From 7c267a84beabde57897c66ec7652474098736c8f Mon Sep 17 00:00:00 2001 From: tmm1234 <75389007+tmm1234@users.noreply.github.com> Date: Mon, 12 Sep 2022 13:07:55 +0200 Subject: [PATCH 01/26] adds deploymentLabels parameter to values.yaml deploymentLabels is referenced in lines 11-13 of the deployment template but is not present in the values.yaml file Signed-off-by: tmm1234 <75389007+tmm1234@users.noreply.github.com> --- charts/nextcloud/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 0321d1ac..155d18ae 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -12,6 +12,7 @@ nameOverride: "" fullnameOverride: "" podAnnotations: {} deploymentAnnotations: {} +deplomentLabels: # Number of replicas to be deployed replicaCount: 1 From c9bc17715b72bb40d00cefbd89d4dce6ab841dd2 Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Tue, 8 Nov 2022 01:03:01 +0100 Subject: [PATCH 02/26] fix if for extraVolumeMounts Signed-off-by: angelnu --- charts/nextcloud/Chart.yaml | 2 +- charts/nextcloud/templates/_helpers.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 92306b1c..cfe7c16c 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.3.2 +version: 3.3.3 appVersion: 25.0.1 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/charts/nextcloud/templates/_helpers.tpl b/charts/nextcloud/templates/_helpers.tpl index ca7a8d58..a03cbffd 100644 --- a/charts/nextcloud/templates/_helpers.tpl +++ b/charts/nextcloud/templates/_helpers.tpl @@ -248,10 +248,10 @@ Create volume mounts for the nextcloud container as well as the cron sidecar con subPath: {{ $key }} {{- end }} {{- end }} +{{- end }} {{- if .Values.nextcloud.extraVolumeMounts }} {{- toYaml .Values.nextcloud.extraVolumeMounts }} {{- end }} -{{- end }} {{- $nginxEnabled := .Values.nginx.enabled -}} {{- range $key, $value := .Values.nextcloud.phpConfigs }} - name: nextcloud-phpconfig From a40de2329ad54fbeecde328638d2455a4c85157f Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Tue, 8 Nov 2022 01:10:29 +0100 Subject: [PATCH 03/26] remove - before extraVolumeMounts toYaml Signed-off-by: angelnu --- charts/nextcloud/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/templates/_helpers.tpl b/charts/nextcloud/templates/_helpers.tpl index a03cbffd..4635374b 100644 --- a/charts/nextcloud/templates/_helpers.tpl +++ b/charts/nextcloud/templates/_helpers.tpl @@ -250,7 +250,7 @@ Create volume mounts for the nextcloud container as well as the cron sidecar con {{- end }} {{- end }} {{- if .Values.nextcloud.extraVolumeMounts }} -{{- toYaml .Values.nextcloud.extraVolumeMounts }} +{{ toYaml .Values.nextcloud.extraVolumeMounts }} {{- end }} {{- $nginxEnabled := .Values.nginx.enabled -}} {{- range $key, $value := .Values.nextcloud.phpConfigs }} From 435f6797bb3b445a02677fd0e4ea4704af301b2a Mon Sep 17 00:00:00 2001 From: jld3103 Date: Sat, 10 Dec 2022 13:31:05 +0100 Subject: [PATCH 04/26] Update to 25.0.2 Signed-off-by: jld3103 --- charts/nextcloud/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index cfe7c16c..d34ff88b 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: nextcloud -version: 3.3.3 -appVersion: 25.0.1 +version: 3.3.4 +appVersion: 25.0.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: - nextcloud From 910b645bc43b8237c65c33654c24b1a1e083f6f4 Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Thu, 22 Dec 2022 18:02:50 +0000 Subject: [PATCH 05/26] Add metrics.tlsSkipVerify to skip certificate verification of Nextcloud server Signed-off-by: Jesse Hitch --- charts/nextcloud/README.md | 1 + charts/nextcloud/templates/metrics-deployment.yaml | 2 ++ charts/nextcloud/values.yaml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 1c9435b6..1515a9f1 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -189,6 +189,7 @@ The following table lists the configurable parameters of the nextcloud chart and | `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) | | `metrics.token` | Uses token for auth instead of username/password | `""` | | `metrics.timeout` | When the scrape times out | `5s` | +| `metrics.tlsSkipVerify` | Skips certificate verification of Nextcloud server | `false` | | `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` | | `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.5.1` | | `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` | diff --git a/charts/nextcloud/templates/metrics-deployment.yaml b/charts/nextcloud/templates/metrics-deployment.yaml index d5fab9b4..5b43f150 100644 --- a/charts/nextcloud/templates/metrics-deployment.yaml +++ b/charts/nextcloud/templates/metrics-deployment.yaml @@ -54,6 +54,8 @@ spec: value: http{{ if .Values.metrics.https }}s{{ end }}://{{ .Values.nextcloud.host }} - name: NEXTCLOUD_TIMEOUT value: {{ .Values.metrics.timeout }} + - name: NEXTCLOUD_TLS_SKIP_VERIFY + value: {{ .Values.metrics.tlsSkipVerify }} ports: - name: metrics containerPort: 9205 diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index c7c7403c..58c862b5 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -417,6 +417,8 @@ metrics: # Currently you still need to set the token manually in your nextcloud install token: "" timeout: 5s + # if set to true, exporter skips certificate verification of Nextcloud server. + tlsSkipVerify: false image: repository: xperimental/nextcloud-exporter From 35da8454766bde8dcb46d7002540a912f4c6979b Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Thu, 22 Dec 2022 18:04:51 +0000 Subject: [PATCH 06/26] Bump xperimental/nextcloud-exporter from 0.5.1 to 0.6.0 Signed-off-by: Jesse Hitch --- charts/nextcloud/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 58c862b5..58185234 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -422,7 +422,7 @@ metrics: image: repository: xperimental/nextcloud-exporter - tag: 0.5.1 + tag: 0.6.0 pullPolicy: IfNotPresent ## Metrics exporter resource requests and limits From d453330a0a315d84ac711ab44c3ae1a314d6bb5d Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Thu, 22 Dec 2022 18:06:20 +0000 Subject: [PATCH 07/26] Bump Chart.yaml version from 3.3.4 to 3.3.5 Signed-off-by: Jesse Hitch --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index d34ff88b..37d1b61b 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.3.4 +version: 3.3.5 appVersion: 25.0.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: From f307cd71501c353c2d004db90a80b733ef7b97ea Mon Sep 17 00:00:00 2001 From: "V. Aret" Date: Fri, 23 Dec 2022 08:39:23 +0100 Subject: [PATCH 08/26] Fix issue cause by boolean without quotes into env variable Signed-off-by: V. Aret --- charts/nextcloud/Chart.yaml | 2 +- charts/nextcloud/templates/metrics-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 37d1b61b..46ac2c55 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.3.5 +version: 3.3.6 appVersion: 25.0.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/charts/nextcloud/templates/metrics-deployment.yaml b/charts/nextcloud/templates/metrics-deployment.yaml index 5b43f150..19498182 100644 --- a/charts/nextcloud/templates/metrics-deployment.yaml +++ b/charts/nextcloud/templates/metrics-deployment.yaml @@ -55,7 +55,7 @@ spec: - name: NEXTCLOUD_TIMEOUT value: {{ .Values.metrics.timeout }} - name: NEXTCLOUD_TLS_SKIP_VERIFY - value: {{ .Values.metrics.tlsSkipVerify }} + value: {{ .Values.metrics.tlsSkipVerify | quote }} ports: - name: metrics containerPort: 9205 From 315313be6f6c14badeb07fad43ddd1e3f983e7fd Mon Sep 17 00:00:00 2001 From: Tim van Leuverden Date: Mon, 9 Jan 2023 16:49:41 +0100 Subject: [PATCH 09/26] Add securityContext and podSecurityContext Signed-off-by: Tim van Leuverden --- charts/nextcloud/README.md | 4 ++ charts/nextcloud/templates/deployment.yaml | 46 +++++++++++++++------- charts/nextcloud/values.yaml | 24 ++++++++++- 3 files changed, 58 insertions(+), 16 deletions(-) diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 1515a9f1..35213fd1 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -100,6 +100,8 @@ The following table lists the configurable parameters of the nextcloud chart and | `nextcloud.extraInitContainers` | specify additional init containers | `[]` | | `nextcloud.extraVolumes` | specify additional volumes for the NextCloud pod | `{}` | | `nextcloud.extraVolumeMounts` | specify additional volume mounts for the NextCloud pod | `{}` | +| `nextcloud.securityContext` | Optional security context for the NextCloud container | `nil` | +| `nextcloud.podSecurityContext` | specify additional volume mounts for the NextCloud pod | `nil` | | `nginx.enabled` | Enable nginx (requires you use php-fpm image) | `false` | | `nginx.image.repository` | nginx Image name | `nginx` | | `nginx.image.tag` | nginx Image tag | `alpine` | @@ -107,6 +109,7 @@ The following table lists the configurable parameters of the nextcloud chart and | `nginx.config.default` | Whether to use nextclouds recommended nginx config | `true` | | `nginx.config.custom` | Specify a custom config for nginx | `{}` | | `nginx.resources` | nginx resources | `{}` | +| `nginx.securityContext` | Optional security context for the nginx container | `nil` | | `lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | | `lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | | `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | @@ -137,6 +140,7 @@ The following table lists the configurable parameters of the nextcloud chart and | `cronjob.enabled` | Whether to enable/disable cronjob | `false` | | `cronjob.lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | | `cronjob.lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | +| `cronjob.securityContext` | Optional security context for cronjob | `nil` | | `service.type` | Kubernetes Service type | `ClusterIP` | | `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `nil` | | `service.nodePort` | NodePort for service type NodePort | `nil` | diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index f5d6b65a..2140a97e 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -121,10 +121,16 @@ spec: successThreshold: {{ .Values.startupProbe.successThreshold }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} {{- end }} - volumeMounts: -{{- include "nextcloud.volumeMounts" . | trim | nindent 8 }} resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.nextcloud.securityContext}} + securityContext: + {{- with .Values.nextcloud.securityContext }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} + volumeMounts: + {{- include "nextcloud.volumeMounts" . | trim | nindent 8 }} {{- if .Values.cronjob.enabled }} - name: {{ .Chart.Name }}-cron image: {{ include "nextcloud.image" . }} @@ -150,6 +156,12 @@ spec: {{- include "nextcloud.env" . | indent 8 }} resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.cronjob.securityContext}} + securityContext: + {{- with .Values.cronjob.securityContext }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} volumeMounts: {{- include "nextcloud.volumeMounts" . | trim | nindent 8 }} {{- end }} @@ -192,6 +204,12 @@ spec: resources: {{ toYaml .Values.nginx.resources | indent 10 }} + {{- if .Values.nginx.securityContext}} + securityContext: + {{- with .Values.nginx.securityContext }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} volumeMounts: - name: nextcloud-main mountPath: /var/www/ @@ -308,23 +326,23 @@ spec: {{- if .Values.nextcloud.extraVolumes }} {{ toYaml .Values.nextcloud.extraVolumes | indent 6 }} {{- end }} - {{- if .Values.nginx.enabled }} - # Will mount configuration files as www-data (id: 82) for nextcloud securityContext: - fsGroup: 82 - {{- if .Values.securityContext }} - {{- with .Values.securityContext }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{- if .Values.nextcloud.podSecurityContext }} + {{- with .Values.nextcloud.podSecurityContext }} + {{- toYaml . | nindent 8 }} {{- end }} {{- else }} - # Will mount configuration files as www-data (id: 33) for nextcloud - securityContext: + {{- if .Values.nginx.enabled }} + # Will mount configuration files as www-data (id: 82) for nextcloud + fsGroup: 82 + {{- else }} + # Will mount configuration files as www-data (id: 33) for nextcloud fsGroup: 33 - {{- if .Values.securityContext }} - {{- with .Values.securityContext }} - {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.securityContext }} + {{- with .Values.securityContext }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} {{- if .Values.rbac.enabled }} diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 58185234..4e5ae917 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -190,8 +190,15 @@ nextcloud: # - name: nfs # mountPath: "/legacy_data" - # Extra secuurityContext parameters. For example you may need to define runAsNonRoot directive - # extraSecurityContext: + # Set securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: "33" + # runAsGroup: "33" + # runAsNonRoot: true + # readOnlyRootFilesystem: true + + # Set securityContext parameters for the pod. For example, you may need to define runAsNonRoot directive + podSecurityContext: {} # runAsUser: "33" # runAsGroup: "33" # runAsNonRoot: true @@ -213,6 +220,13 @@ nginx: resources: {} + # Set securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: "82" + # runAsGroup: "33" + # runAsNonRoot: true + # readOnlyRootFilesystem: true + internalDatabase: enabled: true name: nextcloud @@ -308,6 +322,12 @@ cronjob: lifecycle: {} # postStartCommand: [] # preStopCommand: [] + # Set securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + # runAsUser: "33" + # runAsGroup: "33" + # runAsNonRoot: true + # readOnlyRootFilesystem: true service: type: ClusterIP From b7929d18c1560f14aa99cd3096e28c1abb70c323 Mon Sep 17 00:00:00 2001 From: Tim van Leuverden Date: Mon, 9 Jan 2023 16:53:57 +0100 Subject: [PATCH 10/26] Bump version Signed-off-by: Tim van Leuverden --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 46ac2c55..70cd2d3b 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.3.6 +version: 3.4.0 appVersion: 25.0.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: From 90356ee12128e56e3d0347455beaba575bd8bade Mon Sep 17 00:00:00 2001 From: Tim van Leuverden Date: Fri, 13 Jan 2023 14:47:26 +0100 Subject: [PATCH 11/26] Add deprecation comment to undocumented old `securityContext` value Signed-off-by: Tim van Leuverden --- charts/nextcloud/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 4e5ae917..648686df 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -501,3 +501,7 @@ rbac: create: true name: nextcloud-serviceaccount annotations: {} + + +## @param securityContext @deprecated Use `nextcloud.podSecurityContext` instead +securityContext: {} From acc1649b7ade7c94bda4fa86bf184aa7166702cd Mon Sep 17 00:00:00 2001 From: jld3103 Date: Wed, 18 Jan 2023 08:29:15 +0100 Subject: [PATCH 12/26] Update to 25.0.3 Signed-off-by: jld3103 --- charts/nextcloud/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 70cd2d3b..bd366da3 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: nextcloud -version: 3.4.0 -appVersion: 25.0.2 +version: 3.4.1 +appVersion: 25.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: - nextcloud From 3e9d5e03d99d3eee5c95c56d64a82bf5b9cf8d6d Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Tue, 24 Jan 2023 14:34:46 +0100 Subject: [PATCH 13/26] add options of apache vs fpm for image.flavor these are for different webserver backends. You must use fpm if you're deploying nginx as your webserver instead of apache. Signed-off-by: Jesse Hitch --- charts/nextcloud/README.md | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 35213fd1..8c2c1962 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -51,7 +51,7 @@ The following table lists the configurable parameters of the nextcloud chart and | Parameter | Description | Default | | ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------- | | `image.repository` | nextcloud Image name | `nextcloud` | -| `image.flavor` | nextcloud Image type | `apache` | +| `image.flavor` | nextcloud Image type (Options: apache, fpm) | `apache` | | `image.tag` | nextcloud Image tag | `{VERSION}` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` | @@ -193,7 +193,7 @@ The following table lists the configurable parameters of the nextcloud chart and | `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) | | `metrics.token` | Uses token for auth instead of username/password | `""` | | `metrics.timeout` | When the scrape times out | `5s` | -| `metrics.tlsSkipVerify` | Skips certificate verification of Nextcloud server | `false` | +| `metrics.tlsSkipVerify` | Skips certificate verification of Nextcloud server | `false` | | `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` | | `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.5.1` | | `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` | @@ -287,6 +287,24 @@ nextcloud: ); ``` +## Using nginx +To use nginx instead of apache to serve nextcloud, Set the following parameters in your `values.yaml`: + +```yaml +# This Generates an image tag using the chart's app version +# e.g. if the app version is 25.0.3, the image tag will be 25.0.3-fpm +image: + flavor: fpm + # You can also specify a tag directly. this version is an example: + # tag: 25.0.3-fpm +``` + +```yaml +# this deploys an nginx container within the nextcloud pod +nginx + enabled: true +``` + ## Preserving Source IP - Make sure your loadbalancer preserves source IP, for bare metal, `metalb` does and `klipper-lb` doesn't. @@ -297,7 +315,7 @@ ingress: nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" ``` -- The next layer is nextcloud pod's nginx if you use `nextcloud-fpm`, this can be left at default +- The next layer is nextcloud pod's nginx container. In in your `values.yaml`, if `nextcloud.tag` has `fpm` in it, or `image.flavor` is set to `fpm`, this can be left at default - Add some PHP config for nextcloud as mentioned above in multiple `config.php`s section: ```php configs: From eb3e5466f25dccaa80d54a94dbde781ab4e7ee2c Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Tue, 24 Jan 2023 15:00:56 +0100 Subject: [PATCH 14/26] Fix #310: replicaCount not mentioned in Readme Signed-off-by: Jesse Hitch --- charts/nextcloud/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 8c2c1962..c767947d 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -55,6 +55,7 @@ The following table lists the configurable parameters of the nextcloud chart and | `image.tag` | nextcloud Image tag | `{VERSION}` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` | +| `replicaCount` | Number of nextcloud pods to deploy | `1` | | `ingress.className` | Name of the ingress class to use | `nil` | | `ingress.enabled` | Enable use of ingress controllers | `false` | | `ingress.servicePort` | Ingress' backend servicePort | `http` | From 46975aaf46b54d13460c0007d6d01c0a93a61c5a Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Tue, 24 Jan 2023 17:16:35 +0100 Subject: [PATCH 15/26] document for mariadb and postgresql Signed-off-by: Jesse Hitch --- charts/nextcloud/README.md | 3 +++ charts/nextcloud/values.yaml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 35213fd1..be4f4d90 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -129,11 +129,14 @@ The following table lists the configurable parameters of the nextcloud chart and | `mariadb.auth.password` | Password for the database | `changeme` | | `mariadb.auth.username` | Database user to create | `nextcloud` | | `mariadb.auth.rootPassword` | MariaDB admin password | `nil` | +| `mariadb.primary.persistence.enabled` | Whether or not to Use a PVC on MariaDB primary | `false` | +| `mariadb.primary.persistence.existingClaim` | Use an existing PVC for MariaDB primary | `nil` | | `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` | | `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` | | `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` | | `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` | | `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` | +| `postgresql.primary.persistence.existingClaim` | Use an existing PVC for PostgreSQL primary | `nil` | | `redis.enabled` | Whether to install/use redis for locking | `false` | | `redis.auth.enabled` | Whether to enable password authentication with redis | `true` | | `redis.auth.password` | The password redis uses | `''` | diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 648686df..912e8f4f 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -279,6 +279,8 @@ mariadb: primary: persistence: enabled: false + # Use an existing Persistent Volume Claim (must be created ahead of time) + # existingClaim: "" # storageClass: "" accessMode: ReadWriteOnce size: 8Gi @@ -298,6 +300,8 @@ postgresql: primary: persistence: enabled: false + # Use an existing Persistent Volume Claim (must be created ahead of time) + # existingClaim: "" # storageClass: "" ## From 1fa3b64864c464593eef90fb63f8374cb6d30f60 Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Wed, 25 Jan 2023 09:58:20 +0100 Subject: [PATCH 16/26] bump chart version for #338 Signed-off-by: Jesse Hitch --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index bd366da3..9a79e9b3 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.4.1 +version: 3.4.2 appVersion: 25.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: From c0feb30ace603ac4da963a34ce598ff85b208272 Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Wed, 25 Jan 2023 14:28:39 +0100 Subject: [PATCH 17/26] Fix nextcloud.podSecurityContext description and missing ' typo in README Signed-off-by: Jesse Hitch --- charts/nextcloud/README.md | 326 ++++++++++++++++++------------------- 1 file changed, 163 insertions(+), 163 deletions(-) diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index c767947d..ef2f953c 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -48,169 +48,169 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the nextcloud chart and their default values. -| Parameter | Description | Default | -| ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------- | -| `image.repository` | nextcloud Image name | `nextcloud` | -| `image.flavor` | nextcloud Image type (Options: apache, fpm) | `apache` | -| `image.tag` | nextcloud Image tag | `{VERSION}` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify image pull secrets | `nil` | -| `replicaCount` | Number of nextcloud pods to deploy | `1` | -| `ingress.className` | Name of the ingress class to use | `nil` | -| `ingress.enabled` | Enable use of ingress controllers | `false` | -| `ingress.servicePort` | Ingress' backend servicePort | `http` | -| `ingress.annotations` | An array of service annotations | `nil` | -| `ingress.labels` | An array of service labels | `nil` | -| `ingress.path` | The `Path` to use in Ingress' `paths` | `/` | -| `ingress.pathType` | The `PathType` to use in Ingress' `paths` | `Prefix` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `nextcloud.host` | nextcloud host to create application URLs | `nextcloud.kube.home` | -| `nextcloud.username` | User of the application | `admin` | -| `nextcloud.password` | Application password | `changeme` | -| `nextcloud.existingSecret.enabled` | Whether to use an existing secret or not | `false` | -| `nextcloud.existingSecret.secretName` | Name of the existing secret | `nil` | -| `nextcloud.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | -| `nextcloud.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | -| `nextcloud.existingSecret.smtpUsernameKey` | Name of the key that contains the SMTP username | `nil` | -| `nextcloud.existingSecret.smtpPasswordKey` | Name of the key that contains the SMTP password | `nil` | -| `nextcloud.update` | Trigger update if custom command is used | `0` | -| `nextcloud.containerPort` | Customize container port when not running as root | `80` | -| `nextcloud.datadir` | nextcloud data dir location | `/var/www/html/data` | -| `nextcloud.mail.enabled` | Whether to enable/disable email settings | `false` | -| `nextcloud.mail.fromAddress` | nextcloud mail send from field | `nil` | -| `nextcloud.mail.domain` | nextcloud mail domain | `nil` | -| `nextcloud.mail.smtp.host` | SMTP hostname | `nil` | -| `nextcloud.mail.smtp.secure` | SMTP connection `ssl` or empty | `''` | -| `nextcloud.mail.smtp.port` | Optional SMTP port | `nil` | -| `nextcloud.mail.smtp.authtype` | SMTP authentication method | `LOGIN` | -| `nextcloud.mail.smtp.name` | SMTP username | `''` | -| `nextcloud.mail.smtp.password` | SMTP password | `''` | -| `nextcloud.configs` | Config files created in `/var/www/html/config` | `{}` | -| `nextcloud.persistence.subPath` | Set the subPath for nextcloud to use in volume | `nil` | -| `nextcloud.phpConfigs` | PHP Config files created in `/usr/local/etc/php/conf.d` | `{}` | -| `nextcloud.defaultConfigs.\.htaccess` | Default .htaccess to protect `/var/www/html/config` | `true` | -| `nextcloud.defaultConfigs.redis\.config\.php` | Default Redis configuration | `true` | -| `nextcloud.defaultConfigs.apache-pretty-urls\.config\.php` | Default Apache configuration for rewrite urls | `true` | -| `nextcloud.defaultConfigs.apcu\.config\.php` | Default configuration to define APCu as local cache | `true` | -| `nextcloud.defaultConfigs.apps\.config\.php` | Default configuration for apps | `true` | -| `nextcloud.defaultConfigs.autoconfig\.php` | Default auto-configuration for databases | `true` | -| `nextcloud.defaultConfigs.smtp\.config\.php` | Default configuration for smtp | `true` | -| `nextcloud.strategy` | specifies the strategy used to replace old Pods by new ones | `type: Recreate` | -| `nextcloud.extraEnv` | specify additional environment variables | `{}` | -| `nextcloud.extraSidecarContainers` | specify additional sidecar containers | `[]` | -| `nextcloud.extraInitContainers` | specify additional init containers | `[]` | -| `nextcloud.extraVolumes` | specify additional volumes for the NextCloud pod | `{}` | -| `nextcloud.extraVolumeMounts` | specify additional volume mounts for the NextCloud pod | `{}` | -| `nextcloud.securityContext` | Optional security context for the NextCloud container | `nil` | -| `nextcloud.podSecurityContext` | specify additional volume mounts for the NextCloud pod | `nil` | -| `nginx.enabled` | Enable nginx (requires you use php-fpm image) | `false` | -| `nginx.image.repository` | nginx Image name | `nginx` | -| `nginx.image.tag` | nginx Image tag | `alpine` | -| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` | -| `nginx.config.default` | Whether to use nextclouds recommended nginx config | `true` | -| `nginx.config.custom` | Specify a custom config for nginx | `{}` | -| `nginx.resources` | nginx resources | `{}` | -| `nginx.securityContext` | Optional security context for the nginx container | `nil` | -| `lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | -| `lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | -| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | -| `internalDatabase.database` | Name of the existing database | `nextcloud` | -| `externalDatabase.enabled` | Whether to use external database | `false` | -| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` | -| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` | -| `externalDatabase.database` | Name of the existing database | `nextcloud` | -| `externalDatabase.user` | Existing username in the external db | `nextcloud` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` | -| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` | -| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | -| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | -| `mariadb.enabled` | Whether to use the MariaDB chart | `false` | -| `mariadb.auth.database` | Database name to create | `nextcloud` | -| `mariadb.auth.password` | Password for the database | `changeme` | -| `mariadb.auth.username` | Database user to create | `nextcloud` | -| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` | -| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` | -| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` | -| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` | -| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` | -| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` | -| `redis.enabled` | Whether to install/use redis for locking | `false` | -| `redis.auth.enabled` | Whether to enable password authentication with redis | `true` | -| `redis.auth.password` | The password redis uses | `''` | -| `cronjob.enabled` | Whether to enable/disable cronjob | `false` | -| `cronjob.lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | -| `cronjob.lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | -| `cronjob.securityContext` | Optional security context for cronjob | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `nil` | -| `service.nodePort` | NodePort for service type NodePort | `nil` | -| `persistence.enabled` | Enable persistence using PVC | `false` | -| `persistence.annotations` | PVC annotations | `{}` | -| `persistence.storageClass` | PVC Storage Class for nextcloud volume | `nil` (uses alpha storage class annotation) | -| `persistence.existingClaim` | An Existing PVC name for nextcloud volume | `nil` (uses alpha storage class annotation) | -| `persistence.accessMode` | PVC Access Mode for nextcloud volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for nextcloud volume | `8Gi` | -| `persistence.nextcloudData.enabled` | Create a second PVC for the data folder in nextcloud | `false` | -| `persistence.nextcloudData.annotations` | see `persistence.annotations` | `{}` | -| `persistence.nextcloudData.storageClass` | see `persistence.storageClass` | `nil` (uses alpha storage class annotation) | -| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim` | `nil` (uses alpha storage class annotation) | -| `persistence.nextcloudData.accessMode` | see `persistence.accessMode` | `ReadWriteOnce` | -| `persistence.nextcloudData.size` | see `persistence.size` | `8Gi` | -| `phpClientHttpsFix.enabled` | Sets OVERWRITEPROTOCOL for https ingress redirect | `false` | -| `phpClientHttpsFix.protocol` | Sets OVERWRITEPROTOCOL for https ingress redirect | `https` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `rbac.enabled` | Enable Role and rolebinding for priveledged PSP | `false` | -| `rbac.serviceaccount.create` | Wether to create a serviceaccount or use an existing one (requires rbac) | `true` | -| `rbac.serviceaccount.name` | The name of the sevice account that the deployment will use (requires rbac) | `nextcloud-serviceaccount` | -| `rbac.serviceaccount.annotations` | Serviceaccount annotations | `{}` | -| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `startupProbe.enabled` | Turn on and off startup probe | `false` | -| `startupProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `startupProbe.periodSeconds` | How often to perform the probe | `10` | -| `startupProbe.timeoutSeconds` | When the probe times out | `5` | -| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe | `30` | -| `startupProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `hpa.enabled` | Boolean to create a HorizontalPodAutoscaler | `false` | -| `hpa.cputhreshold` | CPU threshold percent for the HorizontalPodAutoscale | `60` | -| `hpa.minPods` | Min. pods for the Nextcloud HorizontalPodAutoscaler | `1` | -| `hpa.maxPods` | Max. pods for the Nextcloud HorizontalPodAutoscaler | `10` | -| `deploymentLabels` | Labels to be added at 'deployment' level | not set | -| `deploymentAnnotations` | Annotations to be added at 'deployment' level | not set | -| `podLabels` | Labels to be added at 'pod' level | not set | -| `podAnnotations` | Annotations to be added at 'pod' level | not set | -| `metrics.enabled` | Start Prometheus metrics exporter | `false` | -| `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) | -| `metrics.token` | Uses token for auth instead of username/password | `""` | -| `metrics.timeout` | When the scrape times out | `5s` | -| `metrics.tlsSkipVerify` | Skips certificate verification of Nextcloud server | `false` | -| `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` | -| `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.5.1` | -| `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` | -| `metrics.podAnnotations` | Additional annotations for metrics exporter | not set | -| `metrics.podLabels` | Additional labels for metrics exporter | not set | -| `metrics.service.type` | Metrics: Kubernetes Service type | `ClusterIP` | -| `metrics.service.loadBalancerIP` | Metrics: LoadBalancerIp for service type LoadBalancer | `nil` | -| `metrics.service.nodePort` | Metrics: NodePort for service type NodePort | `nil` | -| `metrics.service.annotations` | Additional annotations for service metrics exporter | `{prometheus.io/scrape: "true", prometheus.io/port: "9205"}` | -| `metrics.service.labels` | Additional labels for service metrics exporter | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus | `` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `` | -| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{} | +| Parameter | Description | Default | +| ------------------------------------------------------------ | -------------------------------------------------------------------------------------- | ------------------------------------------------------------ | +| `image.repository` | nextcloud Image name | `nextcloud` | +| `image.flavor` | nextcloud Image type (Options: apache, fpm) | `apache` | +| `image.tag` | nextcloud Image tag | `{VERSION}` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify image pull secrets | `nil` | +| `replicaCount` | Number of nextcloud pods to deploy | `1` | +| `ingress.className` | Name of the ingress class to use | `nil` | +| `ingress.enabled` | Enable use of ingress controllers | `false` | +| `ingress.servicePort` | Ingress' backend servicePort | `http` | +| `ingress.annotations` | An array of service annotations | `nil` | +| `ingress.labels` | An array of service labels | `nil` | +| `ingress.path` | The `Path` to use in Ingress' `paths` | `/` | +| `ingress.pathType` | The `PathType` to use in Ingress' `paths` | `Prefix` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `nextcloud.host` | nextcloud host to create application URLs | `nextcloud.kube.home` | +| `nextcloud.username` | User of the application | `admin` | +| `nextcloud.password` | Application password | `changeme` | +| `nextcloud.existingSecret.enabled` | Whether to use an existing secret or not | `false` | +| `nextcloud.existingSecret.secretName` | Name of the existing secret | `nil` | +| `nextcloud.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | +| `nextcloud.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | +| `nextcloud.existingSecret.smtpUsernameKey` | Name of the key that contains the SMTP username | `nil` | +| `nextcloud.existingSecret.smtpPasswordKey` | Name of the key that contains the SMTP password | `nil` | +| `nextcloud.update` | Trigger update if custom command is used | `0` | +| `nextcloud.containerPort` | Customize container port when not running as root | `80` | +| `nextcloud.datadir` | nextcloud data dir location | `/var/www/html/data` | +| `nextcloud.mail.enabled` | Whether to enable/disable email settings | `false` | +| `nextcloud.mail.fromAddress` | nextcloud mail send from field | `nil` | +| `nextcloud.mail.domain` | nextcloud mail domain | `nil` | +| `nextcloud.mail.smtp.host` | SMTP hostname | `nil` | +| `nextcloud.mail.smtp.secure` | SMTP connection `ssl` or empty | `''` | +| `nextcloud.mail.smtp.port` | Optional SMTP port | `nil` | +| `nextcloud.mail.smtp.authtype` | SMTP authentication method | `LOGIN` | +| `nextcloud.mail.smtp.name` | SMTP username | `''` | +| `nextcloud.mail.smtp.password` | SMTP password | `''` | +| `nextcloud.configs` | Config files created in `/var/www/html/config` | `{}` | +| `nextcloud.persistence.subPath` | Set the subPath for nextcloud to use in volume | `nil` | +| `nextcloud.phpConfigs` | PHP Config files created in `/usr/local/etc/php/conf.d` | `{}` | +| `nextcloud.defaultConfigs.\.htaccess` | Default .htaccess to protect `/var/www/html/config` | `true` | +| `nextcloud.defaultConfigs.redis\.config\.php` | Default Redis configuration | `true` | +| `nextcloud.defaultConfigs.apache-pretty-urls\.config\.php` | Default Apache configuration for rewrite urls | `true` | +| `nextcloud.defaultConfigs.apcu\.config\.php` | Default configuration to define APCu as local cache | `true` | +| `nextcloud.defaultConfigs.apps\.config\.php` | Default configuration for apps | `true` | +| `nextcloud.defaultConfigs.autoconfig\.php` | Default auto-configuration for databases | `true` | +| `nextcloud.defaultConfigs.smtp\.config\.php` | Default configuration for smtp | `true` | +| `nextcloud.strategy` | specifies the strategy used to replace old Pods by new ones | `type: Recreate` | +| `nextcloud.extraEnv` | specify additional environment variables | `{}` | +| `nextcloud.extraSidecarContainers` | specify additional sidecar containers | `[]` | +| `nextcloud.extraInitContainers` | specify additional init containers | `[]` | +| `nextcloud.extraVolumes` | specify additional volumes for the NextCloud pod | `{}` | +| `nextcloud.extraVolumeMounts` | specify additional volume mounts for the NextCloud pod | `{}` | +| `nextcloud.securityContext` | Optional security context for the NextCloud container | `nil` | +| `nextcloud.podSecurityContext` | Optional security context for the NextCloud pod (applies to all containers in the pod) | `nil` | +| `nginx.enabled` | Enable nginx (requires you use php-fpm image) | `false` | +| `nginx.image.repository` | nginx Image name | `nginx` | +| `nginx.image.tag` | nginx Image tag | `alpine` | +| `nginx.image.pullPolicy` | nginx Image pull policy | `IfNotPresent` | +| `nginx.config.default` | Whether to use nextcloud's recommended nginx config | `true` | +| `nginx.config.custom` | Specify a custom config for nginx | `{}` | +| `nginx.resources` | nginx resources | `{}` | +| `nginx.securityContext` | Optional security context for the nginx container | `nil` | +| `lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | +| `lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | +| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | +| `internalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.enabled` | Whether to use external database | `false` | +| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` | +| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` | +| `externalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.user` | Existing username in the external db | `nextcloud` | +| `externalDatabase.password` | Password for the above username | `nil` | +| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` | +| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` | +| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | +| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | +| `mariadb.enabled` | Whether to use the MariaDB chart | `false` | +| `mariadb.auth.database` | Database name to create | `nextcloud` | +| `mariadb.auth.password` | Password for the database | `changeme` | +| `mariadb.auth.username` | Database user to create | `nextcloud` | +| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` | +| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` | +| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` | +| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` | +| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` | +| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` | +| `redis.enabled` | Whether to install/use redis for locking | `false` | +| `redis.auth.enabled` | Whether to enable password authentication with redis | `true` | +| `redis.auth.password` | The password redis uses | `''` | +| `cronjob.enabled` | Whether to enable/disable cronjob | `false` | +| `cronjob.lifecycle.postStartCommand` | Specify deployment lifecycle hook postStartCommand | `nil` | +| `cronjob.lifecycle.preStopCommand` | Specify deployment lifecycle hook preStopCommand | `nil` | +| `cronjob.securityContext` | Optional security context for cronjob | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `nil` | +| `service.nodePort` | NodePort for service type NodePort | `nil` | +| `persistence.enabled` | Enable persistence using PVC | `false` | +| `persistence.annotations` | PVC annotations | `{}` | +| `persistence.storageClass` | PVC Storage Class for nextcloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.existingClaim` | An Existing PVC name for nextcloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | PVC Access Mode for nextcloud volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for nextcloud volume | `8Gi` | +| `persistence.nextcloudData.enabled` | Create a second PVC for the data folder in nextcloud | `false` | +| `persistence.nextcloudData.annotations` | see `persistence.annotations` | `{}` | +| `persistence.nextcloudData.storageClass` | see `persistence.storageClass` | `nil` (uses alpha storage class annotation) | +| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim` | `nil` (uses alpha storage class annotation) | +| `persistence.nextcloudData.accessMode` | see `persistence.accessMode` | `ReadWriteOnce` | +| `persistence.nextcloudData.size` | see `persistence.size` | `8Gi` | +| `phpClientHttpsFix.enabled` | Sets OVERWRITEPROTOCOL for https ingress redirect | `false` | +| `phpClientHttpsFix.protocol` | Sets OVERWRITEPROTOCOL for https ingress redirect | `https` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `rbac.enabled` | Enable Role and rolebinding for priveledged PSP | `false` | +| `rbac.serviceaccount.create` | Wether to create a serviceaccount or use an existing one (requires rbac) | `true` | +| `rbac.serviceaccount.name` | The name of the sevice account that the deployment will use (requires rbac) | `nextcloud-serviceaccount` | +| `rbac.serviceaccount.annotations` | Serviceaccount annotations | `{}` | +| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `startupProbe.enabled` | Turn on and off startup probe | `false` | +| `startupProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | +| `startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe | `30` | +| `startupProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `hpa.enabled` | Boolean to create a HorizontalPodAutoscaler | `false` | +| `hpa.cputhreshold` | CPU threshold percent for the HorizontalPodAutoscale | `60` | +| `hpa.minPods` | Min. pods for the Nextcloud HorizontalPodAutoscaler | `1` | +| `hpa.maxPods` | Max. pods for the Nextcloud HorizontalPodAutoscaler | `10` | +| `deploymentLabels` | Labels to be added at 'deployment' level | not set | +| `deploymentAnnotations` | Annotations to be added at 'deployment' level | not set | +| `podLabels` | Labels to be added at 'pod' level | not set | +| `podAnnotations` | Annotations to be added at 'pod' level | not set | +| `metrics.enabled` | Start Prometheus metrics exporter | `false` | +| `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) | +| `metrics.token` | Uses token for auth instead of username/password | `""` | +| `metrics.timeout` | When the scrape times out | `5s` | +| `metrics.tlsSkipVerify` | Skips certificate verification of Nextcloud server | `false` | +| `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` | +| `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.5.1` | +| `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` | +| `metrics.podAnnotations` | Additional annotations for metrics exporter | not set | +| `metrics.podLabels` | Additional labels for metrics exporter | not set | +| `metrics.service.type` | Metrics: Kubernetes Service type | `ClusterIP` | +| `metrics.service.loadBalancerIP` | Metrics: LoadBalancerIp for service type LoadBalancer | `nil` | +| `metrics.service.nodePort` | Metrics: NodePort for service type NodePort | `nil` | +| `metrics.service.annotations` | Additional annotations for service metrics exporter | `{prometheus.io/scrape: "true", prometheus.io/port: "9205"}` | +| `metrics.service.labels` | Additional labels for service metrics exporter | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus | `` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{} | > **Note**: > From 85a25cca65610eab7c621b54c7df1a9cb883e224 Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Wed, 25 Jan 2023 14:38:45 +0100 Subject: [PATCH 18/26] Bumping the chart version for #337 Signed-off-by: Jesse Hitch --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index bd366da3..1609359c 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.4.1 +version: 3.4.3 appVersion: 25.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: From 50c36e5b210c9e08bfc6750c5723154a97602f73 Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Thu, 26 Jan 2023 22:50:55 +0100 Subject: [PATCH 19/26] adding issue templates Signed-off-by: Jesse Hitch --- .github/ISSUE_TEMPLATE/enhancement.md | 25 ++++++++++++++++++++ .github/ISSUE_TEMPLATE/issue.md | 34 +++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/enhancement.md create mode 100644 .github/ISSUE_TEMPLATE/issue.md diff --git a/.github/ISSUE_TEMPLATE/enhancement.md b/.github/ISSUE_TEMPLATE/enhancement.md new file mode 100644 index 00000000..5471e705 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement.md @@ -0,0 +1,25 @@ +--- +name: "Enhancement" +about: "Suggest an enhancement for this project ✨" +title: "Feature: A cool new feature..." +labels: "enhancement" +assignees: '' + +--- +## Description of the change + + + +## Benefits + + + +## Possible drawbacks + + + +## Additional information + + + + diff --git a/.github/ISSUE_TEMPLATE/issue.md b/.github/ISSUE_TEMPLATE/issue.md new file mode 100644 index 00000000..2af94f1f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/issue.md @@ -0,0 +1,34 @@ +--- +name: "General Issue" +about: "Create an issue to report something not working." +title: "A descriptive title of the issue" +labels: '' +assignees: '' + +--- + +## Describe your Issue + + +### Logs and Errors + + + + +## Describe your Environment + +- Kubernetes distribution: + +- Helm Version (or App that manages helm): + +- Helm Chart Version: + +- `values.yaml`: + +```yaml +# paste your values.yaml (anonymize any sensitive data) +``` + +## Additional context, if any + + From 4dad5f4002dd64aefaccfeb62f5520248872f24a Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Thu, 26 Jan 2023 22:52:16 +0100 Subject: [PATCH 20/26] ignore future changes to the issues templates or pull request templates for the helm release Signed-off-by: Jesse Hitch --- .github/workflows/lint-test.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 03c6ecf8..9cc507a5 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -6,6 +6,8 @@ on: - 'README.md' - 'charts/**/README.md' - 'LICENSE' + - '.github/ISSUE_TEMPLATE/**' + - '.github/pull_request_template.md' jobs: lint-test: @@ -14,7 +16,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - fetch-depth: 0 + fetch-depth: 0 - name: Install Helm uses: azure/setup-helm@v3.1 From 9d09dc272dc5fd9e089e2aa67d6fb2c3e1557d0a Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Thu, 26 Jan 2023 23:32:30 +0100 Subject: [PATCH 21/26] Add links discussions, issues in readme; add code of conduct Signed-off-by: Jesse Hitch --- CODE_OF_CONDUCT.md | 9 +++++++++ README.md | 14 ++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..d9060072 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,9 @@ +In the Nextcloud community, participants from all over the world come together to create Free Software for a free internet. This is made possible by the support, hard work and enthusiasm of thousands of people, including those who create and use Nextcloud software. + +Our code of conduct offers some guidance to ensure Nextcloud participants can cooperate effectively in a positive and inspiring atmosphere, and to explain how together we can strengthen and support each other. + +The Code of Conduct is shared by all contributors and users who engage with the Nextcloud team and its community services. It presents a summary of the shared values and “common sense” thinking in our community. + +You can find our full code of conduct on our website: https://nextcloud.com/code-of-conduct/ + +Please, keep our CoC in mind when you contribute! That way, everyone can be a part of our community in a productive, positive, creative and fun way. diff --git a/README.md b/README.md index 50b3a3b1..ecfdf5ff 100644 --- a/README.md +++ b/README.md @@ -18,3 +18,17 @@ helm repo update ```bash helm install my-release nextcloud/nextcloud ``` + +For more information, please checkout the chart level [README.md](./helm/charts/nextcloud/README.md). + +### Support and Contribution +Please also review the official [NextCloud Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/) before contributing. + +#### Questions and Discussions +[GitHub Discussion](https://github.com/nextcloud/helm/discussions) + +#### Bugs and other Issues +If you have a bug to report or a feature to request, you can first search the [GitHub Issues](https://github.com/nextcloud/helm/issues), and if you can't find what you're looking for, feel free to open an issue. + +#### Contributing to the Code +We're always happy to review a pull request :) Please just be sure to check the pull request template to make sure you fufill all the required checks, most importantly the [DCO](https://probot.github.io/apps/dco/). From 9869903714ae402984d8ed9145f0ba0609c8ecdc Mon Sep 17 00:00:00 2001 From: Jesse Hitch Date: Thu, 26 Jan 2023 23:40:01 +0100 Subject: [PATCH 22/26] add code of conduct to ignore for lint-test workflow Signed-off-by: Jesse Hitch --- .github/workflows/lint-test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 9cc507a5..75ba95f4 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -8,6 +8,7 @@ on: - 'LICENSE' - '.github/ISSUE_TEMPLATE/**' - '.github/pull_request_template.md' + - 'CODE_OF_CONDUCT.md' jobs: lint-test: From bf38cc0c526f78ea38cf39dd315a8fdde1bdf5bc Mon Sep 17 00:00:00 2001 From: tmm1234 <75389007+tmm1234@users.noreply.github.com> Date: Fri, 27 Jan 2023 14:59:59 +0100 Subject: [PATCH 23/26] fixes typo Signed-off-by: tmm1234 <75389007+tmm1234@users.noreply.github.com> --- charts/nextcloud/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 155d18ae..75206d08 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -12,7 +12,7 @@ nameOverride: "" fullnameOverride: "" podAnnotations: {} deploymentAnnotations: {} -deplomentLabels: +deploymentLabels: {} # Number of replicas to be deployed replicaCount: 1 From 2d664b7b2b8dc1db90c086d52de78df209855740 Mon Sep 17 00:00:00 2001 From: tmm1234 <75389007+tmm1234@users.noreply.github.com> Date: Fri, 27 Jan 2023 15:01:44 +0100 Subject: [PATCH 24/26] bumps chart version Signed-off-by: tmm1234 <75389007+tmm1234@users.noreply.github.com> --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 9f4321d3..01ef64c3 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.1.1 +version: 3.1.2 appVersion: 24.0.4 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: From 131163b7e09cc44ea7bde760e56f4a04dfcaea6e Mon Sep 17 00:00:00 2001 From: Joshua Gleitze Date: Thu, 3 Feb 2022 21:53:54 +0100 Subject: [PATCH 25/26] document correct defaults for externalDatabase.existingSecret.usernameKey and .passwordKey Signed-off-by: Joshua Gleitze --- charts/nextcloud/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 783893da..d7b8038e 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -257,8 +257,8 @@ externalDatabase: existingSecret: enabled: false # secretName: nameofsecret - # usernameKey: username - # passwordKey: password + # usernameKey: db-username + # passwordKey: db-password ## ## MariaDB chart configuration From d2587c24318cf6ee7ae00682916e5badefe61ffb Mon Sep 17 00:00:00 2001 From: Joshua Gleitze Date: Thu, 3 Feb 2022 22:00:31 +0100 Subject: [PATCH 26/26] document correct defaults for nextcloud.existingSecret Signed-off-by: Joshua Gleitze --- charts/nextcloud/Chart.yaml | 2 +- charts/nextcloud/values.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 5c99ef15..650a761d 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 3.4.4 +version: 3.4.5 appVersion: 25.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index d7b8038e..4fca55b7 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -78,11 +78,11 @@ nextcloud: existingSecret: enabled: false # secretName: nameofsecret - # usernameKey: username - # passwordKey: password - # tokenKey: serverinfo_token - # smtpUsernameKey: smtp_username - # smtpPasswordKey: smtp_password + # usernameKey: nextcloud-username + # passwordKey: nextcloud-password + # tokenKey: nextcloud-token + # smtpUsernameKey: smtp-username + # smtpPasswordKey: smtp-password update: 0 # If web server is not binding default port, you can define it # containerPort: 8080