Merge branch 'master' into master

Signed-off-by: Francesco Astegiano <[email protected]>

.github/ISSUE_TEMPLATE/enhancement.md

@@ -0,0 +1,25 @@
+---
+name: "Enhancement"
+about: "Suggest an enhancement for this project ✨"
+title: "Feature: A cool new feature..."
+labels: "enhancement"
+assignees: ''
+
+---
+## Description of the change
+
+<!-- Describe the scope of your change - i.e. what the change does. -->
+
+## Benefits
+
+<!-- What benefits will be realized by the code change? -->
+
+## Possible drawbacks
+
+<!-- Describe any known limitations with your change -->
+
+## Additional information
+
+<!-- If there's anything else that's important and relevant to your pull request, mention that information here. -->
+
+<!-- Thanks for submitting an enhancement! Please consider also submitting a pull request for your suggestion :) -->

.github/ISSUE_TEMPLATE/issue.md

@@ -0,0 +1,34 @@
+---
+name: "General Issue"
+about: "Create an issue to report something not working."
+title: "A descriptive title of the issue"
+labels: ''
+assignees: ''
+
+---
+
+## Describe your Issue
+<!-- A clear and concise description of what the issue or bug is -->
+
+### Logs and Errors
+<!-- Give us any errors you're getting -->
+<!-- Let us know where you got the log, e.g. nextcloud container or nginx container -->
+<!-- You can get the pod logs with: `kubectl logs` (remove any sensitive data ahead of time) -->
+
+## Describe your Environment
+
+- Kubernetes distribution: <!-- examples: k3s, k0s, eks, gke -->
+
+- Helm Version (or App that manages helm): <!-- example: Using helm version 3.11, or include data about what is running helm, e.g. ArgoCD version 2.5.8 -->
+
+- Helm Chart Version: <!-- example: 3.4.3 -->
+
+- `values.yaml`:
+
+```yaml
+# paste your values.yaml (anonymize any sensitive data)
+```
+
+## Additional context, if any
+<!-- Also note any additional relevant info about your environment. -->
+<!-- example: If your issue is related to persistent volumes, let us know you're using NFS or EFS, for instance. -->

.github/workflows/lint-test.yaml

@@ -6,6 +6,9 @@ on:
       - 'README.md'
       - 'charts/**/README.md'
       - 'LICENSE'
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/pull_request_template.md'
+      - 'CODE_OF_CONDUCT.md'
 
 jobs:
   lint-test:
@@ -14,7 +17,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
         with:
-          fetch-depth: 0        
+          fetch-depth: 0
 
       - name: Install Helm
         uses: azure/[email protected]

CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+In the Nextcloud community, participants from all over the world come together to create Free Software for a free internet. This is made possible by the support, hard work and enthusiasm of thousands of people, including those who create and use Nextcloud software.
+
+Our code of conduct offers some guidance to ensure Nextcloud participants can cooperate effectively in a positive and inspiring atmosphere, and to explain how together we can strengthen and support each other.
+
+The Code of Conduct is shared by all contributors and users who engage with the Nextcloud team and its community services. It presents a summary of the shared values and “common sense” thinking in our community.
+
+You can find our full code of conduct on our website: https://nextcloud.com/code-of-conduct/
+
+Please, keep our CoC in mind when you contribute! That way, everyone can be a part of our community in a productive, positive, creative and fun way.

README.md

@@ -18,3 +18,17 @@ helm repo update
   ```bash
   helm install my-release nextcloud/nextcloud
   ```
+
+For more information, please checkout the chart level [README.md](./helm/charts/nextcloud/README.md).
+
+### Support and Contribution
+Please also review the official [NextCloud Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/) before contributing.
+
+#### Questions and Discussions
+[GitHub Discussion](https://github.com/nextcloud/helm/discussions)
+
+#### Bugs and other Issues
+If you have a bug to report or a feature to request, you can first search the [GitHub Issues](https://github.com/nextcloud/helm/issues), and  if you can't find what you're looking for, feel free to open an issue.
+
+#### Contributing to the Code
+We're always happy to review a pull request :) Please just be sure to check the pull request template to make sure you fufill all the required checks, most importantly the [DCO](https://probot.github.io/apps/dco/).

charts/nextcloud/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: nextcloud
-version: 3.3.3
-appVersion: 25.0.1
+version: 3.4.6
+appVersion: 25.0.3
 description: A file sharing server that puts the control and security of your own data back into your hands.
 keywords:
   - nextcloud

charts/nextcloud/templates/_helpers.tpl

@@ -248,9 +248,9 @@ Create volume mounts for the nextcloud container as well as the cron sidecar con
   subPath: {{ $key }}
 {{- end }}
 {{- end }}
-{{- if .Values.nextcloud.extraVolumeMounts }}
-{{- toYaml .Values.nextcloud.extraVolumeMounts }}
 {{- end }}
+{{- if .Values.nextcloud.extraVolumeMounts }}
+{{ toYaml .Values.nextcloud.extraVolumeMounts }}
 {{- end }}
 {{- $nginxEnabled := .Values.nginx.enabled -}}
 {{- range $key, $value := .Values.nextcloud.phpConfigs }}

charts/nextcloud/templates/deployment.yaml

@@ -121,10 +121,16 @@ spec:
           successThreshold: {{ .Values.startupProbe.successThreshold }}
           failureThreshold: {{ .Values.startupProbe.failureThreshold }}
         {{- end }}
-        volumeMounts:
-{{- include "nextcloud.volumeMounts" . | trim | nindent 8 }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
+        {{- if .Values.nextcloud.securityContext}}
+        securityContext:
+          {{- with .Values.nextcloud.securityContext }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
+        volumeMounts:
+        {{- include "nextcloud.volumeMounts" . | trim | nindent 8 }}
       {{- if .Values.cronjob.enabled }}
       - name: {{ .Chart.Name }}-cron
         image: {{ include "nextcloud.image" . }}
@@ -150,6 +156,12 @@ spec:
 {{- include "nextcloud.env" . | indent 8 }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
+        {{- if .Values.cronjob.securityContext}}
+        securityContext:
+          {{- with .Values.cronjob.securityContext }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
         volumeMounts:
 {{- include "nextcloud.volumeMounts" . | trim | nindent 8 }}
       {{- end }}
@@ -192,6 +204,12 @@ spec:
 
         resources:
 {{ toYaml .Values.nginx.resources | indent 10 }}
+        {{- if .Values.nginx.securityContext}}
+        securityContext:
+          {{- with .Values.nginx.securityContext }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
         volumeMounts:
         - name: nextcloud-main
           mountPath: /var/www/
@@ -308,23 +326,23 @@ spec:
       {{- if .Values.nextcloud.extraVolumes }}
 {{ toYaml .Values.nextcloud.extraVolumes | indent 6 }}
       {{- end }}
-      {{- if .Values.nginx.enabled }}
-      # Will mount configuration files as www-data (id: 82) for nextcloud
       securityContext:
-        fsGroup: 82
-        {{- if .Values.securityContext }}
-        {{- with .Values.securityContext }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
+      {{- if .Values.nextcloud.podSecurityContext }}
+        {{- with .Values.nextcloud.podSecurityContext }}
+          {{- toYaml . | nindent 8 }}
         {{- end }}
       {{- else }}
-      # Will mount configuration files as www-data (id: 33) for nextcloud
-      securityContext:
+        {{- if .Values.nginx.enabled }}
+        # Will mount configuration files as www-data (id: 82) for nextcloud
+        fsGroup: 82
+        {{- else }}
+        # Will mount configuration files as www-data (id: 33) for nextcloud
         fsGroup: 33
-        {{- if .Values.securityContext }}
-        {{- with .Values.securityContext }}
-        {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- if .Values.securityContext }}
+          {{- with .Values.securityContext }}
+            {{- toYaml . | nindent 8 }}
+          {{- end }}
         {{- end }}
       {{- end }}
       {{- if .Values.rbac.enabled }}

charts/nextcloud/templates/metrics-deployment.yaml

@@ -54,6 +54,8 @@ spec:
           value: http{{ if .Values.metrics.https }}s{{ end }}://{{ .Values.nextcloud.host }}
         - name: NEXTCLOUD_TIMEOUT
           value: {{ .Values.metrics.timeout }}
+        - name: NEXTCLOUD_TLS_SKIP_VERIFY
+          value: {{ .Values.metrics.tlsSkipVerify | quote }}
         ports:
         - name: metrics
           containerPort: 9205

charts/nextcloud/values.yaml

@@ -12,6 +12,7 @@ nameOverride: ""
 fullnameOverride: ""
 podAnnotations: {}
 deploymentAnnotations: {}
+deploymentLabels: {}
 
 # Number of replicas to be deployed
 replicaCount: 1
@@ -77,11 +78,11 @@ nextcloud:
   existingSecret:
     enabled: false
     # secretName: nameofsecret
-    # usernameKey: username
-    # passwordKey: password
-    # tokenKey: serverinfo_token
-    # smtpUsernameKey: smtp_username
-    # smtpPasswordKey: smtp_password
+    # usernameKey: nextcloud-username
+    # passwordKey: nextcloud-password
+    # tokenKey: nextcloud-token
+    # smtpUsernameKey: smtp-username
+    # smtpPasswordKey: smtp-password
   update: 0
   # If web server is not binding default port, you can define it
   # containerPort: 8080
@@ -190,8 +191,15 @@ nextcloud:
   #  - name: nfs
   #    mountPath: "/legacy_data"
 
-  # Extra secuurityContext parameters. For example you may need to define runAsNonRoot directive
-  # extraSecurityContext:
+  # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
+  securityContext: {}
+  #   runAsUser: "33"
+  #   runAsGroup: "33"
+  #   runAsNonRoot: true
+  #   readOnlyRootFilesystem: true
+
+  # Set securityContext parameters for the pod. For example, you may need to define runAsNonRoot directive
+  podSecurityContext: {}
   #   runAsUser: "33"
   #   runAsGroup: "33"
   #   runAsNonRoot: true
@@ -213,6 +221,13 @@ nginx:
 
   resources: {}
 
+  # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
+  securityContext: {}
+  #   runAsUser: "82"
+  #   runAsGroup: "33"
+  #   runAsNonRoot: true
+  #   readOnlyRootFilesystem: true
+
 internalDatabase:
   enabled: true
   name: nextcloud
@@ -242,8 +257,8 @@ externalDatabase:
   existingSecret:
     enabled: false
     # secretName: nameofsecret
-    # usernameKey: username
-    # passwordKey: password
+    # usernameKey: db-username
+    # passwordKey: db-password
 
 ##
 ## MariaDB chart configuration
@@ -265,6 +280,8 @@ mariadb:
   primary:
     persistence:
       enabled: false
+      # Use an existing Persistent Volume Claim (must be created ahead of time)
+      # existingClaim: ""
       # storageClass: ""
       accessMode: ReadWriteOnce
       size: 8Gi
@@ -284,6 +301,8 @@ postgresql:
   primary:
     persistence:
       enabled: false
+      # Use an existing Persistent Volume Claim (must be created ahead of time)
+      # existingClaim: ""
       # storageClass: ""
 
 ##
@@ -308,6 +327,12 @@ cronjob:
   lifecycle: {}
     # postStartCommand: []
     # preStopCommand: []
+  # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
+  securityContext: {}
+  #   runAsUser: "33"
+  #   runAsGroup: "33"
+  #   runAsNonRoot: true
+  #   readOnlyRootFilesystem: true
 
 service:
   type: ClusterIP
@@ -417,10 +442,12 @@ metrics:
   # Currently you still need to set the token manually in your nextcloud install
   token: ""
   timeout: 5s
+  # if set to true, exporter skips certificate verification of Nextcloud server.
+  tlsSkipVerify: false
 
   image:
     repository: xperimental/nextcloud-exporter
-    tag: 0.5.1
+    tag: 0.6.0
     pullPolicy: IfNotPresent
 
   ## Metrics exporter resource requests and limits
@@ -479,3 +506,7 @@ rbac:
     create: true
     name: nextcloud-serviceaccount
     annotations: {}
+
+
+## @param securityContext @deprecated Use `nextcloud.podSecurityContext` instead
+securityContext: {}