nearly functional nextcloud

2023-12-13 14:11:07 +01:00
parent a5f1a13b22
commit 12ece4852d
12 changed files with 83 additions and 143 deletions
--- a/apps/nextcloud/README.md
+++ b/apps/nextcloud/README.md
@@ -0,0 +1,5 @@
+### Runninf `occ` commands:
+
+```
+su -s /bin/bash www-data -c "php occ user:list"
+```
--- a/apps/nextcloud/ingress.yaml
+++ b/apps/nextcloud/ingress.yaml
@@ -1,7 +1,6 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  namespace: nextcloud
  name: nextcloud-ingressroute

 spec:
@@ -14,4 +13,4 @@ spec:
    - name: nextcloud
      port: 8080
  tls:
-    certResolver: default-tls 
+    certResolver: default-tls 
--- a/apps/nextcloud/kustomization.yaml
+++ b/apps/nextcloud/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+- namespace.yaml
+- ingress.yaml
+- pvc.yaml
+- postgres.sealedsecret.yaml
+
+namespace: nextcloud
+
+helmCharts:
+  - name: nextcloud
+    releaseName: nextcloud
+    version: 4.5.5
+    valuesFile: values.yaml
+    repo: https://nextcloud.github.io/helm/
--- a/apps/nextcloud/namespace.yaml
+++ b/apps/nextcloud/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
--- a/apps/nextcloud/postgres.sealedsecret.yaml
+++ b/apps/nextcloud/postgres.sealedsecret.yaml
@@ -0,0 +1,22 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "postgres-password",
+    "namespace": "nextcloud-2",
+    "creationTimestamp": null
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "postgres-password",
+        "namespace": "nextcloud-2",
+        "creationTimestamp": null
+      }
+    },
+    "encryptedData": {
+      "password": "AgCTf42UpSAuA7lePywunYCtI/v1rh63mQSLRX50Lp2VdnFLU1XxmdHjDj38lJN1TCWZPzDlp+YX4vMeGNJJuxFIvytgJnaZCAQthD04U8/4oXVJMaMi6NkWtL0qmNVplbSFxtkWEBEyMkpWg9zy5lXJyOSGnYpoq1wT+GO9gHDIww+T68M6ellxIUcv6NBDI9ErjoFJuKI+z+wrtsInLlT8Fu1J5srSpuZm0ZYqu0m1Z5NilKyrnva1pcsfR7hDgKDbOL3vef3V0mLMRb1dUjsNqDNxgqCrmFB5MbOCOrs4ZrYQeayOzJXb1RFI5DifbE6ubCY5DkZSZmhugsshnkf/uBZ7ELF3q/HceuU+4BguietbvCY5ZK+/BfChAbiNlPcxnLeianGNCBZLi9RnnbGEr0hHG/uQ1tf5+opP1IfwDvnovj2KhcnhM29IB3BzRcIlTJTLL2cn2HG7CJ6JBSDO0x4si/xAzT7se5bxxl0aUIkE1SWKoITkXjwKviMxNlBgSUW07r1WWEAmV0CC8Fr9uNDc/rGP64ozyJOYkbTNQAtlcTC5vyoJokswpzSpFtrsn/Z8DUuY77l70ziZU0pYMHSZM/kGW7HtujTRtKQpcZOHlGb9OiBpMHPYdtE+1thqA5+xtFkhlJ74+K7yzgPnrYYzEiIJ9tzY8A8P5QzmlpjUEhg+TMXo+8t4gYcesLsdHTKyZJXPQHMb0c6TSVyC8woklg==",
+      "username": "AgALRb5YUhCTkoEn+rAf8/hBgYJws2Q6ri8qwsw2vR9NeI6upJqCW9v77a8MmPYDZxs+OaEVaAxAHwchGs0KDRcQJnP5jdsFUe2tYEVljDR/OZCebBxEDr5ixqUVmKR81NvJujx6E9KGVU/ALHFASknGdqGTBgkSnyGvehswCbp6UN56I2BoSUU6zwevVnUMH0DPIPqgZuGoqWQA4ubF5bKMkF83JA5DRT4V4K/q/iTLzJ18441vxi90/R+Olm6gd5963VPiI9VwCKbDPJFAIZ7zA7iH3oc/OaTUCmAQ4B4MfaAorOX1SwHXejFNy/Qm8STNsMDu+mIgyZyxYdjbQknEWvJqUPPQ/UhspYkytqSQsJKo65cyCBRos8ipJG16xju8eeO6h/Jt/1Xk+S2I+36fISs1w9mmXJNBYoAYBk8+BT1njqXnTFMy2+N2Gi8kmkGic/9psE/EWIJYcC9/JFDkG4j3/TTlQTGA384WPAdaowEJKIwDGLQqsTw82I8chd1GmGuARR23fGdMHaYukikcU8NEQulRM/UIOjqI0z4+x4X7HX5zDOt35thNV3YHudwm2MCOAHHae/nKSVk+12bBwCqPf0ymjPXaXibnFoevV+3sm2oy1URPZTMvClAngy5wWzzS6GTRlaU0b6vg+AD82h5Q6id70HLaGJ+SWrqlB4rTZ8hHDHfsuaF739KWM7vr7g=="
+    }
+  }
+}
--- a/apps/nextcloud/pvc.yaml
+++ b/apps/nextcloud/pvc.yaml
@@ -1,13 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  namespace: nextcloud
  name: nextcloud-nfs
 spec:
-  # storageClassName: fast
  capacity:
    storage: "150Gi"
-  # volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  nfs:
@@ -17,7 +14,6 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  namespace: nextcloud
  name: nextcloud-nfs
 spec:
  storageClassName: ""
--- a/apps/nextcloud/values.yaml
+++ b/apps/nextcloud/values.yaml
@@ -1,32 +1,13 @@
 ## Official nextcloud image version
 ## ref: https://hub.docker.com/r/library/nextcloud/tags/
-##
+
 image:
-  repository: nextcloud
-  tag: "27" # needs to be a string because of the template
-  pullPolicy: IfNotPresent
+  tag: "27"

-nameOverride: ""
-fullnameOverride: ""
-podAnnotations: {}
-deploymentAnnotations: {}
-
-# Number of replicas to be deployed
-replicaCount: 1
-
-## Allowing use of ingress controllers
-## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
-##
 ingress:
  enabled: false


-# Allow configuration of lifecycle hooks
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
-lifecycle: {}
-  # postStartCommand: []
-  # preStopCommand: []
-
 nextcloud:
  host: nextcloud.kluster.moll.re
  username: admin
@@ -87,48 +68,9 @@ nextcloud:
  #        )
  #      );

-  ## Strategy used to replace old pods
-  ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
-  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
-  strategy:
-    type: Recreate
-    # type: RollingUpdate
-    # rollingUpdate:
-    #   maxSurge: 1
-    #   maxUnavailable: 0
-
-  ##
-  ## Extra environment variables
-  extraEnv:
-  #  - name: SOME_SECRET_ENV
-  #    valueFrom:
-  #      secretKeyRef:
-  #        name: nextcloud
-  #        key: secret_key
-
-  # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
-  # to NextCloud pods in Kubernetes. This can then be configured in External Storage
-  extraVolumes:
-  #  - name: nfs
-  #    nfs:
-  #      server: "10.0.0.1"
-  #      path: "/nextcloud_data"
-  #      readOnly: false
-  extraVolumeMounts:
-  #  - name: nfs
-  #    mountPath: "/legacy_data"
-
-  # Extra secuurityContext parameters. For example you may need to define runAsNonRoot directive
-  # extraSecurityContext:
-  #   runAsUser: "33"
-  #   runAsGroup: "33"
-  #   runAsNonRoot: true
-  #   readOnlyRootFilesystem: true
-
 nginx:
  ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
  enabled: false
-  resources: {}

 internalDatabase:
  enabled: true
@@ -147,52 +89,38 @@ externalDatabase:
  host: postgres-postgresql.postgres

  ## Database user
-  user: nextcloud
+  # user: nextcloud

-  ## Database password
-  password: test
+  # ## Database password
+  # password: test

  ## Database name
  database: nextcloud

  ## Use a existing secret
  existingSecret:
-    enabled: false
-    # secretName: nameofsecret
-    # usernameKey: username
-    # passwordKey: password
+    enabled: true
+    secretName: postgres-password
+    usernameKey: username
+    passwordKey: password

 ##
 ## MariaDB chart configuration
 ##
 mariadb:
-  ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
  enabled: false

 postgresql:
  enabled: false
-##
-## Redis chart configuration
-## for more options see https://github.com/bitnami/charts/tree/master/bitnami/redis
-##

 redis:
  enabled: false
-  auth:
-    enabled: true
-    password: 'changeme'

 ## Cronjob to execute Nextcloud background tasks
 ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#webcron
 ##
 cronjob:
  enabled: false
-  # Nexcl
-service:
-  type: ClusterIP
-  port: 8080
-  loadBalancerIP: nil
-  nodePort: nil

 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
@@ -201,33 +129,14 @@ persistence:
  # Nextcloud Data (/var/www/html)
  enabled: true
  annotations: {}
-  ## nextcloud data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  # storageClass: "-"

-  ## A manually managed Persistent Volume and Claim
-  ## Requires persistence.enabled: true
  ## If defined, PVC must be created manually before volume will be bound
  existingClaim: nextcloud-nfs

-  accessMode: ReadWriteOnce
-  size: 150Gi
-
  ## Use an additional pvc for the data directory rather than a subpath of the default PVC
  ## Useful to store data on a different storageClass (e.g. on slower disks)
  nextcloudData:
    enabled: false
-    subPath:
-    annotations: {}
-    # storageClass: "-"
-    # existingClaim:
-    accessMode: ReadWriteOnce
-    size: 8Gi

 resources:
  # We usually recommend not to specify default resources and to leave this as a conscious
@@ -241,31 +150,6 @@ resources:
   cpu: 100m
   memory: 128Mi

-## Liveness and readiness probe values
-## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-##
-livenessProbe:
-  enabled: true
-  initialDelaySeconds: 250
-  periodSeconds: 10
-  timeoutSeconds: 5
-  failureThreshold: 3
-  successThreshold: 1
-readinessProbe:
-  enabled: true
-  initialDelaySeconds: 250
-  periodSeconds: 10
-  timeoutSeconds: 5
-  failureThreshold: 3
-  successThreshold: 1
-startupProbe:
-  enabled: false
-  initialDelaySeconds: 250
-  periodSeconds: 10
-  timeoutSeconds: 5
-  failureThreshold: 30
-  successThreshold: 1
-

 ## Enable pod autoscaling using HorizontalPodAutoscaler
 ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
@@ -273,13 +157,6 @@ startupProbe:
 hpa:
  enabled: false

-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-
 ## Prometheus Exporter / Metrics
 ##
 metrics:
@@ -288,7 +165,3 @@ metrics:

 rbac:
  enabled: false
-  serviceaccount:
-    create: true
-    name: nextcloud-serviceaccount
-