richir test application

2025-02-03 15:13:46 +01:00
7 changed files with 185 additions and 97 deletions
--- a/applications/richir-test/application.yaml
+++ b/applications/richir-test/application.yaml
@ -0,0 +1,35 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: richir-test
  namespace: argocd
  labels:
    name: richir-test
 spec:
  project: default
  sources:
    - repoURL: 'https://platform.sunet.se/Drive/k8s-manifests'
      targetRevision: richir-improve-setup
      path: customers/overlays/richir/test/
  destination:
    server: https://kubernetes.default.svc
    namespace: richir
  syncPolicy:
    automated:
      prune: false
      selfHeal: true
      allowEmpty: false
    syncOptions: # maybe needs FIXME
      - Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ).
      - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
      - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan.
      - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
      - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration
      - ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application
    retry:
      limit: 5
      backoff:
        duration: 5s
        factor: 2
        maxDuration: 3m
  revisionHistoryLimit: 10
--- a/customers/base/nextcloud-configmap.yml
+++ b/customers/base/nextcloud-configmap.yml
@ -5,6 +5,29 @@ metadata:
 data:
  config.php: |
    <?php
      $dbhost = getenv('MYSQL_HOST') . ':' . getenv('MYSQL_PORT');
      $dbname = getenv('MYSQL_DATABASE');
      $dbpassword = getenv('MYSQL_PASSWORD');
      $dbport = getenv('MYSQL_PORT');
      $dbuser = getenv('MYSQL_USER');
      $instanceid = getenv('NEXTCLOUD_INSTANCEID');
      $lookup_server = getenv('LOOKUP_SERVER');
      $mail_domain = getenv('MAIL_DOMAIN');
      $mail_from_address = getenv('MAIL_FROM_ADDRESS');
      $mail_smtphost = getenv('MAIL_SMTPHOST');
      $mail_smtpname = getenv('MAIL_SMTPNAME');
      $mail_smtppassword = getenv('MAIL_SMTPPASSWORD');
      $s3_bucket = getenv('OBJECTSTORE_S3_BUCKET');
      $s3_hostname = getenv('OBJECTSTORE_S3_HOST');
      $s3_key = getenv('OBJECTSTORE_S3_KEY');
      $s3_region = getenv('OBJECTSTORE_S3_REGION');
      $s3_secret = getenv('OBJECTSTORE_S3_SECRET');
      $site_name = getenv('SITE_NAME');
      $passwordsalt = getenv('NEXTCLOUD_PASSWORDSALT');
      $secret = getenv('NEXTCLOUD_SECRET');
      $redis_host = getenv('REDIS_HOST');
      $trusted_domains = getenv('NEXTCLOUD_TRUSTED_DOMAINS');
      $version = getenv('NEXTCLOUD_VERSION_STRING');
    $CONFIG = array (
      'app_install_overwrite' =>
        array (
@ -29,37 +52,33 @@ data:
      'config_is_read_only' => true,
      'csrf.disabled' => true,
      'datadirectory' => '/var/www/html/data',
-      'dbhost' => '{{MYSQL_HOST}}:{{MYSQL_PORT}}',
+      'dbhost' => '$dbhost',
-      'dbname' => '{{MYSQL_DATABASE}}',
+      'dbname' => '$dbname',
-      'dbpassword' => '{{MYSQL_PASSWORD}}',
+      'dbpassword' => 'dbpassword',
-      'dbport' => '{{MYSQL_PORT}}',
+      'dbport' => '$dbport',
      'dbtableprefix' => 'oc_',
      'dbtype' => 'mysql',
-      'dbuser' => '{{MYSQL_USER}}',
+      'dbuser' => '$dbuser',
      'default_phone_region' => 'SE',
      'forcessl' => true,
      'gs.enabled' => 'true',
      'gs.federation' => 'global',
      'gs.trustedHosts' => ['*.sunet.se'],
      'gss.jwt.key' => '{{GSS_JWT_KEY}}',
      'gss.master.url' => '{{GSS_MASTER_URL}}',
      'gss.mode' => 'slave',
      'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping',
      'installed' => true,
-      'instanceid' => '{{NEXTCLOUD_INSTANCEID}}',
+      'instanceid' => '$instanceid',
      'integrity.check.disabled' => true,
      'log_type' => 'file',
      'loglevel' => 0,
-      'lookup_server' => '{{LOOKUP_SERVER}}',
+      'lookup_server' => '$lookup_server',
-      'mail_domain' => '{{MAIL_DOMAIN}}',
+      'mail_domain' => '$mail_domain',
-      'mail_from_address' => '{{MAIL_FROM_ADDRESS}}',
+      'mail_from_address' => '$mail_from_address',
      'mail_sendmailmode' => 'smtp',
      'mail_smtpauth' => 1,
      'mail_smtpauthtype' => 'LOGIN',
-      'mail_smtphost' => '{{MAIL_SMTPHOST}}',
+      'mail_smtphost' => '$mail_smtphost',
      'mail_smtpmode' => 'smtp',
-      'mail_smtpname' => '{{MAIL_SMTPNAME}}',
+      'mail_smtpname' => '$mail_smtpname ',
-      'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}',
+      'mail_smtppassword' => '$mail_smtppassword',
      'mail_smtpport' => '587',
      'mail_smtpsecure' => 'tls',
      'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate',
@ -73,33 +92,33 @@ data:
          'arguments' =>
            array (
              'autocreate' => false,
-              'bucket' => '{{OBJECTSTORE_S3_BUCKET}}',
+              'bucket' => '$s3_bucket',
-              'hostname' => '{{OBJECTSTORE_S3_HOST}}',
+              'hostname' => '$s3_hostname',
-              'key' => '{{OBJECTSTORE_S3_KEY}}',
+              'key' => '$s3_key',
              'legacy_auth' => false,
              'objectPrefix' => 'urn:oid:',
              'port' => '',
-              'region' => '{{OBJECTSTORE_S3_REGION}}',
+              'region' => '$s3_region',
-              'secret' => '{{OBJECTSTORE_S3_SECRET}}',
+              'secret' => '$s3_secret',
              'use_path_style' => true,
              'use_ssl' => true,
            ),
        ),
-      'overwrite.cli.url' => 'https://{{SITE_NAME}}',
+      'overwrite.cli.url' => 'https://$site_name',
-      'overwritehost' => '{{SITE_NAME}}',
+      'overwritehost' => '$site_name',
      'overwriteprotocol' => 'https',
-      'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}',
+      'passwordsalt' => '$passwordsalt',
-      'secret' => '{{NEXTCLOUD_SECRET}}',
+      'secret' => '$secret',
      'redis' =>
        array (
-          'host' => '{{REDIS_HOST}}',
+          'host' => '$redis_host',
          'port' => 6379,
        ),
      'skeletondirectory' => '',
      'templatedirectory' => '',
      'trusted_domains' =>
        array (
-          0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}'
+          0 => '$trusted_domains'
        ),
      'trusted_proxies' =>
        array (
@ -111,5 +130,5 @@ data:
          0 => 'admin',
        ),
      'updatechecker' => false,
-      'version' => '{{NEXTCLOUD_VERSION_STRING}}',
+      'version' => '$version',
    );
--- a/customers/base/nextcloud-deployment.yml
+++ b/customers/base/nextcloud-deployment.yml
@ -11,16 +11,6 @@ spec:
      app: customer-node
  updateStrategy:
    type: RollingUpdate
  volumeClaimTemplates:
    - metadata:
        name: nextcloud-data
      spec:
        storageClassName: csi-sc-cinderplugin
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
  template:
    metadata:
      labels:
@ -32,9 +22,9 @@ spec:
        - name: customer
          image: docker.sunet.se/drive/nextcloud-custom:30.0.5.2-1
          volumeMounts:
-            - name: nextcloud-data
+            - name: nextcloud-config
-              mountPath: /var/www/html/config/
+              mountPath: /config.php
-              subPath: config
+              subPath: config.php
            - name: apache-config
              mountPath: /etc/apache2/sites-enabled/000-default.conf
              subPath: 000-default.conf
@ -50,50 +40,7 @@ spec:
            - name: cli-php-config
              mountPath: /etc/php/8.0/cli/php.ini
              subPath: php.ini
          resources:
            limits:
              cpu: 2000m
              memory: 2048Mi
            requests:
              cpu: 1000m
              memory: 512Mi
          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 10
            periodSeconds: 60
          livenessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 20
            periodSeconds: 180
          ports:
            - containerPort: 80
              name: nextcloud-http
          command: ["/bin/bash"]
          args: ["-c", "apachectl -D FOREGROUND"]
          lifecycle:
            postStart:
              exec:
                command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"]
      initContainers:
        - image: docker.sunet.se/sunet/docker-jinja:latest
          name: init-config
          volumeMounts:
            - name: nextcloud-config
              mountPath: /tmp/config.php.template
              subPath: config.php
            - name: nextcloud-data
              mountPath: /var/www/html/config
              subPath: config
          env:
            - name: GSS_MASTER_URL
              value: "https://drive.test.sunet.se"
            - name: GSS_JWT_KEY
              valueFrom:
                secretKeyRef:
                  name: gss-secret
                  key: "jwt_key"
            - name: LOOKUP_SERVER
              value: "https://lookup.drive.test.sunet.se"
            - name: MAIL_DOMAIN
@ -174,7 +121,32 @@ spec:
              value: "redis"
            - name: SITE_NAME
              value: "customer.drive.test.sunet.se"
-          command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"]
+          resources:
            limits:
              cpu: 2000m
              memory: 2048Mi
            requests:
              cpu: 1000m
              memory: 512Mi
          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 10
            periodSeconds: 60
          livenessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 20
            periodSeconds: 180
          ports:
            - containerPort: 80
              name: nextcloud-http
          command: ["/bin/bash"]
          args: ["-c", "apachectl -D FOREGROUND"]
          lifecycle:
            postStart:
              exec:
                command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"]
      volumes:
        - name: script-config
          configMap:
--- a/customers/base/script-configmap.yml
+++ b/customers/base/script-configmap.yml
@ -5,15 +5,10 @@ metadata:
 data:
  nc-upgrade: |
    #!/bin/bash
-    sed "s/config_is_read_only\(.\) => true,/config_is_read_only\1 => false,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp
+    cp /config.php /var/www/html/config/config.php
-    mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php
+    chown www-data:root /var/www/html/config/config.php
-    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ app:disable globalsiteselector
+#    su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade"
-    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade
+#    su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair"
-    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ app:enable globalsiteselector
+#    su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys"
-    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair
+#    su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns"
-    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:mode --off
+#    su - www-data -s /bin/bash -c "php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices"
    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys
    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-columns
    php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-indices
    sed "s/config_is_read_only\(.\) => false,/config_is_read_only\1 => true,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp
    mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php
--- a/customers/overlays/richir/test/kustomization.yaml
+++ b/customers/overlays/richir/test/kustomization.yaml
@ -0,0 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ../../../base
 patches:
 - path: nextcloud-deployment.yml
 - path: nextcloud-ingress.yml
--- a/customers/overlays/richir/test/nextcloud-deployment.yml
+++ b/customers/overlays/richir/test/nextcloud-deployment.yml
@ -0,0 +1,34 @@
 kind: StatefulSet
 apiVersion: apps/v1
 metadata:
  name: customer-node
  labels:
    app: customer-node
 spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: customer-node
    spec:
      containers:
        - name: customer
          env:
            - name: MYSQL_DATABASE
              value: "nextcloud_richir"
            - name: MYSQL_USER
              value: "nextcloud_richir"
            - name: GSS_MASTER_URL
              value: "https://drive.test.sunet.se"
            - name: LOOKUP_SERVER
              value: "https://lookup.drive.test.sunet.se"
            - name: MAIL_DOMAIN
              value: "drive.test.sunet.se"
            - name: MAIL_SMTPNAME
              value: "noreply@drive.test.sunet.se"
            - name: NEXTCLOUD_TRUSTED_DOMAINS
              value: "richir.drive.test.sunet.se"
            - name: OBJECTSTORE_S3_BUCKET
              value: "primary-richir-drive-test.sunet.se"
            - name: SITE_NAME
              value: "richir.drive.test.sunet.se"
--- a/customers/overlays/richir/test/nextcloud-ingress.yml
+++ b/customers/overlays/richir/test/nextcloud-ingress.yml
@ -0,0 +1,26 @@
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: customer-ingress
  annotations:
    cert-manager.io/issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - richir.drive.test.sunet.se
      secretName: tls-secret
  ingressClassName: nginx
  rules:
  - host: richir.drive.test.sunet.se
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: customer-node
            port:
              number: 80