Micke
5763665c72
committer Micke Nordin <kano@sunet.se> 1680110378 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEIpL7dwHsMfazpY3ODaCnpXCP4lcFAmQkcyoACgkQDaCnpXCP 4ld8Rg/7BSPA3rrDV9JbfQYtuE1/wpMy+hfYC/jIiD3VpwPKZ27r8/LzIsrquL6o nOfQT5cj/Jm2WrZoS+6pRlmWxzbBN6Oc6XJMxrUu+JVHSyCYNSFU+j074/4B3mNW +YDw2415/sEBJbhBcCmNOfWVZuOq1+AsfBkZ1vhUT0GzKahGIBMzgK8P+5IBsXCp 7t/N5EmvFy6mzubkT8LN9ZQ0WMd2OxBeBDPUcrwlrT6kxA/1JQfaZ4PWtSb7QD0G IQAeUAy3p9JxXRQyWmunEYrxp0maO6EPyp6O656C75JKn7lOhMGMR2S5FT3jPK5d KrbewbCsRiq3O94STxytBdDjT/Ez2vk0/tj7cW5r0hb2Pd1cVgHlcRP53r8dzSn9 RIRycGKB49k2MYByNGJN3oM9KYB2vpIhqmy9vyFn3HinhD8nyj0VDAo0LWDCKnbh dt7jTKAsr1y9bXPK+3YM/2QiCdPMDz1xYd1BhbFgQ5B5Eb8iB0iQn9UHPe884wNN Zs+yPAGRyPrAVvCnopV2IZJpGI7oKjnmcgBanbTJK+UKkfmb0a4S/fbCezjhT6Qc 105jvtmZgj44aSqtBSkXvV9UoCtjePEBifhcQznzpi8eudbo1Hhg5UjO5rwwhl2P lUQgs75Rsfd549YBV/Rq1szlVODTsMhU2oDr83t8Vf/TF9GdhEg= =Hnvm -----END PGP SIGNATURE----- Nextcloud in K8s: MVP This is the minumum needed to run a multinode customer in kubernetes. Each customer will run in their own namespace with a nextcloud container and a redis container. There is a proxysql cluster running in its own namespace, used by all customer. This is a monorepo that uses kustomize to allow using this repo for both prod and test (and other things we can think of in the future).
181 lines
5.7 KiB
YAML
181 lines
5.7 KiB
YAML
kind: StatefulSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: customer-node
|
|
labels:
|
|
app: customer-node
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: customer-node
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: nextcloud-data
|
|
spec:
|
|
storageClassName: mayastor-3
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: customer-node
|
|
spec:
|
|
restartPolicy: Always
|
|
containers:
|
|
- name: customer
|
|
image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4
|
|
volumeMounts:
|
|
- name: nextcloud-data
|
|
mountPath: /var/www/html/config
|
|
subPath: config
|
|
- name: default-config
|
|
mountPath: /etc/apache2/sites-enabled/000-default.conf
|
|
subPath: 000-default.conf
|
|
- name: hugepage
|
|
mountPath: /dev/hugepages
|
|
resources:
|
|
limits:
|
|
cpu: 1500m
|
|
hugepages-2Mi: 2048Mi
|
|
memory: 2048Mi
|
|
requests:
|
|
cpu: 500m
|
|
hugepages-2Mi: 2048Mi
|
|
memory: 256Mi
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 80
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 60
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 80
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 180
|
|
ports:
|
|
- containerPort: 80
|
|
name: nextcloud-http
|
|
command: ["/bin/bash"]
|
|
args: ["-c", "apachectl -D FOREGROUND"]
|
|
initContainers:
|
|
- image: docker.sunet.se/sunet/docker-jinja:latest
|
|
name: init-config
|
|
volumeMounts:
|
|
- name: nextcloud-config-template
|
|
mountPath: /tmp/config.php.template
|
|
subPath: config.php
|
|
- name: nextcloud-data
|
|
mountPath: /var/www/html/config
|
|
subPath: config
|
|
env:
|
|
- name: GSS_MASTER_URL
|
|
value: "https://drive.test.sunet.se"
|
|
- name: GSS_JWT_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gss-secret
|
|
key: "jwt_key"
|
|
- name: LOOKUP_SERVER
|
|
value: "https://lookup.drive.test.sunet.se"
|
|
- name: MAIL_DOMAIN
|
|
value: "drive.test.sunet.se"
|
|
- name: MAIL_FROM_ADDRESS
|
|
value: "noreply"
|
|
- name: MAIL_SMTPHOST
|
|
value: "smtp.sunet.se"
|
|
- name: MAIL_SMTPNAME
|
|
value: "noreply@drive.test.sunet.se"
|
|
- name: MAIL_SMTPPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mail-secret
|
|
key: "smtp_password"
|
|
- name: MYSQL_DATABASE
|
|
value: "nextcloud_customer"
|
|
- name: MYSQL_USER
|
|
value: "nextcloud_customer"
|
|
- name: MYSQL_HOST
|
|
value: "proxysqlcluster.proxysql"
|
|
- name: MYSQL_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: db-secret
|
|
key: "db_password"
|
|
- name: MYSQL_PORT
|
|
value: "6033"
|
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
|
value: "customer.drive.test.sunet.se"
|
|
- name: NEXTCLOUD_ADMIN_USER
|
|
value: admin
|
|
- name: NEXTCLOUD_VERSION_STRING
|
|
value: "25.0.3.3"
|
|
- name: NEXTCLOUD_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nc-secret
|
|
key: "nc_admin_password"
|
|
- name: NEXTCLOUD_PASSWORDSALT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nc-secret
|
|
key: "nc_passwordsalt"
|
|
- name: NEXTCLOUD_INSTANCEID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nc-secret
|
|
key: "nc_instanceid"
|
|
- name: NEXTCLOUD_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nc-secret
|
|
key: "nc_secret"
|
|
- name: OBJECTSTORE_S3_REGION
|
|
value: "us-east-1"
|
|
- name: OBJECTSTORE_S3_HOST
|
|
value: "s3.sto4.safedc.net"
|
|
- name: OBJECTSTORE_S3_BUCKET
|
|
value: "primary-customer-drive-test.sunet.se"
|
|
- name: OBJECTSTORE_S3_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: s3-secret
|
|
key: "s3_key"
|
|
- name: OBJECTSTORE_S3_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: s3-secret
|
|
key: "s3_secret"
|
|
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
|
value: "true"
|
|
- name: OBJECTSTORE_S3_AUTOCREATE
|
|
value: "true"
|
|
- name: OBJECTSTORE_S3_SSL
|
|
value: "true"
|
|
- name: REDIS_HOST
|
|
value: "redis"
|
|
- name: SITE_NAME
|
|
value: "customer.drive.test.sunet.se"
|
|
command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"]
|
|
volumes:
|
|
- name: nextcloud-config-template
|
|
configMap:
|
|
name: nextcloud-configmap
|
|
items:
|
|
- key: "config.php"
|
|
path: "config.php"
|
|
- name: default-config
|
|
configMap:
|
|
name: nextcloud-configmap
|
|
items:
|
|
- key: "000-default.conf"
|
|
path: "000-default.conf"
|
|
- name: hugepage
|
|
emptyDir:
|
|
medium: HugePages
|