Update stable train from test train

charts/nextcloud/1.3.5/default_values.yaml

@@ -1,30 +0,0 @@
-## Official nextcloud image version
-## ref: https://hub.docker.com/r/library/nextcloud/tags/
-##
-image:
-  repository: nextcloud
-  tag: 19.0.3-apache
-  pullPolicy: IfNotPresent
-
-nextcloud:
-  host: nextcloud.kube.home
-  username: admin
-  password: changeme
-  datadir: /var/www/html/data
-  strategy: "Recreate"
-
-service:
-  nodePort: 9001
-
-appVolumeMounts:
-  nextcloud-data:
-    emptyDir: true
-    mountPath: "/var/www"
-
-postgresAppVolumeMounts:
-  postgres-data:
-    emptyDir: true
-    mountPath: "/var/lib/postgresql/data"
-  postgres-backup:
-    emptyDir: true
-    mountPath: "/postgres_backups"

charts/nextcloud/1.3.5/ix_values.yaml

@@ -1,4 +0,0 @@
-image:
-  pullPolicy: IfNotPresent
-  repository: nextcloud
-  tag: '22.2'

charts/nextcloud/1.3.6/Chart.yaml

@@ -19,4 +19,4 @@ sources:
 - https://github.com/nextcloud/docker
 - https://github.com/nextcloud/helm
 upstream_version: 2.3.2
-version: 1.3.5
+version: 1.3.6

charts/nextcloud/1.3.6/ix_values.yaml

@@ -0,0 +1,9 @@
+image:
+  pullPolicy: IfNotPresent
+  repository: nextcloud
+  tag: '22.2'
+nginx:
+  image:
+    repository: nginx
+    tag: 1.21.3
+    pullPolicy: IfNotPresent

charts/nextcloud/1.3.6/questions.yaml

@@ -17,7 +17,7 @@ groups:
 portals:
   web_portal:
     protocols:
-      - "http"
+      - "$kubernetes-resource_configmap_nginx-configuration_protocol"
     host:
       - "$variable-nextcloud.host"
     ports:
@@ -52,6 +52,15 @@ questions:
                         type: string
                         required: true
 
+  - variable: certificate
+    description: "Configure Certificate for Nextcloud"
+    label: "Certificate Configuration"
+    group: "Nextcloud Configuration"
+    schema:
+      type: int
+      $ref:
+        - "definitions/certificate"
+
   - variable: nextcloud
     description: "Nextcloud configuration details"
     label: "Nextcloud Configuration"

charts/nextcloud/1.3.6/templates/_nginx.tpl

@@ -0,0 +1,79 @@
+{{/*
+Retrieve true/false if certificate is configured
+*/}}
+{{- define "nginx.certAvailable" -}}
+{{- if .Values.certificate -}}
+{{- $values := (. | mustDeepCopy) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
+{{- template "common.resources.cert_present" $values -}}
+{{- else -}}
+{{- false -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Retrieve public key of certificate
+*/}}
+{{- define "nginx.cert.publicKey" -}}
+{{- $values := (. | mustDeepCopy) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
+{{ include "common.resources.cert" $values }}
+{{- end -}}
+
+
+{{/*
+Retrieve private key of certificate
+*/}}
+{{- define "nginx.cert.privateKey" -}}
+{{- $values := (. | mustDeepCopy) -}}
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
+{{ include "common.resources.cert" $values }}
+{{- end -}}
+
+
+{{/*
+Retrieve configured protocol scheme for nextcloud
+*/}}
+{{- define "nginx.scheme" -}}
+{{- if eq (include "nginx.certAvailable" .) "true" -}}
+{{- print "https" -}}
+{{- else -}}
+{{- print "http" -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Retrieve nginx certificate secret name
+*/}}
+{{- define "nginx.secretName" -}}
+{{- print "nginx-secret" -}}
+{{- end -}}
+
+
+{{/*
+Formats volumeMount for tls keys and trusted certs
+*/}}
+{{- define "nginx.tlsKeysVolumeMount" -}}
+{{- if eq (include "nginx.certAvailable" .) "true" -}}
+- name: cert-secret-volume
+  mountPath: "/etc/nginx-certs"
+{{- end -}}
+{{- end -}}
+
+{{/*
+Formats volume for tls keys and trusted certs
+*/}}
+{{- define "nginx.tlsKeysVolume" -}}
+{{- if eq (include "nginx.certAvailable" .) "true" -}}
+- name: cert-secret-volume
+  secret:
+    secretName: {{ include "nginx.secretName" . }}
+    items:
+    - key: certPublicKey
+      path: public.crt
+    - key: certPrivateKey
+      path: private.key
+{{- end -}}
+{{- end -}}

charts/nextcloud/1.3.6/templates/deployment.yaml

@@ -10,6 +10,22 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
           command: ['sh', '-c', "until pg_isready -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"]
           imagePullPolicy: {{ .Values.image.pullPolicy }}
       containers:
+      {{ if eq (include "nginx.certAvailable" .) "true" }}
+      - name: nginx
+        {{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }}
+        volumeMounts:
+          - name: nginx-configuration
+            mountPath: /etc/nginx/nginx.conf
+            subPath: nginx.conf
+          {{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }}
+        ports:
+          - name: nginx-http
+            containerPort: 8000
+            protocol: TCP
+          - name: nginx-https
+            containerPort: 443
+            protocol: TCP
+      {{ end }}
       - name: {{ .Chart.Name }}
         {{ include "common.containers.imageConfig" .Values.image | nindent 8 }}
         env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }}
@@ -18,6 +34,11 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
         {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }}
         {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }}
         {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }}
+        {{ if eq (include "nginx.certAvailable" .) "true" }}
+        {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
+        {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }}
+        {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }}
+        {{ end }}
         {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" .Values.nextcloud.host) }}
         {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }}
         {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }}
@@ -53,7 +74,15 @@ spec: {{ include "common.deployment.common_spec" . | nindent 2 }}
           mountPath: {{ $hostPathConfiguration.mountPath }}
         {{ end }}
 {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
-{{ include "common.storage.allAppVolumes" .Values | nindent 6 }}
+      volumes:
+        - name: nginx-configuration
+          configMap:
+            defaultMode: 0700
+            name: "nginx-configuration"
+{{ include "nginx.tlsKeysVolume" . | nindent 8 }}
+{{ if .Values.appVolumeMounts }}
+{{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
+{{ end }}
       {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
         - name: extrappvolume-{{ $index }}
           hostPath:

charts/nextcloud/1.3.6/templates/nginx-configmap.yaml

@@ -0,0 +1,65 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "nginx-configuration"
+data:
+  protocol: {{ include "nginx.scheme" . }}
+  nginx.conf: |-
+    events {}
+    http {
+      # redirects all http requests to https requests
+      server {
+        listen 8000 default_server;
+        listen [::]:8000 default_server;
+        return 301 https://$host$request_uri;
+      }
+
+      server {
+        server_name localhost;
+
+        listen 443 ssl http2;
+        listen [::]:433 ssl http2;
+
+        ssl_certificate '/etc/nginx-certs/public.crt';
+        ssl_certificate_key '/etc/nginx-certs/private.key';
+
+        # maximum 3GB Upload File; change to fit your needs
+        client_max_body_size 3G;
+
+        location = /robots.txt {
+          allow all;
+          log_not_found off;
+          access_log off;
+        }
+
+        location = /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+
+        location = /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+
+        location / {
+          proxy_pass http://localhost;
+          proxy_http_version                 1.1;
+          proxy_cache_bypass                 $http_upgrade;
+          proxy_request_buffering            off;
+
+          # Proxy headers
+          proxy_set_header Upgrade           $http_upgrade;
+          proxy_set_header Connection        "upgrade";
+          proxy_set_header Host              $http_host;
+          proxy_set_header X-Real-IP         $remote_addr;
+          proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto https;
+          proxy_set_header X-Forwarded-Host  $host;
+          proxy_set_header X-Forwarded-Port  $server_port;
+
+          # Proxy timeouts
+          proxy_connect_timeout              60s;
+          proxy_send_timeout                 60s;
+          proxy_read_timeout                 60s;
+        }
+      }
+    }

charts/nextcloud/1.3.6/templates/nginx-secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "nginx.secretName" . }}
+type: Opaque
+data:
+  {{ if eq (include "nginx.certAvailable" .) "true" }}
+  certPublicKey: {{ (include "nginx.cert.publicKey" .) | toString | b64enc | quote }}
+  certPrivateKey: {{ (include "nginx.cert.privateKey" .) | toString | b64enc | quote }}
+  {{ end }}

charts/nextcloud/1.3.6/templates/service.yaml

@@ -1,6 +1,10 @@
 {{ $svc := .Values.service }}
 {{ $ports := list }}
+{{ if eq (include "nginx.certAvailable" .) "true" }}
+{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" 443 "port" 443 "nodePort" $svc.nodePort) }}
+{{ else }}
 {{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }}
+{{ end }}
 {{ $params := . }}
 {{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
 {{ include "common.classes.service" $params }}

charts/nextcloud/1.3.6/test_values.yaml

@@ -10,6 +10,11 @@ image:
   pullPolicy: IfNotPresent
   repository: nextcloud
   tag: '22.2'
+nginx:
+  image:
+    repository: nginx
+    tag: 1.21.3
+    pullPolicy: IfNotPresent
 ixChartContext: {}
 nextcloud:
   datadir: /var/www/html/data