feat(nextcloud): add notify_push support

.github/workflows/lint-test.yaml

@@ -92,9 +92,16 @@ jobs:
 
           # test the helm chart with imaginary
           - name: Imaginary Enabled
-            helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml"
+            helm_args: |
+                --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml"
             test: true
 
+          # test the helm chart with notify push enabled
+          - name: Notify Push Enabled
+            helm_args: |
+                --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/notify_push.yaml"
+            testNotifyPush: true
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -161,6 +168,20 @@ jobs:
             kubectl logs --ignore-errors --prefix -l app.kubernetes.io/name=nextcloud
             exit $EXIT
 
+      - name: Run test for Notify Push
+        if: matrix.test_cases.testNotifyPush
+        # applies a kubernetes job that uploads a file and then checks log of finished pod
+        run: |
+            EXIT=0
+            kubectl config set-context --current --namespace=nextcloud
+            POD=$(kubectl get pods -o name --selector "app.kubernetes.io/component=app")
+            (kubectl wait --for=condition=Ready --timeout=2m "${POD}" && sleep 60) || EXIT=1
+            kubectl exec --stdin "${POD}"  -c nextcloud -- sh -c '
+              chsh -s /bin/sh www-data
+              su -l www-data -c "/var/www/html/occ notify_push:self-test"
+            ' || EXIT=1
+            exit $EXIT
+
   summary:
     runs-on: ubuntu-latest-low
     needs: [changes, test]

charts/nextcloud/CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+This Helm-Chart increase there major version on every breaking change (or major version of Nextcloud itself) inspired by semantic releases.
+
+Here we list all major versions and their breaking changes for migration.
+
+
+## v7
+
+- move `metrics.serviceMonitor` to `prometheus.serviceMonitor`: It is used for nextcloud-exporter and notify-push
+- change metrics port of service from 9205 to 9100 to get equal everywhere.

charts/nextcloud/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nextcloud
-version: 6.6.3
+version: 7.0.0
 # renovate: image=docker.io/library/nextcloud
 appVersion: 30.0.5
 description: A file sharing server that puts the control and security of your own data back into your hands.

charts/nextcloud/README.md

@@ -28,6 +28,7 @@ helm install my-release nextcloud/nextcloud
     * [Headers set on NGINX](#headers-set-on-nginx)
     * [Probes Configurations](#probes-configurations)
     * [Collabora Configuration](#collabora-configuration)
+    * [Notify Push](#notify-push)
     * [Imaginary](#imaginary)
 * [Cron jobs](#cron-jobs)
 * [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
@@ -500,6 +501,38 @@ The nextcloud deployment includes a series of different probes you can use to de
 > [!Note]
 > If you are getting errors on initialization (such as `Fatal error: require_once(): Failed opening required '/var/www/html/lib/versioncheck.php'`, but you can get other errors as well), a good first step is to try and enable the startupProbe and/or increase the `initialDelaySeconds` for the `livenessProbe` and `readinessProbe` to something much greater (consider using `120` seconds instead of `10`. This is an especially good idea if your cluster is running on older hardware, has a slow internet connection, or you're using a slower storage class, such as NFS that's running with older disks or a slow connection.
 
+### Notify Push
+
+We include an optional Client Push [nextcloud/notify_push](https://github.com/nextcloud/notify_push).
+
+
+| Parameter                              | Description                                                                      | Default                |
+|----------------------------------------|----------------------------------------------------------------------------------|------------------------|
+| `notifyPush.enabled`                   | Enable another deployment to handle notify_push (sometimes called ClientPush)    | `false`                |
+| `notifyPush.autoSetup`                 | Setup notify_push on nextcloud per docker-entrypoint-hooks before start          | `false`                |
+| `notifyPush.replicaCount`              | Number of notify-push pod replicas to deploy                                     | `1`                    |
+| `notifyPush.image.registry`            | notify-push image registry                                                       | `docker.io`            |
+| `notifyPush.image.repository`          | notify-push image name                                                           | `miles170/notify_push` |
+| `notifyPush.image.tag`                 | notify-push image tag                                                            | `v0.7.0`               |
+| `notifyPush.image.pullPolicy`          | notify-push image pull policy                                                    | `IfNotPresent`         |
+| `notifyPush.image.pullSecrets`         | notify-push image pull secrets                                                   | `[]`                   |
+| `notifyPush.extraEnv`                  | option additional env (if a external redis is used, you need to set REDIS_URL)   | `""`                   |
+| `notifyPush.podAnnotations`            | Additional annotations for notify-push pods                                      | `{}`                   |
+| `notifyPush.podLabels`                 | Additional labels for notify-push pods                                           | `{}`                   |
+| `notifyPush.podSecurityContext`        | Optional security context for the notify-push pod                                | `nil`                  |
+| `notifyPush.securityContext`           | Optional security context for the notify-push container                          | `nil`                  |
+| `notifyPush.resources`                 | notify-push resources                                                            | `{}`                   |
+| `notifyPush.service.type`              | notify-push: Kubernetes Service type                                             | `ClusterIP`            |
+| `notifyPush.service.loadBalancerIP`    | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `nil`                  |
+| `notifyPush.service.nodePort`          | notify-push: NodePort for service type NodePort                                  | `nil`                  |
+| `notifyPush.service.annotations`       | Additional annotations for service notify-push                                   | `{}`                   |
+| `notifyPush.service.labels`            | Additional labels for service notify-push                                        | `{}`                   |
+| `notifyPush.ingress.path`              | Add path in default ingress to notify_push service                               | `/push`                |
+| `notifyPush.ingress.pathType`          | PathType for additional path in default ingress for notify-push path             | `Prefix`               |
+
+> [!Note]
+> notify-push needs an redis (`redis.enabled=true` or `notifyPush.extraEnv=[{name:"REDIS_URL",...}]` )
+
 ### Collabora Configuration
 
 This section provides options to enable and configure the Collabora Online server within your deployment. Please ensure to review the [Collabora Online Helm chart documentation](https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online) for additional details and recommended values.

charts/nextcloud/files/notify_push.sh.tpl

@@ -0,0 +1,8 @@
+#!/bin/sh
+/var/www/html/occ app:enable notify_push
+/var/www/html/occ config:app:set notify_push base_endpoint --value="http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}"
+{{/*
+The command "setup" runs a check, which need a running nextcloud (but we try to configurate it during startup).
+So that command always failure and we stuck in bootloop. 
+/var/www/html/occ notify_push:setup "http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}"
+*/}}

charts/nextcloud/templates/_helpers.tpl

@@ -64,11 +64,7 @@ Create image name that is used in the deployment
 {{/*
 Create environment variables used to configure the nextcloud container as well as the cron sidecar container.
 */}}
-{{- define "nextcloud.env" -}}
-{{- if .Values.phpClientHttpsFix.enabled }}
-- name: OVERWRITEPROTOCOL
-  value: {{ .Values.phpClientHttpsFix.protocol | quote }}
-{{- end }}
+{{- define "nextcloud.env.database" -}}
 {{- if .Values.internalDatabase.enabled }}
 - name: SQLITE_DATABASE
   value: {{ .Values.internalDatabase.name | quote }}
@@ -87,6 +83,8 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
+- name: DATABASE_URL
+  value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)"
 {{- else if .Values.postgresql.enabled }}
 - name: POSTGRES_HOST
   value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }}
@@ -106,7 +104,9 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
-{{- else }}
+- name: DATABASE_URL
+  value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)"
+{{- else }}{{/* mariadb.enable or postgresql.enabled -> now external */}}
   {{- if eq .Values.externalDatabase.type "postgresql" }}
 - name: POSTGRES_HOST
   {{- if .Values.externalDatabase.existingSecret.hostKey }}
@@ -136,7 +136,9 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
-  {{- else }}
+- name: DATABASE_URL
+  value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)"
+  {{- else }}{{/* external.type = postgresql  */}}
 - name: MYSQL_HOST
   {{- if .Values.externalDatabase.existingSecret.hostKey }}
   valueFrom:
@@ -165,8 +167,45 @@ Create environment variables used to configure the nextcloud container as well a
     secretKeyRef:
       name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
       key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
-  {{- end }}
+- name: DATABASE_URL
+  value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)"
+  {{- end }}{{/* external.type = postgresql */}}
+{{- end }}{{/* not mariadb.enable or postgresql.enabled -> just external*/}}
+{{- end }}
+
+{{/*
+Redis env vars
+*/}}
+{{- define "nextcloud.env.redis" -}}
+- name: REDIS_HOST
+  value: {{ template "nextcloud.redis.fullname" . }}-master
+- name: REDIS_HOST_PORT
+  value: {{ .Values.redis.master.service.ports.redis | quote }}
+{{- if .Values.redis.auth.enabled }}
+{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }}
+- name: REDIS_HOST_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.redis.auth.existingSecret }}
+      key: {{ .Values.redis.auth.existingSecretPasswordKey }}
+{{- else }}
+- name: REDIS_HOST_PASSWORD
+  value: {{ .Values.redis.auth.password }}
+{{- end }}
+- name: REDIS_URL
+  value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST):$(REDIS_HOST_PORT)"
+{{- else }}
+- name: REDIS_URL
+  value: "redis://$(REDIS_HOST):$(REDIS_HOST_PORT)"
+{{- end }}
+{{- end }}
+
+{{- define "nextcloud.env" -}}
+{{- if .Values.phpClientHttpsFix.enabled }}
+- name: OVERWRITEPROTOCOL
+  value: {{ .Values.phpClientHttpsFix.protocol | quote }}
 {{- end }}
+{{- template "nextcloud.env.database" . }}
 - name: NEXTCLOUD_ADMIN_USER
   valueFrom:
     secretKeyRef:
@@ -216,26 +255,8 @@ Create environment variables used to configure the nextcloud container as well a
       name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
       key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey }}
 {{- end }}
-{{/*
-Redis env vars
-*/}}
 {{- if .Values.redis.enabled }}
-- name: REDIS_HOST
-  value: {{ template "nextcloud.redis.fullname" . }}-master
-- name: REDIS_HOST_PORT
-  value: {{ .Values.redis.master.service.ports.redis | quote }}
-{{- if .Values.redis.auth.enabled }}
-{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }}
-- name: REDIS_HOST_PASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.redis.auth.existingSecret }}
-      key: {{ .Values.redis.auth.existingSecretPasswordKey }}
-{{- else }}
-- name: REDIS_HOST_PASSWORD
-  value: {{ .Values.redis.auth.password }}
-{{- end }}
-{{- end }}
+{{ template "nextcloud.env.redis" . }}
 {{- end }}{{/* end if redis.enabled */}}
 {{/*
 S3 as primary object store env vars
@@ -342,7 +363,6 @@ Swift as primary object store env vars
 {{- end }}
 {{- end -}}
 
-
 {{/*
 Create volume mounts for the nextcloud container as well as the cron sidecar container.
 */}}

charts/nextcloud/templates/db-secret.yaml

@@ -13,14 +13,20 @@ metadata:
 type: Opaque
 data:
   {{- if .Values.mariadb.enabled }}
-  db-username: {{ .Values.mariadb.auth.username | b64enc | quote }}
-  db-password: {{ .Values.mariadb.auth.password | b64enc | quote }}
+  {{- with .Values.mariadb.auth }}
+  db-username: {{ .username | b64enc | quote }}
+  db-password: {{ .password | b64enc | quote }}
+  {{- end }}
   {{- else if .Values.postgresql.enabled }}
-  db-username: {{ .Values.postgresql.global.postgresql.auth.username | b64enc | quote }}
-  db-password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }}
+  {{- with .Values.postgresql.global.postgresql.auth }}
+  db-username: {{ .username | b64enc | quote }}
+  db-password: {{ .password | b64enc | quote }}
+  {{- end }}
   {{- else }}
-  db-username: {{ .Values.externalDatabase.user | b64enc | quote }}
-  db-password: {{ .Values.externalDatabase.password | b64enc | quote }}
+  {{- with .Values.externalDatabase }}
+  db-username: {{ .user | b64enc | quote }}
+  db-password: {{ .password | b64enc | quote }}
+  {{- end }}
   {{- end }}
 {{- end }}
 {{- end }}

charts/nextcloud/templates/deployment.yaml

@@ -139,6 +139,12 @@ spec:
           {{- end }}
           volumeMounts:
             {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }}
+            {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }}
+            - name: nextcloud-notify-hooks
+              mountPath: /docker-entrypoint-hooks.d/before-starting/notify_push.sh
+              subPath: notify_push.sh
+              readOnly: true
+            {{- end }}
             {{- range $hook, $shell := .Values.nextcloud.hooks }}
             {{- if $shell }}
             - name: nextcloud-hooks
@@ -294,45 +300,30 @@ spec:
         {{- end }}
         {{- if .Values.mariadb.enabled }}
         - name: mariadb-isalive
-          image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
+          image: {{ .Values.mariadb.image.registry }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
           {{- with .Values.nextcloud.mariaDbInitContainer }}
           resources:
             {{- toYaml .resources | nindent 12 }}
           securityContext:
             {{- toYaml .securityContext | nindent 12 }}
           {{- end }}
           env:
-            - name: MYSQL_USER
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
-                  key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
-            - name: MYSQL_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
-                  key: {{ .Values.externalDatabase.existingSecret.passwordKey }}
+            {{- include "nextcloud.env.database" . | nindent 12 }} 
           command:
             - "sh"
             - "-c"
-            - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }}
+            - {{ printf "until mysql --host=${MYSQL_HOST} --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" }}
         {{- else if .Values.postgresql.enabled }}
         - name: postgresql-isready
-          image: {{ .Values.postgresql.image.registry | default "docker.io"  }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
+          image: {{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
           {{- with .Values.nextcloud.postgreSqlInitContainer }}
           resources:
             {{- toYaml .resources | nindent 12 }}
           securityContext:
             {{- toYaml .securityContext | nindent 12 }}
           {{- end }}
           env:
-            - name: POSTGRES_USER
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }}
-                  key: {{ .Values.externalDatabase.existingSecret.usernameKey }}
-            - name: POSTGRES_HOST
-              value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }}
+            {{- include "nextcloud.env.database" . | nindent 12 }} 
           command:
             - "sh"
             - "-c"
@@ -375,6 +366,15 @@ spec:
           configMap:
             name: {{ template "nextcloud.fullname" . }}-nginxconfig
         {{- end }}
+        {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }}
+        - name: nextcloud-notify-hooks
+          configMap:
+            name: {{ template "nextcloud.fullname" . }}-notify-push
+            defaultMode: 0o755
+            items:
+              - key: hook.sh
+                path: notify_push.sh
+        {{- end }}
         {{- if not (values .Values.nextcloud.hooks | compact | empty) }}
         - name: nextcloud-hooks
           configMap:

charts/nextcloud/templates/ingress.yaml

@@ -39,6 +39,15 @@ spec:
               serviceName: {{ template "nextcloud.fullname" . }}
               servicePort: {{ .Values.service.port }}
               {{- end }}
+          {{- if .Values.notifyPush.enabled }}
+          - path: {{ .Values.notifyPush.ingress.path }}
+            pathType: {{ .Values.notifyPush.ingress.pathType }}
+            backend:
+              service:
+                name: {{ template "nextcloud.fullname" . }}-notify-push
+                port:
+                  name: http
+          {{- end }}
   {{- with .Values.ingress.tls }}
   tls:
     {{- toYaml . | nindent 4 }}