This commit is contained in:
parent
15ff43a7a5
commit
5e50ee634f
7 changed files with 226 additions and 0 deletions
1
nextcloud/.gitignore
vendored
Normal file
1
nextcloud/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
charts/
|
33
nextcloud/config/values.keydb.yaml
Normal file
33
nextcloud/config/values.keydb.yaml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
|
||||||
|
imageTag: v6.3.3
|
||||||
|
|
||||||
|
nodes: 3
|
||||||
|
podDisruptionBudget:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
persistentVolume:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 250m
|
||||||
|
memory: 256Mi
|
||||||
|
|
||||||
|
exporter:
|
||||||
|
enabled: true
|
||||||
|
imageTag: v1.51.0
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 50Mi
|
||||||
|
limits:
|
||||||
|
cpu: 150m
|
||||||
|
memory: 100Mi
|
||||||
|
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
105
nextcloud/config/values.nextcloud.yaml
Normal file
105
nextcloud/config/values.nextcloud.yaml
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
image:
|
||||||
|
flavor: fpm
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
nextcloud:
|
||||||
|
host: nextcloud.icb4dc0.de
|
||||||
|
existingSecret:
|
||||||
|
enabled: true
|
||||||
|
secretName: nextcloud-secrets
|
||||||
|
usernameKey: root-username
|
||||||
|
passwordKey: root-password
|
||||||
|
defaultConfigs:
|
||||||
|
redis.config.php: false
|
||||||
|
configs:
|
||||||
|
reverse-proxy.config.php: |-
|
||||||
|
<?php
|
||||||
|
$CONFIG = array (
|
||||||
|
"overwrite.cli.url" => "https://nextcloud.icb4dc0.de",
|
||||||
|
"overwriteprotocol" => "https",
|
||||||
|
);
|
||||||
|
logs.config.php: |-
|
||||||
|
<?php
|
||||||
|
$CONFIG = array (
|
||||||
|
"log_type" => "file",
|
||||||
|
"logfile" => "/dev/stdout",
|
||||||
|
"loglevel" => 1,
|
||||||
|
);
|
||||||
|
redis.config.php: |-
|
||||||
|
<?php
|
||||||
|
if (getenv('REDIS_HOST')) {
|
||||||
|
$CONFIG = array (
|
||||||
|
'memcache.distributed' => '\OC\Memcache\Redis',
|
||||||
|
'memcache.locking' => '\OC\Memcache\Redis',
|
||||||
|
'redis' => array(
|
||||||
|
'host' => getenv('REDIS_HOST'),
|
||||||
|
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
extraVolumes:
|
||||||
|
- name: php-confd
|
||||||
|
emptyDir:
|
||||||
|
sizeLimit: 50Mi
|
||||||
|
extraVolumeMounts:
|
||||||
|
- mountPath: /usr/local/etc/php/conf.d/
|
||||||
|
name: php-confd
|
||||||
|
extraInitContainers:
|
||||||
|
- name: php-confd-init
|
||||||
|
image: nextcloud:27.1.2-fpm
|
||||||
|
command:
|
||||||
|
- /bin/bash
|
||||||
|
- -c
|
||||||
|
- --
|
||||||
|
args:
|
||||||
|
- cp -R /usr/local/etc/php/conf.d/* /data/
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /data
|
||||||
|
name: php-confd
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
fsGroup: 1001
|
||||||
|
|
||||||
|
extraEnv:
|
||||||
|
- name: REDIS_HOST
|
||||||
|
value: nextcloud-keydb
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
redis:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
cronjob:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
internalDatabase:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
externalDatabase:
|
||||||
|
enabled: true
|
||||||
|
type: postgresql
|
||||||
|
existingSecret:
|
||||||
|
enabled: true
|
||||||
|
secretName: default-cluster-pguser-nextcloud
|
||||||
|
usernameKey: user
|
||||||
|
passwordKey: password
|
||||||
|
hostKey: host
|
||||||
|
databaseKey: dbname
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
storageClass: hcloud-volumes
|
||||||
|
size: 8Gi
|
||||||
|
nextcloudData:
|
||||||
|
enabled: true
|
||||||
|
storageClass: storage-box
|
||||||
|
accessMode: ReadWriteMany
|
||||||
|
size: 100Gi
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
32
nextcloud/kustomization.yaml
Normal file
32
nextcloud/kustomization.yaml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: nextcloud
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- includeSelectors: false
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/instance: icb4dc0de
|
||||||
|
app.kubernetes.io/managed-by: kustomize
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: keydb
|
||||||
|
repo: https://enapter.github.io/charts/
|
||||||
|
releaseName: nextcloud-keydb
|
||||||
|
namespace: nextcloud
|
||||||
|
version: "0.48.0"
|
||||||
|
valuesFile: config/values.keydb.yaml
|
||||||
|
skipTests: true
|
||||||
|
- name: nextcloud
|
||||||
|
repo: https://nextcloud.github.io/helm/
|
||||||
|
releaseName: nextcloud
|
||||||
|
namespace: nextcloud
|
||||||
|
version: "4.5.10"
|
||||||
|
valuesFile: config/values.nextcloud.yaml
|
||||||
|
skipTests: true
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- "resources/namespace.yaml"
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
7
nextcloud/resources/namespace.yaml
Normal file
7
nextcloud/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: nextcloud
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
37
nextcloud/resources/secrets.enc.yaml
Normal file
37
nextcloud/resources/secrets.enc.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: nextcloud-secrets
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
root-username: ENC[AES256_GCM,data:bvXYQRg=,iv:uoGUcfHnxOpKjSslTLAW3yNglzR3UmVEjRiCxBP7ROE=,tag:blTERWxgF1IDbcPKyKjVow==,type:str]
|
||||||
|
root-password: ENC[AES256_GCM,data:r9TSvn71Ecg/eAsGXWtc6vWsyRnZcu01QQ==,iv:l7Fc7Yz8527EHQvX7dkkNJRfswR/eaqn913t4G+5mn8=,tag:evh5PmuuGhusPQMYxRY5WQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwRkVpUjZxVmF0SmRPdHJZ
|
||||||
|
cGcrWTRuZFhhZGRaSUY5SS9pQnpNUjk3d1dvCldVS2ZOUTlYKzBFcjhibi9qOWRw
|
||||||
|
R3NCRVk0NWVYSFVQTm16L08yaTZEUjQKLS0tIEFablpOME0xNEJDbksxWHZRZXUy
|
||||||
|
YnlhMitYajVtb0hRQ0dPUkU4a2E5SnMKqVV3/2d+p+yu6pV2TqUUIoaj6wulKkci
|
||||||
|
3G6hlQY7WSST04KT2kTYPqzA9cEQIXSktvsVKuYeRvhcHz7lSbYJRQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWFV2OVVkQUtpSTBoaE5D
|
||||||
|
WFh2NllUZnBBMklOODlmVVQvTUVyUVdTazM4CnQzU1JDalhTcUVYKy9BQkFmMzZG
|
||||||
|
TFpGcGlpVE1uRjB6ZkdUeWk5eldGQlUKLS0tIHEwbHAzNFRDMjBRaHVjN0lwTGVV
|
||||||
|
MmpIaTVUcVJ4c1pFSkwyRWhHdStTbVEKm+JhVAwmzuvuAbph5ZAmqw+97YznBmpm
|
||||||
|
fdr2wsqIGJEG6EfWeYEsAHnCbqasxGJafYcJ2F3D1prJ5DE63OFXFg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-12-24T11:00:26Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ntJWpg4t+ZMejPz/J204dPEW7x729yqqKjIeUOXoGHI0CM/GuFXNcPd2trQiaMzOjrVuQDRRPbKtXELxMwHThqttV7cc8b9sIS3ZZn1y/rEv3KJZjEMdnPcSSXDwdjm08IEixAzNHmdojg4mpQVKQveYzbGT80In26MhN+ZS9r8=,iv:naAAJ+tUz5l7I1rli0gbEUWbo0X33WORIxRSYvGjUV0=,tag:eTOwdvYTNEj53oAfRJ8VCA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
11
nextcloud/secret-generator.yaml
Normal file
11
nextcloud/secret-generator.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
# Specify a name
|
||||||
|
name: nextcloud-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- ./resources/secrets.enc.yaml
|
Loading…
Reference in a new issue