values.yaml 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564
  1. # helm repo add nextcloud https://nextcloud.github.io/helm/
  2. # helm upgrade --install nextcloud nextcloud/nextcloud -n nextcloud -f values.yaml --version 3.5.14
  3. # Upgrading:
  4. # su -s /bin/bash - www-data
  5. # cd /var/www/html
  6. # PHP_MEMORY_LIMIT=512M ./occ upgrade
  7. # Forwarding IPs requires:
  8. #
  9. # 'trusted_proxies' =>
  10. # array (
  11. # 0 => '10.42.0.0/16',
  12. # 1 => '127.0.0.1',
  13. # ),
  14. # 'overwritecondaddr' => '^10\.42\.[0-9]+\.[0-9]+$',
  15. #
  16. # For whatever your ingress is.
  17. ## Official nextcloud image version
  18. ## ref: https://hub.docker.com/r/library/nextcloud/tags/
  19. ##
  20. image:
  21. repository: nextcloud
  22. tag: 26.0.6-apache
  23. pullPolicy: IfNotPresent
  24. # pullSecrets:
  25. # - myRegistrKeySecretName
  26. nameOverride: ""
  27. fullnameOverride: ""
  28. podAnnotations: {}
  29. deploymentAnnotations: {}
  30. deploymentLabels: {}
  31. # Number of replicas to be deployed
  32. replicaCount: 1
  33. ## Allowing use of ingress controllers
  34. ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
  35. ##
  36. ingress:
  37. enabled: false
  38. # className: nginx
  39. annotations: {}
  40. # nginx.ingress.kubernetes.io/proxy-body-size: 4G
  41. # kubernetes.io/tls-acme: "true"
  42. # cert-manager.io/cluster-issuer: letsencrypt-prod
  43. # nginx.ingress.kubernetes.io/server-snippet: |-
  44. # server_tokens off;
  45. # proxy_hide_header X-Powered-By;
  46. # rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
  47. # rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
  48. # rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  49. # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
  50. # location = /.well-known/carddav {
  51. # return 301 $scheme://$host/remote.php/dav;
  52. # }
  53. # location = /.well-known/caldav {
  54. # return 301 $scheme://$host/remote.php/dav;
  55. # }
  56. # location = /robots.txt {
  57. # allow all;
  58. # log_not_found off;
  59. # access_log off;
  60. # }
  61. # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
  62. # deny all;
  63. # }
  64. # location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
  65. # deny all;
  66. # }
  67. # tls:
  68. # - secretName: nextcloud-tls
  69. # hosts:
  70. # - nextcloud.kube.home
  71. labels: {}
  72. path: /
  73. pathType: Prefix
  74. # Allow configuration of lifecycle hooks
  75. # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
  76. lifecycle: {}
  77. # postStartCommand: []
  78. # preStopCommand: []
  79. phpClientHttpsFix:
  80. enabled: false
  81. protocol: https
  82. nextcloud:
  83. host: nextcloud.jibby.org
  84. username: josh
  85. password: ""
  86. ## Use an existing secret
  87. existingSecret:
  88. enabled: false
  89. # secretName: nameofsecret
  90. # usernameKey: nextcloud-username
  91. # passwordKey: nextcloud-password
  92. # tokenKey: nextcloud-token
  93. # smtpUsernameKey: smtp-username
  94. # smtpPasswordKey: smtp-password
  95. update: 0
  96. # If web server is not binding default port, you can define it
  97. containerPort: 80
  98. datadir: /var/www/html/data
  99. persistence:
  100. subPath:
  101. mail:
  102. enabled: false
  103. fromAddress: user
  104. domain: domain.com
  105. smtp:
  106. host: domain.com
  107. secure: ssl
  108. port: 465
  109. authtype: LOGIN
  110. name: user
  111. password: pass
  112. # PHP Configuration files
  113. # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
  114. phpConfigs: {}
  115. # Default config files
  116. # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
  117. # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
  118. defaultConfigs:
  119. # To protect /var/www/html/config
  120. .htaccess: true
  121. # Redis default configuration
  122. redis.config.php: true
  123. # Apache configuration for rewrite urls
  124. apache-pretty-urls.config.php: true
  125. # Define APCu as local cache
  126. apcu.config.php: true
  127. # Apps directory configs
  128. apps.config.php: true
  129. # Used for auto configure database
  130. autoconfig.php: true
  131. # SMTP default configuration
  132. smtp.config.php: true
  133. # Extra config files created in /var/www/html/config/
  134. # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
  135. configs: {}
  136. # For example, to use S3 as primary storage
  137. # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
  138. #
  139. # configs:
  140. # s3.config.php: |-
  141. # <?php
  142. # $CONFIG = array (
  143. # 'objectstore' => array(
  144. # 'class' => '\\OC\\Files\\ObjectStore\\S3',
  145. # 'arguments' => array(
  146. # 'bucket' => 'my-bucket',
  147. # 'autocreate' => true,
  148. # 'key' => 'xxx',
  149. # 'secret' => 'xxx',
  150. # 'region' => 'us-east-1',
  151. # 'use_ssl' => true
  152. # )
  153. # )
  154. # );
  155. ## Strategy used to replace old pods
  156. ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
  157. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
  158. strategy:
  159. type: Recreate
  160. # type: RollingUpdate
  161. # rollingUpdate:
  162. # maxSurge: 1
  163. # maxUnavailable: 0
  164. ##
  165. ## Extra environment variables
  166. extraEnv:
  167. - name: REDIS_HOST
  168. valueFrom:
  169. secretKeyRef:
  170. name: redis-client-secret
  171. key: REDIS_HOST
  172. - name: REDIS_HOST_PASSWORD
  173. valueFrom:
  174. secretKeyRef:
  175. name: redis-client-secret
  176. key: REDIS_HOST_PASSWORD
  177. # Extra init containers that runs before pods start.
  178. extraInitContainers: []
  179. # - name: do-something
  180. # image: busybox
  181. # command: ['do', 'something']
  182. # Extra sidecar containers.
  183. extraSidecarContainers: []
  184. # - name: nextcloud-logger
  185. # image: busybox
  186. # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log']
  187. # volumeMounts:
  188. # - name: nextcloud-data
  189. # mountPath: /run/nextcloud/data
  190. # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
  191. # to NextCloud pods in Kubernetes. This can then be configured in External Storage
  192. extraVolumes:
  193. # - name: nfs
  194. # nfs:
  195. # server: "10.0.0.1"
  196. # path: "/nextcloud_data"
  197. # readOnly: false
  198. extraVolumeMounts:
  199. # - name: nfs
  200. # mountPath: "/legacy_data"
  201. # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container).
  202. # For example, you may need to define runAsNonRoot directive
  203. securityContext: {}
  204. # runAsUser: 33
  205. # runAsGroup: 33
  206. # runAsNonRoot: true
  207. # readOnlyRootFilesystem: false
  208. # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive
  209. podSecurityContext: {}
  210. # runAsUser: 33
  211. # runAsGroup: 33
  212. # runAsNonRoot: true
  213. # readOnlyRootFilesystem: false
  214. nginx:
  215. ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
  216. enabled: false
  217. image:
  218. repository: nginx
  219. tag: alpine
  220. pullPolicy: IfNotPresent
  221. config:
  222. # This generates the default nginx config as per the nextcloud documentation
  223. default: true
  224. # custom: |-
  225. # worker_processes 1;..
  226. resources: {}
  227. # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive
  228. securityContext: {}
  229. # the nginx alpine container default user is 82
  230. # runAsUser: 82
  231. # runAsGroup: 33
  232. # runAsNonRoot: true
  233. # readOnlyRootFilesystem: true
  234. internalDatabase:
  235. enabled: false
  236. name: nextcloud
  237. externalDatabase:
  238. enabled: true
  239. ## Supported database engines: mysql or postgresql
  240. type: postgresql
  241. ## Database host
  242. host: postgres-postgresql.postgres.svc.cluster.local:5432
  243. ## Database user
  244. user: nextcloud
  245. ## Database password
  246. password:
  247. ## Database name
  248. database: nextcloud
  249. ## Use a existing secret
  250. existingSecret:
  251. enabled: true
  252. secretName: postgres-secret
  253. usernameKey: username
  254. passwordKey: password
  255. ##
  256. ## MariaDB chart configuration
  257. ## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
  258. ##
  259. mariadb:
  260. ## Whether to deploy a mariadb server from the bitnami mariab db helm chart
  261. # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true
  262. # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters
  263. enabled: false
  264. auth:
  265. database: nextcloud
  266. username: nextcloud
  267. password: changeme
  268. # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored).
  269. # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password
  270. existingSecret: ""
  271. architecture: standalone
  272. ## Enable persistence using Persistent Volume Claims
  273. ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  274. ##
  275. primary:
  276. persistence:
  277. enabled: false
  278. # Use an existing Persistent Volume Claim (must be created ahead of time)
  279. # existingClaim: ""
  280. # storageClass: ""
  281. accessMode: ReadWriteOnce
  282. size: 8Gi
  283. ##
  284. ## PostgreSQL chart configuration
  285. ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql
  286. ##
  287. postgresql:
  288. enabled: false
  289. global:
  290. postgresql:
  291. # global.postgresql.auth overrides postgresql.auth
  292. auth:
  293. username: nextcloud
  294. password: changeme
  295. database: nextcloud
  296. # Name of existing secret to use for PostgreSQL credentials.
  297. # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret.
  298. # secret might also contains the key ldap-password if LDAP is enabled.
  299. # ldap.bind_password will be ignored and picked from this secret in this case.
  300. existingSecret: ""
  301. # Names of keys in existing secret to use for PostgreSQL credentials
  302. secretKeys:
  303. adminPasswordKey: ""
  304. userPasswordKey: ""
  305. replicationPasswordKey: ""
  306. primary:
  307. persistence:
  308. enabled: false
  309. # Use an existing Persistent Volume Claim (must be created ahead of time)
  310. # existingClaim: ""
  311. # storageClass: ""
  312. ##
  313. ## Redis chart configuration
  314. ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis
  315. ##
  316. redis:
  317. enabled: false
  318. auth:
  319. enabled: true
  320. password: 'changeme'
  321. # name of an existing secret with Redis® credentials (instead of auth.password), must be created ahead of time
  322. existingSecret: ""
  323. # Password key to be retrieved from existing secret
  324. existingSecretPasswordKey: ""
  325. ## Cronjob to execute Nextcloud background tasks
  326. ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
  327. ##
  328. cronjob:
  329. enabled: true
  330. ## Cronjob sidecar resource requests and limits
  331. ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  332. ##
  333. resources: {}
  334. # Allow configuration of lifecycle hooks
  335. # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
  336. lifecycle: {}
  337. # postStartCommand: []
  338. # preStopCommand: []
  339. # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
  340. securityContext: {}
  341. # runAsUser: 33
  342. # runAsGroup: 33
  343. # runAsNonRoot: true
  344. # readOnlyRootFilesystem: true
  345. service:
  346. type: ClusterIP
  347. port: 8080
  348. loadBalancerIP: nil
  349. nodePort: nil
  350. ## Enable persistence using Persistent Volume Claims
  351. ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  352. ##
  353. persistence:
  354. # Nextcloud Data (/var/www/html)
  355. enabled: true
  356. annotations: {}
  357. ## nextcloud data Persistent Volume Storage Class
  358. ## If defined, storageClassName: <storageClass>
  359. ## If set to "-", storageClassName: "", which disables dynamic provisioning
  360. ## If undefined (the default) or set to null, no storageClassName spec is
  361. ## set, choosing the default provisioner. (gp2 on AWS, standard on
  362. ## GKE, AWS & OpenStack)
  363. ##
  364. storageClass: "ceph-block"
  365. ## A manually managed Persistent Volume and Claim
  366. ## Requires persistence.enabled: true
  367. ## If defined, PVC must be created manually before volume will be bound
  368. existingClaim: nextcloud-pvc
  369. accessMode: ReadWriteOnce
  370. size: 8Gi
  371. ## Use an additional pvc for the data directory rather than a subpath of the default PVC
  372. ## Useful to store data on a different storageClass (e.g. on slower disks)
  373. nextcloudData:
  374. enabled: true
  375. subPath:
  376. annotations: {}
  377. storageClass: "ceph-block"
  378. existingClaim: nextcloud-data-pvc
  379. accessMode: ReadWriteOnce
  380. size: 200Gi
  381. resources: {}
  382. # We usually recommend not to specify default resources and to leave this as a conscious
  383. # choice for the user. This also increases chances charts run on environments with little
  384. # resources, such as Minikube. If you do want to specify resources, uncomment the following
  385. # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  386. # limits:
  387. # cpu: 100m
  388. # memory: 128Mi
  389. # requests:
  390. # cpu: 100m
  391. # memory: 128Mi
  392. ## Liveness and readiness probe values
  393. ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  394. ##
  395. livenessProbe:
  396. enabled: false
  397. initialDelaySeconds: 10
  398. periodSeconds: 10
  399. timeoutSeconds: 5
  400. failureThreshold: 3
  401. successThreshold: 1
  402. readinessProbe:
  403. enabled: false
  404. initialDelaySeconds: 10
  405. periodSeconds: 10
  406. timeoutSeconds: 5
  407. failureThreshold: 3
  408. successThreshold: 1
  409. startupProbe:
  410. enabled: false
  411. initialDelaySeconds: 30
  412. periodSeconds: 10
  413. timeoutSeconds: 5
  414. failureThreshold: 30
  415. successThreshold: 1
  416. ## Enable pod autoscaling using HorizontalPodAutoscaler
  417. ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  418. ##
  419. hpa:
  420. enabled: false
  421. cputhreshold: 60
  422. minPods: 1
  423. maxPods: 10
  424. nodeSelector: {}
  425. tolerations: []
  426. affinity: {}
  427. ## Prometheus Exporter / Metrics
  428. ##
  429. metrics:
  430. enabled: false
  431. replicaCount: 1
  432. # The metrics exporter needs to know how you serve Nextcloud either http or https
  433. https: false
  434. # Use API token if set, otherwise fall back to password authentication
  435. # https://github.com/xperimental/nextcloud-exporter#token-authentication
  436. # Currently you still need to set the token manually in your nextcloud install
  437. token: ""
  438. timeout: 5s
  439. # if set to true, exporter skips certificate verification of Nextcloud server.
  440. tlsSkipVerify: false
  441. image:
  442. repository: xperimental/nextcloud-exporter
  443. tag: 0.6.0
  444. pullPolicy: IfNotPresent
  445. # pullSecrets:
  446. # - myRegistrKeySecretName
  447. ## Metrics exporter resource requests and limits
  448. ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  449. ##
  450. # resources: {}
  451. ## Metrics exporter pod Annotation and Labels
  452. # podAnnotations: {}
  453. # podLabels: {}
  454. service:
  455. type: ClusterIP
  456. ## Use serviceLoadBalancerIP to request a specific static IP,
  457. ## otherwise leave blank
  458. # loadBalancerIP:
  459. annotations:
  460. prometheus.io/scrape: "true"
  461. prometheus.io/port: "9205"
  462. labels: {}
  463. ## Prometheus Operator ServiceMonitor configuration
  464. ##
  465. serviceMonitor:
  466. ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
  467. ##
  468. enabled: false
  469. ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
  470. ##
  471. namespace: ""
  472. ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
  473. ##
  474. jobLabel: ""
  475. ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
  476. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
  477. ##
  478. interval: 30s
  479. ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
  480. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
  481. ##
  482. scrapeTimeout: ""
  483. ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
  484. ##
  485. labels: {}
  486. rbac:
  487. enabled: false
  488. serviceaccount:
  489. create: true
  490. name: nextcloud-serviceaccount
  491. annotations: {}
  492. ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
  493. securityContext: {}