations we retrieve
it from the existing secret.
*/}}
{{ with (lookup "v1" "Secret" .Release.Namespace $secretName)}}
db-user: {{ index .data "db-user" }}
{{ else }}
db-user: {{ (include "postgres.DatabaseName" .Values ) | b64enc }}
{{ end }}
{{ with (lookup "v1" "Secret" .Release.Namespace $secretName) }}
db-password: {{ index .data "db-password" }}
{{ else }}
db-password: {{ randAlphaNum 15 | b64enc }}
{{ end }}

6
charts/nextcloud/1.6.29/templates/postgres-service.yaml Normal file
View File

@@ -0,0 +1,6 @@
{{ $ports := list }}
{{ $ports = mustAppend $ports (dict "name" "postgres-tcp" "port" 5432 "targetPort" 5432) }}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
{{ include "common.classes.service" $values }}

13
charts/nextcloud/1.6.29/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
labels: {{ include "common.labels" . | nindent 4 }}
type: Opaque
data:
nextcloud-username: {{ .Values.nextcloud.username | b64enc | quote }}
{{ if .Values.nextcloud.password }}
nextcloud-password: {{ .Values.nextcloud.password | b64enc | quote }}
{{ else }}
nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }}

10
charts/nextcloud/1.6.29/templates/service.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{ $svc := .Values.service }}
{{ $ports := list }}
{{ if eq (include "nginx.certAvailable" .) "true" }}
{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" 443 "port" 443 "nodePort" $svc.nodePort) }}
{{ else }}
{{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }}
{{ end }}
{{ $params := . }}
{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
{{ include "common.classes.service" $params }}

35
charts/nextcloud/1.6.29/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{ include "common.serviceaccount" . | nindent 0 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Release.Name }}-service-account-role-binding"
subjects:
- kind: ServiceAccount
name: "{{ template "common.names.serviceAccountName" . }}"
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: "{{ .Release.Name }}-service-account-role"
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Release.Name }}-service-account-role"
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
- "apps"
resources:
- pods
- deployments
verbs:
- delete
- get
- list

1
library/ix-dev/charts/nextcloud/to_keep_versions.yaml Normal file
View File

@@ -0,0 +1 @@
- 1.6.29