diff --git a/bootstrap/helmrepositories/helmrepository-nextcloud.yaml b/bootstrap/helmrepositories/helmrepository-nextcloud.yaml new file mode 100644 index 0000000..97a5b28 --- /dev/null +++ b/bootstrap/helmrepositories/helmrepository-nextcloud.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: nextcloud + namespace: flux-system +spec: + interval: 15m + url: https://nextcloud.github.io/helm/ diff --git a/bootstrap/kustomizations/kustomization-nextcloud.yaml b/bootstrap/kustomizations/kustomization-nextcloud.yaml new file mode 100644 index 0000000..2a044fd --- /dev/null +++ b/bootstrap/kustomizations/kustomization-nextcloud.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: nextcloud + namespace: flux-system +spec: + interval: 15m + path: ./nextcloud + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: nextcloud + namespace: nextcloud diff --git a/bootstrap/namespaces/namespace-nextcloud.yaml b/bootstrap/namespaces/namespace-nextcloud.yaml new file mode 100644 index 0000000..e8c2e8f --- /dev/null +++ b/bootstrap/namespaces/namespace-nextcloud.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nextcloud diff --git a/nextcloud/helmrelease-nextcloud.yaml b/nextcloud/helmrelease-nextcloud.yaml new file mode 100644 index 0000000..bf4a603 --- /dev/null +++ b/nextcloud/helmrelease-nextcloud.yaml @@ -0,0 +1,555 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: nextcloud + namespace: nextcloud +spec: + chart: + spec: + chart: nextcloud + version: 4.6.x + sourceRef: + kind: HelmRepository + name: nextcloud + namespace: flux-system + interval: 15m + timeout: 5m + releaseName: nextcloud + values: + ## Official nextcloud image version + ## ref: https://hub.docker.com/r/library/nextcloud/tags/ + ## + image: + repository: nextcloud + flavor: apache + # default is generated by flavor and appVersion + tag: + pullPolicy: IfNotPresent + # pullSecrets: + # - myRegistrKeySecretName + + nameOverride: "" + fullnameOverride: "" + podAnnotations: {} + deploymentAnnotations: {} + deploymentLabels: {} + + # Number of replicas to be deployed + replicaCount: 1 + + ## Allowing use of ingress controllers + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + enabled: true + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + tls: + - hosts: + - nextcloud.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev + labels: {} + path: / + pathType: Prefix + + + # Allow configuration of lifecycle hooks + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ + lifecycle: {} + # postStartCommand: [] + # preStopCommand: [] + + phpClientHttpsFix: + enabled: false + protocol: https + + nextcloud: + host: nextcloud.michaelthomson.dev + username: admin + password: admin + ## Use an existing secret + existingSecret: + enabled: false + # secretName: nameofsecret + usernameKey: nextcloud-username + passwordKey: nextcloud-password + tokenKey: nextcloud-token + smtpUsernameKey: smtp-username + smtpPasswordKey: smtp-password + smtpHostKey: smtp-host + update: 0 + # If web server is not binding default port, you can define it + containerPort: 80 + datadir: /var/www/html/data + persistence: + subPath: + mail: + enabled: false + fromAddress: user + domain: domain.com + smtp: + host: domain.com + secure: ssl + port: 465 + authtype: LOGIN + name: user + password: pass + # PHP Configuration files + # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true + phpConfigs: {} + # Default config files + # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself + # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config + defaultConfigs: + # To protect /var/www/html/config + .htaccess: true + # Redis default configuration + redis.config.php: true + # Apache configuration for rewrite urls + apache-pretty-urls.config.php: true + # Define APCu as local cache + apcu.config.php: true + # Apps directory configs + apps.config.php: true + # Used for auto configure database + autoconfig.php: true + # SMTP default configuration + smtp.config.php: true + # Extra config files created in /var/www/html/config/ + # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file + configs: {} + + # For example, to use S3 as primary storage + # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3 + # + # configs: + # s3.config.php: |- + # array( + # 'class' => '\\OC\\Files\\ObjectStore\\S3', + # 'arguments' => array( + # 'bucket' => 'my-bucket', + # 'autocreate' => true, + # 'key' => 'xxx', + # 'secret' => 'xxx', + # 'region' => 'us-east-1', + # 'use_ssl' => true + # ) + # ) + # ); + + # Hooks for auto configuration + # Here you could write small scripts which are placed in `/docker-entrypoint-hooks.d//helm.sh` + # ref: https://github.com/nextcloud/docker?tab=readme-ov-file#auto-configuration-via-hook-folders + hooks: + pre-installation: + post-installation: + pre-upgrade: + post-upgrade: + before-starting: + + ## Strategy used to replace old pods + ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + strategy: + type: Recreate + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + + ## + ## Extra environment variables + extraEnv: + # - name: SOME_SECRET_ENV + # valueFrom: + # secretKeyRef: + # name: nextcloud + # key: secret_key + + # Extra init containers that runs before pods start. + extraInitContainers: [] + # - name: do-something + # image: busybox + # command: ['do', 'something'] + + # Extra sidecar containers. + extraSidecarContainers: [] + # - name: nextcloud-logger + # image: busybox + # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log'] + # volumeMounts: + # - name: nextcloud-data + # mountPath: /run/nextcloud/data + + # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume + # to NextCloud pods in Kubernetes. This can then be configured in External Storage + extraVolumes: + # - name: nfs + # nfs: + # server: "10.0.0.1" + # path: "/nextcloud_data" + # readOnly: false + extraVolumeMounts: + # - name: nfs + # mountPath: "/legacy_data" + + # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container). + # For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: false + + # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive + podSecurityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: false + + nginx: + ## You need to set an fpm version of the image for nextcloud if you want to use nginx! + enabled: false + image: + repository: nginx + tag: alpine + pullPolicy: IfNotPresent + containerPort: 80 + + config: + # This generates the default nginx config as per the nextcloud documentation + default: true + # custom: |- + # worker_processes 1;.. + + resources: {} + + # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # the nginx alpine container default user is 82 + # runAsUser: 82 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: true + + internalDatabase: + enabled: true + name: nextcloud + + ## + ## External database configuration + ## + externalDatabase: + enabled: false + + ## Supported database engines: mysql or postgresql + type: mysql + + ## Database host + host: + + ## Database user + user: nextcloud + + ## Database password + password: "" + + ## Database name + database: nextcloud + + ## Use a existing secret + existingSecret: + enabled: false + # secretName: nameofsecret + usernameKey: db-username + passwordKey: db-password + # hostKey: db-hostname-or-ip + # databaseKey: db-name + + ## + ## MariaDB chart configuration + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb + ## + mariadb: + ## Whether to deploy a mariadb server from the bitnami mariab db helm chart + # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true + # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters + enabled: false + + auth: + database: nextcloud + username: nextcloud + password: changeme + # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored). + # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password + existingSecret: "" + + architecture: standalone + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + primary: + persistence: + enabled: false + # Use an existing Persistent Volume Claim (must be created ahead of time) + # existingClaim: "" + # storageClass: "" + accessMode: ReadWriteOnce + size: 8Gi + + ## + ## PostgreSQL chart configuration + ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql + ## + postgresql: + enabled: false + global: + postgresql: + # global.postgresql.auth overrides postgresql.auth + auth: + username: nextcloud + password: changeme + database: nextcloud + # Name of existing secret to use for PostgreSQL credentials. + # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret. + # secret might also contains the key ldap-password if LDAP is enabled. + # ldap.bind_password will be ignored and picked from this secret in this case. + existingSecret: "" + # Names of keys in existing secret to use for PostgreSQL credentials + secretKeys: + adminPasswordKey: "" + userPasswordKey: "" + replicationPasswordKey: "" + primary: + persistence: + enabled: false + # Use an existing Persistent Volume Claim (must be created ahead of time) + # existingClaim: "" + # storageClass: "" + + ## + ## Redis chart configuration + ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis + ## + + redis: + enabled: false + auth: + enabled: true + password: 'changeme' + # name of an existing secret with RedisĀ® credentials (instead of auth.password), must be created ahead of time + existingSecret: "" + # Password key to be retrieved from existing secret + existingSecretPasswordKey: "" + + + ## Cronjob to execute Nextcloud background tasks + ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron + ## + cronjob: + enabled: false + + ## Cronjob sidecar resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + + # Allow configuration of lifecycle hooks + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ + lifecycle: {} + # postStartCommand: [] + # preStopCommand: [] + # Set securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: 33 + # runAsGroup: 33 + # runAsNonRoot: true + # readOnlyRootFilesystem: true + + service: + type: ClusterIP + port: 8080 + loadBalancerIP: "" + nodePort: nil + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + # Nextcloud Data (/var/www/html) + enabled: true + annotations: {} + ## nextcloud data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: longhorn + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 8Gi + + ## Use an additional pvc for the data directory rather than a subpath of the default PVC + ## Useful to store data on a different storageClass (e.g. on slower disks) + nextcloudData: + enabled: true + subPath: + annotations: {} + storageClass: nfs-client + # existingClaim: + accessMode: ReadWriteOnce + size: 1Ti + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + + + ## Enable pod autoscaling using HorizontalPodAutoscaler + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## + hpa: + enabled: false + cputhreshold: 60 + minPods: 1 + maxPods: 10 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + + ## Prometheus Exporter / Metrics + ## + metrics: + enabled: false + + replicaCount: 1 + # The metrics exporter needs to know how you serve Nextcloud either http or https + https: false + # Use API token if set, otherwise fall back to password authentication + # https://github.com/xperimental/nextcloud-exporter#token-authentication + # Currently you still need to set the token manually in your nextcloud install + token: "" + timeout: 5s + # if set to true, exporter skips certificate verification of Nextcloud server. + tlsSkipVerify: false + + image: + repository: xperimental/nextcloud-exporter + tag: 0.6.2 + pullPolicy: IfNotPresent + # pullSecrets: + # - myRegistrKeySecretName + + ## Metrics exporter resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + # resources: {} + + ## Metrics exporter pod Annotation and Labels + # podAnnotations: {} + + # podLabels: {} + + service: + type: ClusterIP + ## Use serviceLoadBalancerIP to request a specific static IP, + ## otherwise leave blank + # loadBalancerIP: + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9205" + labels: {} + + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator + ## + enabled: false + + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + + ## @param metrics.serviceMonitor.namespaceSelector The selector of the namespace where the target service is located (defaults to the release namespace) + namespaceSelector: + + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: 30s + + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + + + rbac: + enabled: false + serviceaccount: + create: true + name: nextcloud-serviceaccount + annotations: {} + + + ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead + securityContext: {}