123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564 |
- # helm repo add nextcloud https://nextcloud.github.io/helm/
- # helm upgrade --install nextcloud nextcloud/nextcloud -n nextcloud -f values.yaml --version 3.5.14
- # Upgrading:
- # su -s /bin/bash - www-data
- # cd /var/www/html
- # PHP_MEMORY_LIMIT=512M ./occ upgrade
- # Forwarding IPs requires:
- #
- # 'trusted_proxies' =>
- # array (
- # 0 => '10.42.0.0/16',
- # 1 => '127.0.0.1',
- # ),
- # 'overwritecondaddr' => '^10\.42\.[0-9]+\.[0-9]+$',
- #
- # For whatever your ingress is.
- ## Official nextcloud image version
- ## ref: https://hub.docker.com/r/library/nextcloud/tags/
- ##
- image:
- repository: nextcloud
- tag: 26.0.3-apache
- pullPolicy: IfNotPresent
- # pullSecrets:
- # - myRegistrKeySecretName
- nameOverride: ""
- fullnameOverride: ""
- podAnnotations: {}
- deploymentAnnotations: {}
- deploymentLabels: {}
- # Number of replicas to be deployed
- replicaCount: 1
- ## Allowing use of ingress controllers
- ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
- ##
- ingress:
- enabled: false
- # className: nginx
- annotations: {}
- # nginx.ingress.kubernetes.io/proxy-body-size: 4G
- # kubernetes.io/tls-acme: "true"
- # cert-manager.io/cluster-issuer: letsencrypt-prod
- # nginx.ingress.kubernetes.io/server-snippet: |-
- # server_tokens off;
- # proxy_hide_header X-Powered-By;
- # rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
- # rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
- # rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
- # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
- # location = /.well-known/carddav {
- # return 301 $scheme://$host/remote.php/dav;
- # }
- # location = /.well-known/caldav {
- # return 301 $scheme://$host/remote.php/dav;
- # }
- # location = /robots.txt {
- # allow all;
- # log_not_found off;
- # access_log off;
- # }
- # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
- # deny all;
- # }
- # location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
- # deny all;
- # }
- # tls:
- # - secretName: nextcloud-tls
- # hosts:
- # - nextcloud.kube.home
- labels: {}
- path: /
- pathType: Prefix
- # Allow configuration of lifecycle hooks
- # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
- lifecycle: {}
- # postStartCommand: []
- # preStopCommand: []
- phpClientHttpsFix:
- enabled: false
- protocol: https
- nextcloud:
- host: nextcloud.jibby.org
- username: josh
- password: ""
- ## Use an existing secret
- existingSecret:
- enabled: false
- # secretName: nameofsecret
- # usernameKey: nextcloud-username
- # passwordKey: nextcloud-password
- # tokenKey: nextcloud-token
- # smtpUsernameKey: smtp-username
- # smtpPasswordKey: smtp-password
- update: 0
- # If web server is not binding default port, you can define it
- containerPort: 80
- datadir: /var/www/html/data
- persistence:
- subPath:
- mail:
- enabled: false
- fromAddress: user
- domain: domain.com
- smtp:
- host: domain.com
- secure: ssl
- port: 465
- authtype: LOGIN
- name: user
- password: pass
- # PHP Configuration files
- # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
- phpConfigs: {}
- # Default config files
- # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
- # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
- defaultConfigs:
- # To protect /var/www/html/config
- .htaccess: true
- # Redis default configuration
- redis.config.php: true
- # Apache configuration for rewrite urls
- apache-pretty-urls.config.php: true
- # Define APCu as local cache
- apcu.config.php: true
- # Apps directory configs
- apps.config.php: true
- # Used for auto configure database
- autoconfig.php: true
- # SMTP default configuration
- smtp.config.php: true
- # Extra config files created in /var/www/html/config/
- # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
- configs: {}
- # For example, to use S3 as primary storage
- # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
- #
- # configs:
- # s3.config.php: |-
- # <?php
- # $CONFIG = array (
- # 'objectstore' => array(
- # 'class' => '\\OC\\Files\\ObjectStore\\S3',
- # 'arguments' => array(
- # 'bucket' => 'my-bucket',
- # 'autocreate' => true,
- # 'key' => 'xxx',
- # 'secret' => 'xxx',
- # 'region' => 'us-east-1',
- # 'use_ssl' => true
- # )
- # )
- # );
- ## Strategy used to replace old pods
- ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
- ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
- strategy:
- type: Recreate
- # type: RollingUpdate
- # rollingUpdate:
- # maxSurge: 1
- # maxUnavailable: 0
- ##
- ## Extra environment variables
- extraEnv:
- - name: REDIS_HOST
- valueFrom:
- secretKeyRef:
- name: redis-client-secret
- key: REDIS_HOST
- - name: REDIS_HOST_PASSWORD
- valueFrom:
- secretKeyRef:
- name: redis-client-secret
- key: REDIS_HOST_PASSWORD
- # Extra init containers that runs before pods start.
- extraInitContainers: []
- # - name: do-something
- # image: busybox
- # command: ['do', 'something']
- # Extra sidecar containers.
- extraSidecarContainers: []
- # - name: nextcloud-logger
- # image: busybox
- # command: [/bin/sh, -c, 'while ! test -f "/run/nextcloud/data/nextcloud.log"; do sleep 1; done; tail -n+1 -f /run/nextcloud/data/nextcloud.log']
- # volumeMounts:
- # - name: nextcloud-data
- # mountPath: /run/nextcloud/data
- # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
- # to NextCloud pods in Kubernetes. This can then be configured in External Storage
- extraVolumes:
- # - name: nfs
- # nfs:
- # server: "10.0.0.1"
- # path: "/nextcloud_data"
- # readOnly: false
- extraVolumeMounts:
- # - name: nfs
- # mountPath: "/legacy_data"
- # Set securityContext parameters for the nextcloud CONTAINER only (will not affect nginx container).
- # For example, you may need to define runAsNonRoot directive
- securityContext: {}
- # runAsUser: 33
- # runAsGroup: 33
- # runAsNonRoot: true
- # readOnlyRootFilesystem: false
- # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive
- podSecurityContext: {}
- # runAsUser: 33
- # runAsGroup: 33
- # runAsNonRoot: true
- # readOnlyRootFilesystem: false
- nginx:
- ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
- enabled: false
- image:
- repository: nginx
- tag: alpine
- pullPolicy: IfNotPresent
- config:
- # This generates the default nginx config as per the nextcloud documentation
- default: true
- # custom: |-
- # worker_processes 1;..
- resources: {}
- # Set nginx container securityContext parameters. For example, you may need to define runAsNonRoot directive
- securityContext: {}
- # the nginx alpine container default user is 82
- # runAsUser: 82
- # runAsGroup: 33
- # runAsNonRoot: true
- # readOnlyRootFilesystem: true
- internalDatabase:
- enabled: false
- name: nextcloud
- externalDatabase:
- enabled: true
- ## Supported database engines: mysql or postgresql
- type: postgresql
- ## Database host
- host: postgres-postgresql.postgres.svc.cluster.local:5432
- ## Database user
- user: nextcloud
- ## Database password
- password:
- ## Database name
- database: nextcloud
- ## Use a existing secret
- existingSecret:
- enabled: true
- secretName: postgres-secret
- usernameKey: username
- passwordKey: password
- ##
- ## MariaDB chart configuration
- ## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
- ##
- mariadb:
- ## Whether to deploy a mariadb server from the bitnami mariab db helm chart
- # to satisfy the applications database requirements. if you want to deploy this bitnami mariadb, set this and externalDatabase to true
- # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters
- enabled: false
- auth:
- database: nextcloud
- username: nextcloud
- password: changeme
- # Use existing secret (auth.rootPassword, auth.password, and auth.replicationPassword will be ignored).
- # secret must contain the keys mariadb-root-password, mariadb-replication-password and mariadb-password
- existingSecret: ""
- architecture: standalone
- ## Enable persistence using Persistent Volume Claims
- ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
- ##
- primary:
- persistence:
- enabled: false
- # Use an existing Persistent Volume Claim (must be created ahead of time)
- # existingClaim: ""
- # storageClass: ""
- accessMode: ReadWriteOnce
- size: 8Gi
- ##
- ## PostgreSQL chart configuration
- ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/postgresql
- ##
- postgresql:
- enabled: false
- global:
- postgresql:
- # global.postgresql.auth overrides postgresql.auth
- auth:
- username: nextcloud
- password: changeme
- database: nextcloud
- # Name of existing secret to use for PostgreSQL credentials.
- # auth.postgresPassword, auth.password, and auth.replicationPassword will be ignored and picked up from this secret.
- # secret might also contains the key ldap-password if LDAP is enabled.
- # ldap.bind_password will be ignored and picked from this secret in this case.
- existingSecret: ""
- # Names of keys in existing secret to use for PostgreSQL credentials
- secretKeys:
- adminPasswordKey: ""
- userPasswordKey: ""
- replicationPasswordKey: ""
- primary:
- persistence:
- enabled: false
- # Use an existing Persistent Volume Claim (must be created ahead of time)
- # existingClaim: ""
- # storageClass: ""
- ##
- ## Redis chart configuration
- ## for more options see https://github.com/bitnami/charts/tree/main/bitnami/redis
- ##
- redis:
- enabled: false
- auth:
- enabled: true
- password: 'changeme'
- # name of an existing secret with Redis® credentials (instead of auth.password), must be created ahead of time
- existingSecret: ""
- # Password key to be retrieved from existing secret
- existingSecretPasswordKey: ""
- ## Cronjob to execute Nextcloud background tasks
- ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
- ##
- cronjob:
- enabled: false
- ## Cronjob sidecar resource requests and limits
- ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
- ##
- resources: {}
- # Allow configuration of lifecycle hooks
- # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
- lifecycle: {}
- # postStartCommand: []
- # preStopCommand: []
- # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
- securityContext: {}
- # runAsUser: 33
- # runAsGroup: 33
- # runAsNonRoot: true
- # readOnlyRootFilesystem: true
- service:
- type: ClusterIP
- port: 8080
- loadBalancerIP: nil
- nodePort: nil
- ## Enable persistence using Persistent Volume Claims
- ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
- ##
- persistence:
- # Nextcloud Data (/var/www/html)
- enabled: true
- annotations: {}
- ## nextcloud data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- storageClass: "ceph-block"
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- existingClaim: nextcloud-pvc
- accessMode: ReadWriteOnce
- size: 8Gi
- ## Use an additional pvc for the data directory rather than a subpath of the default PVC
- ## Useful to store data on a different storageClass (e.g. on slower disks)
- nextcloudData:
- enabled: true
- subPath:
- annotations: {}
- storageClass: "ceph-block"
- existingClaim: nextcloud-data-pvc
- accessMode: ReadWriteOnce
- size: 200Gi
- resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- # limits:
- # cpu: 100m
- # memory: 128Mi
- # requests:
- # cpu: 100m
- # memory: 128Mi
- ## Liveness and readiness probe values
- ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
- ##
- livenessProbe:
- enabled: false
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 3
- successThreshold: 1
- readinessProbe:
- enabled: false
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 3
- successThreshold: 1
- startupProbe:
- enabled: false
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 30
- successThreshold: 1
- ## Enable pod autoscaling using HorizontalPodAutoscaler
- ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
- ##
- hpa:
- enabled: false
- cputhreshold: 60
- minPods: 1
- maxPods: 10
- nodeSelector: {}
- tolerations: []
- affinity: {}
- ## Prometheus Exporter / Metrics
- ##
- metrics:
- enabled: false
- replicaCount: 1
- # The metrics exporter needs to know how you serve Nextcloud either http or https
- https: false
- # Use API token if set, otherwise fall back to password authentication
- # https://github.com/xperimental/nextcloud-exporter#token-authentication
- # Currently you still need to set the token manually in your nextcloud install
- token: ""
- timeout: 5s
- # if set to true, exporter skips certificate verification of Nextcloud server.
- tlsSkipVerify: false
- image:
- repository: xperimental/nextcloud-exporter
- tag: 0.6.0
- pullPolicy: IfNotPresent
- # pullSecrets:
- # - myRegistrKeySecretName
- ## Metrics exporter resource requests and limits
- ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
- ##
- # resources: {}
- ## Metrics exporter pod Annotation and Labels
- # podAnnotations: {}
- # podLabels: {}
- service:
- type: ClusterIP
- ## Use serviceLoadBalancerIP to request a specific static IP,
- ## otherwise leave blank
- # loadBalancerIP:
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: "9205"
- labels: {}
- ## Prometheus Operator ServiceMonitor configuration
- ##
- serviceMonitor:
- ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
- ##
- enabled: false
- ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
- ##
- namespace: ""
- ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
- ##
- jobLabel: ""
- ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
- ##
- interval: 30s
- ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
- ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
- ##
- scrapeTimeout: ""
- ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
- ##
- labels: {}
- rbac:
- enabled: false
- serviceaccount:
- create: true
- name: nextcloud-serviceaccount
- annotations: {}
- ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
- securityContext: {}
|