|
|
@@ -1,746 +0,0 @@
|
|
|
-# helm repo add nextcloud https://nextcloud.github.io/helm/
|
|
|
-# helm upgrade --install nextcloud nextcloud/nextcloud -n nextcloud -f values.yaml --version 3.5.14
|
|
|
-
|
|
|
-# Upgrading:
|
|
|
-# su -s /bin/bash - www-data
|
|
|
-# cd /var/www/html
|
|
|
-# PHP_MEMORY_LIMIT=512M ./occ upgrade
|
|
|
-
|
|
|
-# Forwarding IPs requires:
|
|
|
-#
|
|
|
-# 'trusted_proxies' =>
|
|
|
-# array (
|
|
|
-# 0 => '10.42.0.0/16',
|
|
|
-# 1 => '127.0.0.1',
|
|
|
-# ),
|
|
|
-# 'overwritecondaddr' => '^10\.42\.[0-9]+\.[0-9]+$',
|
|
|
-#
|
|
|
-# For whatever your ingress is.
|
|
|
-
|
|
|
-## Official nextcloud image version
|
|
|
-## ref: https://hub.docker.com/r/library/nextcloud/tags/
|
|
|
-##
|
|
|
-image:
|
|
|
- repository: nextcloud
|
|
|
- tag: 31.0.4-apache
|
|
|
- pullPolicy: IfNotPresent
|
|
|
- # pullSecrets:
|
|
|
- # - myRegistrKeySecretName
|
|
|
-
|
|
|
-nameOverride: ""
|
|
|
-fullnameOverride: ""
|
|
|
-podAnnotations: {}
|
|
|
-deploymentAnnotations: {}
|
|
|
-deploymentLabels: {}
|
|
|
-
|
|
|
-# Number of replicas to be deployed
|
|
|
-replicaCount: 1
|
|
|
-
|
|
|
-## Allowing use of ingress controllers
|
|
|
-## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
|
|
|
-##
|
|
|
-ingress:
|
|
|
- enabled: false
|
|
|
- # className: nginx
|
|
|
- annotations: {}
|
|
|
- # nginx.ingress.kubernetes.io/proxy-body-size: 4G
|
|
|
- # kubernetes.io/tls-acme: "true"
|
|
|
- # cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
|
- # nginx.ingress.kubernetes.io/server-snippet: |-
|
|
|
- # server_tokens off;
|
|
|
- # proxy_hide_header X-Powered-By;
|
|
|
- # rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
|
|
|
- # rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
|
|
|
- # rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
|
|
- # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
|
|
|
- # location = /.well-known/carddav {
|
|
|
- # return 301 $scheme://$host/remote.php/dav;
|
|
|
- # }
|
|
|
- # location = /.well-known/caldav {
|
|
|
- # return 301 $scheme://$host/remote.php/dav;
|
|
|
- # }
|
|
|
- # location = /robots.txt {
|
|
|
- # allow all;
|
|
|
- # log_not_found off;
|
|
|
- # access_log off;
|
|
|
- # }
|
|
|
- # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
|
|
- # deny all;
|
|
|
- # }
|
|
|
- # location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
|
|
|
- # deny all;
|
|
|
- # }
|
|
|
- # tls:
|
|
|
- # - secretName: nextcloud-tls
|
|
|
- # hosts:
|
|
|
- # - nextcloud.kube.home
|
|
|
- labels: {}
|
|
|
- path: /
|
|
|
- pathType: Prefix
|
|
|
-
|
|
|
-
|
|
|
-# Allow configuration of lifecycle hooks
|
|
|
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
|
|
|
-lifecycle: {}
|
|
|
- # postStartCommand: []
|
|
|
- # preStopCommand: []
|
|
|
-
|
|
|
-phpClientHttpsFix:
|
|
|
- enabled: false
|
|
|
- protocol: https
|
|
|
-
|
|
|
-nextcloud:
|
|
|
- host: nextcloud.jibby.org
|
|
|
- username: josh
|
|
|
- password: ""
|
|
|
- ## Use an existing secret
|
|
|
- existingSecret:
|
|
|
- enabled: false
|
|
|
- # secretName: nameofsecret
|
|
|
- # usernameKey: nextcloud-username
|
|
|
- # passwordKey: nextcloud-password
|
|
|
- # tokenKey: nextcloud-token
|
|
|
- # smtpUsernameKey: smtp-username
|
|
|
- # smtpPasswordKey: smtp-password
|
|
|
- update: 0
|
|
|
- # If web server is not binding default port, you can define it
|
|
|
- containerPort: 80
|
|
|
- datadir: /var/www/html/data
|
|
|
- persistence:
|
|
|
- subPath:
|
|
|
- mail:
|
|
|
- enabled: false
|
|
|
- fromAddress: user
|
|
|
- domain: domain.com
|
|
|
- smtp:
|
|
|
- host: domain.com
|
|
|
- secure: ssl
|
|
|
- port: 465
|
|
|
- authtype: LOGIN
|
|
|
- name: user
|
|
|
- password: pass
|
|
|
- # PHP Configuration files
|
|
|
- # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
|
|
|
- phpConfigs:
|
|
|
- www.conf: |
|
|
|
- [www]
|
|
|
- user = www-data
|
|
|
- group = www-data
|
|
|
- listen = 127.0.0.1:9000
|
|
|
- pm = dynamic
|
|
|
- pm.max_children = 86
|
|
|
- pm.start_servers = 21
|
|
|
- pm.min_spare_servers = 21
|
|
|
- pm.max_spare_servers = 64
|
|
|
- ; for large file uploads
|
|
|
- request_terminate_timeout = 3600
|
|
|
- # Default config files
|
|
|
- # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
|
|
|
- # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
|
|
|
- defaultConfigs:
|
|
|
- # To protect /var/www/html/config
|
|
|
- .htaccess: true
|
|
|
- # Redis default configuration
|
|
|
- redis.config.php: true
|
|
|
- # Apache configuration for rewrite urls
|
|
|
- apache-pretty-urls.config.php: true
|
|
|
- # Define APCu as local cache
|
|
|
- apcu.config.php: true
|
|
|
- # Apps directory configs
|
|
|
- apps.config.php: true
|
|
|
- # Used for auto configure database
|
|
|
- autoconfig.php: true
|
|
|
- # SMTP default configuration
|
|
|
- smtp.config.php: true
|
|
|
- # Extra config files created in /var/www/html/config/
|
|
|
- # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
|
|
|
- configs: {}
|
|
|
-
|
|
|
- # For example, to use S3 as primary storage
|
|
|
- # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
|
|
|
- #
|
|
|
- # configs:
|
|
|
- # s3.config.php: |-
|
|
|
- # <?php
|
|
|
- # $CONFIG = array (
|
|
|
- # 'objectstore' => array(
|
|
|
- # 'class' => '\\OC\\Files\\ObjectStore\\S3',
|
|
|
- # 'arguments' => array(
|
|
|
- # 'bucket' => 'my-bucket',
|
|
|
- # 'autocreate' => true,
|
|
|
- # 'key' => 'xxx',
|
|
|
- # 'secret' => 'xxx',
|
|
|
- # 'region' => 'us-east-1',
|
|
|
- # 'use_ssl' => true
|
|
|
- # )
|
|
|
- # )
|
|
|
- # );
|
|
|
-
|
|
|
- ## Strategy used to replace old pods
|
|
|
- ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
|
|
|
- ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
|
- strategy:
|
|
|
- type: Recreate
|
|
|
- # type: RollingUpdate
|
|
|
- # rollingUpdate:
|
|
|
- # maxSurge: 1
|
|
|
- # maxUnavailable: 0
|
|
|
-
|
|
|
- ##
|
|
|
- ## Extra environment variables
|
|
|
- extraEnv:
|
|
|
- - name: REDIS_HOST
|
|
|
- valueFrom:
|
|
|
- secretKeyRef:
|
|
|
- name: redis-client-secret
|
|
|
- key: REDIS_HOST
|
|
|
- - name: REDIS_HOST_PASSWORD
|
|
|
- valueFrom:
|
|
|
- secretKeyRef:
|
|
|
- name: redis-client-secret
|
|
|
- key: REDIS_HOST_PASSWORD
|
|
|
-
|
|
|
- # Extra init containers that runs before pods start.
|
|
|
- extraInitContainers: []
|
|
|
- # - name: do-something
|
|
|
- # image: busybox
|
|
|
- # command: ['do', 'something']
|
|
|
-
|
|
|
- # Extra sidecar containers.
|
|
|
- extraSidecarContainers: []
|
|
|
- # - name: nextcloud-logger
|
|
|
- # image: busybox
|
|
|
- # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log']
|
|
|
- # volumeMounts:
|
|
|
- # - name: nextcloud-data
|
|
|
- # mountPath: /run/nextcloud/data
|
|
|
-
|
|
|
- # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
|
|
|
- # to NextCloud pods in Kubernetes. This can then be configured in External Storage
|
|
|
- extraVolumes:
|
|
|
- # - name: nfs
|
|
|
- # nfs:
|
|
|
- # server: "10.0.0.1"
|
|
|
- # path: "/nextcloud_data"
|
|
|
- # readOnly: false
|
|
|
- extraVolumeMounts:
|
|
|
- # - name: nfs
|
|
|
- # mountPath: "/legacy_data"
|
|
|
-
|
|
|
- # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container).
|
|
|
- # For example, you may need to define runAsNonRoot directive
|
|
|
- securityContext: {}
|
|
|
- # runAsUser: 33
|
|
|
- # runAsGroup: 33
|
|
|
- # runAsNonRoot: true
|
|
|
- # readOnlyRootFilesystem: false
|
|
|
-
|
|
|
- # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive
|
|
|
- podSecurityContext: {}
|
|
|
- # runAsUser: 33
|
|
|
- # runAsGroup: 33
|
|
|
- # runAsNonRoot: true
|
|
|
- # readOnlyRootFilesystem: false
|
|
|
-
|
|
|
-nginx:
|
|
|
- ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
|
|
|
- # disabling for large uploads on android(?)
|
|
|
- enabled: false
|
|
|
- image:
|
|
|
- repository: nginx
|
|
|
- tag: alpine
|
|
|
- pullPolicy: IfNotPresent
|
|
|
-
|
|
|
- config:
|
|
|
- # This generates the default nginx config as per the nextcloud documentation
|
|
|
- default: false
|
|
|
- # Default is below, changes marked with CHANGE
|
|
|
- custom: |-
|
|
|
- error_log /var/log/nginx/error.log warn;
|
|
|
- pid /var/run/nginx.pid;
|
|
|
-
|
|
|
-
|
|
|
- events {
|
|
|
- worker_connections 1024;
|
|
|
- }
|
|
|
-
|
|
|
-
|
|
|
- http {
|
|
|
- include /etc/nginx/mime.types;
|
|
|
- default_type application/octet-stream;
|
|
|
-
|
|
|
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
|
- '$status $body_bytes_sent "$http_referer" '
|
|
|
- '"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
-
|
|
|
- access_log /var/log/nginx/access.log main;
|
|
|
- # CHANGE for large file uploads
|
|
|
- proxy_read_timeout 3600;
|
|
|
- fastcgi_read_timeout 300s;
|
|
|
-
|
|
|
- sendfile on;
|
|
|
- #tcp_nopush on;
|
|
|
-
|
|
|
- keepalive_timeout 65;
|
|
|
-
|
|
|
- #gzip on;
|
|
|
-
|
|
|
- upstream php-handler {
|
|
|
- server 127.0.0.1:9000;
|
|
|
- }
|
|
|
-
|
|
|
- server {
|
|
|
- listen 80;
|
|
|
-
|
|
|
- # HSTS settings
|
|
|
- # WARNING: Only add the preload option once you read about
|
|
|
- # the consequences in https://hstspreload.org/. This option
|
|
|
- # will add the domain to a hardcoded list that is shipped
|
|
|
- # in all major browsers and getting removed from this list
|
|
|
- # could take several months.
|
|
|
- #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
|
|
-
|
|
|
- # set max upload size
|
|
|
- client_max_body_size 10G;
|
|
|
- fastcgi_buffers 64 4K;
|
|
|
-
|
|
|
- # Enable gzip but do not remove ETag headers
|
|
|
- gzip on;
|
|
|
- gzip_vary on;
|
|
|
- gzip_comp_level 4;
|
|
|
- gzip_min_length 256;
|
|
|
- gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
|
|
- gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
|
|
-
|
|
|
- # Pagespeed is not supported by Nextcloud, so if your server is built
|
|
|
- # with the `ngx_pagespeed` module, uncomment this line to disable it.
|
|
|
- #pagespeed off;
|
|
|
-
|
|
|
- # HTTP response headers borrowed from Nextcloud `.htaccess`
|
|
|
- add_header Referrer-Policy "no-referrer" always;
|
|
|
- add_header X-Content-Type-Options "nosniff" always;
|
|
|
- add_header X-Download-Options "noopen" always;
|
|
|
- add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
- add_header X-Permitted-Cross-Domain-Policies "none" always;
|
|
|
- add_header X-Robots-Tag "noindex, nofollow" always;
|
|
|
- add_header X-XSS-Protection "1; mode=block" always;
|
|
|
- add_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
-
|
|
|
- # Remove X-Powered-By, which is an information leak
|
|
|
- fastcgi_hide_header X-Powered-By;
|
|
|
-
|
|
|
- # Path to the root of your installation
|
|
|
- root /var/www/html;
|
|
|
-
|
|
|
- # Specify how to handle directories -- specifying `/index.php$request_uri`
|
|
|
- # here as the fallback means that Nginx always exhibits the desired behaviour
|
|
|
- # when a client requests a path that corresponds to a directory that exists
|
|
|
- # on the server. In particular, if that directory contains an index.php file,
|
|
|
- # that file is correctly served; if it doesn't, then the request is passed to
|
|
|
- # the front-end controller. This consistent behaviour means that we don't need
|
|
|
- # to specify custom rules for certain paths (e.g. images and other assets,
|
|
|
- # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
|
|
- # `try_files $uri $uri/ /index.php$request_uri`
|
|
|
- # always provides the desired behaviour.
|
|
|
- index index.php index.html /index.php$request_uri;
|
|
|
-
|
|
|
- # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
|
|
- location = / {
|
|
|
- if ( $http_user_agent ~ ^DavClnt ) {
|
|
|
- return 302 /remote.php/webdav/$is_args$args;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- location = /robots.txt {
|
|
|
- allow all;
|
|
|
- log_not_found off;
|
|
|
- access_log off;
|
|
|
- }
|
|
|
-
|
|
|
- # Make a regex exception for `/.well-known` so that clients can still
|
|
|
- # access it despite the existence of the regex rule
|
|
|
- # `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
|
|
- # for `/.well-known`.
|
|
|
- location ^~ /.well-known {
|
|
|
- # The following 6 rules are borrowed from `.htaccess`
|
|
|
-
|
|
|
- location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
|
|
- location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
|
|
- # Anything else is dynamically handled by Nextcloud
|
|
|
- location ^~ /.well-known { return 301 /index.php$uri; }
|
|
|
-
|
|
|
- try_files $uri $uri/ =404;
|
|
|
- }
|
|
|
-
|
|
|
- # Rules borrowed from `.htaccess` to hide certain paths from clients
|
|
|
- location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
|
|
- location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
|
|
-
|
|
|
- # Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
|
|
- # which handle static assets (as seen below). If this block is not declared first,
|
|
|
- # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
|
|
- # to the URI, resulting in a HTTP 500 error response.
|
|
|
- location ~ \.php(?:$|/) {
|
|
|
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
|
- set $path_info $fastcgi_path_info;
|
|
|
-
|
|
|
- try_files $fastcgi_script_name =404;
|
|
|
-
|
|
|
- include fastcgi_params;
|
|
|
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
|
- fastcgi_param PATH_INFO $path_info;
|
|
|
- #fastcgi_param HTTPS on;
|
|
|
-
|
|
|
- fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
|
|
- fastcgi_param front_controller_active true; # Enable pretty urls
|
|
|
- fastcgi_pass php-handler;
|
|
|
-
|
|
|
- fastcgi_intercept_errors on;
|
|
|
- fastcgi_request_buffering off;
|
|
|
- }
|
|
|
-
|
|
|
- location ~ \.(?:css|js|svg|gif)$ {
|
|
|
- try_files $uri /index.php$request_uri;
|
|
|
- expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
|
|
- access_log off; # Optional: Don't log access to assets
|
|
|
- }
|
|
|
-
|
|
|
- location ~ \.woff2?$ {
|
|
|
- try_files $uri /index.php$request_uri;
|
|
|
- expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
|
|
- access_log off; # Optional: Don't log access to assets
|
|
|
- }
|
|
|
-
|
|
|
- location / {
|
|
|
- try_files $uri $uri/ /index.php$request_uri;
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
-
|
|
|
- resources: {}
|
|
|
-
|
|
|
- # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive
|
|
|
- securityContext: {}
|
|
|
- # the nginx alpine container default user is 82
|
|
|
- # runAsUser: 82
|
|
|
- # runAsGroup: 33
|
|
|
- # runAsNonRoot: true
|
|
|
- # readOnlyRootFilesystem: true
|
|
|
-
|
|
|
-internalDatabase:
|
|
|
- enabled: false
|
|
|
- name: nextcloud
|
|
|
-
|
|
|
-externalDatabase:
|
|
|
- enabled: true
|
|
|
-
|
|
|
- ## Supported database engines: mysql or postgresql
|
|
|
- type: postgresql
|
|
|
-
|
|
|
- ## Database host
|
|
|
- host: postgres-postgresql.postgres.svc.cluster.local:5432
|
|
|
-
|
|
|
- ## Database user
|
|
|
- user: nextcloud
|
|
|
-
|
|
|
- ## Database password
|
|
|
- password:
|
|
|
-
|
|
|
- ## Database name
|
|
|
- database: nextcloud
|
|
|
-
|
|
|
- ## Use a existing secret
|
|
|
- existingSecret:
|
|
|
- enabled: true
|
|
|
- secretName: postgres-secret
|
|
|
- usernameKey: username
|
|
|
- passwordKey: password
|
|
|
-
|
|
|
-##
|
|
|
-## MariaDB chart configuration
|
|
|
-## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
|
|
|
-##
|
|
|
-mariadb:
|
|
|
- ## Whether to deploy a mariadb server from the bitnami mariab db helm chart
|
|
|
- # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true
|
|
|
- # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters
|
|
|
- enabled: false
|
|
|
-
|
|
|
- auth:
|
|
|
- database: nextcloud
|
|
|
- username: nextcloud
|
|
|
- password: changeme
|
|
|
- # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored).
|
|
|
- # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password
|
|
|
- existingSecret: ""
|
|
|
-
|
|
|
- architecture: standalone
|
|
|
-
|
|
|
- ## Enable persistence using Persistent Volume Claims
|
|
|
- ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
|
- ##
|
|
|
- primary:
|
|
|
- persistence:
|
|
|
- enabled: false
|
|
|
- # Use an existing Persistent Volume Claim (must be created ahead of time)
|
|
|
- # existingClaim: ""
|
|
|
- # storageClass: ""
|
|
|
- accessMode: ReadWriteOnce
|
|
|
- size: 8Gi
|
|
|
-
|
|
|
-##
|
|
|
-## PostgreSQL chart configuration
|
|
|
-## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql
|
|
|
-##
|
|
|
-postgresql:
|
|
|
- enabled: false
|
|
|
- global:
|
|
|
- postgresql:
|
|
|
- # global.postgresql.auth overrides postgresql.auth
|
|
|
- auth:
|
|
|
- username: nextcloud
|
|
|
- password: changeme
|
|
|
- database: nextcloud
|
|
|
- # Name of existing secret to use for PostgreSQL credentials.
|
|
|
- # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret.
|
|
|
- # secret might also contains the key ldap-password if LDAP is enabled.
|
|
|
- # ldap.bind_password will be ignored and picked from this secret in this case.
|
|
|
- existingSecret: ""
|
|
|
- # Names of keys in existing secret to use for PostgreSQL credentials
|
|
|
- secretKeys:
|
|
|
- adminPasswordKey: ""
|
|
|
- userPasswordKey: ""
|
|
|
- replicationPasswordKey: ""
|
|
|
- primary:
|
|
|
- persistence:
|
|
|
- enabled: false
|
|
|
- # Use an existing Persistent Volume Claim (must be created ahead of time)
|
|
|
- # existingClaim: ""
|
|
|
- # storageClass: ""
|
|
|
-
|
|
|
-##
|
|
|
-## Redis chart configuration
|
|
|
-## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis
|
|
|
-##
|
|
|
-
|
|
|
-redis:
|
|
|
- enabled: false
|
|
|
- auth:
|
|
|
- enabled: true
|
|
|
- password: 'changeme'
|
|
|
- # name of an existing secret with Redis® credentials (instead of auth.password), must be created ahead of time
|
|
|
- existingSecret: ""
|
|
|
- # Password key to be retrieved from existing secret
|
|
|
- existingSecretPasswordKey: ""
|
|
|
-
|
|
|
-
|
|
|
-## Cronjob to execute Nextcloud background tasks
|
|
|
-## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
|
|
|
-##
|
|
|
-cronjob:
|
|
|
- enabled: true
|
|
|
-
|
|
|
- ## Cronjob sidecar resource requests and limits
|
|
|
- ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
|
- ##
|
|
|
- resources: {}
|
|
|
-
|
|
|
- # Allow configuration of lifecycle hooks
|
|
|
- # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
|
|
|
- lifecycle: {}
|
|
|
- # postStartCommand: []
|
|
|
- # preStopCommand: []
|
|
|
- # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
|
|
|
- securityContext: {}
|
|
|
- # runAsUser: 33
|
|
|
- # runAsGroup: 33
|
|
|
- # runAsNonRoot: true
|
|
|
- # readOnlyRootFilesystem: true
|
|
|
-
|
|
|
-service:
|
|
|
- type: ClusterIP
|
|
|
- port: 8080
|
|
|
- loadBalancerIP: nil
|
|
|
- nodePort: nil
|
|
|
-
|
|
|
-## Enable persistence using Persistent Volume Claims
|
|
|
-## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
|
-##
|
|
|
-persistence:
|
|
|
- # Nextcloud Data (/var/www/html)
|
|
|
- enabled: true
|
|
|
- annotations: {}
|
|
|
- ## nextcloud data Persistent Volume Storage Class
|
|
|
- ## If defined, storageClassName: <storageClass>
|
|
|
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
|
- ## If undefined (the default) or set to null, no storageClassName spec is
|
|
|
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
|
- ## GKE, AWS & OpenStack)
|
|
|
- ##
|
|
|
- storageClass: "ceph-block"
|
|
|
-
|
|
|
- ## A manually managed Persistent Volume and Claim
|
|
|
- ## Requires persistence.enabled: true
|
|
|
- ## If defined, PVC must be created manually before volume will be bound
|
|
|
- existingClaim: nextcloud-pvc
|
|
|
-
|
|
|
- accessMode: ReadWriteOnce
|
|
|
- size: 8Gi
|
|
|
-
|
|
|
- ## Use an additional pvc for the data directory rather than a subpath of the default PVC
|
|
|
- ## Useful to store data on a different storageClass (e.g. on slower disks)
|
|
|
- nextcloudData:
|
|
|
- enabled: true
|
|
|
- subPath:
|
|
|
- annotations: {}
|
|
|
- storageClass: "ceph-block"
|
|
|
- existingClaim: nextcloud-data-pvc
|
|
|
- accessMode: ReadWriteOnce
|
|
|
- size: 200Gi
|
|
|
-
|
|
|
-resources:
|
|
|
- # We usually recommend not to specify default resources and to leave this as a conscious
|
|
|
- # choice for the user. This also increases chances charts run on environments with little
|
|
|
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
|
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
|
- limits:
|
|
|
- # cpu: 100m
|
|
|
- memory: 4Gi
|
|
|
- requests:
|
|
|
- # cpu: 100m
|
|
|
- memory: 1Gi
|
|
|
-
|
|
|
-## Liveness and readiness probe values
|
|
|
-## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
|
-##
|
|
|
-livenessProbe:
|
|
|
- enabled: false
|
|
|
- initialDelaySeconds: 10
|
|
|
- periodSeconds: 10
|
|
|
- timeoutSeconds: 5
|
|
|
- failureThreshold: 3
|
|
|
- successThreshold: 1
|
|
|
-readinessProbe:
|
|
|
- enabled: false
|
|
|
- initialDelaySeconds: 10
|
|
|
- periodSeconds: 10
|
|
|
- timeoutSeconds: 5
|
|
|
- failureThreshold: 3
|
|
|
- successThreshold: 1
|
|
|
-startupProbe:
|
|
|
- enabled: false
|
|
|
- initialDelaySeconds: 30
|
|
|
- periodSeconds: 10
|
|
|
- timeoutSeconds: 5
|
|
|
- failureThreshold: 30
|
|
|
- successThreshold: 1
|
|
|
-
|
|
|
-
|
|
|
-## Enable pod autoscaling using HorizontalPodAutoscaler
|
|
|
-## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
|
-##
|
|
|
-hpa:
|
|
|
- enabled: false
|
|
|
- cputhreshold: 60
|
|
|
- minPods: 1
|
|
|
- maxPods: 10
|
|
|
-
|
|
|
-nodeSelector: {}
|
|
|
-
|
|
|
-tolerations: []
|
|
|
-
|
|
|
-# To speed up file transfers
|
|
|
-affinity:
|
|
|
- nodeAffinity:
|
|
|
- requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
- nodeSelectorTerms:
|
|
|
- - matchExpressions:
|
|
|
- - key: cluster-ingress
|
|
|
- operator: In
|
|
|
- values:
|
|
|
- - "true"
|
|
|
-
|
|
|
-## Prometheus Exporter / Metrics
|
|
|
-##
|
|
|
-metrics:
|
|
|
- enabled: false
|
|
|
-
|
|
|
- replicaCount: 1
|
|
|
- # The metrics exporter needs to know how you serve Nextcloud either http or https
|
|
|
- https: false
|
|
|
- # Use API token if set, otherwise fall back to password authentication
|
|
|
- # https://github.com/xperimental/nextcloud-exporter#token-authentication
|
|
|
- # Currently you still need to set the token manually in your nextcloud install
|
|
|
- token: ""
|
|
|
- timeout: 5s
|
|
|
- # if set to true, exporter skips certificate verification of Nextcloud server.
|
|
|
- tlsSkipVerify: false
|
|
|
-
|
|
|
- image:
|
|
|
- repository: xperimental/nextcloud-exporter
|
|
|
- tag: 0.6.0
|
|
|
- pullPolicy: IfNotPresent
|
|
|
- # pullSecrets:
|
|
|
- # - myRegistrKeySecretName
|
|
|
-
|
|
|
- ## Metrics exporter resource requests and limits
|
|
|
- ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
|
- ##
|
|
|
- # resources: {}
|
|
|
-
|
|
|
- ## Metrics exporter pod Annotation and Labels
|
|
|
- # podAnnotations: {}
|
|
|
-
|
|
|
- # podLabels: {}
|
|
|
-
|
|
|
- service:
|
|
|
- type: ClusterIP
|
|
|
- ## Use serviceLoadBalancerIP to request a specific static IP,
|
|
|
- ## otherwise leave blank
|
|
|
- # loadBalancerIP:
|
|
|
- annotations:
|
|
|
- prometheus.io/scrape: "true"
|
|
|
- prometheus.io/port: "9205"
|
|
|
- labels: {}
|
|
|
-
|
|
|
- ## Prometheus Operator ServiceMonitor configuration
|
|
|
- ##
|
|
|
- serviceMonitor:
|
|
|
- ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
|
|
|
- ##
|
|
|
- enabled: false
|
|
|
-
|
|
|
- ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
|
|
- ##
|
|
|
- namespace: ""
|
|
|
-
|
|
|
- ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
|
|
|
- ##
|
|
|
- jobLabel: ""
|
|
|
-
|
|
|
- ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
|
|
|
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
- ##
|
|
|
- interval: 30s
|
|
|
-
|
|
|
- ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
|
|
|
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
|
- ##
|
|
|
- scrapeTimeout: ""
|
|
|
-
|
|
|
- ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
|
|
|
- ##
|
|
|
- labels: {}
|
|
|
-
|
|
|
-
|
|
|
-rbac:
|
|
|
- enabled: false
|
|
|
- serviceaccount:
|
|
|
- create: true
|
|
|
- name: nextcloud-serviceaccount
|
|
|
- annotations: {}
|
|
|
-
|
|
|
-
|
|
|
-## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
|
|
|
-securityContext: {}
|
