From 12efaafa91ba6c6c3ba394533adf0e131b677376 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Mon, 11 Oct 2021 18:06:18 +0500 Subject: [PATCH 1/8] Update nextcloud application version --- test/nextcloud/{1.3.5 => 1.3.6}/.helmignore | 0 test/nextcloud/{1.3.5 => 1.3.6}/Chart.lock | 0 test/nextcloud/{1.3.5 => 1.3.6}/Chart.yaml | 2 +- test/nextcloud/{1.3.5 => 1.3.6}/README.md | 0 test/nextcloud/{1.3.5 => 1.3.6}/app-readme.md | 0 .../{1.3.5 => 1.3.6}/charts/common-2105.0.0.tgz | Bin test/nextcloud/{1.3.5 => 1.3.6}/default_values.yaml | 0 test/nextcloud/{1.3.5 => 1.3.6}/ix_values.yaml | 0 .../{1.3.5 => 1.3.6}/migrations/migrate_from_1.1.0 | 0 test/nextcloud/{1.3.5 => 1.3.6}/questions.yaml | 0 test/nextcloud/{1.3.5 => 1.3.6}/templates/NOTES.txt | 0 .../{1.3.5 => 1.3.6}/templates/_postgres.tpl | 0 .../templates/backup-postgres-config.yaml | 0 .../templates/backup-postgres-hook.yaml | 0 .../{1.3.5 => 1.3.6}/templates/deployment.yaml | 0 .../templates/nuke-deployments-hook.yaml | 0 .../templates/postgres-deployment.yaml | 0 .../{1.3.5 => 1.3.6}/templates/postgres-secret.yaml | 0 .../templates/postgres-service.yaml | 0 .../{1.3.5 => 1.3.6}/templates/secrets.yaml | 0 .../{1.3.5 => 1.3.6}/templates/service.yaml | 0 .../{1.3.5 => 1.3.6}/templates/serviceaccount.yaml | 0 test/nextcloud/{1.3.5 => 1.3.6}/test_values.yaml | 0 test/nextcloud/{1.3.5 => 1.3.6}/values.yaml | 0 24 files changed, 1 insertion(+), 1 deletion(-) rename test/nextcloud/{1.3.5 => 1.3.6}/.helmignore (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/Chart.lock (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/Chart.yaml (97%) rename test/nextcloud/{1.3.5 => 1.3.6}/README.md (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/app-readme.md (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/charts/common-2105.0.0.tgz (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/default_values.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/ix_values.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/migrations/migrate_from_1.1.0 (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/questions.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/NOTES.txt (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/_postgres.tpl (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/backup-postgres-config.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/backup-postgres-hook.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/deployment.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/nuke-deployments-hook.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/postgres-deployment.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/postgres-secret.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/postgres-service.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/secrets.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/service.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/templates/serviceaccount.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/test_values.yaml (100%) rename test/nextcloud/{1.3.5 => 1.3.6}/values.yaml (100%) diff --git a/test/nextcloud/1.3.5/.helmignore b/test/nextcloud/1.3.6/.helmignore similarity index 100% rename from test/nextcloud/1.3.5/.helmignore rename to test/nextcloud/1.3.6/.helmignore diff --git a/test/nextcloud/1.3.5/Chart.lock b/test/nextcloud/1.3.6/Chart.lock similarity index 100% rename from test/nextcloud/1.3.5/Chart.lock rename to test/nextcloud/1.3.6/Chart.lock diff --git a/test/nextcloud/1.3.5/Chart.yaml b/test/nextcloud/1.3.6/Chart.yaml similarity index 97% rename from test/nextcloud/1.3.5/Chart.yaml rename to test/nextcloud/1.3.6/Chart.yaml index 39d566acc9..c0d4a5abce 100644 --- a/test/nextcloud/1.3.5/Chart.yaml +++ b/test/nextcloud/1.3.6/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/nextcloud/docker - https://github.com/nextcloud/helm upstream_version: 2.3.2 -version: 1.3.5 +version: 1.3.6 diff --git a/test/nextcloud/1.3.5/README.md b/test/nextcloud/1.3.6/README.md similarity index 100% rename from test/nextcloud/1.3.5/README.md rename to test/nextcloud/1.3.6/README.md diff --git a/test/nextcloud/1.3.5/app-readme.md b/test/nextcloud/1.3.6/app-readme.md similarity index 100% rename from test/nextcloud/1.3.5/app-readme.md rename to test/nextcloud/1.3.6/app-readme.md diff --git a/test/nextcloud/1.3.5/charts/common-2105.0.0.tgz b/test/nextcloud/1.3.6/charts/common-2105.0.0.tgz similarity index 100% rename from test/nextcloud/1.3.5/charts/common-2105.0.0.tgz rename to test/nextcloud/1.3.6/charts/common-2105.0.0.tgz diff --git a/test/nextcloud/1.3.5/default_values.yaml b/test/nextcloud/1.3.6/default_values.yaml similarity index 100% rename from test/nextcloud/1.3.5/default_values.yaml rename to test/nextcloud/1.3.6/default_values.yaml diff --git a/test/nextcloud/1.3.5/ix_values.yaml b/test/nextcloud/1.3.6/ix_values.yaml similarity index 100% rename from test/nextcloud/1.3.5/ix_values.yaml rename to test/nextcloud/1.3.6/ix_values.yaml diff --git a/test/nextcloud/1.3.5/migrations/migrate_from_1.1.0 b/test/nextcloud/1.3.6/migrations/migrate_from_1.1.0 similarity index 100% rename from test/nextcloud/1.3.5/migrations/migrate_from_1.1.0 rename to test/nextcloud/1.3.6/migrations/migrate_from_1.1.0 diff --git a/test/nextcloud/1.3.5/questions.yaml b/test/nextcloud/1.3.6/questions.yaml similarity index 100% rename from test/nextcloud/1.3.5/questions.yaml rename to test/nextcloud/1.3.6/questions.yaml diff --git a/test/nextcloud/1.3.5/templates/NOTES.txt b/test/nextcloud/1.3.6/templates/NOTES.txt similarity index 100% rename from test/nextcloud/1.3.5/templates/NOTES.txt rename to test/nextcloud/1.3.6/templates/NOTES.txt diff --git a/test/nextcloud/1.3.5/templates/_postgres.tpl b/test/nextcloud/1.3.6/templates/_postgres.tpl similarity index 100% rename from test/nextcloud/1.3.5/templates/_postgres.tpl rename to test/nextcloud/1.3.6/templates/_postgres.tpl diff --git a/test/nextcloud/1.3.5/templates/backup-postgres-config.yaml b/test/nextcloud/1.3.6/templates/backup-postgres-config.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/backup-postgres-config.yaml rename to test/nextcloud/1.3.6/templates/backup-postgres-config.yaml diff --git a/test/nextcloud/1.3.5/templates/backup-postgres-hook.yaml b/test/nextcloud/1.3.6/templates/backup-postgres-hook.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/backup-postgres-hook.yaml rename to test/nextcloud/1.3.6/templates/backup-postgres-hook.yaml diff --git a/test/nextcloud/1.3.5/templates/deployment.yaml b/test/nextcloud/1.3.6/templates/deployment.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/deployment.yaml rename to test/nextcloud/1.3.6/templates/deployment.yaml diff --git a/test/nextcloud/1.3.5/templates/nuke-deployments-hook.yaml b/test/nextcloud/1.3.6/templates/nuke-deployments-hook.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/nuke-deployments-hook.yaml rename to test/nextcloud/1.3.6/templates/nuke-deployments-hook.yaml diff --git a/test/nextcloud/1.3.5/templates/postgres-deployment.yaml b/test/nextcloud/1.3.6/templates/postgres-deployment.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/postgres-deployment.yaml rename to test/nextcloud/1.3.6/templates/postgres-deployment.yaml diff --git a/test/nextcloud/1.3.5/templates/postgres-secret.yaml b/test/nextcloud/1.3.6/templates/postgres-secret.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/postgres-secret.yaml rename to test/nextcloud/1.3.6/templates/postgres-secret.yaml diff --git a/test/nextcloud/1.3.5/templates/postgres-service.yaml b/test/nextcloud/1.3.6/templates/postgres-service.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/postgres-service.yaml rename to test/nextcloud/1.3.6/templates/postgres-service.yaml diff --git a/test/nextcloud/1.3.5/templates/secrets.yaml b/test/nextcloud/1.3.6/templates/secrets.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/secrets.yaml rename to test/nextcloud/1.3.6/templates/secrets.yaml diff --git a/test/nextcloud/1.3.5/templates/service.yaml b/test/nextcloud/1.3.6/templates/service.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/service.yaml rename to test/nextcloud/1.3.6/templates/service.yaml diff --git a/test/nextcloud/1.3.5/templates/serviceaccount.yaml b/test/nextcloud/1.3.6/templates/serviceaccount.yaml similarity index 100% rename from test/nextcloud/1.3.5/templates/serviceaccount.yaml rename to test/nextcloud/1.3.6/templates/serviceaccount.yaml diff --git a/test/nextcloud/1.3.5/test_values.yaml b/test/nextcloud/1.3.6/test_values.yaml similarity index 100% rename from test/nextcloud/1.3.5/test_values.yaml rename to test/nextcloud/1.3.6/test_values.yaml diff --git a/test/nextcloud/1.3.5/values.yaml b/test/nextcloud/1.3.6/values.yaml similarity index 100% rename from test/nextcloud/1.3.5/values.yaml rename to test/nextcloud/1.3.6/values.yaml From 3e731e377faff682fa3a804c79074f4330e45073 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Mon, 11 Oct 2021 18:36:19 +0500 Subject: [PATCH 2/8] Add nginx configuration for nextcloud --- test/nextcloud/1.3.6/ix_values.yaml | 5 ++ test/nextcloud/1.3.6/templates/_nginx.tpl | 79 +++++++++++++++++++ .../1.3.6/templates/nginx-configmap.yaml | 52 ++++++++++++ 3 files changed, 136 insertions(+) create mode 100644 test/nextcloud/1.3.6/templates/_nginx.tpl create mode 100644 test/nextcloud/1.3.6/templates/nginx-configmap.yaml diff --git a/test/nextcloud/1.3.6/ix_values.yaml b/test/nextcloud/1.3.6/ix_values.yaml index 1c55afae66..3540094a90 100644 --- a/test/nextcloud/1.3.6/ix_values.yaml +++ b/test/nextcloud/1.3.6/ix_values.yaml @@ -2,3 +2,8 @@ image: pullPolicy: IfNotPresent repository: nextcloud tag: '22.2' +nginx: + image: + repository: nginx + tag: 1.21.3 + pullPolicy: IfNotPresent diff --git a/test/nextcloud/1.3.6/templates/_nginx.tpl b/test/nextcloud/1.3.6/templates/_nginx.tpl new file mode 100644 index 0000000000..3df19913a7 --- /dev/null +++ b/test/nextcloud/1.3.6/templates/_nginx.tpl @@ -0,0 +1,79 @@ +{{/* +Retrieve true/false if certificate is configured +*/}} +{{- define "nginx.certAvailable" -}} +{{- if .Values.certificate -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{- template "common.resources.cert_present" $values -}} +{{- else -}} +{{- false -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve public key of certificate +*/}} +{{- define "nginx.cert.publicKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve private key of certificate +*/}} +{{- define "nginx.cert.privateKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve configured protocol scheme for nextcloud +*/}} +{{- define "nginx.scheme" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +{{- print "https" -}} +{{- else -}} +{{- print "http" -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve nginx certificate secret name +*/}} +{{- define "nginx.secretName" -}} +{{- print "nginx-secret" -}} +{{- end -}} + + +{{/* +Formats volumeMount for tls keys and trusted certs +*/}} +{{- define "nginx.tlsKeysVolumeMount" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +- name: cert-secret-volume + mountPath: "/etc/nginx" +{{- end -}} +{{- end -}} + +{{/* +Formats volume for tls keys and trusted certs +*/}} +{{- define "nginx.tlsKeysVolume" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +- name: cert-secret-volume + secret: + secretName: {{ include "nginx.secretName" . }} + items: + - key: certPublicKey + path: public.crt + - key: certPrivateKey + path: private.key +{{- end -}} +{{- end -}} diff --git a/test/nextcloud/1.3.6/templates/nginx-configmap.yaml b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml new file mode 100644 index 0000000000..52be37af7c --- /dev/null +++ b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "nginx-configuration" +data: + config: |- + http { + # redirects all http requests to https requests + server { + listen 80 default_server; + listen [::]:80 default_server; + return 301 https://$host$request_uri; + } + + server { + server_name localhost; + + listen 443 ssl http2; + listen [::]:433 ssl http2; + + ssl_certificate /etc/nginx/public.crt + ssl_certificate_key /etc/nginx/private.key + + ssl_session_timeout 120m; + ssl_session_cache shared:ssl:16m; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; + + add_header Strict-Transport-Security max-age=31536000; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1"; + + + # maximum 3GB Upload File; change to fit your needs + client_max_body_size 3G; + + location / { + # We clear this as we will be adding it in our reverse proxy + more_clear_headers 'Strict-Transport-Security'; + proxy_pass http://localhost:80; + # set proper x-forwarded-headers + # proxy_set_header 'X-Forwarded-Host' nextcloud.domain.tld; + # proxy_set_header 'X-Forwarded-Proto' https; + # -For and -IP: + # see https://stackoverflow.com/questions/19366090/what-is-the-difference-between-x-forwarded-for-and-x-forwarded-ip + proxy_set_header 'X-Forwarded-For' $remote_addr; + proxy_set_header 'X-Forwarded-IP' $remote_addr; + } + } + } From 54972d376f8e962e1fa4c511fcf300af28e7c5ce Mon Sep 17 00:00:00 2001 From: sonicaj Date: Mon, 11 Oct 2021 19:02:36 +0500 Subject: [PATCH 3/8] Add nginx as a sidecar to nextcloud deployment --- .../nextcloud/1.3.6/templates/deployment.yaml | 23 ++++++++++++++++++- .../1.3.6/templates/nginx-secret.yaml | 10 ++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 test/nextcloud/1.3.6/templates/nginx-secret.yaml diff --git a/test/nextcloud/1.3.6/templates/deployment.yaml b/test/nextcloud/1.3.6/templates/deployment.yaml index 49b4f1683b..49ad2359be 100644 --- a/test/nextcloud/1.3.6/templates/deployment.yaml +++ b/test/nextcloud/1.3.6/templates/deployment.yaml @@ -10,6 +10,20 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} command: ['sh', '-c', "until pg_isready -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"] imagePullPolicy: {{ .Values.image.pullPolicy }} containers: + - name: nginx + {{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }} + volumeMounts: + - name: nginx-configuration + mountPath: /etc/nginx/nginx.conf + subPath: config + {{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }} + ports: + - name: nginx-http + containerPort: 8000 + protocol: TCP + - name: nginx-https + containerPort: 8443 + protocol: TCP - name: {{ .Chart.Name }} {{ include "common.containers.imageConfig" .Values.image | nindent 8 }} env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }} @@ -53,7 +67,14 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} mountPath: {{ $hostPathConfiguration.mountPath }} {{ end }} {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} -{{ include "common.storage.allAppVolumes" .Values | nindent 6 }} + volumes: + - name: nginx-configuration + configMap: + defaultMode: 0700 + name: "nginx-configuration" +{{ if .Values.appVolumeMounts }} +{{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} +{{ end }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} hostPath: diff --git a/test/nextcloud/1.3.6/templates/nginx-secret.yaml b/test/nextcloud/1.3.6/templates/nginx-secret.yaml new file mode 100644 index 0000000000..978441509f --- /dev/null +++ b/test/nextcloud/1.3.6/templates/nginx-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "nginx.secretName" . }} +type: Opaque +data: + {{ if eq (include "nginx.certAvailable" .) "true" }} + certPublicKey: {{ (include "nginx.cert.publicKey" .) | toString | b64enc | quote }} + certPrivateKey: {{ (include "nginx.cert.privateKey" .) | toString | b64enc | quote }} + {{ end }} From bcab69f042b564d5f119147bd7b3b0be6901ccc8 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Mon, 11 Oct 2021 19:45:27 +0500 Subject: [PATCH 4/8] Allow configuring certificate for nextcloud --- test/nextcloud/1.3.6/questions.yaml | 11 ++++++++++- test/nextcloud/1.3.6/templates/deployment.yaml | 2 ++ test/nextcloud/1.3.6/templates/nginx-configmap.yaml | 1 + test/nextcloud/1.3.6/templates/service.yaml | 4 ++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/test/nextcloud/1.3.6/questions.yaml b/test/nextcloud/1.3.6/questions.yaml index a92be45e6a..b6670f2472 100644 --- a/test/nextcloud/1.3.6/questions.yaml +++ b/test/nextcloud/1.3.6/questions.yaml @@ -17,7 +17,7 @@ groups: portals: web_portal: protocols: - - "http" + - "$kubernetes-resource_configmap_nginx-configuration_protocol" host: - "$variable-nextcloud.host" ports: @@ -52,6 +52,15 @@ questions: type: string required: true + - variable: certificate + description: "Configure Certificate for Nextcloud" + label: "Certificate Configuration" + group: "Nextcloud Configuration" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: nextcloud description: "Nextcloud configuration details" label: "Nextcloud Configuration" diff --git a/test/nextcloud/1.3.6/templates/deployment.yaml b/test/nextcloud/1.3.6/templates/deployment.yaml index 49ad2359be..42004b62c0 100644 --- a/test/nextcloud/1.3.6/templates/deployment.yaml +++ b/test/nextcloud/1.3.6/templates/deployment.yaml @@ -10,6 +10,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} command: ['sh', '-c', "until pg_isready -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"] imagePullPolicy: {{ .Values.image.pullPolicy }} containers: + {{ if eq (include "nginx.certAvailable" .) "true" }} - name: nginx {{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }} volumeMounts: @@ -24,6 +25,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} - name: nginx-https containerPort: 8443 protocol: TCP + {{ end }} - name: {{ .Chart.Name }} {{ include "common.containers.imageConfig" .Values.image | nindent 8 }} env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }} diff --git a/test/nextcloud/1.3.6/templates/nginx-configmap.yaml b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml index 52be37af7c..adb71910c3 100644 --- a/test/nextcloud/1.3.6/templates/nginx-configmap.yaml +++ b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml @@ -3,6 +3,7 @@ kind: ConfigMap metadata: name: "nginx-configuration" data: + protocol: {{ include "nginx.scheme" . }} config: |- http { # redirects all http requests to https requests diff --git a/test/nextcloud/1.3.6/templates/service.yaml b/test/nextcloud/1.3.6/templates/service.yaml index ead1523381..6b1e42f273 100644 --- a/test/nextcloud/1.3.6/templates/service.yaml +++ b/test/nextcloud/1.3.6/templates/service.yaml @@ -1,6 +1,10 @@ {{ $svc := .Values.service }} {{ $ports := list }} +{{ if eq (include "nginx.certAvailable" .) "true" }} +{{ $ports = mustAppend $ports (dict "name" "nginx-https" "port" 8443 "nodePort" $svc.nodePort) }} +{{ else }} {{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }} +{{ end }} {{ $params := . }} {{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} {{ include "common.classes.service" $params }} From a19715fbcedea83ea82c7f1f1a86918698a4bcf9 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 12 Oct 2021 12:45:49 +0500 Subject: [PATCH 5/8] Update nginx configuration for https nextcloud access --- test/nextcloud/1.3.6/templates/_nginx.tpl | 2 +- .../nextcloud/1.3.6/templates/deployment.yaml | 8 +- .../1.3.6/templates/nginx-configmap.yaml | 85 +++++++++++++++---- test/nextcloud/1.3.6/templates/service.yaml | 2 +- 4 files changed, 76 insertions(+), 21 deletions(-) diff --git a/test/nextcloud/1.3.6/templates/_nginx.tpl b/test/nextcloud/1.3.6/templates/_nginx.tpl index 3df19913a7..8adb9d9429 100644 --- a/test/nextcloud/1.3.6/templates/_nginx.tpl +++ b/test/nextcloud/1.3.6/templates/_nginx.tpl @@ -58,7 +58,7 @@ Formats volumeMount for tls keys and trusted certs {{- define "nginx.tlsKeysVolumeMount" -}} {{- if eq (include "nginx.certAvailable" .) "true" -}} - name: cert-secret-volume - mountPath: "/etc/nginx" + mountPath: "/etc/nginx-certs" {{- end -}} {{- end -}} diff --git a/test/nextcloud/1.3.6/templates/deployment.yaml b/test/nextcloud/1.3.6/templates/deployment.yaml index 42004b62c0..deacee17c7 100644 --- a/test/nextcloud/1.3.6/templates/deployment.yaml +++ b/test/nextcloud/1.3.6/templates/deployment.yaml @@ -16,14 +16,14 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} volumeMounts: - name: nginx-configuration mountPath: /etc/nginx/nginx.conf - subPath: config + subPath: nginx.conf {{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }} ports: - name: nginx-http containerPort: 8000 protocol: TCP - name: nginx-https - containerPort: 8443 + containerPort: 443 protocol: TCP {{ end }} - name: {{ .Chart.Name }} @@ -34,6 +34,9 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }} + {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }} + {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" "ssh.sonicaj.com:39001") }} + {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" .Values.nextcloud.host) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }} @@ -74,6 +77,7 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} configMap: defaultMode: 0700 name: "nginx-configuration" +{{ include "nginx.tlsKeysVolume" . | nindent 8 }} {{ if .Values.appVolumeMounts }} {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} {{ end }} diff --git a/test/nextcloud/1.3.6/templates/nginx-configmap.yaml b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml index adb71910c3..721c89c058 100644 --- a/test/nextcloud/1.3.6/templates/nginx-configmap.yaml +++ b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml @@ -4,12 +4,13 @@ metadata: name: "nginx-configuration" data: protocol: {{ include "nginx.scheme" . }} - config: |- + nginx.conf: |- + events {} http { # redirects all http requests to https requests server { - listen 80 default_server; - listen [::]:80 default_server; + listen 8000 default_server; + listen [::]:8000 default_server; return 301 https://$host$request_uri; } @@ -19,35 +20,85 @@ data: listen 443 ssl http2; listen [::]:433 ssl http2; - ssl_certificate /etc/nginx/public.crt - ssl_certificate_key /etc/nginx/private.key + ssl_certificate '/etc/nginx-certs/public.crt'; + ssl_certificate_key '/etc/nginx-certs/private.key'; - ssl_session_timeout 120m; - ssl_session_cache shared:ssl:16m; + # ssl_session_timeout 120m; + # ssl_session_cache shared:ssl:16m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; + # ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + # ssl_prefer_server_ciphers on; + # ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; - add_header Strict-Transport-Security max-age=31536000; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1"; + # add_header Strict-Transport-Security max-age=31536000; + # add_header X-Content-Type-Options nosniff; + # add_header X-XSS-Protection "1"; # maximum 3GB Upload File; change to fit your needs client_max_body_size 3G; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + location / { + proxy_pass http://localhost; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_request_buffering off; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + # proxy_redirect http://localhost https://ssh.sonicaj.com:39001; + + # Proxy timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header Connection keep-alive; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_set_header Host $http_host; + + # we don't want nginx trying to do something clever with + + # redirects, we set the Host: header above already. + # proxy_redirect off; + # proxy_pass http://localhost:80; + # We clear this as we will be adding it in our reverse proxy - more_clear_headers 'Strict-Transport-Security'; - proxy_pass http://localhost:80; + # more_clear_headers 'Strict-Transport-Security'; + # proxy_pass http://localhost:80; # set proper x-forwarded-headers # proxy_set_header 'X-Forwarded-Host' nextcloud.domain.tld; # proxy_set_header 'X-Forwarded-Proto' https; # -For and -IP: # see https://stackoverflow.com/questions/19366090/what-is-the-difference-between-x-forwarded-for-and-x-forwarded-ip - proxy_set_header 'X-Forwarded-For' $remote_addr; - proxy_set_header 'X-Forwarded-IP' $remote_addr; + # proxy_set_header 'X-Forwarded-For' $remote_addr; + # proxy_set_header 'X-Forwarded-IP' $remote_addr; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } } diff --git a/test/nextcloud/1.3.6/templates/service.yaml b/test/nextcloud/1.3.6/templates/service.yaml index 6b1e42f273..14c751eada 100644 --- a/test/nextcloud/1.3.6/templates/service.yaml +++ b/test/nextcloud/1.3.6/templates/service.yaml @@ -1,7 +1,7 @@ {{ $svc := .Values.service }} {{ $ports := list }} {{ if eq (include "nginx.certAvailable" .) "true" }} -{{ $ports = mustAppend $ports (dict "name" "nginx-https" "port" 8443 "nodePort" $svc.nodePort) }} +{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" 443 "port" 443 "nodePort" $svc.nodePort) }} {{ else }} {{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }} {{ end }} From 03a0d67de61921f657164537d10271321a69d531 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 12 Oct 2021 18:55:08 +0500 Subject: [PATCH 6/8] Correctly configure env variables for reverse proxy using https --- .../nextcloud/1.3.6/templates/deployment.yaml | 4 +- .../1.3.6/templates/nginx-configmap.yaml | 39 ------------------- 2 files changed, 3 insertions(+), 40 deletions(-) diff --git a/test/nextcloud/1.3.6/templates/deployment.yaml b/test/nextcloud/1.3.6/templates/deployment.yaml index deacee17c7..993b19fa12 100644 --- a/test/nextcloud/1.3.6/templates/deployment.yaml +++ b/test/nextcloud/1.3.6/templates/deployment.yaml @@ -34,9 +34,11 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }} + {{ if eq (include "nginx.certAvailable" .) "true" }} {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }} - {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" "ssh.sonicaj.com:39001") }} + {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }} {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }} + {{ end }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" .Values.nextcloud.host) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }} diff --git a/test/nextcloud/1.3.6/templates/nginx-configmap.yaml b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml index 721c89c058..71ecbda320 100644 --- a/test/nextcloud/1.3.6/templates/nginx-configmap.yaml +++ b/test/nextcloud/1.3.6/templates/nginx-configmap.yaml @@ -23,18 +23,6 @@ data: ssl_certificate '/etc/nginx-certs/public.crt'; ssl_certificate_key '/etc/nginx-certs/private.key'; - # ssl_session_timeout 120m; - # ssl_session_cache shared:ssl:16m; - - # ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - # ssl_prefer_server_ciphers on; - # ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; - - # add_header Strict-Transport-Security max-age=31536000; - # add_header X-Content-Type-Options nosniff; - # add_header X-XSS-Protection "1"; - - # maximum 3GB Upload File; change to fit your needs client_max_body_size 3G; @@ -67,38 +55,11 @@ data: proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; - # proxy_redirect http://localhost https://ssh.sonicaj.com:39001; # Proxy timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; - - - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header Connection keep-alive; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_set_header Host $http_host; - - # we don't want nginx trying to do something clever with - - # redirects, we set the Host: header above already. - # proxy_redirect off; - # proxy_pass http://localhost:80; - - # We clear this as we will be adding it in our reverse proxy - # more_clear_headers 'Strict-Transport-Security'; - # proxy_pass http://localhost:80; - # set proper x-forwarded-headers - # proxy_set_header 'X-Forwarded-Host' nextcloud.domain.tld; - # proxy_set_header 'X-Forwarded-Proto' https; - # -For and -IP: - # see https://stackoverflow.com/questions/19366090/what-is-the-difference-between-x-forwarded-for-and-x-forwarded-ip - # proxy_set_header 'X-Forwarded-For' $remote_addr; - # proxy_set_header 'X-Forwarded-IP' $remote_addr; - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } } From 18d115f015f96fcaf512afc66ec1f7cfa007d8b8 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 12 Oct 2021 19:07:40 +0500 Subject: [PATCH 7/8] Remove redundant files in nextcloud app --- test/nextcloud/1.3.6/default_values.yaml | 30 ------------------------ test/nextcloud/1.3.6/test_values.yaml | 5 ++++ test/nextcloud/1.3.6/values.yaml | 0 3 files changed, 5 insertions(+), 30 deletions(-) delete mode 100644 test/nextcloud/1.3.6/default_values.yaml delete mode 100644 test/nextcloud/1.3.6/values.yaml diff --git a/test/nextcloud/1.3.6/default_values.yaml b/test/nextcloud/1.3.6/default_values.yaml deleted file mode 100644 index 6de7de5f74..0000000000 --- a/test/nextcloud/1.3.6/default_values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -## Official nextcloud image version -## ref: https://hub.docker.com/r/library/nextcloud/tags/ -## -image: - repository: nextcloud - tag: 19.0.3-apache - pullPolicy: IfNotPresent - -nextcloud: - host: nextcloud.kube.home - username: admin - password: changeme - datadir: /var/www/html/data - strategy: "Recreate" - -service: - nodePort: 9001 - -appVolumeMounts: - nextcloud-data: - emptyDir: true - mountPath: "/var/www" - -postgresAppVolumeMounts: - postgres-data: - emptyDir: true - mountPath: "/var/lib/postgresql/data" - postgres-backup: - emptyDir: true - mountPath: "/postgres_backups" diff --git a/test/nextcloud/1.3.6/test_values.yaml b/test/nextcloud/1.3.6/test_values.yaml index b828eca391..e109093a0d 100644 --- a/test/nextcloud/1.3.6/test_values.yaml +++ b/test/nextcloud/1.3.6/test_values.yaml @@ -10,6 +10,11 @@ image: pullPolicy: IfNotPresent repository: nextcloud tag: '22.2' +nginx: + image: + repository: nginx + tag: 1.21.3 + pullPolicy: IfNotPresent ixChartContext: {} nextcloud: datadir: /var/www/html/data diff --git a/test/nextcloud/1.3.6/values.yaml b/test/nextcloud/1.3.6/values.yaml deleted file mode 100644 index e69de29bb2..0000000000 From ea3bf93c7210e54ed79d6c98e7133833ffa4ee68 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 15:57:13 +0500 Subject: [PATCH 8/8] Update stable train from test train --- charts/nextcloud/1.3.5/default_values.yaml | 30 ------- charts/nextcloud/1.3.5/ix_values.yaml | 4 - charts/nextcloud/1.3.5/values.yaml | 0 charts/nextcloud/{1.3.5 => 1.3.6}/.helmignore | 0 charts/nextcloud/{1.3.5 => 1.3.6}/Chart.lock | 0 charts/nextcloud/{1.3.5 => 1.3.6}/Chart.yaml | 2 +- charts/nextcloud/{1.3.5 => 1.3.6}/README.md | 0 .../nextcloud/{1.3.5 => 1.3.6}/app-readme.md | 0 .../charts/common-2105.0.0.tgz | Bin charts/nextcloud/1.3.6/ix_values.yaml | 9 ++ .../migrations/migrate_from_1.1.0 | 0 .../nextcloud/{1.3.5 => 1.3.6}/questions.yaml | 11 ++- .../{1.3.5 => 1.3.6}/templates/NOTES.txt | 0 charts/nextcloud/1.3.6/templates/_nginx.tpl | 79 ++++++++++++++++++ .../{1.3.5 => 1.3.6}/templates/_postgres.tpl | 0 .../templates/backup-postgres-config.yaml | 0 .../templates/backup-postgres-hook.yaml | 0 .../templates/deployment.yaml | 31 ++++++- .../1.3.6/templates/nginx-configmap.yaml | 65 ++++++++++++++ .../1.3.6/templates/nginx-secret.yaml | 10 +++ .../templates/nuke-deployments-hook.yaml | 0 .../templates/postgres-deployment.yaml | 0 .../templates/postgres-secret.yaml | 0 .../templates/postgres-service.yaml | 0 .../{1.3.5 => 1.3.6}/templates/secrets.yaml | 0 .../{1.3.5 => 1.3.6}/templates/service.yaml | 4 + .../templates/serviceaccount.yaml | 0 .../{1.3.5 => 1.3.6}/test_values.yaml | 5 ++ 28 files changed, 213 insertions(+), 37 deletions(-) delete mode 100644 charts/nextcloud/1.3.5/default_values.yaml delete mode 100644 charts/nextcloud/1.3.5/ix_values.yaml delete mode 100644 charts/nextcloud/1.3.5/values.yaml rename charts/nextcloud/{1.3.5 => 1.3.6}/.helmignore (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/Chart.lock (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/Chart.yaml (97%) rename charts/nextcloud/{1.3.5 => 1.3.6}/README.md (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/app-readme.md (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/charts/common-2105.0.0.tgz (100%) create mode 100644 charts/nextcloud/1.3.6/ix_values.yaml rename charts/nextcloud/{1.3.5 => 1.3.6}/migrations/migrate_from_1.1.0 (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/questions.yaml (96%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/NOTES.txt (100%) create mode 100644 charts/nextcloud/1.3.6/templates/_nginx.tpl rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/_postgres.tpl (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/backup-postgres-config.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/backup-postgres-hook.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/deployment.yaml (71%) create mode 100644 charts/nextcloud/1.3.6/templates/nginx-configmap.yaml create mode 100644 charts/nextcloud/1.3.6/templates/nginx-secret.yaml rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/nuke-deployments-hook.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/postgres-deployment.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/postgres-secret.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/postgres-service.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/secrets.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/service.yaml (60%) rename charts/nextcloud/{1.3.5 => 1.3.6}/templates/serviceaccount.yaml (100%) rename charts/nextcloud/{1.3.5 => 1.3.6}/test_values.yaml (90%) diff --git a/charts/nextcloud/1.3.5/default_values.yaml b/charts/nextcloud/1.3.5/default_values.yaml deleted file mode 100644 index 6de7de5f74..0000000000 --- a/charts/nextcloud/1.3.5/default_values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -## Official nextcloud image version -## ref: https://hub.docker.com/r/library/nextcloud/tags/ -## -image: - repository: nextcloud - tag: 19.0.3-apache - pullPolicy: IfNotPresent - -nextcloud: - host: nextcloud.kube.home - username: admin - password: changeme - datadir: /var/www/html/data - strategy: "Recreate" - -service: - nodePort: 9001 - -appVolumeMounts: - nextcloud-data: - emptyDir: true - mountPath: "/var/www" - -postgresAppVolumeMounts: - postgres-data: - emptyDir: true - mountPath: "/var/lib/postgresql/data" - postgres-backup: - emptyDir: true - mountPath: "/postgres_backups" diff --git a/charts/nextcloud/1.3.5/ix_values.yaml b/charts/nextcloud/1.3.5/ix_values.yaml deleted file mode 100644 index 1c55afae66..0000000000 --- a/charts/nextcloud/1.3.5/ix_values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -image: - pullPolicy: IfNotPresent - repository: nextcloud - tag: '22.2' diff --git a/charts/nextcloud/1.3.5/values.yaml b/charts/nextcloud/1.3.5/values.yaml deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/charts/nextcloud/1.3.5/.helmignore b/charts/nextcloud/1.3.6/.helmignore similarity index 100% rename from charts/nextcloud/1.3.5/.helmignore rename to charts/nextcloud/1.3.6/.helmignore diff --git a/charts/nextcloud/1.3.5/Chart.lock b/charts/nextcloud/1.3.6/Chart.lock similarity index 100% rename from charts/nextcloud/1.3.5/Chart.lock rename to charts/nextcloud/1.3.6/Chart.lock diff --git a/charts/nextcloud/1.3.5/Chart.yaml b/charts/nextcloud/1.3.6/Chart.yaml similarity index 97% rename from charts/nextcloud/1.3.5/Chart.yaml rename to charts/nextcloud/1.3.6/Chart.yaml index 39d566acc9..c0d4a5abce 100644 --- a/charts/nextcloud/1.3.5/Chart.yaml +++ b/charts/nextcloud/1.3.6/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/nextcloud/docker - https://github.com/nextcloud/helm upstream_version: 2.3.2 -version: 1.3.5 +version: 1.3.6 diff --git a/charts/nextcloud/1.3.5/README.md b/charts/nextcloud/1.3.6/README.md similarity index 100% rename from charts/nextcloud/1.3.5/README.md rename to charts/nextcloud/1.3.6/README.md diff --git a/charts/nextcloud/1.3.5/app-readme.md b/charts/nextcloud/1.3.6/app-readme.md similarity index 100% rename from charts/nextcloud/1.3.5/app-readme.md rename to charts/nextcloud/1.3.6/app-readme.md diff --git a/charts/nextcloud/1.3.5/charts/common-2105.0.0.tgz b/charts/nextcloud/1.3.6/charts/common-2105.0.0.tgz similarity index 100% rename from charts/nextcloud/1.3.5/charts/common-2105.0.0.tgz rename to charts/nextcloud/1.3.6/charts/common-2105.0.0.tgz diff --git a/charts/nextcloud/1.3.6/ix_values.yaml b/charts/nextcloud/1.3.6/ix_values.yaml new file mode 100644 index 0000000000..3540094a90 --- /dev/null +++ b/charts/nextcloud/1.3.6/ix_values.yaml @@ -0,0 +1,9 @@ +image: + pullPolicy: IfNotPresent + repository: nextcloud + tag: '22.2' +nginx: + image: + repository: nginx + tag: 1.21.3 + pullPolicy: IfNotPresent diff --git a/charts/nextcloud/1.3.5/migrations/migrate_from_1.1.0 b/charts/nextcloud/1.3.6/migrations/migrate_from_1.1.0 similarity index 100% rename from charts/nextcloud/1.3.5/migrations/migrate_from_1.1.0 rename to charts/nextcloud/1.3.6/migrations/migrate_from_1.1.0 diff --git a/charts/nextcloud/1.3.5/questions.yaml b/charts/nextcloud/1.3.6/questions.yaml similarity index 96% rename from charts/nextcloud/1.3.5/questions.yaml rename to charts/nextcloud/1.3.6/questions.yaml index a92be45e6a..b6670f2472 100644 --- a/charts/nextcloud/1.3.5/questions.yaml +++ b/charts/nextcloud/1.3.6/questions.yaml @@ -17,7 +17,7 @@ groups: portals: web_portal: protocols: - - "http" + - "$kubernetes-resource_configmap_nginx-configuration_protocol" host: - "$variable-nextcloud.host" ports: @@ -52,6 +52,15 @@ questions: type: string required: true + - variable: certificate + description: "Configure Certificate for Nextcloud" + label: "Certificate Configuration" + group: "Nextcloud Configuration" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: nextcloud description: "Nextcloud configuration details" label: "Nextcloud Configuration" diff --git a/charts/nextcloud/1.3.5/templates/NOTES.txt b/charts/nextcloud/1.3.6/templates/NOTES.txt similarity index 100% rename from charts/nextcloud/1.3.5/templates/NOTES.txt rename to charts/nextcloud/1.3.6/templates/NOTES.txt diff --git a/charts/nextcloud/1.3.6/templates/_nginx.tpl b/charts/nextcloud/1.3.6/templates/_nginx.tpl new file mode 100644 index 0000000000..8adb9d9429 --- /dev/null +++ b/charts/nextcloud/1.3.6/templates/_nginx.tpl @@ -0,0 +1,79 @@ +{{/* +Retrieve true/false if certificate is configured +*/}} +{{- define "nginx.certAvailable" -}} +{{- if .Values.certificate -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{- template "common.resources.cert_present" $values -}} +{{- else -}} +{{- false -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve public key of certificate +*/}} +{{- define "nginx.cert.publicKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve private key of certificate +*/}} +{{- define "nginx.cert.privateKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve configured protocol scheme for nextcloud +*/}} +{{- define "nginx.scheme" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +{{- print "https" -}} +{{- else -}} +{{- print "http" -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve nginx certificate secret name +*/}} +{{- define "nginx.secretName" -}} +{{- print "nginx-secret" -}} +{{- end -}} + + +{{/* +Formats volumeMount for tls keys and trusted certs +*/}} +{{- define "nginx.tlsKeysVolumeMount" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +- name: cert-secret-volume + mountPath: "/etc/nginx-certs" +{{- end -}} +{{- end -}} + +{{/* +Formats volume for tls keys and trusted certs +*/}} +{{- define "nginx.tlsKeysVolume" -}} +{{- if eq (include "nginx.certAvailable" .) "true" -}} +- name: cert-secret-volume + secret: + secretName: {{ include "nginx.secretName" . }} + items: + - key: certPublicKey + path: public.crt + - key: certPrivateKey + path: private.key +{{- end -}} +{{- end -}} diff --git a/charts/nextcloud/1.3.5/templates/_postgres.tpl b/charts/nextcloud/1.3.6/templates/_postgres.tpl similarity index 100% rename from charts/nextcloud/1.3.5/templates/_postgres.tpl rename to charts/nextcloud/1.3.6/templates/_postgres.tpl diff --git a/charts/nextcloud/1.3.5/templates/backup-postgres-config.yaml b/charts/nextcloud/1.3.6/templates/backup-postgres-config.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/backup-postgres-config.yaml rename to charts/nextcloud/1.3.6/templates/backup-postgres-config.yaml diff --git a/charts/nextcloud/1.3.5/templates/backup-postgres-hook.yaml b/charts/nextcloud/1.3.6/templates/backup-postgres-hook.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/backup-postgres-hook.yaml rename to charts/nextcloud/1.3.6/templates/backup-postgres-hook.yaml diff --git a/charts/nextcloud/1.3.5/templates/deployment.yaml b/charts/nextcloud/1.3.6/templates/deployment.yaml similarity index 71% rename from charts/nextcloud/1.3.5/templates/deployment.yaml rename to charts/nextcloud/1.3.6/templates/deployment.yaml index 49b4f1683b..993b19fa12 100644 --- a/charts/nextcloud/1.3.5/templates/deployment.yaml +++ b/charts/nextcloud/1.3.6/templates/deployment.yaml @@ -10,6 +10,22 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} command: ['sh', '-c', "until pg_isready -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"] imagePullPolicy: {{ .Values.image.pullPolicy }} containers: + {{ if eq (include "nginx.certAvailable" .) "true" }} + - name: nginx + {{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }} + volumeMounts: + - name: nginx-configuration + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + {{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }} + ports: + - name: nginx-http + containerPort: 8000 + protocol: TCP + - name: nginx-https + containerPort: 443 + protocol: TCP + {{ end }} - name: {{ .Chart.Name }} {{ include "common.containers.imageConfig" .Values.image | nindent 8 }} env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }} @@ -18,6 +34,11 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }} {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }} + {{ if eq (include "nginx.certAvailable" .) "true" }} + {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }} + {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }} + {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }} + {{ end }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" .Values.nextcloud.host) }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }} {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }} @@ -53,7 +74,15 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }} mountPath: {{ $hostPathConfiguration.mountPath }} {{ end }} {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} -{{ include "common.storage.allAppVolumes" .Values | nindent 6 }} + volumes: + - name: nginx-configuration + configMap: + defaultMode: 0700 + name: "nginx-configuration" +{{ include "nginx.tlsKeysVolume" . | nindent 8 }} +{{ if .Values.appVolumeMounts }} +{{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} +{{ end }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} hostPath: diff --git a/charts/nextcloud/1.3.6/templates/nginx-configmap.yaml b/charts/nextcloud/1.3.6/templates/nginx-configmap.yaml new file mode 100644 index 0000000000..71ecbda320 --- /dev/null +++ b/charts/nextcloud/1.3.6/templates/nginx-configmap.yaml @@ -0,0 +1,65 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "nginx-configuration" +data: + protocol: {{ include "nginx.scheme" . }} + nginx.conf: |- + events {} + http { + # redirects all http requests to https requests + server { + listen 8000 default_server; + listen [::]:8000 default_server; + return 301 https://$host$request_uri; + } + + server { + server_name localhost; + + listen 443 ssl http2; + listen [::]:433 ssl http2; + + ssl_certificate '/etc/nginx-certs/public.crt'; + ssl_certificate_key '/etc/nginx-certs/private.key'; + + # maximum 3GB Upload File; change to fit your needs + client_max_body_size 3G; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location / { + proxy_pass http://localhost; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_request_buffering off; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + # Proxy timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + } diff --git a/charts/nextcloud/1.3.6/templates/nginx-secret.yaml b/charts/nextcloud/1.3.6/templates/nginx-secret.yaml new file mode 100644 index 0000000000..978441509f --- /dev/null +++ b/charts/nextcloud/1.3.6/templates/nginx-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "nginx.secretName" . }} +type: Opaque +data: + {{ if eq (include "nginx.certAvailable" .) "true" }} + certPublicKey: {{ (include "nginx.cert.publicKey" .) | toString | b64enc | quote }} + certPrivateKey: {{ (include "nginx.cert.privateKey" .) | toString | b64enc | quote }} + {{ end }} diff --git a/charts/nextcloud/1.3.5/templates/nuke-deployments-hook.yaml b/charts/nextcloud/1.3.6/templates/nuke-deployments-hook.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/nuke-deployments-hook.yaml rename to charts/nextcloud/1.3.6/templates/nuke-deployments-hook.yaml diff --git a/charts/nextcloud/1.3.5/templates/postgres-deployment.yaml b/charts/nextcloud/1.3.6/templates/postgres-deployment.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/postgres-deployment.yaml rename to charts/nextcloud/1.3.6/templates/postgres-deployment.yaml diff --git a/charts/nextcloud/1.3.5/templates/postgres-secret.yaml b/charts/nextcloud/1.3.6/templates/postgres-secret.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/postgres-secret.yaml rename to charts/nextcloud/1.3.6/templates/postgres-secret.yaml diff --git a/charts/nextcloud/1.3.5/templates/postgres-service.yaml b/charts/nextcloud/1.3.6/templates/postgres-service.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/postgres-service.yaml rename to charts/nextcloud/1.3.6/templates/postgres-service.yaml diff --git a/charts/nextcloud/1.3.5/templates/secrets.yaml b/charts/nextcloud/1.3.6/templates/secrets.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/secrets.yaml rename to charts/nextcloud/1.3.6/templates/secrets.yaml diff --git a/charts/nextcloud/1.3.5/templates/service.yaml b/charts/nextcloud/1.3.6/templates/service.yaml similarity index 60% rename from charts/nextcloud/1.3.5/templates/service.yaml rename to charts/nextcloud/1.3.6/templates/service.yaml index ead1523381..14c751eada 100644 --- a/charts/nextcloud/1.3.5/templates/service.yaml +++ b/charts/nextcloud/1.3.6/templates/service.yaml @@ -1,6 +1,10 @@ {{ $svc := .Values.service }} {{ $ports := list }} +{{ if eq (include "nginx.certAvailable" .) "true" }} +{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" 443 "port" 443 "nodePort" $svc.nodePort) }} +{{ else }} {{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }} +{{ end }} {{ $params := . }} {{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} {{ include "common.classes.service" $params }} diff --git a/charts/nextcloud/1.3.5/templates/serviceaccount.yaml b/charts/nextcloud/1.3.6/templates/serviceaccount.yaml similarity index 100% rename from charts/nextcloud/1.3.5/templates/serviceaccount.yaml rename to charts/nextcloud/1.3.6/templates/serviceaccount.yaml diff --git a/charts/nextcloud/1.3.5/test_values.yaml b/charts/nextcloud/1.3.6/test_values.yaml similarity index 90% rename from charts/nextcloud/1.3.5/test_values.yaml rename to charts/nextcloud/1.3.6/test_values.yaml index b828eca391..e109093a0d 100644 --- a/charts/nextcloud/1.3.5/test_values.yaml +++ b/charts/nextcloud/1.3.6/test_values.yaml @@ -10,6 +10,11 @@ image: pullPolicy: IfNotPresent repository: nextcloud tag: '22.2' +nginx: + image: + repository: nginx + tag: 1.21.3 + pullPolicy: IfNotPresent ixChartContext: {} nextcloud: datadir: /var/www/html/data