diff --git a/apps/base/nextcloud/release.yaml b/apps/base/nextcloud/release.yaml
index d9f2e6f9258265f79ae5891032c98576d79f4f69..abd2cf29c22b845416b77fa8664ab0c4839f05d0 100644
--- a/apps/base/nextcloud/release.yaml
+++ b/apps/base/nextcloud/release.yaml
@@ -9,11 +9,11 @@ spec:
releaseName: nextcloud
chart:
spec:
- chart: nextcloud
+ chart: ./charts/nextcloud
sourceRef:
- kind: HelmRepository
- name: nextcloud
- version: 3.1.3
+ kind: GitRepository
+ name: flux-system
+ namespace: flux-system
interval: 5m
valuesFrom:
- kind: ConfigMap
diff --git a/apps/base/nextcloud/repository.yaml b/apps/base/nextcloud/repository.yaml
deleted file mode 100644
index 7813e30cf765c4231462c472f4a1f3d5bbf2d0e2..0000000000000000000000000000000000000000
--- a/apps/base/nextcloud/repository.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
- name: nextcloud
- namespace: nextcloud
-spec:
- interval: 30m
- url: https://sisheogorath.github.io/helm/
diff --git a/charts/.utils/gitlab-ci.yaml b/charts/.utils/gitlab-ci.yaml
index 5a82298808b54ca6de4f53bc0fa2eef33bbeb131..8ee6a9dcee4e8425d267ea897eafce8b07c15e16 100644
--- a/charts/.utils/gitlab-ci.yaml
+++ b/charts/.utils/gitlab-ci.yaml
@@ -5,6 +5,7 @@
- keycloak
- mok
- mastodon
+ - nextcloud
chart-package:
stage: build
diff --git a/charts/nextcloud/.helmignore b/charts/nextcloud/.helmignore
new file mode 100644
index 0000000000000000000000000000000000000000..f0c13194444163d1cba5c67d9e79231a62bc8f44
--- /dev/null
+++ b/charts/nextcloud/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/nextcloud/Chart.lock b/charts/nextcloud/Chart.lock
new file mode 100644
index 0000000000000000000000000000000000000000..564cd132565a0fa3432b7b19857ba1b7f034ad0f
--- /dev/null
+++ b/charts/nextcloud/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: postgresql
+ repository: https://charts.bitnami.com/bitnami
+ version: 11.6.10
+- name: mariadb
+ repository: https://charts.bitnami.com/bitnami
+ version: 11.0.13
+- name: redis
+ repository: https://charts.bitnami.com/bitnami
+ version: 16.12.3
+digest: sha256:fa5daab278b20ab0521819791750848c7cf8f4081bea4d675ce04faef5cbb547
+generated: "2022-06-28T20:46:18.681579184+02:00"
diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a5f52e6ace7453d30621491176d4c9a5d504283d
--- /dev/null
+++ b/charts/nextcloud/Chart.yaml
@@ -0,0 +1,37 @@
+apiVersion: v2
+name: nextcloud
+version: 3.1.3
+# renovate: image=docker.io/library/nextcloud
+appVersion: 24.0.7
+description: A file sharing server that puts the control and security of your own data back into your hands.
+keywords:
+- nextcloud
+- storage
+- http
+- web
+- php
+home: https://nextcloud.com/
+icon: https://cdn.rawgit.com/docker-library/docs/defa5ffc7123177acd60ddef6e16bddf694cc35f/nextcloud/logo.svg
+sources:
+- https://github.com/nextcloud/helm
+- https://github.com/nextcloud/docker
+maintainers:
+- name: skjnldsv
+ email: skjnldsv@protonmail.com
+- name: chrisingenhaag
+ email: christian.ingenhaag@googlemail.com
+- name: billimek
+ email: jeff@billimek.com
+dependencies:
+- name: postgresql
+ version: 11.6.*
+ repository: https://charts.bitnami.com/bitnami
+ condition: postgresql.enabled
+- name: mariadb
+ version: 11.0.*
+ repository: https://charts.bitnami.com/bitnami
+ condition: mariadb.enabled
+- name: redis
+ version: 16.12.*
+ repository: https://charts.bitnami.com/bitnami
+ condition: redis.enabled
diff --git a/charts/nextcloud/LICENSE b/charts/nextcloud/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..0ad25db4bd1d86c452db3f9602ccdbe172438f52
--- /dev/null
+++ b/charts/nextcloud/LICENSE
@@ -0,0 +1,661 @@
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+ A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+ The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+ An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+ Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software. This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.
diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..b353b2ad787ec11d8ea808f606242abe996a7616
--- /dev/null
+++ b/charts/nextcloud/README.md
@@ -0,0 +1,350 @@
+# nextcloud
+
+[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands.
+
+## TL;DR;
+
+```console
+helm repo add nextcloud https://nextcloud.github.io/helm/
+helm install my-release nextcloud/nextcloud
+```
+
+## Introduction
+
+This chart bootstraps an [nextcloud](https://hub.docker.com/_/nextcloud/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the nextcloud application.
+
+## Prerequisites
+
+- Kubernetes 1.9+ with Beta APIs enabled
+- PV provisioner support in the underlying infrastructure
+- Helm >=3.7.0 ([for subchart scope exposing](nextcloud/helm#152))
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm repo add nextcloud https://nextcloud.github.io/helm/
+helm install my-release nextcloud/nextcloud
+```
+
+The command deploys nextcloud on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the nextcloud chart and their default values.
+
+| Parameter | Description | Default |
+| ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------- |
+| `image.repository` | nextcloud Image name | `nextcloud` |
+| `image.flavor` | nextcloud Image type | `apache` |
+| `image.tag` | nextcloud Image tag | `{VERSION}` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Specify image pull secrets | `nil` |
+| `ingress.className` | Name of the ingress class to use | `nil` |
+| `ingress.enabled` | Enable use of ingress controllers | `false` |
+| `ingress.servicePort` | Ingress' backend servicePort | `http` |
+| `ingress.annotations` | An array of service annotations | `nil` |
+| `ingress.labels` | An array of service labels | `nil` |
+| `ingress.path` | The `Path` to use in Ingress' `paths` | `/` |
+| `ingress.pathType` | The `PathType` to use in Ingress' `paths` | `Prefix` |
+| `ingress.tls` | Ingress TLS configuration | `[]` |
+| `nextcloud.host` | nextcloud host to create application URLs | `nextcloud.kube.home` |
+| `nextcloud.username` | User of the application | `admin` |
+| `nextcloud.password` | Application password | `changeme` |
+| `nextcloud.existingSecret.enabled` | Whether to use an existing secret or not | `false` |
+| `nextcloud.existingSecret.secretName` | Name of the existing secret | `nil` |
+| `nextcloud.existingSecret.usernameKey` | Name of the key that contains the username | `nil` |
+| `nextcloud.existingSecret.passwordKey` | Name of the key that contains the password | `nil` |
+| `nextcloud.existingSecret.smtpUsernameKey` | Name of the key that contains the SMTP username | `nil` |
+| `nextcloud.existingSecret.smtpPasswordKey` | Name of the key that contains the SMTP password | `nil` |
+| `nextcloud.update` | Trigger update if custom command is used | `0` |
+| `nextcloud.containerPort` | Customize container port when not running as root | `80` |
+| `nextcloud.datadir` | nextcloud data dir location | `/var/www/html/data` |
+| `nextcloud.mail.enabled` | Whether to enable/disable email settings | `false` |
+| `nextcloud.mail.fromAddress` | nextcloud mail send from field | `nil` |
+| `nextcloud.mail.domain` | nextcloud mail domain | `nil` |
+| `nextcloud.mail.smtp.host` | SMTP hostname | `nil` |
+| `nextcloud.mail.smtp.secure` | SMTP connection `ssl` or empty | `''` |
+| `nextcloud.mail.smtp.port` | Optional SMTP port | `nil` |
+| `nextcloud.mail.smtp.authtype` | SMTP authentication method | `LOGIN` |
+| `nextcloud.mail.smtp.name` | SMTP username | `''` |
+| `nextcloud.mail.smtp.password` | SMTP password | `''` |
+| `nextcloud.configs` | Config files created in `/var/www/html/config` | `{}` |
+| `nextcloud.persistence.subPath` | Set the subPath for nextcloud to use in volume | `nil` |
+| `nextcloud.phpConfigs` | PHP Config files created in `/usr/local/etc/php/conf.d` | `{}` |
+| `nextcloud.defaultConfigs.\.htaccess` | Default .htaccess to protect `/var/www/html/config` | `true` |
+| `nextcloud.defaultConfigs.redis\.config\.php` | Default Redis configuration | `true` |
+| `nextcloud.defaultConfigs.apache-pretty-urls\.config\.php` | Default Apache configuration for rewrite urls | `true` |
+| `nextcloud.defaultConfigs.apcu\.config\.php` | Default configuration to define APCu as local cache | `true` |
+| `nextcloud.defaultConfigs.apps\.config\.php` | Default configuration for apps | `true` |
+| `nextcloud.defaultConfigs.autoconfig\.php` | Default auto-configuration for databases | `true` |
+| `nextcloud.defaultConfigs.smtp\.config\.php` | Default configuration for smtp | `true` |
+| `nextcloud.strategy` | specifies the strategy used to replace old Pods by new ones | `type: Recreate` |
+| `nextcloud.extraEnv` | specify additional environment variables | `{}` |
+| `nextcloud.extraInitContainers` | specify additional init containers | `[]` |
+| `nextcloud.extraVolumes` | specify additional volumes for the NextCloud pod | `{}` |
+| `nextcloud.extraVolumeMounts` | specify additional volume mounts for the NextCloud pod | `{}` |
+| `nginx.enabled` | Enable nginx (requires you use php-fpm image) | `false` |
+| `nginx.image.repository` | nginx Image name | `nginx` |
+| `nginx.image.tag` | nginx Image tag | `alpine` |
+| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` |
+| `nginx.config.default` | Whether to use nextclouds recommended nginx config | `true` |
+| `nginx.config.custom` | Specify a custom config for nginx | `{}` |
+| `nginx.resources` | nginx resources | `{}` |
+| `lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` |
+| `lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` |
+| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` |
+| `internalDatabase.database` | Name of the existing database | `nextcloud` |
+| `externalDatabase.enabled` | Whether to use external database | `false` |
+| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` |
+| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` |
+| `externalDatabase.database` | Name of the existing database | `nextcloud` |
+| `externalDatabase.user` | Existing username in the external db | `nextcloud` |
+| `externalDatabase.password` | Password for the above username | `nil` |
+| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` |
+| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` |
+| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` |
+| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` |
+| `mariadb.enabled` | Whether to use the MariaDB chart | `false` |
+| `mariadb.auth.database` | Database name to create | `nextcloud` |
+| `mariadb.auth.password` | Password for the database | `changeme` |
+| `mariadb.auth.username` | Database user to create | `nextcloud` |
+| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` |
+| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` |
+| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` |
+| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` |
+| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` |
+| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` |
+| `redis.enabled` | Whether to install/use redis for locking | `false` |
+| `redis.auth.enabled` | Whether to enable password authentication with redis | `true` |
+| `redis.auth.password` | The password redis uses | `''` |
+| `cronjob.enabled` | Whether to enable/disable cronjob | `false` |
+| `cronjob.schedule` | Schedule for the CronJob | `*/15 * * * *` |
+| `cronjob.annotations` | Annotations to add to the cronjob | {} |
+| `cronjob.curlInsecure` | Set insecure (-k) option to curl | false |
+| `cronjob.failedJobsHistoryLimit` | Specify the number of failed Jobs to keep | `5` |
+| `cronjob.successfulJobsHistoryLimit` | Specify the number of completed Jobs to keep | `2` |
+| `cronjob.resources` | Cronjob Resources | `nil` |
+| `cronjob.nodeSelector` | Cronjob Node selector | `nil` |
+| `cronjob.tolerations` | Cronjob tolerations | `nil` |
+| `cronjob.affinity` | Cronjob affinity | `nil` |
+| `service.type` | Kubernetes Service type | `ClusterIP` |
+| `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `nil` |
+| `service.nodePort` | NodePort for service type NodePort | `nil` |
+| `persistence.enabled` | Enable persistence using PVC | `false` |
+| `persistence.annotations` | PVC annotations | `{}` |
+| `persistence.storageClass` | PVC Storage Class for nextcloud volume | `nil` (uses alpha storage class annotation) |
+| `persistence.existingClaim` | An Existing PVC name for nextcloud volume | `nil` (uses alpha storage class annotation) |
+| `persistence.accessMode` | PVC Access Mode for nextcloud volume | `ReadWriteOnce` |
+| `persistence.size` | PVC Storage Request for nextcloud volume | `8Gi` |
+| `persistence.nextcloudData.enabled` | Create a second PVC for the data folder in nextcloud | `false` |
+| `persistence.nextcloudData.annotations` | see `persistence.annotations` | `{}` |
+| `persistence.nextcloudData.storageClass` | see `persistence.storageClass` | `nil` (uses alpha storage class annotation) |
+| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim` | `nil` (uses alpha storage class annotation) |
+| `persistence.nextcloudData.accessMode` | see `persistence.accessMode` | `ReadWriteOnce` |
+| `persistence.nextcloudData.size` | see `persistence.size` | `8Gi` |
+| `phpClientHttpsFix.enabled` | Sets OVERWRITEPROTOCOL for https ingress redirect | `false` |
+| `phpClientHttpsFix.protocol` | Sets OVERWRITEPROTOCOL for https ingress redirect | `https` |
+| `resources` | CPU/Memory resource requests/limits | `{}` |
+| `rbac.enabled` | Enable Role and rolebinding for priveledged PSP | `false` |
+| `rbac.serviceaccount.create` | Wether to create a serviceaccount or use an existing one (requires rbac) | `true` |
+| `rbac.serviceaccount.name` | The name of the sevice account that the deployment will use (requires rbac) | `nextcloud-serviceaccount` |
+| `rbac.serviceaccount.annotations` | Serviceaccount annotations | `{}` |
+| `livenessProbe.enabled` | Turn on and off liveness probe | `true` |
+| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` |
+| `livenessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `livenessProbe.timeoutSeconds` | When the probe times out | `5` |
+| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` |
+| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
+| `readinessProbe.enabled` | Turn on and off readiness probe | `true` |
+| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` |
+| `readinessProbe.periodSeconds` | How often to perform the probe | `10` |
+| `readinessProbe.timeoutSeconds` | When the probe times out | `5` |
+| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` |
+| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
+| `startupProbe.enabled` | Turn on and off startup probe | `false` |
+| `startupProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` |
+| `startupProbe.periodSeconds` | How often to perform the probe | `10` |
+| `startupProbe.timeoutSeconds` | When the probe times out | `5` |
+| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe | `30` |
+| `startupProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
+| `hpa.enabled` | Boolean to create a HorizontalPodAutoscaler | `false` |
+| `hpa.cputhreshold` | CPU threshold percent for the HorizontalPodAutoscale | `60` |
+| `hpa.minPods` | Min. pods for the Nextcloud HorizontalPodAutoscaler | `1` |
+| `hpa.maxPods` | Max. pods for the Nextcloud HorizontalPodAutoscaler | `10` |
+| `deploymentLabels` | Labels to be added at 'deployment' level | not set |
+| `deploymentAnnotations` | Annotations to be added at 'deployment' level | not set |
+| `podLabels` | Labels to be added at 'pod' level | not set |
+| `podAnnotations` | Annotations to be added at 'pod' level | not set |
+| `metrics.enabled` | Start Prometheus metrics exporter | `false` |
+| `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) |
+| `metrics.token` | Uses token for auth instead of username/password | `""` |
+| `metrics.timeout` | When the scrape times out | `5s` |
+| `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` |
+| `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.5.1` |
+| `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` |
+| `metrics.podAnnotations` | Additional annotations for metrics exporter | not set |
+| `metrics.podLabels` | Additional labels for metrics exporter | not set |
+| `metrics.service.type` | Metrics: Kubernetes Service type | `ClusterIP` |
+| `metrics.service.loadBalancerIP` | Metrics: LoadBalancerIp for service type LoadBalancer | `nil` |
+| `metrics.service.nodePort` | Metrics: NodePort for service type NodePort | `nil` |
+| `metrics.service.annotations` | Additional annotations for service metrics exporter | `{prometheus.io/scrape: "true", prometheus.io/port: "9205"}` |
+| `metrics.service.labels` | Additional labels for service metrics exporter | `{}` |
+| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
+| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `` |
+| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus | `` |
+| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
+| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `` |
+| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{} |
+
+> **Note**:
+>
+> For nextcloud to function correctly, you should specify the `nextcloud.host` parameter to specify the FQDN (recommended) or the public IP address of the nextcloud service.
+>
+> Optionally, you can specify the `service.loadBalancerIP` parameter to assign a reserved IP address to the nextcloud service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE).
+>
+> To reserve a public IP address on GKE:
+>
+> ```bash
+> gcloud compute addresses create nextcloud-public-ip
+> ```
+>
+> The reserved IP address can be associated to the nextcloud service by specifying it as the value of the `service.loadBalancerIP` parameter while installing the chart.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install --name my-release \
+ --set nextcloud.username=admin,nextcloud.password=password,mariadb.auth.rootPassword=secretpassword \
+ nextcloud/nextcloud
+```
+
+The above command sets the nextcloud administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install --name my-release -f values.yaml nextcloud/nextcloud
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Persistence
+
+The [Nextcloud](https://hub.docker.com/_/nextcloud/) image stores the nextcloud data and configurations at the `/var/www/html` paths of the container.
+
+Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
+See the [Configuration](#configuration) section to enable persistence and configuration of the PVC.
+
+## Cronjob
+
+This chart can utilize Kubernetes `CronJob` resource to execute [background tasks](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html).
+
+To use this functionality, set `cronjob.enabled` parameter to `true` and switch background mode to Webcron in your nextcloud settings page.
+See the [Configuration](#configuration) section for further configuration of the cronjob resource.
+
+> **Note**: For the cronjobs to work correctly, ingress must be also enabled (set `ingress.enabled` to `true`) and `nextcloud.host` has to be publicly resolvable.
+
+## Multiple config.php file
+
+Nextcloud supports loading configuration parameters from multiple files.
+You can add arbitrary files ending with `.config.php` in the `config/` directory.
+See [documentation](https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file).
+
+For example, following config will configure Nextcloud with [S3 as primary storage](https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3) by creating file `/var/www/html/config/s3.config.php`:
+
+```yaml
+nextcloud:
+ configs:
+ s3.config.php: |-
+ <?php
+ $CONFIG = array (
+ 'objectstore' => array(
+ 'class' => '\\OC\\Files\\ObjectStore\\S3',
+ 'arguments' => array(
+ 'bucket' => 'my-bucket',
+ 'autocreate' => true,
+ 'key' => 'xxx',
+ 'secret' => 'xxx',
+ 'region' => 'us-east-1',
+ 'use_ssl' => true
+ )
+ )
+ );
+```
+
+## Preserving Source IP
+
+- Make sure your loadbalancer preserves source IP, for bare metal, `metalb` does and `klipper-lb` doesn't.
+- Make sure your Ingress preserves source IP. If you use `ingress-nginx`, add the following annotations:
+```yaml
+ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/enable-cors: "true"
+ nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
+```
+- The next layer is nextcloud pod's nginx if you use `nextcloud-fpm`, this can be left at default
+- Add some PHP config for nextcloud as mentioned above in multiple `config.php`s section:
+```php
+ configs:
+ proxy.config.php: |-
+ <?php
+ $CONFIG = array (
+ 'trusted_proxies' => array(
+ 0 => '127.0.0.1',
+ 1 => '10.0.0.0/8',
+ ),
+ 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
+ );
+```
+
+## Hugepages
+
+If your node has hugepages enabled, but you do not map any into the container, it could fail to start with a bus error in Apache. This is due
+to Apache attempting to memory map a file and use hugepages. The fix is to either disable huge pages on the node or map hugepages into the container:
+
+```yaml
+nextcloud:
+ extraVolumes:
+ - name: hugepages
+ emptyDir:
+ medium: HugePages-2Mi
+ extraVolumeMounts:
+ - name: hugepages
+ mountPath: /dev/hugepages
+ resources:
+ requests:
+ hugepages-2Mi: 500Mi
+ # note that Kubernetes currently requires cpu or memory requests and limits before hugepages are allowed.
+ memory: 500Mi
+ limits:
+ # limit and request must be the same for hugepages. They are a fixed resource.
+ hugepages-2Mi: 500Mi
+ # note that Kubernetes currently requires cpu or memory requests and limits before hugepages are allowed.
+ memory: 1Gi
+```
+
+## HPA (Clustering)
+If you want to have multiple Nextcloud containers, regardless of dynamic or static sizes, you need to use shared persistence between the containers.
+
+Minimum cluster compatible persistence settings:
+```yaml
+persistence:
+ enabled: true
+ accessMode: ReadWriteMany
+```
diff --git a/charts/nextcloud/charts/mariadb-9.8.1.tgz b/charts/nextcloud/charts/mariadb-9.8.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1b32ae69de88bcfd7ab41ff82720c47372ab2ad2
Binary files /dev/null and b/charts/nextcloud/charts/mariadb-9.8.1.tgz differ
diff --git a/charts/nextcloud/charts/postgresql-10.16.2.tgz b/charts/nextcloud/charts/postgresql-10.16.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..d3a6d0f8f51e3f5ef0fdfa10b3205e922b5fcea8
Binary files /dev/null and b/charts/nextcloud/charts/postgresql-10.16.2.tgz differ
diff --git a/charts/nextcloud/charts/redis-15.7.6.tgz b/charts/nextcloud/charts/redis-15.7.6.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..37cde427b54e55ac0ac74d8765616e3141e4fd61
Binary files /dev/null and b/charts/nextcloud/charts/redis-15.7.6.tgz differ
diff --git a/charts/nextcloud/templates/NOTES.txt b/charts/nextcloud/templates/NOTES.txt
new file mode 100644
index 0000000000000000000000000000000000000000..0832389d15817833380a1ff05445afac708357b7
--- /dev/null
+++ b/charts/nextcloud/templates/NOTES.txt
@@ -0,0 +1,94 @@
+{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}}
+
+{{- if empty .Values.nextcloud.host -}}
+#################################################################################
+### WARNING: You did not provide an external host in your 'helm install' call ###
+#################################################################################
+
+This deployment will be incomplete until you configure nextcloud with a resolvable
+host. To configure nextcloud with the URL of your service:
+
+1. Get the nextcloud URL by running:
+
+ {{- if contains "NodePort" .Values.service.type }}
+
+ export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}")
+ export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+
+ {{- else if contains "LoadBalancer" .Values.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "nextcloud.fullname" . }}'
+
+ export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+ export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode)
+ {{- if .Values.mariadb.db.password }}
+ export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode)
+ {{- end }}
+ {{- end }}
+
+2. Complete your nextcloud deployment by running:
+
+{{- if .Values.mariadb.enabled }}
+
+ helm upgrade {{ .Release.Name }} nextcloud/nextcloud \
+ --set nextcloud.host=$APP_HOST,nextcloud.password=$APP_PASSWORD{{ if .Values.mariadb.db.password }},mariadb.db.password=$APP_DATABASE_PASSWORD{{ end }}
+{{- else }}
+
+ ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ##
+
+ helm upgrade {{ .Release.Name }} nextcloud/nextcloud \
+ --set nextcloud.password=$APP_PASSWORD,nextcloud.host=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }}
+{{- end }}
+
+{{- else -}}
+1. Get the nextcloud URL by running:
+
+{{- if eq .Values.service.type "ClusterIP" }}
+
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "nextcloud.name" . }}" -o jsonpath="{.items[0].metadata.name}")
+ echo http://127.0.0.1:8080/
+ kubectl port-forward $POD_NAME 8080:80
+{{- else }}
+
+ echo http://{{ .Values.nextcloud.host }}/
+{{- end }}
+
+2. Get your nextcloud login credentials by running:
+
+ echo User: {{ .Values.nextcloud.username }}
+ echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode)
+{{- end }}
+
+{{- else -}}
+
+#######################################################################################################
+## WARNING: You did not provide an external database host in your 'helm install' call ##
+## Running Nextcloud with the integrated sqlite database is not recommended for production instances ##
+#######################################################################################################
+
+For better performance etc. you have to configure nextcloud with a resolvable database
+host. To configure nextcloud to use and external database host:
+
+
+1. Complete your nextcloud deployment by running:
+
+{{- if contains "NodePort" .Values.service.type }}
+ export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+{{- else if contains "LoadBalancer" .Values.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "nextcloud.fullname" . }}'
+
+ export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+{{- else }}
+
+ export APP_HOST=127.0.0.1
+{{- end }}
+ export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode)
+
+ ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ##
+
+ helm upgrade {{ .Release.Name }} nextcloud/nextcloud \
+ --set nextcloud.password=$APP_PASSWORD,nextcloud.host=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST
+{{- end }}
diff --git a/charts/nextcloud/templates/_helpers.tpl b/charts/nextcloud/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..4ebe3c8c5261e41fb4de1430645bf106845228c1
--- /dev/null
+++ b/charts/nextcloud/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nextcloud.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nextcloud.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified redis app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "nextcloud.redis.fullname" -}}
+{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nextcloud.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create image name that is used in the deployment
+*/}}
+{{- define "nextcloud.image" -}}
+{{- if .Values.image.tag -}}
+{{- printf "%s:%s" .Values.image.repository .Values.image.tag -}}
+{{- else -}}
+{{- printf "%s:%s-%s" .Values.image.repository .Chart.AppVersion (default "apache" .Values.image.flavor) -}}
+{{- end -}}
+{{- end -}}
+
+
+{{- define "nextcloud.ingress.apiVersion" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/nextcloud/templates/config.yaml b/charts/nextcloud/templates/config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..69b233be132762d3b4996af88c42a86760d45405
--- /dev/null
+++ b/charts/nextcloud/templates/config.yaml
@@ -0,0 +1,125 @@
+{{- if .Values.nextcloud.configs -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-config
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+{{- range $key, $value := .Values.nextcloud.configs }}
+ {{ $key }}: |-
+{{ $value | indent 4 }}
+{{- end }}
+{{- if .Values.nextcloud.defaultConfigs }}
+{{- if index .Values.nextcloud.defaultConfigs ".htaccess" }}
+ .htaccess: |-
+ # line below if for Apache 2.4
+ <ifModule mod_authz_core.c>
+ Require all denied
+ </ifModule>
+ # line below if for Apache 2.2
+ <ifModule !mod_authz_core.c>
+ deny from all
+ </ifModule>
+ # section for Apache 2.2 and 2.4
+ <ifModule mod_autoindex.c>
+ IndexIgnore *
+ </ifModule>
+{{- end }}
+{{- if index .Values.nextcloud.defaultConfigs "redis.config.php" }}
+ redis.config.php: |-
+ <?php
+ if (getenv('REDIS_HOST')) {
+ $CONFIG = array (
+ 'memcache.distributed' => '\OC\Memcache\Redis',
+ 'memcache.locking' => '\OC\Memcache\Redis',
+ 'redis' => array(
+ 'host' => getenv('REDIS_HOST'),
+ 'port' => getenv('REDIS_HOST_PORT') ?: 6379,
+ 'password' => getenv('REDIS_HOST_PASSWORD'),
+ ),
+ );
+ }
+{{- end }}
+{{- if index .Values.nextcloud.defaultConfigs "apache-pretty-urls.config.php" }}
+ apache-pretty-urls.config.php: |-
+ <?php
+ $CONFIG = array (
+ 'htaccess.RewriteBase' => '/',
+ );
+{{- end }}
+{{- if index .Values.nextcloud.defaultConfigs "apcu.config.php" }}
+ apcu.config.php: |-
+ <?php
+ $CONFIG = array (
+ 'memcache.local' => '\OC\Memcache\APCu',
+ );
+{{- end }}
+{{- if index .Values.nextcloud.defaultConfigs "apps.config.php" }}
+ apps.config.php: |-
+ <?php
+ $CONFIG = array (
+ "apps_paths" => array (
+ 0 => array (
+ "path" => OC::$SERVERROOT."/apps",
+ "url" => "/apps",
+ "writable" => false,
+ ),
+ 1 => array (
+ "path" => OC::$SERVERROOT."/custom_apps",
+ "url" => "/custom_apps",
+ "writable" => true,
+ ),
+ ),
+ );
+{{- end }}
+{{- if index .Values.nextcloud.defaultConfigs "autoconfig.php" }}
+ autoconfig.php: |-
+ <?php
+ $autoconfig_enabled = false;
+ if (getenv('SQLITE_DATABASE')) {
+ $AUTOCONFIG["dbtype"] = "sqlite";
+ $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
+ $autoconfig_enabled = true;
+ } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
+ $AUTOCONFIG["dbtype"] = "mysql";
+ $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
+ $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
+ $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
+ $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
+ $autoconfig_enabled = true;
+ } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
+ $AUTOCONFIG["dbtype"] = "pgsql";
+ $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
+ $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
+ $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
+ $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
+ $autoconfig_enabled = true;
+ }
+ if ($autoconfig_enabled) {
+ $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
+ }
+{{- end }}
+{{- if index .Values.nextcloud.defaultConfigs "smtp.config.php" }}
+ smtp.config.php: |-
+ <?php
+ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
+ $CONFIG = array (
+ 'mail_smtpmode' => 'smtp',
+ 'mail_smtphost' => getenv('SMTP_HOST'),
+ 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+ 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+ 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
+ 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+ 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+ 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
+ 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+ 'mail_domain' => getenv('MAIL_DOMAIN'),
+ );
+ }
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/cronjob.yaml b/charts/nextcloud/templates/cronjob.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ddc29c8b680f7a3c4b98386ab04a6757764690d5
--- /dev/null
+++ b/charts/nextcloud/templates/cronjob.yaml
@@ -0,0 +1,303 @@
+{{- if .Values.cronjob.enabled }}
+{{- if .Capabilities.APIVersions.Has "batch/v1/CronJob" }}
+apiVersion: batch/v1
+{{- else }}
+apiVersion: batch/v1beta1
+{{- end }}
+kind: CronJob
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-cron
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ annotations:
+ {{- toYaml .Values.cronjob.annotations | nindent 4 }}
+spec:
+ schedule: "{{ .Values.cronjob.schedule }}"
+ concurrencyPolicy: Forbid
+ {{- with .Values.cronjob.failedJobsHistoryLimit }}
+ failedJobsHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with .Values.cronjob.successfulJobsHistoryLimit }}
+ successfulJobsHistoryLimit: {{ . }}
+ {{- end }}
+ jobTemplate:
+ spec:
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/instance: {{ .Release.Service }}
+ app.kubernetes.io/component: cronjob
+ {{- if .Values.redis.enabled }}
+ {{ template "nextcloud.redis.fullname" . }}-client: "true"
+ {{- end }}
+ {{- if .Values.podLabels }}
+ {{- toYaml .Values.podLabels | nindent 12 }}
+ {{- end }}
+ annotations:
+ nextcloud-config-hash: {{ print (toJson .Values.nextcloud.defaultConfigs) "-" (toJson .Values.nextcloud.configs) | sha256sum }}
+ php-config-hash: {{ toJson .Values.nextcloud.phpConfigs | sha256sum }}
+ {{- if .Values.nginx.enabled }}
+ nginx-config-hash: {{ print .Values.nginx.config.default "-" .Values.nginx.config.custom | sha256sum }}
+ {{- end }}
+ {{- if .Values.podAnnotations }}
+ {{- toYaml .Values.podAnnotations | nindent 12 }}
+ {{- end }}
+ spec:
+ {{- if .Values.image.pullSecrets }}
+ imagePullSecrets:
+ {{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+ restartPolicy: Never
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ include "nextcloud.image" . }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command:
+ - php
+ - -f
+ - /var/www/html/cron.php
+ env:
+ {{- if .Values.phpClientHttpsFix.enabled }}
+ - name: OVERWRITEPROTOCOL
+ value: {{ .Values.phpClientHttpsFix.protocol | quote }}
+ {{- end }}
+ {{- if .Values.internalDatabase.enabled }}
+ - name: SQLITE_DATABASE
+ value: {{ .Values.internalDatabase.name | quote }}
+ {{- else if .Values.mariadb.enabled }}
+ - name: MYSQL_HOST
+ value: {{ template "mariadb.primary.fullname" .Subcharts.mariadb }}
+ - name: MYSQL_DATABASE
+ value: {{ .Values.mariadb.auth.database | quote }}
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ {{- else }}
+ {{- if eq .Values.externalDatabase.type "postgresql" }}
+ - name: POSTGRES_HOST
+ value: {{ .Values.externalDatabase.host | quote }}
+ - name: POSTGRES_DB
+ value: {{ .Values.externalDatabase.database | quote }}
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ {{- else }}
+ - name: MYSQL_HOST
+ value: {{ .Values.externalDatabase.host | quote }}
+ - name: MYSQL_DATABASE
+ value: {{ .Values.externalDatabase.database | quote }}
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ {{- end }}
+ {{- end }}
+ - name: NEXTCLOUD_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.usernameKey | default "nextcloud-username" }}
+ - name: NEXTCLOUD_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.passwordKey | default "nextcloud-password" }}
+ - name: NEXTCLOUD_TRUSTED_DOMAINS
+ value: {{ .Values.nextcloud.host }}
+ {{- if ne (int .Values.nextcloud.update) 0 }}
+ - name: NEXTCLOUD_UPDATE
+ value: {{ .Values.nextcloud.update | quote }}
+ {{- end }}
+ - name: NEXTCLOUD_DATA_DIR
+ value: {{ .Values.nextcloud.datadir | quote }}
+ {{- if .Values.nextcloud.mail.enabled }}
+ - name: MAIL_FROM_ADDRESS
+ value: {{ .Values.nextcloud.mail.fromAddress | quote }}
+ - name: MAIL_DOMAIN
+ value: {{ .Values.nextcloud.mail.domain | quote }}
+ - name: SMTP_HOST
+ value: {{ .Values.nextcloud.mail.smtp.host | quote }}
+ - name: SMTP_SECURE
+ value: {{ .Values.nextcloud.mail.smtp.secure | quote }}
+ - name: SMTP_PORT
+ value: {{ .Values.nextcloud.mail.smtp.port | quote }}
+ - name: SMTP_AUTHTYPE
+ value: {{ .Values.nextcloud.mail.smtp.authtype | quote }}
+ - name: SMTP_NAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.smtpUsernameKey | default "smtp-username" }}
+ - name: SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey | default "smtp-password" }}
+ {{- end }}
+ {{- if .Values.redis.enabled }}
+ - name: REDIS_HOST
+ value: {{ template "nextcloud.redis.fullname" . }}-master
+ - name: REDIS_HOST_PORT
+ value: {{ .Values.redis.master.service.port | quote }}
+ {{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }}
+ - name: REDIS_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.redis.auth.existingSecret }}
+ key: {{ .Values.redis.auth.existingSecretPasswordKey }}
+ {{- else }}
+ - name: REDIS_HOST_PASSWORD
+ value: {{ .Values.redis.auth.password }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.nextcloud.extraEnv }}
+ {{- toYaml .Values.nextcloud.extraEnv | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- toYaml (default .Values.resources .Values.cronjob.resources) | nindent 14 }}
+ volumeMounts:
+ - name: nextcloud-main
+ mountPath: /var/www/
+ subPath: {{ ternary "root" (printf "%s/%s" .Values.nextcloud.persistence.subPath "root") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html
+ subPath: {{ ternary "html" (printf "%s/%s" .Values.nextcloud.persistence.subPath "html") (empty .Values.nextcloud.persistence.subPath) }}
+ {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }}
+ - name: nextcloud-data
+ mountPath: {{ .Values.nextcloud.datadir }}
+ subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.nextcloudData.subPath "data") (empty .Values.persistence.nextcloudData.subPath) }}
+ {{- else }}
+ - name: nextcloud-main
+ mountPath: {{ .Values.nextcloud.datadir }}
+ subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }}
+ {{- end }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/config
+ subPath: {{ ternary "config" (printf "%s/%s" .Values.nextcloud.persistence.subPath "config") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/custom_apps
+ subPath: {{ ternary "custom_apps" (printf "%s/%s" .Values.nextcloud.persistence.subPath "custom_apps") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/tmp
+ subPath: {{ ternary "tmp" (printf "%s/%s" .Values.nextcloud.persistence.subPath "tmp") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/themes
+ subPath: {{ ternary "themes" (printf "%s/%s" .Values.nextcloud.persistence.subPath "themes") (empty .Values.nextcloud.persistence.subPath) }}
+ {{- range $key, $value := .Values.nextcloud.configs }}
+ - name: nextcloud-config
+ mountPath: /var/www/html/config/{{ $key }}
+ subPath: {{ $key }}
+ {{- end }}
+ {{- if .Values.nextcloud.configs }}
+ {{- range $key, $value := .Values.nextcloud.defaultConfigs }}
+ {{- if $value }}
+ - name: nextcloud-config
+ mountPath: /var/www/html/config/{{ $key }}
+ subPath: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- $nginxEnabled := .Values.nginx.enabled -}}
+ {{- range $key, $value := .Values.nextcloud.phpConfigs }}
+ - name: nextcloud-phpconfig
+ mountPath: {{ $nginxEnabled | ternary (printf "/usr/local/etc/php-fpm.d/%s" $key | quote) (printf "/usr/local/etc/php/conf.d/%s" $key | quote) }}
+ subPath: {{ $key }}
+ {{- end }}
+ {{- if .Values.nextcloud.extraVolumeMounts }}
+ {{- toYaml .Values.nextcloud.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with (default .Values.tolerations .Values.cronjob.tolerations) }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: nextcloud-main
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud{{- end }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }}
+ - name: nextcloud-data
+ persistentVolumeClaim:
+ claimName: {{ if .Values.persistence.nextcloudData.existingClaim }}{{ .Values.persistence.nextcloudData.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud-data{{- end }}
+ {{- end }}
+ {{- if .Values.nextcloud.configs }}
+ - name: nextcloud-config
+ configMap:
+ name: {{ template "nextcloud.fullname" . }}-config
+ {{- end }}
+ {{- if .Values.nextcloud.phpConfigs }}
+ - name: nextcloud-phpconfig
+ configMap:
+ name: {{ template "nextcloud.fullname" . }}-phpconfig
+ {{- end }}
+ {{- if .Values.nginx.enabled }}
+ - name: nextcloud-nginx-config
+ configMap:
+ name: {{ template "nextcloud.fullname" . }}-nginxconfig
+ {{- end }}
+ {{- if .Values.nextcloud.extraVolumes }}
+ {{- toYaml .Values.nextcloud.extraVolumes | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nginx.enabled }}
+ # Will mount configuration files as www-data (id: 82) for nextcloud
+ securityContext:
+ fsGroup: 82
+ runAsUser: 82
+ {{- if .Values.securityContext }}
+ {{- with .Values.securityContext }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- else }}
+ # Will mount configuration files as www-data (id: 33) for nextcloud
+ securityContext:
+ fsGroup: 33
+ runAsUser: 33
+ {{- if .Values.securityContext }}
+ {{- with .Values.securityContext }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.rbac.enabled }}
+ serviceAccountName: {{ .Values.rbac.serviceaccount.name }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/db-secret.yaml b/charts/nextcloud/templates/db-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1a4eaf4c45f74d400714b690693be140680a2b21
--- /dev/null
+++ b/charts/nextcloud/templates/db-secret.yaml
@@ -0,0 +1,25 @@
+{{- if or .Values.mariadb.enabled .Values.externalDatabase.enabled .Values.postgresql.enabled }}
+{{- if not .Values.externalDatabase.existingSecret.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ printf "%s-%s" .Release.Name "db" }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+type: Opaque
+data:
+ {{- if .Values.mariadb.enabled }}
+ db-password: {{ default "" .Values.mariadb.auth.password | b64enc | quote }}
+ db-username: {{ default "" .Values.mariadb.auth.username | b64enc | quote }}
+ {{- else if .Values.postgresql.enabled }}
+ db-password: {{ default "" .Values.postgresql.global.postgresql.auth.password | b64enc | quote }}
+ db-username: {{ default "" .Values.postgresql.global.postgresql.auth.username | b64enc | quote }}
+ {{- else }}
+ db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }}
+ db-username: {{ default "" .Values.externalDatabase.user | b64enc | quote }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d8dd830769b149e5b36edfedd660e42be0e934e5
--- /dev/null
+++ b/charts/nextcloud/templates/deployment.yaml
@@ -0,0 +1,484 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "nextcloud.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: app
+ {{- if .Values.deploymentLabels }}
+{{ toYaml .Values.deploymentLabels | indent 4 }}
+ {{- end }}
+ {{- if .Values.deploymentAnnotations }}
+ annotations:
+{{ toYaml .Values.deploymentAnnotations | indent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+{{ toYaml .Values.nextcloud.strategy | indent 4 }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: app
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: app
+ {{- if .Values.redis.enabled }}
+ {{ template "nextcloud.redis.fullname" . }}-client: "true"
+ {{- end }}
+ {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+ {{- end }}
+ annotations:
+ nextcloud-config-hash: {{ print (toJson .Values.nextcloud.defaultConfigs) "-" (toJson .Values.nextcloud.configs) | sha256sum }}
+ php-config-hash: {{ toJson .Values.nextcloud.phpConfigs | sha256sum }}
+ {{- if .Values.nginx.enabled }}
+ nginx-config-hash: {{ print .Values.nginx.config.default "-" .Values.nginx.config.custom | sha256sum }}
+ {{- end }}
+ {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.image.pullSecrets }}
+ imagePullSecrets:
+ {{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+ {{- end}}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "nextcloud.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.lifecycle }}
+ lifecycle:
+ {{- if .Values.lifecycle.postStartCommand }}
+ postStart:
+ exec:
+ command:
+ {{- toYaml .Values.lifecycle.postStartCommand | nindent 16 -}}
+ {{- end }}
+ {{- if .Values.lifecycle.preStopCommand }}
+ preStop:
+ exec:
+ command:
+ {{- toYaml .Values.lifecycle.preStopCommand | nindent 16 -}}
+ {{- end }}
+ {{- end }}
+ env:
+ {{- if .Values.phpClientHttpsFix.enabled }}
+ - name: OVERWRITEPROTOCOL
+ value: {{ .Values.phpClientHttpsFix.protocol | quote }}
+ {{- end }}
+ {{- if .Values.internalDatabase.enabled }}
+ - name: SQLITE_DATABASE
+ value: {{ .Values.internalDatabase.name | quote }}
+ {{- else if .Values.mariadb.enabled }}
+ - name: MYSQL_HOST
+ value: {{ template "mariadb.primary.fullname" .Subcharts.mariadb }}
+ - name: MYSQL_DATABASE
+ value: {{ .Values.mariadb.auth.database | quote }}
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ {{- else if .Values.postgresql.enabled }}
+ - name: POSTGRES_HOST
+ value: {{ template "postgresql.primary.fullname" .Subcharts.postgresql }}
+ - name: POSTGRES_DB
+ {{- if .Values.postgresql.auth.database }}
+ value: {{ .Values.postgresql.auth.database | quote }}
+ {{ else }}
+ value: {{ .Values.postgresql.global.postgresql.auth.database | quote }}
+ {{- end }}
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ {{- else }}
+ {{- if eq .Values.externalDatabase.type "postgresql" }}
+ - name: POSTGRES_HOST
+ value: {{ .Values.externalDatabase.host | quote }}
+ - name: POSTGRES_DB
+ value: {{ .Values.externalDatabase.database | quote }}
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ {{- else }}
+ - name: MYSQL_HOST
+ value: {{ .Values.externalDatabase.host | quote }}
+ - name: MYSQL_DATABASE
+ value: {{ .Values.externalDatabase.database | quote }}
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ {{- end }}
+ {{- end }}
+ - name: NEXTCLOUD_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.usernameKey | default "nextcloud-username" }}
+ - name: NEXTCLOUD_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.passwordKey | default "nextcloud-password" }}
+ - name: NEXTCLOUD_TRUSTED_DOMAINS
+ value: {{ .Values.nextcloud.host }}
+ {{- if ne (int .Values.nextcloud.update) 0 }}
+ - name: NEXTCLOUD_UPDATE
+ value: {{ .Values.nextcloud.update | quote }}
+ {{- end }}
+ - name: NEXTCLOUD_DATA_DIR
+ value: {{ .Values.nextcloud.datadir | quote }}
+ {{- if .Values.nextcloud.mail.enabled }}
+ - name: MAIL_FROM_ADDRESS
+ value: {{ .Values.nextcloud.mail.fromAddress | quote }}
+ - name: MAIL_DOMAIN
+ value: {{ .Values.nextcloud.mail.domain | quote }}
+ - name: SMTP_HOST
+ value: {{ .Values.nextcloud.mail.smtp.host | quote }}
+ - name: SMTP_SECURE
+ value: {{ .Values.nextcloud.mail.smtp.secure | quote }}
+ - name: SMTP_PORT
+ value: {{ .Values.nextcloud.mail.smtp.port | quote }}
+ - name: SMTP_AUTHTYPE
+ value: {{ .Values.nextcloud.mail.smtp.authtype | quote }}
+ - name: SMTP_NAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.smtpUsernameKey | default "smtp-username" }}
+ - name: SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey | default "smtp-password" }}
+ {{- end }}
+ {{- if .Values.redis.enabled }}
+ - name: REDIS_HOST
+ value: {{ template "nextcloud.redis.fullname" . }}-master
+ - name: REDIS_HOST_PORT
+ value: {{ .Values.redis.master.service.ports.redis | quote }}
+ {{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }}
+ - name: REDIS_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.redis.auth.existingSecret }}
+ key: {{ .Values.redis.auth.existingSecretPasswordKey }}
+ {{- else }}
+ - name: REDIS_HOST_PASSWORD
+ value: {{ .Values.redis.auth.password }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.nextcloud.extraEnv }}
+{{ toYaml .Values.nextcloud.extraEnv | indent 8 }}
+ {{- end }}
+ {{- if not .Values.nginx.enabled }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.nextcloud.containerPort | default "80" }}
+ protocol: TCP
+ {{- end }}
+ {{- if and .Values.livenessProbe.enabled (not .Values.nginx.enabled) }}
+ livenessProbe:
+ httpGet:
+ path: /status.php
+ port: http
+ httpHeaders:
+ - name: Host
+ value: {{ .Values.nextcloud.host | quote }}
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ {{- end }}
+ {{- if and .Values.readinessProbe.enabled (not .Values.nginx.enabled) }}
+ readinessProbe:
+ httpGet:
+ path: /status.php
+ port: http
+ httpHeaders:
+ - name: Host
+ value: {{ .Values.nextcloud.host | quote }}
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ {{- end }}
+ {{- if and .Values.startupProbe.enabled (not .Values.nginx.enabled) }}
+ startupProbe:
+ httpGet:
+ path: /status.php
+ port: http
+ httpHeaders:
+ - name: Host
+ value: {{ .Values.nextcloud.host | quote }}
+ initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.startupProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.startupProbe.successThreshold }}
+ failureThreshold: {{ .Values.startupProbe.failureThreshold }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ volumeMounts:
+ - name: nextcloud-main
+ mountPath: /var/www/
+ subPath: {{ ternary "root" (printf "%s/%s" .Values.nextcloud.persistence.subPath "root") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html
+ subPath: {{ ternary "html" (printf "%s/%s" .Values.nextcloud.persistence.subPath "html") (empty .Values.nextcloud.persistence.subPath) }}
+ {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }}
+ - name: nextcloud-data
+ mountPath: {{ .Values.nextcloud.datadir }}
+ subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.nextcloudData.subPath "data") (empty .Values.persistence.nextcloudData.subPath) }}
+ {{- else }}
+ - name: nextcloud-main
+ mountPath: {{ .Values.nextcloud.datadir }}
+ subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }}
+ {{- end }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/config
+ subPath: {{ ternary "config" (printf "%s/%s" .Values.nextcloud.persistence.subPath "config") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/custom_apps
+ subPath: {{ ternary "custom_apps" (printf "%s/%s" .Values.nextcloud.persistence.subPath "custom_apps") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/tmp
+ subPath: {{ ternary "tmp" (printf "%s/%s" .Values.nextcloud.persistence.subPath "tmp") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/themes
+ subPath: {{ ternary "themes" (printf "%s/%s" .Values.nextcloud.persistence.subPath "themes") (empty .Values.nextcloud.persistence.subPath) }}
+ {{- range $key, $value := .Values.nextcloud.configs }}
+ - name: nextcloud-config
+ mountPath: /var/www/html/config/{{ $key }}
+ subPath: {{ $key }}
+ {{- end }}
+ {{- if .Values.nextcloud.configs }}
+ {{- range $key, $value := .Values.nextcloud.defaultConfigs }}
+ {{- if $value }}
+ - name: nextcloud-config
+ mountPath: /var/www/html/config/{{ $key }}
+ subPath: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- $nginxEnabled := .Values.nginx.enabled -}}
+ {{- range $key, $value := .Values.nextcloud.phpConfigs }}
+ - name: nextcloud-phpconfig
+ mountPath: {{ $nginxEnabled | ternary (printf "/usr/local/etc/php-fpm.d/%s" $key | quote) (printf "/usr/local/etc/php/conf.d/%s" $key | quote) }}
+ subPath: {{ $key }}
+ {{- end }}
+ {{- if .Values.nextcloud.extraVolumeMounts }}
+{{ toYaml .Values.nextcloud.extraVolumeMounts | indent 8 }}
+ {{- end }}
+ {{- if .Values.nginx.enabled }}
+ - name: {{ .Chart.Name }}-nginx
+ image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
+ imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.nextcloud.containerPort | default "80" }}
+ protocol: TCP
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /status.php
+ port: http
+ httpHeaders:
+ - name: Host
+ value: {{ .Values.nextcloud.host | quote }}
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /status.php
+ port: http
+ httpHeaders:
+ - name: Host
+ value: {{ .Values.nextcloud.host | quote }}
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ {{- end }}
+
+ resources:
+{{ toYaml .Values.nginx.resources | indent 10 }}
+ volumeMounts:
+ - name: nextcloud-main
+ mountPath: /var/www/
+ subPath: {{ ternary "root" (printf "%s/%s" .Values.nextcloud.persistence.subPath "root") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html
+ subPath: {{ ternary "html" (printf "%s/%s" .Values.nextcloud.persistence.subPath "html") (empty .Values.nextcloud.persistence.subPath) }}
+ {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }}
+ - name: nextcloud-data
+ mountPath: {{ .Values.nextcloud.datadir }}
+ subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.nextcloudData.subPath "data") (empty .Values.persistence.nextcloudData.subPath) }}
+ {{- else }}
+ - name: nextcloud-main
+ mountPath: {{ .Values.nextcloud.datadir }}
+ subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }}
+ {{- end }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/config
+ subPath: {{ ternary "config" (printf "%s/%s" .Values.nextcloud.persistence.subPath "config") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/custom_apps
+ subPath: {{ ternary "custom_apps" (printf "%s/%s" .Values.nextcloud.persistence.subPath "custom_apps") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/tmp
+ subPath: {{ ternary "tmp" (printf "%s/%s" .Values.nextcloud.persistence.subPath "tmp") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-main
+ mountPath: /var/www/html/themes
+ subPath: {{ ternary "themes" (printf "%s/%s" .Values.nextcloud.persistence.subPath "themes") (empty .Values.nextcloud.persistence.subPath) }}
+ - name: nextcloud-nginx-config
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.nextcloud.extraInitContainers .Values.mariadb.enabled .Values.postgresql.enabled }}
+ initContainers:
+ {{- if .Values.nextcloud.extraInitContainers }}
+ {{- toYaml .Values.nextcloud.extraInitContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.mariadb.enabled }}
+ - name: mariadb-isalive
+ image: {{ .Values.mariadb.image.registry }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
+ env:
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.passwordKey | default "db-password" }}
+ command:
+ - "sh"
+ - "-c"
+ - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }}
+ {{- else if .Values.postgresql.enabled }}
+ - name: postgresql-isready
+ image: {{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
+ env:
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-%s" .Release.Name "db") }}
+ key: {{ .Values.externalDatabase.existingSecret.usernameKey | default "db-username" }}
+ command:
+ - "sh"
+ - "-c"
+ - {{ printf "until pg_isready -h %s-postgresql -U ${POSTGRES_USER} ; do sleep 2 ; done" .Release.Name }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: nextcloud-main
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud{{- end }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }}
+ - name: nextcloud-data
+ persistentVolumeClaim:
+ claimName: {{ if .Values.persistence.nextcloudData.existingClaim }}{{ .Values.persistence.nextcloudData.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud-data{{- end }}
+ {{- end }}
+ {{- if .Values.nextcloud.configs }}
+ - name: nextcloud-config
+ configMap:
+ name: {{ template "nextcloud.fullname" . }}-config
+ {{- end }}
+ {{- if .Values.nextcloud.phpConfigs }}
+ - name: nextcloud-phpconfig
+ configMap:
+ name: {{ template "nextcloud.fullname" . }}-phpconfig
+ {{- end }}
+ {{- if .Values.nginx.enabled }}
+ - name: nextcloud-nginx-config
+ configMap:
+ name: {{ template "nextcloud.fullname" . }}-nginxconfig
+ {{- end }}
+ {{- if .Values.nextcloud.extraVolumes }}
+{{ toYaml .Values.nextcloud.extraVolumes | indent 6 }}
+ {{- end }}
+ {{- if .Values.nginx.enabled }}
+ # Will mount configuration files as www-data (id: 82) for nextcloud
+ securityContext:
+ fsGroup: 82
+ {{- if .Values.securityContext }}
+ {{- with .Values.securityContext }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- else }}
+ # Will mount configuration files as www-data (id: 33) for nextcloud
+ securityContext:
+ fsGroup: 33
+ {{- if .Values.securityContext }}
+ {{- with .Values.securityContext }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.rbac.enabled }}
+ serviceAccountName: {{ .Values.rbac.serviceaccount.name }}
+ {{- end }}
diff --git a/charts/nextcloud/templates/hpa.yaml b/charts/nextcloud/templates/hpa.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..52a30043a5ca13a53ac78b979a152bd451507248
--- /dev/null
+++ b/charts/nextcloud/templates/hpa.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.hpa.enabled -}}
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ template "nextcloud.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: app
+spec:
+ scaleTargetRef:
+ kind: Deployment
+ apiVersion: apps/v1
+ name: {{ template "nextcloud.fullname" . }}
+ minReplicas: {{ .Values.hpa.minPods }}
+ maxReplicas: {{ .Values.hpa.maxPods }}
+ targetCPUUtilizationPercentage: {{ .Values.hpa.cputhreshold }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/nextcloud/templates/ingress.yaml b/charts/nextcloud/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9f93c2e830b98ad6a7f0e75bf2a7b694645991b0
--- /dev/null
+++ b/charts/nextcloud/templates/ingress.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: {{ include "nextcloud.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ template "nextcloud.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: app
+{{- if .Values.ingress.labels }}
+{{ toYaml .Values.ingress.labels | indent 4 }}
+{{- end }}
+{{- if .Values.ingress.annotations }}
+ annotations:
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+{{- end }}
+spec:
+ {{- if .Values.ingress.className }}
+ ingressClassName: {{ .Values.ingress.className }}
+ {{- end }}
+ rules:
+ - host: {{ .Values.nextcloud.host }}
+ http:
+ paths:
+ - path: {{ .Values.ingress.path }}
+ {{- if eq (include "nextcloud.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ pathType: {{ .Values.ingress.pathType }}
+ {{- end }}
+ backend:
+ {{- if eq (include "nextcloud.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ service:
+ name: {{ template "nextcloud.fullname" . }}
+ port:
+ number: {{ .Values.service.port }}
+ {{- else }}
+ serviceName: {{ template "nextcloud.fullname" . }}
+ servicePort: {{ .Values.service.port }}
+ {{- end }}
+{{- if .Values.ingress.tls }}
+ tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+{{- end -}}
+{{- end }}
diff --git a/charts/nextcloud/templates/metrics-deployment.yaml b/charts/nextcloud/templates/metrics-deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d5fab9b4cd80170156e091565c12d9e3e5794b9c
--- /dev/null
+++ b/charts/nextcloud/templates/metrics-deployment.yaml
@@ -0,0 +1,66 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-metrics
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: metrics
+spec:
+ replicas: {{ .Values.metrics.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: metrics
+ template:
+ metadata:
+ annotations: {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.metrics.podLabels }}
+{{ toYaml .Values.metrics.podLabels | indent 8 }}
+ {{- end }}
+ spec:
+ containers:
+ - name: metrics-exporter
+ image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}"
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy }}
+ env:
+ {{- if .Values.metrics.token }}
+ - name: NEXTCLOUD_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.tokenKey | default "nextcloud-token" }}
+ {{- else }}
+ - name: NEXTCLOUD_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.usernameKey | default "nextcloud-username" }}
+ - name: NEXTCLOUD_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }}
+ key: {{ .Values.nextcloud.existingSecret.passwordKey | default "nextcloud-password" }}
+ {{- end }}
+ - name: NEXTCLOUD_SERVER
+ value: http{{ if .Values.metrics.https }}s{{ end }}://{{ .Values.nextcloud.host }}
+ - name: NEXTCLOUD_TIMEOUT
+ value: {{ .Values.metrics.timeout }}
+ ports:
+ - name: metrics
+ containerPort: 9205
+ {{- if .Values.metrics.resources }}
+ resources: {{- toYaml .Values.metrics.resources | nindent 10 }}
+ {{- end }}
+ securityContext:
+ runAsUser: 1000
+ runAsNonRoot: true
+{{- end }}
diff --git a/charts/nextcloud/templates/metrics-service.yaml b/charts/nextcloud/templates/metrics-service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1d2874518ae3a2c17c8a68293c3501a9526d2f79
--- /dev/null
+++ b/charts/nextcloud/templates/metrics-service.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-metrics
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.metrics.service.labels -}}
+ {{ toYaml .Values.metrics.service.labels | nindent 4 }}
+ {{- end -}}
+ {{- if .Values.metrics.service.annotations }}
+ annotations: {{ toYaml .Values.metrics.service.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.metrics.service.type }}
+ {{ if eq .Values.metrics.service.type "LoadBalancer" -}} {{ if .Values.metrics.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
+ {{ end -}}
+ {{- end -}}
+ ports:
+ - name: metrics
+ port: 9205
+ targetPort: metrics
+ selector:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: metrics
+{{- end }}
diff --git a/charts/nextcloud/templates/metrics-servicemonitor.yaml b/charts/nextcloud/templates/metrics-servicemonitor.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ba55c38ca096e1f5b670c899af90439e0b3b09d0
--- /dev/null
+++ b/charts/nextcloud/templates/metrics-servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "nextcloud.fullname" . }}
+ {{- if .Values.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.metrics.serviceMonitor.namespace | quote }}
+ {{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.metrics.serviceMonitor.labels -}}
+ {{ toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }}
+ {{- end }}
+spec:
+ jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: metrics
+ endpoints:
+ - port: metrics
+ path: "/"
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/nextcloud-data-pvc.yaml b/charts/nextcloud/templates/nextcloud-data-pvc.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7c2febc30baee0dd18940da15fef5f9b00fa5e55
--- /dev/null
+++ b/charts/nextcloud/templates/nextcloud-data-pvc.yaml
@@ -0,0 +1,31 @@
+{{- if and .Values.persistence.enabled .Values.persistence.nextcloudData.enabled -}}
+{{- if not .Values.persistence.nextcloudData.existingClaim -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-nextcloud-data
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: app
+{{- if .Values.persistence.nextcloudData.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.nextcloudData.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.nextcloudData.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.nextcloudData.size | quote }}
+{{- if .Values.persistence.nextcloudData.storageClass }}
+{{- if (eq "-" .Values.persistence.nextcloudData.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.nextcloudData.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/nextcloud/templates/nextcloud-pvc.yaml b/charts/nextcloud/templates/nextcloud-pvc.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8c1789afdb3bc4c8e7dfa7e53bd8202eef80ff91
--- /dev/null
+++ b/charts/nextcloud/templates/nextcloud-pvc.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.persistence.enabled -}}
+{{- if not .Values.persistence.existingClaim -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-nextcloud
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: app
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/nextcloud/templates/nginx-config.yaml b/charts/nextcloud/templates/nginx-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0fae957c513537b572d711683042a1e2927e693c
--- /dev/null
+++ b/charts/nextcloud/templates/nginx-config.yaml
@@ -0,0 +1,175 @@
+{{- if .Values.nginx.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-nginxconfig
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+ nginx.conf: |-
+{{- if .Values.nginx.config.default }}
+ worker_processes auto;
+
+ error_log /var/log/nginx/error.log warn;
+ pid /var/run/nginx.pid;
+
+
+ events {
+ worker_connections 1024;
+ }
+
+
+ http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ upstream php-handler {
+ server 127.0.0.1:9000;
+ }
+
+ server {
+ listen 80;
+
+ # HSTS settings
+ # WARNING: Only add the preload option once you read about
+ # the consequences in https://hstspreload.org/. This option
+ # will add the domain to a hardcoded list that is shipped
+ # in all major browsers and getting removed from this list
+ # could take several months.
+ #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+
+ # set max upload size
+ client_max_body_size 10G;
+ fastcgi_buffers 64 4K;
+
+ # Enable gzip but do not remove ETag headers
+ gzip on;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+ # Pagespeed is not supported by Nextcloud, so if your server is built
+ # with the `ngx_pagespeed` module, uncomment this line to disable it.
+ #pagespeed off;
+
+ # HTTP response headers borrowed from Nextcloud `.htaccess`
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Download-Options "noopen" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "none" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+
+ # Remove X-Powered-By, which is an information leak
+ fastcgi_hide_header X-Powered-By;
+
+ # Path to the root of your installation
+ root /var/www/html;
+
+ # Specify how to handle directories -- specifying `/index.php$request_uri`
+ # here as the fallback means that Nginx always exhibits the desired behaviour
+ # when a client requests a path that corresponds to a directory that exists
+ # on the server. In particular, if that directory contains an index.php file,
+ # that file is correctly served; if it doesn't, then the request is passed to
+ # the front-end controller. This consistent behaviour means that we don't need
+ # to specify custom rules for certain paths (e.g. images and other assets,
+ # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
+ # `try_files $uri $uri/ /index.php$request_uri`
+ # always provides the desired behaviour.
+ index index.php index.html /index.php$request_uri;
+
+ # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+ location = / {
+ if ( $http_user_agent ~ ^DavClnt ) {
+ return 302 /remote.php/webdav/$is_args$args;
+ }
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ # Make a regex exception for `/.well-known` so that clients can still
+ # access it despite the existence of the regex rule
+ # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+ # for `/.well-known`.
+ location ^~ /.well-known {
+ # The following 6 rules are borrowed from `.htaccess`
+
+ location = /.well-known/carddav { return 301 /remote.php/dav/; }
+ location = /.well-known/caldav { return 301 /remote.php/dav/; }
+ # Anything else is dynamically handled by Nextcloud
+ location ^~ /.well-known { return 301 /index.php$uri; }
+
+ try_files $uri $uri/ =404;
+ }
+
+ # Rules borrowed from `.htaccess` to hide certain paths from clients
+ location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
+ location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
+
+ # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+ # which handle static assets (as seen below). If this block is not declared first,
+ # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+ # to the URI, resulting in a HTTP 500 error response.
+ location ~ \.php(?:$|/) {
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ set $path_info $fastcgi_path_info;
+
+ try_files $fastcgi_script_name =404;
+
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $path_info;
+ #fastcgi_param HTTPS on;
+
+ fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
+ fastcgi_param front_controller_active true; # Enable pretty urls
+ fastcgi_pass php-handler;
+
+ fastcgi_intercept_errors on;
+ fastcgi_request_buffering off;
+ }
+
+ location ~ \.(?:css|js|svg|gif)$ {
+ try_files $uri /index.php$request_uri;
+ expires 6M; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ location ~ \.woff2?$ {
+ try_files $uri /index.php$request_uri;
+ expires 7d; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ location / {
+ try_files $uri $uri/ /index.php$request_uri;
+ }
+ }
+ }
+{{- else }}
+{{ .Values.nginx.config.custom | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/php-config.yaml b/charts/nextcloud/templates/php-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3ff9e95a9ace99be8e0d2bd77a739ce310efab43
--- /dev/null
+++ b/charts/nextcloud/templates/php-config.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.nextcloud.phpConfigs -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-phpconfig
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+{{- range $key, $value := .Values.nextcloud.phpConfigs }}
+ {{ $key }}: |-
+{{ $value | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/rbac.yaml b/charts/nextcloud/templates/rbac.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6a1c9fab8c2c26e5d57aeedfde94acc261da2878
--- /dev/null
+++ b/charts/nextcloud/templates/rbac.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.rbac.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-privileged
+ namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+ - extensions
+ resourceNames:
+ - privileged
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "nextcloud.fullname" . }}-privileged
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "nextcloud.fullname" . }}-privileged
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.rbac.serviceaccount.name }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/nextcloud/templates/secrets.yaml b/charts/nextcloud/templates/secrets.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..19eb47aad929ce52cd812946b53377eba5b4c2c5
--- /dev/null
+++ b/charts/nextcloud/templates/secrets.yaml
@@ -0,0 +1,28 @@
+{{- if not .Values.nextcloud.existingSecret.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "nextcloud.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+type: Opaque
+data:
+ nextcloud-username: {{ .Values.nextcloud.username | b64enc | quote }}
+ {{- if .Values.nextcloud.password }}
+ nextcloud-password: {{ .Values.nextcloud.password | b64enc | quote }}
+ {{- else }}
+ nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }}
+ {{- end }}
+ {{- if .Values.metrics.token }}
+ nextcloud-token: {{ .Values.metrics.token | b64enc | quote }}
+ {{- else }}
+ nextcloud-token: {{ randAlphaNum 10 | b64enc | quote }}
+ {{- end }}
+ {{- if .Values.nextcloud.mail.enabled }}
+ smtp-username: {{ default "" .Values.nextcloud.mail.smtp.name | b64enc | quote }}
+ smtp-password: {{ default "" .Values.nextcloud.mail.smtp.password | b64enc | quote }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/service.yaml b/charts/nextcloud/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f58e2b3cceb8649b7f610747128f647eb9f8dd40
--- /dev/null
+++ b/charts/nextcloud/templates/service.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "nextcloud.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ helm.sh/chart: {{ include "nextcloud.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/component: app
+spec:
+ type: {{ .Values.service.type }}
+ {{- if eq .Values.service.type "LoadBalancer" }}
+ loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ {{- if eq .Values.service.type "NodePort" }}
+ nodePort: {{ default "" .Values.service.nodePort}}
+ {{- end }}
+ selector:
+ app.kubernetes.io/name: {{ include "nextcloud.name" . }}
+ app.kubernetes.io/component: app
diff --git a/charts/nextcloud/templates/serviceaccount.yaml b/charts/nextcloud/templates/serviceaccount.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ea8c0521ffbf1a289531b8bee7dce86a0945c913
--- /dev/null
+++ b/charts/nextcloud/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+{{- if and .Values.rbac.enabled .Values.rbac.serviceaccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.rbac.serviceaccount.name }}
+ {{- if .Values.rbac.serviceaccount.annotations }}
+ annotations:
+ {{- toYaml .Values.rbac.serviceaccount.annotations | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c36d566070a5d4fe167b0bf7fac5f6f8d98a927a
--- /dev/null
+++ b/charts/nextcloud/values.yaml
@@ -0,0 +1,501 @@
+## Official nextcloud image version
+## ref: https://hub.docker.com/r/library/nextcloud/tags/
+##
+image:
+ repository: docker.io/library/nextcloud
+ # tag: 24.0.3-apache
+ pullPolicy: IfNotPresent
+ # pullSecrets:
+ # - myRegistrKeySecretName
+
+nameOverride: ""
+fullnameOverride: ""
+podAnnotations: {}
+deploymentAnnotations: {}
+
+# Number of replicas to be deployed
+replicaCount: 1
+
+## Allowing use of ingress controllers
+## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
+##
+ingress:
+ enabled: false
+ # className: nginx
+ annotations: {}
+ # nginx.ingress.kubernetes.io/proxy-body-size: 4G
+ # kubernetes.io/tls-acme: "true"
+ # cert-manager.io/cluster-issuer: letsencrypt-prod
+ # nginx.ingress.kubernetes.io/server-snippet: |-
+ # server_tokens off;
+ # proxy_hide_header X-Powered-By;
+
+ # rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+ # rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+ # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
+ # location = /.well-known/carddav {
+ # return 301 $scheme://$host/remote.php/dav;
+ # }
+ # location = /.well-known/caldav {
+ # return 301 $scheme://$host/remote.php/dav;
+ # }
+ # location = /robots.txt {
+ # allow all;
+ # log_not_found off;
+ # access_log off;
+ # }
+ # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+ # deny all;
+ # }
+ # location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
+ # deny all;
+ # }
+ # tls:
+ # - secretName: nextcloud-tls
+ # hosts:
+ # - nextcloud.kube.home
+ labels: {}
+ path: /
+ pathType: Prefix
+
+
+# Allow configuration of lifecycle hooks
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
+lifecycle: {}
+ # postStartCommand: []
+ # preStopCommand: []
+
+phpClientHttpsFix:
+ enabled: false
+ protocol: https
+
+nextcloud:
+ host: nextcloud.kube.home
+ username: admin
+ password: changeme
+ ## Use an existing secret
+ existingSecret:
+ enabled: false
+ # secretName: nameofsecret
+ # usernameKey: username
+ # passwordKey: password
+ # tokenKey: serverinfo_token
+ # smtpUsernameKey: smtp_username
+ # smtpPasswordKey: smtp_password
+ update: 0
+ # If web server is not binding default port, you can define it
+ # containerPort: 8080
+ datadir: /var/www/html/data
+ persistence:
+ subPath:
+ mail:
+ enabled: false
+ fromAddress: user
+ domain: domain.com
+ smtp:
+ host: domain.com
+ secure: ssl
+ port: 465
+ authtype: LOGIN
+ name: user
+ password: pass
+ # PHP Configuration files
+ # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
+ phpConfigs: {}
+ # Default config files
+ # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
+ # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
+ defaultConfigs:
+ # To protect /var/www/html/config
+ .htaccess: true
+ # Redis default configuration
+ redis.config.php: true
+ # Apache configuration for rewrite urls
+ apache-pretty-urls.config.php: true
+ # Define APCu as local cache
+ apcu.config.php: true
+ # Apps directory configs
+ apps.config.php: true
+ # Used for auto configure database
+ autoconfig.php: true
+ # SMTP default configuration
+ smtp.config.php: true
+ # Extra config files created in /var/www/html/config/
+ # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
+ configs: {}
+
+ # For example, to use S3 as primary storage
+ # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
+ #
+ # configs:
+ # s3.config.php: |-
+ # <?php
+ # $CONFIG = array (
+ # 'objectstore' => array(
+ # 'class' => '\\OC\\Files\\ObjectStore\\S3',
+ # 'arguments' => array(
+ # 'bucket' => 'my-bucket',
+ # 'autocreate' => true,
+ # 'key' => 'xxx',
+ # 'secret' => 'xxx',
+ # 'region' => 'us-east-1',
+ # 'use_ssl' => true
+ # )
+ # )
+ # );
+
+ ## Strategy used to replace old pods
+ ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+ strategy:
+ type: Recreate
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: 1
+ # maxUnavailable: 0
+
+ ##
+ ## Extra environment variables
+ extraEnv:
+ # - name: SOME_SECRET_ENV
+ # valueFrom:
+ # secretKeyRef:
+ # name: nextcloud
+ # key: secret_key
+
+ # Extra init containers that runs before pods start.
+ extraInitContainers: []
+ # - name: do-something
+ # image: busybox
+ # command: ['do', 'something']
+
+ # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
+ # to NextCloud pods in Kubernetes. This can then be configured in External Storage
+ extraVolumes:
+ # - name: nfs
+ # nfs:
+ # server: "10.0.0.1"
+ # path: "/nextcloud_data"
+ # readOnly: false
+ extraVolumeMounts:
+ # - name: nfs
+ # mountPath: "/legacy_data"
+
+ # Extra secuurityContext parameters. For example you may need to define runAsNonRoot directive
+ # extraSecurityContext:
+ # runAsUser: "33"
+ # runAsGroup: "33"
+ # runAsNonRoot: true
+ # readOnlyRootFilesystem: true
+
+nginx:
+ ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
+ enabled: false
+ image:
+ repository: nginx
+ tag: alpine
+ pullPolicy: IfNotPresent
+
+ config:
+ # This generates the default nginx config as per the nextcloud documentation
+ default: true
+ # custom: |-
+ # worker_processes 1;..
+
+ resources: {}
+
+internalDatabase:
+ enabled: true
+ name: nextcloud
+
+##
+## External database configuration
+##
+externalDatabase:
+ enabled: false
+
+ ## Supported database engines: mysql or postgresql
+ type: mysql
+
+ ## Database host
+ host:
+
+ ## Database user
+ user: nextcloud
+
+ ## Database password
+ password:
+
+ ## Database name
+ database: nextcloud
+
+ ## Use a existing secret
+ existingSecret:
+ enabled: false
+ # secretName: nameofsecret
+ # usernameKey: username
+ # passwordKey: password
+
+##
+## MariaDB chart configuration
+##
+mariadb:
+ ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
+ enabled: false
+
+ auth:
+ database: nextcloud
+ username: nextcloud
+ password: changeme
+
+ architecture: standalone
+
+ ## Enable persistence using Persistent Volume Claims
+ ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ ##
+ primary:
+ persistence:
+ enabled: false
+ # storageClass: ""
+ accessMode: ReadWriteOnce
+ size: 8Gi
+
+##
+## PostgreSQL chart configuration
+## for more options see https://github.com/bitnami/charts/tree/master/bitnami/postgresql
+##
+postgresql:
+ enabled: false
+ global:
+ postgresql:
+ auth:
+ username: nextcloud
+ password: changeme
+ database: nextcloud
+ primary:
+ persistence:
+ enabled: false
+ # storageClass: ""
+
+##
+## Redis chart configuration
+## for more options see https://github.com/bitnami/charts/tree/master/bitnami/redis
+##
+
+redis:
+ enabled: false
+ auth:
+ enabled: true
+ password: 'changeme'
+
+## Cronjob to execute Nextcloud background tasks
+## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#webcron
+##
+cronjob:
+ enabled: false
+ # Nexcloud image is used as default but only curl is needed
+ image: {}
+ # repository: nextcloud
+ # tag: 16.0.3-apache
+ # pullPolicy: IfNotPresent
+ # pullSecrets:
+ # - myRegistrKeySecretName
+ # Every 5 minutes
+ # Note: Setting this to any any other value than 5 minutes might
+ # cause issues with how nextcloud background jobs are executed
+ schedule: "*/5 * * * *"
+ annotations: {}
+ failedJobsHistoryLimit: 5
+ successfulJobsHistoryLimit: 2
+ # If not set, nextcloud deployment one will be set
+ # resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ # If not set, nextcloud deployment one will be set
+ # nodeSelector: {}
+
+ # If not set, nextcloud deployment one will be set
+ # tolerations: []
+
+ # If not set, nextcloud deployment one will be set
+ # affinity: {}
+
+service:
+ type: ClusterIP
+ port: 8080
+ loadBalancerIP: nil
+ nodePort: nil
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ # Nextcloud Data (/var/www/html)
+ enabled: false
+ annotations: {}
+ ## nextcloud data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+
+ accessMode: ReadWriteOnce
+ size: 8Gi
+
+ ## Use an additional pvc for the data directory rather than a subpath of the default PVC
+ ## Useful to store data on a different storageClass (e.g. on slower disks)
+ nextcloudData:
+ enabled: false
+ subPath:
+ annotations: {}
+ # storageClass: "-"
+ # existingClaim:
+ accessMode: ReadWriteOnce
+ size: 8Gi
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+## Liveness and readiness probe values
+## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+startupProbe:
+ enabled: false
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 30
+ successThreshold: 1
+
+
+## Enable pod autoscaling using HorizontalPodAutoscaler
+## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+##
+hpa:
+ enabled: false
+ cputhreshold: 60
+ minPods: 1
+ maxPods: 10
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+
+## Prometheus Exporter / Metrics
+##
+metrics:
+ enabled: false
+
+ replicaCount: 1
+ # The metrics exporter needs to know how you serve Nextcloud either http or https
+ https: false
+ # Use API token if set, otherwise fall back to password authentication
+ # https://github.com/xperimental/nextcloud-exporter#token-authentication
+ # Currently you still need to set the token manually in your nextcloud install
+ token: ""
+ timeout: 5s
+
+ image:
+ repository: xperimental/nextcloud-exporter
+ tag: 0.5.1
+ pullPolicy: IfNotPresent
+
+ ## Metrics exporter resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ # resources: {}
+
+ ## Metrics exporter pod Annotation and Labels
+ # podAnnotations: {}
+
+ # podLabels: {}
+
+ service:
+ type: ClusterIP
+ ## Use serviceLoadBalancerIP to request a specific static IP,
+ ## otherwise leave blank
+ # loadBalancerIP:
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9205"
+ labels: {}
+
+ ## Prometheus Operator ServiceMonitor configuration
+ ##
+ serviceMonitor:
+ ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
+ ##
+ enabled: false
+
+ ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
+ ##
+ namespace: ""
+
+ ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
+ ##
+ jobLabel: ""
+
+ ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ interval: 30s
+
+ ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ scrapeTimeout: ""
+
+ ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
+ ##
+ labels: {}
+
+
+rbac:
+ enabled: false
+ serviceaccount:
+ create: true
+ name: nextcloud-serviceaccount
+ annotations: {}