diff --git a/customers/base/nextcloud-configmap.yml b/customers/base/nextcloud-configmap.yml index 4520c45..f789037 100644 --- a/customers/base/nextcloud-configmap.yml +++ b/customers/base/nextcloud-configmap.yml @@ -26,36 +26,40 @@ data: ), ), 'appstoreenabled' => false, - 'config_is_read_only' => false, + 'config_is_read_only' => true, 'csrf.disabled' => true, 'datadirectory' => '/var/www/html/data', - 'dbhost' => getenv('MYSQL_HOST_PORT'), - 'dbname' => getenv('MYSQL_DATABASE'), - 'dbpassword' => getenv('MYSQL_PASSWORD'), - 'dbport' => getenv('MYSQL_PORT'), + 'dbhost' => '{{MYSQL_HOST}}:{{MYSQL_PORT}}', + 'dbname' => '{{MYSQL_DATABASE}}', + 'dbpassword' => '{{MYSQL_PASSWORD}}', + 'dbport' => '{{MYSQL_PORT}}', 'dbtableprefix' => 'oc_', 'dbtype' => 'mysql', - 'dbuser' => getenv('MYSQL_USER'), + 'dbuser' => '{{MYSQL_USER}}', 'default_phone_region' => 'SE', 'forcessl' => true, 'gs.enabled' => 'true', 'gs.federation' => 'global', 'gs.trustedHosts' => ['*.sunet.se'], + 'gss.jwt.key' => '{{GSS_JWT_KEY}}', + 'gss.master.url' => '{{GSS_MASTER_URL}}', + 'gss.mode' => 'slave', + 'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping', 'installed' => true, - 'instanceid' => getenv('NEXTCLOUD_INSTANCEID'), + 'instanceid' => '{{NEXTCLOUD_INSTANCEID}}', 'integrity.check.disabled' => true, 'log_type' => 'file', 'loglevel' => 0, - 'lookup_server' => getenv('LOOKUP_SERVER'), - 'mail_domain' => getenv('MAIL_DOMAIN'), - 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), + 'lookup_server' => '{{LOOKUP_SERVER}}', + 'mail_domain' => '{{MAIL_DOMAIN}}', + 'mail_from_address' => '{{MAIL_FROM_ADDRESS}}', 'mail_sendmailmode' => 'smtp', 'mail_smtpauth' => 1, 'mail_smtpauthtype' => 'LOGIN', - 'mail_smtphost' => getenv('MAIL_SMTPHOST'), + 'mail_smtphost' => '{{MAIL_SMTPHOST}}', 'mail_smtpmode' => 'smtp', - 'mail_smtpname' => getenv('MAIL_SMTPNAME'), - 'mail_smtppassword' => getenv('MAIL_SMTPPASSWORD'), + 'mail_smtpname' => '{{MAIL_SMTPNAME}}', + 'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}', 'mail_smtpport' => '587', 'mail_smtpsecure' => 'tls', 'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate', @@ -69,33 +73,33 @@ data: 'arguments' => array ( 'autocreate' => false, - 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), - 'hostname' => getenv('OBJECTSTORE_S3_HOST'), - 'key' => getenv('OBJECTSTORE_S3_KEY'), + 'bucket' => '{{OBJECTSTORE_S3_BUCKET}}', + 'hostname' => '{{OBJECTSTORE_S3_HOST}}', + 'key' => '{{OBJECTSTORE_S3_KEY}}', 'legacy_auth' => false, 'objectPrefix' => 'urn:oid:', 'port' => '', - 'region' => getenv('OBJECTSTORE_S3_REGION'), - 'secret' => getenv('OBJECTSTORE_S3_SECRET'), + 'region' => '{{OBJECTSTORE_S3_REGION}}', + 'secret' => '{{OBJECTSTORE_S3_SECRET}}', 'use_path_style' => true, 'use_ssl' => true, ), ), - 'overwrite.cli.url' => 'https://' . getenv('SITE_NAME'), - 'overwritehost' => getenv('SITE_NAME'), + 'overwrite.cli.url' => 'https://{{SITE_NAME}}', + 'overwritehost' => '{{SITE_NAME}}', 'overwriteprotocol' => 'https', - 'passwordsalt' => getenv('NEXTCLOUD_PASSWORDSALT'), - 'secret' => getenv('NEXTCLOUD_SECRET'), + 'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}', + 'secret' => '{{NEXTCLOUD_SECRET}}', 'redis' => array ( - 'host' => getenv('REDIS_HOST'), + 'host' => '{{REDIS_HOST}}', 'port' => 6379, ), 'skeletondirectory' => '', 'templatedirectory' => '', 'trusted_domains' => array ( - 0 => getenv('NEXTCLOUD_TRUSTED_DOMAINS') + 0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}' ), 'trusted_proxies' => array ( @@ -107,5 +111,5 @@ data: 0 => 'admin', ), 'updatechecker' => false, - 'version' => getenv('NEXTCLOUD_VERSION_STRING'), + 'version' => '{{NEXTCLOUD_VERSION_STRING}}', ); diff --git a/customers/base/nextcloud-deployment.yml b/customers/base/nextcloud-deployment.yml index dfbc982..4b14744 100644 --- a/customers/base/nextcloud-deployment.yml +++ b/customers/base/nextcloud-deployment.yml @@ -11,6 +11,16 @@ spec: app: customer-node updateStrategy: type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: nextcloud-data + spec: + storageClassName: csi-sc-cinderplugin + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi template: metadata: labels: @@ -22,9 +32,9 @@ spec: - name: customer image: docker.sunet.se/drive/nextcloud-custom:30.0.5.2-1 volumeMounts: - - name: nextcloud-config - mountPath: /config.php - subPath: config.php + - name: nextcloud-data + mountPath: /var/www/html/config/ + subPath: config - name: apache-config mountPath: /etc/apache2/sites-enabled/000-default.conf subPath: 000-default.conf @@ -40,6 +50,42 @@ spec: - name: cli-php-config mountPath: /etc/php/8.0/cli/php.ini subPath: php.ini + resources: + limits: + cpu: 2000m + memory: 2048Mi + requests: + cpu: 1000m + memory: 512Mi + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 10 + periodSeconds: 60 + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 20 + periodSeconds: 180 + ports: + - containerPort: 80 + name: nextcloud-http + command: ["/bin/bash"] + args: ["-c", "apachectl -D FOREGROUND"] + lifecycle: + postStart: + exec: + command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"] + initContainers: + - image: docker.sunet.se/sunet/docker-jinja:latest + name: init-config + volumeMounts: + - name: nextcloud-config + mountPath: /tmp/config.php.template + subPath: config.php + - name: nextcloud-data + mountPath: /var/www/html/config + subPath: config env: - name: GSS_MASTER_URL value: "https://drive.test.sunet.se" @@ -69,8 +115,6 @@ spec: value: "nextcloud_customer" - name: MYSQL_HOST value: "proxysqlcluster.proxysql" - - name: MYSQL_HOST_PORT - value: "proxysqlcluster.proxysql:6033" - name: MYSQL_PASSWORD valueFrom: secretKeyRef: @@ -130,32 +174,7 @@ spec: value: "redis" - name: SITE_NAME value: "customer.drive.test.sunet.se" - resources: - limits: - cpu: 2000m - memory: 2048Mi - requests: - cpu: 1000m - memory: 512Mi - readinessProbe: - tcpSocket: - port: 80 - initialDelaySeconds: 10 - periodSeconds: 60 - livenessProbe: - tcpSocket: - port: 80 - initialDelaySeconds: 20 - periodSeconds: 180 - ports: - - containerPort: 80 - name: nextcloud-http - command: ["/bin/bash"] - args: ["-c", "apachectl -D FOREGROUND"] - lifecycle: - postStart: - exec: - command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"] + command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"] volumes: - name: script-config configMap: diff --git a/customers/base/script-configmap.yml b/customers/base/script-configmap.yml index e75a1e2..8371521 100644 --- a/customers/base/script-configmap.yml +++ b/customers/base/script-configmap.yml @@ -5,10 +5,15 @@ metadata: data: nc-upgrade: | #!/bin/bash - cp /config.php /var/www/html/config/config.php - chown www-data:root /var/www/html/config/config.php - su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade" - su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair" - su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys" - su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns" - su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices" + sed "s/config_is_read_only\(.\) => true,/config_is_read_only\1 => false,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp + mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ app:disable globalsiteselector + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ app:enable globalsiteselector + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:mode --off + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices + sed "s/config_is_read_only\(.\) => false,/config_is_read_only\1 => true,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp + mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php diff --git a/customers/overlays/nordunet/test/nextcloud-deployment.yml b/customers/overlays/nordunet/test/nextcloud-deployment.yml index ed9c0ee..ad89cbd 100644 --- a/customers/overlays/nordunet/test/nextcloud-deployment.yml +++ b/customers/overlays/nordunet/test/nextcloud-deployment.yml @@ -11,8 +11,9 @@ spec: labels: app: customer-node spec: - containers: - - name: customer + initContainers: + - image: docker.sunet.se/sunet/docker-jinja:latest + name: init-config env: - name: MYSQL_DATABASE value: "nextcloud_nordunet" diff --git a/customers/overlays/vinnova/test/nextcloud-deployment.yml b/customers/overlays/vinnova/test/nextcloud-deployment.yml index 5b671e0..bb8cb30 100644 --- a/customers/overlays/vinnova/test/nextcloud-deployment.yml +++ b/customers/overlays/vinnova/test/nextcloud-deployment.yml @@ -10,8 +10,9 @@ spec: labels: app: customer-node spec: - containers: - - name: customer + initContainers: + - image: docker.sunet.se/sunet/docker-jinja:latest + name: init-config env: - name: MYSQL_DATABASE value: "nextcloud_vinnova"