diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 0a55845f..593adc7b 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: nextcloud -version: 4.5.1 -appVersion: 27.1.3 +version: 4.5.7 +appVersion: 27.1.4 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: - nextcloud diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index cdf5f6e2..21ae1427 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -30,6 +30,7 @@ helm install my-release nextcloud/nextcloud * [Downloading models for recognize](#downloading-models-for-recognize) * [Backups](#backups) * [Upgrades](#upgrades) +* [Troubleshooting](#troubleshooting) ## Introduction @@ -80,122 +81,122 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the nextcloud chart and their default values. -| Parameter | Description | Default | -|------------------------------------------------------------|----------------------------------------------------------------------------------------------|----------------------------| -| `image.repository` | nextcloud Image name | `nextcloud` | -| `image.flavor` | nextcloud Image type (Options: apache, fpm) | `apache` | -| `image.tag` | nextcloud Image tag | `appVersion` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify image pull secrets | `nil` | -| `replicaCount` | Number of nextcloud pods to deploy | `1` | -| `ingress.className` | Name of the ingress class to use | `nil` | -| `ingress.enabled` | Enable use of ingress controllers | `false` | -| `ingress.servicePort` | Ingress' backend servicePort | `http` | -| `ingress.annotations` | An array of service annotations | `nil` | -| `ingress.labels` | An array of service labels | `nil` | -| `ingress.path` | The `Path` to use in Ingress' `paths` | `/` | -| `ingress.pathType` | The `PathType` to use in Ingress' `paths` | `Prefix` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `nextcloud.host` | nextcloud host to create application URLs, updates trusted_domains at installation time only | `nextcloud.kube.home` | -| `nextcloud.username` | User of the application | `admin` | -| `nextcloud.password` | Application password | `changeme` | -| `nextcloud.existingSecret.enabled` | Whether to use an existing secret or not | `false` | -| `nextcloud.existingSecret.secretName` | Name of the existing secret | `nil` | -| `nextcloud.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | -| `nextcloud.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | -| `nextcloud.existingSecret.smtpUsernameKey` | Name of the key that contains the SMTP username | `nil` | -| `nextcloud.existingSecret.smtpPasswordKey` | Name of the key that contains the SMTP password | `nil` | -| `nextcloud.existingSecret.smtpHostKey` | Name of the key that contains the SMTP hostname | `nil` | -| `nextcloud.update` | Trigger update if custom command is used | `0` | -| `nextcloud.containerPort` | Customize container port when not running as root | `80` | -| `nextcloud.datadir` | nextcloud data dir location | `/var/www/html/data` | -| `nextcloud.mail.enabled` | Whether to enable/disable email settings | `false` | -| `nextcloud.mail.fromAddress` | nextcloud mail send from field | `nil` | -| `nextcloud.mail.domain` | nextcloud mail domain | `nil` | -| `nextcloud.mail.smtp.host` | SMTP hostname | `nil` | -| `nextcloud.mail.smtp.secure` | SMTP connection `ssl` or empty | `''` | -| `nextcloud.mail.smtp.port` | Optional SMTP port | `nil` | -| `nextcloud.mail.smtp.authtype` | SMTP authentication method | `LOGIN` | -| `nextcloud.mail.smtp.name` | SMTP username | `''` | -| `nextcloud.mail.smtp.password` | SMTP password | `''` | -| `nextcloud.configs` | Config files created in `/var/www/html/config` | `{}` | -| `nextcloud.persistence.subPath` | Set the subPath for nextcloud to use in volume | `nil` | -| `nextcloud.phpConfigs` | PHP Config files created in `/usr/local/etc/php/conf.d` | `{}` | -| `nextcloud.defaultConfigs.\.htaccess` | Default .htaccess to protect `/var/www/html/config` | `true` | -| `nextcloud.defaultConfigs.redis\.config\.php` | Default Redis configuration | `true` | -| `nextcloud.defaultConfigs.apache-pretty-urls\.config\.php` | Default Apache configuration for rewrite urls | `true` | -| `nextcloud.defaultConfigs.apcu\.config\.php` | Default configuration to define APCu as local cache | `true` | -| `nextcloud.defaultConfigs.apps\.config\.php` | Default configuration for apps | `true` | -| `nextcloud.defaultConfigs.autoconfig\.php` | Default auto-configuration for databases | `true` | -| `nextcloud.defaultConfigs.smtp\.config\.php` | Default configuration for smtp | `true` | -| `nextcloud.strategy` | specifies the strategy used to replace old Pods by new ones | `type: Recreate` | -| `nextcloud.extraEnv` | specify additional environment variables | `{}` | -| `nextcloud.extraSidecarContainers` | specify additional sidecar containers | `[]` | -| `nextcloud.extraInitContainers` | specify additional init containers | `[]` | -| `nextcloud.extraVolumes` | specify additional volumes for the NextCloud pod | `{}` | -| `nextcloud.extraVolumeMounts` | specify additional volume mounts for the NextCloud pod | `{}` | -| `nextcloud.securityContext` | Optional security context for the NextCloud container | `nil` | -| `nextcloud.podSecurityContext` | Optional security context for the NextCloud pod (applies to all containers in the pod) | `nil` | -| `nginx.enabled` | Enable nginx (requires you use php-fpm image) | `false` | -| `nginx.image.repository` | nginx Image name, e.g. use `nginxinc/nginx-unprivileged` for rootless container | `nginx` | -| `nginx.image.tag` | nginx Image tag | `alpine` | -| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` | -| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` | -| `nginx.containerPort` | Customize container port e.g. when not running as root | `IfNotPresent` | -| `nginx.config.default` | Whether to use nextcloud's recommended nginx config | `true` | -| `nginx.config.custom` | Specify a custom config for nginx | `{}` | -| `nginx.resources` | nginx resources | `{}` | -| `nginx.securityContext` | Optional security context for the nginx container | `nil` | -| `lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | -| `lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | -| `redis.enabled` | Whether to install/use redis for locking | `false` | -| `redis.auth.enabled` | Whether to enable password authentication with redis | `true` | -| `redis.auth.password` | The password redis uses | `''` | -| `redis.auth.existingSecret` | The name of an existing secret with RedisĀ® credentials | `''` | -| `redis.auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `''` | -| `cronjob.enabled` | Whether to enable/disable cron jobs sidecar | `false` | -| `cronjob.lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand for the cron jobs sidecar | `nil` | -| `cronjob.lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand for the cron jobs sidecar | `nil` | -| `cronjob.resources` | CPU/Memory resource requests/limits for the cron jobs sidecar | `{}` | -| `cronjob.securityContext` | Optional security context for cron jobs sidecar | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `""` | -| `service.nodePort` | NodePort for service type NodePort | `nil` | -| `service.ipFamilies` | Set ipFamilies as in k8s service objects | `nil` | -| `service.ipFamyPolicy` | define IP protocol bindings as in k8s service objects | `nil` | -| `phpClientHttpsFix.enabled` | Sets OVERWRITEPROTOCOL for https ingress redirect | `false` | -| `phpClientHttpsFix.protocol` | Sets OVERWRITEPROTOCOL for https ingress redirect | `https` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `rbac.enabled` | Enable Role and rolebinding for priveledged PSP | `false` | -| `rbac.serviceaccount.create` | Wether to create a serviceaccount or use an existing one (requires rbac) | `true` | -| `rbac.serviceaccount.name` | The name of the sevice account that the deployment will use (requires rbac) | `nextcloud-serviceaccount` | -| `rbac.serviceaccount.annotations` | Serviceaccount annotations | `{}` | -| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `startupProbe.enabled` | Turn on and off startup probe | `false` | -| `startupProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `startupProbe.periodSeconds` | How often to perform the probe | `10` | -| `startupProbe.timeoutSeconds` | When the probe times out | `5` | -| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe | `30` | -| `startupProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `hpa.enabled` | Boolean to create a HorizontalPodAutoscaler | `false` | -| `hpa.cputhreshold` | CPU threshold percent for the HorizontalPodAutoscale | `60` | -| `hpa.minPods` | Min. pods for the Nextcloud HorizontalPodAutoscaler | `1` | -| `hpa.maxPods` | Max. pods for the Nextcloud HorizontalPodAutoscaler | `10` | -| `deploymentLabels` | Labels to be added at 'deployment' level | not set | -| `deploymentAnnotations` | Annotations to be added at 'deployment' level | not set | -| `podLabels` | Labels to be added at 'pod' level | not set | -| `podAnnotations` | Annotations to be added at 'pod' level | not set | +| Parameter | Description | Default | +|------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|----------------------------| +| `image.repository` | nextcloud Image name | `nextcloud` | +| `image.flavor` | nextcloud Image type (Options: apache, fpm) | `apache` | +| `image.tag` | nextcloud Image tag | `appVersion` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify image pull secrets | `nil` | +| `replicaCount` | Number of nextcloud pods to deploy | `1` | +| `ingress.className` | Name of the ingress class to use | `nil` | +| `ingress.enabled` | Enable use of ingress controllers | `false` | +| `ingress.servicePort` | Ingress' backend servicePort | `http` | +| `ingress.annotations` | An array of service annotations | `nil` | +| `ingress.labels` | An array of service labels | `nil` | +| `ingress.path` | The `Path` to use in Ingress' `paths` | `/` | +| `ingress.pathType` | The `PathType` to use in Ingress' `paths` | `Prefix` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `nextcloud.host` | nextcloud host to create application URLs, updates trusted_domains at installation time only | `nextcloud.kube.home` | +| `nextcloud.username` | User of the application | `admin` | +| `nextcloud.password` | Application password | `changeme` | +| `nextcloud.existingSecret.enabled` | Whether to use an existing secret or not | `false` | +| `nextcloud.existingSecret.secretName` | Name of the existing secret | `nil` | +| `nextcloud.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | +| `nextcloud.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | +| `nextcloud.existingSecret.smtpUsernameKey` | Name of the key that contains the SMTP username | `nil` | +| `nextcloud.existingSecret.smtpPasswordKey` | Name of the key that contains the SMTP password | `nil` | +| `nextcloud.existingSecret.smtpHostKey` | Name of the key that contains the SMTP hostname | `nil` | +| `nextcloud.update` | Trigger update if custom command is used | `0` | +| `nextcloud.containerPort` | Customize container port when not running as root | `80` | +| `nextcloud.datadir` | nextcloud data dir location | `/var/www/html/data` | +| `nextcloud.mail.enabled` | Whether to enable/disable email settings | `false` | +| `nextcloud.mail.fromAddress` | nextcloud mail send from field | `nil` | +| `nextcloud.mail.domain` | nextcloud mail domain | `nil` | +| `nextcloud.mail.smtp.host` | SMTP hostname | `nil` | +| `nextcloud.mail.smtp.secure` | SMTP connection `ssl` or empty | `''` | +| `nextcloud.mail.smtp.port` | Optional SMTP port | `nil` | +| `nextcloud.mail.smtp.authtype` | SMTP authentication method | `LOGIN` | +| `nextcloud.mail.smtp.name` | SMTP username, ONLY the part before the domain name. i.e. 'postmaster' NOT 'postmaster@example.com' | `''` | +| `nextcloud.mail.smtp.password` | SMTP password | `''` | +| `nextcloud.configs` | Config files created in `/var/www/html/config` | `{}` | +| `nextcloud.persistence.subPath` | Set the subPath for nextcloud to use in volume | `nil` | +| `nextcloud.phpConfigs` | PHP Config files created in `/usr/local/etc/php/conf.d` | `{}` | +| `nextcloud.defaultConfigs.\.htaccess` | Default .htaccess to protect `/var/www/html/config` | `true` | +| `nextcloud.defaultConfigs.redis\.config\.php` | Default Redis configuration | `true` | +| `nextcloud.defaultConfigs.apache-pretty-urls\.config\.php` | Default Apache configuration for rewrite urls | `true` | +| `nextcloud.defaultConfigs.apcu\.config\.php` | Default configuration to define APCu as local cache | `true` | +| `nextcloud.defaultConfigs.apps\.config\.php` | Default configuration for apps | `true` | +| `nextcloud.defaultConfigs.autoconfig\.php` | Default auto-configuration for databases | `true` | +| `nextcloud.defaultConfigs.smtp\.config\.php` | Default configuration for smtp | `true` | +| `nextcloud.strategy` | specifies the strategy used to replace old Pods by new ones | `type: Recreate` | +| `nextcloud.extraEnv` | specify additional environment variables | `{}` | +| `nextcloud.extraSidecarContainers` | specify additional sidecar containers | `[]` | +| `nextcloud.extraInitContainers` | specify additional init containers | `[]` | +| `nextcloud.extraVolumes` | specify additional volumes for the NextCloud pod | `{}` | +| `nextcloud.extraVolumeMounts` | specify additional volume mounts for the NextCloud pod | `{}` | +| `nextcloud.securityContext` | Optional security context for the NextCloud container | `nil` | +| `nextcloud.podSecurityContext` | Optional security context for the NextCloud pod (applies to all containers in the pod) | `nil` | +| `nginx.enabled` | Enable nginx (requires you use php-fpm image) | `false` | +| `nginx.image.repository` | nginx Image name, e.g. use `nginxinc/nginx-unprivileged` for rootless container | `nginx` | +| `nginx.image.tag` | nginx Image tag | `alpine` | +| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` | +| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` | +| `nginx.containerPort` | Customize container port e.g. when not running as root | `IfNotPresent` | +| `nginx.config.default` | Whether to use nextcloud's recommended nginx config | `true` | +| `nginx.config.custom` | Specify a custom config for nginx | `{}` | +| `nginx.resources` | nginx resources | `{}` | +| `nginx.securityContext` | Optional security context for the nginx container | `nil` | +| `lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | +| `lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | +| `redis.enabled` | Whether to install/use redis for locking | `false` | +| `redis.auth.enabled` | Whether to enable password authentication with redis | `true` | +| `redis.auth.password` | The password redis uses | `''` | +| `redis.auth.existingSecret` | The name of an existing secret with RedisĀ® credentials | `''` | +| `redis.auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `''` | +| `cronjob.enabled` | Whether to enable/disable cron jobs sidecar | `false` | +| `cronjob.lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand for the cron jobs sidecar | `nil` | +| `cronjob.lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand for the cron jobs sidecar | `nil` | +| `cronjob.resources` | CPU/Memory resource requests/limits for the cron jobs sidecar | `{}` | +| `cronjob.securityContext` | Optional security context for cron jobs sidecar | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `""` | +| `service.nodePort` | NodePort for service type NodePort | `nil` | +| `service.ipFamilies` | Set ipFamilies as in k8s service objects | `nil` | +| `service.ipFamyPolicy` | define IP protocol bindings as in k8s service objects | `nil` | +| `phpClientHttpsFix.enabled` | Sets OVERWRITEPROTOCOL for https ingress redirect | `false` | +| `phpClientHttpsFix.protocol` | Sets OVERWRITEPROTOCOL for https ingress redirect | `https` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `rbac.enabled` | Enable Role and rolebinding for priveledged PSP | `false` | +| `rbac.serviceaccount.create` | Wether to create a serviceaccount or use an existing one (requires rbac) | `true` | +| `rbac.serviceaccount.name` | The name of the sevice account that the deployment will use (requires rbac) | `nextcloud-serviceaccount` | +| `rbac.serviceaccount.annotations` | Serviceaccount annotations | `{}` | +| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `startupProbe.enabled` | Turn on and off startup probe | `false` | +| `startupProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | +| `startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe | `30` | +| `startupProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `hpa.enabled` | Boolean to create a HorizontalPodAutoscaler | `false` | +| `hpa.cputhreshold` | CPU threshold percent for the HorizontalPodAutoscale | `60` | +| `hpa.minPods` | Min. pods for the Nextcloud HorizontalPodAutoscaler | `1` | +| `hpa.maxPods` | Max. pods for the Nextcloud HorizontalPodAutoscaler | `10` | +| `deploymentLabels` | Labels to be added at 'deployment' level | not set | +| `deploymentAnnotations` | Annotations to be added at 'deployment' level | not set | +| `podLabels` | Labels to be added at 'pod' level | not set | +| `podAnnotations` | Annotations to be added at 'pod' level | not set | ### Database Configurations @@ -208,40 +209,43 @@ For convenience, we packages the following Bitnami charts for databases (feel fr If you choose to use one of the prepackaged Bitnami helm charts, you must configure both the `externalDatabase` parameters, and the parameters for the chart you choose. For instance, if you choose to use the Bitnami PostgreSQL chart that we've prepackaged, you need to also configure all the parameters for `postgresql`. You do not need to use the Bitnami helm charts. If you want to use an already configured database that you have externally, just set `internalDatabase.enabled` to `false`, and configure the `externalDatabase` parameters below. -| Parameter | Description | Default | -|----------------------------------------------------------------------|----------------------------------------------------------------------------------------|-----------------| -| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | -| `internalDatabase.database` | Name of the existing database | `nextcloud` | -| `externalDatabase.enabled` | Whether to use external database | `false` | -| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` | -| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` | -| `externalDatabase.database` | Name of the existing database | `nextcloud` | -| `externalDatabase.user` | Existing username in the external db | `nextcloud` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` | -| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` | -| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | -| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | -| `externalDatabase.existingSecret.hostKey` | Name of the key that contains the database hostname or IP address | `nil` | -| `externalDatabase.existingSecret.databaseKey` | Name of the key that contains the database name | `nil` | -| `mariadb.enabled` | Whether to use the MariaDB chart | `false` | -| `mariadb.auth.database` | Database name to create | `nextcloud` | -| `mariadb.auth.username` | Database user to create | `nextcloud` | -| `mariadb.auth.password` | Password for the database | `changeme` | -| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` | -| `mariadb.auth.existingSecret` | Use existing secret for MariaDB password details; see values.yaml for more detail | `''` | -| `mariadb.primary.persistence.enabled` | Whether or not to Use a PVC on MariaDB primary | `false` | -| `mariadb.primary.persistence.existingClaim` | Use an existing PVC for MariaDB primary | `nil` | -| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` | -| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` | -| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` | -| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` | -| `postgresql.global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `''` | -| `postgresql.global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL admin password | `''` | -| `postgresql.global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL user password | `''` | -| `postgresql.global.postgresql.auth.secretKeys.replicationPasswordKey`| Name of key in existing secret to use for PostgreSQL replication password | `''` | -| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` | -| `postgresql.primary.persistence.existingClaim` | Use an existing PVC for PostgreSQL primary | `nil` | +| Parameter | Description | Default | +|----------------------------------------------------------------------|----------------------------------------------------------------------------------------|-----------------------| +| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | +| `internalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.enabled` | Whether to use external database | `false` | +| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` | +| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` | +| `externalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.user` | Existing username in the external db | `nextcloud` | +| `externalDatabase.password` | Password for the above username | `nil` | +| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` | +| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` | +| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | +| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | +| `externalDatabase.existingSecret.hostKey` | Name of the key that contains the database hostname or IP address | `nil` | +| `externalDatabase.existingSecret.databaseKey` | Name of the key that contains the database name | `nil` | +| `mariadb.enabled` | Whether to use the MariaDB chart | `false` | +| `mariadb.auth.database` | Database name to create | `nextcloud` | +| `mariadb.auth.username` | Database user to create | `nextcloud` | +| `mariadb.auth.password` | Password for the database | `changeme` | +| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` | +| `mariadb.auth.existingSecret` | Use existing secret for MariaDB password details; see values.yaml for more detail | `''` | +| `mariadb.primary.persistence.enabled` | Whether or not to Use a PVC on MariaDB primary | `false` | +| `mariadb.primary.persistence.existingClaim` | Use an existing PVC for MariaDB primary | `nil` | +| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` | +| `postgresql.image.registry` | PostgreSQL image registry | `docker.io` | +| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` | +| `postgresql.image.tag` | PostgreSQL image tag | `15.4.0-debian-11-r10`| +| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` | +| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` | +| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` | +| `postgresql.global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `''` | +| `postgresql.global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL admin password | `''` | +| `postgresql.global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL user password | `''` | +| `postgresql.global.postgresql.auth.secretKeys.replicationPasswordKey`| Name of key in existing secret to use for PostgreSQL replication password | `''` | +| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` | +| `postgresql.primary.persistence.existingClaim` | Use an existing PVC for PostgreSQL primary | `nil` | Is there a missing parameter for one of the Bitnami helm charts listed above? Please feel free to submit a PR to add that parameter in our values.yaml, but be sure to also update this README file :) @@ -384,6 +388,40 @@ nginx enabled: true ``` +### Service discovery with nginx and ingress + +For service discovery (CalDAV, CardDAV, webfinger, nodeinfo) to work you need to add redirects to your ingress. +If you use the [ingress-nginx](https://github.com/kubernetes/ingress-nginx) you can use the following server snippet annotation: + + +```yaml +ingress: + annotations: + nginx.ingress.kubernetes.io/server-snippet: |- + server_tokens off; + proxy_hide_header X-Powered-By; + rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; + rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:autotest|occ|issue|indie|db_|console) { + deny all; + } +``` ## Preserving Source IP - Make sure your loadbalancer preserves source IP, for bare metal, `metalb` does and `klipper-lb` doesn't. @@ -486,3 +524,63 @@ After an upgrade, you may have missing indices. To fix this, you can run: # where NEXTCLOUD_POD is *your* nextcloud pod kubectl exec -it $NEXTCLOUD_POD -- su -s /bin/sh www-data -c "php occ db:add-missing-indices" ``` + +# Troubleshooting + +## Logging +The nextcloud instance deployed by this chart doesn't currently create a log file locally inside the container. +Examples scenarios to change this behavior include: + - Triaging mailserver issues + - Any time you're confused by server behavior and need more context + - Before submitting a GitHub Issue (you can include relevant log messages that way) + +### Changing the logging behavior +To change the logging behavior, modify your `logging.config.php` in your `values.yaml` under the `nextcloud.configs` section like so: +```yaml +nextcloud: + configs: + logging.config.php: |- + 'file', + 'logfile' => 'nextcloud.log', + 'loglevel' => 0, + 'logdateformat' => 'F d, Y H:i:s' + ); +``` +`loglevel` corresponds to the detail of the logs. Valid values are: +``` +0: DEBUG: All activity; the most detailed logging. + +1: INFO: Activity such as user logins and file activities, plus warnings, errors, and fatal errors. + +2: WARN: Operations succeed, but with warnings of potential problems, plus errors and fatal errors. + +3: ERROR: An operation fails, but other services and operations continue, plus fatal errors. + +4: FATAL: The server stops. +``` +[More information about Nextcloud logging](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) + +### Viewing the logs +To view logs after changing the logging behavior, you can exec into the Kubernetes pod, or copy them to your local machine. + +#### Exec into the kubernetes pod: +```bash +kubectl exec --stdin --tty nextcloud-pod-name-random-chars -- /bin/sh +``` + +#### Then look for the `nextcloud.log` file with tail or cat: + +```bash +cat nextcloud.log +tail -f nextcloud.log +``` + +#### Copy the log file to your local machine: +```bash +kubectl cp default/nextcloud-pod-name-random-chars:nextcloud.log ./my-local-machine-nextcloud.log +``` + +### Sharing the logs +Remember to anonymize your logs and snippets from your pod before sharing them with the internet. Kubernetes secrets, even Sealed ones, live in plaintext `env` variables on your running containers, and log messages can include other information that should stay safely with you. diff --git a/charts/nextcloud/templates/_helpers.tpl b/charts/nextcloud/templates/_helpers.tpl index e0d899d8..d250589c 100644 --- a/charts/nextcloud/templates/_helpers.tpl +++ b/charts/nextcloud/templates/_helpers.tpl @@ -28,7 +28,7 @@ Create a default fully qualified redis app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "nextcloud.redis.fullname" -}} -{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-redis" .Release.Name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -80,13 +80,13 @@ Create environment variables used to configure the nextcloud container as well a - name: MYSQL_USER valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - name: MYSQL_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.passwordKey }} {{- else if .Values.postgresql.enabled }} - name: POSTGRES_HOST value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} @@ -99,20 +99,20 @@ Create environment variables used to configure the nextcloud container as well a - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.passwordKey }} {{- else }} {{- if eq .Values.externalDatabase.type "postgresql" }} - name: POSTGRES_HOST {{- if .Values.externalDatabase.existingSecret.hostKey }} valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.hostKey }} {{- else }} value: {{ .Values.externalDatabase.host | quote }} @@ -121,7 +121,7 @@ Create environment variables used to configure the nextcloud container as well a {{- if .Values.externalDatabase.existingSecret.databaseKey }} valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.databaseKey }} {{- else }} value: {{ .Values.externalDatabase.database | quote }} @@ -129,19 +129,19 @@ Create environment variables used to configure the nextcloud container as well a - name: POSTGRES_USER valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.passwordKey }} {{- else }} - name: MYSQL_HOST {{- if .Values.externalDatabase.existingSecret.hostKey }} valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.hostKey }} {{- else }} value: {{ .Values.externalDatabase.host | quote }} @@ -150,7 +150,7 @@ Create environment variables used to configure the nextcloud container as well a {{- if .Values.externalDatabase.existingSecret.databaseKey }} valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.databaseKey }} {{- else }} value: {{ .Values.externalDatabase.database | quote }} @@ -158,25 +158,25 @@ Create environment variables used to configure the nextcloud container as well a - name: MYSQL_USER valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - name: MYSQL_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }} + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.passwordKey }} {{- end }} {{- end }} - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.usernameKey | default "nextcloud-username" }} + key: {{ .Values.nextcloud.existingSecret.usernameKey }} - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.passwordKey | default "nextcloud-password" }} + key: {{ .Values.nextcloud.existingSecret.passwordKey }} - name: NEXTCLOUD_TRUSTED_DOMAINS value: {{ .Values.nextcloud.host }} {{- if ne (int .Values.nextcloud.update) 0 }} @@ -200,17 +200,17 @@ Create environment variables used to configure the nextcloud container as well a valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.smtpHostKey | default "smtp-host" }} + key: {{ .Values.nextcloud.existingSecret.smtpHostKey }} - name: SMTP_NAME valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.smtpUsernameKey | default "smtp-username" }} + key: {{ .Values.nextcloud.existingSecret.smtpUsernameKey }} - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey | default "smtp-password" }} + key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey }} {{- end }} {{- if .Values.redis.enabled }} - name: REDIS_HOST @@ -242,31 +242,31 @@ Create volume mounts for the nextcloud container as well as the cron sidecar con {{- define "nextcloud.volumeMounts" -}} - name: nextcloud-main mountPath: /var/www/ - subPath: {{ ternary "root" (printf "%s/%s" .Values.nextcloud.persistence.subPath "root") (empty .Values.nextcloud.persistence.subPath) }} + subPath: {{ ternary "root" (printf "%s/root" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} - name: nextcloud-main mountPath: /var/www/html - subPath: {{ ternary "html" (printf "%s/%s" .Values.nextcloud.persistence.subPath "html") (empty .Values.nextcloud.persistence.subPath) }} + subPath: {{ ternary "html" (printf "%s/html" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }} - name: nextcloud-data mountPath: {{ .Values.nextcloud.datadir }} - subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.nextcloudData.subPath "data") (empty .Values.persistence.nextcloudData.subPath) }} + subPath: {{ ternary "data" (printf "%s/data" .Values.persistence.nextcloudData.subPath) (empty .Values.persistence.nextcloudData.subPath) }} {{- else }} - name: nextcloud-main mountPath: {{ .Values.nextcloud.datadir }} - subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }} + subPath: {{ ternary "data" (printf "%s/data" .Values.persistence.subPath) (empty .Values.persistence.subPath) }} {{- end }} - name: nextcloud-main mountPath: /var/www/html/config - subPath: {{ ternary "config" (printf "%s/%s" .Values.nextcloud.persistence.subPath "config") (empty .Values.nextcloud.persistence.subPath) }} + subPath: {{ ternary "config" (printf "%s/config" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} - name: nextcloud-main mountPath: /var/www/html/custom_apps - subPath: {{ ternary "custom_apps" (printf "%s/%s" .Values.nextcloud.persistence.subPath "custom_apps") (empty .Values.nextcloud.persistence.subPath) }} + subPath: {{ ternary "custom_apps" (printf "%s/custom_apps" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} - name: nextcloud-main mountPath: /var/www/tmp - subPath: {{ ternary "tmp" (printf "%s/%s" .Values.nextcloud.persistence.subPath "tmp") (empty .Values.nextcloud.persistence.subPath) }} + subPath: {{ ternary "tmp" (printf "%s/tmp" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} - name: nextcloud-main mountPath: /var/www/html/themes - subPath: {{ ternary "themes" (printf "%s/%s" .Values.nextcloud.persistence.subPath "themes") (empty .Values.nextcloud.persistence.subPath) }} + subPath: {{ ternary "themes" (printf "%s/themes" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} {{- range $key, $value := .Values.nextcloud.configs }} - name: nextcloud-config mountPath: /var/www/html/config/{{ $key }} diff --git a/charts/nextcloud/templates/config.yaml b/charts/nextcloud/templates/config.yaml index 2e811f16..a6a7cb4c 100644 --- a/charts/nextcloud/templates/config.yaml +++ b/charts/nextcloud/templates/config.yaml @@ -9,12 +9,12 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} data: -{{- range $key, $value := .Values.nextcloud.configs }} + {{- range $key, $value := .Values.nextcloud.configs }} {{ $key }}: |- -{{ $value | indent 4 }} -{{- end }} -{{- if .Values.nextcloud.defaultConfigs }} -{{- if index .Values.nextcloud.defaultConfigs ".htaccess" }} + {{- $value | nindent 4 }} + {{- end }} + {{- if .Values.nextcloud.defaultConfigs }} + {{- if index .Values.nextcloud.defaultConfigs ".htaccess" }} .htaccess: |- # line below if for Apache 2.4 @@ -28,8 +28,8 @@ data: IndexIgnore * -{{- end }} -{{- if index .Values.nextcloud.defaultConfigs "redis.config.php" }} + {{- end }} + {{- if index .Values.nextcloud.defaultConfigs "redis.config.php" }} redis.config.php: |- array( 'host' => getenv('REDIS_HOST'), 'port' => getenv('REDIS_HOST_PORT') ?: 6379, -{{- if .Values.redis.auth.enabled }} + {{- if .Values.redis.auth.enabled }} 'password' => getenv('REDIS_HOST_PASSWORD'), -{{- end }} + {{- end }} ), ); } -{{- end }} -{{- if index .Values.nextcloud.defaultConfigs "apache-pretty-urls.config.php" }} + {{- end }} + {{- if index .Values.nextcloud.defaultConfigs "apache-pretty-urls.config.php" }} apache-pretty-urls.config.php: |- '/', ); -{{- end }} -{{- if index .Values.nextcloud.defaultConfigs "apcu.config.php" }} + {{- end }} + {{- if index .Values.nextcloud.defaultConfigs "apcu.config.php" }} apcu.config.php: |- '\OC\Memcache\APCu', ); -{{- end }} -{{- if index .Values.nextcloud.defaultConfigs "apps.config.php" }} + {{- end }} + {{- if index .Values.nextcloud.defaultConfigs "apps.config.php" }} apps.config.php: |- getenv('MAIL_DOMAIN'), ); } -{{- end }} -{{- end }} -{{- end }} + {{- end }} + {{- end }}{{/* end-if defaultConfigs */}} + {{- end }}{{/* end-if configs */}} diff --git a/charts/nextcloud/templates/db-secret.yaml b/charts/nextcloud/templates/db-secret.yaml index 1a4eaf4c..dcc3129a 100644 --- a/charts/nextcloud/templates/db-secret.yaml +++ b/charts/nextcloud/templates/db-secret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-%s" .Release.Name "db" }} + name: {{ .Release.Name }}-db labels: app.kubernetes.io/name: {{ include "nextcloud.name" . }} helm.sh/chart: {{ include "nextcloud.chart" . }} @@ -12,14 +12,14 @@ metadata: type: Opaque data: {{- if .Values.mariadb.enabled }} - db-password: {{ default "" .Values.mariadb.auth.password | b64enc | quote }} - db-username: {{ default "" .Values.mariadb.auth.username | b64enc | quote }} + db-username: {{ .Values.mariadb.auth.username | b64enc | quote }} + db-password: {{ .Values.mariadb.auth.password | b64enc | quote }} {{- else if .Values.postgresql.enabled }} - db-password: {{ default "" .Values.postgresql.global.postgresql.auth.password | b64enc | quote }} - db-username: {{ default "" .Values.postgresql.global.postgresql.auth.username | b64enc | quote }} + db-username: {{ .Values.postgresql.global.postgresql.auth.username | b64enc | quote }} + db-password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }} {{- else }} - db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} - db-username: {{ default "" .Values.externalDatabase.user | b64enc | quote }} + db-username: {{ .Values.externalDatabase.user | b64enc | quote }} + db-password: {{ .Values.externalDatabase.password | b64enc | quote }} {{- end }} {{- end }} {{- end }} diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index 6834f68f..c06616e1 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -8,17 +9,17 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/component: app - {{- if .Values.deploymentLabels }} -{{ toYaml .Values.deploymentLabels | indent 4 }} - {{- end }} - {{- if .Values.deploymentAnnotations }} + {{- with .Values.deploymentLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.deploymentAnnotations }} annotations: -{{ toYaml .Values.deploymentAnnotations | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} spec: replicas: {{ .Values.replicaCount }} strategy: -{{ toYaml .Values.nextcloud.strategy | indent 4 }} + {{- toYaml .Values.nextcloud.strategy | nindent 4 }} selector: matchLabels: app.kubernetes.io/name: {{ include "nextcloud.name" . }} @@ -33,8 +34,8 @@ spec: {{- if .Values.redis.enabled }} {{ template "nextcloud.redis.fullname" . }}-client: "true" {{- end }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} {{- end }} annotations: nextcloud-config-hash: {{ print (toJson .Values.nextcloud.defaultConfigs) "-" (toJson .Values.nextcloud.configs) | sha256sum }} @@ -42,315 +43,321 @@ spec: {{- if .Values.nginx.enabled }} nginx-config-hash: {{ print .Values.nginx.config.default "-" .Values.nginx.config.custom | sha256sum }} {{- end }} - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- if .Values.image.pullSecrets }} + {{- with .Values.image.pullSecrets }} imagePullSecrets: - {{- range .Values.image.pullSecrets }} + {{- range . }} - name: {{ . }} - {{- end}} + {{- end}} {{- end }} containers: - - name: {{ .Chart.Name }} - image: {{ include "nextcloud.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycle }} - lifecycle: - {{- if .Values.lifecycle.postStartCommand }} - postStart: - exec: - command: - {{- toYaml .Values.lifecycle.postStartCommand | nindent 16 -}} - {{- end }} - {{- if .Values.lifecycle.preStopCommand }} - preStop: - exec: - command: - {{- toYaml .Values.lifecycle.preStopCommand | nindent 16 -}} - {{- end }} - {{- end }} - env: -{{- include "nextcloud.env" . | indent 8 }} - {{- if not .Values.nginx.enabled }} - ports: - - name: http - containerPort: {{ .Values.nextcloud.containerPort }} - protocol: TCP - {{- end }} - {{- if and .Values.livenessProbe.enabled (not .Values.nginx.enabled) }} - livenessProbe: - httpGet: - path: /status.php - port: {{ .Values.nextcloud.containerPort }} - httpHeaders: - - name: Host - value: {{ .Values.nextcloud.host | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if and .Values.readinessProbe.enabled (not .Values.nginx.enabled) }} - readinessProbe: - httpGet: - path: /status.php - port: {{ .Values.nextcloud.containerPort }} - httpHeaders: - - name: Host - value: {{ .Values.nextcloud.host | quote }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if and .Values.startupProbe.enabled (not .Values.nginx.enabled) }} - startupProbe: - httpGet: - path: /status.php - port: {{ .Values.nextcloud.containerPort }} - httpHeaders: - - name: Host - value: {{ .Values.nextcloud.host | quote }} - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} - {{- if .Values.nextcloud.securityContext}} - securityContext: + - name: {{ .Chart.Name }} + image: {{ include "nextcloud.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.lifecycle }} + lifecycle: + {{- with .postStartCommand }} + postStart: + exec: + command: + {{- toYaml . | nindent 18 -}} + {{- end }} + {{- with .preStopCommand }} + preStop: + exec: + command: + {{- toYaml . | nindent 18 -}} + {{- end }} + {{- end }} + env: + {{- include "nextcloud.env" . | nindent 12 }} + {{- if not .Values.nginx.enabled }} + ports: + - name: http + containerPort: {{ .Values.nextcloud.containerPort }} + protocol: TCP + {{- with .Values.livenessProbe }} + {{- if .enabled }} + livenessProbe: + httpGet: + path: /status.php + port: {{ $.Values.nextcloud.containerPort }} + httpHeaders: + - name: Host + value: {{ $.Values.nextcloud.host | quote }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} + {{- with .Values.readinessProbe }} + {{- if .enabled }} + readinessProbe: + httpGet: + path: /status.php + port: {{ $.Values.nextcloud.containerPort }} + httpHeaders: + - name: Host + value: {{ $.Values.nextcloud.host | quote }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} + {{- with .Values.startupProbe }} + {{- if .enabled }} + startupProbe: + httpGet: + path: /status.php + port: {{ $.Values.nextcloud.containerPort }} + httpHeaders: + - name: Host + value: {{ $.Values.nextcloud.host | quote }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} + {{- end }}{{/* end-if not nginx.enabled */}} + resources: + {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nextcloud.securityContext }} - {{- toYaml . | nindent 10 }} + securityContext: + {{- toYaml . | nindent 12 }} {{- end }} - {{- end }} - volumeMounts: - {{- include "nextcloud.volumeMounts" . | trim | nindent 8 }} - {{- if .Values.cronjob.enabled }} - - name: {{ .Chart.Name }}-cron - image: {{ include "nextcloud.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /cron.sh - {{- if .Values.cronjob.lifecycle }} - lifecycle: - {{- if .Values.cronjob.lifecycle.postStartCommand }} - postStart: - exec: - command: - {{- toYaml .Values.cronjob.lifecycle.postStartCommand | nindent 16 -}} - {{- end }} - {{- if .Values.cronjob.lifecycle.preStopCommand }} - preStop: - exec: - command: - {{- toYaml .Values.cronjob.lifecycle.preStopCommand | nindent 16 -}} - {{- end }} - {{- end }} - env: -{{- include "nextcloud.env" . | indent 8 }} - resources: -{{ toYaml .Values.cronjob.resources | indent 10 }} - {{- if .Values.cronjob.securityContext}} - securityContext: - {{- with .Values.cronjob.securityContext }} - {{- toYaml . | nindent 10 }} + volumeMounts: + {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }} + {{- if .Values.nginx.enabled }} + - name: {{ .Chart.Name }}-nginx + image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}" + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + ports: + - name: http + protocol: TCP + containerPort: {{ .Values.nextcloud.containerPort }} + {{- with .Values.livenessProbe }} + {{- if .enabled }} + livenessProbe: + httpGet: + path: /status.php + port: {{ $.Values.nextcloud.containerPort }} + httpHeaders: + - name: Host + value: {{ $.Values.nextcloud.host | quote }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} {{- end }} - {{- end }} - volumeMounts: -{{- include "nextcloud.volumeMounts" . | trim | nindent 8 }} - {{- end }} - {{- if .Values.nginx.enabled }} - - name: {{ .Chart.Name }}-nginx - image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.nextcloud.containerPort }} - protocol: TCP - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /status.php - port: http - httpHeaders: - - name: Host - value: {{ .Values.nextcloud.host | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /status.php - port: {{ .Values.nextcloud.containerPort }} - httpHeaders: - - name: Host - value: {{ .Values.nextcloud.host | quote }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - httpGet: - path: /status.php - port: {{ .Values.nextcloud.containerPort }} - httpHeaders: - - name: Host - value: {{ .Values.nextcloud.host | quote }} - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- end }} + {{- end }} + {{- with .Values.readinessProbe }} + {{- if .enabled }} + readinessProbe: + httpGet: + path: /status.php + port: {{ $.Values.nextcloud.containerPort }} + httpHeaders: + - name: Host + value: {{ $.Values.nextcloud.host | quote }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} + {{- with .Values.startupProbe }} + {{- if .enabled }} + startupProbe: + httpGet: + path: /status.php + port: {{ $.Values.nextcloud.containerPort }} + httpHeaders: + - name: Host + value: {{ $.Values.nextcloud.host | quote }} + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + timeoutSeconds: {{ .timeoutSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} - resources: -{{ toYaml .Values.nginx.resources | indent 10 }} - {{- if .Values.nginx.securityContext}} - securityContext: + resources: + {{- toYaml .Values.nginx.resources | nindent 12 }} {{- with .Values.nginx.securityContext }} - {{- toYaml . | nindent 10 }} + securityContext: + {{- toYaml . | nindent 12 }} {{- end }} + volumeMounts: + - name: nextcloud-main + mountPath: /var/www/ + subPath: {{ ternary "root" (printf "%s/root" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} + - name: nextcloud-main + mountPath: /var/www/html + subPath: {{ ternary "html" (printf "%s/html" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} + {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }} + - name: nextcloud-data + mountPath: {{ .Values.nextcloud.datadir }} + subPath: {{ ternary "data" (printf "%s/data" .Values.persistence.nextcloudData.subPath) (empty .Values.persistence.nextcloudData.subPath) }} + {{- else }} + - name: nextcloud-main + mountPath: {{ .Values.nextcloud.datadir }} + subPath: {{ ternary "data" (printf "%s/data" .Values.persistence.subPath) (empty .Values.persistence.subPath) }} + {{- end }} + - name: nextcloud-main + mountPath: /var/www/html/config + subPath: {{ ternary "config" (printf "%s/config" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} + - name: nextcloud-main + mountPath: /var/www/html/custom_apps + subPath: {{ ternary "custom_apps" (printf "%s/custom_apps" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} + - name: nextcloud-main + mountPath: /var/www/tmp + subPath: {{ ternary "tmp" (printf "%s/tmp" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} + - name: nextcloud-main + mountPath: /var/www/html/themes + subPath: {{ ternary "themes" (printf "%s/themes" .Values.nextcloud.persistence.subPath) (empty .Values.nextcloud.persistence.subPath) }} + - name: nextcloud-nginx-config + mountPath: /etc/nginx/conf.d/ + {{- with .Values.nextcloud.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }}{{/* end-if nginx.enabled */}} + {{- if .Values.cronjob.enabled }} + - name: {{ .Chart.Name }}-cron + image: {{ include "nextcloud.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /cron.sh + {{- with .Values.cronjob.lifecycle }} + lifecycle: + {{- with .postStartCommand }} + postStart: + exec: + command: + {{- toYaml . | nindent 18 -}} + {{- end }} + {{- with .preStopCommand }} + preStop: + exec: + command: + {{- toYaml . | nindent 18 -}} + {{- end }} + {{- end }} + env: + {{- include "nextcloud.env" . | nindent 12 }} + resources: + {{- toYaml .Values.cronjob.resources | nindent 12 }} + {{- with .Values.cronjob.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }} + {{- end }}{{/* end-if cronjob.enabled */}} + {{- with .Values.nextcloud.extraSidecarContainers }} + {{- toYaml . | nindent 8 }} {{- end }} - volumeMounts: - - name: nextcloud-main - mountPath: /var/www/ - subPath: {{ ternary "root" (printf "%s/%s" .Values.nextcloud.persistence.subPath "root") (empty .Values.nextcloud.persistence.subPath) }} - - name: nextcloud-main - mountPath: /var/www/html - subPath: {{ ternary "html" (printf "%s/%s" .Values.nextcloud.persistence.subPath "html") (empty .Values.nextcloud.persistence.subPath) }} - {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }} - - name: nextcloud-data - mountPath: {{ .Values.nextcloud.datadir }} - subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.nextcloudData.subPath "data") (empty .Values.persistence.nextcloudData.subPath) }} - {{- else }} - - name: nextcloud-main - mountPath: {{ .Values.nextcloud.datadir }} - subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }} - {{- end }} - - name: nextcloud-main - mountPath: /var/www/html/config - subPath: {{ ternary "config" (printf "%s/%s" .Values.nextcloud.persistence.subPath "config") (empty .Values.nextcloud.persistence.subPath) }} - - name: nextcloud-main - mountPath: /var/www/html/custom_apps - subPath: {{ ternary "custom_apps" (printf "%s/%s" .Values.nextcloud.persistence.subPath "custom_apps") (empty .Values.nextcloud.persistence.subPath) }} - - name: nextcloud-main - mountPath: /var/www/tmp - subPath: {{ ternary "tmp" (printf "%s/%s" .Values.nextcloud.persistence.subPath "tmp") (empty .Values.nextcloud.persistence.subPath) }} - - name: nextcloud-main - mountPath: /var/www/html/themes - subPath: {{ ternary "themes" (printf "%s/%s" .Values.nextcloud.persistence.subPath "themes") (empty .Values.nextcloud.persistence.subPath) }} - - name: nextcloud-nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - {{- if .Values.nextcloud.extraVolumeMounts }} - {{- toYaml .Values.nextcloud.extraVolumeMounts | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.nextcloud.extraSidecarContainers }} - {{- toYaml . | nindent 6 }} - {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- if or .Values.nextcloud.extraInitContainers .Values.mariadb.enabled .Values.postgresql.enabled }} initContainers: - {{- if .Values.nextcloud.extraInitContainers }} - {{- toYaml .Values.nextcloud.extraInitContainers | nindent 6 }} - {{- end }} - {{- if .Values.mariadb.enabled }} - - name: mariadb-isalive - image: {{ .Values.mariadb.image.registry }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }} - env: - - name: MYSQL_USER - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }} - command: - - "sh" - - "-c" - - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }} - {{- else if .Values.postgresql.enabled }} - - name: postgresql-isready - image: {{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} - env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }} - - name: POSTGRES_HOST - value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} - command: - - "sh" - - "-c" - - "until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; done" - {{- end }} - {{- end }} - {{- with .Values.affinity }} + {{- with .Values.nextcloud.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.mariadb.enabled }} + - name: mariadb-isalive + image: {{ .Values.mariadb.image.registry }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }} + env: + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.usernameKey }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.passwordKey }} + command: + - "sh" + - "-c" + - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }} + {{- else if .Values.postgresql.enabled }} + - name: postgresql-isready + image: {{ .Values.postgresql.image.registry | default "docker.io" }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} + key: {{ .Values.externalDatabase.existingSecret.usernameKey }} + - name: POSTGRES_HOST + value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} + command: + - "sh" + - "-c" + - "until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; done" + {{- end }}{{/* end-if any database-initContainer */}} + {{- end }}{{/* end-if any initContainer */}} + {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} + {{- end }} + {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: nextcloud-main - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud{{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }} - - name: nextcloud-data - persistentVolumeClaim: - claimName: {{ if .Values.persistence.nextcloudData.existingClaim }}{{ .Values.persistence.nextcloudData.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud-data{{- end }} - {{- end }} - {{- if .Values.nextcloud.configs }} - - name: nextcloud-config - configMap: - name: {{ template "nextcloud.fullname" . }}-config - {{- end }} - {{- if .Values.nextcloud.phpConfigs }} - - name: nextcloud-phpconfig - configMap: - name: {{ template "nextcloud.fullname" . }}-phpconfig - {{- end }} - {{- if .Values.nginx.enabled }} - - name: nextcloud-nginx-config - configMap: - name: {{ template "nextcloud.fullname" . }}-nginxconfig - {{- end }} - {{- if .Values.nextcloud.extraVolumes }} -{{ toYaml .Values.nextcloud.extraVolumes | indent 6 }} {{- end }} + volumes: + - name: nextcloud-main + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud{{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }} + - name: nextcloud-data + persistentVolumeClaim: + claimName: {{ if .Values.persistence.nextcloudData.existingClaim }}{{ .Values.persistence.nextcloudData.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud-data{{- end }} + {{- end }} + {{- if .Values.nextcloud.configs }} + - name: nextcloud-config + configMap: + name: {{ template "nextcloud.fullname" . }}-config + {{- end }} + {{- if .Values.nextcloud.phpConfigs }} + - name: nextcloud-phpconfig + configMap: + name: {{ template "nextcloud.fullname" . }}-phpconfig + {{- end }} + {{- if .Values.nginx.enabled }} + - name: nextcloud-nginx-config + configMap: + name: {{ template "nextcloud.fullname" . }}-nginxconfig + {{- end }} + {{- with .Values.nextcloud.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} securityContext: - {{- if .Values.nextcloud.podSecurityContext }} - {{- with .Values.nextcloud.podSecurityContext }} - {{- toYaml . | nindent 8 }} + {{- with .Values.securityContext }} + {{- toYaml . | nindent 8 }} {{- end }} - {{- else }} + {{- with .Values.nextcloud.podSecurityContext }} + {{- toYaml . | nindent 8 }} + {{- else }} {{- if .Values.nginx.enabled }} # Will mount configuration files as www-data (id: 82) for nextcloud fsGroup: 82 @@ -358,12 +365,7 @@ spec: # Will mount configuration files as www-data (id: 33) for nextcloud fsGroup: 33 {{- end }} - {{- if .Values.securityContext }} - {{- with .Values.securityContext }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- end }} + {{- end }}{{/* end-with podSecurityContext */}} {{- if .Values.rbac.enabled }} serviceAccountName: {{ .Values.rbac.serviceaccount.name }} {{- end }} diff --git a/charts/nextcloud/templates/metrics-deployment.yaml b/charts/nextcloud/templates/metrics-deployment.yaml index e4c71853..ea30e918 100644 --- a/charts/nextcloud/templates/metrics-deployment.yaml +++ b/charts/nextcloud/templates/metrics-deployment.yaml @@ -43,18 +43,18 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.tokenKey | default "nextcloud-token" }} + key: {{ .Values.nextcloud.existingSecret.tokenKey }} {{- else }} - name: NEXTCLOUD_USERNAME valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.usernameKey | default "nextcloud-username" }} + key: {{ .Values.nextcloud.existingSecret.usernameKey }} - name: NEXTCLOUD_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} - key: {{ .Values.nextcloud.existingSecret.passwordKey | default "nextcloud-password" }} + key: {{ .Values.nextcloud.existingSecret.passwordKey }} {{- end }} # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint - name: NEXTCLOUD_SERVER diff --git a/charts/nextcloud/templates/nginx-config.yaml b/charts/nextcloud/templates/nginx-config.yaml index 973aadeb..df5b64c5 100644 --- a/charts/nextcloud/templates/nginx-config.yaml +++ b/charts/nextcloud/templates/nginx-config.yaml @@ -1,163 +1,134 @@ -{{- define "nginx.conf" }} - worker_processes auto; - - error_log /var/log/nginx/error.log warn; - pid /tmp/nginx.pid; - - - events { - worker_connections 1024; +{{- define "default.conf" }} + upstream php-handler { + server 127.0.0.1:9000; } - - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - upstream php-handler { - server 127.0.0.1:9000; - } - - server { - listen {{ .Values.nginx.containerPort | default "80" }}; - - # HSTS settings - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Pagespeed is not supported by Nextcloud, so if your server is built - # with the `ngx_pagespeed` module, uncomment this line to disable it. - #pagespeed off; - - # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - # Specify how to handle directories -- specifying `/index.php$request_uri` - # here as the fallback means that Nginx always exhibits the desired behaviour - # when a client requests a path that corresponds to a directory that exists - # on the server. In particular, if that directory contains an index.php file, - # that file is correctly served; if it doesn't, then the request is passed to - # the front-end controller. This consistent behaviour means that we don't need - # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus - # `try_files $uri $uri/ /index.php$request_uri` - # always provides the desired behaviour. - index index.php index.html /index.php$request_uri; - - # Rule borrowed from `.htaccess` to handle Microsoft DAV clients - location = / { - if ( $http_user_agent ~ ^DavClnt ) { - return 302 /remote.php/webdav/$is_args$args; - } + server { + listen {{ .Values.nginx.containerPort | default "80" }}; + + # HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + + # set max upload size + client_max_body_size 10G; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; + + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; } + } - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - # Make a regex exception for `/.well-known` so that clients can still - # access it despite the existence of the regex rule - # `location ~ /(\.|autotest|...)` which would otherwise handle requests - # for `/.well-known`. - location ^~ /.well-known { - # The following 6 rules are borrowed from `.htaccess` + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The following 6 rules are borrowed from `.htaccess` - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - # Anything else is dynamically handled by Nextcloud - location ^~ /.well-known { return 301 /index.php$uri; } + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + # Anything else is dynamically handled by Nextcloud + location ^~ /.well-known { return 301 /index.php$uri; } - try_files $uri $uri/ =404; - } + try_files $uri $uri/ =404; + } - # Rules borrowed from `.htaccess` to hide certain paths from clients - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - # Ensure this block, which passes PHP files to the PHP process, is above the blocks - # which handle static assets (as seen below). If this block is not declared first, - # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` - # to the URI, resulting in a HTTP 500 error response. - location ~ \.php(?:$|/) { - # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - set $path_info $fastcgi_path_info; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; + try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - #fastcgi_param HTTPS on; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + #fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice - fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_pass php-handler; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } - location ~ \.(?:css|js|svg|gif)$ { - try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } - location ~ \.woff2?$ { - try_files $uri /index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } - location / { - try_files $uri $uri/ /index.php$request_uri; - } + location / { + try_files $uri $uri/ /index.php$request_uri; } } {{- end }} @@ -173,10 +144,12 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} data: - nginx.conf: |- {{- if .Values.nginx.config.default }} - {{- template "nginx.conf" $ }} -{{- else }} + default.conf: |- + {{- template "default.conf" $ }} +{{- end }} +{{- if .Values.nginx.config.custom }} + zz-custom.conf: |- {{ .Values.nginx.config.custom | indent 4 }} {{- end }} {{- end }} diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 4d4d93c4..e231a16e 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -27,6 +27,7 @@ ingress: # nginx.ingress.kubernetes.io/proxy-body-size: 4G # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: letsencrypt-prod + # # Keep this in sync with the README.md: # nginx.ingress.kubernetes.io/server-snippet: |- # server_tokens off; # proxy_hide_header X-Powered-By; @@ -78,12 +79,12 @@ nextcloud: existingSecret: enabled: false # secretName: nameofsecret - # usernameKey: nextcloud-username - # passwordKey: nextcloud-password - # tokenKey: nextcloud-token - # smtpUsernameKey: smtp-username - # smtpPasswordKey: smtp-password - # smtpHostKey: smtp-host + usernameKey: nextcloud-username + passwordKey: nextcloud-password + tokenKey: nextcloud-token + smtpUsernameKey: smtp-username + smtpPasswordKey: smtp-password + smtpHostKey: smtp-host update: 0 # If web server is not binding default port, you can define it containerPort: 80 @@ -252,7 +253,7 @@ externalDatabase: user: nextcloud ## Database password - password: + password: "" ## Database name database: nextcloud @@ -261,8 +262,8 @@ externalDatabase: existingSecret: enabled: false # secretName: nameofsecret - # usernameKey: db-username - # passwordKey: db-password + usernameKey: db-username + passwordKey: db-password # hostKey: db-hostname-or-ip # databaseKey: db-name