Added nextcloud
This commit is contained in:
@@ -0,0 +1,101 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: nextcloud-main-chart
|
||||
namespace: {{ .Values.argocd.namespace }}
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "0"
|
||||
notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
|
||||
spec:
|
||||
project: {{ .Values.argocd.project }}
|
||||
source:
|
||||
repoURL: "https://nextcloud.github.io/helm"
|
||||
chart: nextcloud
|
||||
targetRevision: 6.x
|
||||
helm:
|
||||
releaseName: nextcloud
|
||||
valuesObject:
|
||||
image:
|
||||
flavor: fpm
|
||||
replicaCount: {{ .Values.nextcloud.replicaCount }}
|
||||
ingress:
|
||||
enabled: true
|
||||
className: nginx
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/server-snippet: |-
|
||||
server_tokens off;
|
||||
proxy_hide_header X-Powered-By;
|
||||
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
|
||||
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
|
||||
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.nextcloud.url }}
|
||||
secretname: nextcloud-cert
|
||||
nextcloud:
|
||||
host: {{ .Values.nextcloud.url }}
|
||||
existingSecret:
|
||||
enabled: true
|
||||
secretName: nextcloud-user
|
||||
usernameKey: nc-admin-username
|
||||
passwordKey: nc-admin-password
|
||||
trustedDomains: {{ .Values.nextcloud.trustedDomains }}
|
||||
# extraInitContainers - might be useful to make sure the LUKS secret is present
|
||||
nginx:
|
||||
enabled: true
|
||||
redis:
|
||||
enabled: true
|
||||
auth:
|
||||
enabled: false
|
||||
cronjob:
|
||||
enabled: true
|
||||
internalDatabase:
|
||||
enabled: false
|
||||
externalDatabase:
|
||||
enabled: true
|
||||
type: postgresql
|
||||
host: "nextcloud-db-rw:5432"
|
||||
existingSecret:
|
||||
enabled: true
|
||||
secretName: nextcloud-db-app
|
||||
usernameKey: user
|
||||
passwordKey: password
|
||||
databaseKey: dbname
|
||||
persistence:
|
||||
enabled: true
|
||||
existingClaim: {{ .Values.nextcloud.configPvc.name }}
|
||||
nextcloudData:
|
||||
enabled: true
|
||||
existingClaim: {{ .Values.dataPvc.name }}
|
||||
destination:
|
||||
server: https://kubernetes.default.svc # Targeting the current Kubernetes cluster
|
||||
namespace: {{ .Values.mainNamespace }}
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true # Automatically remove resources no longer in the repo
|
||||
selfHeal: true # Automatically self-heal when drift is detected
|
||||
syncOptions:
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- ServerSideApply=true
|
||||
- CreateNamespace=true
|
||||
@@ -0,0 +1,48 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: nc-syncthing-requirements
|
||||
namespace: {{ .Values.argocd.namespace }}
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "-1"
|
||||
notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
|
||||
spec:
|
||||
project: {{ .Values.argocd.project }}
|
||||
source:
|
||||
repoURL: "https://git.blarre.net/thomas/helm-charts.git"
|
||||
targetRevision: HEAD
|
||||
path: nextcloud-syncthing-requirements
|
||||
helm:
|
||||
releaseName: nc-syncthing-requirements
|
||||
valuesObject:
|
||||
nextcloud:
|
||||
enable: {{ .Values.nextcloud.enable }}
|
||||
dbCluster:
|
||||
numInstances: {{ .Values.nextcloud.dbCluster.numInstances }}
|
||||
size: {{ .Values.nextcloud.dbCluster.size }}
|
||||
configPvc:
|
||||
name: {{ .Values.nextcloud.configPvc.name }}
|
||||
storageClassName: {{ .Values.nextcloud.configPvc.storageClassName }}
|
||||
size: {{ .Values.nextcloud.configPvc.size }}
|
||||
syncthing:
|
||||
enable: {{ .Values.syncthing.enable }}
|
||||
configPvc:
|
||||
name: {{ .Values.syncthing.configPvc.name }}
|
||||
storageClassName: {{ .Values.syncthing.configPvc.storageClassName }}
|
||||
size: {{ .Values.syncthing.configPvc.size }}
|
||||
dataPvc:
|
||||
name: {{ .Values.dataPvc.name }}
|
||||
createEncryptedPvc: {{ .Values.dataPvc.createEncryptedPvc }}
|
||||
storageClassName: {{ .Values.dataPvc.storageClassName }}
|
||||
size: {{ .Values.dataPvc.size }}
|
||||
destination:
|
||||
server: {{ .Values.mainDestination }}
|
||||
namespace: {{ .Values.mainNamespace }}
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true # Automatically remove resources no longer in the repo
|
||||
selfHeal: true # Automatically self-heal when drift is detected
|
||||
syncOptions:
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- ServerSideApply=true
|
||||
- CreateNamespace=true
|
||||
@@ -0,0 +1,28 @@
|
||||
argocd:
|
||||
namespace: argocd
|
||||
project: default
|
||||
|
||||
nextcloud:
|
||||
enable: true
|
||||
dbCluster:
|
||||
numInstances: 3
|
||||
size: 4Gi
|
||||
configPvc:
|
||||
name: nextcloud-config-pvc
|
||||
storageClassName: default
|
||||
size: 1Gi
|
||||
replicaCount: 1
|
||||
url: nextcloud.domain.net
|
||||
trustedDomains: office.domain.net
|
||||
|
||||
syncthing:
|
||||
enable: true
|
||||
configPvc:
|
||||
storageClassName: default
|
||||
size: 100Mi
|
||||
|
||||
dataPvc:
|
||||
name: data-pvc
|
||||
createEncryptedPvc: true
|
||||
storageClassName: linode-block-storage-retain-luks
|
||||
size: 40Gi
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- if .Values.dataPvc.createEncryptedPvc -}}
|
||||
allowVolumeExpansion: true
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: linode-block-storage-retain-luks
|
||||
namespace: kube-system
|
||||
provisioner: linodebs.csi.linode.com
|
||||
reclaimPolicy: Retain
|
||||
parameters:
|
||||
linodebs.csi.linode.com/luks-encrypted: "true"
|
||||
linodebs.csi.linode.com/luks-cipher: "aes-xts-plain64"
|
||||
linodebs.csi.linode.com/luks-key-size: "512"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: luks-keys
|
||||
csi.storage.k8s.io/node-stage-secret-name: nc-syncthing-data-luks-key
|
||||
{{- end }}
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: data
|
||||
name: {{ .Values.dataPvc.name }}
|
||||
spec:
|
||||
storageClassName: {{ .Values.dataPvc.storageClassName }}
|
||||
accessModes:
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-config-pvc
|
||||
name: {{ .Values.nextcloud.configPvc.name }}
|
||||
spec:
|
||||
storageClassName: {{ .Values.nextcloud.configPvc.storageClassName }}
|
||||
accessModes:
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: syncthing-config-pvc
|
||||
name: {{ .Values.syncthing.configPvc.name }}
|
||||
spec:
|
||||
storageClassName: {{ .Values.syncthing.configPvc.storageClassName }}
|
||||
accessModes:
|
||||
|
||||
@@ -4,15 +4,19 @@ nextcloud:
|
||||
numInstances: 3
|
||||
size: 4Gi
|
||||
configPvc:
|
||||
name: nextcloud-config-pvc
|
||||
storageClassName: default
|
||||
size: 1Gi
|
||||
|
||||
syncthing:
|
||||
enable: true
|
||||
configPvc:
|
||||
name: syncthing-config-pvc
|
||||
storageClassName: default
|
||||
size: 100Mi
|
||||
|
||||
dataPvc:
|
||||
storageClassName: default
|
||||
size: 100Mi
|
||||
name: data-pvc
|
||||
createEncryptedPvc: true
|
||||
storageClassName: linode-block-storage-retain-luks
|
||||
size: 40Gi
|
||||
Reference in New Issue
Block a user