truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-10 06:07:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Publish new changes in catalog

Browse Source
This commit is contained in:
sonicaj
2024-05-02 20:28:45 +00:00
parent fbc87af8dd
commit d6281fe006
30 changed files with 2130 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
charts/nextcloud/2.0.0/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
charts/nextcloud/2.0.0/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common
version: 1.2.9
digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c
generated: "2024-04-12T15:56:46.904719299+03:00"

30
charts/nextcloud/2.0.0/Chart.yaml Normal file
View File

@@ -0,0 +1,30 @@
name: nextcloud
description: A file sharing server that puts the control and security of your own
data back into your hands.
annotations:
title: Nextcloud
type: application
version: 2.0.0
apiVersion: v2
appVersion: 29.0.0
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
email: dev@ixsystems.com
dependencies:
- name: common
repository: file://../../../common
version: 1.2.9
home: https://nextcloud.com/
icon: https://media.sys.truenas.net/apps/nextcloud/icons/icon.svg
sources:
- https://github.com/nextcloud/docker
- https://github.com/nextcloud/helm
- https://github.com/truenas/charts/tree/master/charts/nextcloud
keywords:
- nextcloud
- storage
- http
- web
- php

3
charts/nextcloud/2.0.0/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Nextcloud
[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.

3
charts/nextcloud/2.0.0/app-readme.md Normal file
View File

@@ -0,0 +1,3 @@
# Nextcloud
[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.

BIN
charts/nextcloud/2.0.0/charts/common-1.2.9.tgz Normal file
View File

Binary file not shown.

31
charts/nextcloud/2.0.0/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,31 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands:
- ffmpeg
- smbclient
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []

118
charts/nextcloud/2.0.0/ci/https-values.yaml Normal file
View File

@@ -0,0 +1,118 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands:
- ffmpeg
- smbclient
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
certificateID: 1
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

31
charts/nextcloud/2.0.0/ci/no-cron.yaml Normal file
View File

@@ -0,0 +1,31 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
cron:
enabled: false
commands: []
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []

29
charts/nextcloud/2.0.0/ci/nocmd-values.yaml Normal file
View File

@@ -0,0 +1,29 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands: []
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []

76
charts/nextcloud/2.0.0/ci/onedata-values.yaml Normal file
View File

@@ -0,0 +1,76 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands: []
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
isDataInTheSameVolume: true
html:
type: hostPath
hostPathConfig:
hostPath: /mnt/{{ .Release.Name }}/test
data:
type: hostPath
hostPathConfig:
hostPath: /mnt/{{ .Release.Name }}/test
pgData:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []
##### CI Hack #####
# What this hack does is that it will create a pod before the chart install
# A hostPath is attached to the pod, which will force k8s to create the directory on the host.
# so the actual test run will find the directory created there. (Storage attached to the actual NC chart
# uses `subPath` for which k8s will not created the directory on the host.)
workload:
ci-hack:
enabled: true
type: Job
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
podSpec:
restartPolicy: Never
containers:
ci-hack:
enabled: true
primary: true
image: bashImage
command: bash
args:
- -c
- exit 0
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
persistence:
ci-hack:
enabled: true
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/test/data
hostPathType: DirectoryOrCreate
targetSelector:
ci-hack:
ci-hack:
mountPath: /ci

89
charts/nextcloud/2.0.0/ix_values.yaml Normal file
View File

@@ -0,0 +1,89 @@
image:
pullPolicy: IfNotPresent
repository: nextcloud
tag: 29.0.0
nginxImage:
pullPolicy: IfNotPresent
repository: nginx
tag: 1.25.4
# Keep using the same image
# as before the migration
ncPostgresImage:
pullPolicy: IfNotPresent
repository: postgres
tag: "13.1"
resources:
limits:
cpu: 4000m
memory: 8Gi
podOptions:
dnsConfig:
options: []
ncConfig:
adminUser: admin
adminPassword: password
host: ""
dataDir: /var/www/html/data
commands:
- ffmpeg
- smbclient
maxUploadLimit: 3
phpMemoryLimit: 512
opCacheMemoryConsumption: 128
maxExecutionTime: 30
cron:
enabled: true
schedule: "*/15 * * * *"
additionalEnvs: []
ncNetwork:
webPort: 9001
certificateID:
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
data:
type: ixVolume
ixVolumeConfig:
datasetName: data
html:
type: ixVolume
ixVolumeConfig:
datasetName: html
pgData:
type: ixVolume
ixVolumeConfig:
datasetName: pgData
pgBackup:
# TODO: NC creates a different user/pw for pg, so we should pass the
# config to the backup container so it can get the right details
type: ixVolume
ixVolumeConfig:
datasetName: pgBackup
additionalStorages: []
notes:
custom: |
## Database
You can connect to the database using the pgAdmin App from the catalog
<details>
<summary>Database Details</summary>
- Database: `{{ .Values.ncDbName }}`
- Username: `{{ .Values.ncDbUser }}`
- Password: `{{ .Values.ncDbPass }}`
- Host: `{{ .Values.ncDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
- Port: `5432`
</details>
{{- $_ := unset .Values "ncDbUser" }}
{{- $_ := unset .Values "ncDbName" }}
{{- $_ := unset .Values "ncDbPass" }}
{{- $_ := unset .Values "ncDbHost" }}

32
charts/nextcloud/2.0.0/metadata.yaml Normal file
View File

@@ -0,0 +1,32 @@
runAsContext:
- userName: root
groupName: root
gid: 0
uid: 0
description: Nextcloud runs as root user.
- userName: root
groupName: root
gid: 999
uid: 999
description: Postgres runs as root user.
- userName: root
groupName: root
gid: 0
uid: 0
description: Nginx runs as root user. (Nginx only runs when certificate is provided)
capabilities:
- name: CHOWN
description: Nextcloud, Nginx and Postgres are able to chown files.
- name: FOWNER
description: Nextcloud, Nginx and Postgres are able to bypass permission checks for it's sub-processes.
- name: DAC_OVERRIDE
description: Nextcloud, Nginx and Postgres are able to bypass permission checks.
- name: SETGID
description: Nextcloud, Nginx and Postgres are able to set group ID for it's sub-processes.
- name: SETUID
description: Nextcloud, Nginx and Postgres are able to set user ID for it's sub-processes.
- name: NET_BIND_SERVICE
description: Nextcloud, Nginx and Postgres are able to bind to privileged ports.
- name: NET_RAW
description: Nextcloud, Nginx and Postgres are able to use raw sockets.
hostMounts: []

110
charts/nextcloud/2.0.0/migrations/migrate Executable file
View File

@@ -0,0 +1,110 @@
#!/usr/bin/python3
import json
import os
import sys
def migrate_volume(volume, suffix=''):
return {
'type': 'hostPath',
'hostPathConfig': {
'hostPath': volume['hostPath']+suffix
},
} if volume.get('hostPathEnabled', False) else {
'type': 'ixVolume',
'ixVolumeConfig': {
'datasetName': volume['datasetName'],
},
}
def migrate_common_lib(values):
delete_keys = [
'service', 'updateStrategy', 'certificate', 'enableResourceLimits', 'cpuLimit',
'memLimit', 'dnsConfig', 'environmentVariables', 'nextcloud', 'cronjob', 'nginx',
'nginxConfig', 'postgresAppVolumeMounts', 'extraAppVolumeMounts', 'appVolumeMounts',
'useServiceNameForHost',
]
values.update({
'shouldShowStorageToggle': True,
'isDataInTheSameVolume': True,
# Migrate Network
'ncNetwork': {
'webPort': values['service']['nodePort'],
'certificateID': values['certificate'],
'nginx': {
'proxyTimeouts': values.get('nginxConfig', {}).get('proxy_timeouts', 60),
'useDifferentAccessPort': values.get('nginxConfig', {}).get('useDifferentAccessPort', False),
'externalAccessPort': values.get('nginxConfig', {}).get('externalAccessPort', 443)
}
},
# Migrate Resources
'resources': {
'limits': {
'cpu': values.get('cpuLimit', '4000m'),
'memory': values.get('memLimit', '8Gi'),
}
},
# Migrate DNS
'podOptions': {
'dnsConfig': {
'options': [
{'name': opt['name'], 'value': opt['value']}
for opt in values.get('dnsConfig', {}).get('options', [])
]
}
},
# Migrate Config
'ncConfig': {
'additionalEnvs': values.get('environmentVariables', []),
'adminUser': values['nextcloud']['username'],
'adminPassword': values['nextcloud']['password'],
'host': values['nextcloud'].get('host', ''),
'dataDir': values['nextcloud']['datadir'],
'commands': (['ffmpeg'] if values['nextcloud']['install_ffmpeg'] else []) + (['smbclient'] if values['nextcloud']['install_smbclient'] else []),
'maxUploadLimit': values['nextcloud']['max_upload_size'],
'maxExecutionTime': values['nextcloud']['max_execution_time'],
'phpMemoryLimit': values['nextcloud']['php_memory_limit'],
'opCacheMemoryConsumption': values['nextcloud']['opcache_memory_consumption'],
'cron': {
'enabled': values['cronjob']['enabled'],
'schedule': values['cronjob']['schedule'] if values['cronjob']['enabled'] else '*/15 * * * *',
}
},
# Migrate Storage
'ncStorage': {
'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']),
'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']),
'data': migrate_volume(values['appVolumeMounts']['nextcloud-data']),
'html': migrate_volume(values['appVolumeMounts']['nextcloud-data']),
'additionalStorages': [
{
'type': 'hostPath',
'hostPathConfig': {'hostPath': e['hostPath']},
'mountPath': e['mountPath'],
}
for e in values.get('extraAppVolumeMounts', [])
],
},
})
for k in delete_keys:
values.pop(k, None)
return values
def migrate(values):
# If this missing, we have already migrated
if not 'appVolumeMounts' in values.keys():
return values
return migrate_common_lib(values)
if __name__ == '__main__':
if len(sys.argv) != 2:
exit(1)
if os.path.exists(sys.argv[1]):
with open(sys.argv[1], 'r') as f:
print(json.dumps(migrate(json.loads(f.read()))))

760
charts/nextcloud/2.0.0/questions.yaml Normal file
View File

@@ -0,0 +1,760 @@
groups:
- name: Nextcloud Configuration
description: Configure Nextcloud
- name: Advanced Pod Configuration
description: Configure Advanced Pod Options for Nextcloud
- name: Network Configuration
description: Configure Network for Nextcloud
- name: Storage Configuration
description: Configure Storage for Nextcloud
- name: Resources Configuration
description: Configure Resources for Nextcloud
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
questions:
- variable: ncConfig
label: ""
group: Nextcloud Configuration
schema:
type: dict
attrs:
- variable: adminUser
label: Admin User
description: The Nextcloud admin user.
schema:
type: string
default: ""
required: true
- variable: adminPassword
label: Admin Password
description: The Nextcloud admin password.
schema:
type: string
default: ""
required: true
- variable: host
label: Host
description: Nextcloud host to create application URLs
schema:
type: string
$ref:
- "definitions/nodeIP"
- variable: dataDir
label: "Nextcloud data directory"
description: "Configures the data directory where Nextcloud stores all files from the users. The path refers to the path inside the container"
schema:
type: path
default: "/var/www/html/data"
required: true
- variable: commands
label: Commands
description: Commands to run in the Nextcloud container
schema:
type: list
items:
- variable: command
label: Command
schema:
type: string
required: true
enum:
- value: ffmpeg
description: ffmpeg
- value: smbclient
description: smbclient
- variable: maxUploadLimit
label: Max Upload Size (Giga Bytes)
description: |
Applies the timeout to the following settings:</br>
- client_max_body_size in nginx</br>
- post_max_size and upload_max_filesize in php</br>
schema:
type: int
default: 3
min: 1
required: true
- variable: maxExecutionTime
label: Max Execution Time (Seconds)
description: Configures the max execution time of php
schema:
type: int
default: 30
min: 30
required: true
- variable: phpMemoryLimit
label: PHP Memory Limit (Mega Bytes)
description: Configures the memory limit of php
schema:
type: int
default: 512
min: 128
max: 4096
required: true
- variable: opCacheMemoryConsumption
label: Opcache Memory Consumption (Mega Bytes)
description: Configures the memory consumption of the opcache
schema:
type: int
min: 128
max: 1024
default: 128
required: true
- variable: cron
label: Cron
description: Configures the cron job for Nextcloud
schema:
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: true
required: true
- variable: schedule
label: Schedule
schema:
type: string
show_if: [["enabled", "=", true]]
default: "*/15 * * * *"
required: true
- variable: podOptions
label: ""
group: Advanced Pod Configuration
schema:
type: dict
attrs:
- variable: dnsConfig
label: Advanced DNS Configuration
schema:
type: dict
attrs:
- variable: options
label: DNS Options
schema:
type: list
items:
- variable: optionsEntry
label: DNS Option Entry
schema:
type: dict
attrs:
- variable: name
label: Option Name
schema:
type: string
required: true
- variable: value
label: Option Value
schema:
type: string
required: true
- variable: ncNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: webPort
label: Web Port
description: The port for the Nextcloud Web UI.
schema:
type: int
default: 20810
min: 9000
max: 65535
required: true
- variable: certificateID
label: Certificate
description: The certificate to use for Nextcloud
schema:
type: int
"null": true
$ref:
- "definitions/certificate"
- variable: nginx
label: Nginx Configuration
schema:
type: dict
show_if: [["certificateID", "!=", null]]
attrs:
- variable: proxyTimeouts
label: Proxy timeouts (Seconds)
description: |
Applies the timeout to the following settings:</br>
- proxy_connect_timeout</br>
- proxy_send_timeout</br>
- proxy_read_timeout</br>
schema:
type: int
min: 30
default: 60
required: true
- variable: useDifferentAccessPort
label: Use different port for URL rewrites
description: |
If enabled, the URL rewrite will use [Access Port] defined below instead of the [Node Port].</br>
Note that Nextcloud will still listen on the [Node Port]. (Default 9001)
schema:
type: boolean
default: false
- variable: externalAccessPort
label: External Access Port
schema:
type: int
show_if: [["useDifferentAccessPort", "=", true]]
min: 443
max: 65535
default: 443
required: true
- variable: ncStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: shouldShowStorageToggle
label: ""
schema:
type: boolean
default: false
hidden: true
- variable: isDataInTheSameVolume
label: "Pre v2 Storage Structure (See the tooltip for more information)"
description: |
If this is checked, means that this is an installation coming from a previous version (v1.x.x).<br/>
In order to have backwards compatibility, the older storage structure was kept for this installation.<br/>
If you want to utilize the new storage structure, move 'data' in a separate directory or dataset.
Change the 'Nextcloud UserData' configuration below to point to the new location and then uncheck this checkbox.
<br/><br/>
You will NOT likely want to change that if your setup uses ixVolume as storage.
schema:
type: boolean
show_if: [["shouldShowStorageToggle", "=", true]]
default: false
- variable: html
label: Nextcloud HTML Storage
description: The path to store Nextcloud HTML and AppData.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
immutable: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "html"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: data
label: Nextcloud User Data Storage
description: The path to store Nextcloud User Data.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
immutable: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "html"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: pgData
label: Nextcloud Postgres Data Storage
description: The path to store Nextcloud Postgres Data.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
immutable: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
# Nothing to show for the user
hidden: true
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "pgData"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: pgBackup
label: Nextcloud Postgres Backup Storage
description: The path to store Nextcloud Postgres Backup.
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
immutable: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
# Nothing to show for the user
hidden: true
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "pgBackup"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: additionalStorages
label: Additional Storage
description: Additional storage for Nextcloud.
schema:
type: list
default: []
items:
- variable: storageEntry
label: Storage Entry
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.</br>
SMB Share: Is a SMB share that is mounted to a persistent volume claim.
schema:
type: string
required: true
default: "ixVolume"
immutable: true
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- value: "smb-pv-pvc"
description: SMB Share (Mounts a persistent volume claim to a SMB share)
- variable: readOnly
label: Read Only
description: Mount the volume as read only.
schema:
type: boolean
default: false
- variable: mountPath
label: Mount Path
description: The path inside the container to mount the storage.
schema:
type: path
required: true
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
default: "storage_entry"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: smbConfig
label: SMB Share Configuration
description: The configuration for the SMB Share.
schema:
type: dict
show_if: [["type", "=", "smb-pv-pvc"]]
attrs:
- variable: server
label: Server
description: The server for the SMB share.
schema:
type: string
required: true
- variable: share
label: Share
description: The share name for the SMB share.
schema:
type: string
required: true
- variable: domain
label: Domain (Optional)
description: The domain for the SMB share.
schema:
type: string
- variable: username
label: Username
description: The username for the SMB share.
schema:
type: string
required: true
- variable: password
label: Password
description: The password for the SMB share.
schema:
type: string
required: true
private: true
- variable: size
label: Size (in Gi)
description: The size of the volume quota.
schema:
type: int
required: true
min: 1
default: 1
- variable: resources
group: Resources Configuration
label: ""
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for WG-Easy.
schema:
type: string
max_length: 6
valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
valid_chars_error: |
Valid CPU limit formats are</br>
- Plain Integer - eg. 1</br>
- Float - eg. 0.5</br>
- Milicpu - eg. 500m
default: "4000m"
required: true
- variable: memory
label: Memory
description: Memory limit for WG-Easy.
schema:
type: string
max_length: 12
valid_chars: "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$"
valid_chars_error: |
Valid Memory limit formats are</br>
- Suffixed with E/P/T/G/M/K - eg. 1G</br>
- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
- Plain Integer in bytes - eg. 1024</br>
- Exponent - eg. 134e6
default: "8Gi"
required: true

1
charts/nextcloud/2.0.0/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
{{ include "ix.v1.common.lib.chart.notes" $ }}

101
charts/nextcloud/2.0.0/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,101 @@
{{- define "nextcloud.configuration" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $dbHost := (printf "%s-postgres" $fullname) -}}
{{- $dbUser := "nextcloud" -}}
{{- $dbName := "nextcloud" -}}
{{- $dbPass := (randAlphaNum 32) -}}
{{/* Fetch secrets from pre-migration secret */}}
{{- with (lookup "v1" "Secret" .Release.Namespace "db-details") -}}
{{- $dbUser = ((index .data "db-user") | b64dec) -}}
{{- $dbPass = ((index .data "db-password") | b64dec) -}}
{{- end -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
{{- $dbUser = ((index .data "POSTGRES_USER") | b64dec) -}}
{{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
{{- end -}}
{{- $redisHost := (printf "%s-redis" $fullname) -}}
{{- $redisPass := randAlphaNum 32 -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-redis-creds" $fullname)) -}}
{{- $redisPass = ((index .data "REDIS_PASSWORD") | b64dec) -}}
{{- end -}}
{{/* Temporary set dynamic db details on values,
so we can print them on the notes */}}
{{- $_ := set .Values "ncDbPass" $dbPass -}}
{{- $_ := set .Values "ncDbHost" $dbHost -}}
{{- $_ := set .Values "ncDbName" $dbName -}}
{{- $_ := set .Values "ncDbUser" $dbUser -}}
{{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
secret:
postgres-creds:
enabled: true
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ $dbURL }}
redis-creds:
enabled: true
data:
ALLOW_EMPTY_PASSWORD: "no"
REDIS_PASSWORD: {{ $redisPass }}
REDIS_HOST: {{ $redisHost }}
nextcloud-creds:
enabled: true
data:
POSTGRES_HOST: {{ $dbHost }}:5432
POSTGRES_DB: {{ $dbName }}
POSTGRES_USER: {{ $dbUser }}
POSTGRES_PASSWORD: {{ $dbPass }}
REDIS_HOST: {{ $redisHost }}
REDIS_HOST_PORT: "6379"
REDIS_HOST_PASSWORD: {{ $redisPass }}
NEXTCLOUD_DATA_DIR: {{ .Values.ncConfig.dataDir }}
PHP_UPLOAD_LIMIT: {{ printf "%vG" .Values.ncConfig.maxUploadLimit | default 3 }}
PHP_MEMORY_LIMIT: {{ printf "%vM" .Values.ncConfig.phpMemoryLimit | default 512 }}
NEXTCLOUD_TRUSTED_DOMAINS: {{ list .Values.ncConfig.host "127.0.0.1" "localhost" $fullname (printf "%v-*" $fullname) | mustUniq | join " " | quote }}
NEXTCLOUD_ADMIN_USER: {{ .Values.ncConfig.adminUser }}
NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.ncConfig.adminPassword }}
{{- if .Values.ncNetwork.certificateID }}
{{- $svcCidr := "" -}}
{{- $clusterCidr := "" -}}
{{- if .Values.global.ixChartContext -}}
{{- $svcCidr = .Values.global.ixChartContext.kubernetes_config.service_cidr -}}
{{- $clusterCidr = .Values.global.ixChartContext.kubernetes_config.cluster_cidr -}}
{{- end }}
APACHE_DISABLE_REWRITE_IP: "1"
OVERWRITEPROTOCOL: "https"
TRUSTED_PROXIES: {{ list $svcCidr $clusterCidr "127.0.0.1" | mustUniq | join "," | quote }}
{{- if and .Values.ncConfig.host .Values.ncNetwork.webPort }}
{{- $overwritehost := .Values.ncConfig.host -}}
{{- if .Values.ncNetwork.nginx.useDifferentAccessPort }}
{{ $overwritehost = (printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.webPort) }}
{{- end }}
OVERWRITEHOST: {{ $overwritehost }}
{{- end }}
{{- end }}
{{- if eq (include "nextcloud.is-migration" $) "true" }}
postgres-backup-creds:
enabled: true
annotations:
helm.sh/hook: "pre-upgrade"
helm.sh/hook-delete-policy: "hook-succeeded"
helm.sh/hook-weight: "1"
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName }}
{{- end }}
{{- end -}}

37
charts/nextcloud/2.0.0/templates/_cron.tpl Normal file
View File

@@ -0,0 +1,37 @@
{{- define "nextcloud.cron" -}}
workload:
nextcloud-cron:
enabled: true
type: CronJob
schedule: {{ .Values.ncConfig.cron.schedule | quote }}
concurrencyPolicy: Forbid
podSpec:
restartPolicy: Never
hostNetwork: false
securityContext:
fsGroup: 33
containers:
nextcloud-cron:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 33
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
envFrom:
- secretRef:
name: nextcloud-creds
command:
- php
- -f
- /var/www/html/cron.php
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
{{- end -}}

48
charts/nextcloud/2.0.0/templates/_migration.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{- define "nextcloud.get-versions" -}}
{{- $oldChartVersion := "" -}}
{{- $newChartVersion := "" -}}
{{/* Safely access the context, so it wont block CI */}}
{{- if hasKey .Values.global "ixChartContext" -}}
{{- if .Values.global.ixChartContext.upgradeMetadata -}}
{{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}}
{{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}}
{{- if and (not $oldChartVersion) (not $newChartVersion) -}}
{{- fail "Upgrade Metadata is missing. Cannot proceed" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}}
{{- end -}}
{{- define "nextcloud.migration" -}}
{{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}}
{{- if and $versions.old $versions.new -}}
{{- $oldV := semver $versions.old -}}
{{- $newV := semver $versions.new -}}
{{/* If new is v2.x.x */}}
{{- if eq ($newV.Major | int) 2 -}}
{{/* And old is v1.x.x, but lower than .6.61 */}}
{{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 6) (lt ($oldV.Patch | int) 61)) -}}
{{/* Block the upgrade */}}
{{- fail "Migration to 2.x.x is only allowed from 1.6.61 or higher" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "nextcloud.is-migration" -}}
{{- $isMigration := "" -}}
{{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}}
{{- if $versions.old -}}
{{- $oldV := semver $versions.old -}}
{{- if and (eq $oldV.Major 1) (eq ($oldV.Minor | int) 6) (eq ($oldV.Patch | int) 61) -}}
{{- $isMigration = "true" -}}
{{- end -}}
{{- end -}}
{{- $isMigration -}}
{{- end -}}

15
charts/nextcloud/2.0.0/templates/_nextcloud-configs.tpl Normal file
View File

@@ -0,0 +1,15 @@
{{- define "nextcloud.configs" -}}
{{ $bytesGB := 1073741824 }}
configmap:
nextcloud-config:
enabled: true
data:
opcache.ini: |
opcache.memory_consumption={{ .Values.ncConfig.opCacheMemoryConsumption }}
php.ini: |
max_execution_time={{ .Values.ncConfig.maxExecutionTime }}
limitrequestbody.conf: |
LimitRequestBody {{ mul .Values.ncConfig.maxUploadLimit $bytesGB }}
{{- end -}}

106
charts/nextcloud/2.0.0/templates/_nextcloud.tpl Normal file
View File

@@ -0,0 +1,106 @@
{{- define "nextcloud.workload" -}}
workload:
nextcloud:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: false
securityContext:
fsGroup: 33
containers:
nextcloud:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- NET_RAW
- SETGID
- SETUID
envFrom:
- secretRef:
name: nextcloud-creds
{{ with .Values.ncConfig.additionalEnvs }}
envList:
{{ range $env := . }}
- name: {{ $env.name }}
value: {{ $env.value }}
{{ end }}
{{ end }}
probes:
liveness:
enabled: true
type: http
port: 80
path: /status.php
httpHeaders:
Host: localhost
readiness:
enabled: true
type: http
port: 80
path: /status.php
httpHeaders:
Host: localhost
startup:
enabled: true
{{- include "nextcloud.validate-commands" $ -}}
{{- $cmds := .Values.ncConfig.commands | mustUniq -}}
{{- if not $cmds }}
type: http
port: 80
path: /status.php
httpHeaders:
Host: localhost
{{- else }}
type: exec
command:
- /bin/sh
- -c
- |
check_commands={{ join " " $cmds }}
for comm in $check_commands; do
if ! command -v $comm /dev/null 2>&1; then
echo "Command $comm not found"
exit 1
fi
done
{{- end }}
lifecycle:
postStart:
type: exec
command:
- /bin/sh
- -c
- |
echo "Installing {{ join " " $cmds }}..."
apt update && apt install -y --no-install-recommends \
{{ join " " $cmds }} || echo "Failed to install binary/binaries..."
echo "Finished."
initContainers:
{{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
"secretName" "postgres-creds") | nindent 8 }}
{{- include "ix.v1.common.app.redisWait" (dict "name" "redis-wait"
"secretName" "redis-creds") | nindent 8 }}
{{- end -}}
{{- define "nextcloud.validate-commands" -}}
{{- $allowedCommmads := list "ffmpeg" "smbclient" -}}
{{- range $c := .Values.ncConfig.commands | mustUniq -}}
{{- if not (mustHas $c $allowedCommmads) -}}
{{- fail (printf "Nextcloud - Expected command to be one of [%s], but got [%s]" (join ", " $allowedCommmads) $c) -}}
{{- end -}}
{{- end -}}
{{- end -}}

102
charts/nextcloud/2.0.0/templates/_nginx-configuration.tpl Normal file
View File

@@ -0,0 +1,102 @@
{{- define "nginx.configuration" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- if .Values.ncNetwork.certificateID }}
scaleCertificate:
nextcloud-cert:
enabled: true
id: {{ .Values.ncNetwork.certificateID }}
{{ $timeout := 60 }}
{{ $size := .Values.ncConfig.maxUploadLimit | default 3 }}
{{ $useDiffAccessPort := false }}
{{ $externalAccessPort := "" }}
{{/* Safely access key as it is conditionaly shown */}}
{{ if hasKey .Values.ncNetwork "nginx" }}
{{ $useDiffAccessPort = .Values.ncNetwork.nginx.useDifferentAccessPort }}
{{ $externalAccessPort = printf ":%v" .Values.ncNetwork.nginx.externalAccessPort }}
{{ $timeout = .Values.ncNetwork.nginx.proxyTimeouts | default 60 }}
{{ end }}
{{/* If its 443, do not append it on the rewrite at all */}}
{{ if eq $externalAccessPort ":443" }}
{{ $externalAccessPort = "" }}
{{ end }}
configmap:
nginx:
enabled: true
data:
nginx.conf: |
events {}
http {
server {
# redirects all http requests to https requests
listen 8000 default_server;
listen [::]:8000 default_server;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen {{ .Values.ncNetwork.webPort }} ssl http2;
listen [::]:{{ .Values.ncNetwork.webPort }} ssl http2;
ssl_certificate '/etc/nginx-certs/public.crt';
ssl_certificate_key '/etc/nginx-certs/private.key';
# maximum 3GB Upload File; change to fit your needs
client_max_body_size {{ $size }}G;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
{{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
{{ else }}
return 301 $scheme://$host:$server_port/remote.php/dav;
{{ end }}
}
location = /.well-known/caldav {
{{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
{{ else }}
return 301 $scheme://$host:$server_port/remote.php/dav;
{{ end }}
}
location / {
proxy_pass http://{{ $fullname }}:80;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_request_buffering off;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
{{ if $useDiffAccessPort }}
proxy_set_header X-Forwarded-Port {{ $externalAccessPort | default "443" | trimPrefix ":" }};
{{ else }}
proxy_set_header X-Forwarded-Port $server_port;
{{ end }}
# Proxy timeouts
proxy_connect_timeout {{ $timeout }}s;
proxy_send_timeout {{ $timeout }}s;
proxy_read_timeout {{ $timeout }}s;
}
}
}
{{- end -}}
{{- end -}}

68
charts/nextcloud/2.0.0/templates/_nginx.tpl Normal file
View File

@@ -0,0 +1,68 @@
{{- define "nginx.workload" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $ncUrl := printf "http://%s:80" $fullname }}
workload:
nginx:
enabled: true
type: Deployment
podSpec:
hostNetwork: false
containers:
nginx:
enabled: true
primary: true
imageSelector: nginxImage
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- NET_RAW
- SETGID
- SETUID
probes:
liveness:
enabled: true
type: https
port: {{ .Values.ncNetwork.webPort }}
path: /status.php
httpHeaders:
Host: localhost
readiness:
enabled: true
type: https
port: {{ .Values.ncNetwork.webPort }}
path: /status.php
httpHeaders:
Host: localhost
startup:
enabled: true
type: https
port: {{ .Values.ncNetwork.webPort }}
path: /status.php
httpHeaders:
Host: localhost
initContainers:
01-wait-server:
enabled: true
type: init
imageSelector: bashImage
command:
- bash
args:
- -c
- |
echo "Waiting for [{{ $ncUrl }}]";
until wget --spider --quiet --timeout=3 --tries=1 {{ $ncUrl }}/status.php;
do
echo "Waiting for [{{ $ncUrl }}]";
sleep 2;
done
echo "Nextcloud is up: {{ $ncUrl }}";
{{- end -}}

179
charts/nextcloud/2.0.0/templates/_persistence.tpl Normal file
View File

@@ -0,0 +1,179 @@
{{- define "nextcloud.persistence" -}}
persistence:
html:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: html
{{- end }}
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: html
{{- end }}
postgresbackup:
postgresbackup:
mountPath: /nc-config
data:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.data) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: {{ .Values.ncConfig.dataDir }}
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: data
{{- end }}
nextcloud-cron:
nextcloud-cron:
mountPath: {{ .Values.ncConfig.dataDir }}
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: data
{{- end }}
{{- if .Values.ncStorage.isDataInTheSameVolume }}
config:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html/config
subPath: config
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/config
subPath: config
customapps:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html/custom_apps
subPath: custom_apps
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/custom_apps
subPath: custom_apps
themes:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html/themes
subPath: themes
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/themes
subPath: themes
{{- end }}
# Configuration files mounting
nc-config-opcache:
enabled: true
type: configmap
objectName: nextcloud-config
defaultMode: "0755"
targetSelector:
nextcloud:
nextcloud:
# z-99 is used to ensure that this file is loaded last
mountPath: /usr/local/etc/php/conf.d/opcache-z-99.ini
subPath: opcache.ini
nc-config-php:
enabled: true
type: configmap
objectName: nextcloud-config
defaultMode: "0755"
targetSelector:
nextcloud:
nextcloud:
# z-99 is used to ensure that this file is loaded last
mountPath: /usr/local/etc/php/conf.d/nextcloud-z-99.ini
subPath: php.ini
nc-config-limreqbody:
enabled: true
type: configmap
objectName: nextcloud-config
defaultMode: "0755"
targetSelector:
nextcloud:
nextcloud:
# https://github.com/nextcloud/docker/issues/1796
mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf
subPath: limitrequestbody.conf
tmp:
enabled: true
type: emptyDir
targetSelector:
nextcloud:
nextcloud:
mountPath: /tmp
{{- range $idx, $storage := .Values.ncStorage.additionalStorages }}
{{ printf "nc-%v:" (int $idx) }}
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: {{ $storage.mountPath }}
nextcloud-cron:
nextcloud-cron:
mountPath: {{ $storage.mountPath }}
{{- end }}
{{- if .Values.ncNetwork.certificateID }}
nginx-cert:
enabled: true
type: secret
objectName: nextcloud-cert
defaultMode: "0600"
items:
- key: tls.key
path: private.key
- key: tls.crt
path: public.crt
targetSelector:
nginx:
nginx:
mountPath: /etc/nginx-certs
readOnly: true
nginx-conf:
enabled: true
type: configmap
objectName: nginx
defaultMode: "0600"
items:
- key: nginx.conf
path: nginx.conf
targetSelector:
nginx:
nginx:
mountPath: /etc/nginx
readOnly: true
{{- end -}}
{{- include "ix.v1.common.app.postgresPersistence"
(dict "pgData" .Values.ncStorage.pgData
"pgBackup" .Values.ncStorage.pgBackup
) | nindent 2 }}
{{- end -}}
{{- define "isOldIxVol" -}}
{{- $oldDatasetName := "ix-nextcloud_data" -}}
{{- $isOld := "false" -}}
{{- $storage := .storage -}}
{{- if eq $storage.type "ixVolume" -}}
{{- if eq $storage.ixVolumeConfig.datasetName $oldDatasetName -}}
{{- $isOld = "true" -}}
{{- end -}}
{{- end -}}
{{- $isOld }}
{{- end -}}

12
charts/nextcloud/2.0.0/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,12 @@
{{- define "nextcloud.portal" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
port: {{ .Values.ncNetwork.webPort | quote }}
path: "/"
protocol: "http"
host: $node_ip
{{- end -}}

12
charts/nextcloud/2.0.0/templates/_postgres.tpl Normal file
View File

@@ -0,0 +1,12 @@
{{- define "postgres.workload" -}}
{{- $backupSecretName := "postgres-creds" -}}
{{- if eq (include "nextcloud.is-migration" $) "true" }}
{{- $backupSecretName = "postgres-backup-creds" -}}
{{- end }}
workload:
{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
"backupSecretName" $backupSecretName
"resources" .Values.resources
"imageSelector" "ncPostgresImage"
"ixChartContext" .Values.ixChartContext) | nindent 2 }}
{{- end -}}

6
charts/nextcloud/2.0.0/templates/_redis.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{- define "redis.workload" -}}
workload:
{{- include "ix.v1.common.app.redis" (dict "secretName" "redis-creds"
"resources" .Values.resources) | nindent 2 }}
{{- end -}}

49
charts/nextcloud/2.0.0/templates/_service.tpl Normal file
View File

@@ -0,0 +1,49 @@
{{- define "nextcloud.service" -}}
service:
nextcloud:
enabled: true
primary: true
{{- if not .Values.ncNetwork.certificateID }}
type: NodePort
{{- else }}
type: ClusterIP
{{- end }}
targetSelector: nextcloud
ports:
webui:
enabled: true
primary: true
{{- if not .Values.ncNetwork.certificateID }}
nodePort: {{ .Values.ncNetwork.webPort }}
{{- end }}
port: 80
targetPort: 80
targetSelector: nextcloud
{{- if .Values.ncNetwork.certificateID }}
nextcloud-nginx:
enabled: true
type: NodePort
targetSelector: nginx
ports:
webui-tls:
enabled: true
port: {{ .Values.ncNetwork.webPort }}
nodePort: {{ .Values.ncNetwork.webPort }}
targetPort: {{ .Values.ncNetwork.webPort }}
targetSelector: nginx
{{- end }}
# Redis
redis:
enabled: true
type: ClusterIP
targetSelector: redis
ports:
redis:
enabled: true
primary: true
port: 6379
targetPort: 6379
targetSelector: redis
{{- include "ix.v1.common.app.postgresService" $ | nindent 2 }}
{{- end -}}

38
charts/nextcloud/2.0.0/templates/common.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- include "ix.v1.common.loader.init" . -}}
{{- include "nextcloud.migration" $ -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configs" $ | fromYaml) -}}
{{- if .Values.ncNetwork.certificateID }}
{{- $_ := mustMergeOverwrite .Values (include "nginx.workload" $ | fromYaml) -}}
{{- end }}
{{- if .Values.ncConfig.cron.enabled }}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.cron" $ | fromYaml) -}}
{{- end }}
{{- $_ := mustMergeOverwrite .Values (include "nginx.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "redis.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.service" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.persistence" $ | fromYaml) -}}
{{/* Mutate postgres backup command to handle nextcloud config */}}
{{- $cmd := .Values.workload.postgresbackup.podSpec.containers.postgresbackup.command -}}
{{- $temp := printf ("%s\n%s\n%s\n%s\n%s\n%s\n%s")
"echo 'Fetching password from config.php'"
"# sed removes ' , => spaces and db* from the string"
"POSTGRES_USER=$(cat /nc-config/config/config.php | grep 'dbuser' | sed \"s/dbuser\\| \\|'\\|,\\|=>//g\")"
"POSTGRES_PASSWORD=$(cat /nc-config/config/config.php | grep 'dbpassword' | sed \"s/dbpassword\\| \\|'\\|,\\|=>//g\")"
"POSTGRES_DB=$(cat /nc-config/config/config.php | grep 'dbname' | sed \"s/dbname\\| \\|'\\|,\\|=>//g\")"
"[ -n \"$POSTGRES_USER\" ] && [ -n \"$POSTGRES_PASSWORD\" ] && [ -n \"$POSTGRES_DB\" ] && echo 'User, Database and password fetched from config.php'"
(index $cmd 2) -}}
{{- $newCmd := (list (index $cmd 0) (index $cmd 1) $temp) -}}
{{- $_ := set .Values.workload.postgresbackup.podSpec.containers.postgresbackup "command" $newCmd -}}
{{- $_ := set .Values.workload.postgresbackup.podSpec "securityContext" (dict "fsGroup" "33") -}}
{{/* Create the configmap for portal manually*/}}
{{- include "nextcloud.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

17
charts/nextcloud/2.0.0/to_keep_versions.md Normal file
View File

@@ -0,0 +1,17 @@
# To keep versions
## 1.6.29
Latest 26.x.x version
## 1.6.53
Latest 27.x.x version
## 1.6.59
Latest 28.x.x version
## 1.6.61
Latest release before migration to 2.x.x