truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-13 17:52:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

nextcloud migration (#2377)

Browse Source 
* init commit

* add deployments

* more config

* syntax err

* syntax err

* add missing func

* naming

* lint

* fix yaml

* yaml

* ci vals

* ci port

* perms

* wrong pod

* hmm

* meh

* no nginx without cert

* db stuf

* simplify

* add nots

* fixes

* add todo

* storage

* test https

* perms

* actually mount the config

* add some configs

* update values

* fsgroup

* cmaps

* update config

* init quests

* more test vals

* more questions

* nginx conf

* cron

* fix cron

* meta

* typo

* additional storage goes to cron too

* data and html

* config

* ui

* values

* fix

* add backwards compat

* make templ

* use var

* init migration

* make exec

* add todo

* handle hostpaths too

* update storage for backwards

* typo

* add redis

* cleaner storage solution

* br

* rm

* some cleanup

* backup

* whops

* fsgroup

* fix db script

* bump image

* remove test

* test

* todo

* try this

* lets try a hack

* hmm

* nope

* eof

* ofc

* hmm

* fix

* explain the hack

* update vers

* remove todo

* fix html storage

* backwards compat
This commit is contained in:
Stavros Kois
2024-05-02 23:27:03 +03:00
committed by GitHub
parent 1ed36c1286
commit fbc87af8dd
44 changed files with 1924 additions and 1278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/ix-dev/charts/nextcloud/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: file://../../../common/2304.0.1
version: 2304.0.1
digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670
generated: "2023-04-24T13:40:41.468936547+03:00"
repository: file://../../../common
version: 1.2.9
digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c
generated: "2024-04-12T15:56:46.904719299+03:00"

6
library/ix-dev/charts/nextcloud/Chart.yaml
View File

@@ -4,7 +4,7 @@ description: A file sharing server that puts the control and security of your ow
annotations:
title: Nextcloud
type: application
version: 1.6.61
version: 2.0.0
apiVersion: v2
appVersion: 29.0.0
kubeVersion: '>=1.16.0-0'
@@ -14,8 +14,8 @@ maintainers:
email: dev@ixsystems.com
dependencies:
- name: common
repository: file://../../../common/2304.0.1
version: 2304.0.1
repository: file://../../../common
version: 1.2.9
home: https://nextcloud.com/
icon: https://media.sys.truenas.net/apps/nextcloud/icons/icon.svg
sources:

12
library/ix-dev/charts/nextcloud/README.md
View File

@@ -1,11 +1,3 @@
# nextcloud
# Nextcloud
[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
## Introduction
This chart bootstraps an [nextcloud](https://hub.docker.com/_/nextcloud/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Configuration
Please refer to questions.yaml for a detailed overview on supported configurable values.
[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.

4
library/ix-dev/charts/nextcloud/app-readme.md
View File

@@ -1,3 +1,3 @@
# nextcloud
# Nextcloud
[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.

BIN
library/ix-dev/charts/nextcloud/charts/common-1.2.9.tgz Normal file
View File

Binary file not shown.

BIN
library/ix-dev/charts/nextcloud/charts/common-2304.0.1.tgz
View File

Binary file not shown.

31
library/ix-dev/charts/nextcloud/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,31 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands:
- ffmpeg
- smbclient
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []

118
library/ix-dev/charts/nextcloud/ci/https-values.yaml Normal file
View File

@@ -0,0 +1,118 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands:
- ffmpeg
- smbclient
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
certificateID: 1
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

31
library/ix-dev/charts/nextcloud/ci/no-cron.yaml Normal file
View File

@@ -0,0 +1,31 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
cron:
enabled: false
commands: []
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []

29
library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml Normal file
View File

@@ -0,0 +1,29 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands: []
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
pgData:
type: pvc
html:
type: pvc
data:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []

76
library/ix-dev/charts/nextcloud/ci/onedata-values.yaml Normal file
View File

@@ -0,0 +1,76 @@
ncConfig:
adminUser: admin
adminPassword: password
host: "127.0.0.1"
dataDir: /var/www/html/data
commands: []
maxUploadLimit: 3
phpMemoryLimit: 512
ncNetwork:
webPort: 30001
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
isDataInTheSameVolume: true
html:
type: hostPath
hostPathConfig:
hostPath: /mnt/{{ .Release.Name }}/test
data:
type: hostPath
hostPathConfig:
hostPath: /mnt/{{ .Release.Name }}/test
pgData:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
additionalStorages: []
##### CI Hack #####
# What this hack does is that it will create a pod before the chart install
# A hostPath is attached to the pod, which will force k8s to create the directory on the host.
# so the actual test run will find the directory created there. (Storage attached to the actual NC chart
# uses `subPath` for which k8s will not created the directory on the host.)
workload:
ci-hack:
enabled: true
type: Job
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
podSpec:
restartPolicy: Never
containers:
ci-hack:
enabled: true
primary: true
image: bashImage
command: bash
args:
- -c
- exit 0
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
persistence:
ci-hack:
enabled: true
type: hostPath
hostPath: /mnt/{{ .Release.Name }}/test/data
hostPathType: DirectoryOrCreate
targetSelector:
ci-hack:
ci-hack:
mountPath: /ci

45
library/ix-dev/charts/nextcloud/ci/test-values.yaml
View File

@@ -1,45 +0,0 @@
appVolumeMounts:
nextcloud-data:
emptyDir: true
mountPath: /var/www
cronjob:
enabled: false
schedule: 1 */24 * * *
dnsConfig:
options: []
emptyDirVolumes: true
environmentVariables: []
ixChartContext: {}
nginxConfig:
proxy_timeouts: 120
useDifferentAccessPort: true
externalPort: 443
nextcloud:
datadir: /var/www/html/data
host: nextcloud.kube.home
install_ffmpeg: true
install_smbclient: true
max_upload_size: 5
max_execution_time: 30
php_memory_limit: 512
opcache_memory_consumption: 128
password: changeme
username: admin
postgresAppVolumeMounts:
postgres-backup:
emptyDir: true
mountPath: /postgres_backups
postgres-data:
emptyDir: true
mountPath: /var/lib/postgresql/data
postgresql:
backupVolume:
datasetName: ix-postgres_backups
mountPath: /postgres_backups
dataVolume:
datasetName: ix-postgres_data
mountPath: /var/lib/postgresql/data
service:
nodePort: 31000
updateStrategy: Recreate
useServiceNameForHost: true

18
library/ix-dev/charts/nextcloud/metadata.yaml
View File

@@ -6,8 +6,8 @@ runAsContext:
description: Nextcloud runs as root user.
- userName: root
groupName: root
gid: 0
uid: 0
gid: 999
uid: 999
description: Postgres runs as root user.
- userName: root
groupName: root
@@ -19,28 +19,14 @@ capabilities:
description: Nextcloud, Nginx and Postgres are able to chown files.
- name: FOWNER
description: Nextcloud, Nginx and Postgres are able to bypass permission checks for it's sub-processes.
- name: SYS_CHROOT
description: Nextcloud, Nginx and Postgres are able to use chroot.
- name: MKNOD
description: Nextcloud, Nginx and Postgres are able to create device nodes.
- name: DAC_OVERRIDE
description: Nextcloud, Nginx and Postgres are able to bypass permission checks.
- name: FSETID
description: Nextcloud, Nginx and Postgres are able to set file capabilities.
- name: KILL
description: Nextcloud, Nginx and Postgres are able to kill processes.
- name: SETGID
description: Nextcloud, Nginx and Postgres are able to set group ID for it's sub-processes.
- name: SETUID
description: Nextcloud, Nginx and Postgres are able to set user ID for it's sub-processes.
- name: SETPCAP
description: Nextcloud, Nginx and Postgres are able to set process capabilities.
- name: NET_BIND_SERVICE
description: Nextcloud, Nginx and Postgres are able to bind to privileged ports.
- name: SETFCAP
description: Nextcloud, Nginx and Postgres are able to set file capabilities.
- name: NET_RAW
description: Nextcloud, Nginx and Postgres are able to use raw sockets.
- name: AUDIT_WRITE
description: Nextcloud, Nginx and Postgres are able to write to audit log.
hostMounts: []

110
library/ix-dev/charts/nextcloud/migrations/migrate Executable file
View File

@@ -0,0 +1,110 @@
#!/usr/bin/python3
import json
import os
import sys
def migrate_volume(volume, suffix=''):
return {
'type': 'hostPath',
'hostPathConfig': {
'hostPath': volume['hostPath']+suffix
},
} if volume.get('hostPathEnabled', False) else {
'type': 'ixVolume',
'ixVolumeConfig': {
'datasetName': volume['datasetName'],
},
}
def migrate_common_lib(values):
delete_keys = [
'service', 'updateStrategy', 'certificate', 'enableResourceLimits', 'cpuLimit',
'memLimit', 'dnsConfig', 'environmentVariables', 'nextcloud', 'cronjob', 'nginx',
'nginxConfig', 'postgresAppVolumeMounts', 'extraAppVolumeMounts', 'appVolumeMounts',
'useServiceNameForHost',
]
values.update({
'shouldShowStorageToggle': True,
'isDataInTheSameVolume': True,
# Migrate Network
'ncNetwork': {
'webPort': values['service']['nodePort'],
'certificateID': values['certificate'],
'nginx': {
'proxyTimeouts': values.get('nginxConfig', {}).get('proxy_timeouts', 60),
'useDifferentAccessPort': values.get('nginxConfig', {}).get('useDifferentAccessPort', False),
'externalAccessPort': values.get('nginxConfig', {}).get('externalAccessPort', 443)
}
},
# Migrate Resources
'resources': {
'limits': {
'cpu': values.get('cpuLimit', '4000m'),
'memory': values.get('memLimit', '8Gi'),
}
},
# Migrate DNS
'podOptions': {
'dnsConfig': {
'options': [
{'name': opt['name'], 'value': opt['value']}
for opt in values.get('dnsConfig', {}).get('options', [])
]
}
},
# Migrate Config
'ncConfig': {
'additionalEnvs': values.get('environmentVariables', []),
'adminUser': values['nextcloud']['username'],
'adminPassword': values['nextcloud']['password'],
'host': values['nextcloud'].get('host', ''),
'dataDir': values['nextcloud']['datadir'],
'commands': (['ffmpeg'] if values['nextcloud']['install_ffmpeg'] else []) + (['smbclient'] if values['nextcloud']['install_smbclient'] else []),
'maxUploadLimit': values['nextcloud']['max_upload_size'],
'maxExecutionTime': values['nextcloud']['max_execution_time'],
'phpMemoryLimit': values['nextcloud']['php_memory_limit'],
'opCacheMemoryConsumption': values['nextcloud']['opcache_memory_consumption'],
'cron': {
'enabled': values['cronjob']['enabled'],
'schedule': values['cronjob']['schedule'] if values['cronjob']['enabled'] else '*/15 * * * *',
}
},
# Migrate Storage
'ncStorage': {
'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']),
'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']),
'data': migrate_volume(values['appVolumeMounts']['nextcloud-data']),
'html': migrate_volume(values['appVolumeMounts']['nextcloud-data']),
'additionalStorages': [
{
'type': 'hostPath',
'hostPathConfig': {'hostPath': e['hostPath']},
'mountPath': e['mountPath'],
}
for e in values.get('extraAppVolumeMounts', [])
],
},
})
for k in delete_keys:
values.pop(k, None)
return values
def migrate(values):
# If this missing, we have already migrated
if not 'appVolumeMounts' in values.keys():
return values
return migrate_common_lib(values)
if __name__ == '__main__':
if len(sys.argv) != 2:
exit(1)
if os.path.exists(sys.argv[1]):
with open(sys.argv[1], 'r') as f:
print(json.dumps(migrate(json.loads(f.read()))))

26
library/ix-dev/charts/nextcloud/migrations/migrate_from_1.1.0
View File

@@ -1,26 +0,0 @@
#!/usr/bin/python3
import json
import os
import sys
def migrate(values):
values.update({
'appVolumeMounts': {
'nextcloud-data': {
'hostPathEnabled': values['nextcloudDataHostPathEnabled'],
**({'hostPath': values['nextcloudHostPath']} if values.get('nextcloudHostPath') else {})
},
},
'updateStrategy': values.get('nextcloud').get('strategy', 'Recreate'),
})
return values
if __name__ == '__main__':
if len(sys.argv) != 2:
exit(1)
if os.path.exists(sys.argv[1]):
with open(sys.argv[1], 'r') as f:
print(json.dumps(migrate(json.loads(f.read()))))

995
library/ix-dev/charts/nextcloud/questions.yaml
View File

File diff suppressed because it is too large Load Diff

17
library/ix-dev/charts/nextcloud/templates/NOTES.txt
View File

@@ -1,16 +1 @@
## Database
You can connect to the database using the pgAdmin App from the catalog
<details>
<summary>Database Details</summary>
- Database: `nextcloud`
- Username: `{{ .Values.nextcloudDbUser | b64dec }}`
- Password: `{{ .Values.nextcloudDbPass | b64dec }}`
- Host: `{{ .Values.nextcloudDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
- Port: `5432`
</details>
{{- $_ := unset .Values "nextcloudDbUser" }}
{{- $_ := unset .Values "nextcloudDbPass" }}
{{- $_ := unset .Values "nextcloudDbHost" }}
{{ include "ix.v1.common.lib.chart.notes" $ }}

101
library/ix-dev/charts/nextcloud/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,101 @@
{{- define "nextcloud.configuration" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $dbHost := (printf "%s-postgres" $fullname) -}}
{{- $dbUser := "nextcloud" -}}
{{- $dbName := "nextcloud" -}}
{{- $dbPass := (randAlphaNum 32) -}}
{{/* Fetch secrets from pre-migration secret */}}
{{- with (lookup "v1" "Secret" .Release.Namespace "db-details") -}}
{{- $dbUser = ((index .data "db-user") | b64dec) -}}
{{- $dbPass = ((index .data "db-password") | b64dec) -}}
{{- end -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
{{- $dbUser = ((index .data "POSTGRES_USER") | b64dec) -}}
{{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
{{- end -}}
{{- $redisHost := (printf "%s-redis" $fullname) -}}
{{- $redisPass := randAlphaNum 32 -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-redis-creds" $fullname)) -}}
{{- $redisPass = ((index .data "REDIS_PASSWORD") | b64dec) -}}
{{- end -}}
{{/* Temporary set dynamic db details on values,
so we can print them on the notes */}}
{{- $_ := set .Values "ncDbPass" $dbPass -}}
{{- $_ := set .Values "ncDbHost" $dbHost -}}
{{- $_ := set .Values "ncDbName" $dbName -}}
{{- $_ := set .Values "ncDbUser" $dbUser -}}
{{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
secret:
postgres-creds:
enabled: true
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ $dbURL }}
redis-creds:
enabled: true
data:
ALLOW_EMPTY_PASSWORD: "no"
REDIS_PASSWORD: {{ $redisPass }}
REDIS_HOST: {{ $redisHost }}
nextcloud-creds:
enabled: true
data:
POSTGRES_HOST: {{ $dbHost }}:5432
POSTGRES_DB: {{ $dbName }}
POSTGRES_USER: {{ $dbUser }}
POSTGRES_PASSWORD: {{ $dbPass }}
REDIS_HOST: {{ $redisHost }}
REDIS_HOST_PORT: "6379"
REDIS_HOST_PASSWORD: {{ $redisPass }}
NEXTCLOUD_DATA_DIR: {{ .Values.ncConfig.dataDir }}
PHP_UPLOAD_LIMIT: {{ printf "%vG" .Values.ncConfig.maxUploadLimit | default 3 }}
PHP_MEMORY_LIMIT: {{ printf "%vM" .Values.ncConfig.phpMemoryLimit | default 512 }}
NEXTCLOUD_TRUSTED_DOMAINS: {{ list .Values.ncConfig.host "127.0.0.1" "localhost" $fullname (printf "%v-*" $fullname) | mustUniq | join " " | quote }}
NEXTCLOUD_ADMIN_USER: {{ .Values.ncConfig.adminUser }}
NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.ncConfig.adminPassword }}
{{- if .Values.ncNetwork.certificateID }}
{{- $svcCidr := "" -}}
{{- $clusterCidr := "" -}}
{{- if .Values.global.ixChartContext -}}
{{- $svcCidr = .Values.global.ixChartContext.kubernetes_config.service_cidr -}}
{{- $clusterCidr = .Values.global.ixChartContext.kubernetes_config.cluster_cidr -}}
{{- end }}
APACHE_DISABLE_REWRITE_IP: "1"
OVERWRITEPROTOCOL: "https"
TRUSTED_PROXIES: {{ list $svcCidr $clusterCidr "127.0.0.1" | mustUniq | join "," | quote }}
{{- if and .Values.ncConfig.host .Values.ncNetwork.webPort }}
{{- $overwritehost := .Values.ncConfig.host -}}
{{- if .Values.ncNetwork.nginx.useDifferentAccessPort }}
{{ $overwritehost = (printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.webPort) }}
{{- end }}
OVERWRITEHOST: {{ $overwritehost }}
{{- end }}
{{- end }}
{{- if eq (include "nextcloud.is-migration" $) "true" }}
postgres-backup-creds:
enabled: true
annotations:
helm.sh/hook: "pre-upgrade"
helm.sh/hook-delete-policy: "hook-succeeded"
helm.sh/hook-weight: "1"
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName }}
{{- end }}
{{- end -}}

37
library/ix-dev/charts/nextcloud/templates/_cron.tpl Normal file
View File

@@ -0,0 +1,37 @@
{{- define "nextcloud.cron" -}}
workload:
nextcloud-cron:
enabled: true
type: CronJob
schedule: {{ .Values.ncConfig.cron.schedule | quote }}
concurrencyPolicy: Forbid
podSpec:
restartPolicy: Never
hostNetwork: false
securityContext:
fsGroup: 33
containers:
nextcloud-cron:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 33
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
envFrom:
- secretRef:
name: nextcloud-creds
command:
- php
- -f
- /var/www/html/cron.php
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
{{- end -}}

48
library/ix-dev/charts/nextcloud/templates/_migration.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{- define "nextcloud.get-versions" -}}
{{- $oldChartVersion := "" -}}
{{- $newChartVersion := "" -}}
{{/* Safely access the context, so it wont block CI */}}
{{- if hasKey .Values.global "ixChartContext" -}}
{{- if .Values.global.ixChartContext.upgradeMetadata -}}
{{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}}
{{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}}
{{- if and (not $oldChartVersion) (not $newChartVersion) -}}
{{- fail "Upgrade Metadata is missing. Cannot proceed" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}}
{{- end -}}
{{- define "nextcloud.migration" -}}
{{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}}
{{- if and $versions.old $versions.new -}}
{{- $oldV := semver $versions.old -}}
{{- $newV := semver $versions.new -}}
{{/* If new is v2.x.x */}}
{{- if eq ($newV.Major | int) 2 -}}
{{/* And old is v1.x.x, but lower than .6.61 */}}
{{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 6) (lt ($oldV.Patch | int) 61)) -}}
{{/* Block the upgrade */}}
{{- fail "Migration to 2.x.x is only allowed from 1.6.61 or higher" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "nextcloud.is-migration" -}}
{{- $isMigration := "" -}}
{{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}}
{{- if $versions.old -}}
{{- $oldV := semver $versions.old -}}
{{- if and (eq $oldV.Major 1) (eq ($oldV.Minor | int) 6) (eq ($oldV.Patch | int) 61) -}}
{{- $isMigration = "true" -}}
{{- end -}}
{{- end -}}
{{- $isMigration -}}
{{- end -}}

15
library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl Normal file
View File

@@ -0,0 +1,15 @@
{{- define "nextcloud.configs" -}}
{{ $bytesGB := 1073741824 }}
configmap:
nextcloud-config:
enabled: true
data:
opcache.ini: |
opcache.memory_consumption={{ .Values.ncConfig.opCacheMemoryConsumption }}
php.ini: |
max_execution_time={{ .Values.ncConfig.maxExecutionTime }}
limitrequestbody.conf: |
LimitRequestBody {{ mul .Values.ncConfig.maxUploadLimit $bytesGB }}
{{- end -}}

106
library/ix-dev/charts/nextcloud/templates/_nextcloud.tpl Normal file
View File

@@ -0,0 +1,106 @@
{{- define "nextcloud.workload" -}}
workload:
nextcloud:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: false
securityContext:
fsGroup: 33
containers:
nextcloud:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- NET_RAW
- SETGID
- SETUID
envFrom:
- secretRef:
name: nextcloud-creds
{{ with .Values.ncConfig.additionalEnvs }}
envList:
{{ range $env := . }}
- name: {{ $env.name }}
value: {{ $env.value }}
{{ end }}
{{ end }}
probes:
liveness:
enabled: true
type: http
port: 80
path: /status.php
httpHeaders:
Host: localhost
readiness:
enabled: true
type: http
port: 80
path: /status.php
httpHeaders:
Host: localhost
startup:
enabled: true
{{- include "nextcloud.validate-commands" $ -}}
{{- $cmds := .Values.ncConfig.commands | mustUniq -}}
{{- if not $cmds }}
type: http
port: 80
path: /status.php
httpHeaders:
Host: localhost
{{- else }}
type: exec
command:
- /bin/sh
- -c
- |
check_commands={{ join " " $cmds }}
for comm in $check_commands; do
if ! command -v $comm /dev/null 2>&1; then
echo "Command $comm not found"
exit 1
fi
done
{{- end }}
lifecycle:
postStart:
type: exec
command:
- /bin/sh
- -c
- |
echo "Installing {{ join " " $cmds }}..."
apt update && apt install -y --no-install-recommends \
{{ join " " $cmds }} || echo "Failed to install binary/binaries..."
echo "Finished."
initContainers:
{{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
"secretName" "postgres-creds") | nindent 8 }}
{{- include "ix.v1.common.app.redisWait" (dict "name" "redis-wait"
"secretName" "redis-creds") | nindent 8 }}
{{- end -}}
{{- define "nextcloud.validate-commands" -}}
{{- $allowedCommmads := list "ffmpeg" "smbclient" -}}
{{- range $c := .Values.ncConfig.commands | mustUniq -}}
{{- if not (mustHas $c $allowedCommmads) -}}
{{- fail (printf "Nextcloud - Expected command to be one of [%s], but got [%s]" (join ", " $allowedCommmads) $c) -}}
{{- end -}}
{{- end -}}
{{- end -}}

102
library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl Normal file
View File

@@ -0,0 +1,102 @@
{{- define "nginx.configuration" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- if .Values.ncNetwork.certificateID }}
scaleCertificate:
nextcloud-cert:
enabled: true
id: {{ .Values.ncNetwork.certificateID }}
{{ $timeout := 60 }}
{{ $size := .Values.ncConfig.maxUploadLimit | default 3 }}
{{ $useDiffAccessPort := false }}
{{ $externalAccessPort := "" }}
{{/* Safely access key as it is conditionaly shown */}}
{{ if hasKey .Values.ncNetwork "nginx" }}
{{ $useDiffAccessPort = .Values.ncNetwork.nginx.useDifferentAccessPort }}
{{ $externalAccessPort = printf ":%v" .Values.ncNetwork.nginx.externalAccessPort }}
{{ $timeout = .Values.ncNetwork.nginx.proxyTimeouts | default 60 }}
{{ end }}
{{/* If its 443, do not append it on the rewrite at all */}}
{{ if eq $externalAccessPort ":443" }}
{{ $externalAccessPort = "" }}
{{ end }}
configmap:
nginx:
enabled: true
data:
nginx.conf: |
events {}
http {
server {
# redirects all http requests to https requests
listen 8000 default_server;
listen [::]:8000 default_server;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen {{ .Values.ncNetwork.webPort }} ssl http2;
listen [::]:{{ .Values.ncNetwork.webPort }} ssl http2;
ssl_certificate '/etc/nginx-certs/public.crt';
ssl_certificate_key '/etc/nginx-certs/private.key';
# maximum 3GB Upload File; change to fit your needs
client_max_body_size {{ $size }}G;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
{{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
{{ else }}
return 301 $scheme://$host:$server_port/remote.php/dav;
{{ end }}
}
location = /.well-known/caldav {
{{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
{{ else }}
return 301 $scheme://$host:$server_port/remote.php/dav;
{{ end }}
}
location / {
proxy_pass http://{{ $fullname }}:80;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_request_buffering off;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
{{ if $useDiffAccessPort }}
proxy_set_header X-Forwarded-Port {{ $externalAccessPort | default "443" | trimPrefix ":" }};
{{ else }}
proxy_set_header X-Forwarded-Port $server_port;
{{ end }}
# Proxy timeouts
proxy_connect_timeout {{ $timeout }}s;
proxy_send_timeout {{ $timeout }}s;
proxy_read_timeout {{ $timeout }}s;
}
}
}
{{- end -}}
{{- end -}}

145
library/ix-dev/charts/nextcloud/templates/_nginx.tpl
View File

@@ -1,79 +1,68 @@
{{/*
Retrieve true/false if certificate is configured
*/}}
{{- define "nginx.certAvailable" -}}
{{- if .Values.certificate -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{- template "common.resources.cert_present" $values -}}
{{- else -}}
{{- false -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve public key of certificate
*/}}
{{- define "nginx.cert.publicKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve private key of certificate
*/}}
{{- define "nginx.cert.privateKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve configured protocol scheme for nextcloud
*/}}
{{- define "nginx.scheme" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
{{- print "https" -}}
{{- else -}}
{{- print "http" -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve nginx certificate secret name
*/}}
{{- define "nginx.secretName" -}}
{{- print "nginx-secret" -}}
{{- end -}}
{{/*
Formats volumeMount for tls keys and trusted certs
*/}}
{{- define "nginx.tlsKeysVolumeMount" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
- name: cert-secret-volume
mountPath: "/etc/nginx-certs"
{{- end -}}
{{- end -}}
{{/*
Formats volume for tls keys and trusted certs
*/}}
{{- define "nginx.tlsKeysVolume" -}}
{{- if eq (include "nginx.certAvailable" .) "true" -}}
- name: cert-secret-volume
secret:
secretName: {{ include "nginx.secretName" . }}
items:
- key: certPublicKey
path: public.crt
- key: certPrivateKey
path: private.key
{{- end -}}
{{- define "nginx.workload" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $ncUrl := printf "http://%s:80" $fullname }}
workload:
nginx:
enabled: true
type: Deployment
podSpec:
hostNetwork: false
containers:
nginx:
enabled: true
primary: true
imageSelector: nginxImage
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- NET_RAW
- SETGID
- SETUID
probes:
liveness:
enabled: true
type: https
port: {{ .Values.ncNetwork.webPort }}
path: /status.php
httpHeaders:
Host: localhost
readiness:
enabled: true
type: https
port: {{ .Values.ncNetwork.webPort }}
path: /status.php
httpHeaders:
Host: localhost
startup:
enabled: true
type: https
port: {{ .Values.ncNetwork.webPort }}
path: /status.php
httpHeaders:
Host: localhost
initContainers:
01-wait-server:
enabled: true
type: init
imageSelector: bashImage
command:
- bash
args:
- -c
- |
echo "Waiting for [{{ $ncUrl }}]";
until wget --spider --quiet --timeout=3 --tries=1 {{ $ncUrl }}/status.php;
do
echo "Waiting for [{{ $ncUrl }}]";
sleep 2;
done
echo "Nextcloud is up: {{ $ncUrl }}";
{{- end -}}

179
library/ix-dev/charts/nextcloud/templates/_persistence.tpl Normal file
View File

@@ -0,0 +1,179 @@
{{- define "nextcloud.persistence" -}}
persistence:
html:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: html
{{- end }}
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: html
{{- end }}
postgresbackup:
postgresbackup:
mountPath: /nc-config
data:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.data) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: {{ .Values.ncConfig.dataDir }}
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: data
{{- end }}
nextcloud-cron:
nextcloud-cron:
mountPath: {{ .Values.ncConfig.dataDir }}
{{- if .Values.ncStorage.isDataInTheSameVolume }}
subPath: data
{{- end }}
{{- if .Values.ncStorage.isDataInTheSameVolume }}
config:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html/config
subPath: config
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/config
subPath: config
customapps:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html/custom_apps
subPath: custom_apps
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/custom_apps
subPath: custom_apps
themes:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: /var/www/html/themes
subPath: themes
nextcloud-cron:
nextcloud-cron:
mountPath: /var/www/html/themes
subPath: themes
{{- end }}
# Configuration files mounting
nc-config-opcache:
enabled: true
type: configmap
objectName: nextcloud-config
defaultMode: "0755"
targetSelector:
nextcloud:
nextcloud:
# z-99 is used to ensure that this file is loaded last
mountPath: /usr/local/etc/php/conf.d/opcache-z-99.ini
subPath: opcache.ini
nc-config-php:
enabled: true
type: configmap
objectName: nextcloud-config
defaultMode: "0755"
targetSelector:
nextcloud:
nextcloud:
# z-99 is used to ensure that this file is loaded last
mountPath: /usr/local/etc/php/conf.d/nextcloud-z-99.ini
subPath: php.ini
nc-config-limreqbody:
enabled: true
type: configmap
objectName: nextcloud-config
defaultMode: "0755"
targetSelector:
nextcloud:
nextcloud:
# https://github.com/nextcloud/docker/issues/1796
mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf
subPath: limitrequestbody.conf
tmp:
enabled: true
type: emptyDir
targetSelector:
nextcloud:
nextcloud:
mountPath: /tmp
{{- range $idx, $storage := .Values.ncStorage.additionalStorages }}
{{ printf "nc-%v:" (int $idx) }}
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
targetSelector:
nextcloud:
nextcloud:
mountPath: {{ $storage.mountPath }}
nextcloud-cron:
nextcloud-cron:
mountPath: {{ $storage.mountPath }}
{{- end }}
{{- if .Values.ncNetwork.certificateID }}
nginx-cert:
enabled: true
type: secret
objectName: nextcloud-cert
defaultMode: "0600"
items:
- key: tls.key
path: private.key
- key: tls.crt
path: public.crt
targetSelector:
nginx:
nginx:
mountPath: /etc/nginx-certs
readOnly: true
nginx-conf:
enabled: true
type: configmap
objectName: nginx
defaultMode: "0600"
items:
- key: nginx.conf
path: nginx.conf
targetSelector:
nginx:
nginx:
mountPath: /etc/nginx
readOnly: true
{{- end -}}
{{- include "ix.v1.common.app.postgresPersistence"
(dict "pgData" .Values.ncStorage.pgData
"pgBackup" .Values.ncStorage.pgBackup
) | nindent 2 }}
{{- end -}}
{{- define "isOldIxVol" -}}
{{- $oldDatasetName := "ix-nextcloud_data" -}}
{{- $isOld := "false" -}}
{{- $storage := .storage -}}
{{- if eq $storage.type "ixVolume" -}}
{{- if eq $storage.ixVolumeConfig.datasetName $oldDatasetName -}}
{{- $isOld = "true" -}}
{{- end -}}
{{- end -}}
{{- $isOld }}
{{- end -}}

12
library/ix-dev/charts/nextcloud/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,12 @@
{{- define "nextcloud.portal" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
port: {{ .Values.ncNetwork.webPort | quote }}
path: "/"
protocol: "http"
host: $node_ip
{{- end -}}

59
library/ix-dev/charts/nextcloud/templates/_postgres.tpl
View File

@@ -1,49 +1,12 @@
{{/*
Get Nextloud Postgres Database Name
*/}}
{{- define "postgres.DatabaseName" -}}
{{- print "nextcloud" -}}
{{- define "postgres.workload" -}}
{{- $backupSecretName := "postgres-creds" -}}
{{- if eq (include "nextcloud.is-migration" $) "true" }}
{{- $backupSecretName = "postgres-backup-creds" -}}
{{- end }}
workload:
{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
"backupSecretName" $backupSecretName
"resources" .Values.resources
"imageSelector" "ncPostgresImage"
"ixChartContext" .Values.ixChartContext) | nindent 2 }}
{{- end -}}
{{- define "postgres.imageName" -}}
{{- print "postgres:13.1" -}}
{{- end -}}
{{/*
Retrieve postgres backup name
This will return a unique name based on revision and chart numbers specified.
*/}}
{{- define "postgres.backupName" -}}
{{- $upgradeDict := .Values.ixChartContext.upgradeMetadata -}}
{{- printf "postgres-backup-from-%s-to-%s-revision-%d" $upgradeDict.oldChartVersion $upgradeDict.newChartVersion (int64 $upgradeDict.preUpgradeRevision) -}}
{{- end }}
{{/*
Retrieve postgres credentials for environment variables configuration
*/}}
{{- define "postgres.envVariableConfiguration" -}}
{{ $envList := list }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-user") }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-password") }}
{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) }}
{{- end -}}
{{/*
Retrieve postgres volume configuration
*/}}
{{- define "postgres.volumeConfiguration" -}}
{{ include "common.storage.configureAppVolumes" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts "emptyDirVolumes" .Values.emptyDirVolumes "ixVolumes" .Values.ixVolumes) | nindent 0 }}
{{- end -}}
{{/*
Retrieve postgres volume mounts configuration
*/}}
{{- define "postgres.volumeMountsConfiguration" -}}
{{ include "common.storage.configureAppVolumeMountsInContainer" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts ) | nindent 0 }}
{{- end -}}

6
library/ix-dev/charts/nextcloud/templates/_redis.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{- define "redis.workload" -}}
workload:
{{- include "ix.v1.common.app.redis" (dict "secretName" "redis-creds"
"resources" .Values.resources) | nindent 2 }}
{{- end -}}

49
library/ix-dev/charts/nextcloud/templates/_service.tpl Normal file
View File

@@ -0,0 +1,49 @@
{{- define "nextcloud.service" -}}
service:
nextcloud:
enabled: true
primary: true
{{- if not .Values.ncNetwork.certificateID }}
type: NodePort
{{- else }}
type: ClusterIP
{{- end }}
targetSelector: nextcloud
ports:
webui:
enabled: true
primary: true
{{- if not .Values.ncNetwork.certificateID }}
nodePort: {{ .Values.ncNetwork.webPort }}
{{- end }}
port: 80
targetPort: 80
targetSelector: nextcloud
{{- if .Values.ncNetwork.certificateID }}
nextcloud-nginx:
enabled: true
type: NodePort
targetSelector: nginx
ports:
webui-tls:
enabled: true
port: {{ .Values.ncNetwork.webPort }}
nodePort: {{ .Values.ncNetwork.webPort }}
targetPort: {{ .Values.ncNetwork.webPort }}
targetSelector: nginx
{{- end }}
# Redis
redis:
enabled: true
type: ClusterIP
targetSelector: redis
ports:
redis:
enabled: true
primary: true
port: 6379
targetPort: 6379
targetSelector: redis
{{- include "ix.v1.common.app.postgresService" $ | nindent 2 }}
{{- end -}}

24
library/ix-dev/charts/nextcloud/templates/backup-postgres-config.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "postgres-backup-hook-config-map"
annotations:
rollme: {{ randAlphaNum 5 | quote }}
data:
entrypoint.sh: |-
#!/bin/bash
echo "Fetching password from config.php"
# sed removes ' , => spaces and db* from the string
DBUSER=$(cat /nc-config/config.php | grep "dbuser" | sed "s/dbuser\| \|'\|,\|=>//g")
DBPASS=$(cat /nc-config/config.php | grep "dbpassword" | sed "s/dbpassword\| \|'\|,\|=>//g")
DBNAME=$(cat /nc-config/config.php | grep "dbname" | sed "s/dbname\| \|'\|,\|=>//g")
[ -n "$DBUSER" ] && [ -n "$DBPASS" ] && [ -n "$DBNAME" ] && echo "User, Database and password fetched from config.php"
until pg_isready -U ${POSTGRES_USER} -h ${POSTGRES_HOST}; do sleep 2; done
# pg_dump will automatically use the password from the PGPASSWORD environment variable
echo "Creating backup of ${DBNAME} database as ${DBUSER}"
PGPASSWORD=${DBPASS} pg_dump -U $DBUSER -d $DBNAME --host=${POSTGRES_HOST} > /postgres_backups/$BACKUP_NAME \
&& echo "Backup created successfully" \
|| echo "Backup failed"

48
library/ix-dev/charts/nextcloud/templates/backup-postgres-hook.yaml
View File

@@ -1,48 +0,0 @@
{{- if .Values.ixChartContext.isUpgrade -}}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
{{ $dbHost := .Values.nextcloudDbHost }}
apiVersion: batch/v1
kind: Job
metadata:
name: "pre-upgrade-hook2"
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
rollme: {{ randAlphaNum 5 | quote }}
spec:
template:
metadata:
name: "pre-upgrade-hook2"
spec:
restartPolicy: Never
serviceAccountName: "{{ template "common.names.serviceAccountName" . }}"
containers:
- name: {{ .Chart.Name }}-postgres-backup
image: {{ template "postgres.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
- name: BACKUP_NAME
value: {{ template "postgres.backupName" . }}
- name: POSTGRES_HOST
value: {{ $dbHost }}
volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
- name: backup-script-configmap
mountPath: /bin/backup_entrypoint.sh
readOnly: true
subPath: entrypoint.sh
- name: nextcloud-data
mountPath: /nc-config
subPath: "config"
command:
- "/bin/backup_entrypoint.sh"
volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
- name: backup-script-configmap
configMap:
defaultMode: 0700
name: "postgres-backup-hook-config-map"
{{ if .Values.appVolumeMounts }}
{{- include "common.storage.configureAppVolumes" .Values | nindent 8 }}
{{ end }}
{{- end -}}

38
library/ix-dev/charts/nextcloud/templates/common.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- include "ix.v1.common.loader.init" . -}}
{{- include "nextcloud.migration" $ -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configs" $ | fromYaml) -}}
{{- if .Values.ncNetwork.certificateID }}
{{- $_ := mustMergeOverwrite .Values (include "nginx.workload" $ | fromYaml) -}}
{{- end }}
{{- if .Values.ncConfig.cron.enabled }}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.cron" $ | fromYaml) -}}
{{- end }}
{{- $_ := mustMergeOverwrite .Values (include "nginx.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "redis.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.service" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "nextcloud.persistence" $ | fromYaml) -}}
{{/* Mutate postgres backup command to handle nextcloud config */}}
{{- $cmd := .Values.workload.postgresbackup.podSpec.containers.postgresbackup.command -}}
{{- $temp := printf ("%s\n%s\n%s\n%s\n%s\n%s\n%s")
"echo 'Fetching password from config.php'"
"# sed removes ' , => spaces and db* from the string"
"POSTGRES_USER=$(cat /nc-config/config/config.php | grep 'dbuser' | sed \"s/dbuser\\| \\|'\\|,\\|=>//g\")"
"POSTGRES_PASSWORD=$(cat /nc-config/config/config.php | grep 'dbpassword' | sed \"s/dbpassword\\| \\|'\\|,\\|=>//g\")"
"POSTGRES_DB=$(cat /nc-config/config/config.php | grep 'dbname' | sed \"s/dbname\\| \\|'\\|,\\|=>//g\")"
"[ -n \"$POSTGRES_USER\" ] && [ -n \"$POSTGRES_PASSWORD\" ] && [ -n \"$POSTGRES_DB\" ] && echo 'User, Database and password fetched from config.php'"
(index $cmd 2) -}}
{{- $newCmd := (list (index $cmd 0) (index $cmd 1) $temp) -}}
{{- $_ := set .Values.workload.postgresbackup.podSpec.containers.postgresbackup "command" $newCmd -}}
{{- $_ := set .Values.workload.postgresbackup.podSpec "securityContext" (dict "fsGroup" "33") -}}
{{/* Create the configmap for portal manually*/}}
{{- include "nextcloud.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

78
library/ix-dev/charts/nextcloud/templates/cronjob.yaml
View File

@@ -1,78 +0,0 @@
{{ $cronjob_values := (. | mustDeepCopy) }}
{{ $_ := set $cronjob_values "common" (dict "nameSuffix" "cronjob") }}
{{ $hostName := .Values.nextcloud.host }}
{{ if .Values.useServiceNameForHost }}
{{ $hostName = (include "common.names.fullname" .) }}
{{ end }}
{{if .Values.cronjob.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ template "common.names.fullname" $cronjob_values }}
labels:
app: {{ template "common.names.name" $cronjob_values }}
chart: {{ template "common.names.chart" $cronjob_values }}
release: {{ .Release.Name }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
schedule: "{{ .Values.cronjob.schedule }}"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 2
successfulJobsHistoryLimit: 1
jobTemplate:
metadata:
labels:
app: {{ template "common.names.name" $cronjob_values }}
release: {{ .Release.Name }}
{{- include "common.labels.selectorLabels" $cronjob_values | nindent 8 }}
spec:
template:
metadata:
labels:
app: {{ template "common.names.name" $cronjob_values }}
release: {{ .Release.Name }}
{{- include "common.labels.selectorLabels" $cronjob_values | nindent 12 }}
spec:
restartPolicy: Never
securityContext:
runAsUser: 33
runAsGroup: 0
fsGroup: 33
containers:
- name: {{ .Chart.Name }}-cronjob
image: "{{.Values.image.repository }}:{{.Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- php
- -f
- /var/www/html/cron.php
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/
subPath: "root"
- name: nextcloud-data
mountPath: /var/www/html
subPath: "html"
- name: nextcloud-data
mountPath: {{ .Values.nextcloud.datadir }}
subPath: "data"
- name: nextcloud-data
mountPath: /var/www/html/config
subPath: "config"
- name: nextcloud-data
mountPath: /var/www/html/custom_apps
subPath: "custom_apps"
- name: nextcloud-data
mountPath: /var/www/tmp
subPath: "tmp"
- name: nextcloud-data
mountPath: /var/www/html/themes
subPath: "themes"
volumes:
{{ if .Values.appVolumeMounts }}
{{- include "common.storage.configureAppVolumes" .Values | nindent 12 }}
{{ end }}
{{ end }}

259
library/ix-dev/charts/nextcloud/templates/deployment.yaml
View File

@@ -1,259 +0,0 @@
{{ include "common.storage.hostPathValidate" .Values }}
{{ $postgres_values := (. | mustDeepCopy) }}
{{ $_ := set $postgres_values "common" (dict "nameSuffix" "postgres") }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}-nc
labels:
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
replicas: {{ (default 1 .Values.replicas) }}
strategy:
type: "Recreate"
selector:
matchLabels:
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
name: {{ template "common.names.fullname" . }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
annotations: {{ include "common.annotations" . | nindent 8 }}
spec:
initContainers:
- name: init-postgresdb
image: {{ template "postgres.imageName" . }}
command: ['sh', '-c', "until pg_isready -U $POSTGRES_USER -d {{ include "postgres.DatabaseName" .Values }} -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"]
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }}
containers:
{{ if eq (include "nginx.certAvailable" .) "true" }}
- name: nginx
{{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }}
volumeMounts:
- name: nginx-configuration
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
{{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }}
ports:
- name: nginx-http
containerPort: 8000
protocol: TCP
- name: nginx-https
containerPort: {{ .Values.service.nodePort }}
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTPS
path: /status.php
port: {{ .Values.service.nodePort }}
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
scheme: HTTPS
path: /status.php
port: {{ .Values.service.nodePort }}
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
startupProbe:
httpGet:
scheme: HTTPS
path: /status.php
port: {{ .Values.service.nodePort }}
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
{{ end }}
- name: {{ .Chart.Name }}
{{ include "common.resources.limitation" . | nindent 8 }}
{{ include "common.containers.imageConfig" .Values.image | nindent 8 }}
env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }}
{{ $secretName := (include "common.names.fullname" .) }}
{{ $envList := (default list .Values.environmentVariables) }}
{{- $_ := set .Values "nextcloudDbHost" (include "common.names.fullname" $postgres_values) -}} {{/* Temprary store it on values to display it on NOTES */}}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }}
{{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }}
{{ $envList = mustAppend $envList (dict "name" "PHP_UPLOAD_LIMIT" "value" (printf "%vG" (.Values.nextcloud.max_upload_size | default 3))) }}
{{ $envList = mustAppend $envList (dict "name" "PHP_MEMORY_LIMIT" "value" (printf "%vM" (.Values.nextcloud.php_memory_limit | default 512))) }}
{{ if eq (include "nginx.certAvailable" .) "true" }}
{{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
{{ if and .Values.nextcloud.host .Values.service.nodePort }}
{{ if .Values.nginxConfig.useDifferentAccessPort }}
{{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" .Values.nextcloud.host) }}
{{ else }}
{{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }}
{{ end }}
{{ end }}
{{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }}
{{ $envList = mustAppend $envList (dict "name" "TRUSTED_PROXIES" "value" "127.0.0.1") }}
{{ end }}
{{ $hostName := .Values.nextcloud.host }}
{{ if .Values.useServiceNameForHost }}
{{ $hostName = (include "common.names.fullname" .) }}
{{ end }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" $hostName) }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }}
{{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }}
{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 10 }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /status.php
port: http
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
path: /status.php
port: http
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
startupProbe:
{{ $cmds := list }}
{{ if .Values.nextcloud.install_ffmpeg }}
{{ $cmds = mustAppend $cmds "ffmpeg" }}
{{ end }}
{{ if .Values.nextcloud.install_smbclient }}
{{ $cmds = mustAppend $cmds "smbclient" }}
{{ end }}
{{ if $cmds }}
exec:
command:
- /bin/sh
- -c
- |
commands_to_check={{ join " " $cmds }}
for comm in $commands_to_check; do
if ! command -v $comm /dev/null 2>&1; then
echo "Command $comm not found"
exit 1
fi
done
{{ else }}
httpGet:
path: /status.php
port: http
httpHeaders:
- name: Host
value: localhost
{{ end }}
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 2
failureThreshold: 100
successThreshold: 1
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/
subPath: "root"
- name: nextcloud-data
mountPath: /var/www/html
subPath: "html"
- name: nextcloud-data
mountPath: {{ .Values.nextcloud.datadir }}
subPath: "data"
- name: nextcloud-data
mountPath: /var/www/html/config
subPath: "config"
- name: nextcloud-data
mountPath: /var/www/html/custom_apps
subPath: "custom_apps"
- name: nextcloud-data
mountPath: /var/www/tmp
subPath: "tmp"
- name: nextcloud-data
mountPath: /var/www/html/themes
subPath: "themes"
- name: nextcloud-configuration
# We use -z-99 to ensure that this file is loaded
# after the default opcache file nextcloud provides.
mountPath: /usr/local/etc/php/conf.d/opcache-z-99.ini
subPath: opcache.ini
- name: nextcloud-configuration
# We use -z-99 to ensure that this file is loaded
# after the default php config file nextcloud provides.
mountPath: /usr/local/etc/php/conf.d/nextcloud-z-99.ini
subPath: php.ini
- name: nextcloud-configuration
# https://github.com/nextcloud/docker/issues/1796
mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf
subPath: limitrequestbody.conf
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
mountPath: {{ $hostPathConfiguration.mountPath }}
{{ end }}
{{ if $cmds }}
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- |
echo "Installing {{ join " " $cmds }}..."
apt update && \
apt install -y --no-install-recommends \
{{ join " " $cmds }} || echo "Failed to install binary/binaries"
echo "Finished."
{{ end }}
{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
volumes:
- name: nextcloud-configuration
configMap:
defaultMode: 0755
name: "nextcloud-configuration"
- name: nginx-configuration
configMap:
defaultMode: 0700
name: "nginx-configuration"
{{ include "nginx.tlsKeysVolume" . | nindent 8 }}
{{ if .Values.appVolumeMounts }}
{{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
{{ end }}
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
hostPath:
path: {{ $hostPathConfiguration.hostPath }}
{{ end }}
# Will mount configuration files as www-data (id: 33) for nextcloud
securityContext:
fsGroup: 33

14
library/ix-dev/charts/nextcloud/templates/nextcloud-configmap.yaml
View File

@@ -1,14 +0,0 @@
{{ $bytesGB := 1073741824 }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "nextcloud-configuration"
data:
opcache.ini: |
opcache.memory_consumption={{ .Values.nextcloud.opcache_memory_consumption }}
php.ini: |
max_execution_time={{ .Values.nextcloud.max_execution_time }}
limitrequestbody.conf: |
LimitRequestBody {{ mul .Values.nextcloud.max_upload_size $bytesGB }}

96
library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml
View File

@@ -1,96 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "nginx-configuration"
data:
protocol: {{ include "nginx.scheme" . }}
{{ $timeout := 60 }}
{{ $size := .Values.nextcloud.max_upload_size | default 3 }}
{{ $useDiffAccessPort := false }}
{{ $externalAccessPort := "" }}
{{/* Safely access key as it is conditionaly shown */}}
{{ if hasKey .Values "nginxConfig" }}
{{ $useDiffAccessPort = .Values.nginxConfig.useDifferentAccessPort }}
{{ $externalAccessPort = printf ":%v" .Values.nginxConfig.externalAccessPort }}
{{ $timeout = .Values.nginxConfig.proxy_timeouts | default 60 }}
{{ end }}
{{/* If its 443, do not append it on the rewrite at all */}}
{{ if eq $externalAccessPort ":443" }}
{{ $externalAccessPort = "" }}
{{ end }}
nginx.conf: |-
events {}
http {
# redirects all http requests to https requests
server {
listen 8000 default_server;
listen [::]:8000 default_server;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen {{ .Values.service.nodePort }} ssl http2;
listen [::]:{{ .Values.service.nodePort }} ssl http2;
ssl_certificate '/etc/nginx-certs/public.crt';
ssl_certificate_key '/etc/nginx-certs/private.key';
# maximum 3GB Upload File; change to fit your needs
client_max_body_size {{ $size }}G;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
{{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
{{ else }}
return 301 $scheme://$host:$server_port/remote.php/dav;
{{ end }}
}
location = /.well-known/caldav {
{{ if $useDiffAccessPort }}
return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
{{ else }}
return 301 $scheme://$host:$server_port/remote.php/dav;
{{ end }}
}
location / {
proxy_pass http://localhost;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_request_buffering off;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
{{ if $useDiffAccessPort }}
proxy_set_header X-Forwarded-Port {{ $externalAccessPort | default "443" | trimPrefix ":" }};
{{ else }}
proxy_set_header X-Forwarded-Port $server_port;
{{ end }}
# Proxy timeouts
proxy_connect_timeout {{ $timeout }}s;
proxy_send_timeout {{ $timeout }}s;
proxy_read_timeout {{ $timeout }}s;
}
}
}

10
library/ix-dev/charts/nextcloud/templates/nginx-secret.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "nginx.secretName" . }}
type: Opaque
data:
{{ if eq (include "nginx.certAvailable" .) "true" }}
certPublicKey: {{ (include "nginx.cert.publicKey" .) | toString | b64enc | quote }}
certPrivateKey: {{ (include "nginx.cert.privateKey" .) | toString | b64enc | quote }}
{{ end }}

69
library/ix-dev/charts/nextcloud/templates/postgres-deployment.yaml
View File

@@ -1,69 +0,0 @@
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}-postgres-nc
labels:
app.kubernetes.io/name: {{ template "common.names.name" . }}-postgres
app.kubernetes.io/instance: {{ .Release.Name }}-postgres
spec:
strategy:
type: "Recreate"
selector:
matchLabels:
app.kubernetes.io/name: {{ template "common.names.name" . }}-postgres
app.kubernetes.io/instance: {{ .Release.Name }}-postgres
template:
metadata:
name: {{ template "common.names.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "common.names.name" . }}-postgres
app.kubernetes.io/instance: {{ .Release.Name }}-postgres
annotations: {{ include "common.annotations" . | nindent 8 }}
spec:
containers:
- name: {{ .Chart.Name }}-postgres
image: {{ template "postgres.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
ports:
- name: postgres-tcp
containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
livenessProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
startupProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}

26
library/ix-dev/charts/nextcloud/templates/postgres-secret.yaml
View File

@@ -1,26 +0,0 @@
{{- $secretName := "db-details" }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
data:
{{/*
Lookup for the user shouldn't be needed in normal circumstances
But there was a typo before that resulted to a db-user with weird
characters. So to keep that user for existing installations we retrieve
it from the existing secret.
*/}}
{{/* Init values */}}
{{- $dbUser := ((include "postgres.DatabaseName" .Values) | b64enc) -}}
{{- $dbPass := (randAlphaNum 15 | b64enc) -}}
{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
{{/* If there is a previous secret, use that */}}
{{- $dbUser = (index .data "db-user") -}}
{{- $dbPass = (index .data "db-password") -}}
{{- end }}
db-user: {{ $dbUser }}
db-password: {{ $dbPass }}
{{/* Temprary store them on values to display it on NOTES */}}
{{ $_ := set .Values "nextcloudDbPass" $dbPass }}
{{ $_ := set .Values "nextcloudDbUser" $dbUser }}

6
library/ix-dev/charts/nextcloud/templates/postgres-service.yaml
View File

@@ -1,6 +0,0 @@
{{ $ports := list }}
{{ $ports = mustAppend $ports (dict "name" "postgres-tcp" "port" 5432 "targetPort" 5432) }}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
{{ include "common.classes.service" $values }}

13
library/ix-dev/charts/nextcloud/templates/secrets.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "common.names.fullname" . }}
labels: {{ include "common.labels" . | nindent 4 }}
type: Opaque
data:
nextcloud-username: {{ .Values.nextcloud.username | b64enc | quote }}
{{ if .Values.nextcloud.password }}
nextcloud-password: {{ .Values.nextcloud.password | b64enc | quote }}
{{ else }}
nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }}
{{ end }}

10
library/ix-dev/charts/nextcloud/templates/service.yaml
View File

@@ -1,10 +0,0 @@
{{ $svc := .Values.service }}
{{ $ports := list }}
{{ if eq (include "nginx.certAvailable" .) "true" }}
{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" .Values.service.nodePort "port" .Values.service.nodePort "nodePort" $svc.nodePort) }}
{{ else }}
{{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }}
{{ end }}
{{ $params := . }}
{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
{{ include "common.classes.service" $params }}

35
library/ix-dev/charts/nextcloud/templates/serviceaccount.yaml
View File

@@ -1,35 +0,0 @@
{{ include "common.serviceaccount" . | nindent 0 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Release.Name }}-service-account-role-binding"
subjects:
- kind: ServiceAccount
name: "{{ template "common.names.serviceAccountName" . }}"
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: "{{ .Release.Name }}-service-account-role"
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Release.Name }}-service-account-role"
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
- "apps"
resources:
- pods
- deployments
verbs:
- delete
- get
- list

91
library/ix-dev/charts/nextcloud/values.yaml
View File

@@ -2,9 +2,88 @@ image:
pullPolicy: IfNotPresent
repository: nextcloud
tag: 29.0.0
nginx:
image:
pullPolicy: IfNotPresent
repository: nginx
tag: 1.25.5
useServiceNameForHost: false
nginxImage:
pullPolicy: IfNotPresent
repository: nginx
tag: 1.25.4
# Keep using the same image
# as before the migration
ncPostgresImage:
pullPolicy: IfNotPresent
repository: postgres
tag: "13.1"
resources:
limits:
cpu: 4000m
memory: 8Gi
podOptions:
dnsConfig:
options: []
ncConfig:
adminUser: admin
adminPassword: password
host: ""
dataDir: /var/www/html/data
commands:
- ffmpeg
- smbclient
maxUploadLimit: 3
phpMemoryLimit: 512
opCacheMemoryConsumption: 128
maxExecutionTime: 30
cron:
enabled: true
schedule: "*/15 * * * *"
additionalEnvs: []
ncNetwork:
webPort: 9001
certificateID:
nginx:
proxyTimeouts: 120
useDifferentAccessPort: false
externalAccessPort: 80
ncStorage:
data:
type: ixVolume
ixVolumeConfig:
datasetName: data
html:
type: ixVolume
ixVolumeConfig:
datasetName: html
pgData:
type: ixVolume
ixVolumeConfig:
datasetName: pgData
pgBackup:
# TODO: NC creates a different user/pw for pg, so we should pass the
# config to the backup container so it can get the right details
type: ixVolume
ixVolumeConfig:
datasetName: pgBackup
additionalStorages: []
notes:
custom: |
## Database
You can connect to the database using the pgAdmin App from the catalog
<details>
<summary>Database Details</summary>
- Database: `{{ .Values.ncDbName }}`
- Username: `{{ .Values.ncDbUser }}`
- Password: `{{ .Values.ncDbPass }}`
- Host: `{{ .Values.ncDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
- Port: `5432`
</details>
{{- $_ := unset .Values "ncDbUser" }}
{{- $_ := unset .Values "ncDbName" }}
{{- $_ := unset .Values "ncDbPass" }}
{{- $_ := unset .Values "ncDbHost" }}