diff --git a/charts/nextcloud/2.0.0/.helmignore b/charts/nextcloud/2.0.0/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/charts/nextcloud/2.0.0/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/nextcloud/2.0.0/Chart.lock b/charts/nextcloud/2.0.0/Chart.lock new file mode 100644 index 0000000000..f51b6f6f01 --- /dev/null +++ b/charts/nextcloud/2.0.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.2.9 +digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c +generated: "2024-04-12T15:56:46.904719299+03:00" diff --git a/charts/nextcloud/2.0.0/Chart.yaml b/charts/nextcloud/2.0.0/Chart.yaml new file mode 100644 index 0000000000..9ec572e274 --- /dev/null +++ b/charts/nextcloud/2.0.0/Chart.yaml @@ -0,0 +1,30 @@ +name: nextcloud +description: A file sharing server that puts the control and security of your own + data back into your hands. +annotations: + title: Nextcloud +type: application +version: 2.0.0 +apiVersion: v2 +appVersion: 29.0.0 +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ + email: dev@ixsystems.com +dependencies: + - name: common + repository: file://../../../common + version: 1.2.9 +home: https://nextcloud.com/ +icon: https://media.sys.truenas.net/apps/nextcloud/icons/icon.svg +sources: + - https://github.com/nextcloud/docker + - https://github.com/nextcloud/helm + - https://github.com/truenas/charts/tree/master/charts/nextcloud +keywords: + - nextcloud + - storage + - http + - web + - php diff --git a/charts/nextcloud/2.0.0/README.md b/charts/nextcloud/2.0.0/README.md new file mode 100644 index 0000000000..09c7fcc1d8 --- /dev/null +++ b/charts/nextcloud/2.0.0/README.md @@ -0,0 +1,3 @@ +# Nextcloud + +[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands. diff --git a/charts/nextcloud/2.0.0/app-readme.md b/charts/nextcloud/2.0.0/app-readme.md new file mode 100644 index 0000000000..09c7fcc1d8 --- /dev/null +++ b/charts/nextcloud/2.0.0/app-readme.md @@ -0,0 +1,3 @@ +# Nextcloud + +[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands. diff --git a/charts/nextcloud/2.0.0/charts/common-1.2.9.tgz b/charts/nextcloud/2.0.0/charts/common-1.2.9.tgz new file mode 100644 index 0000000000..809ea26971 Binary files /dev/null and b/charts/nextcloud/2.0.0/charts/common-1.2.9.tgz differ diff --git a/charts/nextcloud/2.0.0/ci/basic-values.yaml b/charts/nextcloud/2.0.0/ci/basic-values.yaml new file mode 100644 index 0000000000..7a01cfd4ab --- /dev/null +++ b/charts/nextcloud/2.0.0/ci/basic-values.yaml @@ -0,0 +1,31 @@ +ncConfig: + adminUser: admin + adminPassword: password + host: "127.0.0.1" + dataDir: /var/www/html/data + commands: + - ffmpeg + - smbclient + maxUploadLimit: 3 + phpMemoryLimit: 512 + +ncNetwork: + webPort: 30001 + nginx: + proxyTimeouts: 120 + useDifferentAccessPort: false + externalAccessPort: 80 + +ncStorage: + pgData: + type: pvc + html: + type: pvc + data: + type: pvc + pgBackup: + type: emptyDir + emptyDirConfig: + medium: "" + size: "" + additionalStorages: [] diff --git a/charts/nextcloud/2.0.0/ci/https-values.yaml b/charts/nextcloud/2.0.0/ci/https-values.yaml new file mode 100644 index 0000000000..c65825086a --- /dev/null +++ b/charts/nextcloud/2.0.0/ci/https-values.yaml @@ -0,0 +1,118 @@ +ncConfig: + adminUser: admin + adminPassword: password + host: "127.0.0.1" + dataDir: /var/www/html/data + commands: + - ffmpeg + - smbclient + maxUploadLimit: 3 + phpMemoryLimit: 512 + +ncNetwork: + webPort: 30001 + certificateID: 1 + nginx: + proxyTimeouts: 120 + useDifferentAccessPort: false + externalAccessPort: 80 + +ncStorage: + pgData: + type: pvc + html: + type: pvc + data: + type: pvc + pgBackup: + type: emptyDir + emptyDirConfig: + medium: "" + size: "" + additionalStorages: [] + +ixCertificates: + "1": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/charts/nextcloud/2.0.0/ci/no-cron.yaml b/charts/nextcloud/2.0.0/ci/no-cron.yaml new file mode 100644 index 0000000000..a34c8a2957 --- /dev/null +++ b/charts/nextcloud/2.0.0/ci/no-cron.yaml @@ -0,0 +1,31 @@ +ncConfig: + adminUser: admin + adminPassword: password + host: "127.0.0.1" + dataDir: /var/www/html/data + cron: + enabled: false + commands: [] + maxUploadLimit: 3 + phpMemoryLimit: 512 + +ncNetwork: + webPort: 30001 + nginx: + proxyTimeouts: 120 + useDifferentAccessPort: false + externalAccessPort: 80 + +ncStorage: + pgData: + type: pvc + html: + type: pvc + data: + type: pvc + pgBackup: + type: emptyDir + emptyDirConfig: + medium: "" + size: "" + additionalStorages: [] diff --git a/charts/nextcloud/2.0.0/ci/nocmd-values.yaml b/charts/nextcloud/2.0.0/ci/nocmd-values.yaml new file mode 100644 index 0000000000..3f87463be5 --- /dev/null +++ b/charts/nextcloud/2.0.0/ci/nocmd-values.yaml @@ -0,0 +1,29 @@ +ncConfig: + adminUser: admin + adminPassword: password + host: "127.0.0.1" + dataDir: /var/www/html/data + commands: [] + maxUploadLimit: 3 + phpMemoryLimit: 512 + +ncNetwork: + webPort: 30001 + nginx: + proxyTimeouts: 120 + useDifferentAccessPort: false + externalAccessPort: 80 + +ncStorage: + pgData: + type: pvc + html: + type: pvc + data: + type: pvc + pgBackup: + type: emptyDir + emptyDirConfig: + medium: "" + size: "" + additionalStorages: [] diff --git a/charts/nextcloud/2.0.0/ci/onedata-values.yaml b/charts/nextcloud/2.0.0/ci/onedata-values.yaml new file mode 100644 index 0000000000..859244631b --- /dev/null +++ b/charts/nextcloud/2.0.0/ci/onedata-values.yaml @@ -0,0 +1,76 @@ +ncConfig: + adminUser: admin + adminPassword: password + host: "127.0.0.1" + dataDir: /var/www/html/data + commands: [] + maxUploadLimit: 3 + phpMemoryLimit: 512 + +ncNetwork: + webPort: 30001 + nginx: + proxyTimeouts: 120 + useDifferentAccessPort: false + externalAccessPort: 80 + +ncStorage: + isDataInTheSameVolume: true + html: + type: hostPath + hostPathConfig: + hostPath: /mnt/{{ .Release.Name }}/test + data: + type: hostPath + hostPathConfig: + hostPath: /mnt/{{ .Release.Name }}/test + pgData: + type: pvc + pgBackup: + type: emptyDir + emptyDirConfig: + medium: "" + size: "" + additionalStorages: [] + +##### CI Hack ##### +# What this hack does is that it will create a pod before the chart install +# A hostPath is attached to the pod, which will force k8s to create the directory on the host. +# so the actual test run will find the directory created there. (Storage attached to the actual NC chart +# uses `subPath` for which k8s will not created the directory on the host.) +workload: + ci-hack: + enabled: true + type: Job + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded + podSpec: + restartPolicy: Never + containers: + ci-hack: + enabled: true + primary: true + image: bashImage + command: bash + args: + - -c + - exit 0 + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false +persistence: + ci-hack: + enabled: true + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/test/data + hostPathType: DirectoryOrCreate + targetSelector: + ci-hack: + ci-hack: + mountPath: /ci diff --git a/charts/nextcloud/2.0.0/ix_values.yaml b/charts/nextcloud/2.0.0/ix_values.yaml new file mode 100644 index 0000000000..96e1b0b302 --- /dev/null +++ b/charts/nextcloud/2.0.0/ix_values.yaml @@ -0,0 +1,89 @@ +image: + pullPolicy: IfNotPresent + repository: nextcloud + tag: 29.0.0 +nginxImage: + pullPolicy: IfNotPresent + repository: nginx + tag: 1.25.4 +# Keep using the same image +# as before the migration +ncPostgresImage: + pullPolicy: IfNotPresent + repository: postgres + tag: "13.1" + +resources: + limits: + cpu: 4000m + memory: 8Gi + +podOptions: + dnsConfig: + options: [] + +ncConfig: + adminUser: admin + adminPassword: password + host: "" + dataDir: /var/www/html/data + commands: + - ffmpeg + - smbclient + maxUploadLimit: 3 + phpMemoryLimit: 512 + opCacheMemoryConsumption: 128 + maxExecutionTime: 30 + cron: + enabled: true + schedule: "*/15 * * * *" + additionalEnvs: [] + +ncNetwork: + webPort: 9001 + certificateID: + nginx: + proxyTimeouts: 120 + useDifferentAccessPort: false + externalAccessPort: 80 + +ncStorage: + data: + type: ixVolume + ixVolumeConfig: + datasetName: data + html: + type: ixVolume + ixVolumeConfig: + datasetName: html + pgData: + type: ixVolume + ixVolumeConfig: + datasetName: pgData + pgBackup: + # TODO: NC creates a different user/pw for pg, so we should pass the + # config to the backup container so it can get the right details + type: ixVolume + ixVolumeConfig: + datasetName: pgBackup + additionalStorages: [] + +notes: + custom: | + ## Database + You can connect to the database using the pgAdmin App from the catalog + +
+ Database Details + + - Database: `{{ .Values.ncDbName }}` + - Username: `{{ .Values.ncDbUser }}` + - Password: `{{ .Values.ncDbPass }}` + - Host: `{{ .Values.ncDbHost }}.{{ .Release.Namespace }}.svc.cluster.local` + - Port: `5432` + +
+ {{- $_ := unset .Values "ncDbUser" }} + {{- $_ := unset .Values "ncDbName" }} + {{- $_ := unset .Values "ncDbPass" }} + {{- $_ := unset .Values "ncDbHost" }} diff --git a/charts/nextcloud/2.0.0/metadata.yaml b/charts/nextcloud/2.0.0/metadata.yaml new file mode 100644 index 0000000000..19ef667362 --- /dev/null +++ b/charts/nextcloud/2.0.0/metadata.yaml @@ -0,0 +1,32 @@ +runAsContext: + - userName: root + groupName: root + gid: 0 + uid: 0 + description: Nextcloud runs as root user. + - userName: root + groupName: root + gid: 999 + uid: 999 + description: Postgres runs as root user. + - userName: root + groupName: root + gid: 0 + uid: 0 + description: Nginx runs as root user. (Nginx only runs when certificate is provided) +capabilities: + - name: CHOWN + description: Nextcloud, Nginx and Postgres are able to chown files. + - name: FOWNER + description: Nextcloud, Nginx and Postgres are able to bypass permission checks for it's sub-processes. + - name: DAC_OVERRIDE + description: Nextcloud, Nginx and Postgres are able to bypass permission checks. + - name: SETGID + description: Nextcloud, Nginx and Postgres are able to set group ID for it's sub-processes. + - name: SETUID + description: Nextcloud, Nginx and Postgres are able to set user ID for it's sub-processes. + - name: NET_BIND_SERVICE + description: Nextcloud, Nginx and Postgres are able to bind to privileged ports. + - name: NET_RAW + description: Nextcloud, Nginx and Postgres are able to use raw sockets. +hostMounts: [] diff --git a/charts/nextcloud/2.0.0/migrations/migrate b/charts/nextcloud/2.0.0/migrations/migrate new file mode 100755 index 0000000000..c6d6371655 --- /dev/null +++ b/charts/nextcloud/2.0.0/migrations/migrate @@ -0,0 +1,110 @@ +#!/usr/bin/python3 +import json +import os +import sys + +def migrate_volume(volume, suffix=''): + return { + 'type': 'hostPath', + 'hostPathConfig': { + 'hostPath': volume['hostPath']+suffix + }, + } if volume.get('hostPathEnabled', False) else { + 'type': 'ixVolume', + 'ixVolumeConfig': { + 'datasetName': volume['datasetName'], + }, + } + +def migrate_common_lib(values): + delete_keys = [ + 'service', 'updateStrategy', 'certificate', 'enableResourceLimits', 'cpuLimit', + 'memLimit', 'dnsConfig', 'environmentVariables', 'nextcloud', 'cronjob', 'nginx', + 'nginxConfig', 'postgresAppVolumeMounts', 'extraAppVolumeMounts', 'appVolumeMounts', + 'useServiceNameForHost', + ] + + values.update({ + 'shouldShowStorageToggle': True, + 'isDataInTheSameVolume': True, + # Migrate Network + 'ncNetwork': { + 'webPort': values['service']['nodePort'], + 'certificateID': values['certificate'], + 'nginx': { + 'proxyTimeouts': values.get('nginxConfig', {}).get('proxy_timeouts', 60), + 'useDifferentAccessPort': values.get('nginxConfig', {}).get('useDifferentAccessPort', False), + 'externalAccessPort': values.get('nginxConfig', {}).get('externalAccessPort', 443) + } + }, + # Migrate Resources + 'resources': { + 'limits': { + 'cpu': values.get('cpuLimit', '4000m'), + 'memory': values.get('memLimit', '8Gi'), + } + }, + # Migrate DNS + 'podOptions': { + 'dnsConfig': { + 'options': [ + {'name': opt['name'], 'value': opt['value']} + for opt in values.get('dnsConfig', {}).get('options', []) + ] + } + }, + # Migrate Config + 'ncConfig': { + 'additionalEnvs': values.get('environmentVariables', []), + 'adminUser': values['nextcloud']['username'], + 'adminPassword': values['nextcloud']['password'], + 'host': values['nextcloud'].get('host', ''), + 'dataDir': values['nextcloud']['datadir'], + 'commands': (['ffmpeg'] if values['nextcloud']['install_ffmpeg'] else []) + (['smbclient'] if values['nextcloud']['install_smbclient'] else []), + 'maxUploadLimit': values['nextcloud']['max_upload_size'], + 'maxExecutionTime': values['nextcloud']['max_execution_time'], + 'phpMemoryLimit': values['nextcloud']['php_memory_limit'], + 'opCacheMemoryConsumption': values['nextcloud']['opcache_memory_consumption'], + 'cron': { + 'enabled': values['cronjob']['enabled'], + 'schedule': values['cronjob']['schedule'] if values['cronjob']['enabled'] else '*/15 * * * *', + } + }, + # Migrate Storage + 'ncStorage': { + 'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']), + 'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']), + 'data': migrate_volume(values['appVolumeMounts']['nextcloud-data']), + 'html': migrate_volume(values['appVolumeMounts']['nextcloud-data']), + 'additionalStorages': [ + { + 'type': 'hostPath', + 'hostPathConfig': {'hostPath': e['hostPath']}, + 'mountPath': e['mountPath'], + } + for e in values.get('extraAppVolumeMounts', []) + ], + }, + }) + + for k in delete_keys: + values.pop(k, None) + + return values + +def migrate(values): + # If this missing, we have already migrated + if not 'appVolumeMounts' in values.keys(): + return values + + + return migrate_common_lib(values) + + +if __name__ == '__main__': + if len(sys.argv) != 2: + exit(1) + + if os.path.exists(sys.argv[1]): + with open(sys.argv[1], 'r') as f: + print(json.dumps(migrate(json.loads(f.read())))) diff --git a/charts/nextcloud/2.0.0/questions.yaml b/charts/nextcloud/2.0.0/questions.yaml new file mode 100644 index 0000000000..a2fcd52865 --- /dev/null +++ b/charts/nextcloud/2.0.0/questions.yaml @@ -0,0 +1,760 @@ +groups: + - name: Nextcloud Configuration + description: Configure Nextcloud + - name: Advanced Pod Configuration + description: Configure Advanced Pod Options for Nextcloud + - name: Network Configuration + description: Configure Network for Nextcloud + - name: Storage Configuration + description: Configure Storage for Nextcloud + - name: Resources Configuration + description: Configure Resources for Nextcloud + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" + +questions: + - variable: ncConfig + label: "" + group: Nextcloud Configuration + schema: + type: dict + attrs: + - variable: adminUser + label: Admin User + description: The Nextcloud admin user. + schema: + type: string + default: "" + required: true + - variable: adminPassword + label: Admin Password + description: The Nextcloud admin password. + schema: + type: string + default: "" + required: true + - variable: host + label: Host + description: Nextcloud host to create application URLs + schema: + type: string + $ref: + - "definitions/nodeIP" + - variable: dataDir + label: "Nextcloud data directory" + description: "Configures the data directory where Nextcloud stores all files from the users. The path refers to the path inside the container" + schema: + type: path + default: "/var/www/html/data" + required: true + - variable: commands + label: Commands + description: Commands to run in the Nextcloud container + schema: + type: list + items: + - variable: command + label: Command + schema: + type: string + required: true + enum: + - value: ffmpeg + description: ffmpeg + - value: smbclient + description: smbclient + - variable: maxUploadLimit + label: Max Upload Size (Giga Bytes) + description: | + Applies the timeout to the following settings:
+ - client_max_body_size in nginx
+ - post_max_size and upload_max_filesize in php
+ schema: + type: int + default: 3 + min: 1 + required: true + - variable: maxExecutionTime + label: Max Execution Time (Seconds) + description: Configures the max execution time of php + schema: + type: int + default: 30 + min: 30 + required: true + - variable: phpMemoryLimit + label: PHP Memory Limit (Mega Bytes) + description: Configures the memory limit of php + schema: + type: int + default: 512 + min: 128 + max: 4096 + required: true + - variable: opCacheMemoryConsumption + label: Opcache Memory Consumption (Mega Bytes) + description: Configures the memory consumption of the opcache + schema: + type: int + min: 128 + max: 1024 + default: 128 + required: true + - variable: cron + label: Cron + description: Configures the cron job for Nextcloud + schema: + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + required: true + - variable: schedule + label: Schedule + schema: + type: string + show_if: [["enabled", "=", true]] + default: "*/15 * * * *" + required: true + + - variable: podOptions + label: "" + group: Advanced Pod Configuration + schema: + type: dict + attrs: + - variable: dnsConfig + label: Advanced DNS Configuration + schema: + type: dict + attrs: + - variable: options + label: DNS Options + schema: + type: list + items: + - variable: optionsEntry + label: DNS Option Entry + schema: + type: dict + attrs: + - variable: name + label: Option Name + schema: + type: string + required: true + - variable: value + label: Option Value + schema: + type: string + required: true + + - variable: ncNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: webPort + label: Web Port + description: The port for the Nextcloud Web UI. + schema: + type: int + default: 20810 + min: 9000 + max: 65535 + required: true + - variable: certificateID + label: Certificate + description: The certificate to use for Nextcloud + schema: + type: int + "null": true + $ref: + - "definitions/certificate" + - variable: nginx + label: Nginx Configuration + schema: + type: dict + show_if: [["certificateID", "!=", null]] + attrs: + - variable: proxyTimeouts + label: Proxy timeouts (Seconds) + description: | + Applies the timeout to the following settings:
+ - proxy_connect_timeout
+ - proxy_send_timeout
+ - proxy_read_timeout
+ schema: + type: int + min: 30 + default: 60 + required: true + - variable: useDifferentAccessPort + label: Use different port for URL rewrites + description: | + If enabled, the URL rewrite will use [Access Port] defined below instead of the [Node Port].
+ Note that Nextcloud will still listen on the [Node Port]. (Default 9001) + schema: + type: boolean + default: false + - variable: externalAccessPort + label: External Access Port + schema: + type: int + show_if: [["useDifferentAccessPort", "=", true]] + min: 443 + max: 65535 + default: 443 + required: true + + - variable: ncStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: shouldShowStorageToggle + label: "" + schema: + type: boolean + default: false + hidden: true + - variable: isDataInTheSameVolume + label: "Pre v2 Storage Structure (See the tooltip for more information)" + description: | + If this is checked, means that this is an installation coming from a previous version (v1.x.x).
+ In order to have backwards compatibility, the older storage structure was kept for this installation.
+ If you want to utilize the new storage structure, move 'data' in a separate directory or dataset. + Change the 'Nextcloud UserData' configuration below to point to the new location and then uncheck this checkbox. +

+ You will NOT likely want to change that if your setup uses ixVolume as storage. + schema: + type: boolean + show_if: [["shouldShowStorageToggle", "=", true]] + default: false + - variable: html + label: Nextcloud HTML Storage + description: The path to store Nextcloud HTML and AppData. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + immutable: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "html" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: data + label: Nextcloud User Data Storage + description: The path to store Nextcloud User Data. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + immutable: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "html" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + + - variable: pgData + label: Nextcloud Postgres Data Storage + description: The path to store Nextcloud Postgres Data. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + immutable: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + # Nothing to show for the user + hidden: true + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "pgData" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: pgBackup + label: Nextcloud Postgres Backup Storage + description: The path to store Nextcloud Postgres Backup. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + immutable: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + # Nothing to show for the user + hidden: true + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "pgBackup" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Nextcloud. + schema: + type: list + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ SMB Share: Is a SMB share that is mounted to a persistent volume claim. + schema: + type: string + required: true + default: "ixVolume" + immutable: true + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - value: "smb-pv-pvc" + description: SMB Share (Mounts a persistent volume claim to a SMB share) + - variable: readOnly + label: Read Only + description: Mount the volume as read only. + schema: + type: boolean + default: false + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + default: "storage_entry" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: smbConfig + label: SMB Share Configuration + description: The configuration for the SMB Share. + schema: + type: dict + show_if: [["type", "=", "smb-pv-pvc"]] + attrs: + - variable: server + label: Server + description: The server for the SMB share. + schema: + type: string + required: true + - variable: share + label: Share + description: The share name for the SMB share. + schema: + type: string + required: true + - variable: domain + label: Domain (Optional) + description: The domain for the SMB share. + schema: + type: string + - variable: username + label: Username + description: The username for the SMB share. + schema: + type: string + required: true + - variable: password + label: Password + description: The password for the SMB share. + schema: + type: string + required: true + private: true + - variable: size + label: Size (in Gi) + description: The size of the volume quota. + schema: + type: int + required: true + min: 1 + default: 1 + + - variable: resources + group: Resources Configuration + label: "" + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for WG-Easy. + schema: + type: string + max_length: 6 + valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' + valid_chars_error: | + Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for WG-Easy. + schema: + type: string + max_length: 12 + valid_chars: "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$" + valid_chars_error: | + Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6 + default: "8Gi" + required: true diff --git a/charts/nextcloud/2.0.0/templates/NOTES.txt b/charts/nextcloud/2.0.0/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/charts/nextcloud/2.0.0/templates/_configuration.tpl b/charts/nextcloud/2.0.0/templates/_configuration.tpl new file mode 100644 index 0000000000..89c673d406 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_configuration.tpl @@ -0,0 +1,101 @@ +{{- define "nextcloud.configuration" -}} + + {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} + + {{- $dbHost := (printf "%s-postgres" $fullname) -}} + {{- $dbUser := "nextcloud" -}} + {{- $dbName := "nextcloud" -}} + {{- $dbPass := (randAlphaNum 32) -}} + + {{/* Fetch secrets from pre-migration secret */}} + {{- with (lookup "v1" "Secret" .Release.Namespace "db-details") -}} + {{- $dbUser = ((index .data "db-user") | b64dec) -}} + {{- $dbPass = ((index .data "db-password") | b64dec) -}} + {{- end -}} + + {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}} + {{- $dbUser = ((index .data "POSTGRES_USER") | b64dec) -}} + {{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}} + {{- end -}} + + {{- $redisHost := (printf "%s-redis" $fullname) -}} + + {{- $redisPass := randAlphaNum 32 -}} + {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-redis-creds" $fullname)) -}} + {{- $redisPass = ((index .data "REDIS_PASSWORD") | b64dec) -}} + {{- end -}} + + {{/* Temporary set dynamic db details on values, + so we can print them on the notes */}} + {{- $_ := set .Values "ncDbPass" $dbPass -}} + {{- $_ := set .Values "ncDbHost" $dbHost -}} + {{- $_ := set .Values "ncDbName" $dbName -}} + {{- $_ := set .Values "ncDbUser" $dbUser -}} + + {{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }} +secret: + postgres-creds: + enabled: true + data: + POSTGRES_USER: {{ $dbUser }} + POSTGRES_DB: {{ $dbName }} + POSTGRES_PASSWORD: {{ $dbPass }} + POSTGRES_HOST: {{ $dbHost }} + POSTGRES_URL: {{ $dbURL }} + + redis-creds: + enabled: true + data: + ALLOW_EMPTY_PASSWORD: "no" + REDIS_PASSWORD: {{ $redisPass }} + REDIS_HOST: {{ $redisHost }} + + nextcloud-creds: + enabled: true + data: + POSTGRES_HOST: {{ $dbHost }}:5432 + POSTGRES_DB: {{ $dbName }} + POSTGRES_USER: {{ $dbUser }} + POSTGRES_PASSWORD: {{ $dbPass }} + REDIS_HOST: {{ $redisHost }} + REDIS_HOST_PORT: "6379" + REDIS_HOST_PASSWORD: {{ $redisPass }} + NEXTCLOUD_DATA_DIR: {{ .Values.ncConfig.dataDir }} + PHP_UPLOAD_LIMIT: {{ printf "%vG" .Values.ncConfig.maxUploadLimit | default 3 }} + PHP_MEMORY_LIMIT: {{ printf "%vM" .Values.ncConfig.phpMemoryLimit | default 512 }} + NEXTCLOUD_TRUSTED_DOMAINS: {{ list .Values.ncConfig.host "127.0.0.1" "localhost" $fullname (printf "%v-*" $fullname) | mustUniq | join " " | quote }} + NEXTCLOUD_ADMIN_USER: {{ .Values.ncConfig.adminUser }} + NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.ncConfig.adminPassword }} + {{- if .Values.ncNetwork.certificateID }} + {{- $svcCidr := "" -}} + {{- $clusterCidr := "" -}} + {{- if .Values.global.ixChartContext -}} + {{- $svcCidr = .Values.global.ixChartContext.kubernetes_config.service_cidr -}} + {{- $clusterCidr = .Values.global.ixChartContext.kubernetes_config.cluster_cidr -}} + {{- end }} + APACHE_DISABLE_REWRITE_IP: "1" + OVERWRITEPROTOCOL: "https" + TRUSTED_PROXIES: {{ list $svcCidr $clusterCidr "127.0.0.1" | mustUniq | join "," | quote }} + {{- if and .Values.ncConfig.host .Values.ncNetwork.webPort }} + {{- $overwritehost := .Values.ncConfig.host -}} + {{- if .Values.ncNetwork.nginx.useDifferentAccessPort }} + {{ $overwritehost = (printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.webPort) }} + {{- end }} + OVERWRITEHOST: {{ $overwritehost }} + {{- end }} + {{- end }} + {{- if eq (include "nextcloud.is-migration" $) "true" }} + postgres-backup-creds: + enabled: true + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-delete-policy: "hook-succeeded" + helm.sh/hook-weight: "1" + data: + POSTGRES_USER: {{ $dbUser }} + POSTGRES_DB: {{ $dbName }} + POSTGRES_PASSWORD: {{ $dbPass }} + POSTGRES_HOST: {{ $dbHost }} + POSTGRES_URL: {{ printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName }} + {{- end }} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_cron.tpl b/charts/nextcloud/2.0.0/templates/_cron.tpl new file mode 100644 index 0000000000..c70d8562d1 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_cron.tpl @@ -0,0 +1,37 @@ +{{- define "nextcloud.cron" -}} +workload: + nextcloud-cron: + enabled: true + type: CronJob + schedule: {{ .Values.ncConfig.cron.schedule | quote }} + concurrencyPolicy: Forbid + podSpec: + restartPolicy: Never + hostNetwork: false + securityContext: + fsGroup: 33 + containers: + nextcloud-cron: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: 33 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + envFrom: + - secretRef: + name: nextcloud-creds + command: + - php + - -f + - /var/www/html/cron.php + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_migration.tpl b/charts/nextcloud/2.0.0/templates/_migration.tpl new file mode 100644 index 0000000000..66eee90fbd --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_migration.tpl @@ -0,0 +1,48 @@ +{{- define "nextcloud.get-versions" -}} + {{- $oldChartVersion := "" -}} + {{- $newChartVersion := "" -}} + + {{/* Safely access the context, so it wont block CI */}} + {{- if hasKey .Values.global "ixChartContext" -}} + {{- if .Values.global.ixChartContext.upgradeMetadata -}} + + {{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}} + {{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}} + {{- if and (not $oldChartVersion) (not $newChartVersion) -}} + {{- fail "Upgrade Metadata is missing. Cannot proceed" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}} +{{- end -}} + +{{- define "nextcloud.migration" -}} + {{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}} + {{- if and $versions.old $versions.new -}} + {{- $oldV := semver $versions.old -}} + {{- $newV := semver $versions.new -}} + + {{/* If new is v2.x.x */}} + {{- if eq ($newV.Major | int) 2 -}} + {{/* And old is v1.x.x, but lower than .6.61 */}} + {{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 6) (lt ($oldV.Patch | int) 61)) -}} + {{/* Block the upgrade */}} + {{- fail "Migration to 2.x.x is only allowed from 1.6.61 or higher" -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "nextcloud.is-migration" -}} + {{- $isMigration := "" -}} + {{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}} + {{- if $versions.old -}} + {{- $oldV := semver $versions.old -}} + {{- if and (eq $oldV.Major 1) (eq ($oldV.Minor | int) 6) (eq ($oldV.Patch | int) 61) -}} + {{- $isMigration = "true" -}} + {{- end -}} + {{- end -}} + + {{- $isMigration -}} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_nextcloud-configs.tpl b/charts/nextcloud/2.0.0/templates/_nextcloud-configs.tpl new file mode 100644 index 0000000000..4c27361f70 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_nextcloud-configs.tpl @@ -0,0 +1,15 @@ +{{- define "nextcloud.configs" -}} +{{ $bytesGB := 1073741824 }} +configmap: + nextcloud-config: + enabled: true + data: + opcache.ini: | + opcache.memory_consumption={{ .Values.ncConfig.opCacheMemoryConsumption }} + + php.ini: | + max_execution_time={{ .Values.ncConfig.maxExecutionTime }} + + limitrequestbody.conf: | + LimitRequestBody {{ mul .Values.ncConfig.maxUploadLimit $bytesGB }} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_nextcloud.tpl b/charts/nextcloud/2.0.0/templates/_nextcloud.tpl new file mode 100644 index 0000000000..0a973932ad --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_nextcloud.tpl @@ -0,0 +1,106 @@ +{{- define "nextcloud.workload" -}} +workload: + nextcloud: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: false + securityContext: + fsGroup: 33 + containers: + nextcloud: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - NET_BIND_SERVICE + - NET_RAW + - SETGID + - SETUID + envFrom: + - secretRef: + name: nextcloud-creds + {{ with .Values.ncConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: http + port: 80 + path: /status.php + httpHeaders: + Host: localhost + readiness: + enabled: true + type: http + port: 80 + path: /status.php + httpHeaders: + Host: localhost + startup: + enabled: true + {{- include "nextcloud.validate-commands" $ -}} + {{- $cmds := .Values.ncConfig.commands | mustUniq -}} + {{- if not $cmds }} + type: http + port: 80 + path: /status.php + httpHeaders: + Host: localhost + {{- else }} + type: exec + command: + - /bin/sh + - -c + - | + check_commands={{ join " " $cmds }} + for comm in $check_commands; do + if ! command -v $comm /dev/null 2>&1; then + echo "Command $comm not found" + exit 1 + fi + done + {{- end }} + lifecycle: + postStart: + type: exec + command: + - /bin/sh + - -c + - | + echo "Installing {{ join " " $cmds }}..." + apt update && apt install -y --no-install-recommends \ + {{ join " " $cmds }} || echo "Failed to install binary/binaries..." + echo "Finished." + initContainers: + {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait" + "secretName" "postgres-creds") | nindent 8 }} + {{- include "ix.v1.common.app.redisWait" (dict "name" "redis-wait" + "secretName" "redis-creds") | nindent 8 }} +{{- end -}} + + +{{- define "nextcloud.validate-commands" -}} + {{- $allowedCommmads := list "ffmpeg" "smbclient" -}} + + {{- range $c := .Values.ncConfig.commands | mustUniq -}} + {{- if not (mustHas $c $allowedCommmads) -}} + {{- fail (printf "Nextcloud - Expected command to be one of [%s], but got [%s]" (join ", " $allowedCommmads) $c) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_nginx-configuration.tpl b/charts/nextcloud/2.0.0/templates/_nginx-configuration.tpl new file mode 100644 index 0000000000..cd41c22396 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_nginx-configuration.tpl @@ -0,0 +1,102 @@ +{{- define "nginx.configuration" -}} +{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} + +{{- if .Values.ncNetwork.certificateID }} +scaleCertificate: + nextcloud-cert: + enabled: true + id: {{ .Values.ncNetwork.certificateID }} + + {{ $timeout := 60 }} + {{ $size := .Values.ncConfig.maxUploadLimit | default 3 }} + {{ $useDiffAccessPort := false }} + {{ $externalAccessPort := "" }} + {{/* Safely access key as it is conditionaly shown */}} + {{ if hasKey .Values.ncNetwork "nginx" }} + {{ $useDiffAccessPort = .Values.ncNetwork.nginx.useDifferentAccessPort }} + {{ $externalAccessPort = printf ":%v" .Values.ncNetwork.nginx.externalAccessPort }} + {{ $timeout = .Values.ncNetwork.nginx.proxyTimeouts | default 60 }} + {{ end }} + {{/* If its 443, do not append it on the rewrite at all */}} + {{ if eq $externalAccessPort ":443" }} + {{ $externalAccessPort = "" }} + {{ end }} +configmap: + nginx: + enabled: true + data: + nginx.conf: | + events {} + http { + server { + # redirects all http requests to https requests + listen 8000 default_server; + listen [::]:8000 default_server; + return 301 https://$host$request_uri; + } + + server { + server_name localhost; + + listen {{ .Values.ncNetwork.webPort }} ssl http2; + listen [::]:{{ .Values.ncNetwork.webPort }} ssl http2; + + ssl_certificate '/etc/nginx-certs/public.crt'; + ssl_certificate_key '/etc/nginx-certs/private.key'; + + # maximum 3GB Upload File; change to fit your needs + client_max_body_size {{ $size }}G; + + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /.well-known/carddav { + {{ if $useDiffAccessPort }} + return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav; + {{ else }} + return 301 $scheme://$host:$server_port/remote.php/dav; + {{ end }} + } + + location = /.well-known/caldav { + {{ if $useDiffAccessPort }} + return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav; + {{ else }} + return 301 $scheme://$host:$server_port/remote.php/dav; + {{ end }} + } + + location / { + proxy_pass http://{{ $fullname }}:80; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_request_buffering off; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + {{ if $useDiffAccessPort }} + proxy_set_header X-Forwarded-Port {{ $externalAccessPort | default "443" | trimPrefix ":" }}; + {{ else }} + proxy_set_header X-Forwarded-Port $server_port; + {{ end }} + + # Proxy timeouts + proxy_connect_timeout {{ $timeout }}s; + proxy_send_timeout {{ $timeout }}s; + proxy_read_timeout {{ $timeout }}s; + } + } + } +{{- end -}} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_nginx.tpl b/charts/nextcloud/2.0.0/templates/_nginx.tpl new file mode 100644 index 0000000000..6282209132 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_nginx.tpl @@ -0,0 +1,68 @@ +{{- define "nginx.workload" -}} + {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} + {{- $ncUrl := printf "http://%s:80" $fullname }} +workload: + nginx: + enabled: true + type: Deployment + podSpec: + hostNetwork: false + containers: + nginx: + enabled: true + primary: true + imageSelector: nginxImage + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - NET_BIND_SERVICE + - NET_RAW + - SETGID + - SETUID + probes: + liveness: + enabled: true + type: https + port: {{ .Values.ncNetwork.webPort }} + path: /status.php + httpHeaders: + Host: localhost + readiness: + enabled: true + type: https + port: {{ .Values.ncNetwork.webPort }} + path: /status.php + httpHeaders: + Host: localhost + startup: + enabled: true + type: https + port: {{ .Values.ncNetwork.webPort }} + path: /status.php + httpHeaders: + Host: localhost + initContainers: + 01-wait-server: + enabled: true + type: init + imageSelector: bashImage + command: + - bash + args: + - -c + - | + echo "Waiting for [{{ $ncUrl }}]"; + until wget --spider --quiet --timeout=3 --tries=1 {{ $ncUrl }}/status.php; + do + echo "Waiting for [{{ $ncUrl }}]"; + sleep 2; + done + echo "Nextcloud is up: {{ $ncUrl }}"; +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_persistence.tpl b/charts/nextcloud/2.0.0/templates/_persistence.tpl new file mode 100644 index 0000000000..f9195845b9 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_persistence.tpl @@ -0,0 +1,179 @@ +{{- define "nextcloud.persistence" -}} +persistence: + html: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }} + targetSelector: + nextcloud: + nextcloud: + mountPath: /var/www/html + {{- if .Values.ncStorage.isDataInTheSameVolume }} + subPath: html + {{- end }} + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html + {{- if .Values.ncStorage.isDataInTheSameVolume }} + subPath: html + {{- end }} + postgresbackup: + postgresbackup: + mountPath: /nc-config + data: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.data) | nindent 4 }} + targetSelector: + nextcloud: + nextcloud: + mountPath: {{ .Values.ncConfig.dataDir }} + {{- if .Values.ncStorage.isDataInTheSameVolume }} + subPath: data + {{- end }} + nextcloud-cron: + nextcloud-cron: + mountPath: {{ .Values.ncConfig.dataDir }} + {{- if .Values.ncStorage.isDataInTheSameVolume }} + subPath: data + {{- end }} + {{- if .Values.ncStorage.isDataInTheSameVolume }} + config: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }} + targetSelector: + nextcloud: + nextcloud: + mountPath: /var/www/html/config + subPath: config + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html/config + subPath: config + customapps: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }} + targetSelector: + nextcloud: + nextcloud: + mountPath: /var/www/html/custom_apps + subPath: custom_apps + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html/custom_apps + subPath: custom_apps + themes: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }} + targetSelector: + nextcloud: + nextcloud: + mountPath: /var/www/html/themes + subPath: themes + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html/themes + subPath: themes + {{- end }} + + # Configuration files mounting + nc-config-opcache: + enabled: true + type: configmap + objectName: nextcloud-config + defaultMode: "0755" + targetSelector: + nextcloud: + nextcloud: + # z-99 is used to ensure that this file is loaded last + mountPath: /usr/local/etc/php/conf.d/opcache-z-99.ini + subPath: opcache.ini + nc-config-php: + enabled: true + type: configmap + objectName: nextcloud-config + defaultMode: "0755" + targetSelector: + nextcloud: + nextcloud: + # z-99 is used to ensure that this file is loaded last + mountPath: /usr/local/etc/php/conf.d/nextcloud-z-99.ini + subPath: php.ini + nc-config-limreqbody: + enabled: true + type: configmap + objectName: nextcloud-config + defaultMode: "0755" + targetSelector: + nextcloud: + nextcloud: + # https://github.com/nextcloud/docker/issues/1796 + mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf + subPath: limitrequestbody.conf + tmp: + enabled: true + type: emptyDir + targetSelector: + nextcloud: + nextcloud: + mountPath: /tmp + {{- range $idx, $storage := .Values.ncStorage.additionalStorages }} + {{ printf "nc-%v:" (int $idx) }} + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }} + targetSelector: + nextcloud: + nextcloud: + mountPath: {{ $storage.mountPath }} + nextcloud-cron: + nextcloud-cron: + mountPath: {{ $storage.mountPath }} + {{- end }} + {{- if .Values.ncNetwork.certificateID }} + nginx-cert: + enabled: true + type: secret + objectName: nextcloud-cert + defaultMode: "0600" + items: + - key: tls.key + path: private.key + - key: tls.crt + path: public.crt + targetSelector: + nginx: + nginx: + mountPath: /etc/nginx-certs + readOnly: true + nginx-conf: + enabled: true + type: configmap + objectName: nginx + defaultMode: "0600" + items: + - key: nginx.conf + path: nginx.conf + targetSelector: + nginx: + nginx: + mountPath: /etc/nginx + readOnly: true + {{- end -}} + + {{- include "ix.v1.common.app.postgresPersistence" + (dict "pgData" .Values.ncStorage.pgData + "pgBackup" .Values.ncStorage.pgBackup + ) | nindent 2 }} +{{- end -}} + +{{- define "isOldIxVol" -}} + {{- $oldDatasetName := "ix-nextcloud_data" -}} + {{- $isOld := "false" -}} + {{- $storage := .storage -}} + + {{- if eq $storage.type "ixVolume" -}} + {{- if eq $storage.ixVolumeConfig.datasetName $oldDatasetName -}} + {{- $isOld = "true" -}} + {{- end -}} + {{- end -}} + + {{- $isOld }} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_portal.tpl b/charts/nextcloud/2.0.0/templates/_portal.tpl new file mode 100644 index 0000000000..bbf8a923c8 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_portal.tpl @@ -0,0 +1,12 @@ +{{- define "nextcloud.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + port: {{ .Values.ncNetwork.webPort | quote }} + path: "/" + protocol: "http" + host: $node_ip +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_postgres.tpl b/charts/nextcloud/2.0.0/templates/_postgres.tpl new file mode 100644 index 0000000000..031bcd1c12 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_postgres.tpl @@ -0,0 +1,12 @@ +{{- define "postgres.workload" -}} + {{- $backupSecretName := "postgres-creds" -}} + {{- if eq (include "nextcloud.is-migration" $) "true" }} + {{- $backupSecretName = "postgres-backup-creds" -}} + {{- end }} +workload: +{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds" + "backupSecretName" $backupSecretName + "resources" .Values.resources + "imageSelector" "ncPostgresImage" + "ixChartContext" .Values.ixChartContext) | nindent 2 }} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_redis.tpl b/charts/nextcloud/2.0.0/templates/_redis.tpl new file mode 100644 index 0000000000..c90b61b2be --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_redis.tpl @@ -0,0 +1,6 @@ +{{- define "redis.workload" -}} +workload: +{{- include "ix.v1.common.app.redis" (dict "secretName" "redis-creds" + "resources" .Values.resources) | nindent 2 }} + +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/_service.tpl b/charts/nextcloud/2.0.0/templates/_service.tpl new file mode 100644 index 0000000000..1256d8fe88 --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/_service.tpl @@ -0,0 +1,49 @@ +{{- define "nextcloud.service" -}} +service: + nextcloud: + enabled: true + primary: true + {{- if not .Values.ncNetwork.certificateID }} + type: NodePort + {{- else }} + type: ClusterIP + {{- end }} + targetSelector: nextcloud + ports: + webui: + enabled: true + primary: true + {{- if not .Values.ncNetwork.certificateID }} + nodePort: {{ .Values.ncNetwork.webPort }} + {{- end }} + port: 80 + targetPort: 80 + targetSelector: nextcloud + {{- if .Values.ncNetwork.certificateID }} + nextcloud-nginx: + enabled: true + type: NodePort + targetSelector: nginx + ports: + webui-tls: + enabled: true + port: {{ .Values.ncNetwork.webPort }} + nodePort: {{ .Values.ncNetwork.webPort }} + targetPort: {{ .Values.ncNetwork.webPort }} + targetSelector: nginx + {{- end }} + + # Redis + redis: + enabled: true + type: ClusterIP + targetSelector: redis + ports: + redis: + enabled: true + primary: true + port: 6379 + targetPort: 6379 + targetSelector: redis + {{- include "ix.v1.common.app.postgresService" $ | nindent 2 }} +{{- end -}} diff --git a/charts/nextcloud/2.0.0/templates/common.yaml b/charts/nextcloud/2.0.0/templates/common.yaml new file mode 100644 index 0000000000..fe47122a4e --- /dev/null +++ b/charts/nextcloud/2.0.0/templates/common.yaml @@ -0,0 +1,38 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{- include "nextcloud.migration" $ -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "nextcloud.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configuration" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configs" $ | fromYaml) -}} +{{- if .Values.ncNetwork.certificateID }} + {{- $_ := mustMergeOverwrite .Values (include "nginx.workload" $ | fromYaml) -}} +{{- end }} +{{- if .Values.ncConfig.cron.enabled }} + {{- $_ := mustMergeOverwrite .Values (include "nextcloud.cron" $ | fromYaml) -}} +{{- end }} +{{- $_ := mustMergeOverwrite .Values (include "nginx.configuration" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "redis.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "nextcloud.service" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "nextcloud.persistence" $ | fromYaml) -}} + +{{/* Mutate postgres backup command to handle nextcloud config */}} +{{- $cmd := .Values.workload.postgresbackup.podSpec.containers.postgresbackup.command -}} +{{- $temp := printf ("%s\n%s\n%s\n%s\n%s\n%s\n%s") + "echo 'Fetching password from config.php'" + "# sed removes ' , => spaces and db* from the string" + "POSTGRES_USER=$(cat /nc-config/config/config.php | grep 'dbuser' | sed \"s/dbuser\\| \\|'\\|,\\|=>//g\")" + "POSTGRES_PASSWORD=$(cat /nc-config/config/config.php | grep 'dbpassword' | sed \"s/dbpassword\\| \\|'\\|,\\|=>//g\")" + "POSTGRES_DB=$(cat /nc-config/config/config.php | grep 'dbname' | sed \"s/dbname\\| \\|'\\|,\\|=>//g\")" + "[ -n \"$POSTGRES_USER\" ] && [ -n \"$POSTGRES_PASSWORD\" ] && [ -n \"$POSTGRES_DB\" ] && echo 'User, Database and password fetched from config.php'" + (index $cmd 2) -}} +{{- $newCmd := (list (index $cmd 0) (index $cmd 1) $temp) -}} +{{- $_ := set .Values.workload.postgresbackup.podSpec.containers.postgresbackup "command" $newCmd -}} +{{- $_ := set .Values.workload.postgresbackup.podSpec "securityContext" (dict "fsGroup" "33") -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "nextcloud.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/charts/nextcloud/2.0.0/to_keep_versions.md b/charts/nextcloud/2.0.0/to_keep_versions.md new file mode 100644 index 0000000000..ed056e15f0 --- /dev/null +++ b/charts/nextcloud/2.0.0/to_keep_versions.md @@ -0,0 +1,17 @@ +# To keep versions + +## 1.6.29 + +Latest 26.x.x version + +## 1.6.53 + +Latest 27.x.x version + +## 1.6.59 + +Latest 28.x.x version + +## 1.6.61 + +Latest release before migration to 2.x.x