testing just using an emptyDir for rendered config

applications/richir-test/application.yaml

@@ -0,0 +1,35 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: richir-test
+  namespace: argocd
+  labels:
+    name: richir-test
+spec:
+  project: default
+  sources:
+    - repoURL: 'https://platform.sunet.se/Drive/k8s-manifests'
+      targetRevision: richir-more-labb
+      path: customers/overlays/richir/test/
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: richir
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+      allowEmpty: false
+    syncOptions: # maybe needs FIXME
+      - Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ).
+      - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
+      - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan.
+      - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
+      - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration
+      - ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+  revisionHistoryLimit: 10

customers/base/apache-configmap.yml

@@ -10,9 +10,12 @@ data:
             ServerAdmin webmaster@localhost
             DocumentRoot /var/www/html
             # Log format config
-            LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
+            LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor
             SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
 
+            PassEnv HOSTNAME
+            Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure"
+
             # Header config
             RemoteIPHeader X-Forwarded-For
             RemoteIPInternalProxy 37.156.195.14
@@ -21,10 +24,8 @@ data:
             RemoteIPInternalProxy 37.156.195.92
             #ErrorDocument 404 /404.html
             ErrorLog ${APACHE_LOG_DIR}/error.log
-            CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded
-
-            ErrorLog ${APACHE_LOG_DIR}/error.log
-            CustomLog ${APACHE_LOG_DIR}/access.log combined
+            CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded
+            CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
             <Directory /var/www/html/>
                     LimitRequestBody 0
                     Require all granted
@@ -40,9 +41,12 @@ data:
             ServerAdmin webmaster@localhost
             DocumentRoot /var/www/html
             # Log format config
-            LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
+            LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor
             SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
 
+            PassEnv HOSTNAME
+            Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure"
+
             # Header config
             RemoteIPHeader X-Forwarded-For
             RemoteIPInternalProxy 37.156.195.14
@@ -51,7 +55,8 @@ data:
             RemoteIPInternalProxy 37.156.195.92
             #ErrorDocument 404 /404.html
             ErrorLog ${APACHE_LOG_DIR}/error.log
-            CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded
+            CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded
+            CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
             SSLEngine On
             SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
             SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

customers/base/nextcloud-deployment.yml

@@ -11,16 +11,6 @@ spec:
       app: customer-node
   updateStrategy:
     type: RollingUpdate
-  volumeClaimTemplates:
-    - metadata:
-        name: nextcloud-data
-      spec:
-        storageClassName: csi-sc-cinderplugin
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 1Gi
   template:
     metadata:
       labels:
@@ -213,3 +203,5 @@ spec:
             items:
               - key: "config.php"
                 path: "config.php"
+        - name: nextcloud-data
+          emptyDir: {}

customers/base/nextcloud-ingress.yml

@@ -6,6 +6,11 @@ metadata:
   annotations:
     cert-manager.io/issuer: "letsencrypt"
     acme.cert-manager.io/http01-edit-in-place: "true"
+    nginx.ingress.kubernetes.io/affinity-mode: "persistent"
+    nginx.ingress.kubernetes.io/affinity: "cookie"
+    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
+    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
+    nginx.ingress.kubernetes.io/session-cookie-name: "sticky"
 spec:
   ingressClassName: nginx
   defaultBackend:
@@ -15,16 +20,15 @@ spec:
         number: 8443
   tls:
     - hosts:
-        - customer.drive.test.sunet.se 
+        - customer.drive.test.sunet.se
       secretName: tls-secret
-  
   rules:
   - host: customer.drive.test.sunet.se
     http:
       paths:
       - path: /
         pathType: Prefix
-        backend: 
+        backend:
           service:
             name: customer-node
             port:

customers/overlays/richir/test/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../../base
+patches:
+- path: nextcloud-deployment.yml
+- path: nextcloud-ingress.yml

customers/overlays/richir/test/nextcloud-deployment.yml

@@ -0,0 +1,37 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: customer-node
+  labels:
+    app: customer-node
+spec:
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: customer-node
+    spec:
+      containers:
+        - name: customer
+          image: docker.sunet.se/drive/nextcloud-custom:30.0.5.2-2
+      initContainers:
+        - name: init-config
+          env:
+            - name: MYSQL_DATABASE
+              value: "nextcloud_richir"
+            - name: MYSQL_USER
+              value: "nextcloud_richir"
+            - name: GSS_MASTER_URL
+              value: "https://drive.test.sunet.se"
+            - name: LOOKUP_SERVER
+              value: "https://lookup.drive.test.sunet.se"
+            - name: MAIL_DOMAIN
+              value: "drive.test.sunet.se"
+            - name: MAIL_SMTPNAME
+              value: "noreply@drive.test.sunet.se"
+            - name: NEXTCLOUD_TRUSTED_DOMAINS
+              value: "richir.drive.test.sunet.se"
+            - name: OBJECTSTORE_S3_BUCKET
+              value: "primary-richir-drive-test.sunet.se"
+            - name: SITE_NAME
+              value: "richir.drive.test.sunet.se"

customers/overlays/richir/test/nextcloud-ingress.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: customer-ingress
+  annotations:
+    cert-manager.io/issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - richir.drive.test.sunet.se
+      secretName: tls-secret
+  ingressClassName: nginx
+  rules:
+  - host: richir.drive.test.sunet.se
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: customer-node
+            port:
+              number: 80