nexcloud helm
This commit is contained in:
parent
87c38bb9f3
commit
f9fd77c0b4
3 changed files with 467 additions and 0 deletions
15
applications/base/nextcloud-cert-issuer.yml
Normal file
15
applications/base/nextcloud-cert-issuer.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Issuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
email: drive@sunet.se
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt
|
||||||
|
solvers:
|
||||||
|
- http01:
|
||||||
|
ingress:
|
||||||
|
class: nginx
|
||||||
|
|
45
applications/richir-test/richir-test.yaml
Normal file
45
applications/richir-test/richir-test.yaml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: richir-test
|
||||||
|
namespace: argocd
|
||||||
|
labels:
|
||||||
|
name: richir-test
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
sources:
|
||||||
|
- repoURL: 'https://nextcloud.github.io/helm/'
|
||||||
|
chart: nextcloud
|
||||||
|
targetRevision: 6.5.1
|
||||||
|
helm:
|
||||||
|
valueFiles:
|
||||||
|
- $values/applications/richir-test/values.yaml
|
||||||
|
- repoURL: 'https://platform.sunet.se/Drive/k8s-manifests'
|
||||||
|
targetRevision: richir-nextcloud-helm
|
||||||
|
path: applications/base/
|
||||||
|
ref: values
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: richir
|
||||||
|
info:
|
||||||
|
- name: 'Example:'
|
||||||
|
value: 'https://example.com'
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: false
|
||||||
|
selfHeal: true
|
||||||
|
allowEmpty: false
|
||||||
|
syncOptions: # maybe needs FIXME
|
||||||
|
- Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ).
|
||||||
|
- CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
|
||||||
|
- PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan.
|
||||||
|
- PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
|
||||||
|
- RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration
|
||||||
|
- ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application
|
||||||
|
retry:
|
||||||
|
limit: 5
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m
|
||||||
|
revisionHistoryLimit: 10
|
407
applications/richir-test/values.yaml
Normal file
407
applications/richir-test/values.yaml
Normal file
|
@ -0,0 +1,407 @@
|
||||||
|
image:
|
||||||
|
repository: 'docker.sunet.se/drive/nextcloud-custom'
|
||||||
|
tag: '29.0.10.3-1'
|
||||||
|
pullPolicy: 'Always'
|
||||||
|
|
||||||
|
nameOverride: ""
|
||||||
|
fullnameOverride: ""
|
||||||
|
podAnnotations: {}
|
||||||
|
deploymentAnnotations: {}
|
||||||
|
deploymentLabels: {}
|
||||||
|
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
className: 'nginx'
|
||||||
|
annotations:
|
||||||
|
acme.cert-manager.io/http01-edit-in-place: 'true'
|
||||||
|
cert-manager.io/issuer: 'letsencrypt'
|
||||||
|
tls:
|
||||||
|
- secretName: 'tls-secret'
|
||||||
|
hosts:
|
||||||
|
- 'richir.drive.test.sunet.se'
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/instance: 'richir'
|
||||||
|
path: '/'
|
||||||
|
pathType: 'Prefix'
|
||||||
|
|
||||||
|
lifecycle: {}
|
||||||
|
# postStartCommand: []
|
||||||
|
# preStopCommand: []
|
||||||
|
|
||||||
|
phpClientHttpsFix:
|
||||||
|
enabled: false
|
||||||
|
protocol: 'https'
|
||||||
|
|
||||||
|
nextcloud:
|
||||||
|
host: 'richir.drive.test.sunet.se'
|
||||||
|
existingSecret:
|
||||||
|
enabled: true
|
||||||
|
secretName: 'nc-secret'
|
||||||
|
passwordKey: 'nc_admin_password'
|
||||||
|
usernameKey: 'nc_admin_user'
|
||||||
|
smtpHostKey: 'smtp_host'
|
||||||
|
smtpPasswordKey: 'smtp_password'
|
||||||
|
smtpUsernameKey: 'smtp_user'
|
||||||
|
update: 0
|
||||||
|
containerPort: 80
|
||||||
|
datadir: '/var/www/html/data'
|
||||||
|
persistence:
|
||||||
|
subPath:
|
||||||
|
trustedDomains:
|
||||||
|
- 'customer.drive.test.sunet.se'
|
||||||
|
mail:
|
||||||
|
enabled: true
|
||||||
|
fromAddress: 'noreply@drive.test.sunet.se'
|
||||||
|
domain: 'drive.test.sunet.se'
|
||||||
|
smtp:
|
||||||
|
secure: 'tls'
|
||||||
|
port: 587
|
||||||
|
authtype: 'LOGIN'
|
||||||
|
objectStore:
|
||||||
|
s3:
|
||||||
|
enabled: true
|
||||||
|
legacyAuth: false
|
||||||
|
ssl: true
|
||||||
|
port: 443
|
||||||
|
region: 'us-east-1'
|
||||||
|
prefix: 'urn:oid:'
|
||||||
|
usePathStyle: true
|
||||||
|
autoCreate: true
|
||||||
|
storageClass: 'STANDARD'
|
||||||
|
existingSecret: 's3-secret'
|
||||||
|
secretKeys:
|
||||||
|
bucket: 's3_bucket'
|
||||||
|
accessKey: 's3_key'
|
||||||
|
host: 's3_host'
|
||||||
|
secretKey: 's3_secret'
|
||||||
|
|
||||||
|
## PHP Configuration files
|
||||||
|
# Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
|
||||||
|
phpConfigs: {} #FIXME?
|
||||||
|
## Default config files that utilize environment variables:
|
||||||
|
# see: https://github.com/nextcloud/docker/tree/master#auto-configuration-via-environment-variables
|
||||||
|
# IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
|
||||||
|
# Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/.config
|
||||||
|
defaultConfigs:
|
||||||
|
# To protect /var/www/html/config
|
||||||
|
.htaccess: true
|
||||||
|
# Apache configuration for rewrite urls
|
||||||
|
apache-pretty-urls.config.php: false
|
||||||
|
# Define APCu as local cache
|
||||||
|
apcu.config.php: false
|
||||||
|
# Apps directory configs
|
||||||
|
apps.config.php: false
|
||||||
|
# Used for auto configure database
|
||||||
|
autoconfig.php: false
|
||||||
|
# Redis default configuration
|
||||||
|
redis.config.php: true
|
||||||
|
# Reverse proxy default configuration
|
||||||
|
reverse-proxy.config.php: false
|
||||||
|
# S3 Object Storage as primary storage
|
||||||
|
s3.config.php: true
|
||||||
|
# SMTP default configuration via environment variables
|
||||||
|
smtp.config.php: true
|
||||||
|
# Swift Object Storage as primary storage
|
||||||
|
swift.config.php: false
|
||||||
|
# disables the web based updater as the default nextcloud docker image does not support it
|
||||||
|
upgrade-disable-web.config.php: true
|
||||||
|
|
||||||
|
# Extra config files created in /var/www/html/config/
|
||||||
|
# ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
|
||||||
|
configs: {} #FIXME?
|
||||||
|
# For example, to enable image and text file previews:
|
||||||
|
# previews.config.php: |-
|
||||||
|
# <?php
|
||||||
|
# $CONFIG = array (
|
||||||
|
# 'enable_previews' => true,
|
||||||
|
# 'enabledPreviewProviders' => array (
|
||||||
|
# 'OC\Preview\Movie',
|
||||||
|
# 'OC\Preview\PNG',
|
||||||
|
# 'OC\Preview\JPEG',
|
||||||
|
# 'OC\Preview\GIF',
|
||||||
|
# 'OC\Preview\BMP',
|
||||||
|
# 'OC\Preview\XBitmap',
|
||||||
|
# 'OC\Preview\MP3',
|
||||||
|
# 'OC\Preview\MP4',
|
||||||
|
# 'OC\Preview\TXT',
|
||||||
|
# 'OC\Preview\MarkDown',
|
||||||
|
# 'OC\Preview\PDF'
|
||||||
|
# ),
|
||||||
|
# );
|
||||||
|
|
||||||
|
# Hooks for auto configuration
|
||||||
|
# Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d/<hook-name>/helm.sh`
|
||||||
|
# ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders
|
||||||
|
hooks:
|
||||||
|
pre-installation:
|
||||||
|
post-installation:
|
||||||
|
pre-upgrade:
|
||||||
|
post-upgrade:
|
||||||
|
before-starting:
|
||||||
|
|
||||||
|
## Strategy used to replace old pods
|
||||||
|
## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
# type: RollingUpdate
|
||||||
|
# rollingUpdate:
|
||||||
|
# maxSurge: 1
|
||||||
|
# maxUnavailable: 0
|
||||||
|
|
||||||
|
##
|
||||||
|
## Extra environment variables
|
||||||
|
extraEnv:
|
||||||
|
# - name: SOME_SECRET_ENV
|
||||||
|
# valueFrom:
|
||||||
|
# secretKeyRef:
|
||||||
|
# name: nextcloud
|
||||||
|
# key: secret_key
|
||||||
|
|
||||||
|
# Extra init containers that runs before pods start.
|
||||||
|
extraInitContainers: []
|
||||||
|
# - name: do-something
|
||||||
|
# image: busybox
|
||||||
|
# command: ['do', 'something']
|
||||||
|
|
||||||
|
# Extra sidecar containers.
|
||||||
|
extraSidecarContainers: []
|
||||||
|
# - name: nextcloud-logger
|
||||||
|
# image: busybox
|
||||||
|
# command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log']
|
||||||
|
# volumeMounts:
|
||||||
|
# - name: nextcloud-data
|
||||||
|
# mountPath: /run/nextcloud/data
|
||||||
|
|
||||||
|
# Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
|
||||||
|
# to NextCloud pods in Kubernetes. This can then be configured in External Storage
|
||||||
|
extraVolumes:
|
||||||
|
# - name: nfs
|
||||||
|
# nfs:
|
||||||
|
# server: "10.0.0.1"
|
||||||
|
# path: "/nextcloud_data"
|
||||||
|
# readOnly: false
|
||||||
|
extraVolumeMounts:
|
||||||
|
# - name: nfs
|
||||||
|
# mountPath: "/legacy_data"
|
||||||
|
|
||||||
|
# Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container).
|
||||||
|
# For example, you may need to define runAsNonRoot directive
|
||||||
|
securityContext: {}
|
||||||
|
# runAsUser: 33
|
||||||
|
# runAsGroup: 33
|
||||||
|
# runAsNonRoot: true
|
||||||
|
# readOnlyRootFilesystem: false
|
||||||
|
|
||||||
|
# Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive
|
||||||
|
podSecurityContext: {}
|
||||||
|
# runAsUser: 33
|
||||||
|
# runAsGroup: 33
|
||||||
|
# runAsNonRoot: true
|
||||||
|
# readOnlyRootFilesystem: false
|
||||||
|
|
||||||
|
# Settings for the MariaDB init container
|
||||||
|
mariaDbInitContainer:
|
||||||
|
resources: {}
|
||||||
|
# Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive
|
||||||
|
securityContext: {}
|
||||||
|
|
||||||
|
# Settings for the PostgreSQL init container
|
||||||
|
postgreSqlInitContainer:
|
||||||
|
resources: {}
|
||||||
|
# Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive
|
||||||
|
securityContext: {}
|
||||||
|
|
||||||
|
internalDatabase:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
externalDatabase:
|
||||||
|
enabled: true
|
||||||
|
type: 'mysql'
|
||||||
|
host: 'proxysqlcluster.proxysql:6033'
|
||||||
|
database: 'nextcloud_richir'
|
||||||
|
existingSecret:
|
||||||
|
enabled: true
|
||||||
|
secretName: 'db-secret'
|
||||||
|
passwordKey: 'db_password'
|
||||||
|
usernameKey: 'db_username'
|
||||||
|
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
auth:
|
||||||
|
enabled: false
|
||||||
|
global:
|
||||||
|
storageClass: ""
|
||||||
|
master:
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
replica:
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
## Cronjob to execute Nextcloud background tasks
|
||||||
|
## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
|
||||||
|
##
|
||||||
|
cronjob:
|
||||||
|
enabled: 'disabled'
|
||||||
|
|
||||||
|
## Cronjob sidecar resource requests and limits
|
||||||
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||||
|
##
|
||||||
|
resources: {}
|
||||||
|
|
||||||
|
# Allow configuration of lifecycle hooks
|
||||||
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
|
||||||
|
lifecycle:
|
||||||
|
postStartCommand: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"]
|
||||||
|
# preStopCommand: []
|
||||||
|
# Set securityContext parameters. For example, you may need to define runAsNonRoot directive
|
||||||
|
securityContext: {}
|
||||||
|
# runAsUser: 33
|
||||||
|
# runAsGroup: 33
|
||||||
|
# runAsNonRoot: true
|
||||||
|
# readOnlyRootFilesystem: true
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: 'ClusterIP'
|
||||||
|
port: 8080
|
||||||
|
loadBalancerIP: ""
|
||||||
|
nodePort:
|
||||||
|
# -- use additional annotation on service for nextcloud
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
#persistence:
|
||||||
|
# enabled: true
|
||||||
|
# storageClass: 'csi-sc-cinderplugin'
|
||||||
|
# accessMode: 'ReadWriteOnce'
|
||||||
|
# size: '1Gi'
|
||||||
|
# nextcloudData:
|
||||||
|
# enabled: false
|
||||||
|
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: '2'
|
||||||
|
memory: '2Gi'
|
||||||
|
requests:
|
||||||
|
cpu: '1'
|
||||||
|
memory: '512Mi'
|
||||||
|
|
||||||
|
readinessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 80
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 60
|
||||||
|
livenessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 80
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
periodSeconds: 180
|
||||||
|
|
||||||
|
## Prometheus Exporter / Metrics
|
||||||
|
##
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
replicaCount: 1
|
||||||
|
# Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container.
|
||||||
|
# Without it, we will use the full name of the nextcloud service
|
||||||
|
server: ""
|
||||||
|
# The metrics exporter needs to know how you serve Nextcloud either http or https
|
||||||
|
https: false
|
||||||
|
# Use API token if set, otherwise fall back to password authentication
|
||||||
|
# https://github.com/xperimental/nextcloud-exporter#token-authentication
|
||||||
|
# Currently you still need to set the token manually in your nextcloud install
|
||||||
|
token: ""
|
||||||
|
timeout: 5s
|
||||||
|
# if set to true, exporter skips certificate verification of Nextcloud server.
|
||||||
|
tlsSkipVerify: false
|
||||||
|
info:
|
||||||
|
# Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container.
|
||||||
|
# Enables gathering of apps-related metrics. Defaults to false
|
||||||
|
apps: false
|
||||||
|
|
||||||
|
image:
|
||||||
|
repository: xperimental/nextcloud-exporter
|
||||||
|
tag: 0.6.2
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
# pullSecrets:
|
||||||
|
# - myRegistrKeySecretName
|
||||||
|
|
||||||
|
## Metrics exporter resource requests and limits
|
||||||
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||||
|
##
|
||||||
|
resources: {}
|
||||||
|
|
||||||
|
# -- Metrics exporter pod Annotation
|
||||||
|
podAnnotations: {}
|
||||||
|
|
||||||
|
# -- Metrics exporter pod Labels
|
||||||
|
podLabels: {}
|
||||||
|
|
||||||
|
# -- Metrics exporter pod nodeSelector
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
# -- Metrics exporter pod tolerations
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
# -- Metrics exporter pod affinity
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: ClusterIP
|
||||||
|
# Use serviceLoadBalancerIP to request a specific static IP,
|
||||||
|
# otherwise leave blank
|
||||||
|
loadBalancerIP:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/scrape: "true"
|
||||||
|
prometheus.io/port: "9205"
|
||||||
|
labels: {}
|
||||||
|
|
||||||
|
# -- security context for the metrics CONTAINER in the pod
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
# allowPrivilegeEscalation: false
|
||||||
|
# capabilities:
|
||||||
|
# drop:
|
||||||
|
# - ALL
|
||||||
|
|
||||||
|
# -- security context for the metrics POD
|
||||||
|
podSecurityContext: {}
|
||||||
|
# runAsNonRoot: true
|
||||||
|
# seccompProfile:
|
||||||
|
# type: RuntimeDefault
|
||||||
|
|
||||||
|
## Prometheus Operator ServiceMonitor configuration
|
||||||
|
##
|
||||||
|
serviceMonitor:
|
||||||
|
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
|
||||||
|
##
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
||||||
|
##
|
||||||
|
namespace: ""
|
||||||
|
|
||||||
|
## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace)
|
||||||
|
namespaceSelector:
|
||||||
|
|
||||||
|
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
|
||||||
|
##
|
||||||
|
jobLabel: ""
|
||||||
|
|
||||||
|
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
|
||||||
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
||||||
|
##
|
||||||
|
interval: 30s
|
||||||
|
|
||||||
|
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
|
||||||
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
||||||
|
##
|
||||||
|
scrapeTimeout: ""
|
||||||
|
|
||||||
|
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
|
||||||
|
##
|
||||||
|
labels: {}
|
Loading…
Add table
Reference in a new issue