image: repository: tccr.io/tccr/nextcloud-fpm pullPolicy: IfNotPresent tag: v29.0.0@sha256:56e45cfd9886b7c95322dbb647acbfe3d198cc6ca2e24285905dc90467b80b13 nginxImage: repository: nginxinc/nginx-unprivileged pullPolicy: IfNotPresent tag: 1.26.0@sha256:f8891d1d861abf0c8754016c025ff90232176d12235c28a4432477bc5f72d2e8 imaginaryImage: repository: tccr.io/tccr/nextcloud-imaginary pullPolicy: IfNotPresent tag: v20230401@sha256:6be7b4432a536d6004b94edea7dd3573f0cc061328b729ed8043236a0784f98c hpbImage: repository: tccr.io/tccr/nextcloud-push-notify pullPolicy: IfNotPresent tag: v0.6.11@sha256:64b2475726ab0dc064fc33dca59d93605e24c30875ecdea0a83f9db22fb7537f clamavImage: repository: clamav/clamav pullPolicy: IfNotPresent tag: 1.3.1@sha256:a1fbf4d8b0fe7365ab0c44e05b345baa6be7c6ea28526d48e70c1205e0762cd2 collaboraImage: repository: collabora/code pullPolicy: IfNotPresent tag: 24.04.1.4.1@sha256:524fc47045d80ccbf5eac8ed8d4d7f0e57f69af417d474a44e41053499b995e6 nextcloud: # Initial Credentials credentials: initialAdminUser: admin initialAdminPassword: adminpass # General settings general: # Custom Nextcloud Scripts run_optimize: true default_phone_region: GR # IP used for exposing nextcloud, # often the loadbalancer IP accessIP: "" # Allows Nextcloud to connect to unsecure (http) endpoints force_enable_allow_local_remote_servers: false # File settings files: shared_folder_name: Shared max_chunk_size: 10485760 # Expiration settings expirations: activity_expire_days: 90 trash_retention_obligation: auto versions_retention_obligation: auto # Previews settings previews: enabled: true # It will also deploy the container imaginary: true cron: true schedule: "*/30 * * * *" max_x: 2048 max_y: 2048 max_memory: 1024 max_file_size_image: 50 # Setting for Imaginary max_allowed_resolution: 18.0 jpeg_quality: 60 square_sizes: 32 256 width_sizes: 256 384 height_sizes: 256 # Casings are important # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269 # Only the last part of the provider is needed providers: - PNG - JPEG # Logging settings logging: log_level: 2 log_file: /var/www/html/data/logs/nextcloud.log log_audit_file: /var/www/html/data/logs/audit.log log_date_format: d/m/Y H:i:s # ClamAV settings clamav: # It will also deploy the container # Note that this runs as root enabled: false stream_max_length: 26214400 file_max_size: -1 infected_action: only_log # Notify Push settings notify_push: # It will also deploy the container enabled: true # Collabora settings collabora: # It will also deploy the container enabled: false # default|compact|tabbed interface_mode: default username: admin password: changeme dictionaries: - de_DE - en_GB - en_US - el_GR - es_ES - fr_FR - pt_BR - pt_PT - it - nl - ru onlyoffice: # It will not deploy the container # Only add the OnlyOffice settings enabled: false url: "" internal_url: "" verify_ssl: true jwt: "" jwt_header: Authorization # PHP settings php: memory_limit: 1G upload_limit: 10G pm_max_children: 180 pm_start_servers: 18 pm_min_spare_servers: 12 pm_max_spare_servers: 30 opcache: interned_strings_buffer: 32 max_accelerated_files: 10000 memory_consumption: 128 revalidate_freq: 60 jit_buffer_size: 128 # Do NOT edit below this line workload: # Nextcloud php-fpm main: type: Deployment podSpec: containers: main: enabled: true primary: true envFrom: - configMapRef: name: nextcloud-config probes: liveness: enabled: true type: exec command: /healthcheck.sh readiness: enabled: true type: exec command: /healthcheck.sh startup: enabled: true type: tcp port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}" nginx: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: nginx: enabled: true primary: true imageSelector: nginxImage resources: excludeExtra: true probes: readiness: enabled: true path: /robots.txt port: "{{ .Values.service.main.ports.main.port }}" httpHeaders: Host: kube.internal.healthcheck liveness: enabled: true path: /robots.txt port: "{{ .Values.service.main.ports.main.port }}" httpHeaders: Host: kube.internal.healthcheck startup: enabled: true type: tcp port: "{{ .Values.service.main.ports.main.port }}" notify: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: notify: primary: true enabled: true imageSelector: hpbImage resources: excludeExtra: true envFrom: - configMapRef: name: hpb-config probes: readiness: enabled: true path: /push/test/cookie port: 7867 httpHeaders: Host: kube.internal.healthcheck liveness: enabled: true path: /push/test/cookie port: 7867 httpHeaders: Host: kube.internal.healthcheck startup: enabled: true type: tcp port: 7867 imaginary: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: imaginary: primary: true enabled: true imageSelector: imaginaryImage resources: excludeExtra: true command: imaginary args: - -p - "{{ .Values.service.imaginary.ports.imaginary.port }}" - -concurrency - "10" - -max-allowed-resolution - "{{ .Values.nextcloud.previews.max_allowed_resolution }}" - -enable-url-source - -return-size probes: readiness: enabled: true path: /health port: "{{ .Values.service.imaginary.ports.imaginary.port }}" liveness: enabled: true path: /health port: "{{ .Values.service.imaginary.ports.imaginary.port }}" startup: enabled: true type: tcp port: "{{ .Values.service.imaginary.ports.imaginary.port }}" clamav: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: clamav: primary: true enabled: true imageSelector: clamavImage resources: excludeExtra: true # FIXME: https://github.com/Cisco-Talos/clamav/issues/478 securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false readOnlyRootFilesystem: false envFrom: - configMapRef: name: clamav-config probes: readiness: enabled: true type: exec command: clamdcheck.sh liveness: enabled: true type: exec command: clamdcheck.sh startup: enabled: true type: tcp port: "{{ .Values.service.clamav.ports.clamav.targetPort }}" collabora: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: collabora: primary: true enabled: true imageSelector: collaboraImage resources: excludeExtra: true securityContext: runAsUser: 100 runAsGroup: 102 readOnlyRootFilesystem: false allowPrivilegeEscalation: true capabilities: add: - CHOWN - FOWNER - SYS_CHROOT - MKNOD envFrom: - configMapRef: name: collabora-config probes: readiness: enabled: true type: http path: /collabora/ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" liveness: enabled: true type: http path: /collabora/ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" startup: enabled: true type: tcp port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" cronjobs: # Don't change names, it's used in the persistence - name: nextcloud-cron enabled: true schedule: "*/5 * * * *" cmd: - echo "Running [php -f /var/www/html/cron.php] ..." - php -f /var/www/html/cron.php - echo "Finished [php -f /var/www/html/cron.php]" - name: preview-cron enabled: "{{ .Values.nextcloud.previews.cron }}" schedule: "{{ .Values.nextcloud.previews.schedule }}" cmd: - echo "Running [occ preview:pre-generate] ..." - occ preview:pre-generate - echo "Finished [occ preview:pre-generate]" service: # Main service links to ingress easier # That's why the nginx is swapped with nextcloud main: targetSelector: nginx ports: main: targetSelector: nginx port: 8080 nextcloud: enabled: true targetSelector: main ports: nextcloud: enabled: true targetSelector: main port: 9000 targetPort: 9000 notify: enabled: true targetSelector: notify ports: notify: enabled: true primary: true port: 7867 targetPort: 7867 targetSelector: notify metrics: enabled: true port: 7868 targetSelector: notify imaginary: enabled: true targetSelector: imaginary ports: imaginary: enabled: true port: 9090 targetSelector: imaginary clamav: enabled: true targetSelector: clamav ports: clamav: enabled: true port: 3310 targetPort: 3310 targetSelector: clamav collabora: enabled: true targetSelector: collabora ports: collabora: enabled: true port: 9980 targetPort: 9980 targetSelector: collabora persistence: php-tune: enabled: true type: configmap objectName: php-tune targetSelector: main: main: mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf subPath: zz-tune.conf readOnly: true redis-session: enabled: true type: configmap objectName: redis-session targetSelector: main: main: mountPath: /usr/local/etc/php/conf.d/redis-session.ini subPath: redis-session.ini readOnly: true opcache-recommended: enabled: true type: configmap objectName: opcache targetSelector: main: main: mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini subPath: opcache-recommended.ini readOnly: true nginx: enabled: true type: configmap objectName: nginx-config targetSelector: nginx: nginx: mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true nginx-temp: enabled: true type: emptyDir targetSelector: nginx: nginx: mountPath: /tmp/nginx html: enabled: true targetSelector: main: main: mountPath: /var/www/html nextcloud-cron: nextcloud-cron: mountPath: /var/www/html preview-cron: preview-cron: mountPath: /var/www/html nginx: nginx: mountPath: /var/www/html readOnly: true config: enabled: true targetSelector: main: main: mountPath: /var/www/html/config nextcloud-cron: nextcloud-cron: mountPath: /var/www/html/config preview-cron: preview-cron: mountPath: /var/www/html/config notify: notify: mountPath: /var/www/html/config readOnly: true nginx: nginx: mountPath: /var/www/html/config readOnly: true data: enabled: true targetSelector: main: main: mountPath: /var/www/html/data init-perms: mountPath: /var/www/html/data nextcloud-cron: nextcloud-cron: mountPath: /var/www/html/data preview-cron: preview-cron: mountPath: /var/www/html/data nginx: nginx: mountPath: /var/www/html/data readOnly: true cnpg: main: enabled: true user: nextcloud database: nextcloud redis: enabled: true includeCommon: true username: default portal: open: enabled: true updated: true ingress: main: required: true