diff --git a/charts/nextcloud/1.6.29/.helmignore b/charts/nextcloud/1.6.29/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/charts/nextcloud/1.6.29/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/nextcloud/1.6.29/Chart.lock b/charts/nextcloud/1.6.29/Chart.lock new file mode 100644 index 0000000000..2cf39f5f09 --- /dev/null +++ b/charts/nextcloud/1.6.29/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common/2304.0.1 + version: 2304.0.1 +digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670 +generated: "2023-04-24T13:40:41.468936547+03:00" diff --git a/charts/nextcloud/1.6.29/Chart.yaml b/charts/nextcloud/1.6.29/Chart.yaml new file mode 100644 index 0000000000..fea44c9895 --- /dev/null +++ b/charts/nextcloud/1.6.29/Chart.yaml @@ -0,0 +1,30 @@ +name: nextcloud +description: A file sharing server that puts the control and security of your own + data back into your hands. +annotations: + title: Nextcloud +type: application +version: 1.6.29 +apiVersion: v2 +appVersion: 26.0.2 +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ + email: dev@ixsystems.com +dependencies: + - name: common + repository: file://../../../common/2304.0.1 + version: 2304.0.1 +home: https://nextcloud.com/ +icon: https://cdn.rawgit.com/docker-library/docs/defa5ffc7123177acd60ddef6e16bddf694cc35f/nextcloud/logo.svg +sources: + - https://github.com/nextcloud/docker + - https://github.com/nextcloud/helm + - https://github.com/truenas/charts/tree/master/library/ix-dev/charts/nextcloud +keywords: + - nextcloud + - storage + - http + - web + - php diff --git a/charts/nextcloud/1.6.29/README.md b/charts/nextcloud/1.6.29/README.md new file mode 100644 index 0000000000..28f3c66405 --- /dev/null +++ b/charts/nextcloud/1.6.29/README.md @@ -0,0 +1,11 @@ +# nextcloud + +[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands. + +## Introduction + +This chart bootstraps an [nextcloud](https://hub.docker.com/_/nextcloud/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Configuration + +Please refer to questions.yaml for a detailed overview on supported configurable values. diff --git a/charts/nextcloud/1.6.29/app-readme.md b/charts/nextcloud/1.6.29/app-readme.md new file mode 100644 index 0000000000..f2e78c31f9 --- /dev/null +++ b/charts/nextcloud/1.6.29/app-readme.md @@ -0,0 +1,3 @@ +# nextcloud + +[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands. diff --git a/charts/nextcloud/1.6.29/charts/common-2304.0.1.tgz b/charts/nextcloud/1.6.29/charts/common-2304.0.1.tgz new file mode 100644 index 0000000000..217c5d97c6 Binary files /dev/null and b/charts/nextcloud/1.6.29/charts/common-2304.0.1.tgz differ diff --git a/charts/nextcloud/1.6.29/ci/test-values.yaml b/charts/nextcloud/1.6.29/ci/test-values.yaml new file mode 100644 index 0000000000..a8926c1719 --- /dev/null +++ b/charts/nextcloud/1.6.29/ci/test-values.yaml @@ -0,0 +1,36 @@ +appVolumeMounts: + nextcloud-data: + emptyDir: true + mountPath: /var/www +cronjob: + enabled: false + schedule: 1 */24 * * * +dnsConfig: + options: [] +emptyDirVolumes: true +environmentVariables: [] +ixChartContext: {} +nextcloud: + datadir: /var/www/html/data + host: nextcloud.kube.home + install_ffmpeg: true + password: changeme + username: admin +postgresAppVolumeMounts: + postgres-backup: + emptyDir: true + mountPath: /postgres_backups + postgres-data: + emptyDir: true + mountPath: /var/lib/postgresql/data +postgresql: + backupVolume: + datasetName: ix-postgres_backups + mountPath: /postgres_backups + dataVolume: + datasetName: ix-postgres_data + mountPath: /var/lib/postgresql/data +service: + nodePort: 31000 +updateStrategy: Recreate +useServiceNameForHost: true diff --git a/charts/nextcloud/1.6.29/ix_values.yaml b/charts/nextcloud/1.6.29/ix_values.yaml new file mode 100644 index 0000000000..1824725da1 --- /dev/null +++ b/charts/nextcloud/1.6.29/ix_values.yaml @@ -0,0 +1,10 @@ +image: + pullPolicy: IfNotPresent + repository: nextcloud + tag: 26.0.2 +nginx: + image: + pullPolicy: IfNotPresent + repository: nginx + tag: 1.23.3 +useServiceNameForHost: false diff --git a/charts/nextcloud/1.6.29/metadata.yaml b/charts/nextcloud/1.6.29/metadata.yaml new file mode 100644 index 0000000000..a0c2282029 --- /dev/null +++ b/charts/nextcloud/1.6.29/metadata.yaml @@ -0,0 +1,46 @@ +runAsContext: + - userName: root + groupName: root + gid: 0 + uid: 0 + description: Nextcloud runs as root user. + - userName: root + groupName: root + gid: 0 + uid: 0 + description: Postgres runs as root user. + - userName: root + groupName: root + gid: 0 + uid: 0 + description: Nginx runs as root user. (Nginx only runs when certificate is provided) +capabilities: + - name: CHOWN + description: Nextcloud, Nginx and Postgres are able to chown files. + - name: FOWNER + description: Nextcloud, Nginx and Postgres are able to bypass permission checks for it's sub-processes. + - name: SYS_CHROOT + description: Nextcloud, Nginx and Postgres are able to use chroot. + - name: MKNOD + description: Nextcloud, Nginx and Postgres are able to create device nodes. + - name: DAC_OVERRIDE + description: Nextcloud, Nginx and Postgres are able to bypass permission checks. + - name: FSETID + description: Nextcloud, Nginx and Postgres are able to set file capabilities. + - name: KILL + description: Nextcloud, Nginx and Postgres are able to kill processes. + - name: SETGID + description: Nextcloud, Nginx and Postgres are able to set group ID for it's sub-processes. + - name: SETUID + description: Nextcloud, Nginx and Postgres are able to set user ID for it's sub-processes. + - name: SETPCAP + description: Nextcloud, Nginx and Postgres are able to set process capabilities. + - name: NET_BIND_SERVICE + description: Nextcloud, Nginx and Postgres are able to bind to privileged ports. + - name: SETFCAP + description: Nextcloud, Nginx and Postgres are able to set file capabilities. + - name: NET_RAW + description: Nextcloud, Nginx and Postgres are able to use raw sockets. + - name: AUDIT_WRITE + description: Nextcloud, Nginx and Postgres are able to write to audit log. +hostMounts: [] diff --git a/charts/nextcloud/1.6.29/migrations/migrate_from_1.1.0 b/charts/nextcloud/1.6.29/migrations/migrate_from_1.1.0 new file mode 100755 index 0000000000..1977bf3806 --- /dev/null +++ b/charts/nextcloud/1.6.29/migrations/migrate_from_1.1.0 @@ -0,0 +1,26 @@ +#!/usr/bin/python3 +import json +import os +import sys + + +def migrate(values): + values.update({ + 'appVolumeMounts': { + 'nextcloud-data': { + 'hostPathEnabled': values['nextcloudDataHostPathEnabled'], + **({'hostPath': values['nextcloudHostPath']} if values.get('nextcloudHostPath') else {}) + }, + }, + 'updateStrategy': values.get('nextcloud').get('strategy', 'Recreate'), + }) + return values + + +if __name__ == '__main__': + if len(sys.argv) != 2: + exit(1) + + if os.path.exists(sys.argv[1]): + with open(sys.argv[1], 'r') as f: + print(json.dumps(migrate(json.loads(f.read())))) diff --git a/charts/nextcloud/1.6.29/questions.yaml b/charts/nextcloud/1.6.29/questions.yaml new file mode 100644 index 0000000000..923794df22 --- /dev/null +++ b/charts/nextcloud/1.6.29/questions.yaml @@ -0,0 +1,356 @@ +groups: + - name: "Container Images" + description: "Image to be used for container" + - name: "Nextcloud Configuration" + description: "Configuration details for Nextcloud workload" + - name: "Storage" + description: "Configure Storage for Nextcloud" + - name: "Container Configuration" + description: "Configure nextcloud container parameters" + - name: "Postgresql Configuration" + description: "Configure Postgresql for nextcloud" + - name: "CronJob configuration" + description: "Configure CronJob for nextcloud" + - name: "Scaling/Upgrade Policy" + description: "Configure how pods are replaced when configuration is upgraded" + - name: "Advanced DNS Settings" + description: "Configure DNS settings" + - name: "Resource Limits" + description: "Set CPU/memory limits for Kubernetes Pod" + + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_nginx-configuration_protocol" + host: + - "$variable-nextcloud.host" + ports: + - "$variable-service.nodePort" + +questions: + + - variable: dnsConfig + label: "DNS Configuration" + group: "Advanced DNS Settings" + schema: + type: dict + attrs: + - variable: options + label: "DNS Options" + schema: + type: list + items: + - variable: optionsEntry + label: "Option Entry Configuration" + schema: + type: dict + attrs: + - variable: name + label: "Option Name" + schema: + type: string + required: true + - variable: value + label: "Option Value" + schema: + type: string + required: true + + - variable: certificate + description: "Configure Certificate for Nextcloud" + label: "Certificate Configuration" + group: "Nextcloud Configuration" + schema: + type: int + $ref: + - "definitions/certificate" + + - variable: nextcloud + description: "Nextcloud configuration details" + label: "Nextcloud Configuration" + group: "Nextcloud Configuration" + schema: + type: dict + required: true + additional_attrs: true + attrs: + - variable: host + description: "Nextcloud host to create application URLs" + label: "Nextcloud host" + schema: + type: string + $ref: + - "definitions/nodeIP" + - variable: username + label: "Username" + description: "Name of the Nextcloud admin user" + schema: + type: string + default: "admin" + required: true + - variable: password + label: "Password" + description: "Password for the Nextcloud admin user" + schema: + type: string + private: true + default: "changeme" + required: true + - variable: datadir + label: "Nextcloud data directory" + description: "Configures the data directory where nextcloud stores all files from the users" + schema: + type: path + default: "/var/www/html/data" + required: true + - variable: install_ffmpeg + label: "Install ffmpeg" + description: "Automatically Install ffmpeg when the container starts" + schema: + type: boolean + default: false + + - variable: cronjob + description: "Setup cronjob for nextcloud" + label: "Setup cronjob for nextcloud" + group: "CronJob configuration" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable cronjobs for nextcloud" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: schedule + label: Schedule + schema: + type: string + default: "1 */24 * * *" + empty: false + + # Update strategy + - variable: updateStrategy + description: "Upgrade Policy" + label: "Update Strategy" + group: "Scaling/Upgrade Policy" + schema: + type: string + default: "Recreate" + enum: + - value: "RollingUpdate" + description: "Create new pods and then kill old ones" + - value: "Recreate" + description: "Kill existing pods before creating new ones" + + - variable: service + description: "Nextcloud Service Configuration" + label: "Nextcloud Service Configuration" + group: "Nextcloud Configuration" + schema: + type: dict + required: true + attrs: + - variable: nodePort + label: "Node Port to use for Nextcloud" + schema: + type: int + min: 9000 + max: 65535 + default: 9001 + required: true + + - variable: appVolumeMounts + label: "Nextcloud Storage" + group: "Storage" + schema: + type: dict + attrs: + - variable: nextcloud-data + label: "Nextcloud Data Volume" + schema: + type: dict + attrs: + - variable: datasetName + label: "Nextcloud Data Volume Name" + schema: + type: string + hidden: true + $ref: + - "normalize/ixVolume" + show_if: [["hostPathEnabled", "=", false]] + default: "ix-nextcloud_data" + editable: false + - variable: mountPath + label: "Nextcloud Data Mount Path" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + hidden: true + editable: false + default: "/var/www" + - variable: hostPathEnabled + label: "Enable Host Path for Nextcloud Data Volume" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostPath + label: "Host Path for Nextcloud Data Volume" + schema: + type: hostpath + required: true + + - variable: extraAppVolumeMounts + label: "Nextcloud Extra Host Path Volumes" + group: "Storage" + schema: + type: list + items: + - variable: extraAppVolume + label: "Nextcloud Host Path Volume" + description: "Add an extra host path volume for nextcloud application" + schema: + type: dict + attrs: + - variable: mountPath + label: "Mount Path in Pod" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + required: true + - variable: hostPath + label: "Host Path" + description: "Host path" + schema: + type: hostpath + required: true + + - variable: postgresAppVolumeMounts + label: "Postgres Storage" + group: "Storage" + schema: + type: dict + attrs: + - variable: postgres-data + label: "Postgres Data Volume" + schema: + type: dict + attrs: + - variable: datasetName + label: "Postgres Data Volume Name" + schema: + type: string + hidden: true + $ref: + - "normalize/ixVolume" + default: "ix-postgres_data" + show_if: [["hostPathEnabled", "=", false]] + editable: false + + - variable: mountPath + label: "Postgresql Data Mount Path" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + hidden: true + editable: false + default: "/var/lib/postgresql/data" + - variable: hostPathEnabled + label: "Enable Host Path for Postgres Data Volume" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostPath + label: "Host Path for Postgres Data Volume" + schema: + type: hostpath + required: true + + - variable: postgres-backup + label: "Postgres Backup Volume" + schema: + type: dict + attrs: + - variable: datasetName + label: "Postgres Backup Volume Name" + schema: + type: string + hidden: true + $ref: + - "normalize/ixVolume" + default: "ix-postgres_backups" + show_if: [["hostPathEnabled", "=", false]] + editable: false + - variable: mountPath + label: "Postgresql Backup Mount Path" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + hidden: true + editable: false + default: "/postgres_backups" + - variable: hostPathEnabled + label: "Enable Host Path for Postgres Backup Volume" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostPath + label: "Host Path for Postgres Backup Volume" + schema: + type: hostpath + required: true + + - variable: enableResourceLimits + label: "Enable Pod resource limits" + group: "Resource Limits" + schema: + type: boolean + default: false + - variable: cpuLimit + label: "CPU Limresource limitsit" + description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100." + group: "Resource Limits" + schema: + type: string + show_if: [["enableResourceLimits", "=", true]] + valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)" + default: "4000m" + - variable: memLimit + label: "Memory Limit" + group: "Resource Limits" + description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi" + schema: + type: string + show_if: [["enableResourceLimits", "=", true]] + valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + default: "8Gi" + + - variable: environmentVariables + label: "Nextcloud environment" + group: "Nextcloud Configuration" + schema: + type: list + default: [] + items: + - variable: environmentVariable + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string diff --git a/charts/nextcloud/1.6.29/templates/NOTES.txt b/charts/nextcloud/1.6.29/templates/NOTES.txt new file mode 100644 index 0000000000..9b2f7cd2d1 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/NOTES.txt @@ -0,0 +1,3 @@ +1. Get the nextcloud URL by running: + + echo http://{{ .Values.nextcloud.host }}:{{ .Values.service.nodePort }}/ diff --git a/charts/nextcloud/1.6.29/templates/_nginx.tpl b/charts/nextcloud/1.6.29/templates/_nginx.tpl new file mode 100644 index 0000000000..8adb9d9429 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/_nginx.tpl @@ -0,0 +1,79 @@ +{{/* +Retrieve true/false if certificate is configured +*/}} +{{- define "nginx.certAvailable" -}} +{{- if .Values.certificate -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{- template "common.resources.cert_present" $values -}} +{{- else -}} +{{- false -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve public key of certificate +*/}} +{{- define "nginx.cert.publicKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve private key of certificate +*/}} +{{- define "nginx.cert.privateKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve configured protocol scheme for nextcloud +*/}} +{{- define "nginx.scheme" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +{{- print "https" -}} +{{- else -}} +{{- print "http" -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve nginx certificate secret name +*/}} +{{- define "nginx.secretName" -}} +{{- print "nginx-secret" -}} +{{- end -}} + + +{{/* +Formats volumeMount for tls keys and trusted certs +*/}} +{{- define "nginx.tlsKeysVolumeMount" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +- name: cert-secret-volume + mountPath: "/etc/nginx-certs" +{{- end -}} +{{- end -}} + +{{/* +Formats volume for tls keys and trusted certs +*/}} +{{- define "nginx.tlsKeysVolume" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +- name: cert-secret-volume + secret: + secretName: {{ include "nginx.secretName" . }} + items: + - key: certPublicKey + path: public.crt + - key: certPrivateKey + path: private.key +{{- end -}} +{{- end -}} diff --git a/charts/nextcloud/1.6.29/templates/_postgres.tpl b/charts/nextcloud/1.6.29/templates/_postgres.tpl new file mode 100644 index 0000000000..0cdfc8b015 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/_postgres.tpl @@ -0,0 +1,49 @@ +{{/* +Get Nextloud Postgres Database Name +*/}} +{{- define "postgres.DatabaseName" -}} +{{- print "nextcloud" -}} +{{- end -}} + + +{{- define "postgres.imageName" -}} +{{- print "postgres:13.1" -}} +{{- end -}} + + +{{/* +Retrieve postgres backup name +This will return a unique name based on revision and chart numbers specified. +*/}} +{{- define "postgres.backupName" -}} +{{- $upgradeDict := .Values.ixChartContext.upgradeMetadata -}} +{{- printf "postgres-backup-from-%s-to-%s-revision-%d" $upgradeDict.oldChartVersion $upgradeDict.newChartVersion (int64 $upgradeDict.preUpgradeRevision) -}} +{{- end }} + + +{{/* +Retrieve postgres credentials for environment variables configuration +*/}} +{{- define "postgres.envVariableConfiguration" -}} +{{ $envList := list }} +{{ $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-user") }} +{{ $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-password") }} +{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) }} +{{- end -}} + + +{{/* +Retrieve postgres volume configuration +*/}} +{{- define "postgres.volumeConfiguration" -}} +{{ include "common.storage.configureAppVolumes" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts "emptyDirVolumes" .Values.emptyDirVolumes "ixVolumes" .Values.ixVolumes) | nindent 0 }} +{{- end -}} + + +{{/* +Retrieve postgres volume mounts configuration +*/}} +{{- define "postgres.volumeMountsConfiguration" -}} +{{ include "common.storage.configureAppVolumeMountsInContainer" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts ) | nindent 0 }} +{{- end -}} + diff --git a/charts/nextcloud/1.6.29/templates/backup-postgres-config.yaml b/charts/nextcloud/1.6.29/templates/backup-postgres-config.yaml new file mode 100644 index 0000000000..c9ccf66dba --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/backup-postgres-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "postgres-backup-hook-config-map" + annotations: + rollme: {{ randAlphaNum 5 | quote }} +data: + entrypoint.sh: |- + #!/bin/sh + cmd="/docker-entrypoint.sh postgres" + eval "${cmd}" & disown; + until pg_isready; do + sleep 5; + done; + pg_dump -U $POSTGRES_USER -d {{ template "postgres.DatabaseName" . }} > /postgres_backups/$BACKUP_NAME; diff --git a/charts/nextcloud/1.6.29/templates/backup-postgres-hook.yaml b/charts/nextcloud/1.6.29/templates/backup-postgres-hook.yaml new file mode 100644 index 0000000000..175b0f2617 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/backup-postgres-hook.yaml @@ -0,0 +1,39 @@ +{{- if .Values.ixChartContext.isUpgrade -}} +{{ $values := (. | mustDeepCopy) }} +{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "pre-upgrade-hook2" + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded + rollme: {{ randAlphaNum 5 | quote }} +spec: + template: + metadata: + name: "pre-upgrade-hook2" + spec: + restartPolicy: Never + serviceAccountName: "{{ template "common.names.serviceAccountName" . }}" + containers: + - name: {{ .Chart.Name }}-postgres-backup + image: {{ template "postgres.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }} + - name: BACKUP_NAME + value: {{ template "postgres.backupName" . }} + volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }} + - name: backup-script-configmap + mountPath: /bin/backup_entrypoint.sh + readOnly: true + subPath: entrypoint.sh + command: + - "/bin/backup_entrypoint.sh" + volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }} + - name: backup-script-configmap + configMap: + defaultMode: 0700 + name: "postgres-backup-hook-config-map" +{{- end -}} diff --git a/charts/nextcloud/1.6.29/templates/cronjob.yaml b/charts/nextcloud/1.6.29/templates/cronjob.yaml new file mode 100644 index 0000000000..2d3b650700 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/cronjob.yaml @@ -0,0 +1,49 @@ +{{ $cronjob_values := (. | mustDeepCopy) }} +{{ $_ := set $cronjob_values "common" (dict "nameSuffix" "cronjob") }} + +{{ $hostName := .Values.nextcloud.host }} +{{ if .Values.useServiceNameForHost }} +{{ $hostName = (include "common.names.fullname" .) }} +{{ end }} + +{{if .Values.cronjob.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ template "common.names.fullname" $cronjob_values }} + labels: + app: {{ template "common.names.name" $cronjob_values }} + chart: {{ template "common.names.chart" $cronjob_values }} + release: {{ .Release.Name }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 2 + successfulJobsHistoryLimit: 1 + jobTemplate: + metadata: + labels: + app: {{ template "common.names.name" $cronjob_values }} + release: {{ .Release.Name }} + {{- include "common.labels.selectorLabels" $cronjob_values | nindent 8 }} + spec: + template: + metadata: + labels: + app: {{ template "common.names.name" $cronjob_values }} + release: {{ .Release.Name }} + {{- include "common.labels.selectorLabels" $cronjob_values | nindent 12 }} + spec: + restartPolicy: Never + containers: + - name: {{ .Chart.Name }}-cronjob + image: "{{.Values.image.repository }}:{{.Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.certificate }} + command: [ "curl" ,"-k" , "https://{{ $hostName }}:{{.Values.service.nodePort}}/cron.php"] + {{- else }} + command: [ "curl" , "http://{{ $hostName }}:{{.Values.service.nodePort}}/cron.php"] + {{- end }} +{{ end }} diff --git a/charts/nextcloud/1.6.29/templates/deployment.yaml b/charts/nextcloud/1.6.29/templates/deployment.yaml new file mode 100644 index 0000000000..fc88cd52e3 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/deployment.yaml @@ -0,0 +1,202 @@ +{{ include "common.storage.hostPathValidate" .Values }} +{{ $postgres_values := (. | mustDeepCopy) }} +{{ $_ := set $postgres_values "common" (dict "nameSuffix" "postgres") }} +{{ include "common.deployment.common_config" . | nindent 0 }} +spec: {{ include "common.deployment.common_spec" . | nindent 2 }} + template: {{ include "common.deployment.pod.metadata" . | nindent 4 }} + spec: + initContainers: + - name: init-postgresdb + image: {{ template "postgres.imageName" . }} + command: ['sh', '-c', "until pg_isready -U $POSTGRES_USER -d {{ include "postgres.DatabaseName" .Values }} -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }} + + containers: + {{ if eq (include "nginx.certAvailable" .) "true" }} + - name: nginx + {{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }} + volumeMounts: + - name: nginx-configuration + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + {{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }} + ports: + - name: nginx-http + containerPort: 8000 + protocol: TCP + - name: nginx-https + containerPort: 443 + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTPS + path: /status.php + port: 443 + httpHeaders: + - name: Host + value: localhost + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + readinessProbe: + httpGet: + scheme: HTTPS + path: /status.php + port: 443 + httpHeaders: + - name: Host + value: localhost + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 2 + startupProbe: + httpGet: + scheme: HTTPS + path: /status.php + port: 443 + httpHeaders: + - name: Host + value: localhost + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 2 + failureThreshold: 60 + successThreshold: 1 + {{ end }} + - name: {{ .Chart.Name }} + {{ include "common.resources.limitation" . | nindent 8 }} + {{ include "common.containers.imageConfig" .Values.image | nindent 8 }} + env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }} + {{ $secretName := (include "common.names.fullname" .) }} + {{ $envList := (default list .Values.environmentVariables) }} + {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }} + {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }} + {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }} + {{ if eq (include "nginx.certAvailable" .) "true" }} + {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }} + {{ if and .Values.nextcloud.host .Values.service.nodePort }} + {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }} + {{ end }} + {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }} + {{ $envList = mustAppend $envList (dict "name" "TRUSTED_PROXIES" "value" "127.0.0.1") }} + {{ end }} + {{ $hostName := .Values.nextcloud.host }} + {{ if .Values.useServiceNameForHost }} + {{ $hostName = (include "common.names.fullname" .) }} + {{ end }} + {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" $hostName) }} + {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }} + {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }} + {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: /status.php + port: http + httpHeaders: + - name: Host + value: localhost + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + readinessProbe: + httpGet: + path: /status.php + port: http + httpHeaders: + - name: Host + value: localhost + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + startupProbe: + {{- if .Values.nextcloud.install_ffmpeg }} + exec: + command: + - /bin/sh + - -c + - | + command -v ffmpeg /dev/null 2>&1 || exit 1 + {{- else }} + httpGet: + path: /status.php + port: http + httpHeaders: + - name: Host + value: localhost + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + volumeMounts: + - name: nextcloud-data + mountPath: /var/www/ + subPath: "root" + - name: nextcloud-data + mountPath: /var/www/html + subPath: "html" + - name: nextcloud-data + mountPath: {{ .Values.nextcloud.datadir }} + subPath: "data" + - name: nextcloud-data + mountPath: /var/www/html/config + subPath: "config" + - name: nextcloud-data + mountPath: /var/www/html/custom_apps + subPath: "custom_apps" + - name: nextcloud-data + mountPath: /var/www/tmp + subPath: "tmp" + - name: nextcloud-data + mountPath: /var/www/html/themes + subPath: "themes" + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + mountPath: {{ $hostPathConfiguration.mountPath }} + {{ end }} + {{- if .Values.nextcloud.install_ffmpeg }} + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - | + echo "Installing ffmpeg..." + apt update && \ + apt install -y --no-install-recommends \ + ffmpeg || echo "Failed to install ffmpeg" + echo "Finished." + {{- end }} +{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} + volumes: + - name: nginx-configuration + configMap: + defaultMode: 0700 + name: "nginx-configuration" +{{ include "nginx.tlsKeysVolume" . | nindent 8 }} +{{ if .Values.appVolumeMounts }} +{{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} +{{ end }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + hostPath: + path: {{ $hostPathConfiguration.hostPath }} + {{ end }} + # Will mount configuration files as www-data (id: 33) for nextcloud + securityContext: + fsGroup: 33 diff --git a/charts/nextcloud/1.6.29/templates/nginx-configmap.yaml b/charts/nextcloud/1.6.29/templates/nginx-configmap.yaml new file mode 100644 index 0000000000..a10f4bde6d --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/nginx-configmap.yaml @@ -0,0 +1,67 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "nginx-configuration" +data: + protocol: {{ include "nginx.scheme" . }} + nginx.conf: |- + events {} + http { + # redirects all http requests to https requests + server { + listen 8000 default_server; + listen [::]:8000 default_server; + return 301 https://$host$request_uri; + } + + server { + server_name localhost; + + listen 443 ssl http2; + listen [::]:433 ssl http2; + + ssl_certificate '/etc/nginx-certs/public.crt'; + ssl_certificate_key '/etc/nginx-certs/private.key'; + + # maximum 3GB Upload File; change to fit your needs + client_max_body_size 3G; + + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location / { + proxy_pass http://localhost; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_request_buffering off; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + # Proxy timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + } diff --git a/charts/nextcloud/1.6.29/templates/nginx-secret.yaml b/charts/nextcloud/1.6.29/templates/nginx-secret.yaml new file mode 100644 index 0000000000..978441509f --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/nginx-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "nginx.secretName" . }} +type: Opaque +data: + {{ if eq (include "nginx.certAvailable" .) "true" }} + certPublicKey: {{ (include "nginx.cert.publicKey" .) | toString | b64enc | quote }} + certPrivateKey: {{ (include "nginx.cert.privateKey" .) | toString | b64enc | quote }} + {{ end }} diff --git a/charts/nextcloud/1.6.29/templates/nuke-deployments-hook.yaml b/charts/nextcloud/1.6.29/templates/nuke-deployments-hook.yaml new file mode 100644 index 0000000000..218ea00220 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/nuke-deployments-hook.yaml @@ -0,0 +1,24 @@ +{{- if .Values.ixChartContext.isUpgrade -}} +{{ $values := (. | mustDeepCopy) }} +{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "pre-upgrade-hook1" + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "-1" + "helm.sh/hook-delete-policy": hook-succeeded + rollme: {{ randAlphaNum 5 | quote }} +spec: + template: + metadata: + name: "pre-upgrade-hook1" + spec: + restartPolicy: Never + serviceAccountName: "{{ template "common.names.serviceAccountName" . }}" + containers: + - name: kubectl + image: "bitnami/kubectl:1.19" + command: ["kubectl", "delete" , "deployment", "{{ template "common.names.fullname" . }}", "{{ template "common.names.fullname" $values }}"] +{{- end -}} diff --git a/charts/nextcloud/1.6.29/templates/postgres-deployment.yaml b/charts/nextcloud/1.6.29/templates/postgres-deployment.yaml new file mode 100644 index 0000000000..b91bb90bd7 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/postgres-deployment.yaml @@ -0,0 +1,50 @@ +{{ $values := (. | mustDeepCopy) }} +{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }} +{{ include "common.deployment.common_config" $values | nindent 0 }} +spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} + template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }} + spec: + containers: + - name: {{ .Chart.Name }}-postgres + image: {{ template "postgres.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }} + volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }} + ports: + - name: postgres-tcp + containerPort: 5432 + protocol: TCP + readinessProbe: + exec: + command: + - sh + - -c + - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done" + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 2 + livenessProbe: + exec: + command: + - sh + - -c + - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done" + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 + startupProbe: + exec: + command: + - sh + - -c + - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done" + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 2 + failureThreshold: 60 + successThreshold: 1 + volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }} diff --git a/charts/nextcloud/1.6.29/templates/postgres-secret.yaml b/charts/nextcloud/1.6.29/templates/postgres-secret.yaml new file mode 100644 index 0000000000..2ebc8b9b17 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/postgres-secret.yaml @@ -0,0 +1,22 @@ +{{- $secretName := "db-details" }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +data: + {{/* + Lookup for the user shouldn't be needed in normal circumstances + But there was a typo before that resulted to a db-user with weird + characters. So to keep that user for existing installations we retrieve + it from the existing secret. + */}} + {{ with (lookup "v1" "Secret" .Release.Namespace $secretName)}} + db-user: {{ index .data "db-user" }} + {{ else }} + db-user: {{ (include "postgres.DatabaseName" .Values ) | b64enc }} + {{ end }} + {{ with (lookup "v1" "Secret" .Release.Namespace $secretName) }} + db-password: {{ index .data "db-password" }} + {{ else }} + db-password: {{ randAlphaNum 15 | b64enc }} + {{ end }} diff --git a/charts/nextcloud/1.6.29/templates/postgres-service.yaml b/charts/nextcloud/1.6.29/templates/postgres-service.yaml new file mode 100644 index 0000000000..c6603fd62b --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/postgres-service.yaml @@ -0,0 +1,6 @@ +{{ $ports := list }} +{{ $ports = mustAppend $ports (dict "name" "postgres-tcp" "port" 5432 "targetPort" 5432) }} +{{ $values := (. | mustDeepCopy) }} +{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }} +{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }} +{{ include "common.classes.service" $values }} diff --git a/charts/nextcloud/1.6.29/templates/secrets.yaml b/charts/nextcloud/1.6.29/templates/secrets.yaml new file mode 100644 index 0000000000..eb992940b3 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{ include "common.labels" . | nindent 4 }} +type: Opaque +data: + nextcloud-username: {{ .Values.nextcloud.username | b64enc | quote }} + {{ if .Values.nextcloud.password }} + nextcloud-password: {{ .Values.nextcloud.password | b64enc | quote }} + {{ else }} + nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} diff --git a/charts/nextcloud/1.6.29/templates/service.yaml b/charts/nextcloud/1.6.29/templates/service.yaml new file mode 100644 index 0000000000..14c751eada --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/service.yaml @@ -0,0 +1,10 @@ +{{ $svc := .Values.service }} +{{ $ports := list }} +{{ if eq (include "nginx.certAvailable" .) "true" }} +{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" 443 "port" 443 "nodePort" $svc.nodePort) }} +{{ else }} +{{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }} +{{ end }} +{{ $params := . }} +{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} +{{ include "common.classes.service" $params }} diff --git a/charts/nextcloud/1.6.29/templates/serviceaccount.yaml b/charts/nextcloud/1.6.29/templates/serviceaccount.yaml new file mode 100644 index 0000000000..48213465b0 --- /dev/null +++ b/charts/nextcloud/1.6.29/templates/serviceaccount.yaml @@ -0,0 +1,35 @@ +{{ include "common.serviceaccount" . | nindent 0 }} + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-service-account-role-binding" +subjects: +- kind: ServiceAccount + name: "{{ template "common.names.serviceAccountName" . }}" + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: "{{ .Release.Name }}-service-account-role" + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-service-account-role" + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + - "apps" + resources: + - pods + - deployments + verbs: + - delete + - get + - list diff --git a/library/ix-dev/charts/nextcloud/to_keep_versions.yaml b/library/ix-dev/charts/nextcloud/to_keep_versions.yaml new file mode 100644 index 0000000000..8a364b8f63 --- /dev/null +++ b/library/ix-dev/charts/nextcloud/to_keep_versions.yaml @@ -0,0 +1 @@ +- 1.6.29