diff --git a/applications/richir-test/application.yaml b/applications/richir-test/application.yaml new file mode 100644 index 0000000..1b49235 --- /dev/null +++ b/applications/richir-test/application.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: richir-test + namespace: argocd + labels: + name: richir-test +spec: + project: default + sources: + - repoURL: 'https://platform.sunet.se/Drive/k8s-manifests' + targetRevision: richir-improve-setup + path: customers/overlays/richir/test/ + destination: + server: https://kubernetes.default.svc + namespace: richir + syncPolicy: + automated: + prune: false + selfHeal: true + allowEmpty: false + syncOptions: # maybe needs FIXME + - Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ). + - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster. + - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan. + - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation + - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration + - ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + revisionHistoryLimit: 10 diff --git a/customers/base/nextcloud-configmap.yml b/customers/base/nextcloud-configmap.yml index f789037..ac0b020 100644 --- a/customers/base/nextcloud-configmap.yml +++ b/customers/base/nextcloud-configmap.yml @@ -5,6 +5,29 @@ metadata: data: config.php: | array ( @@ -29,37 +52,33 @@ data: 'config_is_read_only' => true, 'csrf.disabled' => true, 'datadirectory' => '/var/www/html/data', - 'dbhost' => '{{MYSQL_HOST}}:{{MYSQL_PORT}}', - 'dbname' => '{{MYSQL_DATABASE}}', - 'dbpassword' => '{{MYSQL_PASSWORD}}', - 'dbport' => '{{MYSQL_PORT}}', + 'dbhost' => '$dbhost', + 'dbname' => '$dbname', + 'dbpassword' => 'dbpassword', + 'dbport' => '$dbport', 'dbtableprefix' => 'oc_', 'dbtype' => 'mysql', - 'dbuser' => '{{MYSQL_USER}}', + 'dbuser' => '$dbuser', 'default_phone_region' => 'SE', 'forcessl' => true, 'gs.enabled' => 'true', 'gs.federation' => 'global', 'gs.trustedHosts' => ['*.sunet.se'], - 'gss.jwt.key' => '{{GSS_JWT_KEY}}', - 'gss.master.url' => '{{GSS_MASTER_URL}}', - 'gss.mode' => 'slave', - 'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping', 'installed' => true, - 'instanceid' => '{{NEXTCLOUD_INSTANCEID}}', + 'instanceid' => '$instanceid', 'integrity.check.disabled' => true, 'log_type' => 'file', 'loglevel' => 0, - 'lookup_server' => '{{LOOKUP_SERVER}}', - 'mail_domain' => '{{MAIL_DOMAIN}}', - 'mail_from_address' => '{{MAIL_FROM_ADDRESS}}', + 'lookup_server' => '$lookup_server', + 'mail_domain' => '$mail_domain', + 'mail_from_address' => '$mail_from_address', 'mail_sendmailmode' => 'smtp', 'mail_smtpauth' => 1, 'mail_smtpauthtype' => 'LOGIN', - 'mail_smtphost' => '{{MAIL_SMTPHOST}}', + 'mail_smtphost' => '$mail_smtphost', 'mail_smtpmode' => 'smtp', - 'mail_smtpname' => '{{MAIL_SMTPNAME}}', - 'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}', + 'mail_smtpname' => '$mail_smtpname ', + 'mail_smtppassword' => '$mail_smtppassword', 'mail_smtpport' => '587', 'mail_smtpsecure' => 'tls', 'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate', @@ -73,33 +92,33 @@ data: 'arguments' => array ( 'autocreate' => false, - 'bucket' => '{{OBJECTSTORE_S3_BUCKET}}', - 'hostname' => '{{OBJECTSTORE_S3_HOST}}', - 'key' => '{{OBJECTSTORE_S3_KEY}}', + 'bucket' => '$s3_bucket', + 'hostname' => '$s3_hostname', + 'key' => '$s3_key', 'legacy_auth' => false, 'objectPrefix' => 'urn:oid:', 'port' => '', - 'region' => '{{OBJECTSTORE_S3_REGION}}', - 'secret' => '{{OBJECTSTORE_S3_SECRET}}', + 'region' => '$s3_region', + 'secret' => '$s3_secret', 'use_path_style' => true, 'use_ssl' => true, ), ), - 'overwrite.cli.url' => 'https://{{SITE_NAME}}', - 'overwritehost' => '{{SITE_NAME}}', + 'overwrite.cli.url' => 'https://$site_name', + 'overwritehost' => '$site_name', 'overwriteprotocol' => 'https', - 'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}', - 'secret' => '{{NEXTCLOUD_SECRET}}', + 'passwordsalt' => '$passwordsalt', + 'secret' => '$secret', 'redis' => array ( - 'host' => '{{REDIS_HOST}}', + 'host' => '$redis_host', 'port' => 6379, ), 'skeletondirectory' => '', 'templatedirectory' => '', 'trusted_domains' => array ( - 0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}' + 0 => '$trusted_domains' ), 'trusted_proxies' => array ( @@ -111,5 +130,5 @@ data: 0 => 'admin', ), 'updatechecker' => false, - 'version' => '{{NEXTCLOUD_VERSION_STRING}}', + 'version' => '$version', ); diff --git a/customers/base/nextcloud-deployment.yml b/customers/base/nextcloud-deployment.yml index 4b14744..016a9b2 100644 --- a/customers/base/nextcloud-deployment.yml +++ b/customers/base/nextcloud-deployment.yml @@ -11,16 +11,6 @@ spec: app: customer-node updateStrategy: type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: nextcloud-data - spec: - storageClassName: csi-sc-cinderplugin - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi template: metadata: labels: @@ -32,9 +22,9 @@ spec: - name: customer image: docker.sunet.se/drive/nextcloud-custom:30.0.5.2-1 volumeMounts: - - name: nextcloud-data - mountPath: /var/www/html/config/ - subPath: config + - name: nextcloud-config + mountPath: /config.php + subPath: config.php - name: apache-config mountPath: /etc/apache2/sites-enabled/000-default.conf subPath: 000-default.conf @@ -50,50 +40,7 @@ spec: - name: cli-php-config mountPath: /etc/php/8.0/cli/php.ini subPath: php.ini - resources: - limits: - cpu: 2000m - memory: 2048Mi - requests: - cpu: 1000m - memory: 512Mi - readinessProbe: - tcpSocket: - port: 80 - initialDelaySeconds: 10 - periodSeconds: 60 - livenessProbe: - tcpSocket: - port: 80 - initialDelaySeconds: 20 - periodSeconds: 180 - ports: - - containerPort: 80 - name: nextcloud-http - command: ["/bin/bash"] - args: ["-c", "apachectl -D FOREGROUND"] - lifecycle: - postStart: - exec: - command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"] - initContainers: - - image: docker.sunet.se/sunet/docker-jinja:latest - name: init-config - volumeMounts: - - name: nextcloud-config - mountPath: /tmp/config.php.template - subPath: config.php - - name: nextcloud-data - mountPath: /var/www/html/config - subPath: config env: - - name: GSS_MASTER_URL - value: "https://drive.test.sunet.se" - - name: GSS_JWT_KEY - valueFrom: - secretKeyRef: - name: gss-secret - key: "jwt_key" - name: LOOKUP_SERVER value: "https://lookup.drive.test.sunet.se" - name: MAIL_DOMAIN @@ -174,7 +121,32 @@ spec: value: "redis" - name: SITE_NAME value: "customer.drive.test.sunet.se" - command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"] + resources: + limits: + cpu: 2000m + memory: 2048Mi + requests: + cpu: 1000m + memory: 512Mi + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 10 + periodSeconds: 60 + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 20 + periodSeconds: 180 + ports: + - containerPort: 80 + name: nextcloud-http + command: ["/bin/bash"] + args: ["-c", "apachectl -D FOREGROUND"] + lifecycle: + postStart: + exec: + command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"] volumes: - name: script-config configMap: diff --git a/customers/base/script-configmap.yml b/customers/base/script-configmap.yml index 8371521..dddcbe4 100644 --- a/customers/base/script-configmap.yml +++ b/customers/base/script-configmap.yml @@ -5,15 +5,10 @@ metadata: data: nc-upgrade: | #!/bin/bash - sed "s/config_is_read_only\(.\) => true,/config_is_read_only\1 => false,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp - mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ app:disable globalsiteselector - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ app:enable globalsiteselector - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:mode --off - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns - php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices - sed "s/config_is_read_only\(.\) => false,/config_is_read_only\1 => true,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp - mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php + cp /config.php /var/www/html/config/config.php + chown www-data:root /var/www/html/config/config.php +# su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade" +# su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair" +# su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys" +# su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns" +# su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices" diff --git a/customers/overlays/richir/test/kustomization.yaml b/customers/overlays/richir/test/kustomization.yaml new file mode 100644 index 0000000..e258878 --- /dev/null +++ b/customers/overlays/richir/test/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../base +patches: +- path: nextcloud-deployment.yml +- path: nextcloud-ingress.yml diff --git a/customers/overlays/richir/test/nextcloud-deployment.yml b/customers/overlays/richir/test/nextcloud-deployment.yml new file mode 100644 index 0000000..e987d94 --- /dev/null +++ b/customers/overlays/richir/test/nextcloud-deployment.yml @@ -0,0 +1,34 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: customer-node + labels: + app: customer-node +spec: + replicas: 1 + template: + metadata: + labels: + app: customer-node + spec: + containers: + - name: customer + env: + - name: MYSQL_DATABASE + value: "nextcloud_richir" + - name: MYSQL_USER + value: "nextcloud_richir" + - name: GSS_MASTER_URL + value: "https://drive.test.sunet.se" + - name: LOOKUP_SERVER + value: "https://lookup.drive.test.sunet.se" + - name: MAIL_DOMAIN + value: "drive.test.sunet.se" + - name: MAIL_SMTPNAME + value: "noreply@drive.test.sunet.se" + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: "richir.drive.test.sunet.se" + - name: OBJECTSTORE_S3_BUCKET + value: "primary-richir-drive-test.sunet.se" + - name: SITE_NAME + value: "richir.drive.test.sunet.se" diff --git a/customers/overlays/richir/test/nextcloud-ingress.yml b/customers/overlays/richir/test/nextcloud-ingress.yml new file mode 100644 index 0000000..1f95bfb --- /dev/null +++ b/customers/overlays/richir/test/nextcloud-ingress.yml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: customer-ingress + annotations: + cert-manager.io/issuer: "letsencrypt" + acme.cert-manager.io/http01-edit-in-place: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - richir.drive.test.sunet.se + secretName: tls-secret + ingressClassName: nginx + rules: + - host: richir.drive.test.sunet.se + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: customer-node + port: + number: 80