diff --git a/library/ix-dev/charts/nextcloud/Chart.lock b/library/ix-dev/charts/nextcloud/Chart.lock
index 2cf39f5f09..f51b6f6f01 100644
--- a/library/ix-dev/charts/nextcloud/Chart.lock
+++ b/library/ix-dev/charts/nextcloud/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
- repository: file://../../../common/2304.0.1
- version: 2304.0.1
-digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670
-generated: "2023-04-24T13:40:41.468936547+03:00"
+ repository: file://../../../common
+ version: 1.2.9
+digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c
+generated: "2024-04-12T15:56:46.904719299+03:00"
diff --git a/library/ix-dev/charts/nextcloud/Chart.yaml b/library/ix-dev/charts/nextcloud/Chart.yaml
index fddf41df55..9ec572e274 100644
--- a/library/ix-dev/charts/nextcloud/Chart.yaml
+++ b/library/ix-dev/charts/nextcloud/Chart.yaml
@@ -4,7 +4,7 @@ description: A file sharing server that puts the control and security of your ow
annotations:
title: Nextcloud
type: application
-version: 1.6.61
+version: 2.0.0
apiVersion: v2
appVersion: 29.0.0
kubeVersion: '>=1.16.0-0'
@@ -14,8 +14,8 @@ maintainers:
email: dev@ixsystems.com
dependencies:
- name: common
- repository: file://../../../common/2304.0.1
- version: 2304.0.1
+ repository: file://../../../common
+ version: 1.2.9
home: https://nextcloud.com/
icon: https://media.sys.truenas.net/apps/nextcloud/icons/icon.svg
sources:
diff --git a/library/ix-dev/charts/nextcloud/README.md b/library/ix-dev/charts/nextcloud/README.md
index 28f3c66405..09c7fcc1d8 100644
--- a/library/ix-dev/charts/nextcloud/README.md
+++ b/library/ix-dev/charts/nextcloud/README.md
@@ -1,11 +1,3 @@
-# nextcloud
+# Nextcloud
-[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
-
-## Introduction
-
-This chart bootstraps an [nextcloud](https://hub.docker.com/_/nextcloud/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Configuration
-
-Please refer to questions.yaml for a detailed overview on supported configurable values.
+[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
diff --git a/library/ix-dev/charts/nextcloud/app-readme.md b/library/ix-dev/charts/nextcloud/app-readme.md
index f2e78c31f9..09c7fcc1d8 100644
--- a/library/ix-dev/charts/nextcloud/app-readme.md
+++ b/library/ix-dev/charts/nextcloud/app-readme.md
@@ -1,3 +1,3 @@
-# nextcloud
+# Nextcloud
-[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
+[Nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
diff --git a/library/ix-dev/charts/nextcloud/charts/common-1.2.9.tgz b/library/ix-dev/charts/nextcloud/charts/common-1.2.9.tgz
new file mode 100644
index 0000000000..809ea26971
Binary files /dev/null and b/library/ix-dev/charts/nextcloud/charts/common-1.2.9.tgz differ
diff --git a/library/ix-dev/charts/nextcloud/charts/common-2304.0.1.tgz b/library/ix-dev/charts/nextcloud/charts/common-2304.0.1.tgz
deleted file mode 100644
index 70fb1576ba..0000000000
Binary files a/library/ix-dev/charts/nextcloud/charts/common-2304.0.1.tgz and /dev/null differ
diff --git a/library/ix-dev/charts/nextcloud/ci/basic-values.yaml b/library/ix-dev/charts/nextcloud/ci/basic-values.yaml
new file mode 100644
index 0000000000..7a01cfd4ab
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/ci/basic-values.yaml
@@ -0,0 +1,31 @@
+ncConfig:
+ adminUser: admin
+ adminPassword: password
+ host: "127.0.0.1"
+ dataDir: /var/www/html/data
+ commands:
+ - ffmpeg
+ - smbclient
+ maxUploadLimit: 3
+ phpMemoryLimit: 512
+
+ncNetwork:
+ webPort: 30001
+ nginx:
+ proxyTimeouts: 120
+ useDifferentAccessPort: false
+ externalAccessPort: 80
+
+ncStorage:
+ pgData:
+ type: pvc
+ html:
+ type: pvc
+ data:
+ type: pvc
+ pgBackup:
+ type: emptyDir
+ emptyDirConfig:
+ medium: ""
+ size: ""
+ additionalStorages: []
diff --git a/library/ix-dev/charts/nextcloud/ci/https-values.yaml b/library/ix-dev/charts/nextcloud/ci/https-values.yaml
new file mode 100644
index 0000000000..c65825086a
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/ci/https-values.yaml
@@ -0,0 +1,118 @@
+ncConfig:
+ adminUser: admin
+ adminPassword: password
+ host: "127.0.0.1"
+ dataDir: /var/www/html/data
+ commands:
+ - ffmpeg
+ - smbclient
+ maxUploadLimit: 3
+ phpMemoryLimit: 512
+
+ncNetwork:
+ webPort: 30001
+ certificateID: 1
+ nginx:
+ proxyTimeouts: 120
+ useDifferentAccessPort: false
+ externalAccessPort: 80
+
+ncStorage:
+ pgData:
+ type: pvc
+ html:
+ type: pvc
+ data:
+ type: pvc
+ pgBackup:
+ type: emptyDir
+ emptyDirConfig:
+ medium: ""
+ size: ""
+ additionalStorages: []
+
+ixCertificates:
+ "1":
+ certificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
+ ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
+ VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
+ HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
+ MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
+ BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
+ ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
+ Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
+ P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
+ 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
+ PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
+ AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
+ AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
+ hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
+ AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
+ CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
+ DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
+ FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
+ BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
+ KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
+ h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
+ fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
+ x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
+ MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
+ ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
+ VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
+ HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
+ CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
+ CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
+ IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
+ 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
+ iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
+ M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
+ Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
+ VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
+ AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
+ wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
+ AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
+ pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
+ MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
+ SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+ BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
+ zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
+ PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
+ TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
+ 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+ +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
+ M7Y3vwxshpo=
+ -----END CERTIFICATE-----
+ privatekey: |
+ -----BEGIN PRIVATE KEY-----
+ MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
+ HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
+ H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
+ 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
+ NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+ +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
+ A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
+ eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
+ N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
+ EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
+ PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
+ 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
+ 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
+ FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
+ L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
+ d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
+ 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
+ MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
+ wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
+ DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
+ wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
+ nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
+ dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
+ //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
+ qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
+ 3G15AKCXo7jjOUtHY01DCQ==
+ -----END PRIVATE KEY-----
diff --git a/library/ix-dev/charts/nextcloud/ci/no-cron.yaml b/library/ix-dev/charts/nextcloud/ci/no-cron.yaml
new file mode 100644
index 0000000000..a34c8a2957
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/ci/no-cron.yaml
@@ -0,0 +1,31 @@
+ncConfig:
+ adminUser: admin
+ adminPassword: password
+ host: "127.0.0.1"
+ dataDir: /var/www/html/data
+ cron:
+ enabled: false
+ commands: []
+ maxUploadLimit: 3
+ phpMemoryLimit: 512
+
+ncNetwork:
+ webPort: 30001
+ nginx:
+ proxyTimeouts: 120
+ useDifferentAccessPort: false
+ externalAccessPort: 80
+
+ncStorage:
+ pgData:
+ type: pvc
+ html:
+ type: pvc
+ data:
+ type: pvc
+ pgBackup:
+ type: emptyDir
+ emptyDirConfig:
+ medium: ""
+ size: ""
+ additionalStorages: []
diff --git a/library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml b/library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml
new file mode 100644
index 0000000000..3f87463be5
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/ci/nocmd-values.yaml
@@ -0,0 +1,29 @@
+ncConfig:
+ adminUser: admin
+ adminPassword: password
+ host: "127.0.0.1"
+ dataDir: /var/www/html/data
+ commands: []
+ maxUploadLimit: 3
+ phpMemoryLimit: 512
+
+ncNetwork:
+ webPort: 30001
+ nginx:
+ proxyTimeouts: 120
+ useDifferentAccessPort: false
+ externalAccessPort: 80
+
+ncStorage:
+ pgData:
+ type: pvc
+ html:
+ type: pvc
+ data:
+ type: pvc
+ pgBackup:
+ type: emptyDir
+ emptyDirConfig:
+ medium: ""
+ size: ""
+ additionalStorages: []
diff --git a/library/ix-dev/charts/nextcloud/ci/onedata-values.yaml b/library/ix-dev/charts/nextcloud/ci/onedata-values.yaml
new file mode 100644
index 0000000000..859244631b
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/ci/onedata-values.yaml
@@ -0,0 +1,76 @@
+ncConfig:
+ adminUser: admin
+ adminPassword: password
+ host: "127.0.0.1"
+ dataDir: /var/www/html/data
+ commands: []
+ maxUploadLimit: 3
+ phpMemoryLimit: 512
+
+ncNetwork:
+ webPort: 30001
+ nginx:
+ proxyTimeouts: 120
+ useDifferentAccessPort: false
+ externalAccessPort: 80
+
+ncStorage:
+ isDataInTheSameVolume: true
+ html:
+ type: hostPath
+ hostPathConfig:
+ hostPath: /mnt/{{ .Release.Name }}/test
+ data:
+ type: hostPath
+ hostPathConfig:
+ hostPath: /mnt/{{ .Release.Name }}/test
+ pgData:
+ type: pvc
+ pgBackup:
+ type: emptyDir
+ emptyDirConfig:
+ medium: ""
+ size: ""
+ additionalStorages: []
+
+##### CI Hack #####
+# What this hack does is that it will create a pod before the chart install
+# A hostPath is attached to the pod, which will force k8s to create the directory on the host.
+# so the actual test run will find the directory created there. (Storage attached to the actual NC chart
+# uses `subPath` for which k8s will not created the directory on the host.)
+workload:
+ ci-hack:
+ enabled: true
+ type: Job
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": hook-succeeded
+ podSpec:
+ restartPolicy: Never
+ containers:
+ ci-hack:
+ enabled: true
+ primary: true
+ image: bashImage
+ command: bash
+ args:
+ - -c
+ - exit 0
+ probes:
+ liveness:
+ enabled: false
+ readiness:
+ enabled: false
+ startup:
+ enabled: false
+persistence:
+ ci-hack:
+ enabled: true
+ type: hostPath
+ hostPath: /mnt/{{ .Release.Name }}/test/data
+ hostPathType: DirectoryOrCreate
+ targetSelector:
+ ci-hack:
+ ci-hack:
+ mountPath: /ci
diff --git a/library/ix-dev/charts/nextcloud/ci/test-values.yaml b/library/ix-dev/charts/nextcloud/ci/test-values.yaml
deleted file mode 100644
index 1cc2f27351..0000000000
--- a/library/ix-dev/charts/nextcloud/ci/test-values.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-appVolumeMounts:
- nextcloud-data:
- emptyDir: true
- mountPath: /var/www
-cronjob:
- enabled: false
- schedule: 1 */24 * * *
-dnsConfig:
- options: []
-emptyDirVolumes: true
-environmentVariables: []
-ixChartContext: {}
-nginxConfig:
- proxy_timeouts: 120
- useDifferentAccessPort: true
- externalPort: 443
-nextcloud:
- datadir: /var/www/html/data
- host: nextcloud.kube.home
- install_ffmpeg: true
- install_smbclient: true
- max_upload_size: 5
- max_execution_time: 30
- php_memory_limit: 512
- opcache_memory_consumption: 128
- password: changeme
- username: admin
-postgresAppVolumeMounts:
- postgres-backup:
- emptyDir: true
- mountPath: /postgres_backups
- postgres-data:
- emptyDir: true
- mountPath: /var/lib/postgresql/data
-postgresql:
- backupVolume:
- datasetName: ix-postgres_backups
- mountPath: /postgres_backups
- dataVolume:
- datasetName: ix-postgres_data
- mountPath: /var/lib/postgresql/data
-service:
- nodePort: 31000
-updateStrategy: Recreate
-useServiceNameForHost: true
diff --git a/library/ix-dev/charts/nextcloud/metadata.yaml b/library/ix-dev/charts/nextcloud/metadata.yaml
index a0c2282029..19ef667362 100644
--- a/library/ix-dev/charts/nextcloud/metadata.yaml
+++ b/library/ix-dev/charts/nextcloud/metadata.yaml
@@ -6,8 +6,8 @@ runAsContext:
description: Nextcloud runs as root user.
- userName: root
groupName: root
- gid: 0
- uid: 0
+ gid: 999
+ uid: 999
description: Postgres runs as root user.
- userName: root
groupName: root
@@ -19,28 +19,14 @@ capabilities:
description: Nextcloud, Nginx and Postgres are able to chown files.
- name: FOWNER
description: Nextcloud, Nginx and Postgres are able to bypass permission checks for it's sub-processes.
- - name: SYS_CHROOT
- description: Nextcloud, Nginx and Postgres are able to use chroot.
- - name: MKNOD
- description: Nextcloud, Nginx and Postgres are able to create device nodes.
- name: DAC_OVERRIDE
description: Nextcloud, Nginx and Postgres are able to bypass permission checks.
- - name: FSETID
- description: Nextcloud, Nginx and Postgres are able to set file capabilities.
- - name: KILL
- description: Nextcloud, Nginx and Postgres are able to kill processes.
- name: SETGID
description: Nextcloud, Nginx and Postgres are able to set group ID for it's sub-processes.
- name: SETUID
description: Nextcloud, Nginx and Postgres are able to set user ID for it's sub-processes.
- - name: SETPCAP
- description: Nextcloud, Nginx and Postgres are able to set process capabilities.
- name: NET_BIND_SERVICE
description: Nextcloud, Nginx and Postgres are able to bind to privileged ports.
- - name: SETFCAP
- description: Nextcloud, Nginx and Postgres are able to set file capabilities.
- name: NET_RAW
description: Nextcloud, Nginx and Postgres are able to use raw sockets.
- - name: AUDIT_WRITE
- description: Nextcloud, Nginx and Postgres are able to write to audit log.
hostMounts: []
diff --git a/library/ix-dev/charts/nextcloud/migrations/migrate b/library/ix-dev/charts/nextcloud/migrations/migrate
new file mode 100755
index 0000000000..c6d6371655
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/migrations/migrate
@@ -0,0 +1,110 @@
+#!/usr/bin/python3
+import json
+import os
+import sys
+
+def migrate_volume(volume, suffix=''):
+ return {
+ 'type': 'hostPath',
+ 'hostPathConfig': {
+ 'hostPath': volume['hostPath']+suffix
+ },
+ } if volume.get('hostPathEnabled', False) else {
+ 'type': 'ixVolume',
+ 'ixVolumeConfig': {
+ 'datasetName': volume['datasetName'],
+ },
+ }
+
+def migrate_common_lib(values):
+ delete_keys = [
+ 'service', 'updateStrategy', 'certificate', 'enableResourceLimits', 'cpuLimit',
+ 'memLimit', 'dnsConfig', 'environmentVariables', 'nextcloud', 'cronjob', 'nginx',
+ 'nginxConfig', 'postgresAppVolumeMounts', 'extraAppVolumeMounts', 'appVolumeMounts',
+ 'useServiceNameForHost',
+ ]
+
+ values.update({
+ 'shouldShowStorageToggle': True,
+ 'isDataInTheSameVolume': True,
+ # Migrate Network
+ 'ncNetwork': {
+ 'webPort': values['service']['nodePort'],
+ 'certificateID': values['certificate'],
+ 'nginx': {
+ 'proxyTimeouts': values.get('nginxConfig', {}).get('proxy_timeouts', 60),
+ 'useDifferentAccessPort': values.get('nginxConfig', {}).get('useDifferentAccessPort', False),
+ 'externalAccessPort': values.get('nginxConfig', {}).get('externalAccessPort', 443)
+ }
+ },
+ # Migrate Resources
+ 'resources': {
+ 'limits': {
+ 'cpu': values.get('cpuLimit', '4000m'),
+ 'memory': values.get('memLimit', '8Gi'),
+ }
+ },
+ # Migrate DNS
+ 'podOptions': {
+ 'dnsConfig': {
+ 'options': [
+ {'name': opt['name'], 'value': opt['value']}
+ for opt in values.get('dnsConfig', {}).get('options', [])
+ ]
+ }
+ },
+ # Migrate Config
+ 'ncConfig': {
+ 'additionalEnvs': values.get('environmentVariables', []),
+ 'adminUser': values['nextcloud']['username'],
+ 'adminPassword': values['nextcloud']['password'],
+ 'host': values['nextcloud'].get('host', ''),
+ 'dataDir': values['nextcloud']['datadir'],
+ 'commands': (['ffmpeg'] if values['nextcloud']['install_ffmpeg'] else []) + (['smbclient'] if values['nextcloud']['install_smbclient'] else []),
+ 'maxUploadLimit': values['nextcloud']['max_upload_size'],
+ 'maxExecutionTime': values['nextcloud']['max_execution_time'],
+ 'phpMemoryLimit': values['nextcloud']['php_memory_limit'],
+ 'opCacheMemoryConsumption': values['nextcloud']['opcache_memory_consumption'],
+ 'cron': {
+ 'enabled': values['cronjob']['enabled'],
+ 'schedule': values['cronjob']['schedule'] if values['cronjob']['enabled'] else '*/15 * * * *',
+ }
+ },
+ # Migrate Storage
+ 'ncStorage': {
+ 'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']),
+ 'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']),
+ 'data': migrate_volume(values['appVolumeMounts']['nextcloud-data']),
+ 'html': migrate_volume(values['appVolumeMounts']['nextcloud-data']),
+ 'additionalStorages': [
+ {
+ 'type': 'hostPath',
+ 'hostPathConfig': {'hostPath': e['hostPath']},
+ 'mountPath': e['mountPath'],
+ }
+ for e in values.get('extraAppVolumeMounts', [])
+ ],
+ },
+ })
+
+ for k in delete_keys:
+ values.pop(k, None)
+
+ return values
+
+def migrate(values):
+ # If this missing, we have already migrated
+ if not 'appVolumeMounts' in values.keys():
+ return values
+
+
+ return migrate_common_lib(values)
+
+
+if __name__ == '__main__':
+ if len(sys.argv) != 2:
+ exit(1)
+
+ if os.path.exists(sys.argv[1]):
+ with open(sys.argv[1], 'r') as f:
+ print(json.dumps(migrate(json.loads(f.read()))))
diff --git a/library/ix-dev/charts/nextcloud/migrations/migrate_from_1.1.0 b/library/ix-dev/charts/nextcloud/migrations/migrate_from_1.1.0
deleted file mode 100755
index 1977bf3806..0000000000
--- a/library/ix-dev/charts/nextcloud/migrations/migrate_from_1.1.0
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/python3
-import json
-import os
-import sys
-
-
-def migrate(values):
- values.update({
- 'appVolumeMounts': {
- 'nextcloud-data': {
- 'hostPathEnabled': values['nextcloudDataHostPathEnabled'],
- **({'hostPath': values['nextcloudHostPath']} if values.get('nextcloudHostPath') else {})
- },
- },
- 'updateStrategy': values.get('nextcloud').get('strategy', 'Recreate'),
- })
- return values
-
-
-if __name__ == '__main__':
- if len(sys.argv) != 2:
- exit(1)
-
- if os.path.exists(sys.argv[1]):
- with open(sys.argv[1], 'r') as f:
- print(json.dumps(migrate(json.loads(f.read()))))
diff --git a/library/ix-dev/charts/nextcloud/questions.yaml b/library/ix-dev/charts/nextcloud/questions.yaml
index 20f9e1bdd2..a2fcd52865 100644
--- a/library/ix-dev/charts/nextcloud/questions.yaml
+++ b/library/ix-dev/charts/nextcloud/questions.yaml
@@ -1,161 +1,78 @@
groups:
- - name: "Container Images"
- description: "Image to be used for container"
- - name: "Nextcloud Configuration"
- description: "Configuration details for Nextcloud workload"
- - name: "Storage"
- description: "Configure Storage for Nextcloud"
- - name: "Container Configuration"
- description: "Configure nextcloud container parameters"
- - name: "Postgresql Configuration"
- description: "Configure Postgresql for nextcloud"
- - name: "CronJob configuration"
- description: "Configure CronJob for nextcloud"
- - name: "Scaling/Upgrade Policy"
- description: "Configure how pods are replaced when configuration is upgraded"
- - name: "Advanced DNS Settings"
- description: "Configure DNS settings"
- - name: "Resource Limits"
- description: "Set CPU/memory limits for Kubernetes Pod"
-
+ - name: Nextcloud Configuration
+ description: Configure Nextcloud
+ - name: Advanced Pod Configuration
+ description: Configure Advanced Pod Options for Nextcloud
+ - name: Network Configuration
+ description: Configure Network for Nextcloud
+ - name: Storage Configuration
+ description: Configure Storage for Nextcloud
+ - name: Resources Configuration
+ description: Configure Resources for Nextcloud
portals:
web_portal:
protocols:
- - "$kubernetes-resource_configmap_nginx-configuration_protocol"
+ - "$kubernetes-resource_configmap_portal_protocol"
host:
- - "$variable-nextcloud.host"
+ - "$kubernetes-resource_configmap_portal_host"
ports:
- - "$variable-service.nodePort"
+ - "$kubernetes-resource_configmap_portal_port"
+ path: "$kubernetes-resource_configmap_portal_path"
questions:
-
- - variable: dnsConfig
- label: "DNS Configuration"
- group: "Advanced DNS Settings"
+ - variable: ncConfig
+ label: ""
+ group: Nextcloud Configuration
schema:
type: dict
attrs:
- - variable: options
- label: "DNS Options"
+ - variable: adminUser
+ label: Admin User
+ description: The Nextcloud admin user.
schema:
- type: list
- items:
- - variable: optionsEntry
- label: "Option Entry Configuration"
- schema:
- type: dict
- attrs:
- - variable: name
- label: "Option Name"
- schema:
- type: string
- required: true
- - variable: value
- label: "Option Value"
- schema:
- type: string
- required: true
-
- - variable: certificate
- description: "Configure Certificate for Nextcloud"
- label: "Certificate Configuration"
- group: "Nextcloud Configuration"
- schema:
- type: int
- $ref:
- - "definitions/certificate"
-
- - variable: nginxConfig
- description: "Configure Nginx for Nextcloud"
- label: "Nginx Configuration"
- group: "Nextcloud Configuration"
- schema:
- type: dict
- show_if: [["certificate", "!=", null]]
- attrs:
- - variable: proxy_timeouts
- label: "Proxy timeouts (Seconds)"
- description: |
- Applies the timeout to the following settings:
- - proxy_connect_timeout
- - proxy_send_timeout
- - proxy_read_timeout
- schema:
- type: int
- min: 30
- default: 60
+ type: string
+ default: ""
required: true
- - variable: useDifferentAccessPort
- label: "Use different port for URL rewrites"
- description: |
- If enabled, the URL rewrite will use [Access Port] defined below instead of the [Node Port].
- Note that Nextcloud will still listen on the [Node Port]. (Default 9001)
+ - variable: adminPassword
+ label: Admin Password
+ description: The Nextcloud admin password.
schema:
- type: boolean
- default: false
- - variable: externalAccessPort
- label: "External Access Port"
- schema:
- type: int
- show_if: [["useDifferentAccessPort", "=", true]]
- min: 443
- max: 65535
- default: 443
+ type: string
+ default: ""
required: true
-
- - variable: nextcloud
- description: "Nextcloud configuration details"
- label: "Nextcloud Configuration"
- group: "Nextcloud Configuration"
- schema:
- type: dict
- required: true
- additional_attrs: true
- attrs:
- variable: host
- description: "Nextcloud host to create application URLs"
- label: "Nextcloud host"
+ label: Host
+ description: Nextcloud host to create application URLs
schema:
type: string
$ref:
- "definitions/nodeIP"
- - variable: username
- label: "Username"
- description: "Name of the Nextcloud admin user"
- schema:
- type: string
- default: "admin"
- required: true
- - variable: password
- label: "Password"
- description: "Password for the Nextcloud admin user"
- schema:
- type: string
- private: true
- default: "changeme"
- required: true
- - variable: datadir
+ - variable: dataDir
label: "Nextcloud data directory"
- description: "Configures the data directory where nextcloud stores all files from the users"
+ description: "Configures the data directory where Nextcloud stores all files from the users. The path refers to the path inside the container"
schema:
type: path
default: "/var/www/html/data"
required: true
- - variable: install_ffmpeg
- label: "Install ffmpeg"
- description: "Automatically Install ffmpeg when the container starts"
+ - variable: commands
+ label: Commands
+ description: Commands to run in the Nextcloud container
schema:
- type: boolean
- default: false
- - variable: install_smbclient
- label: "Install smbclient"
- description: "Automatically Install smbclient when the container starts"
- schema:
- type: boolean
- default: false
- - variable: max_upload_size
- label: "Max Upload Size (Giga Bytes)"
+ type: list
+ items:
+ - variable: command
+ label: Command
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: ffmpeg
+ description: ffmpeg
+ - value: smbclient
+ description: smbclient
+ - variable: maxUploadLimit
+ label: Max Upload Size (Giga Bytes)
description: |
Applies the timeout to the following settings:
- client_max_body_size in nginx
@@ -165,273 +82,679 @@ questions:
default: 3
min: 1
required: true
- - variable: max_execution_time
- label: "Max Execution Time (Seconds)"
- description: "Configures the max execution time of php"
+ - variable: maxExecutionTime
+ label: Max Execution Time (Seconds)
+ description: Configures the max execution time of php
schema:
type: int
default: 30
min: 30
required: true
- - variable: php_memory_limit
- label: "PHP Memory Limit (Mega Bytes)"
- description: "Configures the memory limit of php"
+ - variable: phpMemoryLimit
+ label: PHP Memory Limit (Mega Bytes)
+ description: Configures the memory limit of php
schema:
type: int
default: 512
min: 128
max: 4096
required: true
- - variable: opcache_memory_consumption
- label: "Opcache Memory Consumption (Mega Bytes)"
- description: "Configures the memory consumption of the opcache"
+ - variable: opCacheMemoryConsumption
+ label: Opcache Memory Consumption (Mega Bytes)
+ description: Configures the memory consumption of the opcache
schema:
type: int
min: 128
max: 1024
default: 128
required: true
-
- - variable: cronjob
- description: "Setup cronjob for nextcloud"
- label: "Setup cronjob for nextcloud"
- group: "CronJob configuration"
- schema:
- type: dict
- attrs:
- - variable: enabled
- label: "Enable cronjobs for nextcloud"
+ - variable: cron
+ label: Cron
+ description: Configures the cron job for Nextcloud
schema:
- type: boolean
- default: false
- show_subquestions_if: true
- subquestions:
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: true
+ required: true
- variable: schedule
label: Schedule
schema:
type: string
+ show_if: [["enabled", "=", true]]
default: "*/15 * * * *"
- empty: false
+ required: true
- # Update strategy
- - variable: updateStrategy
- description: "Upgrade Policy"
- label: "Update Strategy"
- group: "Scaling/Upgrade Policy"
- schema:
- type: string
- default: "Recreate"
- enum:
- - value: "RollingUpdate"
- description: "Create new pods and then kill old ones"
- - value: "Recreate"
- description: "Kill existing pods before creating new ones"
-
- - variable: service
- description: "Nextcloud Service Configuration"
- label: "Nextcloud Service Configuration"
- group: "Nextcloud Configuration"
+ - variable: podOptions
+ label: ""
+ group: Advanced Pod Configuration
schema:
type: dict
- required: true
attrs:
- - variable: nodePort
- label: "Node Port to use for Nextcloud"
+ - variable: dnsConfig
+ label: Advanced DNS Configuration
+ schema:
+ type: dict
+ attrs:
+ - variable: options
+ label: DNS Options
+ schema:
+ type: list
+ items:
+ - variable: optionsEntry
+ label: DNS Option Entry
+ schema:
+ type: dict
+ attrs:
+ - variable: name
+ label: Option Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Option Value
+ schema:
+ type: string
+ required: true
+
+ - variable: ncNetwork
+ label: ""
+ group: Network Configuration
+ schema:
+ type: dict
+ attrs:
+ - variable: webPort
+ label: Web Port
+ description: The port for the Nextcloud Web UI.
schema:
type: int
+ default: 20810
min: 9000
max: 65535
- default: 9001
required: true
+ - variable: certificateID
+ label: Certificate
+ description: The certificate to use for Nextcloud
+ schema:
+ type: int
+ "null": true
+ $ref:
+ - "definitions/certificate"
+ - variable: nginx
+ label: Nginx Configuration
+ schema:
+ type: dict
+ show_if: [["certificateID", "!=", null]]
+ attrs:
+ - variable: proxyTimeouts
+ label: Proxy timeouts (Seconds)
+ description: |
+ Applies the timeout to the following settings:
+ - proxy_connect_timeout
+ - proxy_send_timeout
+ - proxy_read_timeout
+ schema:
+ type: int
+ min: 30
+ default: 60
+ required: true
+ - variable: useDifferentAccessPort
+ label: Use different port for URL rewrites
+ description: |
+ If enabled, the URL rewrite will use [Access Port] defined below instead of the [Node Port].
+ Note that Nextcloud will still listen on the [Node Port]. (Default 9001)
+ schema:
+ type: boolean
+ default: false
+ - variable: externalAccessPort
+ label: External Access Port
+ schema:
+ type: int
+ show_if: [["useDifferentAccessPort", "=", true]]
+ min: 443
+ max: 65535
+ default: 443
+ required: true
- - variable: appVolumeMounts
- label: "Nextcloud Storage"
- group: "Storage"
+ - variable: ncStorage
+ label: ""
+ group: Storage Configuration
schema:
type: dict
attrs:
- - variable: nextcloud-data
- label: "Nextcloud Data Volume"
+ - variable: shouldShowStorageToggle
+ label: ""
+ schema:
+ type: boolean
+ default: false
+ hidden: true
+ - variable: isDataInTheSameVolume
+ label: "Pre v2 Storage Structure (See the tooltip for more information)"
+ description: |
+ If this is checked, means that this is an installation coming from a previous version (v1.x.x).
+ In order to have backwards compatibility, the older storage structure was kept for this installation.
+ If you want to utilize the new storage structure, move 'data' in a separate directory or dataset.
+ Change the 'Nextcloud UserData' configuration below to point to the new location and then uncheck this checkbox.
+
+ You will NOT likely want to change that if your setup uses ixVolume as storage.
+ schema:
+ type: boolean
+ show_if: [["shouldShowStorageToggle", "=", true]]
+ default: false
+ - variable: html
+ label: Nextcloud HTML Storage
+ description: The path to store Nextcloud HTML and AppData.
schema:
type: dict
attrs:
- - variable: datasetName
- label: "Nextcloud Data Volume Name"
+ - variable: type
+ label: Type
+ description: |
+ ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
schema:
type: string
- hidden: true
+ required: true
+ immutable: true
+ default: ixVolume
+ enum:
+ - value: hostPath
+ description: Host Path (Path that already exists on the system)
+ - value: ixVolume
+ description: ixVolume (Dataset created automatically by the system)
+ - variable: ixVolumeConfig
+ label: ixVolume Configuration
+ description: The configuration for the ixVolume dataset.
+ schema:
+ type: dict
+ show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
- show_if: [["hostPathEnabled", "=", false]]
- default: "ix-nextcloud_data"
- editable: false
- - variable: mountPath
- label: "Nextcloud Data Mount Path"
- description: "Path where the volume will be mounted inside the pod"
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ default: false
+ - variable: datasetName
+ label: Dataset Name
+ description: The name of the dataset to use for storage.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ hidden: true
+ default: "html"
+ - variable: aclEntries
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ - variable: hostPathConfig
+ label: Host Path Configuration
schema:
- type: path
- hidden: true
- editable: false
- default: "/var/www"
- - variable: hostPathEnabled
- label: "Enable Host Path for Nextcloud Data Volume"
- schema:
- type: boolean
- default: false
- show_subquestions_if: true
- subquestions:
+ type: dict
+ show_if: [["type", "=", "hostPath"]]
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ default: false
+ - variable: acl
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ $ref:
+ - "normalize/acl"
- variable: hostPath
- label: "Host Path for Nextcloud Data Volume"
+ label: Host Path
+ description: The host path to use for storage.
schema:
type: hostpath
+ show_if: [["aclEnable", "=", false]]
required: true
-
- - variable: extraAppVolumeMounts
- label: "Nextcloud Extra Host Path Volumes"
- group: "Storage"
- schema:
- type: list
- items:
- - variable: extraAppVolume
- label: "Nextcloud Host Path Volume"
- description: "Add an extra host path volume for nextcloud application"
+ - variable: data
+ label: Nextcloud User Data Storage
+ description: The path to store Nextcloud User Data.
schema:
type: dict
attrs:
- - variable: mountPath
- label: "Mount Path in Pod"
- description: "Path where the volume will be mounted inside the pod"
+ - variable: type
+ label: Type
+ description: |
+ ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
schema:
- type: path
+ type: string
required: true
- - variable: hostPath
- label: "Host Path"
- description: "Host path"
+ immutable: true
+ default: ixVolume
+ enum:
+ - value: hostPath
+ description: Host Path (Path that already exists on the system)
+ - value: ixVolume
+ description: ixVolume (Dataset created automatically by the system)
+ - variable: ixVolumeConfig
+ label: ixVolume Configuration
+ description: The configuration for the ixVolume dataset.
schema:
- type: hostpath
- required: true
+ type: dict
+ show_if: [["type", "=", "ixVolume"]]
+ $ref:
+ - "normalize/ixVolume"
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ default: false
+ - variable: datasetName
+ label: Dataset Name
+ description: The name of the dataset to use for storage.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ hidden: true
+ default: "html"
+ - variable: aclEntries
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ - variable: hostPathConfig
+ label: Host Path Configuration
+ schema:
+ type: dict
+ show_if: [["type", "=", "hostPath"]]
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ default: false
+ - variable: acl
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ $ref:
+ - "normalize/acl"
+ - variable: hostPath
+ label: Host Path
+ description: The host path to use for storage.
+ schema:
+ type: hostpath
+ show_if: [["aclEnable", "=", false]]
+ required: true
- - variable: postgresAppVolumeMounts
- label: "Postgres Storage"
- group: "Storage"
+ - variable: pgData
+ label: Nextcloud Postgres Data Storage
+ description: The path to store Nextcloud Postgres Data.
+ schema:
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ description: |
+ ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ default: ixVolume
+ enum:
+ - value: hostPath
+ description: Host Path (Path that already exists on the system)
+ - value: ixVolume
+ description: ixVolume (Dataset created automatically by the system)
+ - variable: ixVolumeConfig
+ label: ixVolume Configuration
+ description: The configuration for the ixVolume dataset.
+ schema:
+ type: dict
+ # Nothing to show for the user
+ hidden: true
+ show_if: [["type", "=", "ixVolume"]]
+ $ref:
+ - "normalize/ixVolume"
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ # Postgres does a CHMOD at startup
+ # Which fails with ACL
+ hidden: true
+ default: false
+ - variable: datasetName
+ label: Dataset Name
+ description: The name of the dataset to use for storage.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ hidden: true
+ default: "pgData"
+ - variable: aclEntries
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ - variable: hostPathConfig
+ label: Host Path Configuration
+ schema:
+ type: dict
+ show_if: [["type", "=", "hostPath"]]
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ # Postgres does a CHMOD at startup
+ # Which fails with ACL
+ hidden: true
+ default: false
+ - variable: acl
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ $ref:
+ - "normalize/acl"
+ - variable: hostPath
+ label: Host Path
+ description: The host path to use for storage.
+ schema:
+ type: hostpath
+ show_if: [["aclEnable", "=", false]]
+ required: true
+ - variable: pgBackup
+ label: Nextcloud Postgres Backup Storage
+ description: The path to store Nextcloud Postgres Backup.
+ schema:
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ description: |
+ ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ default: ixVolume
+ enum:
+ - value: hostPath
+ description: Host Path (Path that already exists on the system)
+ - value: ixVolume
+ description: ixVolume (Dataset created automatically by the system)
+ - variable: ixVolumeConfig
+ label: ixVolume Configuration
+ description: The configuration for the ixVolume dataset.
+ schema:
+ type: dict
+ # Nothing to show for the user
+ hidden: true
+ show_if: [["type", "=", "ixVolume"]]
+ $ref:
+ - "normalize/ixVolume"
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ # Postgres does a CHMOD at startup
+ # Which fails with ACL
+ hidden: true
+ default: false
+ - variable: datasetName
+ label: Dataset Name
+ description: The name of the dataset to use for storage.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ hidden: true
+ default: "pgBackup"
+ - variable: aclEntries
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ - variable: hostPathConfig
+ label: Host Path Configuration
+ schema:
+ type: dict
+ show_if: [["type", "=", "hostPath"]]
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ # Postgres does a CHMOD at startup
+ # Which fails with ACL
+ hidden: true
+ default: false
+ - variable: acl
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ $ref:
+ - "normalize/acl"
+ - variable: hostPath
+ label: Host Path
+ description: The host path to use for storage.
+ schema:
+ type: hostpath
+ show_if: [["aclEnable", "=", false]]
+ required: true
+
+ - variable: additionalStorages
+ label: Additional Storage
+ description: Additional storage for Nextcloud.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: storageEntry
+ label: Storage Entry
+ schema:
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ description: |
+ ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ SMB Share: Is a SMB share that is mounted to a persistent volume claim.
+ schema:
+ type: string
+ required: true
+ default: "ixVolume"
+ immutable: true
+ enum:
+ - value: "hostPath"
+ description: Host Path (Path that already exists on the system)
+ - value: "ixVolume"
+ description: ixVolume (Dataset created automatically by the system)
+ - value: "smb-pv-pvc"
+ description: SMB Share (Mounts a persistent volume claim to a SMB share)
+ - variable: readOnly
+ label: Read Only
+ description: Mount the volume as read only.
+ schema:
+ type: boolean
+ default: false
+ - variable: mountPath
+ label: Mount Path
+ description: The path inside the container to mount the storage.
+ schema:
+ type: path
+ required: true
+ - variable: hostPathConfig
+ label: Host Path Configuration
+ schema:
+ type: dict
+ show_if: [["type", "=", "hostPath"]]
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ default: false
+ - variable: acl
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ $ref:
+ - "normalize/acl"
+ - variable: hostPath
+ label: Host Path
+ description: The host path to use for storage.
+ schema:
+ type: hostpath
+ show_if: [["aclEnable", "=", false]]
+ required: true
+ - variable: ixVolumeConfig
+ label: ixVolume Configuration
+ description: The configuration for the ixVolume dataset.
+ schema:
+ type: dict
+ show_if: [["type", "=", "ixVolume"]]
+ $ref:
+ - "normalize/ixVolume"
+ attrs:
+ - variable: aclEnable
+ label: Enable ACL
+ description: Enable ACL for the dataset.
+ schema:
+ type: boolean
+ default: false
+ - variable: datasetName
+ label: Dataset Name
+ description: The name of the dataset to use for storage.
+ schema:
+ type: string
+ required: true
+ immutable: true
+ default: "storage_entry"
+ - variable: aclEntries
+ label: ACL Configuration
+ schema:
+ type: dict
+ show_if: [["aclEnable", "=", true]]
+ attrs: []
+ - variable: smbConfig
+ label: SMB Share Configuration
+ description: The configuration for the SMB Share.
+ schema:
+ type: dict
+ show_if: [["type", "=", "smb-pv-pvc"]]
+ attrs:
+ - variable: server
+ label: Server
+ description: The server for the SMB share.
+ schema:
+ type: string
+ required: true
+ - variable: share
+ label: Share
+ description: The share name for the SMB share.
+ schema:
+ type: string
+ required: true
+ - variable: domain
+ label: Domain (Optional)
+ description: The domain for the SMB share.
+ schema:
+ type: string
+ - variable: username
+ label: Username
+ description: The username for the SMB share.
+ schema:
+ type: string
+ required: true
+ - variable: password
+ label: Password
+ description: The password for the SMB share.
+ schema:
+ type: string
+ required: true
+ private: true
+ - variable: size
+ label: Size (in Gi)
+ description: The size of the volume quota.
+ schema:
+ type: int
+ required: true
+ min: 1
+ default: 1
+
+ - variable: resources
+ group: Resources Configuration
+ label: ""
schema:
type: dict
attrs:
- - variable: postgres-data
- label: "Postgres Data Volume"
+ - variable: limits
+ label: Limits
schema:
type: dict
attrs:
- - variable: datasetName
- label: "Postgres Data Volume Name"
+ - variable: cpu
+ label: CPU
+ description: CPU limit for WG-Easy.
schema:
type: string
- hidden: true
- $ref:
- - "normalize/ixVolume"
- default: "ix-postgres_data"
- show_if: [["hostPathEnabled", "=", false]]
- editable: false
-
- - variable: mountPath
- label: "Postgresql Data Mount Path"
- description: "Path where the volume will be mounted inside the pod"
- schema:
- type: path
- hidden: true
- editable: false
- default: "/var/lib/postgresql/data"
- - variable: hostPathEnabled
- label: "Enable Host Path for Postgres Data Volume"
- schema:
- type: boolean
- default: false
- show_subquestions_if: true
- subquestions:
- - variable: hostPath
- label: "Host Path for Postgres Data Volume"
- schema:
- type: hostpath
- required: true
-
- - variable: postgres-backup
- label: "Postgres Backup Volume"
- schema:
- type: dict
- attrs:
- - variable: datasetName
- label: "Postgres Backup Volume Name"
- schema:
- type: string
- hidden: true
- $ref:
- - "normalize/ixVolume"
- default: "ix-postgres_backups"
- show_if: [["hostPathEnabled", "=", false]]
- editable: false
- - variable: mountPath
- label: "Postgresql Backup Mount Path"
- description: "Path where the volume will be mounted inside the pod"
- schema:
- type: path
- hidden: true
- editable: false
- default: "/postgres_backups"
- - variable: hostPathEnabled
- label: "Enable Host Path for Postgres Backup Volume"
- schema:
- type: boolean
- default: false
- show_subquestions_if: true
- subquestions:
- - variable: hostPath
- label: "Host Path for Postgres Backup Volume"
- schema:
- type: hostpath
- required: true
-
- - variable: enableResourceLimits
- label: "Enable Pod resource limits"
- group: "Resource Limits"
- schema:
- type: boolean
- default: false
- - variable: cpuLimit
- label: "CPU Limit"
- description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100."
- group: "Resource Limits"
- schema:
- type: string
- show_if: [["enableResourceLimits", "=", true]]
- valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
- default: "4000m"
- - variable: memLimit
- label: "Memory Limit"
- group: "Resource Limits"
- description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi"
- schema:
- type: string
- show_if: [["enableResourceLimits", "=", true]]
- valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
- default: "8Gi"
-
- - variable: environmentVariables
- label: "Nextcloud environment"
- group: "Nextcloud Configuration"
- schema:
- type: list
- default: []
- items:
- - variable: environmentVariable
- label: "Environment Variable"
- schema:
- type: dict
- attrs:
- - variable: name
- label: "Name"
- schema:
- type: string
- - variable: value
- label: "Value"
+ max_length: 6
+ valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
+ valid_chars_error: |
+ Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m
+ default: "4000m"
+ required: true
+ - variable: memory
+ label: Memory
+ description: Memory limit for WG-Easy.
schema:
type: string
+ max_length: 12
+ valid_chars: "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$"
+ valid_chars_error: |
+ Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6
+ default: "8Gi"
+ required: true
diff --git a/library/ix-dev/charts/nextcloud/templates/NOTES.txt b/library/ix-dev/charts/nextcloud/templates/NOTES.txt
index 6ad5448619..ba4e01146c 100644
--- a/library/ix-dev/charts/nextcloud/templates/NOTES.txt
+++ b/library/ix-dev/charts/nextcloud/templates/NOTES.txt
@@ -1,16 +1 @@
-## Database
-You can connect to the database using the pgAdmin App from the catalog
-
-
- Database Details
-
- - Database: `nextcloud`
- - Username: `{{ .Values.nextcloudDbUser | b64dec }}`
- - Password: `{{ .Values.nextcloudDbPass | b64dec }}`
- - Host: `{{ .Values.nextcloudDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
- - Port: `5432`
-
-
-{{- $_ := unset .Values "nextcloudDbUser" }}
-{{- $_ := unset .Values "nextcloudDbPass" }}
-{{- $_ := unset .Values "nextcloudDbHost" }}
+{{ include "ix.v1.common.lib.chart.notes" $ }}
diff --git a/library/ix-dev/charts/nextcloud/templates/_configuration.tpl b/library/ix-dev/charts/nextcloud/templates/_configuration.tpl
new file mode 100644
index 0000000000..89c673d406
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_configuration.tpl
@@ -0,0 +1,101 @@
+{{- define "nextcloud.configuration" -}}
+
+ {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
+
+ {{- $dbHost := (printf "%s-postgres" $fullname) -}}
+ {{- $dbUser := "nextcloud" -}}
+ {{- $dbName := "nextcloud" -}}
+ {{- $dbPass := (randAlphaNum 32) -}}
+
+ {{/* Fetch secrets from pre-migration secret */}}
+ {{- with (lookup "v1" "Secret" .Release.Namespace "db-details") -}}
+ {{- $dbUser = ((index .data "db-user") | b64dec) -}}
+ {{- $dbPass = ((index .data "db-password") | b64dec) -}}
+ {{- end -}}
+
+ {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
+ {{- $dbUser = ((index .data "POSTGRES_USER") | b64dec) -}}
+ {{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
+ {{- end -}}
+
+ {{- $redisHost := (printf "%s-redis" $fullname) -}}
+
+ {{- $redisPass := randAlphaNum 32 -}}
+ {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-redis-creds" $fullname)) -}}
+ {{- $redisPass = ((index .data "REDIS_PASSWORD") | b64dec) -}}
+ {{- end -}}
+
+ {{/* Temporary set dynamic db details on values,
+ so we can print them on the notes */}}
+ {{- $_ := set .Values "ncDbPass" $dbPass -}}
+ {{- $_ := set .Values "ncDbHost" $dbHost -}}
+ {{- $_ := set .Values "ncDbName" $dbName -}}
+ {{- $_ := set .Values "ncDbUser" $dbUser -}}
+
+ {{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
+secret:
+ postgres-creds:
+ enabled: true
+ data:
+ POSTGRES_USER: {{ $dbUser }}
+ POSTGRES_DB: {{ $dbName }}
+ POSTGRES_PASSWORD: {{ $dbPass }}
+ POSTGRES_HOST: {{ $dbHost }}
+ POSTGRES_URL: {{ $dbURL }}
+
+ redis-creds:
+ enabled: true
+ data:
+ ALLOW_EMPTY_PASSWORD: "no"
+ REDIS_PASSWORD: {{ $redisPass }}
+ REDIS_HOST: {{ $redisHost }}
+
+ nextcloud-creds:
+ enabled: true
+ data:
+ POSTGRES_HOST: {{ $dbHost }}:5432
+ POSTGRES_DB: {{ $dbName }}
+ POSTGRES_USER: {{ $dbUser }}
+ POSTGRES_PASSWORD: {{ $dbPass }}
+ REDIS_HOST: {{ $redisHost }}
+ REDIS_HOST_PORT: "6379"
+ REDIS_HOST_PASSWORD: {{ $redisPass }}
+ NEXTCLOUD_DATA_DIR: {{ .Values.ncConfig.dataDir }}
+ PHP_UPLOAD_LIMIT: {{ printf "%vG" .Values.ncConfig.maxUploadLimit | default 3 }}
+ PHP_MEMORY_LIMIT: {{ printf "%vM" .Values.ncConfig.phpMemoryLimit | default 512 }}
+ NEXTCLOUD_TRUSTED_DOMAINS: {{ list .Values.ncConfig.host "127.0.0.1" "localhost" $fullname (printf "%v-*" $fullname) | mustUniq | join " " | quote }}
+ NEXTCLOUD_ADMIN_USER: {{ .Values.ncConfig.adminUser }}
+ NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.ncConfig.adminPassword }}
+ {{- if .Values.ncNetwork.certificateID }}
+ {{- $svcCidr := "" -}}
+ {{- $clusterCidr := "" -}}
+ {{- if .Values.global.ixChartContext -}}
+ {{- $svcCidr = .Values.global.ixChartContext.kubernetes_config.service_cidr -}}
+ {{- $clusterCidr = .Values.global.ixChartContext.kubernetes_config.cluster_cidr -}}
+ {{- end }}
+ APACHE_DISABLE_REWRITE_IP: "1"
+ OVERWRITEPROTOCOL: "https"
+ TRUSTED_PROXIES: {{ list $svcCidr $clusterCidr "127.0.0.1" | mustUniq | join "," | quote }}
+ {{- if and .Values.ncConfig.host .Values.ncNetwork.webPort }}
+ {{- $overwritehost := .Values.ncConfig.host -}}
+ {{- if .Values.ncNetwork.nginx.useDifferentAccessPort }}
+ {{ $overwritehost = (printf "%v:%v" .Values.ncConfig.host .Values.ncNetwork.webPort) }}
+ {{- end }}
+ OVERWRITEHOST: {{ $overwritehost }}
+ {{- end }}
+ {{- end }}
+ {{- if eq (include "nextcloud.is-migration" $) "true" }}
+ postgres-backup-creds:
+ enabled: true
+ annotations:
+ helm.sh/hook: "pre-upgrade"
+ helm.sh/hook-delete-policy: "hook-succeeded"
+ helm.sh/hook-weight: "1"
+ data:
+ POSTGRES_USER: {{ $dbUser }}
+ POSTGRES_DB: {{ $dbName }}
+ POSTGRES_PASSWORD: {{ $dbPass }}
+ POSTGRES_HOST: {{ $dbHost }}
+ POSTGRES_URL: {{ printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName }}
+ {{- end }}
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_cron.tpl b/library/ix-dev/charts/nextcloud/templates/_cron.tpl
new file mode 100644
index 0000000000..c70d8562d1
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_cron.tpl
@@ -0,0 +1,37 @@
+{{- define "nextcloud.cron" -}}
+workload:
+ nextcloud-cron:
+ enabled: true
+ type: CronJob
+ schedule: {{ .Values.ncConfig.cron.schedule | quote }}
+ concurrencyPolicy: Forbid
+ podSpec:
+ restartPolicy: Never
+ hostNetwork: false
+ securityContext:
+ fsGroup: 33
+ containers:
+ nextcloud-cron:
+ enabled: true
+ primary: true
+ imageSelector: image
+ securityContext:
+ runAsUser: 33
+ runAsGroup: 0
+ runAsNonRoot: false
+ readOnlyRootFilesystem: false
+ envFrom:
+ - secretRef:
+ name: nextcloud-creds
+ command:
+ - php
+ - -f
+ - /var/www/html/cron.php
+ probes:
+ liveness:
+ enabled: false
+ readiness:
+ enabled: false
+ startup:
+ enabled: false
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_migration.tpl b/library/ix-dev/charts/nextcloud/templates/_migration.tpl
new file mode 100644
index 0000000000..66eee90fbd
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_migration.tpl
@@ -0,0 +1,48 @@
+{{- define "nextcloud.get-versions" -}}
+ {{- $oldChartVersion := "" -}}
+ {{- $newChartVersion := "" -}}
+
+ {{/* Safely access the context, so it wont block CI */}}
+ {{- if hasKey .Values.global "ixChartContext" -}}
+ {{- if .Values.global.ixChartContext.upgradeMetadata -}}
+
+ {{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}}
+ {{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}}
+ {{- if and (not $oldChartVersion) (not $newChartVersion) -}}
+ {{- fail "Upgrade Metadata is missing. Cannot proceed" -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}}
+{{- end -}}
+
+{{- define "nextcloud.migration" -}}
+ {{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}}
+ {{- if and $versions.old $versions.new -}}
+ {{- $oldV := semver $versions.old -}}
+ {{- $newV := semver $versions.new -}}
+
+ {{/* If new is v2.x.x */}}
+ {{- if eq ($newV.Major | int) 2 -}}
+ {{/* And old is v1.x.x, but lower than .6.61 */}}
+ {{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 6) (lt ($oldV.Patch | int) 61)) -}}
+ {{/* Block the upgrade */}}
+ {{- fail "Migration to 2.x.x is only allowed from 1.6.61 or higher" -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "nextcloud.is-migration" -}}
+ {{- $isMigration := "" -}}
+ {{- $versions := (fromYaml (include "nextcloud.get-versions" $)) -}}
+ {{- if $versions.old -}}
+ {{- $oldV := semver $versions.old -}}
+ {{- if and (eq $oldV.Major 1) (eq ($oldV.Minor | int) 6) (eq ($oldV.Patch | int) 61) -}}
+ {{- $isMigration = "true" -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- $isMigration -}}
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl b/library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl
new file mode 100644
index 0000000000..4c27361f70
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_nextcloud-configs.tpl
@@ -0,0 +1,15 @@
+{{- define "nextcloud.configs" -}}
+{{ $bytesGB := 1073741824 }}
+configmap:
+ nextcloud-config:
+ enabled: true
+ data:
+ opcache.ini: |
+ opcache.memory_consumption={{ .Values.ncConfig.opCacheMemoryConsumption }}
+
+ php.ini: |
+ max_execution_time={{ .Values.ncConfig.maxExecutionTime }}
+
+ limitrequestbody.conf: |
+ LimitRequestBody {{ mul .Values.ncConfig.maxUploadLimit $bytesGB }}
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_nextcloud.tpl b/library/ix-dev/charts/nextcloud/templates/_nextcloud.tpl
new file mode 100644
index 0000000000..0a973932ad
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_nextcloud.tpl
@@ -0,0 +1,106 @@
+{{- define "nextcloud.workload" -}}
+workload:
+ nextcloud:
+ enabled: true
+ primary: true
+ type: Deployment
+ podSpec:
+ hostNetwork: false
+ securityContext:
+ fsGroup: 33
+ containers:
+ nextcloud:
+ enabled: true
+ primary: true
+ imageSelector: image
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ readOnlyRootFilesystem: false
+ capabilities:
+ add:
+ - CHOWN
+ - DAC_OVERRIDE
+ - FOWNER
+ - NET_BIND_SERVICE
+ - NET_RAW
+ - SETGID
+ - SETUID
+ envFrom:
+ - secretRef:
+ name: nextcloud-creds
+ {{ with .Values.ncConfig.additionalEnvs }}
+ envList:
+ {{ range $env := . }}
+ - name: {{ $env.name }}
+ value: {{ $env.value }}
+ {{ end }}
+ {{ end }}
+ probes:
+ liveness:
+ enabled: true
+ type: http
+ port: 80
+ path: /status.php
+ httpHeaders:
+ Host: localhost
+ readiness:
+ enabled: true
+ type: http
+ port: 80
+ path: /status.php
+ httpHeaders:
+ Host: localhost
+ startup:
+ enabled: true
+ {{- include "nextcloud.validate-commands" $ -}}
+ {{- $cmds := .Values.ncConfig.commands | mustUniq -}}
+ {{- if not $cmds }}
+ type: http
+ port: 80
+ path: /status.php
+ httpHeaders:
+ Host: localhost
+ {{- else }}
+ type: exec
+ command:
+ - /bin/sh
+ - -c
+ - |
+ check_commands={{ join " " $cmds }}
+ for comm in $check_commands; do
+ if ! command -v $comm /dev/null 2>&1; then
+ echo "Command $comm not found"
+ exit 1
+ fi
+ done
+ {{- end }}
+ lifecycle:
+ postStart:
+ type: exec
+ command:
+ - /bin/sh
+ - -c
+ - |
+ echo "Installing {{ join " " $cmds }}..."
+ apt update && apt install -y --no-install-recommends \
+ {{ join " " $cmds }} || echo "Failed to install binary/binaries..."
+ echo "Finished."
+ initContainers:
+ {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
+ "secretName" "postgres-creds") | nindent 8 }}
+ {{- include "ix.v1.common.app.redisWait" (dict "name" "redis-wait"
+ "secretName" "redis-creds") | nindent 8 }}
+{{- end -}}
+
+
+{{- define "nextcloud.validate-commands" -}}
+ {{- $allowedCommmads := list "ffmpeg" "smbclient" -}}
+
+ {{- range $c := .Values.ncConfig.commands | mustUniq -}}
+ {{- if not (mustHas $c $allowedCommmads) -}}
+ {{- fail (printf "Nextcloud - Expected command to be one of [%s], but got [%s]" (join ", " $allowedCommmads) $c) -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl b/library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl
new file mode 100644
index 0000000000..cd41c22396
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_nginx-configuration.tpl
@@ -0,0 +1,102 @@
+{{- define "nginx.configuration" -}}
+{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
+
+{{- if .Values.ncNetwork.certificateID }}
+scaleCertificate:
+ nextcloud-cert:
+ enabled: true
+ id: {{ .Values.ncNetwork.certificateID }}
+
+ {{ $timeout := 60 }}
+ {{ $size := .Values.ncConfig.maxUploadLimit | default 3 }}
+ {{ $useDiffAccessPort := false }}
+ {{ $externalAccessPort := "" }}
+ {{/* Safely access key as it is conditionaly shown */}}
+ {{ if hasKey .Values.ncNetwork "nginx" }}
+ {{ $useDiffAccessPort = .Values.ncNetwork.nginx.useDifferentAccessPort }}
+ {{ $externalAccessPort = printf ":%v" .Values.ncNetwork.nginx.externalAccessPort }}
+ {{ $timeout = .Values.ncNetwork.nginx.proxyTimeouts | default 60 }}
+ {{ end }}
+ {{/* If its 443, do not append it on the rewrite at all */}}
+ {{ if eq $externalAccessPort ":443" }}
+ {{ $externalAccessPort = "" }}
+ {{ end }}
+configmap:
+ nginx:
+ enabled: true
+ data:
+ nginx.conf: |
+ events {}
+ http {
+ server {
+ # redirects all http requests to https requests
+ listen 8000 default_server;
+ listen [::]:8000 default_server;
+ return 301 https://$host$request_uri;
+ }
+
+ server {
+ server_name localhost;
+
+ listen {{ .Values.ncNetwork.webPort }} ssl http2;
+ listen [::]:{{ .Values.ncNetwork.webPort }} ssl http2;
+
+ ssl_certificate '/etc/nginx-certs/public.crt';
+ ssl_certificate_key '/etc/nginx-certs/private.key';
+
+ # maximum 3GB Upload File; change to fit your needs
+ client_max_body_size {{ $size }}G;
+
+ add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ location = /.well-known/carddav {
+ {{ if $useDiffAccessPort }}
+ return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
+ {{ else }}
+ return 301 $scheme://$host:$server_port/remote.php/dav;
+ {{ end }}
+ }
+
+ location = /.well-known/caldav {
+ {{ if $useDiffAccessPort }}
+ return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
+ {{ else }}
+ return 301 $scheme://$host:$server_port/remote.php/dav;
+ {{ end }}
+ }
+
+ location / {
+ proxy_pass http://{{ $fullname }}:80;
+ proxy_http_version 1.1;
+ proxy_cache_bypass $http_upgrade;
+ proxy_request_buffering off;
+
+ # Proxy headers
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header X-Forwarded-Host $host;
+ {{ if $useDiffAccessPort }}
+ proxy_set_header X-Forwarded-Port {{ $externalAccessPort | default "443" | trimPrefix ":" }};
+ {{ else }}
+ proxy_set_header X-Forwarded-Port $server_port;
+ {{ end }}
+
+ # Proxy timeouts
+ proxy_connect_timeout {{ $timeout }}s;
+ proxy_send_timeout {{ $timeout }}s;
+ proxy_read_timeout {{ $timeout }}s;
+ }
+ }
+ }
+{{- end -}}
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_nginx.tpl b/library/ix-dev/charts/nextcloud/templates/_nginx.tpl
index 8adb9d9429..6282209132 100644
--- a/library/ix-dev/charts/nextcloud/templates/_nginx.tpl
+++ b/library/ix-dev/charts/nextcloud/templates/_nginx.tpl
@@ -1,79 +1,68 @@
-{{/*
-Retrieve true/false if certificate is configured
-*/}}
-{{- define "nginx.certAvailable" -}}
-{{- if .Values.certificate -}}
-{{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
-{{- template "common.resources.cert_present" $values -}}
-{{- else -}}
-{{- false -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Retrieve public key of certificate
-*/}}
-{{- define "nginx.cert.publicKey" -}}
-{{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
-{{ include "common.resources.cert" $values }}
-{{- end -}}
-
-
-{{/*
-Retrieve private key of certificate
-*/}}
-{{- define "nginx.cert.privateKey" -}}
-{{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
-{{ include "common.resources.cert" $values }}
-{{- end -}}
-
-
-{{/*
-Retrieve configured protocol scheme for nextcloud
-*/}}
-{{- define "nginx.scheme" -}}
-{{- if eq (include "nginx.certAvailable" .) "true" -}}
-{{- print "https" -}}
-{{- else -}}
-{{- print "http" -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Retrieve nginx certificate secret name
-*/}}
-{{- define "nginx.secretName" -}}
-{{- print "nginx-secret" -}}
-{{- end -}}
-
-
-{{/*
-Formats volumeMount for tls keys and trusted certs
-*/}}
-{{- define "nginx.tlsKeysVolumeMount" -}}
-{{- if eq (include "nginx.certAvailable" .) "true" -}}
-- name: cert-secret-volume
- mountPath: "/etc/nginx-certs"
-{{- end -}}
-{{- end -}}
-
-{{/*
-Formats volume for tls keys and trusted certs
-*/}}
-{{- define "nginx.tlsKeysVolume" -}}
-{{- if eq (include "nginx.certAvailable" .) "true" -}}
-- name: cert-secret-volume
- secret:
- secretName: {{ include "nginx.secretName" . }}
- items:
- - key: certPublicKey
- path: public.crt
- - key: certPrivateKey
- path: private.key
-{{- end -}}
+{{- define "nginx.workload" -}}
+ {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
+ {{- $ncUrl := printf "http://%s:80" $fullname }}
+workload:
+ nginx:
+ enabled: true
+ type: Deployment
+ podSpec:
+ hostNetwork: false
+ containers:
+ nginx:
+ enabled: true
+ primary: true
+ imageSelector: nginxImage
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ readOnlyRootFilesystem: false
+ capabilities:
+ add:
+ - CHOWN
+ - DAC_OVERRIDE
+ - FOWNER
+ - NET_BIND_SERVICE
+ - NET_RAW
+ - SETGID
+ - SETUID
+ probes:
+ liveness:
+ enabled: true
+ type: https
+ port: {{ .Values.ncNetwork.webPort }}
+ path: /status.php
+ httpHeaders:
+ Host: localhost
+ readiness:
+ enabled: true
+ type: https
+ port: {{ .Values.ncNetwork.webPort }}
+ path: /status.php
+ httpHeaders:
+ Host: localhost
+ startup:
+ enabled: true
+ type: https
+ port: {{ .Values.ncNetwork.webPort }}
+ path: /status.php
+ httpHeaders:
+ Host: localhost
+ initContainers:
+ 01-wait-server:
+ enabled: true
+ type: init
+ imageSelector: bashImage
+ command:
+ - bash
+ args:
+ - -c
+ - |
+ echo "Waiting for [{{ $ncUrl }}]";
+ until wget --spider --quiet --timeout=3 --tries=1 {{ $ncUrl }}/status.php;
+ do
+ echo "Waiting for [{{ $ncUrl }}]";
+ sleep 2;
+ done
+ echo "Nextcloud is up: {{ $ncUrl }}";
{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_persistence.tpl b/library/ix-dev/charts/nextcloud/templates/_persistence.tpl
new file mode 100644
index 0000000000..f9195845b9
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_persistence.tpl
@@ -0,0 +1,179 @@
+{{- define "nextcloud.persistence" -}}
+persistence:
+ html:
+ enabled: true
+ {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: /var/www/html
+ {{- if .Values.ncStorage.isDataInTheSameVolume }}
+ subPath: html
+ {{- end }}
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html
+ {{- if .Values.ncStorage.isDataInTheSameVolume }}
+ subPath: html
+ {{- end }}
+ postgresbackup:
+ postgresbackup:
+ mountPath: /nc-config
+ data:
+ enabled: true
+ {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.data) | nindent 4 }}
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: {{ .Values.ncConfig.dataDir }}
+ {{- if .Values.ncStorage.isDataInTheSameVolume }}
+ subPath: data
+ {{- end }}
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: {{ .Values.ncConfig.dataDir }}
+ {{- if .Values.ncStorage.isDataInTheSameVolume }}
+ subPath: data
+ {{- end }}
+ {{- if .Values.ncStorage.isDataInTheSameVolume }}
+ config:
+ enabled: true
+ {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: /var/www/html/config
+ subPath: config
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/config
+ subPath: config
+ customapps:
+ enabled: true
+ {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: /var/www/html/custom_apps
+ subPath: custom_apps
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/custom_apps
+ subPath: custom_apps
+ themes:
+ enabled: true
+ {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.ncStorage.html) | nindent 4 }}
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: /var/www/html/themes
+ subPath: themes
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/themes
+ subPath: themes
+ {{- end }}
+
+ # Configuration files mounting
+ nc-config-opcache:
+ enabled: true
+ type: configmap
+ objectName: nextcloud-config
+ defaultMode: "0755"
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ # z-99 is used to ensure that this file is loaded last
+ mountPath: /usr/local/etc/php/conf.d/opcache-z-99.ini
+ subPath: opcache.ini
+ nc-config-php:
+ enabled: true
+ type: configmap
+ objectName: nextcloud-config
+ defaultMode: "0755"
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ # z-99 is used to ensure that this file is loaded last
+ mountPath: /usr/local/etc/php/conf.d/nextcloud-z-99.ini
+ subPath: php.ini
+ nc-config-limreqbody:
+ enabled: true
+ type: configmap
+ objectName: nextcloud-config
+ defaultMode: "0755"
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ # https://github.com/nextcloud/docker/issues/1796
+ mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf
+ subPath: limitrequestbody.conf
+ tmp:
+ enabled: true
+ type: emptyDir
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: /tmp
+ {{- range $idx, $storage := .Values.ncStorage.additionalStorages }}
+ {{ printf "nc-%v:" (int $idx) }}
+ enabled: true
+ {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
+ targetSelector:
+ nextcloud:
+ nextcloud:
+ mountPath: {{ $storage.mountPath }}
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: {{ $storage.mountPath }}
+ {{- end }}
+ {{- if .Values.ncNetwork.certificateID }}
+ nginx-cert:
+ enabled: true
+ type: secret
+ objectName: nextcloud-cert
+ defaultMode: "0600"
+ items:
+ - key: tls.key
+ path: private.key
+ - key: tls.crt
+ path: public.crt
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /etc/nginx-certs
+ readOnly: true
+ nginx-conf:
+ enabled: true
+ type: configmap
+ objectName: nginx
+ defaultMode: "0600"
+ items:
+ - key: nginx.conf
+ path: nginx.conf
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /etc/nginx
+ readOnly: true
+ {{- end -}}
+
+ {{- include "ix.v1.common.app.postgresPersistence"
+ (dict "pgData" .Values.ncStorage.pgData
+ "pgBackup" .Values.ncStorage.pgBackup
+ ) | nindent 2 }}
+{{- end -}}
+
+{{- define "isOldIxVol" -}}
+ {{- $oldDatasetName := "ix-nextcloud_data" -}}
+ {{- $isOld := "false" -}}
+ {{- $storage := .storage -}}
+
+ {{- if eq $storage.type "ixVolume" -}}
+ {{- if eq $storage.ixVolumeConfig.datasetName $oldDatasetName -}}
+ {{- $isOld = "true" -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- $isOld }}
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_portal.tpl b/library/ix-dev/charts/nextcloud/templates/_portal.tpl
new file mode 100644
index 0000000000..bbf8a923c8
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_portal.tpl
@@ -0,0 +1,12 @@
+{{- define "nextcloud.portal" -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: portal
+data:
+ port: {{ .Values.ncNetwork.webPort | quote }}
+ path: "/"
+ protocol: "http"
+ host: $node_ip
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_postgres.tpl b/library/ix-dev/charts/nextcloud/templates/_postgres.tpl
index 0cdfc8b015..031bcd1c12 100644
--- a/library/ix-dev/charts/nextcloud/templates/_postgres.tpl
+++ b/library/ix-dev/charts/nextcloud/templates/_postgres.tpl
@@ -1,49 +1,12 @@
-{{/*
-Get Nextloud Postgres Database Name
-*/}}
-{{- define "postgres.DatabaseName" -}}
-{{- print "nextcloud" -}}
+{{- define "postgres.workload" -}}
+ {{- $backupSecretName := "postgres-creds" -}}
+ {{- if eq (include "nextcloud.is-migration" $) "true" }}
+ {{- $backupSecretName = "postgres-backup-creds" -}}
+ {{- end }}
+workload:
+{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
+ "backupSecretName" $backupSecretName
+ "resources" .Values.resources
+ "imageSelector" "ncPostgresImage"
+ "ixChartContext" .Values.ixChartContext) | nindent 2 }}
{{- end -}}
-
-
-{{- define "postgres.imageName" -}}
-{{- print "postgres:13.1" -}}
-{{- end -}}
-
-
-{{/*
-Retrieve postgres backup name
-This will return a unique name based on revision and chart numbers specified.
-*/}}
-{{- define "postgres.backupName" -}}
-{{- $upgradeDict := .Values.ixChartContext.upgradeMetadata -}}
-{{- printf "postgres-backup-from-%s-to-%s-revision-%d" $upgradeDict.oldChartVersion $upgradeDict.newChartVersion (int64 $upgradeDict.preUpgradeRevision) -}}
-{{- end }}
-
-
-{{/*
-Retrieve postgres credentials for environment variables configuration
-*/}}
-{{- define "postgres.envVariableConfiguration" -}}
-{{ $envList := list }}
-{{ $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-user") }}
-{{ $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" "db-details" "secretKey" "db-password") }}
-{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) }}
-{{- end -}}
-
-
-{{/*
-Retrieve postgres volume configuration
-*/}}
-{{- define "postgres.volumeConfiguration" -}}
-{{ include "common.storage.configureAppVolumes" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts "emptyDirVolumes" .Values.emptyDirVolumes "ixVolumes" .Values.ixVolumes) | nindent 0 }}
-{{- end -}}
-
-
-{{/*
-Retrieve postgres volume mounts configuration
-*/}}
-{{- define "postgres.volumeMountsConfiguration" -}}
-{{ include "common.storage.configureAppVolumeMountsInContainer" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts ) | nindent 0 }}
-{{- end -}}
-
diff --git a/library/ix-dev/charts/nextcloud/templates/_redis.tpl b/library/ix-dev/charts/nextcloud/templates/_redis.tpl
new file mode 100644
index 0000000000..c90b61b2be
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_redis.tpl
@@ -0,0 +1,6 @@
+{{- define "redis.workload" -}}
+workload:
+{{- include "ix.v1.common.app.redis" (dict "secretName" "redis-creds"
+ "resources" .Values.resources) | nindent 2 }}
+
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/_service.tpl b/library/ix-dev/charts/nextcloud/templates/_service.tpl
new file mode 100644
index 0000000000..1256d8fe88
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/_service.tpl
@@ -0,0 +1,49 @@
+{{- define "nextcloud.service" -}}
+service:
+ nextcloud:
+ enabled: true
+ primary: true
+ {{- if not .Values.ncNetwork.certificateID }}
+ type: NodePort
+ {{- else }}
+ type: ClusterIP
+ {{- end }}
+ targetSelector: nextcloud
+ ports:
+ webui:
+ enabled: true
+ primary: true
+ {{- if not .Values.ncNetwork.certificateID }}
+ nodePort: {{ .Values.ncNetwork.webPort }}
+ {{- end }}
+ port: 80
+ targetPort: 80
+ targetSelector: nextcloud
+ {{- if .Values.ncNetwork.certificateID }}
+ nextcloud-nginx:
+ enabled: true
+ type: NodePort
+ targetSelector: nginx
+ ports:
+ webui-tls:
+ enabled: true
+ port: {{ .Values.ncNetwork.webPort }}
+ nodePort: {{ .Values.ncNetwork.webPort }}
+ targetPort: {{ .Values.ncNetwork.webPort }}
+ targetSelector: nginx
+ {{- end }}
+
+ # Redis
+ redis:
+ enabled: true
+ type: ClusterIP
+ targetSelector: redis
+ ports:
+ redis:
+ enabled: true
+ primary: true
+ port: 6379
+ targetPort: 6379
+ targetSelector: redis
+ {{- include "ix.v1.common.app.postgresService" $ | nindent 2 }}
+{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/backup-postgres-config.yaml b/library/ix-dev/charts/nextcloud/templates/backup-postgres-config.yaml
deleted file mode 100644
index 9b6e719201..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/backup-postgres-config.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: "postgres-backup-hook-config-map"
- annotations:
- rollme: {{ randAlphaNum 5 | quote }}
-data:
- entrypoint.sh: |-
- #!/bin/bash
- echo "Fetching password from config.php"
-
- # sed removes ' , => spaces and db* from the string
- DBUSER=$(cat /nc-config/config.php | grep "dbuser" | sed "s/dbuser\| \|'\|,\|=>//g")
- DBPASS=$(cat /nc-config/config.php | grep "dbpassword" | sed "s/dbpassword\| \|'\|,\|=>//g")
- DBNAME=$(cat /nc-config/config.php | grep "dbname" | sed "s/dbname\| \|'\|,\|=>//g")
- [ -n "$DBUSER" ] && [ -n "$DBPASS" ] && [ -n "$DBNAME" ] && echo "User, Database and password fetched from config.php"
-
- until pg_isready -U ${POSTGRES_USER} -h ${POSTGRES_HOST}; do sleep 2; done
-
- # pg_dump will automatically use the password from the PGPASSWORD environment variable
- echo "Creating backup of ${DBNAME} database as ${DBUSER}"
- PGPASSWORD=${DBPASS} pg_dump -U $DBUSER -d $DBNAME --host=${POSTGRES_HOST} > /postgres_backups/$BACKUP_NAME \
- && echo "Backup created successfully" \
- || echo "Backup failed"
diff --git a/library/ix-dev/charts/nextcloud/templates/backup-postgres-hook.yaml b/library/ix-dev/charts/nextcloud/templates/backup-postgres-hook.yaml
deleted file mode 100644
index f7b13fda69..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/backup-postgres-hook.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-{{- if .Values.ixChartContext.isUpgrade -}}
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
-{{ $dbHost := .Values.nextcloudDbHost }}
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: "pre-upgrade-hook2"
- annotations:
- "helm.sh/hook": pre-upgrade
- "helm.sh/hook-weight": "1"
- "helm.sh/hook-delete-policy": hook-succeeded
- rollme: {{ randAlphaNum 5 | quote }}
-spec:
- template:
- metadata:
- name: "pre-upgrade-hook2"
- spec:
- restartPolicy: Never
- serviceAccountName: "{{ template "common.names.serviceAccountName" . }}"
- containers:
- - name: {{ .Chart.Name }}-postgres-backup
- image: {{ template "postgres.imageName" . }}
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
- - name: BACKUP_NAME
- value: {{ template "postgres.backupName" . }}
- - name: POSTGRES_HOST
- value: {{ $dbHost }}
- volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
- - name: backup-script-configmap
- mountPath: /bin/backup_entrypoint.sh
- readOnly: true
- subPath: entrypoint.sh
- - name: nextcloud-data
- mountPath: /nc-config
- subPath: "config"
- command:
- - "/bin/backup_entrypoint.sh"
- volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
- - name: backup-script-configmap
- configMap:
- defaultMode: 0700
- name: "postgres-backup-hook-config-map"
- {{ if .Values.appVolumeMounts }}
- {{- include "common.storage.configureAppVolumes" .Values | nindent 8 }}
- {{ end }}
-{{- end -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/common.yaml b/library/ix-dev/charts/nextcloud/templates/common.yaml
new file mode 100644
index 0000000000..fe47122a4e
--- /dev/null
+++ b/library/ix-dev/charts/nextcloud/templates/common.yaml
@@ -0,0 +1,38 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{- include "nextcloud.migration" $ -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "nextcloud.workload" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configuration" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "nextcloud.configs" $ | fromYaml) -}}
+{{- if .Values.ncNetwork.certificateID }}
+ {{- $_ := mustMergeOverwrite .Values (include "nginx.workload" $ | fromYaml) -}}
+{{- end }}
+{{- if .Values.ncConfig.cron.enabled }}
+ {{- $_ := mustMergeOverwrite .Values (include "nextcloud.cron" $ | fromYaml) -}}
+{{- end }}
+{{- $_ := mustMergeOverwrite .Values (include "nginx.configuration" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "redis.workload" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "nextcloud.service" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "nextcloud.persistence" $ | fromYaml) -}}
+
+{{/* Mutate postgres backup command to handle nextcloud config */}}
+{{- $cmd := .Values.workload.postgresbackup.podSpec.containers.postgresbackup.command -}}
+{{- $temp := printf ("%s\n%s\n%s\n%s\n%s\n%s\n%s")
+ "echo 'Fetching password from config.php'"
+ "# sed removes ' , => spaces and db* from the string"
+ "POSTGRES_USER=$(cat /nc-config/config/config.php | grep 'dbuser' | sed \"s/dbuser\\| \\|'\\|,\\|=>//g\")"
+ "POSTGRES_PASSWORD=$(cat /nc-config/config/config.php | grep 'dbpassword' | sed \"s/dbpassword\\| \\|'\\|,\\|=>//g\")"
+ "POSTGRES_DB=$(cat /nc-config/config/config.php | grep 'dbname' | sed \"s/dbname\\| \\|'\\|,\\|=>//g\")"
+ "[ -n \"$POSTGRES_USER\" ] && [ -n \"$POSTGRES_PASSWORD\" ] && [ -n \"$POSTGRES_DB\" ] && echo 'User, Database and password fetched from config.php'"
+ (index $cmd 2) -}}
+{{- $newCmd := (list (index $cmd 0) (index $cmd 1) $temp) -}}
+{{- $_ := set .Values.workload.postgresbackup.podSpec.containers.postgresbackup "command" $newCmd -}}
+{{- $_ := set .Values.workload.postgresbackup.podSpec "securityContext" (dict "fsGroup" "33") -}}
+
+{{/* Create the configmap for portal manually*/}}
+{{- include "nextcloud.portal" $ -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}
diff --git a/library/ix-dev/charts/nextcloud/templates/cronjob.yaml b/library/ix-dev/charts/nextcloud/templates/cronjob.yaml
deleted file mode 100644
index f509518b7c..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/cronjob.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
-{{ $cronjob_values := (. | mustDeepCopy) }}
-{{ $_ := set $cronjob_values "common" (dict "nameSuffix" "cronjob") }}
-
-{{ $hostName := .Values.nextcloud.host }}
-{{ if .Values.useServiceNameForHost }}
-{{ $hostName = (include "common.names.fullname" .) }}
-{{ end }}
-
-{{if .Values.cronjob.enabled }}
-apiVersion: batch/v1
-kind: CronJob
-metadata:
- name: {{ template "common.names.fullname" $cronjob_values }}
- labels:
- app: {{ template "common.names.name" $cronjob_values }}
- chart: {{ template "common.names.chart" $cronjob_values }}
- release: {{ .Release.Name }}
- annotations:
- rollme: {{ randAlphaNum 5 | quote }}
-spec:
- schedule: "{{ .Values.cronjob.schedule }}"
- concurrencyPolicy: Forbid
- failedJobsHistoryLimit: 2
- successfulJobsHistoryLimit: 1
- jobTemplate:
- metadata:
- labels:
- app: {{ template "common.names.name" $cronjob_values }}
- release: {{ .Release.Name }}
- {{- include "common.labels.selectorLabels" $cronjob_values | nindent 8 }}
- spec:
- template:
- metadata:
- labels:
- app: {{ template "common.names.name" $cronjob_values }}
- release: {{ .Release.Name }}
- {{- include "common.labels.selectorLabels" $cronjob_values | nindent 12 }}
- spec:
- restartPolicy: Never
- securityContext:
- runAsUser: 33
- runAsGroup: 0
- fsGroup: 33
- containers:
- - name: {{ .Chart.Name }}-cronjob
- image: "{{.Values.image.repository }}:{{.Values.image.tag }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- command:
- - php
- - -f
- - /var/www/html/cron.php
- volumeMounts:
- - name: nextcloud-data
- mountPath: /var/www/
- subPath: "root"
- - name: nextcloud-data
- mountPath: /var/www/html
- subPath: "html"
- - name: nextcloud-data
- mountPath: {{ .Values.nextcloud.datadir }}
- subPath: "data"
- - name: nextcloud-data
- mountPath: /var/www/html/config
- subPath: "config"
- - name: nextcloud-data
- mountPath: /var/www/html/custom_apps
- subPath: "custom_apps"
- - name: nextcloud-data
- mountPath: /var/www/tmp
- subPath: "tmp"
- - name: nextcloud-data
- mountPath: /var/www/html/themes
- subPath: "themes"
- volumes:
- {{ if .Values.appVolumeMounts }}
- {{- include "common.storage.configureAppVolumes" .Values | nindent 12 }}
- {{ end }}
-{{ end }}
diff --git a/library/ix-dev/charts/nextcloud/templates/deployment.yaml b/library/ix-dev/charts/nextcloud/templates/deployment.yaml
deleted file mode 100644
index 9fbcaf4dfd..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/deployment.yaml
+++ /dev/null
@@ -1,259 +0,0 @@
-{{ include "common.storage.hostPathValidate" .Values }}
-{{ $postgres_values := (. | mustDeepCopy) }}
-{{ $_ := set $postgres_values "common" (dict "nameSuffix" "postgres") }}
-
-apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
-kind: Deployment
-metadata:
- name: {{ template "common.names.fullname" . }}-nc
- labels:
- app.kubernetes.io/name: {{ template "common.names.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
-spec:
- replicas: {{ (default 1 .Values.replicas) }}
- strategy:
- type: "Recreate"
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ template "common.names.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- template:
- metadata:
- name: {{ template "common.names.fullname" . }}
- labels:
- {{- include "common.labels.selectorLabels" . | nindent 8 }}
- annotations: {{ include "common.annotations" . | nindent 8 }}
- spec:
- initContainers:
- - name: init-postgresdb
- image: {{ template "postgres.imageName" . }}
- command: ['sh', '-c', "until pg_isready -U $POSTGRES_USER -d {{ include "postgres.DatabaseName" .Values }} -h {{ template "common.names.fullname" $postgres_values }}; do echo waiting for postgres; sleep 2; done"]
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }}
-
- containers:
- {{ if eq (include "nginx.certAvailable" .) "true" }}
- - name: nginx
- {{ include "common.containers.imageConfig" .Values.nginx.image | nindent 8 }}
- volumeMounts:
- - name: nginx-configuration
- mountPath: /etc/nginx/nginx.conf
- subPath: nginx.conf
- {{ include "nginx.tlsKeysVolumeMount" . | nindent 10 }}
- ports:
- - name: nginx-http
- containerPort: 8000
- protocol: TCP
- - name: nginx-https
- containerPort: {{ .Values.service.nodePort }}
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /status.php
- port: {{ .Values.service.nodePort }}
- httpHeaders:
- - name: Host
- value: localhost
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- successThreshold: 1
- readinessProbe:
- httpGet:
- scheme: HTTPS
- path: /status.php
- port: {{ .Values.service.nodePort }}
- httpHeaders:
- - name: Host
- value: localhost
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- successThreshold: 2
- startupProbe:
- httpGet:
- scheme: HTTPS
- path: /status.php
- port: {{ .Values.service.nodePort }}
- httpHeaders:
- - name: Host
- value: localhost
- initialDelaySeconds: 30
- periodSeconds: 5
- timeoutSeconds: 2
- failureThreshold: 60
- successThreshold: 1
- {{ end }}
- - name: {{ .Chart.Name }}
- {{ include "common.resources.limitation" . | nindent 8 }}
- {{ include "common.containers.imageConfig" .Values.image | nindent 8 }}
- env: {{ include "postgres.envVariableConfiguration" $postgres_values | nindent 10 }}
- {{ $secretName := (include "common.names.fullname" .) }}
- {{ $envList := (default list .Values.environmentVariables) }}
- {{- $_ := set .Values "nextcloudDbHost" (include "common.names.fullname" $postgres_values) -}} {{/* Temprary store it on values to display it on NOTES */}}
- {{ $envList = mustAppend $envList (dict "name" "POSTGRES_HOST" "value" (printf "%s:5432" (include "common.names.fullname" $postgres_values))) }}
- {{ $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "value" (include "postgres.DatabaseName" .)) }}
- {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_DATA_DIR" "value" .Values.nextcloud.datadir) }}
- {{ $envList = mustAppend $envList (dict "name" "PHP_UPLOAD_LIMIT" "value" (printf "%vG" (.Values.nextcloud.max_upload_size | default 3))) }}
- {{ $envList = mustAppend $envList (dict "name" "PHP_MEMORY_LIMIT" "value" (printf "%vM" (.Values.nextcloud.php_memory_limit | default 512))) }}
- {{ if eq (include "nginx.certAvailable" .) "true" }}
- {{ $envList = mustAppend $envList (dict "name" "APACHE_DISABLE_REWRITE_IP" "value" "1") }}
- {{ if and .Values.nextcloud.host .Values.service.nodePort }}
- {{ if .Values.nginxConfig.useDifferentAccessPort }}
- {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" .Values.nextcloud.host) }}
- {{ else }}
- {{ $envList = mustAppend $envList (dict "name" "OVERWRITEHOST" "value" (printf "%v:%v" .Values.nextcloud.host .Values.service.nodePort)) }}
- {{ end }}
- {{ end }}
- {{ $envList = mustAppend $envList (dict "name" "OVERWRITEPROTOCOL" "value" "https") }}
- {{ $envList = mustAppend $envList (dict "name" "TRUSTED_PROXIES" "value" "127.0.0.1") }}
- {{ end }}
- {{ $hostName := .Values.nextcloud.host }}
- {{ if .Values.useServiceNameForHost }}
- {{ $hostName = (include "common.names.fullname" .) }}
- {{ end }}
- {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_TRUSTED_DOMAINS" "value" $hostName) }}
- {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-username") }}
- {{ $envList = mustAppend $envList (dict "name" "NEXTCLOUD_ADMIN_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "nextcloud-password") }}
- {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 10 }}
- ports:
- - name: http
- containerPort: 80
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /status.php
- port: http
- httpHeaders:
- - name: Host
- value: localhost
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- successThreshold: 1
- readinessProbe:
- httpGet:
- path: /status.php
- port: http
- httpHeaders:
- - name: Host
- value: localhost
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- successThreshold: 1
- startupProbe:
- {{ $cmds := list }}
- {{ if .Values.nextcloud.install_ffmpeg }}
- {{ $cmds = mustAppend $cmds "ffmpeg" }}
- {{ end }}
- {{ if .Values.nextcloud.install_smbclient }}
- {{ $cmds = mustAppend $cmds "smbclient" }}
- {{ end }}
- {{ if $cmds }}
- exec:
- command:
- - /bin/sh
- - -c
- - |
- commands_to_check={{ join " " $cmds }}
- for comm in $commands_to_check; do
- if ! command -v $comm /dev/null 2>&1; then
- echo "Command $comm not found"
- exit 1
- fi
- done
- {{ else }}
- httpGet:
- path: /status.php
- port: http
- httpHeaders:
- - name: Host
- value: localhost
- {{ end }}
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 2
- failureThreshold: 100
- successThreshold: 1
- volumeMounts:
- - name: nextcloud-data
- mountPath: /var/www/
- subPath: "root"
- - name: nextcloud-data
- mountPath: /var/www/html
- subPath: "html"
- - name: nextcloud-data
- mountPath: {{ .Values.nextcloud.datadir }}
- subPath: "data"
- - name: nextcloud-data
- mountPath: /var/www/html/config
- subPath: "config"
- - name: nextcloud-data
- mountPath: /var/www/html/custom_apps
- subPath: "custom_apps"
- - name: nextcloud-data
- mountPath: /var/www/tmp
- subPath: "tmp"
- - name: nextcloud-data
- mountPath: /var/www/html/themes
- subPath: "themes"
- - name: nextcloud-configuration
- # We use -z-99 to ensure that this file is loaded
- # after the default opcache file nextcloud provides.
- mountPath: /usr/local/etc/php/conf.d/opcache-z-99.ini
- subPath: opcache.ini
- - name: nextcloud-configuration
- # We use -z-99 to ensure that this file is loaded
- # after the default php config file nextcloud provides.
- mountPath: /usr/local/etc/php/conf.d/nextcloud-z-99.ini
- subPath: php.ini
- - name: nextcloud-configuration
- # https://github.com/nextcloud/docker/issues/1796
- mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf
- subPath: limitrequestbody.conf
- {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- - name: extrappvolume-{{ $index }}
- mountPath: {{ $hostPathConfiguration.mountPath }}
- {{ end }}
- {{ if $cmds }}
- lifecycle:
- postStart:
- exec:
- command:
- - /bin/sh
- - -c
- - |
- echo "Installing {{ join " " $cmds }}..."
- apt update && \
- apt install -y --no-install-recommends \
- {{ join " " $cmds }} || echo "Failed to install binary/binaries"
- echo "Finished."
- {{ end }}
-{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
- volumes:
- - name: nextcloud-configuration
- configMap:
- defaultMode: 0755
- name: "nextcloud-configuration"
- - name: nginx-configuration
- configMap:
- defaultMode: 0700
- name: "nginx-configuration"
-{{ include "nginx.tlsKeysVolume" . | nindent 8 }}
-{{ if .Values.appVolumeMounts }}
-{{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
-{{ end }}
- {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- - name: extrappvolume-{{ $index }}
- hostPath:
- path: {{ $hostPathConfiguration.hostPath }}
- {{ end }}
- # Will mount configuration files as www-data (id: 33) for nextcloud
- securityContext:
- fsGroup: 33
diff --git a/library/ix-dev/charts/nextcloud/templates/nextcloud-configmap.yaml b/library/ix-dev/charts/nextcloud/templates/nextcloud-configmap.yaml
deleted file mode 100644
index 4f109409fe..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/nextcloud-configmap.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{ $bytesGB := 1073741824 }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: "nextcloud-configuration"
-data:
- opcache.ini: |
- opcache.memory_consumption={{ .Values.nextcloud.opcache_memory_consumption }}
-
- php.ini: |
- max_execution_time={{ .Values.nextcloud.max_execution_time }}
-
- limitrequestbody.conf: |
- LimitRequestBody {{ mul .Values.nextcloud.max_upload_size $bytesGB }}
diff --git a/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml b/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml
deleted file mode 100644
index cd405b371f..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/nginx-configmap.yaml
+++ /dev/null
@@ -1,96 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: "nginx-configuration"
-data:
- protocol: {{ include "nginx.scheme" . }}
- {{ $timeout := 60 }}
- {{ $size := .Values.nextcloud.max_upload_size | default 3 }}
-
- {{ $useDiffAccessPort := false }}
- {{ $externalAccessPort := "" }}
-
- {{/* Safely access key as it is conditionaly shown */}}
- {{ if hasKey .Values "nginxConfig" }}
- {{ $useDiffAccessPort = .Values.nginxConfig.useDifferentAccessPort }}
- {{ $externalAccessPort = printf ":%v" .Values.nginxConfig.externalAccessPort }}
- {{ $timeout = .Values.nginxConfig.proxy_timeouts | default 60 }}
- {{ end }}
-
- {{/* If its 443, do not append it on the rewrite at all */}}
- {{ if eq $externalAccessPort ":443" }}
- {{ $externalAccessPort = "" }}
- {{ end }}
- nginx.conf: |-
- events {}
- http {
- # redirects all http requests to https requests
- server {
- listen 8000 default_server;
- listen [::]:8000 default_server;
- return 301 https://$host$request_uri;
- }
-
- server {
- server_name localhost;
-
- listen {{ .Values.service.nodePort }} ssl http2;
- listen [::]:{{ .Values.service.nodePort }} ssl http2;
-
- ssl_certificate '/etc/nginx-certs/public.crt';
- ssl_certificate_key '/etc/nginx-certs/private.key';
-
- # maximum 3GB Upload File; change to fit your needs
- client_max_body_size {{ $size }}G;
-
- add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
-
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
-
- location = /.well-known/carddav {
- {{ if $useDiffAccessPort }}
- return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
- {{ else }}
- return 301 $scheme://$host:$server_port/remote.php/dav;
- {{ end }}
- }
-
- location = /.well-known/caldav {
- {{ if $useDiffAccessPort }}
- return 301 $scheme://$host{{ $externalAccessPort }}/remote.php/dav;
- {{ else }}
- return 301 $scheme://$host:$server_port/remote.php/dav;
- {{ end }}
- }
-
- location / {
- proxy_pass http://localhost;
- proxy_http_version 1.1;
- proxy_cache_bypass $http_upgrade;
- proxy_request_buffering off;
-
- # Proxy headers
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header X-Forwarded-Host $host;
- {{ if $useDiffAccessPort }}
- proxy_set_header X-Forwarded-Port {{ $externalAccessPort | default "443" | trimPrefix ":" }};
- {{ else }}
- proxy_set_header X-Forwarded-Port $server_port;
- {{ end }}
-
- # Proxy timeouts
- proxy_connect_timeout {{ $timeout }}s;
- proxy_send_timeout {{ $timeout }}s;
- proxy_read_timeout {{ $timeout }}s;
- }
- }
- }
diff --git a/library/ix-dev/charts/nextcloud/templates/nginx-secret.yaml b/library/ix-dev/charts/nextcloud/templates/nginx-secret.yaml
deleted file mode 100644
index 978441509f..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/nginx-secret.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "nginx.secretName" . }}
-type: Opaque
-data:
- {{ if eq (include "nginx.certAvailable" .) "true" }}
- certPublicKey: {{ (include "nginx.cert.publicKey" .) | toString | b64enc | quote }}
- certPrivateKey: {{ (include "nginx.cert.privateKey" .) | toString | b64enc | quote }}
- {{ end }}
diff --git a/library/ix-dev/charts/nextcloud/templates/postgres-deployment.yaml b/library/ix-dev/charts/nextcloud/templates/postgres-deployment.yaml
deleted file mode 100644
index fb5f8acf99..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/postgres-deployment.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
-
-apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
-kind: Deployment
-metadata:
- name: {{ template "common.names.fullname" . }}-postgres-nc
- labels:
- app.kubernetes.io/name: {{ template "common.names.name" . }}-postgres
- app.kubernetes.io/instance: {{ .Release.Name }}-postgres
-spec:
- strategy:
- type: "Recreate"
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ template "common.names.name" . }}-postgres
- app.kubernetes.io/instance: {{ .Release.Name }}-postgres
- template:
- metadata:
- name: {{ template "common.names.fullname" . }}
- labels:
- app.kubernetes.io/name: {{ template "common.names.name" . }}-postgres
- app.kubernetes.io/instance: {{ .Release.Name }}-postgres
- annotations: {{ include "common.annotations" . | nindent 8 }}
- spec:
- containers:
- - name: {{ .Chart.Name }}-postgres
- image: {{ template "postgres.imageName" . }}
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
- volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
- ports:
- - name: postgres-tcp
- containerPort: 5432
- protocol: TCP
- readinessProbe:
- exec:
- command:
- - sh
- - -c
- - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- successThreshold: 2
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- successThreshold: 1
- startupProbe:
- exec:
- command:
- - sh
- - -c
- - "until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done"
- initialDelaySeconds: 10
- periodSeconds: 5
- timeoutSeconds: 2
- failureThreshold: 60
- successThreshold: 1
- volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
diff --git a/library/ix-dev/charts/nextcloud/templates/postgres-secret.yaml b/library/ix-dev/charts/nextcloud/templates/postgres-secret.yaml
deleted file mode 100644
index 6c265ba0e6..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/postgres-secret.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{- $secretName := "db-details" }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ $secretName }}
-data:
- {{/*
- Lookup for the user shouldn't be needed in normal circumstances
- But there was a typo before that resulted to a db-user with weird
- characters. So to keep that user for existing installations we retrieve
- it from the existing secret.
- */}}
- {{/* Init values */}}
- {{- $dbUser := ((include "postgres.DatabaseName" .Values) | b64enc) -}}
- {{- $dbPass := (randAlphaNum 15 | b64enc) -}}
- {{- with (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
- {{/* If there is a previous secret, use that */}}
- {{- $dbUser = (index .data "db-user") -}}
- {{- $dbPass = (index .data "db-password") -}}
- {{- end }}
- db-user: {{ $dbUser }}
- db-password: {{ $dbPass }}
-
-{{/* Temprary store them on values to display it on NOTES */}}
-{{ $_ := set .Values "nextcloudDbPass" $dbPass }}
-{{ $_ := set .Values "nextcloudDbUser" $dbUser }}
diff --git a/library/ix-dev/charts/nextcloud/templates/postgres-service.yaml b/library/ix-dev/charts/nextcloud/templates/postgres-service.yaml
deleted file mode 100644
index c6603fd62b..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/postgres-service.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-{{ $ports := list }}
-{{ $ports = mustAppend $ports (dict "name" "postgres-tcp" "port" 5432 "targetPort" 5432) }}
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" "postgres") }}
-{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
-{{ include "common.classes.service" $values }}
diff --git a/library/ix-dev/charts/nextcloud/templates/secrets.yaml b/library/ix-dev/charts/nextcloud/templates/secrets.yaml
deleted file mode 100644
index eb992940b3..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/secrets.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ template "common.names.fullname" . }}
- labels: {{ include "common.labels" . | nindent 4 }}
-type: Opaque
-data:
- nextcloud-username: {{ .Values.nextcloud.username | b64enc | quote }}
- {{ if .Values.nextcloud.password }}
- nextcloud-password: {{ .Values.nextcloud.password | b64enc | quote }}
- {{ else }}
- nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }}
- {{ end }}
diff --git a/library/ix-dev/charts/nextcloud/templates/service.yaml b/library/ix-dev/charts/nextcloud/templates/service.yaml
deleted file mode 100644
index 5be80aba7f..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/service.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-{{ $svc := .Values.service }}
-{{ $ports := list }}
-{{ if eq (include "nginx.certAvailable" .) "true" }}
-{{ $ports = mustAppend $ports (dict "name" "nginx-https" "targetPort" .Values.service.nodePort "port" .Values.service.nodePort "nodePort" $svc.nodePort) }}
-{{ else }}
-{{ $ports = mustAppend $ports (dict "name" "http" "port" 80 "nodePort" $svc.nodePort) }}
-{{ end }}
-{{ $params := . }}
-{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
-{{ include "common.classes.service" $params }}
diff --git a/library/ix-dev/charts/nextcloud/templates/serviceaccount.yaml b/library/ix-dev/charts/nextcloud/templates/serviceaccount.yaml
deleted file mode 100644
index 48213465b0..0000000000
--- a/library/ix-dev/charts/nextcloud/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-{{ include "common.serviceaccount" . | nindent 0 }}
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: "{{ .Release.Name }}-service-account-role-binding"
-subjects:
-- kind: ServiceAccount
- name: "{{ template "common.names.serviceAccountName" . }}"
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: Role
- name: "{{ .Release.Name }}-service-account-role"
- apiGroup: rbac.authorization.k8s.io
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: "{{ .Release.Name }}-service-account-role"
- namespace: {{ .Release.Namespace }}
-rules:
- - apiGroups:
- - ""
- - "apps"
- resources:
- - pods
- - deployments
- verbs:
- - delete
- - get
- - list
diff --git a/library/ix-dev/charts/nextcloud/values.yaml b/library/ix-dev/charts/nextcloud/values.yaml
index e0083c46ac..96e1b0b302 100644
--- a/library/ix-dev/charts/nextcloud/values.yaml
+++ b/library/ix-dev/charts/nextcloud/values.yaml
@@ -2,9 +2,88 @@ image:
pullPolicy: IfNotPresent
repository: nextcloud
tag: 29.0.0
-nginx:
- image:
- pullPolicy: IfNotPresent
- repository: nginx
- tag: 1.25.5
-useServiceNameForHost: false
+nginxImage:
+ pullPolicy: IfNotPresent
+ repository: nginx
+ tag: 1.25.4
+# Keep using the same image
+# as before the migration
+ncPostgresImage:
+ pullPolicy: IfNotPresent
+ repository: postgres
+ tag: "13.1"
+
+resources:
+ limits:
+ cpu: 4000m
+ memory: 8Gi
+
+podOptions:
+ dnsConfig:
+ options: []
+
+ncConfig:
+ adminUser: admin
+ adminPassword: password
+ host: ""
+ dataDir: /var/www/html/data
+ commands:
+ - ffmpeg
+ - smbclient
+ maxUploadLimit: 3
+ phpMemoryLimit: 512
+ opCacheMemoryConsumption: 128
+ maxExecutionTime: 30
+ cron:
+ enabled: true
+ schedule: "*/15 * * * *"
+ additionalEnvs: []
+
+ncNetwork:
+ webPort: 9001
+ certificateID:
+ nginx:
+ proxyTimeouts: 120
+ useDifferentAccessPort: false
+ externalAccessPort: 80
+
+ncStorage:
+ data:
+ type: ixVolume
+ ixVolumeConfig:
+ datasetName: data
+ html:
+ type: ixVolume
+ ixVolumeConfig:
+ datasetName: html
+ pgData:
+ type: ixVolume
+ ixVolumeConfig:
+ datasetName: pgData
+ pgBackup:
+ # TODO: NC creates a different user/pw for pg, so we should pass the
+ # config to the backup container so it can get the right details
+ type: ixVolume
+ ixVolumeConfig:
+ datasetName: pgBackup
+ additionalStorages: []
+
+notes:
+ custom: |
+ ## Database
+ You can connect to the database using the pgAdmin App from the catalog
+
+
+ Database Details
+
+ - Database: `{{ .Values.ncDbName }}`
+ - Username: `{{ .Values.ncDbUser }}`
+ - Password: `{{ .Values.ncDbPass }}`
+ - Host: `{{ .Values.ncDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
+ - Port: `5432`
+
+
+ {{- $_ := unset .Values "ncDbUser" }}
+ {{- $_ := unset .Values "ncDbName" }}
+ {{- $_ := unset .Values "ncDbPass" }}
+ {{- $_ := unset .Values "ncDbHost" }}