From 311cadd280d0deb618a11939416dd79e25ddb540 Mon Sep 17 00:00:00 2001 From: Rikard Danielsson Date: Tue, 4 Feb 2025 16:19:31 +0100 Subject: [PATCH 1/5] testing just using an emptyDir for rendered config --- applications/richir-test/application.yaml | 35 +++++ applicationsets/applicationset.yaml | 45 ++++++ customers/base/apache-configmap.yml | 19 ++- customers/base/env-configmap.yml | 26 ++++ customers/base/kustomization.yaml | 6 + customers/base/nextcloud-configmap.yml | 3 +- customers/base/nextcloud-deployment.yml | 129 +++--------------- customers/base/nextcloud-ingress.yml | 10 +- customers/base/script-configmap.yml | 1 + .../overlays/nordunet/test/env-configmap.yml | 11 ++ .../overlays/nordunet/test/kustomization.yaml | 8 +- .../nordunet/test/nextcloud-deployment.yml | 27 ---- .../nordunet/test/nextcloud-ingress.yml | 4 +- .../overlays/richir/test/env-configmap.yml | 11 ++ .../overlays/richir/test/kustomization.yaml | 9 ++ .../richir/test/nextcloud-deployment.yml | 8 ++ .../richir/test/nextcloud-ingress.yml | 26 ++++ .../overlays/vinnova/test/env-configmap.yml | 11 ++ .../overlays/vinnova/test/kustomization.yaml | 14 +- .../vinnova/test/nextcloud-deployment.yml | 28 +--- .../vinnova/test/nextcloud-ingress.yml | 6 +- 21 files changed, 248 insertions(+), 189 deletions(-) create mode 100644 applications/richir-test/application.yaml create mode 100644 applicationsets/applicationset.yaml create mode 100644 customers/base/env-configmap.yml create mode 100644 customers/overlays/nordunet/test/env-configmap.yml create mode 100644 customers/overlays/richir/test/env-configmap.yml create mode 100644 customers/overlays/richir/test/kustomization.yaml create mode 100644 customers/overlays/richir/test/nextcloud-deployment.yml create mode 100644 customers/overlays/richir/test/nextcloud-ingress.yml create mode 100644 customers/overlays/vinnova/test/env-configmap.yml diff --git a/applications/richir-test/application.yaml b/applications/richir-test/application.yaml new file mode 100644 index 0000000..689f716 --- /dev/null +++ b/applications/richir-test/application.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: richir-test + namespace: argocd + labels: + name: richir-test +spec: + project: default + sources: + - repoURL: 'https://platform.sunet.se/Drive/k8s-manifests' + targetRevision: HEAD + path: customers/overlays/richir/test/ + destination: + server: https://kubernetes.default.svc + namespace: richir + syncPolicy: + automated: + prune: false + selfHeal: true + allowEmpty: false + syncOptions: # maybe needs FIXME + - Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ). + - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster. + - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan. + - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation + - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration + - ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + revisionHistoryLimit: 2 diff --git a/applicationsets/applicationset.yaml b/applicationsets/applicationset.yaml new file mode 100644 index 0000000..4b388bd --- /dev/null +++ b/applicationsets/applicationset.yaml @@ -0,0 +1,45 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: customer-applications + namespace: argocd +spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] + generators: + - git: + repoURL: 'https://platform.sunet.se/Drive/k8s-manifests' + revision: HEAD + directories: + - path: 'customers/overlays/*' + template: + metadata: + name: '{{index .path.segments 2}}-{{index .path.segments 3}}' + spec: + project: default + source: + repoURL: 'https://platform.sunet.se/Drive/k8s-manifests' + targetRevision: HEAD + path: 'customers/overlays/{{index .path.segments 2}}' + destination: + server: https://kubernetes.default.svc + namespace: '{{index .path.segments 2}}' + syncPolicy: + automated: + prune: false + selfHeal: true + allowEmpty: false + syncOptions: # maybe needs FIXME + - Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ). + - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster. + - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan. + - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation + - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration + - ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + revisionHistoryLimit: 2 diff --git a/customers/base/apache-configmap.yml b/customers/base/apache-configmap.yml index e2fe17f..ceffefc 100644 --- a/customers/base/apache-configmap.yml +++ b/customers/base/apache-configmap.yml @@ -10,9 +10,12 @@ data: ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Log format config - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + PassEnv HOSTNAME + Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure" + # Header config RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 37.156.195.14 @@ -21,10 +24,8 @@ data: RemoteIPInternalProxy 37.156.195.92 #ErrorDocument 404 /404.html ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined + CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded + CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded LimitRequestBody 0 Require all granted @@ -40,9 +41,12 @@ data: ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Log format config - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + PassEnv HOSTNAME + Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure" + # Header config RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 37.156.195.14 @@ -51,7 +55,8 @@ data: RemoteIPInternalProxy 37.156.195.92 #ErrorDocument 404 /404.html ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded + CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded + CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key diff --git a/customers/base/env-configmap.yml b/customers/base/env-configmap.yml new file mode 100644 index 0000000..485dd9a --- /dev/null +++ b/customers/base/env-configmap.yml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nextcloud-env +data: + GSS_MASTER_URL: 'https://drive.test.sunet.se' + LOOKUP_SERVER: 'https://lookup.drive.test.sunet.se' + MAIL_DOMAIN: 'drive.test.sunet.se' + MAIL_FROM_ADDRESS: 'noreply' + MAIL_SMTPHOST: 'smtp.sunet.se' + MAIL_SMTPNAME: 'noreply@drive.test.sunet.se' + MYSQL_DATABASE: 'nextcloud_customer' + MYSQL_HOST: 'proxysqlcluster.proxysql' + MYSQL_PORT: '6033' + MYSQL_USER: 'nextcloud_customer' + NEXTCLOUD_ADMIN_USER: 'admin' + NEXTCLOUD_TRUSTED_DOMAINS: 'customer.drive.test.sunet.se' + NEXTCLOUD_VERSION_STRING: '30.0.5.2' + OBJECTSTORE_S3_AUTOCREATE: 'true' + OBJECTSTORE_S3_BUCKET: 'primary-customer-drive-test.sunet.se' + OBJECTSTORE_S3_HOST: 's3.sto4.safedc.net' + OBJECTSTORE_S3_REGION: 'us-east-1' + OBJECTSTORE_S3_SSL: 'true' + OBJECTSTORE_S3_USEPATH_STYLE: 'true' + REDIS_HOST: 'redis' + SITE_NAME: 'customer.drive.test.sunet.se' diff --git a/customers/base/kustomization.yaml b/customers/base/kustomization.yaml index d488ad3..758aa4d 100644 --- a/customers/base/kustomization.yaml +++ b/customers/base/kustomization.yaml @@ -3,6 +3,7 @@ resources: - apache-php-configmap.yml - apcu-configmap.yml - cli-php-configmap.yml + - env-configmap.yml - nextcloud-cert-issuer.yml - nextcloud-configmap.yml - nextcloud-deployment.yml @@ -12,3 +13,8 @@ resources: - redis-service.yml - s3-service.yml - script-configmap.yml + +images: + - name: nextcloud-custom-image + newName: docker.sunet.se/drive/nextcloud-custom + newTag: 30.0.5.2-2 diff --git a/customers/base/nextcloud-configmap.yml b/customers/base/nextcloud-configmap.yml index f789037..4f0cc2f 100644 --- a/customers/base/nextcloud-configmap.yml +++ b/customers/base/nextcloud-configmap.yml @@ -45,6 +45,7 @@ data: 'gss.master.url' => '{{GSS_MASTER_URL}}', 'gss.mode' => 'slave', 'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping', + 'htaccess.RewriteBase' => '/', 'installed' => true, 'instanceid' => '{{NEXTCLOUD_INSTANCEID}}', 'integrity.check.disabled' => true, @@ -85,7 +86,7 @@ data: 'use_ssl' => true, ), ), - 'overwrite.cli.url' => 'https://{{SITE_NAME}}', + 'overwrite.cli.url' => 'https://{{SITE_NAME}}/', 'overwritehost' => '{{SITE_NAME}}', 'overwriteprotocol' => 'https', 'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}', diff --git a/customers/base/nextcloud-deployment.yml b/customers/base/nextcloud-deployment.yml index 77e6c31..4be1a46 100644 --- a/customers/base/nextcloud-deployment.yml +++ b/customers/base/nextcloud-deployment.yml @@ -11,16 +11,6 @@ spec: app: customer-node updateStrategy: type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: nextcloud-data - spec: - storageClassName: csi-sc-cinderplugin - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi template: metadata: labels: @@ -28,9 +18,25 @@ spec: kano: micke spec: restartPolicy: Always + initContainers: + - image: docker.sunet.se/sunet/docker-jinja:latest + name: init-config + volumeMounts: + - name: nextcloud-config + mountPath: /tmp/config.php.template + subPath: config.php + - name: nextcloud-data + mountPath: /var/www/html/config + subPath: config + envFrom: + - configMapRef: + name: nextcloud-env + - secretRef: + name: nextcloud-secrets + command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"] containers: - name: customer - image: docker.sunet.se/drive/nextcloud-custom:30.0.5.2-2 + image: nextcloud-custom-image volumeMounts: - name: nextcloud-data mountPath: /var/www/html/config/ @@ -76,105 +82,6 @@ spec: postStart: exec: command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"] - initContainers: - - image: docker.sunet.se/sunet/docker-jinja:latest - name: init-config - volumeMounts: - - name: nextcloud-config - mountPath: /tmp/config.php.template - subPath: config.php - - name: nextcloud-data - mountPath: /var/www/html/config - subPath: config - env: - - name: GSS_MASTER_URL - value: "https://drive.test.sunet.se" - - name: GSS_JWT_KEY - valueFrom: - secretKeyRef: - name: gss-secret - key: "jwt_key" - - name: LOOKUP_SERVER - value: "https://lookup.drive.test.sunet.se" - - name: MAIL_DOMAIN - value: "drive.test.sunet.se" - - name: MAIL_FROM_ADDRESS - value: "noreply" - - name: MAIL_SMTPHOST - value: "smtp.sunet.se" - - name: MAIL_SMTPNAME - value: "noreply@drive.test.sunet.se" - - name: MAIL_SMTPPASSWORD - valueFrom: - secretKeyRef: - name: mail-secret - key: "smtp_password" - - name: MYSQL_DATABASE - value: "nextcloud_customer" - - name: MYSQL_USER - value: "nextcloud_customer" - - name: MYSQL_HOST - value: "proxysqlcluster.proxysql" - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: db-secret - key: "db_password" - - name: MYSQL_PORT - value: "6033" - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: "customer.drive.test.sunet.se" - - name: NEXTCLOUD_ADMIN_USER - value: admin - - name: NEXTCLOUD_VERSION_STRING - value: "30.0.5.2" - - name: NEXTCLOUD_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: nc-secret - key: "nc_admin_password" - - name: NEXTCLOUD_PASSWORDSALT - valueFrom: - secretKeyRef: - name: nc-secret - key: "nc_passwordsalt" - - name: NEXTCLOUD_INSTANCEID - valueFrom: - secretKeyRef: - name: nc-secret - key: "nc_instanceid" - - name: NEXTCLOUD_SECRET - valueFrom: - secretKeyRef: - name: nc-secret - key: "nc_secret" - - name: OBJECTSTORE_S3_REGION - value: "us-east-1" - - name: OBJECTSTORE_S3_HOST - value: "s3.sto4.safedc.net" - - name: OBJECTSTORE_S3_BUCKET - value: "primary-customer-drive-test.sunet.se" - - name: OBJECTSTORE_S3_KEY - valueFrom: - secretKeyRef: - name: s3-secret - key: "s3_key" - - name: OBJECTSTORE_S3_SECRET - valueFrom: - secretKeyRef: - name: s3-secret - key: "s3_secret" - - name: OBJECTSTORE_S3_USEPATH_STYLE - value: "true" - - name: OBJECTSTORE_S3_AUTOCREATE - value: "true" - - name: OBJECTSTORE_S3_SSL - value: "true" - - name: REDIS_HOST - value: "redis" - - name: SITE_NAME - value: "customer.drive.test.sunet.se" - command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"] volumes: - name: script-config configMap: @@ -213,3 +120,5 @@ spec: items: - key: "config.php" path: "config.php" + - name: nextcloud-data + emptyDir: {} diff --git a/customers/base/nextcloud-ingress.yml b/customers/base/nextcloud-ingress.yml index 5c473df..e0dce7f 100644 --- a/customers/base/nextcloud-ingress.yml +++ b/customers/base/nextcloud-ingress.yml @@ -6,6 +6,11 @@ metadata: annotations: cert-manager.io/issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" + nginx.ingress.kubernetes.io/affinity-mode: "persistent" + nginx.ingress.kubernetes.io/affinity: "cookie" + nginx.ingress.kubernetes.io/session-cookie-expires: "172800" + nginx.ingress.kubernetes.io/session-cookie-max-age: "172800" + nginx.ingress.kubernetes.io/session-cookie-name: "sticky" spec: ingressClassName: nginx defaultBackend: @@ -15,16 +20,15 @@ spec: number: 8443 tls: - hosts: - - customer.drive.test.sunet.se + - customer.drive.test.sunet.se secretName: tls-secret - rules: - host: customer.drive.test.sunet.se http: paths: - path: / pathType: Prefix - backend: + backend: service: name: customer-node port: diff --git a/customers/base/script-configmap.yml b/customers/base/script-configmap.yml index a99349c..5c81d76 100644 --- a/customers/base/script-configmap.yml +++ b/customers/base/script-configmap.yml @@ -8,6 +8,7 @@ data: sed "s/config_is_read_only\(.\) => true,/config_is_read_only\1 => false,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade + php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:update:htaccess php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:mode --off php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys diff --git a/customers/overlays/nordunet/test/env-configmap.yml b/customers/overlays/nordunet/test/env-configmap.yml new file mode 100644 index 0000000..b8b030a --- /dev/null +++ b/customers/overlays/nordunet/test/env-configmap.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nextcloud-env +data: + MYSQL_DATABASE: 'nextcloud_nordunet' + MYSQL_USER: 'nextcloud_nordunet' + NEXTCLOUD_TRUSTED_DOMAINS: 'nordunet.drive.test.sunet.se' + OBJECTSTORE_S3_BUCKET: 'primary-nordunet-drive-test.sunet.se' + REDIS_HOST: 'nordunet-redis' + SITE_NAME: 'nordunet.drive.test.sunet.se' diff --git a/customers/overlays/nordunet/test/kustomization.yaml b/customers/overlays/nordunet/test/kustomization.yaml index e258878..8b308e3 100644 --- a/customers/overlays/nordunet/test/kustomization.yaml +++ b/customers/overlays/nordunet/test/kustomization.yaml @@ -1,7 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../base + - ../../../base patches: -- path: nextcloud-deployment.yml -- path: nextcloud-ingress.yml + - path: env-configmap.yml + - path: nextcloud-deployment.yml + - path: nextcloud-ingress.yml +namePrefix: 'nordunet-' diff --git a/customers/overlays/nordunet/test/nextcloud-deployment.yml b/customers/overlays/nordunet/test/nextcloud-deployment.yml index ad89cbd..287164e 100644 --- a/customers/overlays/nordunet/test/nextcloud-deployment.yml +++ b/customers/overlays/nordunet/test/nextcloud-deployment.yml @@ -6,30 +6,3 @@ metadata: app: customer-node spec: replicas: 1 - template: - metadata: - labels: - app: customer-node - spec: - initContainers: - - image: docker.sunet.se/sunet/docker-jinja:latest - name: init-config - env: - - name: MYSQL_DATABASE - value: "nextcloud_nordunet" - - name: MYSQL_USER - value: "nextcloud_nordunet" - - name: GSS_MASTER_URL - value: "https://drive.test.sunet.se" - - name: LOOKUP_SERVER - value: "https://lookup.drive.test.sunet.se" - - name: MAIL_DOMAIN - value: "drive.test.sunet.se" - - name: MAIL_SMTPNAME - value: "noreply@drive.test.sunet.se" - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: "nordunet.drive.test.sunet.se" - - name: OBJECTSTORE_S3_BUCKET - value: "primary-nordunet-drive-test.sunet.se" - - name: SITE_NAME - value: "nordunet.drive.test.sunet.se" diff --git a/customers/overlays/nordunet/test/nextcloud-ingress.yml b/customers/overlays/nordunet/test/nextcloud-ingress.yml index 2746080..3e696ae 100644 --- a/customers/overlays/nordunet/test/nextcloud-ingress.yml +++ b/customers/overlays/nordunet/test/nextcloud-ingress.yml @@ -10,7 +10,7 @@ spec: ingressClassName: nginx tls: - hosts: - - nordunet.drive.test.sunet.se + - nordunet.drive.test.sunet.se secretName: tls-secret ingressClassName: nginx rules: @@ -19,7 +19,7 @@ spec: paths: - path: / pathType: Prefix - backend: + backend: service: name: customer-node port: diff --git a/customers/overlays/richir/test/env-configmap.yml b/customers/overlays/richir/test/env-configmap.yml new file mode 100644 index 0000000..4ed379c --- /dev/null +++ b/customers/overlays/richir/test/env-configmap.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nextcloud-env +data: + MYSQL_DATABASE: 'nextcloud_richir' + MYSQL_USER: 'nextcloud_richir' + NEXTCLOUD_TRUSTED_DOMAINS: 'richir.drive.test.sunet.se' + OBJECTSTORE_S3_BUCKET: 'primary-richir-drive-test.sunet.se' + REDIS_HOST: 'richir-redis' + SITE_NAME: 'richir.drive.test.sunet.se' diff --git a/customers/overlays/richir/test/kustomization.yaml b/customers/overlays/richir/test/kustomization.yaml new file mode 100644 index 0000000..bd66307 --- /dev/null +++ b/customers/overlays/richir/test/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../base +patches: + - path: env-configmap.yml + - path: nextcloud-deployment.yml + - path: nextcloud-ingress.yml +namePrefix: 'richir-' diff --git a/customers/overlays/richir/test/nextcloud-deployment.yml b/customers/overlays/richir/test/nextcloud-deployment.yml new file mode 100644 index 0000000..29ee5d9 --- /dev/null +++ b/customers/overlays/richir/test/nextcloud-deployment.yml @@ -0,0 +1,8 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: customer-node + labels: + app: customer-node +spec: + replicas: 2 diff --git a/customers/overlays/richir/test/nextcloud-ingress.yml b/customers/overlays/richir/test/nextcloud-ingress.yml new file mode 100644 index 0000000..1f95bfb --- /dev/null +++ b/customers/overlays/richir/test/nextcloud-ingress.yml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: customer-ingress + annotations: + cert-manager.io/issuer: "letsencrypt" + acme.cert-manager.io/http01-edit-in-place: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - richir.drive.test.sunet.se + secretName: tls-secret + ingressClassName: nginx + rules: + - host: richir.drive.test.sunet.se + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: customer-node + port: + number: 80 diff --git a/customers/overlays/vinnova/test/env-configmap.yml b/customers/overlays/vinnova/test/env-configmap.yml new file mode 100644 index 0000000..19e8505 --- /dev/null +++ b/customers/overlays/vinnova/test/env-configmap.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nextcloud-env +data: + MYSQL_DATABASE: 'nextcloud_vinnova' + MYSQL_USER: 'nextcloud_vinnova' + NEXTCLOUD_TRUSTED_DOMAINS: 'vinnova.drive.test.sunet.se' + OBJECTSTORE_S3_BUCKET: 'primary-vinnova-test.sunet.se' + REDIS_HOST: 'vinnova-redis' + SITE_NAME: 'vinnova.drive.test.sunet.se' diff --git a/customers/overlays/vinnova/test/kustomization.yaml b/customers/overlays/vinnova/test/kustomization.yaml index 036c61d..66bbeb3 100644 --- a/customers/overlays/vinnova/test/kustomization.yaml +++ b/customers/overlays/vinnova/test/kustomization.yaml @@ -1,7 +1,9 @@ -apiVersion: 'kustomize.config.k8s.io/v1beta1' +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: -- ../../../base -patchesStrategicMerge: - - nextcloud-deployment.yml - - nextcloud-ingress.yml +resources: + - ../../../base +patches: + - path: env-configmap.yml + - path: nextcloud-deployment.yml + - path: nextcloud-ingress.yml +namePrefix: 'vinnova-' diff --git a/customers/overlays/vinnova/test/nextcloud-deployment.yml b/customers/overlays/vinnova/test/nextcloud-deployment.yml index bb8cb30..287164e 100644 --- a/customers/overlays/vinnova/test/nextcloud-deployment.yml +++ b/customers/overlays/vinnova/test/nextcloud-deployment.yml @@ -5,30 +5,4 @@ metadata: labels: app: customer-node spec: - template: - metadata: - labels: - app: customer-node - spec: - initContainers: - - image: docker.sunet.se/sunet/docker-jinja:latest - name: init-config - env: - - name: MYSQL_DATABASE - value: "nextcloud_vinnova" - - name: MYSQL_USER - value: "nextcloud_vinnova" - - name: GSS_MASTER_URL - value: "https://drive.test.sunet.se" - - name: LOOKUP_SERVER - value: "https://lookup.drive.test.sunet.se" - - name: MAIL_DOMAIN - value: "drive.test.sunet.se" - - name: MAIL_SMTPNAME - value: "noreply@drive.test.sunet.se" - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: "vinnova.drive.test.sunet.se" - - name: OBJECTSTORE_S3_BUCKET - value: "primary-vinnova-test.sunet.se" - - name: SITE_NAME - value: "vinnova.drive.test.sunet.se" + replicas: 1 diff --git a/customers/overlays/vinnova/test/nextcloud-ingress.yml b/customers/overlays/vinnova/test/nextcloud-ingress.yml index ac82344..506ea74 100644 --- a/customers/overlays/vinnova/test/nextcloud-ingress.yml +++ b/customers/overlays/vinnova/test/nextcloud-ingress.yml @@ -10,16 +10,16 @@ spec: ingressClassName: nginx tls: - hosts: - - vinnova.drive.test.sunet.se + - vinnova.drive.test.sunet.se secretName: tls-secret - ingressClassName: nginx + ingressClassName: nginx rules: - host: vinnova.drive.test.sunet.se http: paths: - path: / pathType: Prefix - backend: + backend: service: name: customer-node port: From f01ec30d64b3f52b03c449a291a8b2e428f4df0f Mon Sep 17 00:00:00 2001 From: Lars Delhage Date: Mon, 17 Feb 2025 10:27:40 +0100 Subject: [PATCH 2/5] Use kustomize configMapGenerator to generate configmaps from files --- customers/base/apache-configmap.yml | 78 ------------ customers/base/apache-php-configmap.yml | 162 ------------------------ customers/base/apcu-configmap.yml | 8 -- customers/base/cli-php-configmap.yml | 162 ------------------------ customers/base/files/000-default.conf | 73 +++++++++++ customers/base/files/apache-php.ini | 157 +++++++++++++++++++++++ customers/base/files/apcu.ini | 3 + customers/base/files/cli-php.ini | 157 +++++++++++++++++++++++ customers/base/files/config.php | 111 ++++++++++++++++ customers/base/files/nc-upgrade | 14 ++ customers/base/kustomization.yaml | 29 ++++- customers/base/nextcloud-configmap.yml | 116 ----------------- customers/base/script-configmap.yml | 19 --- 13 files changed, 538 insertions(+), 551 deletions(-) delete mode 100644 customers/base/apache-configmap.yml delete mode 100644 customers/base/apache-php-configmap.yml delete mode 100644 customers/base/apcu-configmap.yml delete mode 100644 customers/base/cli-php-configmap.yml create mode 100644 customers/base/files/000-default.conf create mode 100644 customers/base/files/apache-php.ini create mode 100644 customers/base/files/apcu.ini create mode 100644 customers/base/files/cli-php.ini create mode 100644 customers/base/files/config.php create mode 100644 customers/base/files/nc-upgrade delete mode 100644 customers/base/nextcloud-configmap.yml delete mode 100644 customers/base/script-configmap.yml diff --git a/customers/base/apache-configmap.yml b/customers/base/apache-configmap.yml deleted file mode 100644 index ceffefc..0000000 --- a/customers/base/apache-configmap.yml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: apache-configmap -data: - 000-default.conf: | - LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so - LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html - # Log format config - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor - SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded - - PassEnv HOSTNAME - Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure" - - # Header config - RemoteIPHeader X-Forwarded-For - RemoteIPInternalProxy 37.156.195.14 - RemoteIPInternalProxy 37.156.195.19 - RemoteIPInternalProxy 37.156.195.84 - RemoteIPInternalProxy 37.156.195.92 - #ErrorDocument 404 /404.html - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded - CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded - - LimitRequestBody 0 - Require all granted - AllowOverride All - Options FollowSymLinks MultiViews - - - Dav off - - - - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html - # Log format config - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor - SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded - - PassEnv HOSTNAME - Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure" - - # Header config - RemoteIPHeader X-Forwarded-For - RemoteIPInternalProxy 37.156.195.14 - RemoteIPInternalProxy 37.156.195.19 - RemoteIPInternalProxy 37.156.195.84 - RemoteIPInternalProxy 37.156.195.92 - #ErrorDocument 404 /404.html - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded - CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded - SSLEngine On - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - LimitRequestBody 0 - Require all granted - AllowOverride All - Options FollowSymLinks MultiViews - - - Dav off - - - - Order allow,deny - deny from all - - - # vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/customers/base/apache-php-configmap.yml b/customers/base/apache-php-configmap.yml deleted file mode 100644 index 8d06115..0000000 --- a/customers/base/apache-php-configmap.yml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: apache-php-configmap -data: - php.ini: | - [PHP] - allow_url_fopen = On - allow_url_include = Off - auto_append_file = - auto_globals_jit = On - auto_prepend_file = - default_charset = "UTF-8" - default_mimetype = "text/html" - default_socket_timeout = 60 - disable_classes = - disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, - display_errors = Off - display_startup_errors = Off - doc_root = - enable_dl = Off - engine = On - error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - expose_php = Off - file_uploads = On - ignore_repeated_errors = Off - ignore_repeated_source = Off - implicit_flush = Off - log_errors = On - log_errors_max_len = 1024 - max_execution_time = 86400 - max_file_uploads = 20 - max_input_time = 86400 - memory_limit = 512M - output_buffering = Off - post_max_size = 30G - precision = 14 - register_argc_argv = Off - report_memleaks = On - request_order = "GP" - serialize_precision = -1 - short_open_tag = Off - unserialize_callback_func = - upload_max_filesize = 30G - user_dir = - variables_order = "GPCS" - zend.enable_gc = On - zend.exception_ignore_args = On - zlib.output_compression = Off - [CLI Server] - cli_server.color = On - [Date] - ; Nothing here - [filter] - ; Nothing here - [iconv] - ; Nothing here - [imap] - ; Nothing here - [intl] - ; Nothing here - [sqlite3] - ; Nothing here - [Pcre] - ; Nothing here - [Pdo] - ; Nothing here - [Pdo_mysql] - pdo_mysql.default_socket= - [Phar] - ; Nothing here - [mail function] - SMTP = localhost - smtp_port = 25 - mail.add_x_header = Off - [ODBC] - odbc.allow_persistent = On - odbc.check_persistent = On - odbc.max_persistent = -1 - odbc.max_links = -1 - odbc.defaultlrl = 4096 - odbc.defaultbinmode = 1 - [MySQLi] - mysqli.max_persistent = -1 - mysqli.allow_persistent = On - mysqli.max_links = -1 - mysqli.default_port = 3306 - mysqli.default_socket = - mysqli.default_host = - mysqli.default_user = - mysqli.default_pw = - mysqli.reconnect = Off - [mysqlnd] - mysqlnd.collect_statistics = On - mysqlnd.collect_memory_statistics = Off - [OCI8] - ; Nothing here - [PostgreSQL] - pgsql.allow_persistent = On - pgsql.auto_reset_persistent = Off - pgsql.max_persistent = -1 - pgsql.max_links = -1 - pgsql.ignore_notice = 0 - pgsql.log_notice = 0 - [bcmath] - bcmath.scale = 0 - [browscap] - ; Nothing here - [Session] - session.save_handler = files - session.use_strict_mode = 0 - session.use_cookies = 1 - session.use_only_cookies = 1 - session.name = PHPSESSID - session.auto_start = 0 - session.cookie_lifetime = 0 - session.cookie_path = / - session.cookie_domain = - session.cookie_httponly = - session.cookie_samesite = - session.serialize_handler = php - session.gc_probability = 0 - session.gc_divisor = 1000 - session.gc_maxlifetime = 1440 - session.referer_check = - session.cache_limiter = nocache - session.cache_expire = 180 - session.use_trans_sid = 0 - session.sid_length = 26 - session.trans_sid_tags = "a=href,area=href,frame=src,form=" - session.sid_bits_per_character = 5 - [Assertion] - zend.assertions = -1 - [COM] - ; Nothing here - [mbstring] - ; Nothing here - [gd] - ; Nothing here - [exif] - ; Nothing here - [Tidy] - tidy.clean_output = Off - [soap] - soap.wsdl_cache_enabled=1 - soap.wsdl_cache_dir="/tmp" - soap.wsdl_cache_ttl=86400 - soap.wsdl_cache_limit = 5 - [sysvshm] - ; Nothing here - [ldap] - ldap.max_links = -1 - [dba] - ; Nothing here - [opcache] - opcache.interned_strings_buffer=64 - [curl] - ; Nothing here - [openssl] - ; Nothing here - [ffi] - ; Nothing here diff --git a/customers/base/apcu-configmap.yml b/customers/base/apcu-configmap.yml deleted file mode 100644 index c25ee99..0000000 --- a/customers/base/apcu-configmap.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: apcu-configmap -data: - apcu.ini: | - extension=apcu.so - apc.enable_cli=1 diff --git a/customers/base/cli-php-configmap.yml b/customers/base/cli-php-configmap.yml deleted file mode 100644 index 3e1354f..0000000 --- a/customers/base/cli-php-configmap.yml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cli-php-configmap -data: - php.ini: | - [PHP] - allow_url_fopen = On - allow_url_include = Off - auto_append_file = - auto_globals_jit = On - auto_prepend_file = - default_charset = "UTF-8" - default_mimetype = "text/html" - default_socket_timeout = 60 - disable_classes = - disable_functions = - display_errors = Off - display_startup_errors = Off - doc_root = - enable_dl = Off - engine = On - error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - expose_php = On - file_uploads = On - ignore_repeated_errors = Off - ignore_repeated_source = Off - implicit_flush = Off - log_errors = On - log_errors_max_len = 1024 - max_execution_time = 86400 - max_file_uploads = 20 - max_input_time = 86400 - memory_limit = -1 - output_buffering = Off - post_max_size = 16G - precision = 14 - register_argc_argv = Off - report_memleaks = On - request_order = "GP" - serialize_precision = -1 - short_open_tag = Off - unserialize_callback_func = - upload_max_filesize = 16G - user_dir = - variables_order = "GPCS" - zend.enable_gc = On - zend.exception_ignore_args = On - zlib.output_compression = Off - [CLI Server] - cli_server.color = On - [Date] - ; Nothing here - [filter] - ; Nothing here - [iconv] - ; Nothing here - [imap] - ; Nothing here - [intl] - ; Nothing here - [sqlite3] - ; Nothing here - [Pcre] - ; Nothing here - [Pdo] - ; Nothing here - [Pdo_mysql] - pdo_mysql.default_socket= - [Phar] - ; Nothing here - [mail function] - SMTP = localhost - smtp_port = 25 - mail.add_x_header = Off - [ODBC] - odbc.allow_persistent = On - odbc.check_persistent = On - odbc.max_persistent = -1 - odbc.max_links = -1 - odbc.defaultlrl = 4096 - odbc.defaultbinmode = 1 - [MySQLi] - mysqli.max_persistent = -1 - mysqli.allow_persistent = On - mysqli.max_links = -1 - mysqli.default_port = 3306 - mysqli.default_socket = - mysqli.default_host = - mysqli.default_user = - mysqli.default_pw = - mysqli.reconnect = Off - [mysqlnd] - mysqlnd.collect_statistics = On - mysqlnd.collect_memory_statistics = Off - [OCI8] - ; Nothing here - [PostgreSQL] - pgsql.allow_persistent = On - pgsql.auto_reset_persistent = Off - pgsql.max_persistent = -1 - pgsql.max_links = -1 - pgsql.ignore_notice = 0 - pgsql.log_notice = 0 - [bcmath] - bcmath.scale = 0 - [browscap] - ; Nothing here - [Session] - session.save_handler = files - session.use_strict_mode = 0 - session.use_cookies = 1 - session.use_only_cookies = 1 - session.name = PHPSESSID - session.auto_start = 0 - session.cookie_lifetime = 0 - session.cookie_path = / - session.cookie_domain = - session.cookie_httponly = - session.cookie_samesite = - session.serialize_handler = php - session.gc_probability = 0 - session.gc_divisor = 1000 - session.gc_maxlifetime = 1440 - session.referer_check = - session.cache_limiter = nocache - session.cache_expire = 180 - session.use_trans_sid = 0 - session.sid_length = 26 - session.trans_sid_tags = "a=href,area=href,frame=src,form=" - session.sid_bits_per_character = 5 - [Assertion] - zend.assertions = -1 - [COM] - ; Nothing here - [mbstring] - ; Nothing here - [gd] - ; Nothing here - [exif] - ; Nothing here - [Tidy] - tidy.clean_output = Off - [soap] - soap.wsdl_cache_enabled=1 - soap.wsdl_cache_dir="/tmp" - soap.wsdl_cache_ttl=86400 - soap.wsdl_cache_limit = 5 - [sysvshm] - ; Nothing here - [ldap] - ldap.max_links = -1 - [dba] - ; Nothing here - [opcache] - opcache.interned_strings_buffer=64 - [curl] - ; Nothing here - [openssl] - ; Nothing here - [ffi] - ; Nothing here diff --git a/customers/base/files/000-default.conf b/customers/base/files/000-default.conf new file mode 100644 index 0000000..5cd81a8 --- /dev/null +++ b/customers/base/files/000-default.conf @@ -0,0 +1,73 @@ +LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so +LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + # Log format config + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + + PassEnv HOSTNAME + Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure" + + # Header config + RemoteIPHeader X-Forwarded-For + RemoteIPInternalProxy 37.156.195.14 + RemoteIPInternalProxy 37.156.195.19 + RemoteIPInternalProxy 37.156.195.84 + RemoteIPInternalProxy 37.156.195.92 + #ErrorDocument 404 /404.html + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded + CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded + + LimitRequestBody 0 + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + Dav off + + + + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + # Log format config + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + + PassEnv HOSTNAME + Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure" + + # Header config + RemoteIPHeader X-Forwarded-For + RemoteIPInternalProxy 37.156.195.14 + RemoteIPInternalProxy 37.156.195.19 + RemoteIPInternalProxy 37.156.195.84 + RemoteIPInternalProxy 37.156.195.92 + #ErrorDocument 404 /404.html + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded + CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded + SSLEngine On + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + LimitRequestBody 0 + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + Dav off + + + + Order allow,deny + deny from all + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet + diff --git a/customers/base/files/apache-php.ini b/customers/base/files/apache-php.ini new file mode 100644 index 0000000..2c93e4f --- /dev/null +++ b/customers/base/files/apache-php.ini @@ -0,0 +1,157 @@ +[PHP] +allow_url_fopen = On +allow_url_include = Off +auto_append_file = +auto_globals_jit = On +auto_prepend_file = +default_charset = "UTF-8" +default_mimetype = "text/html" +default_socket_timeout = 60 +disable_classes = +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, +display_errors = Off +display_startup_errors = Off +doc_root = +enable_dl = Off +engine = On +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +expose_php = Off +file_uploads = On +ignore_repeated_errors = Off +ignore_repeated_source = Off +implicit_flush = Off +log_errors = On +log_errors_max_len = 1024 +max_execution_time = 86400 +max_file_uploads = 20 +max_input_time = 86400 +memory_limit = 512M +output_buffering = Off +post_max_size = 30G +precision = 14 +register_argc_argv = Off +report_memleaks = On +request_order = "GP" +serialize_precision = -1 +short_open_tag = Off +unserialize_callback_func = +upload_max_filesize = 30G +user_dir = +variables_order = "GPCS" +zend.enable_gc = On +zend.exception_ignore_args = On +zlib.output_compression = Off +[CLI Server] +cli_server.color = On +[Date] +; Nothing here +[filter] +; Nothing here +[iconv] +; Nothing here +[imap] +; Nothing here +[intl] +; Nothing here +[sqlite3] +; Nothing here +[Pcre] +; Nothing here +[Pdo] +; Nothing here +[Pdo_mysql] +pdo_mysql.default_socket= +[Phar] +; Nothing here +[mail function] +SMTP = localhost +smtp_port = 25 +mail.add_x_header = Off +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off +[OCI8] +; Nothing here +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 +[bcmath] +bcmath.scale = 0 +[browscap] +; Nothing here +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.cookie_samesite = +session.serialize_handler = php +session.gc_probability = 0 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.sid_length = 26 +session.trans_sid_tags = "a=href,area=href,frame=src,form=" +session.sid_bits_per_character = 5 +[Assertion] +zend.assertions = -1 +[COM] +; Nothing here +[mbstring] +; Nothing here +[gd] +; Nothing here +[exif] +; Nothing here +[Tidy] +tidy.clean_output = Off +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 +[sysvshm] +; Nothing here +[ldap] +ldap.max_links = -1 +[dba] +; Nothing here +[opcache] +opcache.interned_strings_buffer=64 +[curl] +; Nothing here +[openssl] +; Nothing here +[ffi] +; Nothing here + diff --git a/customers/base/files/apcu.ini b/customers/base/files/apcu.ini new file mode 100644 index 0000000..bb82aba --- /dev/null +++ b/customers/base/files/apcu.ini @@ -0,0 +1,3 @@ +extension=apcu.so +apc.enable_cli=1 + diff --git a/customers/base/files/cli-php.ini b/customers/base/files/cli-php.ini new file mode 100644 index 0000000..30e49f4 --- /dev/null +++ b/customers/base/files/cli-php.ini @@ -0,0 +1,157 @@ +[PHP] +allow_url_fopen = On +allow_url_include = Off +auto_append_file = +auto_globals_jit = On +auto_prepend_file = +default_charset = "UTF-8" +default_mimetype = "text/html" +default_socket_timeout = 60 +disable_classes = +disable_functions = +display_errors = Off +display_startup_errors = Off +doc_root = +enable_dl = Off +engine = On +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +expose_php = On +file_uploads = On +ignore_repeated_errors = Off +ignore_repeated_source = Off +implicit_flush = Off +log_errors = On +log_errors_max_len = 1024 +max_execution_time = 86400 +max_file_uploads = 20 +max_input_time = 86400 +memory_limit = -1 +output_buffering = Off +post_max_size = 16G +precision = 14 +register_argc_argv = Off +report_memleaks = On +request_order = "GP" +serialize_precision = -1 +short_open_tag = Off +unserialize_callback_func = +upload_max_filesize = 16G +user_dir = +variables_order = "GPCS" +zend.enable_gc = On +zend.exception_ignore_args = On +zlib.output_compression = Off +[CLI Server] +cli_server.color = On +[Date] +; Nothing here +[filter] +; Nothing here +[iconv] +; Nothing here +[imap] +; Nothing here +[intl] +; Nothing here +[sqlite3] +; Nothing here +[Pcre] +; Nothing here +[Pdo] +; Nothing here +[Pdo_mysql] +pdo_mysql.default_socket= +[Phar] +; Nothing here +[mail function] +SMTP = localhost +smtp_port = 25 +mail.add_x_header = Off +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off +[OCI8] +; Nothing here +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 +[bcmath] +bcmath.scale = 0 +[browscap] +; Nothing here +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.cookie_samesite = +session.serialize_handler = php +session.gc_probability = 0 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.sid_length = 26 +session.trans_sid_tags = "a=href,area=href,frame=src,form=" +session.sid_bits_per_character = 5 +[Assertion] +zend.assertions = -1 +[COM] +; Nothing here +[mbstring] +; Nothing here +[gd] +; Nothing here +[exif] +; Nothing here +[Tidy] +tidy.clean_output = Off +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 +[sysvshm] +; Nothing here +[ldap] +ldap.max_links = -1 +[dba] +; Nothing here +[opcache] +opcache.interned_strings_buffer=64 +[curl] +; Nothing here +[openssl] +; Nothing here +[ffi] +; Nothing here + diff --git a/customers/base/files/config.php b/customers/base/files/config.php new file mode 100644 index 0000000..119594a --- /dev/null +++ b/customers/base/files/config.php @@ -0,0 +1,111 @@ + + array ( + 0 => 'globalsiteselector', + ), + 'apps_paths' => + array ( + 0 => + array ( + 'path' => '/var/www/html/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => + array ( + 'path' => '/var/www/html/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), + 'appstoreenabled' => false, + 'config_is_read_only' => true, + 'csrf.disabled' => true, + 'datadirectory' => '/var/www/html/data', + 'dbhost' => '{{MYSQL_HOST}}:{{MYSQL_PORT}}', + 'dbname' => '{{MYSQL_DATABASE}}', + 'dbpassword' => '{{MYSQL_PASSWORD}}', + 'dbport' => '{{MYSQL_PORT}}', + 'dbtableprefix' => 'oc_', + 'dbtype' => 'mysql', + 'dbuser' => '{{MYSQL_USER}}', + 'default_phone_region' => 'SE', + 'forcessl' => true, + 'gs.enabled' => 'true', + 'gs.federation' => 'global', + 'gs.trustedHosts' => ['*.sunet.se'], + 'gss.jwt.key' => '{{GSS_JWT_KEY}}', + 'gss.master.url' => '{{GSS_MASTER_URL}}', + 'gss.mode' => 'slave', + 'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping', + 'htaccess.RewriteBase' => '/', + 'installed' => true, + 'instanceid' => '{{NEXTCLOUD_INSTANCEID}}', + 'integrity.check.disabled' => true, + 'log_type' => 'file', + 'loglevel' => 0, + 'lookup_server' => '{{LOOKUP_SERVER}}', + 'mail_domain' => '{{MAIL_DOMAIN}}', + 'mail_from_address' => '{{MAIL_FROM_ADDRESS}}', + 'mail_sendmailmode' => 'smtp', + 'mail_smtpauth' => 1, + 'mail_smtpauthtype' => 'LOGIN', + 'mail_smtphost' => '{{MAIL_SMTPHOST}}', + 'mail_smtpmode' => 'smtp', + 'mail_smtpname' => '{{MAIL_SMTPNAME}}', + 'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}', + 'mail_smtpport' => '587', + 'mail_smtpsecure' => 'tls', + 'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate', + 'memcache.distributed' => '\\OC\\Memcache\\Redis', + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'mysql.utf8mb4' => true, + 'objectstore' => + array ( + 'class' => '\\OC\\Files\\ObjectStore\\S3', + 'arguments' => + array ( + 'autocreate' => false, + 'bucket' => '{{OBJECTSTORE_S3_BUCKET}}', + 'hostname' => '{{OBJECTSTORE_S3_HOST}}', + 'key' => '{{OBJECTSTORE_S3_KEY}}', + 'legacy_auth' => false, + 'objectPrefix' => 'urn:oid:', + 'port' => '', + 'region' => '{{OBJECTSTORE_S3_REGION}}', + 'secret' => '{{OBJECTSTORE_S3_SECRET}}', + 'use_path_style' => true, + 'use_ssl' => true, + ), + ), + 'overwrite.cli.url' => 'https://{{SITE_NAME}}/', + 'overwritehost' => '{{SITE_NAME}}', + 'overwriteprotocol' => 'https', + 'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}', + 'secret' => '{{NEXTCLOUD_SECRET}}', + 'redis' => + array ( + 'host' => '{{REDIS_HOST}}', + 'port' => 6379, + ), + 'skeletondirectory' => '', + 'templatedirectory' => '', + 'trusted_domains' => + array ( + 0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}' + ), + 'trusted_proxies' => + array ( + 0 => '10.0.0.0/8' + ), + 'twofactor_enforced' => 'true', + 'twofactor_enforced_groups' => + array ( + 0 => 'admin', + ), + 'updatechecker' => false, + 'version' => '{{NEXTCLOUD_VERSION_STRING}}', +); + diff --git a/customers/base/files/nc-upgrade b/customers/base/files/nc-upgrade new file mode 100644 index 0000000..aa6907b --- /dev/null +++ b/customers/base/files/nc-upgrade @@ -0,0 +1,14 @@ +#!/bin/bash +sed "s/config_is_read_only\(.\) => true,/config_is_read_only\1 => false,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp +mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php +php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade +php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:update:htaccess +php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair +php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:mode --off +php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys +php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns +php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices +sed "s/config_is_read_only\(.\) => false,/config_is_read_only\1 => true,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp +mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php +chown www-data:www-data /var/www/html/config/config.php + diff --git a/customers/base/kustomization.yaml b/customers/base/kustomization.yaml index 758aa4d..1784e71 100644 --- a/customers/base/kustomization.yaml +++ b/customers/base/kustomization.yaml @@ -1,18 +1,35 @@ resources: - - apache-configmap.yml - - apache-php-configmap.yml - - apcu-configmap.yml - - cli-php-configmap.yml - env-configmap.yml - nextcloud-cert-issuer.yml - - nextcloud-configmap.yml - nextcloud-deployment.yml - nextcloud-ingress.yml - nextcloud-service.yml - redis-deployment.yml - redis-service.yml - s3-service.yml - - script-configmap.yml + +configMapGenerator: + - name: apache-configmap + files: + - files/000-default.conf + - name: apache-php-configmap + files: + - php.ini=files/apache-php.ini + - name: apcu-configmap + files: + - files/apcu.ini + - name: nextcloud-configmap + files: + - files/config.php + - name: cli-php-configmap + files: + - php.ini=files/cli-php.ini + - name: script-configmap + files: + - files/nc-upgrade + +generatorOptions: + disableNameSuffixHash: true images: - name: nextcloud-custom-image diff --git a/customers/base/nextcloud-configmap.yml b/customers/base/nextcloud-configmap.yml deleted file mode 100644 index 4f0cc2f..0000000 --- a/customers/base/nextcloud-configmap.yml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nextcloud-configmap -data: - config.php: | - - array ( - 0 => 'globalsiteselector', - ), - 'apps_paths' => - array ( - 0 => - array ( - 'path' => '/var/www/html/apps', - 'url' => '/apps', - 'writable' => false, - ), - 1 => - array ( - 'path' => '/var/www/html/custom_apps', - 'url' => '/custom_apps', - 'writable' => true, - ), - ), - 'appstoreenabled' => false, - 'config_is_read_only' => true, - 'csrf.disabled' => true, - 'datadirectory' => '/var/www/html/data', - 'dbhost' => '{{MYSQL_HOST}}:{{MYSQL_PORT}}', - 'dbname' => '{{MYSQL_DATABASE}}', - 'dbpassword' => '{{MYSQL_PASSWORD}}', - 'dbport' => '{{MYSQL_PORT}}', - 'dbtableprefix' => 'oc_', - 'dbtype' => 'mysql', - 'dbuser' => '{{MYSQL_USER}}', - 'default_phone_region' => 'SE', - 'forcessl' => true, - 'gs.enabled' => 'true', - 'gs.federation' => 'global', - 'gs.trustedHosts' => ['*.sunet.se'], - 'gss.jwt.key' => '{{GSS_JWT_KEY}}', - 'gss.master.url' => '{{GSS_MASTER_URL}}', - 'gss.mode' => 'slave', - 'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping', - 'htaccess.RewriteBase' => '/', - 'installed' => true, - 'instanceid' => '{{NEXTCLOUD_INSTANCEID}}', - 'integrity.check.disabled' => true, - 'log_type' => 'file', - 'loglevel' => 0, - 'lookup_server' => '{{LOOKUP_SERVER}}', - 'mail_domain' => '{{MAIL_DOMAIN}}', - 'mail_from_address' => '{{MAIL_FROM_ADDRESS}}', - 'mail_sendmailmode' => 'smtp', - 'mail_smtpauth' => 1, - 'mail_smtpauthtype' => 'LOGIN', - 'mail_smtphost' => '{{MAIL_SMTPHOST}}', - 'mail_smtpmode' => 'smtp', - 'mail_smtpname' => '{{MAIL_SMTPNAME}}', - 'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}', - 'mail_smtpport' => '587', - 'mail_smtpsecure' => 'tls', - 'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate', - 'memcache.distributed' => '\\OC\\Memcache\\Redis', - 'memcache.local' => '\\OC\\Memcache\\APCu', - 'memcache.locking' => '\\OC\\Memcache\\Redis', - 'mysql.utf8mb4' => true, - 'objectstore' => - array ( - 'class' => '\\OC\\Files\\ObjectStore\\S3', - 'arguments' => - array ( - 'autocreate' => false, - 'bucket' => '{{OBJECTSTORE_S3_BUCKET}}', - 'hostname' => '{{OBJECTSTORE_S3_HOST}}', - 'key' => '{{OBJECTSTORE_S3_KEY}}', - 'legacy_auth' => false, - 'objectPrefix' => 'urn:oid:', - 'port' => '', - 'region' => '{{OBJECTSTORE_S3_REGION}}', - 'secret' => '{{OBJECTSTORE_S3_SECRET}}', - 'use_path_style' => true, - 'use_ssl' => true, - ), - ), - 'overwrite.cli.url' => 'https://{{SITE_NAME}}/', - 'overwritehost' => '{{SITE_NAME}}', - 'overwriteprotocol' => 'https', - 'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}', - 'secret' => '{{NEXTCLOUD_SECRET}}', - 'redis' => - array ( - 'host' => '{{REDIS_HOST}}', - 'port' => 6379, - ), - 'skeletondirectory' => '', - 'templatedirectory' => '', - 'trusted_domains' => - array ( - 0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}' - ), - 'trusted_proxies' => - array ( - 0 => '10.0.0.0/8' - ), - 'twofactor_enforced' => 'true', - 'twofactor_enforced_groups' => - array ( - 0 => 'admin', - ), - 'updatechecker' => false, - 'version' => '{{NEXTCLOUD_VERSION_STRING}}', - ); diff --git a/customers/base/script-configmap.yml b/customers/base/script-configmap.yml deleted file mode 100644 index 5c81d76..0000000 --- a/customers/base/script-configmap.yml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: script-configmap -data: - nc-upgrade: | - #!/bin/bash - sed "s/config_is_read_only\(.\) => true,/config_is_read_only\1 => false,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp - mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:update:htaccess - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:mode --off - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices - sed "s/config_is_read_only\(.\) => false,/config_is_read_only\1 => true,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp - mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php - chown www-data:www-data /var/www/html/config/config.php From 75153298db6d129d59316bcb9885fd1890dd378e Mon Sep 17 00:00:00 2001 From: Lars Delhage Date: Tue, 18 Feb 2025 08:52:05 +0100 Subject: [PATCH 3/5] Remove namePrefix --- customers/overlays/nordunet/test/kustomization.yaml | 1 - customers/overlays/richir/test/kustomization.yaml | 1 - customers/overlays/vinnova/test/kustomization.yaml | 1 - 3 files changed, 3 deletions(-) diff --git a/customers/overlays/nordunet/test/kustomization.yaml b/customers/overlays/nordunet/test/kustomization.yaml index 8b308e3..353049b 100644 --- a/customers/overlays/nordunet/test/kustomization.yaml +++ b/customers/overlays/nordunet/test/kustomization.yaml @@ -6,4 +6,3 @@ patches: - path: env-configmap.yml - path: nextcloud-deployment.yml - path: nextcloud-ingress.yml -namePrefix: 'nordunet-' diff --git a/customers/overlays/richir/test/kustomization.yaml b/customers/overlays/richir/test/kustomization.yaml index bd66307..353049b 100644 --- a/customers/overlays/richir/test/kustomization.yaml +++ b/customers/overlays/richir/test/kustomization.yaml @@ -6,4 +6,3 @@ patches: - path: env-configmap.yml - path: nextcloud-deployment.yml - path: nextcloud-ingress.yml -namePrefix: 'richir-' diff --git a/customers/overlays/vinnova/test/kustomization.yaml b/customers/overlays/vinnova/test/kustomization.yaml index 66bbeb3..353049b 100644 --- a/customers/overlays/vinnova/test/kustomization.yaml +++ b/customers/overlays/vinnova/test/kustomization.yaml @@ -6,4 +6,3 @@ patches: - path: env-configmap.yml - path: nextcloud-deployment.yml - path: nextcloud-ingress.yml -namePrefix: 'vinnova-' From a260fed464aa6c268151226c99ed1d9ae0805934 Mon Sep 17 00:00:00 2001 From: Lars Delhage Date: Tue, 18 Feb 2025 08:54:03 +0100 Subject: [PATCH 4/5] Remove obsolete parameters --- customers/base/files/config.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/customers/base/files/config.php b/customers/base/files/config.php index 119594a..e42fd73 100644 --- a/customers/base/files/config.php +++ b/customers/base/files/config.php @@ -35,10 +35,6 @@ $CONFIG = array ( 'gs.enabled' => 'true', 'gs.federation' => 'global', 'gs.trustedHosts' => ['*.sunet.se'], - 'gss.jwt.key' => '{{GSS_JWT_KEY}}', - 'gss.master.url' => '{{GSS_MASTER_URL}}', - 'gss.mode' => 'slave', - 'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping', 'htaccess.RewriteBase' => '/', 'installed' => true, 'instanceid' => '{{NEXTCLOUD_INSTANCEID}}', From 1d60bac661c4b738e324748f988832afcc39349c Mon Sep 17 00:00:00 2001 From: Lars Delhage Date: Tue, 18 Feb 2025 09:04:04 +0100 Subject: [PATCH 5/5] Remove old application --- applications/richir-test/application.yaml | 35 ----------------------- 1 file changed, 35 deletions(-) delete mode 100644 applications/richir-test/application.yaml diff --git a/applications/richir-test/application.yaml b/applications/richir-test/application.yaml deleted file mode 100644 index 689f716..0000000 --- a/applications/richir-test/application.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: richir-test - namespace: argocd - labels: - name: richir-test -spec: - project: default - sources: - - repoURL: 'https://platform.sunet.se/Drive/k8s-manifests' - targetRevision: HEAD - path: customers/overlays/richir/test/ - destination: - server: https://kubernetes.default.svc - namespace: richir - syncPolicy: - automated: - prune: false - selfHeal: true - allowEmpty: false - syncOptions: # maybe needs FIXME - - Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ). - - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster. - - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan. - - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation - - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration - - ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 3m - revisionHistoryLimit: 2