Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2023-02-15 13:38:43 +00:00
parent 6fbddb1eb3
commit 7463e93bd1
53 changed files with 3195 additions and 20 deletions

View File

@ -1,9 +0,0 @@
## [prometheus-7.0.54](https://github.com/truecharts/charts/compare/prometheus-7.0.53...prometheus-7.0.54) (2023-02-14)
### Chore
- update container image tccr.io/truecharts/thanos to 0.30.2

View File

@ -4,6 +4,15 @@
## [prometheus-7.0.55](https://github.com/truecharts/charts/compare/prometheus-7.0.54...prometheus-7.0.55) (2023-02-15)
### Chore
- update container image tccr.io/truecharts/alertmanager to 0.25.0
## [prometheus-7.0.54](https://github.com/truecharts/charts/compare/prometheus-7.0.53...prometheus-7.0.54) (2023-02-14)
### Chore
@ -88,12 +97,3 @@
## [prometheus-7.0.45](https://github.com/truecharts/charts/compare/prometheus-7.0.44...prometheus-7.0.45) (2023-01-24)
### Chore
- update container image tccr.io/truecharts/alertmanager to 0.25.0
- update container image tccr.io/truecharts/thanos to 0.30.1
- update container image tccr.io/truecharts/prometheus to 2.41.0

View File

@ -30,7 +30,7 @@ sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 7.0.54
version: 7.0.55
annotations:
truecharts.org/catagories: |
- metrics

View File

@ -0,0 +1,9 @@
## [prometheus-7.0.55](https://github.com/truecharts/charts/compare/prometheus-7.0.54...prometheus-7.0.55) (2023-02-15)
### Chore
- update container image tccr.io/truecharts/alertmanager to 0.25.0

View File

@ -8,7 +8,7 @@ thanosImage:
alertmanagerImage:
repository: tccr.io/truecharts/alertmanager
tag: 0.25.0@sha256:8683a2dc95a193518575ae95a5048b99682de6d8d4abb1caf732d3ce4c8e622d
tag: 0.25.0@sha256:099e1971a4f8aaa95a8096bb849b69cf5e08022efaad603ccdfc40c939e02d69
global:
labels: {}

View File

@ -0,0 +1,99 @@
**Important:**
*for the complete changelog, please refer to the website*
## [nextcloud-19.0.47](https://github.com/truecharts/charts/compare/nextcloud-19.0.46...nextcloud-19.0.47) (2023-02-15)
### Chore
- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.3
## [nextcloud-19.0.46](https://github.com/truecharts/charts/compare/nextcloud-19.0.45...nextcloud-19.0.46) (2023-02-10)
### Fix
- ensure new helm deps repo is used in latest releases as well.
## [nextcloud-19.0.45](https://github.com/truecharts/charts/compare/nextcloud-19.0.44...nextcloud-19.0.45) (2023-02-03)
### Chore
- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.3
## [nextcloud-19.0.44](https://github.com/truecharts/charts/compare/nextcloud-19.0.43...nextcloud-19.0.44) (2023-01-31)
### Chore
- update helm general non-major
## [nextcloud-19.0.43](https://github.com/truecharts/charts/compare/nextcloud-19.0.42...nextcloud-19.0.43) (2023-01-24)
### Chore
- update helm general non-major ([#6689](https://github.com/truecharts/charts/issues/6689))
## [nextcloud-19.0.42](https://github.com/truecharts/charts/compare/nextcloud-19.0.41...nextcloud-19.0.42) (2023-01-24)
### Chore
- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.3
## [nextcloud-19.0.41](https://github.com/truecharts/charts/compare/nextcloud-19.0.40...nextcloud-19.0.41) (2023-01-23)
### Chore
- update helm general non-major
## [nextcloud-19.0.40](https://github.com/truecharts/charts/compare/nextcloud-19.0.39...nextcloud-19.0.40) (2023-01-18)
### Chore
- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.3
## [nextcloud-19.0.39](https://github.com/truecharts/charts/compare/nextcloud-19.0.38...nextcloud-19.0.39) (2023-01-17)
### Chore
- update helm general non-major ([#6430](https://github.com/truecharts/charts/issues/6430))
## [nextcloud-19.0.38](https://github.com/truecharts/charts/compare/nextcloud-19.0.37...nextcloud-19.0.38) (2023-01-14)
### Fix
- set correct path to permissions toolkit ([#6374](https://github.com/truecharts/charts/issues/6374))
## [nextcloud-19.0.37](https://github.com/truecharts/charts/compare/nextcloud-19.0.36...nextcloud-19.0.37) (2023-01-07)
### Chore

View File

@ -0,0 +1,45 @@
apiVersion: v2
appVersion: "25.0.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
- condition: postgresql.enabled
name: postgresql
repository: https://deps.truecharts.org/
version: 11.0.22
- condition: collabora.enabled
name: collabora-online
repository: https://deps.truecharts.org/
version: 14.0.15
- condition: redis.enabled
name: redis
repository: https://deps.truecharts.org
version: 5.0.29
deprecated: false
description: A private cloud server that puts the control and security of your own data back into your hands.
home: https://truecharts.org/charts/stable/nextcloud
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
keywords:
- nextcloud
- storage
- http
- web
- php
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: nextcloud
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud
- https://github.com/nextcloud/docker
- https://github.com/nextcloud/helm
type: application
version: 19.0.47
annotations:
truecharts.org/catagories: |
- cloud
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

View File

@ -0,0 +1,9 @@
## [nextcloud-19.0.47](https://github.com/truecharts/charts/compare/nextcloud-19.0.46...nextcloud-19.0.47) (2023-02-15)
### Chore
- update container image tccr.io/truecharts/nginx-unprivileged to 1.23.3

View File

@ -0,0 +1,8 @@
A private cloud server that puts the control and security of your own data back into your hands.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/nextcloud](https://truecharts.org/charts/stable/nextcloud)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,445 @@
image:
repository: tccr.io/truecharts/nextcloud-fpm
pullPolicy: IfNotPresent
tag: 25.0.2@sha256:59e6d2be5139cdeb030a095fb92b97e01d7d53071dc34b487956065a385d3a32
nginxImage:
repository: tccr.io/truecharts/nginx-unprivileged
pullPolicy: IfNotPresent
tag: 1.23.3@sha256:45fe44da116dbb54245d4a461d498371ddac4960c2f0a45aff80a745d332c44a
imaginaryImage:
repository: h2non/imaginary
pullPolicy: IfNotPresent
tag: 1.2.4@sha256:7facb4221047a5e79b9e902f380247f4e5bf4376400d0badbeb738d3e1c2f654
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 33
service:
main:
ports:
main:
port: 10020
targetPort: 8080
backend:
enabled: true
ports:
hpb:
enabled: true
port: 7867
targetPort: 7867
hpb-metrics:
enabled: true
port: 7868
targetPort: 7868
fpm:
enabled: true
port: 9000
targetPort: 9000
imaginary:
enabled: true
port: 9090
targetPort: 9090
hostAliases:
- ip: '{{ .Values.env.AccessIP | default "127.0.0.1" }}'
hostnames:
- "{{ if .Values.ingress.main.enabled }}{{ with (first .Values.ingress.main.hosts) }}{{ .host }}{{ end }}{{ else }}placeholder.fakedomain.dns{{ end }}"
secretEnv:
NEXTCLOUD_ADMIN_USER: "admin"
NEXTCLOUD_ADMIN_PASSWORD: "adminpass"
probes:
liveness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
readiness:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
startup:
custom: true
spec:
initialDelaySeconds: 25
httpGet:
path: /status.php
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initContainers:
prestart:
image: "{{ .Values.alpineImage.repository }}:{{ .Values.alpineImage.tag }}"
securityContext:
runAsUser: 0
runAsGroup: 0
command:
- "/bin/sh"
- "-c"
- |
/bin/sh <<'EOF'
echo "Forcing permissions on userdata folder..."
echo "Trying to override ownship using nfs4xdr_winacl..."
/usr/sbin/nfs4xdr_winacl -a chown -G 33 -c '/var/www/html/data' -p '/var/www/html/data' || echo "Failed setting ownership..."
chmod 770 /var/www/html/data || echo "Failed to chmod..."
EOF
volumeMounts:
- name: data
mountPath: "/var/www/html/data"
- name: html
mountPath: "/var/www/html"
env:
# IP used for exposing nextcloud
# Often the service or nodePort IP
# Defaults to the main serviceName for CI purposes.
AccessIP:
NEXTCLOUD_INIT_HTACCESS: true
PHP_MEMORY_LIMIT: 1G
PHP_UPLOAD_LIMIT: 10G
NEXTCLOUD_CHUNKSIZE: "31457280"
TRUSTED_PROXIES: "172.16.0.0/16 127.0.0.1"
POSTGRES_DB: "{{ .Values.postgresql.postgresqlDatabase }}"
POSTGRES_USER: "{{ .Values.postgresql.postgresqlUsername }}"
NC_check_data_directory_permissions: "true"
POSTGRES_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
POSTGRES_HOST:
secretKeyRef:
name: dbcreds
key: plainporthost
REDIS_HOST:
secretKeyRef:
name: rediscreds
key: plainhost
REDIS_HOST_PASSWORD:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
persistence:
html:
enabled: true
mountPath: "/var/www/html"
data:
enabled: true
mountPath: "/var/www/html/data"
varrun:
enabled: true
cache:
enabled: true
type: emptyDir
mountPath: /var/cache/nginx
medium: Memory
nginx:
enabled: "true"
mountPath: "/etc/nginx"
noMount: true
readOnly: true
type: "custom"
volumeSpec:
configMap:
name: '{{ include "tc.common.names.fullname" . }}-nginx'
items:
- key: nginx.conf
path: nginx.conf
configmap:
nginx:
enabled: true
data:
nginx.conf: |-
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 8080;
absolute_redirect off;
# Forward Notify_Push "High Performance Backend" to it's own container
location ^~ /push/ {
proxy_pass http://127.0.0.1:7867/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size {{ .Values.env.PHP_UPLOAD_LIMIT | default "512M" }};
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# according to the documentation these two lines are not necessary, but some users are still recieving errors
location = /.well-known/webfinger { return 301 /index.php$uri; }
location = /.well-known/nodeinfo { return 301 /index.php$uri; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}
cronjob:
enabled: true
generatePreviews: true
schedule: "*/5 * * * *"
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
hpb:
enabled: true
nextcloud:
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
default_phone_region: ""
imaginary:
enabled: true
preview_max_x: 2048
preview_max_y: 2048
preview_max_memory: 512
preview_max_filesize_image: 150
preview_png: true
preview_jpeg: true
preview_gif: true
preview_bmp: true
preview_xbitmap: true
preview_mp3: true
preview_markdown: true
preview_opendoc: true
preview_txt: true
preview_krita: true
preview_illustrator: false
preview_heic: false
preview_movie: false
preview_msoffice2003: false
preview_msoffice2007: false
preview_msofficedoc: false
preview_pdf: false
preview_photoshop: false
preview_postscript: false
preview_staroffice: false
preview_svg: false
preview_tiff: false
preview_font: false
collabora:
enabled: false
env:
aliasgroup1:
configMapRef:
name: nextcloudconfig
key: aliasgroup1
dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"
extra_params: "--o:welcome.enable=false --o:logging.level=information --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false "
server_name: ""
DONT_GEN_SSL_CERT: true
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: nextcloud
postgresqlDatabase: nextcloud
redis:
enabled: true
existingSecret: "rediscreds"
portal:
enabled: true

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,36 @@
{{/* Define the configmap */}}
{{- define "nextcloud.configmap" -}}
{{- $hosts := "" }}
{{- if .Values.ingress.main.enabled }}
{{- range .Values.ingress }}
{{- range $index, $host := .hosts }}
{{- if $index }}
{{ $hosts = ( printf "%v %v" $hosts $host.host ) }}
{{- else }}
{{ $hosts = ( printf "%s" $host.host ) }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloudconfig
data:
{{- $aliasgroup1 := ( printf "http://%s" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) ) }}
{{- if .Values.ingress.main.enabled }}
{{- with (first .Values.ingress.main.hosts) }}
{{- $aliasgroup1 = ( printf "https://%s" .host ) }}
{{- end }}
{{- end }}
aliasgroup1: {{ $aliasgroup1 }}
NEXTCLOUD_TRUSTED_DOMAINS: {{ ( printf "%v %v %v %v %v %v %v %v" "test.fakedomain.dns" "localhost" "127.0.0.1" ( printf "%v:%v" "127.0.0.1" .Values.service.main.ports.main.port ) ( .Values.env.AccessIP | default "localhost" ) ( printf "%v-%v" .Release.Name "nextcloud" ) ( printf "%v-%v" .Release.Name "nextcloud-backend" ) $hosts ) | quote }}
{{- if .Values.ingress.main.enabled }}
APACHE_DISABLE_REWRITE_IP: "1"
{{- end }}
{{- end -}}

View File

@ -0,0 +1,64 @@
{{/* Define the cronjob */}}
{{- define "nextcloud.cronjob" -}}
{{- if .Values.cronjob.enabled -}}
{{- $jobName := include "tc.common.names.fullname" . }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ printf "%s-cronjob" $jobName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
spec:
schedule: "{{ .Values.cronjob.schedule }}"
concurrencyPolicy: Forbid
{{- with .Values.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
restartPolicy: Never
{{- with (include "tc.common.controller.volumes" . | trim) }}
volumes:
{{- nindent 12 . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: {{ default .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
echo "running nextcloud cronjob..."
php -f /var/www/html/cron.php
echo "cronjob finished"
{{- if .Values.cronjob.generatePreviews }}
echo "Pre-generating Previews..."
php /var/www/html/occ preview:pre-generate
echo "Previews generated."
{{- end }}
EOF
# Will mount configuration files as www-data (id: 33) by default for nextcloud
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 16 . }}
{{- end }}
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
resources:
{{ toYaml .Values.resources | indent 16 }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,167 @@
{{/* Define the hbp container */}}
{{- define "nextcloud.hpb" -}}
{{- $jobName := include "tc.common.names.fullname" . }}
image: '{{ include "tc.common.images.selector" . }}'
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
ports:
- containerPort: 7867
readinessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /push/test/cookie
port: 7867
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
command:
- "/bin/sh"
- "-c"
- |
/bin/bash <<'EOF'
set -m
echo "Waiting for notify_push file to be available..."
until [ -f /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push ]
do
sleep 10
echo "Notify_push app not found... waiting..."
done
echo "Waiting for Nextcloud to start..."
until $(curl --output /dev/null --silent --head --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php); do
echo "Nextcloud not responding... waiting..."
sleep 10
done
until $(curl --silent --fail -H "Host: test.fakedomain.dns" http://127.0.0.1:8080/status.php | jq --raw-output '.installed' | grep "true"); do
echo "Nextcloud not installed... waiting..."
sleep 10
done
echo "Nextcloud instance with Notify_push found... Launching High Performance Backend..."
/var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php &
{{- $accessurl := ( printf "http://%v:%v" ( .Values.env.AccessIP | default ( printf "%v-%v" .Release.Name "nextcloud" ) ) .Values.service.main.ports.main.port ) }}
{{- if .Values.ingress.main.enabled }}
{{- with (first .Values.ingress.main.hosts) }}
{{- $accessurl = ( printf "https://%s" .host ) }}
{{- end }}
{{- end }}
echo "Configuring CLI url..."
php /var/www/html/occ config:system:set overwrite.cli.url --value='{{ $accessurl }}/'
echo "Executing standard nextcloud version migration scripts to ensure they are actually ran..."
php /var/www/html/occ db:add-missing-indices
{{- if .Values.imaginary.enabled }}
echo "Imaginary High Performance Previews enabled, enabling it on Nextcloud..."
php /var/www/html/occ config:system:set preview_imaginary_url --value='http://127.0.0.1:9090'
php /var/www/html/occ config:system:set preview_max_x --value='{{ .Values.imaginary.preview_max_x }}'
php /var/www/html/occ config:system:set preview_max_y --value='{{ .Values.imaginary.preview_max_y }}'
php /var/www/html/occ config:system:set preview_max_memory --value='{{ .Values.imaginary.preview_max_memory }}'
php /var/www/html/occ config:system:set preview_max_filesize_image --value='{{ .Values.imaginary.preview_max_filesize_image }}'
# Remove all preview providers and re-add only selected
php /var/www/html/occ config:system:delete enabledPreviewProviders
# Add imaginary always
{{ $c := 0 }} # Initialize counter
php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Imaginary'{{ $c = add1 $c }}
{{ if .Values.imaginary.preview_png }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\PNG'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_jpeg }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\JPEG'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_gif }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\GIF'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_bmp }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\BMP'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_xbitmap }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\XBitmap'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_mp3 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MP3'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_markdown }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MarkDown'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_opendoc }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\OpenDocument'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_txt }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\TXT'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_krita }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Krita'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_illustrator }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Illustrator'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_heic }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\HEIC'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_movie }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Movie'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_msoffice2003 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOffice2003'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_msoffice2007 }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOffice2007'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_msofficedoc }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\MSOfficeDoc'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_pdf }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\PDF'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_photoshop }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Photoshop'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_postscript }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Postscript'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_staroffice }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\StarOffice'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_svg }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\SVG'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_tiff }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\TIFF'{{ $c = add1 $c }}{{ end }}
{{ if .Values.imaginary.preview_font }}php /var/www/html/occ config:system:set enabledPreviewProviders {{ $c }} --value='OC\Preview\Font'{{ $c = add1 $c }}{{ end }}
{{- end }}
# Set default phone region
{{- with .Values.nextcloud.default_phone_region | upper }}
php /var/www/html/occ config:system:set default_phone_region --value='{{ . }}'
{{- end }}
echo "Configuring High Performance Backend for url: {{ $accessurl }}"
php /var/www/html/occ config:app:set notify_push base_endpoint --value='{{ $accessurl }}/push'
fg
EOF
env:
- name: NEXTCLOUD_URL
value: 'http://127.0.0.1:8080'
- name: METRICS_PORT
value: '7868'
- name: TRUSTED_PROXIES
value: "{{ .Values.env.TRUSTED_PROXIES }}"
- name: POSTGRES_DB
value: "{{ .Values.postgresql.postgresqlDatabase }}"
- name: POSTGRES_USER
value: "{{ .Values.postgresql.postgresqlUsername }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: dbcreds
key: postgresql-password
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: dbcreds
key: plainporthost
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: rediscreds
key: plainhost
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: rediscreds
key: redis-password
envFrom:
- configMapRef:
name: nextcloudconfig
{{- end -}}

View File

@ -0,0 +1,40 @@
{{/* Define the imaginary container */}}
{{- define "nextcloud.imaginary" -}}
image: {{ .Values.imaginaryImage.repository }}:{{ .Values.imaginaryImage.tag }}
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- containerPort: 9090
args: ["-enable-url-source"]
env:
- name: 'PORT'
value: '9090'
readinessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}

View File

@ -0,0 +1,54 @@
{{/* Define the nginx container */}}
{{- define "nextcloud.nginx" -}}
image: {{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}
imagePullPolicy: '{{ .Values.image.pullPolicy }}'
securityContext:
runAsUser: 33
runAsGroup: 33
readOnlyRootFilesystem: true
runAsNonRoot: true
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 2 . }}
{{- end }}
- mountPath: /etc/nginx/nginx.conf
name: nginx
readOnly: true
subPath: nginx.conf
ports:
- containerPort: 8080
readinessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
livenessProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
startupProbe:
httpGet:
path: /robots.txt
port: 8080
httpHeaders:
- name: Host
value: "test.fakedomain.dns"
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
{{- end -}}

View File

@ -0,0 +1,22 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render configmap for nextcloud */}}
{{- include "nextcloud.configmap" . }}
{{- $newMiddlewares := append .Values.ingress.main.fixedMiddlewares "tc-nextcloud-chain" }}
{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
{{- $_ := set .Values.additionalContainers "nginx" (include "nextcloud.nginx" . | fromYaml) -}}
{{- if .Values.imaginary.enabled -}}
{{- $_ := set .Values.additionalContainers "imaginary" (include "nextcloud.imaginary" . | fromYaml) -}}
{{- end -}}
{{- if .Values.hpb.enabled -}}
{{- $_ := set .Values.additionalContainers "hpb" (include "nextcloud.hpb" . | fromYaml) -}}
{{- end -}}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{/* Render cronjob for nextcloud */}}
{{- include "nextcloud.cronjob" . }}

View File