diff --git a/nextcloud/helmrelease-nextcloud.yaml b/nextcloud/helmrelease-nextcloud.yaml index 8cd28d9..2256531 100644 --- a/nextcloud/helmrelease-nextcloud.yaml +++ b/nextcloud/helmrelease-nextcloud.yaml @@ -16,30 +16,6 @@ spec: timeout: 5m releaseName: nextcloud values: - ## Official nextcloud image version - ## ref: https://hub.docker.com/r/library/nextcloud/tags/ - ## - image: - repository: nextcloud - flavor: apache - # default is generated by flavor and appVersion - tag: - pullPolicy: IfNotPresent - # pullSecrets: - # - myRegistrKeySecretName - - nameOverride: "" - fullnameOverride: "" - podAnnotations: {} - deploymentAnnotations: {} - deploymentLabels: {} - - # Number of replicas to be deployed - replicaCount: 1 - - ## Allowing use of ingress controllers - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ - ## ingress: enabled: true className: traefik @@ -54,502 +30,20 @@ spec: path: / pathType: Prefix - - # Allow configuration of lifecycle hooks - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ - lifecycle: {} - # postStartCommand: [] - # preStopCommand: [] - - phpClientHttpsFix: - enabled: false - protocol: https - nextcloud: host: nextcloud.michaelthomson.dev username: admin password: admin - ## Use an existing secret - existingSecret: - enabled: false - # secretName: nameofsecret - usernameKey: nextcloud-username - passwordKey: nextcloud-password - tokenKey: nextcloud-token - smtpUsernameKey: smtp-username - smtpPasswordKey: smtp-password - smtpHostKey: smtp-host - update: 0 - # If web server is not binding default port, you can define it - containerPort: 80 datadir: /data - persistence: - subPath: - mail: - enabled: false - fromAddress: user - domain: domain.com - smtp: - host: domain.com - secure: ssl - port: 465 - authtype: LOGIN - name: user - password: pass - # PHP Configuration files - # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true - phpConfigs: {} - # Default config files - # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself - # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config - defaultConfigs: - # To protect /var/www/html/config - .htaccess: true - # Redis default configuration - redis.config.php: true - # Apache configuration for rewrite urls - apache-pretty-urls.config.php: true - # Define APCu as local cache - apcu.config.php: true - # Apps directory configs - apps.config.php: true - # Used for auto configure database - autoconfig.php: true - # SMTP default configuration - smtp.config.php: true - # Extra config files created in /var/www/html/config/ - # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file - configs: {} - # For example, to use S3 as primary storage - # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3 - # - # configs: - # s3.config.php: |- - # array( - # 'class' => '\\OC\\Files\\ObjectStore\\S3', - # 'arguments' => array( - # 'bucket' => 'my-bucket', - # 'autocreate' => true, - # 'key' => 'xxx', - # 'secret' => 'xxx', - # 'region' => 'us-east-1', - # 'use_ssl' => true - # ) - # ) - # ); - - # Hooks for auto configuration - # Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d//helm.sh` - # ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders - hooks: - pre-installation: - post-installation: - pre-upgrade: - post-upgrade: - before-starting: - - ## Strategy used to replace old pods - ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - strategy: - type: Recreate - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 1 - # maxUnavailable: 0 - - ## - ## Extra environment variables - extraEnv: - # - name: SOME_SECRET_ENV - # valueFrom: - # secretKeyRef: - # name: nextcloud - # key: secret_key - - # Extra init containers that runs before pods start. - extraInitContainers: [] - # - name: do-something - # image: busybox - # command: ['do', 'something'] - - # Extra sidecar containers. - extraSidecarContainers: [] - # - name: nextcloud-logger - # image: busybox - # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log'] - # volumeMounts: - # - name: nextcloud-data - # mountPath: /run/nextcloud/data - - # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume - # to NextCloud pods in Kubernetes. This can then be configured in External Storage - extraVolumes: - # - name: nfs - # nfs: - # server: "10.0.0.1" - # path: "/nextcloud_data" - # readOnly: false - extraVolumeMounts: - # - name: nfs - # mountPath: "/legacy_data" - - # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container). - # For example, you may need to define runAsNonRoot directive - securityContext: - runAsUser: 33 - runAsGroup: 33 - runAsNonRoot: false - readOnlyRootFilesystem: false - - # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive - podSecurityContext: - runAsUser: 33 - runAsGroup: 33 - runAsNonRoot: false - readOnlyRootFilesystem: false - - nginx: - ## You need to set an fpm version of the image for nextcloud if you want to use nginx! - enabled: false - image: - repository: nginx - tag: alpine - pullPolicy: IfNotPresent - containerPort: 80 - - config: - # This generates the default nginx config as per the nextcloud documentation - default: true - # custom: |- - # worker_processes 1;.. - - resources: {} - - # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive - securityContext: {} - # the nginx alpine container default user is 82 - # runAsUser: 82 - # runAsGroup: 33 - # runAsNonRoot: true - # readOnlyRootFilesystem: true - - internalDatabase: - enabled: true - name: nextcloud - - ## - ## External database configuration - ## - externalDatabase: - enabled: false - - ## Supported database engines: mysql or postgresql - type: mysql - - ## Database host - host: - - ## Database user - user: nextcloud - - ## Database password - password: "" - - ## Database name - database: nextcloud - - ## Use a existing secret - existingSecret: - enabled: false - # secretName: nameofsecret - usernameKey: db-username - passwordKey: db-password - # hostKey: db-hostname-or-ip - # databaseKey: db-name - - ## - ## MariaDB chart configuration - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb - ## - mariadb: - ## Whether to deploy a mariadb server from the bitnami mariab db helm chart - # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true - # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters - enabled: false - - auth: - database: nextcloud - username: nextcloud - password: changeme - # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored). - # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password - existingSecret: "" - - architecture: standalone - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - primary: - persistence: - enabled: false - # Use an existing Persistent Volume Claim (must be created ahead of time) - # existingClaim: "" - # storageClass: "" - accessMode: ReadWriteOnce - size: 8Gi - - ## - ## PostgreSQL chart configuration - ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql - ## - postgresql: - enabled: false - global: - postgresql: - # global.postgresql.auth overrides postgresql.auth - auth: - username: nextcloud - password: changeme - database: nextcloud - # Name of existing secret to use for PostgreSQL credentials. - # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret. - # secret might also contains the key ldap-password if LDAP is enabled. - # ldap.bind_password will be ignored and picked from this secret in this case. - existingSecret: "" - # Names of keys in existing secret to use for PostgreSQL credentials - secretKeys: - adminPasswordKey: "" - userPasswordKey: "" - replicationPasswordKey: "" - primary: - persistence: - enabled: false - # Use an existing Persistent Volume Claim (must be created ahead of time) - # existingClaim: "" - # storageClass: "" - - ## - ## Redis chart configuration - ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis - ## - - redis: - enabled: false - auth: - enabled: true - password: 'changeme' - # name of an existing secret with RedisĀ® credentials (instead of auth.password), must be created ahead of time - existingSecret: "" - # Password key to be retrieved from existing secret - existingSecretPasswordKey: "" - - - ## Cronjob to execute Nextcloud background tasks - ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron - ## - cronjob: - enabled: false - - ## Cronjob sidecar resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - - # Allow configuration of lifecycle hooks - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ - lifecycle: {} - # postStartCommand: [] - # preStopCommand: [] - # Set securityContext parameters. For example, you may need to define runAsNonRoot directive - securityContext: {} - # runAsUser: 33 - # runAsGroup: 33 - # runAsNonRoot: true - # readOnlyRootFilesystem: true - - service: - type: ClusterIP - port: 8080 - loadBalancerIP: "" - nodePort: nil - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## persistence: - # Nextcloud Data (/var/www/html) enabled: true - annotations: {} - ## nextcloud data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: nfs-client - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - + storageClass: longhorn accessMode: ReadWriteOnce - size: 1Ti + size: 8Gi - ## Use an additional pvc for the data directory rather than a subpath of the default PVC - ## Useful to store data on a different storageClass (e.g. on slower disks) nextcloudData: - enabled: false - subPath: - annotations: {} + enabled: true storageClass: nfs-client - # existingClaim: accessMode: ReadWriteOnce - size: 1Ti - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: false - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 10 - successThreshold: 1 - readinessProbe: - enabled: false - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 10 - successThreshold: 1 - startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 30 - successThreshold: 1 - - - ## Enable pod autoscaling using HorizontalPodAutoscaler - ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ - ## - hpa: - enabled: false - cputhreshold: 60 - minPods: 1 - maxPods: 10 - - nodeSelector: {} - - tolerations: [] - - affinity: {} - - - ## Prometheus Exporter / Metrics - ## - metrics: - enabled: false - - replicaCount: 1 - # The metrics exporter needs to know how you serve Nextcloud either http or https - https: false - # Use API token if set, otherwise fall back to password authentication - # https://github.com/xperimental/nextcloud-exporter#token-authentication - # Currently you still need to set the token manually in your nextcloud install - token: "" - timeout: 5s - # if set to true, exporter skips certificate verification of Nextcloud server. - tlsSkipVerify: false - - image: - repository: xperimental/nextcloud-exporter - tag: 0.6.2 - pullPolicy: IfNotPresent - # pullSecrets: - # - myRegistrKeySecretName - - ## Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - # resources: {} - - ## Metrics exporter pod Annotation and Labels - # podAnnotations: {} - - # podLabels: {} - - service: - type: ClusterIP - ## Use serviceLoadBalancerIP to request a specific static IP, - ## otherwise leave blank - # loadBalancerIP: - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9205" - labels: {} - - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - - ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace) - namespaceSelector: - - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: 30s - - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - scrapeTimeout: "" - - ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor - ## - labels: {} - - - rbac: - enabled: false - serviceaccount: - create: true - name: nextcloud-serviceaccount - annotations: {} - - - ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead - securityContext: {} + size: 14Ti