Skip to content
Snippets Groups Projects
Verified Commit fd70213d authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(nextcloud): Upgrade to 27.0.2

parent 09dd8a57
Branches
Tags
No related merge requests found
Pipeline #18171 passed
Stage: lint
Stage: build
Show whitespace changes
Inline Side-by-side
charts/nextcloud/Chart.yaml
+ 2
2
View file @ fd70213d
apiVersion: v2 apiVersion: v2
name: nextcloud name: nextcloud
version: 3.3.2 version: 3.4.0
# renovate: image=docker.io/library/nextcloud # renovate: image=docker.io/library/nextcloud
appVersion: "26.0.5" appVersion: "27.0.2"
description: A file sharing server that puts the control and security of your own data back into your hands. description: A file sharing server that puts the control and security of your own data back into your hands.
keywords: keywords:
- nextcloud - nextcloud
......
charts/nextcloud/README.md.gotmpl 0 → 100644
+ 357
0
View file @ fd70213d
{{ template "chart.header" . }}
{{ template "chart.description" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
## TL;DR;
```console
helm repo add nextcloud https://nextcloud.github.io/helm/
helm install my-release nextcloud/nextcloud
```
## Introduction
This chart bootstraps an [nextcloud](https://hub.docker.com/_/nextcloud/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the nextcloud application.
## Prerequisites
- Kubernetes 1.9+ with Beta APIs enabled
- PV provisioner support in the underlying infrastructure
- Helm >=3.7.0 ([for subchart scope exposing](nextcloud/helm#152))
{{ template "chart.requirementsSection" . }}
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm repo add nextcloud https://nextcloud.github.io/helm/
helm install my-release nextcloud/nextcloud
```
The command deploys nextcloud on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
{{ template "chart.valuesSection" . }}
| Parameter | Description | Default |
| ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------- |
| `image.repository` | nextcloud Image name | `nextcloud` |
| `image.flavor` | nextcloud Image type | `apache` |
| `image.tag` | nextcloud Image tag | `{VERSION}` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `nil` |
| `ingress.className` | Name of the ingress class to use | `nil` |
| `ingress.enabled` | Enable use of ingress controllers | `false` |
| `ingress.servicePort` | Ingress' backend servicePort | `http` |
| `ingress.annotations` | An array of service annotations | `nil` |
| `ingress.labels` | An array of service labels | `nil` |
| `ingress.path` | The `Path` to use in Ingress' `paths` | `/` |
| `ingress.pathType` | The `PathType` to use in Ingress' `paths` | `Prefix` |
| `ingress.tls` | Ingress TLS configuration | `[]` |
| `nextcloud.host` | nextcloud host to create application URLs | `nextcloud.kube.home` |
| `nextcloud.username` | User of the application | `admin` |
| `nextcloud.password` | Application password | `changeme` |
| `nextcloud.existingSecret.enabled` | Whether to use an existing secret or not | `false` |
| `nextcloud.existingSecret.secretName` | Name of the existing secret | `nil` |
| `nextcloud.existingSecret.usernameKey` | Name of the key that contains the username | `nil` |
| `nextcloud.existingSecret.passwordKey` | Name of the key that contains the password | `nil` |
| `nextcloud.existingSecret.smtpUsernameKey` | Name of the key that contains the SMTP username | `nil` |
| `nextcloud.existingSecret.smtpPasswordKey` | Name of the key that contains the SMTP password | `nil` |
| `nextcloud.update` | Trigger update if custom command is used | `0` |
| `nextcloud.containerPort` | Customize container port when not running as root | `80` |
| `nextcloud.datadir` | nextcloud data dir location | `/var/www/html/data` |
| `nextcloud.mail.enabled` | Whether to enable/disable email settings | `false` |
| `nextcloud.mail.fromAddress` | nextcloud mail send from field | `nil` |
| `nextcloud.mail.domain` | nextcloud mail domain | `nil` |
| `nextcloud.mail.smtp.host` | SMTP hostname | `nil` |
| `nextcloud.mail.smtp.secure` | SMTP connection `ssl` or empty | `''` |
| `nextcloud.mail.smtp.port` | Optional SMTP port | `nil` |
| `nextcloud.mail.smtp.authtype` | SMTP authentication method | `LOGIN` |
| `nextcloud.mail.smtp.name` | SMTP username | `''` |
| `nextcloud.mail.smtp.password` | SMTP password | `''` |
| `nextcloud.configs` | Config files created in `/var/www/html/config` | `{}` |
| `nextcloud.persistence.subPath` | Set the subPath for nextcloud to use in volume | `nil` |
| `nextcloud.phpConfigs` | PHP Config files created in `/usr/local/etc/php/conf.d` | `{}` |
| `nextcloud.defaultConfigs.\.htaccess` | Default .htaccess to protect `/var/www/html/config` | `true` |
| `nextcloud.defaultConfigs.redis\.config\.php` | Default Redis configuration | `true` |
| `nextcloud.defaultConfigs.apache-pretty-urls\.config\.php` | Default Apache configuration for rewrite urls | `true` |
| `nextcloud.defaultConfigs.apcu\.config\.php` | Default configuration to define APCu as local cache | `true` |
| `nextcloud.defaultConfigs.apps\.config\.php` | Default configuration for apps | `true` |
| `nextcloud.defaultConfigs.autoconfig\.php` | Default auto-configuration for databases | `true` |
| `nextcloud.defaultConfigs.smtp\.config\.php` | Default configuration for smtp | `true` |
| `nextcloud.strategy` | specifies the strategy used to replace old Pods by new ones | `type: Recreate` |
| `nextcloud.extraEnv` | specify additional environment variables | `{}` |
| `nextcloud.extraInitContainers` | specify additional init containers | `[]` |
| `nextcloud.extraVolumes` | specify additional volumes for the NextCloud pod | `{}` |
| `nextcloud.extraVolumeMounts` | specify additional volume mounts for the NextCloud pod | `{}` |
| `nginx.enabled` | Enable nginx (requires you use php-fpm image) | `false` |
| `nginx.image.repository` | nginx Image name | `nginx` |
| `nginx.image.tag` | nginx Image tag | `alpine` |
| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` |
| `nginx.config.default` | Whether to use nextclouds recommended nginx config | `true` |
| `nginx.config.custom` | Specify a custom config for nginx | `{}` |
| `nginx.resources` | nginx resources | `{}` |
| `lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` |
| `lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` |
| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` |
| `internalDatabase.database` | Name of the existing database | `nextcloud` |
| `externalDatabase.enabled` | Whether to use external database | `false` |
| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` |
| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` |
| `externalDatabase.database` | Name of the existing database | `nextcloud` |
| `externalDatabase.user` | Existing username in the external db | `nextcloud` |
| `externalDatabase.password` | Password for the above username | `nil` |
| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` |
| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` |
| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` |
| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` |
| `mariadb.enabled` | Whether to use the MariaDB chart | `false` |
| `mariadb.auth.database` | Database name to create | `nextcloud` |
| `mariadb.auth.password` | Password for the database | `changeme` |
| `mariadb.auth.username` | Database user to create | `nextcloud` |
| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` |
| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` |
| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` |
| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` |
| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` |
| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` |
| `redis.enabled` | Whether to install/use redis for locking | `false` |
| `redis.auth.enabled` | Whether to enable password authentication with redis | `true` |
| `redis.auth.password` | The password redis uses | `''` |
| `cronjob.enabled` | Whether to enable/disable cronjob | `false` |
| `cronjob.schedule` | Schedule for the CronJob | `*/15 * * * *` |
| `cronjob.annotations` | Annotations to add to the cronjob | {} |
| `cronjob.curlInsecure` | Set insecure (-k) option to curl | false |
| `cronjob.failedJobsHistoryLimit` | Specify the number of failed Jobs to keep | `5` |
| `cronjob.successfulJobsHistoryLimit` | Specify the number of completed Jobs to keep | `2` |
| `cronjob.resources` | Cronjob Resources | `nil` |
| `cronjob.nodeSelector` | Cronjob Node selector | `nil` |
| `cronjob.tolerations` | Cronjob tolerations | `nil` |
| `cronjob.affinity` | Cronjob affinity | `nil` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `nil` |
| `service.nodePort` | NodePort for service type NodePort | `nil` |
| `persistence.enabled` | Enable persistence using PVC | `false` |
| `persistence.annotations` | PVC annotations | `{}` |
| `persistence.storageClass` | PVC Storage Class for nextcloud volume | `nil` (uses alpha storage class annotation) |
| `persistence.existingClaim` | An Existing PVC name for nextcloud volume | `nil` (uses alpha storage class annotation) |
| `persistence.accessMode` | PVC Access Mode for nextcloud volume | `ReadWriteOnce` |
| `persistence.size` | PVC Storage Request for nextcloud volume | `8Gi` |
| `persistence.nextcloudData.enabled` | Create a second PVC for the data folder in nextcloud | `false` |
| `persistence.nextcloudData.annotations` | see `persistence.annotations` | `{}` |
| `persistence.nextcloudData.storageClass` | see `persistence.storageClass` | `nil` (uses alpha storage class annotation) |
| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim` | `nil` (uses alpha storage class annotation) |
| `persistence.nextcloudData.accessMode` | see `persistence.accessMode` | `ReadWriteOnce` |
| `persistence.nextcloudData.size` | see `persistence.size` | `8Gi` |
| `phpClientHttpsFix.enabled` | Sets OVERWRITEPROTOCOL for https ingress redirect | `false` |
| `phpClientHttpsFix.protocol` | Sets OVERWRITEPROTOCOL for https ingress redirect | `https` |
| `resources` | CPU/Memory resource requests/limits | `{}` |
| `rbac.enabled` | Enable Role and rolebinding for priveledged PSP | `false` |
| `rbac.serviceaccount.create` | Wether to create a serviceaccount or use an existing one (requires rbac) | `true` |
| `rbac.serviceaccount.name` | The name of the sevice account that the deployment will use (requires rbac) | `nextcloud-serviceaccount` |
| `rbac.serviceaccount.annotations` | Serviceaccount annotations | `{}` |
| `livenessProbe.enabled` | Turn on and off liveness probe | `true` |
| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` |
| `livenessProbe.periodSeconds` | How often to perform the probe | `10` |
| `livenessProbe.timeoutSeconds` | When the probe times out | `5` |
| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` |
| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
| `readinessProbe.enabled` | Turn on and off readiness probe | `true` |
| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` |
| `readinessProbe.periodSeconds` | How often to perform the probe | `10` |
| `readinessProbe.timeoutSeconds` | When the probe times out | `5` |
| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` |
| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
| `startupProbe.enabled` | Turn on and off startup probe | `false` |
| `startupProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` |
| `startupProbe.periodSeconds` | How often to perform the probe | `10` |
| `startupProbe.timeoutSeconds` | When the probe times out | `5` |
| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe | `30` |
| `startupProbe.successThreshold` | Minimum consecutive successes for the probe | `1` |
| `hpa.enabled` | Boolean to create a HorizontalPodAutoscaler | `false` |
| `hpa.cputhreshold` | CPU threshold percent for the HorizontalPodAutoscale | `60` |
| `hpa.minPods` | Min. pods for the Nextcloud HorizontalPodAutoscaler | `1` |
| `hpa.maxPods` | Max. pods for the Nextcloud HorizontalPodAutoscaler | `10` |
| `deploymentLabels` | Labels to be added at 'deployment' level | not set |
| `deploymentAnnotations` | Annotations to be added at 'deployment' level | not set |
| `podLabels` | Labels to be added at 'pod' level | not set |
| `podAnnotations` | Annotations to be added at 'pod' level | not set |
| `metrics.enabled` | Start Prometheus metrics exporter | `false` |
| `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) |
| `metrics.token` | Uses token for auth instead of username/password | `""` |
| `metrics.timeout` | When the scrape times out | `5s` |
| `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` |
| `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.5.1` |
| `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` |
| `metrics.podAnnotations` | Additional annotations for metrics exporter | not set |
| `metrics.podLabels` | Additional labels for metrics exporter | not set |
| `metrics.service.type` | Metrics: Kubernetes Service type | `ClusterIP` |
| `metrics.service.loadBalancerIP` | Metrics: LoadBalancerIp for service type LoadBalancer | `nil` |
| `metrics.service.nodePort` | Metrics: NodePort for service type NodePort | `nil` |
| `metrics.service.annotations` | Additional annotations for service metrics exporter | `{prometheus.io/scrape: "true", prometheus.io/port: "9205"}` |
| `metrics.service.labels` | Additional labels for service metrics exporter | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus | `` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{} |
> **Note**:
>
> For nextcloud to function correctly, you should specify the `nextcloud.host` parameter to specify the FQDN (recommended) or the public IP address of the nextcloud service.
>
> Optionally, you can specify the `service.loadBalancerIP` parameter to assign a reserved IP address to the nextcloud service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE).
>
> To reserve a public IP address on GKE:
>
> ```bash
> gcloud compute addresses create nextcloud-public-ip
> ```
>
> The reserved IP address can be associated to the nextcloud service by specifying it as the value of the `service.loadBalancerIP` parameter while installing the chart.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install --name my-release \
--set nextcloud.username=admin,nextcloud.password=password,mariadb.auth.rootPassword=secretpassword \
nextcloud/nextcloud
```
The above command sets the nextcloud administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install --name my-release -f values.yaml nextcloud/nextcloud
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Persistence
The [Nextcloud](https://hub.docker.com/_/nextcloud/) image stores the nextcloud data and configurations at the `/var/www/html` paths of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Configuration](#configuration) section to enable persistence and configuration of the PVC.
## Cronjob
This chart can utilize Kubernetes `CronJob` resource to execute [background tasks](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html).
To use this functionality, set `cronjob.enabled` parameter to `true` and switch background mode to Webcron in your nextcloud settings page.
See the [Configuration](#configuration) section for further configuration of the cronjob resource.
> **Note**: For the cronjobs to work correctly, ingress must be also enabled (set `ingress.enabled` to `true`) and `nextcloud.host` has to be publicly resolvable.
## Multiple config.php file
Nextcloud supports loading configuration parameters from multiple files.
You can add arbitrary files ending with `.config.php` in the `config/` directory.
See [documentation](https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file).
For example, following config will configure Nextcloud with [S3 as primary storage](https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3) by creating file `/var/www/html/config/s3.config.php`:
```yaml
nextcloud:
configs:
s3.config.php: |-
<?php
$CONFIG = array (
'objectstore' => array(
'class' => '\\OC\\Files\\ObjectStore\\S3',
'arguments' => array(
'bucket' => 'my-bucket',
'autocreate' => true,
'key' => 'xxx',
'secret' => 'xxx',
'region' => 'us-east-1',
'use_ssl' => true
)
)
);
```
## Preserving Source IP
- Make sure your loadbalancer preserves source IP, for bare metal, `metalb` does and `klipper-lb` doesn't.
- Make sure your Ingress preserves source IP. If you use `ingress-nginx`, add the following annotations:
```yaml
ingress:
annotations:
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
```
- The next layer is nextcloud pod's nginx if you use `nextcloud-fpm`, this can be left at default
- Add some PHP config for nextcloud as mentioned above in multiple `config.php`s section:
```php
configs:
proxy.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);
```
## Hugepages
If your node has hugepages enabled, but you do not map any into the container, it could fail to start with a bus error in Apache. This is due
to Apache attempting to memory map a file and use hugepages. The fix is to either disable huge pages on the node or map hugepages into the container:
```yaml
nextcloud:
extraVolumes:
- name: hugepages
emptyDir:
medium: HugePages-2Mi
extraVolumeMounts:
- name: hugepages
mountPath: /dev/hugepages
resources:
requests:
hugepages-2Mi: 500Mi
# note that Kubernetes currently requires cpu or memory requests and limits before hugepages are allowed.
memory: 500Mi
limits:
# limit and request must be the same for hugepages. They are a fixed resource.
hugepages-2Mi: 500Mi
# note that Kubernetes currently requires cpu or memory requests and limits before hugepages are allowed.
memory: 1Gi
```
## HPA (Clustering)
If you want to have multiple Nextcloud containers, regardless of dynamic or static sizes, you need to use shared persistence between the containers.
Minimum cluster compatible persistence settings:
```yaml
persistence:
enabled: true
accessMode: ReadWriteMany
```
{{ template "helm-docs.versionFooter" . }}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment