From b16f948571d1f017e5cade76279d65d5d0225170 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Tue, 3 Oct 2023 09:20:46 -0400 Subject: [PATCH] split nextcloud chart components into separate files --- helm/nextcloud/templates/NOTES.txt | 11 + helm/nextcloud/templates/_helpers.tpl | 36 ++ helm/nextcloud/templates/deployment.yaml | 101 +++++ helm/nextcloud/templates/ingress.yaml | 25 ++ .../templates/nextcloud-configmap.yaml | 19 + .../templates/nextcloud-cronjob.yaml | 47 +++ .../templates/nextcloud-data-pvc.yaml | 13 + .../templates/nextcloud-html-pvc.yaml | 13 + .../nextcloud/templates/nextcloud-secret.yaml | 12 + helm/nextcloud/templates/nextcloud.yaml | 392 ------------------ .../templates/postgres-configmap.yaml | 9 + .../templates/postgres-init-secret.yaml | 16 + helm/nextcloud/templates/postgres-pvc.yaml | 13 + helm/nextcloud/templates/postgres-secret.yaml | 9 + helm/nextcloud/templates/redis-pvc.yaml | 13 + helm/nextcloud/templates/redis-secret.yaml | 9 + helm/nextcloud/templates/service.yaml | 21 + helm/nextcloud/values.yaml | 2 +- 18 files changed, 368 insertions(+), 393 deletions(-) create mode 100644 helm/nextcloud/templates/NOTES.txt create mode 100644 helm/nextcloud/templates/_helpers.tpl create mode 100644 helm/nextcloud/templates/deployment.yaml create mode 100644 helm/nextcloud/templates/ingress.yaml create mode 100644 helm/nextcloud/templates/nextcloud-configmap.yaml create mode 100644 helm/nextcloud/templates/nextcloud-cronjob.yaml create mode 100644 helm/nextcloud/templates/nextcloud-data-pvc.yaml create mode 100644 helm/nextcloud/templates/nextcloud-html-pvc.yaml create mode 100644 helm/nextcloud/templates/nextcloud-secret.yaml delete mode 100644 helm/nextcloud/templates/nextcloud.yaml create mode 100644 helm/nextcloud/templates/postgres-configmap.yaml create mode 100644 helm/nextcloud/templates/postgres-init-secret.yaml create mode 100644 helm/nextcloud/templates/postgres-pvc.yaml create mode 100644 helm/nextcloud/templates/postgres-secret.yaml create mode 100644 helm/nextcloud/templates/redis-pvc.yaml create mode 100644 helm/nextcloud/templates/redis-secret.yaml create mode 100644 helm/nextcloud/templates/service.yaml diff --git a/helm/nextcloud/templates/NOTES.txt b/helm/nextcloud/templates/NOTES.txt new file mode 100644 index 0000000..7aa2da9 --- /dev/null +++ b/helm/nextcloud/templates/NOTES.txt @@ -0,0 +1,11 @@ +Nextcloud has been installed! + +{{ if .Values.show_passwords -}} +`show_passwords` is true. Here are the generated (or retrieved) passwords: + +NEXTCLOUD_ADMIN_PASSWORD: {{ include "NEXTCLOUD_ADMIN_PASSWORD" . | quote }} +POSTGRES_PASSWORD: {{ include "POSTGRES_PASSWORD" . | quote }} +REDIS_HOST_PASSWORD: {{ include "REDIS_PASSWORD" . | quote }} +{{ else }} +Run with `--set show_passwords=true` to output the generated passwords. +{{- end }} diff --git a/helm/nextcloud/templates/_helpers.tpl b/helm/nextcloud/templates/_helpers.tpl new file mode 100644 index 0000000..4aebf37 --- /dev/null +++ b/helm/nextcloud/templates/_helpers.tpl @@ -0,0 +1,36 @@ +{{- define "helm_keep_annotation" -}} +"helm.sh/resource-policy": keep +{{- end -}} + +{{/* Generated Postgres Config */}} +{{ define "POSTGRES_NAME" }}{{ printf "%s-postgres" .Release.Name | lower }}{{ end }} +{{ define "POSTGRES_DB" }}nextcloud{{ end }} +{{ define "DATABASE_HOST" }}{{ .Release.Name }}-postgres{{ end }} +{{ define "POSTGRES_USER" }}postgres{{ end }} + +{{/* Postgres password lookup - uses existing password if possible */}} +{{ define "POSTGRES_PASSWORD" -}} +{{- $POSTGRES_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "POSTGRES_NAME" . )).data -}} +{{- printf (ternary (dict "POSTGRES_PASSWORD" (randAlphaNum 64 | b64enc)) $POSTGRES_SECRETS (not $POSTGRES_SECRETS)).POSTGRES_PASSWORD -}} +{{- end }} + +{{/* Generated Nextcloud Config */}} +{{ define "NEXTCLOUD_NAME" }}{{ printf "%s-nextcloud" .Release.Name | lower }}{{ end }} +{{ define "ADMIN_USER" }}admin{{ end }} + +{{/* Nextcloud admin password lookup - uses existing password if possible */}} +{{- define "NEXTCLOUD_ADMIN_PASSWORD" -}} +{{/* ternary (create a dict with random NEXTCLOUD_ADMIN_PASSWORD) (actual dictionary) (test whether NEXTCLOUD_SECRETS exists) */}} +{{- $NEXTCLOUD_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "NEXTCLOUD_NAME" . )).data -}} +{{- printf (ternary (dict "NEXTCLOUD_ADMIN_PASSWORD" (randAlphaNum 64 | b64enc)) $NEXTCLOUD_SECRETS (not $NEXTCLOUD_SECRETS)).NEXTCLOUD_ADMIN_PASSWORD -}} +{{- end -}} + +{{/* Generated Redis Config */}} +{{ define "REDIS_NAME" }}{{ printf "%s-redis" .Release.Name | lower }}{{ end }} +{{ define "REDIS_HOST" }}{{ .Release.Name }}-redis{{ end }} + +{{/* Redis password lookup - uses existing password if possible */}} +{{- define "REDIS_PASSWORD" -}} +{{- $REDIS_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "REDIS_NAME" . )).data -}} +{{- printf (ternary (dict "REDIS_PASSWORD" (randAlphaNum 64 | b64enc)) $REDIS_SECRETS (not $REDIS_SECRETS)).REDIS_PASSWORD -}} +{{- end -}} diff --git a/helm/nextcloud/templates/deployment.yaml b/helm/nextcloud/templates/deployment.yaml new file mode 100644 index 0000000..12241ad --- /dev/null +++ b/helm/nextcloud/templates/deployment.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: nextcloud + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: nextcloud + spec: + containers: + - name: nextcloud + image: {{ .Values.nextcloud.image }} + ports: + - containerPort: 80 + name: http + envFrom: + - configMapRef: + name: {{ .Release.Name }}-nextcloud + - secretRef: + name: {{ .Release.Name }}-nextcloud + volumeMounts: + - mountPath: /var/www/html + name: html + - mountPath: /var/www/html/data + name: data + resources: + requests: + memory: "1Gi" + cpu: "1m" + limits: + memory: "4Gi" + cpu: "4" + - name: postgres + image: postgres:15 + envFrom: + - configMapRef: + name: {{ .Release.Name }}-postgres + - secretRef: + name: {{ .Release.Name }}-postgres + volumeMounts: + - name: postgres + mountPath: /var/lib/postgresql/data + - name: postgres-init + mountPath: /docker-entrypoint-initdb.d/init-user-db.sh + subPath: init-user-db.sh + ports: + - containerPort: 5432 + name: postgres + resources: + requests: + memory: "1Gi" + cpu: "1m" + limits: + memory: "4Gi" + cpu: "4" + - name: redis + image: redis:7 + ports: + - containerPort: 6379 + name: redis + volumeMounts: + - mountPath: /data + name: redis + command: + - redis-server + - --save + - "60" + - "1" + - --loglevel + - warning + - --requirepass + - {{ include "REDIS_PASSWORD" . | b64dec | quote }} + resources: + requests: + memory: "1Gi" + cpu: "1m" + limits: + memory: "4Gi" + cpu: "4" + volumes: + - name: html + persistentVolumeClaim: + claimName: {{ .Release.Name }}-html-iops + - name: data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-data + - name: postgres + persistentVolumeClaim: + claimName: {{ .Release.Name }}-postgres-iops + - name: redis + persistentVolumeClaim: + claimName: {{ .Release.Name }}-redis-iops + - name: postgres-init + secret: + secretName: {{ .Release.Name }}-postgres-init diff --git a/helm/nextcloud/templates/ingress.yaml b/helm/nextcloud/templates/ingress.yaml new file mode 100644 index 0000000..e9036ee --- /dev/null +++ b/helm/nextcloud/templates/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }} + annotations: + cert-manager.io/cluster-issuer: letsencrypt + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.org/client-max-body-size: "0" +spec: + rules: + - host: {{ .Values.nextcloud.domain }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + name: http + tls: + - hosts: + - {{ .Values.nextcloud.domain }} + secretName: nextcloud-tls-cert diff --git a/helm/nextcloud/templates/nextcloud-configmap.yaml b/helm/nextcloud/templates/nextcloud-configmap.yaml new file mode 100644 index 0000000..864a28d --- /dev/null +++ b/helm/nextcloud/templates/nextcloud-configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-nextcloud + annotations: + {{- include "helm_keep_annotation" . | nindent 4 }} +data: + NEXTCLOUD_TRUSTED_DOMAINS: {{ .Values.nextcloud.domain }} + OVERWRITEPROTOCOL: https + OVERWRITECLIURL: https://{{ .Values.nextcloud.domain }} + NEXTCLOUD_ADMIN_USER: admin + POSTGRES_USER: nextcloud + POSTGRES_HOST: {{ .Release.Name }} + POSTGRES_DB: nextcloud + REDIS_HOST: {{ .Release.Name }} + PHP_UPLOAD_LIMIT: 1000000M + PHP_MEMORY_LIMIT: 2048M + TRUSTED_PROXIES: 10.42.0.1/24 + APACHE_DISABLE_REWRITE_IP: "1" diff --git a/helm/nextcloud/templates/nextcloud-cronjob.yaml b/helm/nextcloud/templates/nextcloud-cronjob.yaml new file mode 100644 index 0000000..ae72337 --- /dev/null +++ b/helm/nextcloud/templates/nextcloud-cronjob.yaml @@ -0,0 +1,47 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-cron +spec: + schedule: "*/5 * * * *" + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 0 + jobTemplate: + spec: + template: + spec: + securityContext: + runAsUser: 33 + runAsGroup: 33 + containers: + - name: nextcloud + image: {{ .Values.nextcloud.image }} + command: + - php + - -f + - cron.php + volumeMounts: + - mountPath: /var/www/html + name: html + - mountPath: /var/www/html/data + name: data + envFrom: + - configMapRef: + name: {{ .Release.Name }}-nextcloud + - secretRef: + name: {{ .Release.Name }}-nextcloud + resources: + requests: + memory: "1Gi" + cpu: "1m" + limits: + memory: "4Gi" + cpu: "4" + volumes: + - name: html + persistentVolumeClaim: + claimName: {{ .Release.Name }}-html-iops + - name: data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-data + restartPolicy: OnFailure diff --git a/helm/nextcloud/templates/nextcloud-data-pvc.yaml b/helm/nextcloud/templates/nextcloud-data-pvc.yaml new file mode 100644 index 0000000..ac38b4b --- /dev/null +++ b/helm/nextcloud/templates/nextcloud-data-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-data + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: zfs-iscsi-enc0 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Ti diff --git a/helm/nextcloud/templates/nextcloud-html-pvc.yaml b/helm/nextcloud/templates/nextcloud-html-pvc.yaml new file mode 100644 index 0000000..2ea1fbf --- /dev/null +++ b/helm/nextcloud/templates/nextcloud-html-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-html-iops + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: zfs-iscsi-enc1 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 16Gi diff --git a/helm/nextcloud/templates/nextcloud-secret.yaml b/helm/nextcloud/templates/nextcloud-secret.yaml new file mode 100644 index 0000000..c539836 --- /dev/null +++ b/helm/nextcloud/templates/nextcloud-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-nextcloud + annotations: + {{- include "helm_keep_annotation" . | nindent 4 }} +type: generic +data: + NEXTCLOUD_ADMIN_PASSWORD: {{ include "NEXTCLOUD_ADMIN_PASSWORD" . | quote }} + POSTGRES_PASSWORD: {{ include "POSTGRES_PASSWORD" . | quote }} + REDIS_HOST_PASSWORD: {{ include "REDIS_PASSWORD" . | quote }} + SMTP_PASSWORD: {{ .Values.SMTP_PASSWORD | b64enc | quote }} diff --git a/helm/nextcloud/templates/nextcloud.yaml b/helm/nextcloud/templates/nextcloud.yaml deleted file mode 100644 index acf47d9..0000000 --- a/helm/nextcloud/templates/nextcloud.yaml +++ /dev/null @@ -1,392 +0,0 @@ -{{ define "helm_keep_annotation" }} -"helm.sh/resource-policy": keep -{{ end }} - -{{/* Generated Postgres Config */}} -{{ define "POSTGRES_NAME" }}{{ printf "%s-postgres" .Release.Name | lower }}{{ end }} -{{ define "POSTGRES_DB" }}nextcloud{{ end }} -{{ define "DATABASE_HOST" }}{{ .Release.Name }}-postgres{{ end }} -{{ define "POSTGRES_USER" }}postgres{{ end }} -{{ $POSTGRES_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "POSTGRES_NAME" . )).data }} -{{ $POSTGRES_PASSWORD := (ternary (dict "POSTGRES_PASSWORD" (randAlphaNum 64 | b64enc)) $POSTGRES_SECRETS (not $POSTGRES_SECRETS)).POSTGRES_PASSWORD }} - -{{/* Generated Nextcloud Config */}} -{{ define "NEXTCLOUD_NAME" }}{{ printf "%s-nextcloud" .Release.Name | lower }}{{ end }} -{{ define "ADMIN_USER" }}admin{{ end }} -{{ $NEXTCLOUD_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "NEXTCLOUD_NAME" . )).data }} -{{/* ternary (create a dict with random NEXTCLOUD_ADMIN_PASSWORD) (actual dictionary) (test whether NEXTCLOUD_SECRETS exists) */}} -{{ $NEXTCLOUD_ADMIN_PASSWORD := (ternary (dict "NEXTCLOUD_ADMIN_PASSWORD" (randAlphaNum 64 | b64enc)) $NEXTCLOUD_SECRETS (not $NEXTCLOUD_SECRETS)).NEXTCLOUD_ADMIN_PASSWORD }} - -{{/* Generated Redis Config */}} -{{ define "REDIS_NAME" }}{{ printf "%s-redis" .Release.Name | lower }}{{ end }} -{{ define "REDIS_HOST" }}{{ .Release.Name }}-redis{{ end }} -{{ $REDIS_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "REDIS_NAME" . )).data }} -{{ $REDIS_PASSWORD := (ternary (dict "REDIS_PASSWORD" (randAlphaNum 64 | b64enc)) $REDIS_SECRETS (not $REDIS_SECRETS)).REDIS_PASSWORD }} - -{{/* Uncomment this and run with --debug to verify secrets are working -# NEXTCLOUD_ADMIN_PASSWORD: {{ $NEXTCLOUD_ADMIN_PASSWORD | quote }} -# POSTGRES_PASSWORD: {{ $POSTGRES_PASSWORD | quote }} -# REDIS_HOST_PASSWORD: {{ $REDIS_PASSWORD | quote }} -*/}} - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-postgres - annotations: - {{ include "helm_keep_annotation" . | nindent 4 }} -data: - POSTGRES_USER: postgres - POSTGRES_DB: nextcloud - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-postgres - annotations: - {{ include "helm_keep_annotation" . | nindent 4 }} -type: generic -data: - POSTGRES_PASSWORD: {{ $POSTGRES_PASSWORD | quote }} - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-postgres-init - annotations: - {{ include "helm_keep_annotation" . | nindent 4 }} -stringData: - init-user-db.sh: | - #!/bin/bash - set -e - - psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE USER nextcloud PASSWORD '{{ $POSTGRES_PASSWORD | b64dec }}'; - GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud; - GRANT USAGE, CREATE ON SCHEMA public TO nextcloud; - EOSQL - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-redis - annotations: - {{ include "helm_keep_annotation" . | nindent 4 }} -type: generic -data: - REDIS_PASSWORD: {{ $REDIS_PASSWORD | quote }} - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-nextcloud - annotations: - {{ include "helm_keep_annotation" . | nindent 4 }} -data: - NEXTCLOUD_TRUSTED_DOMAINS: {{ .Values.nextcloud.domain }} - OVERWRITEPROTOCOL: https - OVERWRITECLIURL: https://{{ .Values.nextcloud.domain }} - NEXTCLOUD_ADMIN_USER: admin - POSTGRES_USER: nextcloud - POSTGRES_HOST: {{ .Release.Name }} - POSTGRES_DB: nextcloud - REDIS_HOST: {{ .Release.Name }} - PHP_UPLOAD_LIMIT: 1000000M - PHP_MEMORY_LIMIT: 2048M - TRUSTED_PROXIES: 10.42.0.1/24 - APACHE_DISABLE_REWRITE_IP: "1" - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-nextcloud - annotations: - {{ include "helm_keep_annotation" . | nindent 4 }} -type: generic -data: - NEXTCLOUD_ADMIN_PASSWORD: {{ $NEXTCLOUD_ADMIN_PASSWORD | quote }} - POSTGRES_PASSWORD: {{ $POSTGRES_PASSWORD | quote }} - REDIS_HOST_PASSWORD: {{ $REDIS_PASSWORD | quote }} - SMTP_PASSWORD: {{ .Values.SMTP_PASSWORD | b64enc | quote }} - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: nextcloud - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: nextcloud - spec: - containers: - - name: nextcloud - image: {{ .Values.nextcloud.image }} - ports: - - containerPort: 80 - name: http - envFrom: - - configMapRef: - name: {{ .Release.Name }}-nextcloud - - secretRef: - name: {{ .Release.Name }}-nextcloud - volumeMounts: - - mountPath: /var/www/html - name: html - - mountPath: /var/www/html/data - name: data - resources: - requests: - memory: "1Gi" - cpu: "1m" - limits: - memory: "4Gi" - cpu: "4" - - name: postgres - image: postgres:15 - envFrom: - - configMapRef: - name: {{ .Release.Name }}-postgres - - secretRef: - name: {{ .Release.Name }}-postgres - volumeMounts: - - name: postgres - mountPath: /var/lib/postgresql/data - - name: postgres-init - mountPath: /docker-entrypoint-initdb.d/init-user-db.sh - subPath: init-user-db.sh - ports: - - containerPort: 5432 - name: postgres - resources: - requests: - memory: "1Gi" - cpu: "1m" - limits: - memory: "4Gi" - cpu: "4" - - name: redis - image: redis:7 - ports: - - containerPort: 6379 - name: redis - volumeMounts: - - mountPath: /data - name: redis - command: - - redis-server - - --save - - "60" - - "1" - - --loglevel - - warning - - --requirepass - - {{ $REDIS_PASSWORD | b64dec | quote }} - resources: - requests: - memory: "1Gi" - cpu: "1m" - limits: - memory: "4Gi" - cpu: "4" - volumes: - - name: html - persistentVolumeClaim: - claimName: {{ .Release.Name }}-html-iops - - name: data - persistentVolumeClaim: - claimName: {{ .Release.Name }}-data - - name: postgres - persistentVolumeClaim: - claimName: {{ .Release.Name }}-postgres-iops - - name: redis - persistentVolumeClaim: - claimName: {{ .Release.Name }}-redis-iops - - name: postgres-init - secret: - secretName: {{ .Release.Name }}-postgres-init - ---- - -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ .Release.Name }}-cron -spec: - schedule: "*/5 * * * *" - failedJobsHistoryLimit: 1 - successfulJobsHistoryLimit: 0 - jobTemplate: - spec: - template: - spec: - securityContext: - runAsUser: 33 - runAsGroup: 33 - containers: - - name: nextcloud - image: {{ .Values.nextcloud.image }} - command: - - php - - -f - - cron.php - volumeMounts: - - mountPath: /var/www/html - name: html - - mountPath: /var/www/html/data - name: data - envFrom: - - configMapRef: - name: {{ .Release.Name }}-nextcloud - - secretRef: - name: {{ .Release.Name }}-nextcloud - resources: - requests: - memory: "1Gi" - cpu: "1m" - limits: - memory: "4Gi" - cpu: "4" - volumes: - - name: html - persistentVolumeClaim: - claimName: {{ .Release.Name }}-html-iops - - name: data - persistentVolumeClaim: - claimName: {{ .Release.Name }}-data - restartPolicy: OnFailure - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Release.Name }}-data - annotations: - "helm.sh/resource-policy": keep -spec: - storageClassName: zfs-iscsi-enc0 - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Ti - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Release.Name }}-html-iops - annotations: - "helm.sh/resource-policy": keep -spec: - storageClassName: zfs-iscsi-enc1 - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 16Gi - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Release.Name }}-postgres-iops - annotations: - "helm.sh/resource-policy": keep -spec: - storageClassName: zfs-iscsi-enc1 - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 32Gi - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Release.Name }}-redis-iops - annotations: - "helm.sh/resource-policy": keep -spec: - storageClassName: zfs-iscsi-enc1 - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 32Gi - ---- - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }} -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: nextcloud - ports: - - name: http - protocol: TCP - port: 80 - targetPort: http - - name: postgres - protocol: TCP - port: 5432 - targetPort: postgres - - name: redis - protocol: TCP - port: 6379 - targetPort: redis - ---- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }} - annotations: - cert-manager.io/cluster-issuer: letsencrypt - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.org/client-max-body-size: "0" -spec: - rules: - - host: {{ .Values.nextcloud.domain }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: nextcloud - port: - name: http - tls: - - hosts: - - {{ .Values.nextcloud.domain }} - secretName: nextcloud-tls-cert diff --git a/helm/nextcloud/templates/postgres-configmap.yaml b/helm/nextcloud/templates/postgres-configmap.yaml new file mode 100644 index 0000000..7f88e52 --- /dev/null +++ b/helm/nextcloud/templates/postgres-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-postgres + annotations: + {{- include "helm_keep_annotation" . | nindent 4 }} +data: + POSTGRES_USER: postgres + POSTGRES_DB: nextcloud diff --git a/helm/nextcloud/templates/postgres-init-secret.yaml b/helm/nextcloud/templates/postgres-init-secret.yaml new file mode 100644 index 0000000..756386b --- /dev/null +++ b/helm/nextcloud/templates/postgres-init-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-postgres-init + annotations: + {{- include "helm_keep_annotation" . | nindent 4 }} +stringData: + init-user-db.sh: | + #!/bin/bash + set -e + + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER nextcloud PASSWORD '{{ include "POSTGRES_PASSWORD" . | b64dec }}'; + GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud; + GRANT USAGE, CREATE ON SCHEMA public TO nextcloud; + EOSQL diff --git a/helm/nextcloud/templates/postgres-pvc.yaml b/helm/nextcloud/templates/postgres-pvc.yaml new file mode 100644 index 0000000..fa297f0 --- /dev/null +++ b/helm/nextcloud/templates/postgres-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-postgres-iops + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: zfs-iscsi-enc1 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 32Gi diff --git a/helm/nextcloud/templates/postgres-secret.yaml b/helm/nextcloud/templates/postgres-secret.yaml new file mode 100644 index 0000000..feb200f --- /dev/null +++ b/helm/nextcloud/templates/postgres-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-postgres + annotations: + {{- include "helm_keep_annotation" . | nindent 4 }} +type: generic +data: + POSTGRES_PASSWORD: {{ include "POSTGRES_PASSWORD" . | quote }} diff --git a/helm/nextcloud/templates/redis-pvc.yaml b/helm/nextcloud/templates/redis-pvc.yaml new file mode 100644 index 0000000..f5ebb7e --- /dev/null +++ b/helm/nextcloud/templates/redis-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-redis-iops + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: zfs-iscsi-enc1 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 32Gi diff --git a/helm/nextcloud/templates/redis-secret.yaml b/helm/nextcloud/templates/redis-secret.yaml new file mode 100644 index 0000000..aff4222 --- /dev/null +++ b/helm/nextcloud/templates/redis-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-redis + annotations: + {{- include "helm_keep_annotation" . | nindent 4 }} +type: generic +data: + REDIS_PASSWORD: {{ include "REDIS_PASSWORD" . | quote }} diff --git a/helm/nextcloud/templates/service.yaml b/helm/nextcloud/templates/service.yaml new file mode 100644 index 0000000..e3fe5be --- /dev/null +++ b/helm/nextcloud/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: nextcloud + ports: + - name: http + protocol: TCP + port: 80 + targetPort: http + - name: postgres + protocol: TCP + port: 5432 + targetPort: postgres + - name: redis + protocol: TCP + port: 6379 + targetPort: redis diff --git a/helm/nextcloud/values.yaml b/helm/nextcloud/values.yaml index 78f179c..581a13a 100755 --- a/helm/nextcloud/values.yaml +++ b/helm/nextcloud/values.yaml @@ -1,3 +1,3 @@ nextcloud: - image: nextcloud:26.0.1 + image: nextcloud:26.0.7 domain: nextcloud.reeseapps.com