## Official nextcloud image version ## ref: https://hub.docker.com/r/library/nextcloud/tags/ ## image: repository: nextcloud tag: 22.2.3-fpm-alpine pullPolicy: IfNotPresent # pullSecrets: # - myRegistrKeySecretName nameOverride: "" fullnameOverride: "" podAnnotations: {} deploymentAnnotations: {} # Number of replicas to be deployed replicaCount: 1 ## Allowing use of ingress controllers ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: enabled: true annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" cert-manager.io/cluster-issuer: letsencrypt-production-issuer # nginx.ingress.kubernetes.io/proxy-body-size: 4G # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: letsencrypt-prod # nginx.ingress.kubernetes.io/server-snippet: |- # server_tokens off; # proxy_hide_header X-Powered-By; # rewrite ^/.well-known/webfinger /public.php?service=webfinger last; # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; # location = /.well-known/carddav { # return 301 $scheme://$host/remote.php/dav; # } # location = /.well-known/caldav { # return 301 $scheme://$host/remote.php/dav; # } # location = /robots.txt { # allow all; # log_not_found off; # access_log off; # } # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { # deny all; # } # location ~ ^/(?:autotest|occ|issue|indie|db_|console) { # deny all; # } tls: - secretName: ncdroe-tls-le hosts: - nc.droe.dialbox.cloud labels: {} path: / pathType: Prefix # Allow configuration of lifecycle hooks # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ lifecycle: {} # postStartCommand: [] # preStopCommand: [] nextcloud: host: nc.droe.dialbox.cloud username: admin password: oghoo0ahdiuraedai3vig0shiequieGh ## Use an existing secret existingSecret: enabled: false # secretName: nameofsecret # usernameKey: username # passwordKey: password # tokenKey: serverinfo_token # smtpUsernameKey: smtp_username # smtpPasswordKey: smtp_password update: 0 # If web server is not binding default port, you can define it # containerPort: 8080 datadir: /var/www/html/data persistence: subPath: mail: enabled: enable fromAddress: nc.droe domain: dialbox.cloud smtp: host: exim.exim.svc.cluster.local secure: None port: 25 authtype: None # PHP Configuration files # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true phpConfigs: {} # Default config files # IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself # Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config defaultConfigs: # To protect /var/www/html/config .htaccess: true # Redis default configuration redis.config.php: false # Apache configuration for rewrite urls apache-pretty-urls.config.php: true # Define APCu as local cache apcu.config.php: true # Apps directory configs apps.config.php: true # Used for auto configure database autoconfig.php: true # SMTP default configuration smtp.config.php: true # Extra config files created in /var/www/html/config/ # ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file #configs: {} # For example, to use S3 as primary storage # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3 # configs: https.config.php: |- "https://nc.droe.dialbox.cloud", 'overwritehost' => "nc.droe.dialbox.cloud", 'overwriteprotocol' => 'https', 'config_is_read_only' => true ); skeleton.config.php: |- '/var/www/sapian-skeleton', ); awss3.config.php: |- array( 'class' => '\\OC\\Files\\ObjectStore\\S3', 'arguments' => array( 'bucket' => 'nc.droe.dialbox.cloud', 'autocreate' => true, 'key' => 'AKIAVWWRY6JXNZZZLDEV', 'secret' => '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', 'region' => 'us-east-1', 'use_ssl' => true ) ) ); # s3.config.php: |- # array( # 'class' => '\\OC\\Files\\ObjectStore\\S3', # 'arguments' => array( # 'bucket' => 'ncdroe', # 'autocreate' => true, # 'key' => '9PP2CL82W57QNI9YOOWC', # 'secret' => 'xOqSTmmSagkZXprsQDBwqzxWUQQC6MXRLMADpdHI', # 'region' => 'optional', # 'use_ssl' => false, # 'hostname' => 'ceph-radosgw.cur.sapian.local', # 'port' => 80, # 'use_path_style' => true # ) # ) # ); ## Strategy used to replace old pods ## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy strategy: type: Recreate # type: RollingUpdate # rollingUpdate: # maxSurge: 1 # maxUnavailable: 0 ## ## Extra environment variables extraEnv: - name: PHP_MEMORY_LIMIT value: 512M # - name: SOME_SECRET_ENV # valueFrom: # secretKeyRef: # name: nextcloud # key: secret_key # Extra mounts for the pods. Example shown is for connecting a legacy NFS volume # to NextCloud pods in Kubernetes. This can then be configured in External Storage extraVolumes: # - name: nfs # nfs: # server: "10.0.0.1" # path: "/nextcloud_data" # readOnly: false extraVolumeMounts: # - name: nfs # mountPath: "/legacy_data" # Extra secuurityContext parameters. For example you may need to define runAsNonRoot directive # extraSecurityContext: # runAsUser: "33" # runAsGroup: "33" # runAsNonRoot: true # readOnlyRootFilesystem: true nginx: ## You need to set an fpm version of the image for nextcloud if you want to use nginx! enabled: true image: repository: nginx tag: alpine pullPolicy: IfNotPresent config: # This generates the default nginx config as per the nextcloud documentation default: true # custom: |- # worker_processes 1;.. resources: {} internalDatabase: enabled: false name: nextcloud ## ## External database configuration ## externalDatabase: enabled: true ## Supported database engines: mysql or postgresql type: postgresql ## Database host host: pg-primary.dbs.svc.cluster.local ## Database user user: ncdroe ## Database password password: "P+G*6oR4U4^iApjz{t+aJ/7o" ## Database name database: ncdroe ## Use a existing secret existingSecret: enabled: false # secretName: nameofsecret # usernameKey: username # passwordKey: password ## ## MariaDB chart configuration ## mariadb: ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters enabled: false auth: database: nextcloud username: nextcloud password: changeme architecture: standalone ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## primary: persistence: enabled: false # storageClass: "" accessMode: ReadWriteOnce size: 8Gi ## ## PostgreSQL chart configuration ## for more options see https://github.com/bitnami/charts/tree/master/bitnami/postgresql ## postgresql: enabled: false postgresqlUsername: nextcloud postgresqlPassword: changeme postgresqlDatabase: nextcloud persistence: enabled: false # storageClass: "" ## ## Redis chart configuration ## for more options see https://github.com/bitnami/charts/tree/master/bitnami/redis ## redis: enabled: false auth: enabled: false password: 'changeme' ## Cronjob to execute Nextcloud background tasks ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#webcron ## cronjob: enabled: false # Nexcloud image is used as default but only curl is needed image: {} # repository: nextcloud # tag: 16.0.3-apache # pullPolicy: IfNotPresent # pullSecrets: # - myRegistrKeySecretName # Every 5 minutes # Note: Setting this to any any other value than 5 minutes might # cause issues with how nextcloud background jobs are executed schedule: "*/5 * * * *" annotations: {} # Set curl's insecure option if you use e.g. self-signed certificates curlInsecure: false failedJobsHistoryLimit: 5 successfulJobsHistoryLimit: 2 # If not set, nextcloud deployment one will be set resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 300m memory: 512Mi requests: cpu: 100m memory: 256Mi # If not set, nextcloud deployment one will be set # nodeSelector: {} # If not set, nextcloud deployment one will be set # tolerations: [] # If not set, nextcloud deployment one will be set # affinity: {} service: type: ClusterIP port: 8080 loadBalancerIP: nil nodePort: nil ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: # Nextcloud Data (/var/www/html) enabled: true annotations: {} ## nextcloud data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "longhorn-ssdnodes-seattle" ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: accessMode: ReadWriteMany size: 11Gi ## Use an additional pvc for the data directory rather than a subpath of the default PVC ## Useful to store data on a different storageClass (e.g. on slower disks) nextcloudData: enabled: false subPath: annotations: {} # storageClass: "-" # existingClaim: accessMode: ReadWriteOnce size: 8Gi resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 300m memory: 512Mi requests: cpu: 100m memory: 256Mi ## Liveness and readiness probe values ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: false initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 readinessProbe: enabled: false initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 startupProbe: enabled: false initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 30 successThreshold: 1 ## Enable pod autoscaling using HorizontalPodAutoscaler ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## hpa: enabled: false cputhreshold: 60 minPods: 1 maxPods: 10 nodeSelector: {} tolerations: [] affinity: {} ## Prometheus Exporter / Metrics ## metrics: enabled: true replicaCount: 1 # The metrics exporter needs to know how you serve Nextcloud either http or https https: false # Use API token if set, otherwise fall back to password authentication # https://github.com/xperimental/nextcloud-exporter#token-authentication # Currently you still need to set the token manually in your nextcloud install token: "" timeout: 5s image: repository: xperimental/nextcloud-exporter tag: 0.5.1 pullPolicy: IfNotPresent ## Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## # resources: {} ## Metrics exporter pod Annotation and Labels # podAnnotations: {} # podLabels: {} service: type: ClusterIP ## Use serviceLoadBalancerIP to request a specific static IP, ## otherwise leave blank # loadBalancerIP: annotations: prometheus.io/scrape: "true" prometheus.io/port: "9205" labels: {} ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## namespace: "" ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## interval: 30s ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## scrapeTimeout: "" ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor ## labels: {} rbac: enabled: false serviceaccount: create: true name: nextcloud-serviceaccount annotations: {}