From 0d5dfd31b603c7397327032714cc3d9964aadcb5 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 27 Mar 2023 16:41:43 +0200 Subject: [PATCH] Add nextcloud config --- customers/base/kustomization.yaml | 2 + customers/base/nextcloud-configmap.yml | 111 ++++++++++++++++++ customers/base/nextcloud-deployment.yml | 54 ++++++++- customers/base/redis-deployment.yml | 29 +++++ customers/base/redis-service.yml | 18 +++ .../overlays/vr/prod/nextcloud-deployment.yml | 19 ++- .../overlays/vr/test/nextcloud-deployment.yml | 19 ++- 7 files changed, 244 insertions(+), 8 deletions(-) create mode 100644 customers/base/nextcloud-configmap.yml create mode 100644 customers/base/redis-deployment.yml create mode 100644 customers/base/redis-service.yml diff --git a/customers/base/kustomization.yaml b/customers/base/kustomization.yaml index 962f0fc..8f93cb4 100644 --- a/customers/base/kustomization.yaml +++ b/customers/base/kustomization.yaml @@ -4,4 +4,6 @@ resources: - nextcloud-namespace.yml - nextcloud-pvc.yml - nextcloud-service.yml + - redis-deployment.yml + - redis-service.yml - s3-service.yml diff --git a/customers/base/nextcloud-configmap.yml b/customers/base/nextcloud-configmap.yml new file mode 100644 index 0000000..f3527db --- /dev/null +++ b/customers/base/nextcloud-configmap.yml @@ -0,0 +1,111 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nextcloud-configmap + namespace: customer +data: + config.php: | + '\\OC\\Memcache\\APCu', + 'appstoreenabled' => false, + 'apps_paths' => + array ( + 0 => + array ( + 'path' => '/var/www/html/apps', + 'url' => '/apps', + 'writable' => false, + ), + 1 => + array ( + 'path' => '/var/www/html/custom_apps', + 'url' => '/custom_apps', + 'writable' => true, + ), + ), + 'memcache.distributed' => '\\OC\\Memcache\\Redis', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'redis' => + array ( + 'host' => '{{REDIS_HOST}}', + 'password' => '{{REDIS_PASSWORD}}', + 'port' => 6379, + ), + 'forcessl' => true, + 'overwriteprotocol' => 'https', + 'objectstore' => + array ( + 'class' => '\\OC\\Files\\ObjectStore\\S3', + 'arguments' => + array ( + 'bucket' => '{{OBJECTSTORE_S3_BUCKET}}', + 'key' => '{{OBJECTSTORE_S3_KEY}}', + 'secret' => '{{OBJECTSTORE_S3_SECRET}}', + 'region' => '{{OBJECTSTORE_S3_REGION}}', + 'hostname' => '{{OBJECTSTORE_S3_HOST}}', + 'port' => '', + 'objectPrefix' => 'urn:oid:', + 'autocreate' => false, + 'use_ssl' => true, + 'use_path_style' => true, + 'legacy_auth' => false, + ), + ), + 'csrf.disabled' => true, + 'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}', + 'secret' => '{{NEXTCLOUD_SECRET}}', + 'trusted_domains' => + array ( + 0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}' + ), + 'config_is_read_only' => true, + 'datadirectory' => '/var/www/html/data', + 'dbhost' => '{{MYSQL_HOST}}', + 'dbname' => '{{MYSQL_DATABASE}}', + 'dbpassword' => '{{MYSQL_PASSWORD}}', + 'dbport' => '{{MYSQL_PORT}}', + 'dbtableprefix' => 'oc_', + 'dbtype' => 'mysql', + 'dbuser' => '{{MYSQL_USER}}', + 'gs.enabled' => 'true', + 'gs.federation' => 'global', + 'gs.trustedHosts' => ['*.sunet.se'], + 'gss.jwt.key' => '{{GSS_JWT_KEY}}', + 'gss.master.url' => '{{GSS_MASTER_URL}}', + 'gss.mode' => 'slave', + 'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping', + 'installed' => true, + 'instanceid' => '{{NEXTCLOUD_INSTANCEID}}', + 'log_type' => 'file', + 'loglevel' => 0, + 'lookup_server' => '{{LOOKUP_SERVER}}', + 'mail_domain' => '{{MAIL_DOMAIN}}', + 'mail_from_address' => '{{MAIL_FROM_ADDRESS}}', + 'mail_sendmailmode' => 'smtp', + 'mail_smtpauth' => 1, + 'mail_smtpauthtype' => 'LOGIN', + 'mail_smtphost' => '{{MAIL_SMTPHOST}}', + 'mail_smtpmode' => 'smtp', + 'mail_smtpname' => '{{MAIL_SMTPNAME}}', + 'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}', + 'mail_smtpport' => '587', + 'mail_smtpsecure' => 'tls', + 'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate', + 'mysql.utf8mb4' => true, + 'overwritehost' => '{{SITE_NAME}}', + 'overwrite.cli.url' => 'https://{{SITE_NAME}}', + 'templatedirectory' => '', + 'skeletondirectory' => '', + 'twofactor_enforced' => 'true', + 'twofactor_enforced_groups' => + array ( + 0 => 'admin', + ), + 'version' => '{{NEXTCLOUD_VERSION_STRING}}', + 'app_install_overwrite' => + array ( + 0 => 'globalsiteselector', + ), + + ); diff --git a/customers/base/nextcloud-deployment.yml b/customers/base/nextcloud-deployment.yml index 5438d54..a04b0a1 100644 --- a/customers/base/nextcloud-deployment.yml +++ b/customers/base/nextcloud-deployment.yml @@ -23,16 +23,38 @@ spec: claimName: customer-shared-storage-claim containers: - name: customer - image: customer + image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4 volumeMounts: - name: server-storage mountPath: /var/www/html subPath: server-data env: + - name: GSS_MASTER_URL + value: "https://drive.test.sunet.se" + - name: GSS_JWT_KEY + valueFrom: + secretKeyRef: + name: gss-secret + key: "jwt_key" + - name: LOOKUP_SERVER + value: "https://lookup.drive.test.sunet.se" + - name: MAIL_DOMAIN + value: "drive.test.sunet.se" + - name: MAIL_FROM_ADDRESS + value: "noreply" + - name: MAIL_SMTPHOST + value: "smtp.sunet.se" + - name: MAIL_SMTPNAME + value: "noreply@drive.test.sunet.se" + - name: MAIL_SMTPPASSWORD + valueFrom: + secretKeyRef: + name: mail-secret + key: "smtp_password" - name: MYSQL_DATABASE - value: "customer_customer" + value: "customer_nextcloud" - name: MYSQL_USER - value: "customer" + value: "customer_nextcloud" - name: MYSQL_HOST value: "proxysql.proxysql" - name: MYSQL_PASSWORD @@ -45,12 +67,29 @@ spec: - name: NEXTCLOUD_TRUSTED_DOMAINS value: "customer.drive.test.sunet.se" - name: NEXTCLOUD_ADMIN_USER - value: _customer + value: admin + - name: NEXTCLOUD_VERSION_STRING + value: "25.0.3.3" - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nc-secret key: "nc_admin_password" + - name: NEXTCLOUD_PASSWORDSALT + valueFrom: + secretKeyRef: + name: nc-secret + key: "nc_passwordsalt" + - name: NEXTCLOUD_INSTANCEID + valueFrom: + secretKeyRef: + name: nc-secret + key: "nc_instanceid" + - name: NEXTCLOUD_SECRET + valueFrom: + secretKeyRef: + name: nc-secret + key: "nc_secret" - name: OBJECTSTORE_S3_REGION value: "us-east-1" - name: OBJECTSTORE_S3_HOST @@ -75,6 +114,13 @@ spec: value: "true" - name: REDIS_HOST value: "redis.redis" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-secret + key: "redis_password" + - name: SITE_NAME + value: "customer.drive.test.sunet.se" resources: {} strategy: {} status: {} diff --git a/customers/base/redis-deployment.yml b/customers/base/redis-deployment.yml new file mode 100644 index 0000000..1cdd965 --- /dev/null +++ b/customers/base/redis-deployment.yml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: customer + labels: + app.kubernetes.io/name: redis +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: redis + template: + metadata: + labels: + app.kubernetes.io/name: redis + spec: + containers: + - name: default + image: redis:latest + imagePullPolicy: Always + ports: + - containerPort: 6379 + args: + - "--save" + - "" + - "--appendonly" + - "no" + diff --git a/customers/base/redis-service.yml b/customers/base/redis-service.yml new file mode 100644 index 0000000..50225a4 --- /dev/null +++ b/customers/base/redis-service.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + app: redis + name: redis + namespace: customer +spec: + ports: + - name: redis + nodePort: 30379 + port: 6379 + targetPort: redis + selector: + app: redis + app.kubernetes.io/name: redis + type: NodePort diff --git a/customers/overlays/vr/prod/nextcloud-deployment.yml b/customers/overlays/vr/prod/nextcloud-deployment.yml index 02f2933..85c0dad 100644 --- a/customers/overlays/vr/prod/nextcloud-deployment.yml +++ b/customers/overlays/vr/prod/nextcloud-deployment.yml @@ -23,17 +23,32 @@ spec: claimName: vr-shared-storage-claim containers: - name: vr + image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4 + volumeMounts: + - name: server-storage + mountPath: /var/www/html + subPath: server-data env: + - name: GSS_MASTER_URL + value: "https://drive.sunet.se" + - name: LOOKUP_SERVER + value: "https://lookup.drive.sunet.se" + - name: MAIL_DOMAIN + value: "drive.sunet.se" + - name: MAIL_SMTPNAME + value: "noreply@drive.sunet.se" - name: MYSQL_DATABASE value: "vr_nextcloud" - name: MYSQL_USER value: "vr_nextcloud" - name: NEXTCLOUD_TRUSTED_DOMAINS value: "vr.drive.sunet.se" - - name: OBJECTSTORE_S3_HOST - value: "s3.sto4.safedc.net" + - name: NEXTCLOUD_VERSION_STRING + value: "25.0.3.3" - name: OBJECTSTORE_S3_BUCKET value: "primary-vr-drive.sunet.se" + - name: SITE_NAME + value: "vr.drive.sunet.se" resources: {} strategy: {} status: {} diff --git a/customers/overlays/vr/test/nextcloud-deployment.yml b/customers/overlays/vr/test/nextcloud-deployment.yml index 0f29b63..b05214f 100644 --- a/customers/overlays/vr/test/nextcloud-deployment.yml +++ b/customers/overlays/vr/test/nextcloud-deployment.yml @@ -23,17 +23,32 @@ spec: claimName: vr-shared-storage-claim containers: - name: vr + image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4 + volumeMounts: + - name: server-storage + mountPath: /var/www/html + subPath: server-data env: + - name: GSS_MASTER_URL + value: "https://drive.test.sunet.se" + - name: LOOKUP_SERVER + value: "https://lookup.drive.test.sunet.se" + - name: MAIL_DOMAIN + value: "drive.test.sunet.se" + - name: MAIL_SMTPNAME + value: "noreply@drive.test.sunet.se" - name: MYSQL_DATABASE value: "vr_nextcloud" - name: MYSQL_USER value: "vr_nextcloud" - name: NEXTCLOUD_TRUSTED_DOMAINS value: "vr.drive.test.sunet.se" - - name: OBJECTSTORE_S3_HOST - value: "s3.sto4.safedc.net" + - name: NEXTCLOUD_VERSION_STRING + value: "25.0.3.3" - name: OBJECTSTORE_S3_BUCKET value: "primary-vr-drive-test.sunet.se" + - name: SITE_NAME + value: "vr.drive.test.sunet.se" resources: {} strategy: {} status: {}