image: repository: tccr.io/truecharts/nextcloud-fpm pullPolicy: IfNotPresent tag: v27.1.3@sha256:517609d65d5cbdc5827dc8ae3f209aa546b43ede3a038ac4b2b1011a5f13d118 nginxImage: repository: tccr.io/truecharts/nginx-unprivileged pullPolicy: IfNotPresent tag: v1.25.2@sha256:5e4e3c89e98e95ba24155a7d60aa2e79c80aaeb80710bd46bd0d2c33de8f966b imaginaryImage: repository: tccr.io/truecharts/nextcloud-imaginary pullPolicy: IfNotPresent tag: v20230401@sha256:75b5a785707efa54a1eeca27d7da80933556d3c3dc96ec10970c270117ee963a hpbImage: repository: tccr.io/truecharts/nextcloud-push-notify pullPolicy: IfNotPresent tag: v0.6.3@sha256:b9c35ab123354eeac3996e361f8c30b8e4de6d2ccd69e5179a7c2a101a67b46f clamavImage: repository: tccr.io/truecharts/clamav pullPolicy: IfNotPresent tag: v1.2.1@sha256:f9fe7d0ccd86d1ee0583465a0ccf1cbd4bae7468c4c6297be4b8ca7f73260f42 collaboraImage: repository: tccr.io/truecharts/collabora pullPolicy: IfNotPresent tag: v23.05.5.3.1@sha256:ab6d6f66caa6924a1acb7dc0b601591121a4779bc80c904e3ea7b231bbe52720 nextcloud: # Initial Credentials credentials: initialAdminUser: admin initialAdminPassword: adminpass # General settings general: # Custom Nextcloud Scripts run_optimize: true default_phone_region: GR # IP used for exposing nextcloud, # often the loadbalancer IP accessIP: "" # Allows Nextcloud to connect to unsecure (http) endpoints force_enable_allow_local_remote_servers: false # File settings files: shared_folder_name: Shared max_chunk_size: 10485760 # Expiration settings expirations: activity_expire_days: 90 trash_retention_obligation: auto versions_retention_obligation: auto # Previews settings previews: enabled: true # It will also deploy the container imaginary: true cron: true schedule: "*/30 * * * *" max_x: 2048 max_y: 2048 max_memory: 1024 max_file_size_image: 50 # Setting for Imaginary max_allowed_resolution: 18.0 jpeg_quality: 60 square_sizes: 32 256 width_sizes: 256 384 height_sizes: 256 # Casings are important # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269 # Only the last part of the provider is needed providers: - PNG - JPEG # Logging settings logging: log_level: 2 log_file: /var/www/html/data/logs/nextcloud.log log_audit_file: /var/www/html/data/logs/audit.log log_date_format: d/m/Y H:i:s # ClamAV settings clamav: # It will also deploy the container # Note that this runs as root enabled: false stream_max_length: 26214400 file_max_size: -1 infected_action: only_log # Notify Push settings notify_push: # It will also deploy the container enabled: true # Collabora settings collabora: # It will also deploy the container enabled: false # default|compact|tabbed interface_mode: default username: admin password: changeme dictionaries: - de_DE - en_GB - en_US - el_GR - es_ES - fr_FR - pt_BR - pt_PT - it - nl - ru onlyoffice: # It will not deploy the container # Only add the OnlyOffice settings enabled: false url: "" jwt: "" jwt_header: Authorization # PHP settings php: memory_limit: 1G upload_limit: 10G pm_max_children: 180 pm_start_servers: 18 pm_min_spare_servers: 12 pm_max_spare_servers: 30 opcache: interned_strings_buffer: 32 max_accelerated_files: 10000 memory_consumption: 128 revalidate_freq: 60 jit_buffer_size: 128 # Do NOT edit below this line workload: # Nextcloud php-fpm main: type: Deployment podSpec: containers: main: enabled: true primary: true envFrom: - configMapRef: name: nextcloud-config probes: liveness: enabled: true type: exec command: /healthcheck.sh readiness: enabled: true type: exec command: /healthcheck.sh startup: enabled: true type: tcp port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}" nginx: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: nginx: enabled: true primary: true imageSelector: nginxImage probes: readiness: enabled: true path: /robots.txt port: "{{ .Values.service.main.ports.main.port }}" httpHeaders: Host: kube.internal.healthcheck liveness: enabled: true path: /robots.txt port: "{{ .Values.service.main.ports.main.port }}" httpHeaders: Host: kube.internal.healthcheck startup: enabled: true type: tcp port: "{{ .Values.service.main.ports.main.port }}" notify: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: notify: primary: true enabled: true imageSelector: hpbImage envFrom: - configMapRef: name: hpb-config probes: readiness: enabled: true path: /push/test/cookie port: 7867 httpHeaders: Host: kube.internal.healthcheck liveness: enabled: true path: /push/test/cookie port: 7867 httpHeaders: Host: kube.internal.healthcheck startup: enabled: true type: tcp port: 7867 imaginary: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: imaginary: primary: true enabled: true imageSelector: imaginaryImage command: imaginary args: - -p - "{{ .Values.service.imaginary.ports.imaginary.port }}" - -concurrency - "10" - -max-allowed-resolution - "{{ .Values.nextcloud.previews.max_allowed_resolution }}" - -enable-url-source - -return-size probes: readiness: enabled: true path: /health port: "{{ .Values.service.imaginary.ports.imaginary.port }}" liveness: enabled: true path: /health port: "{{ .Values.service.imaginary.ports.imaginary.port }}" startup: enabled: true type: tcp port: "{{ .Values.service.imaginary.ports.imaginary.port }}" clamav: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: clamav: primary: true enabled: true imageSelector: clamavImage # FIXME: https://github.com/Cisco-Talos/clamav/issues/478 securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false readOnlyRootFilesystem: false envFrom: - configMapRef: name: clamav-config probes: readiness: enabled: true type: exec command: clamdcheck.sh liveness: enabled: true type: exec command: clamdcheck.sh startup: enabled: true type: tcp port: "{{ .Values.service.clamav.ports.clamav.targetPort }}" collabora: enabled: true type: Deployment strategy: RollingUpdate replicas: 1 podSpec: containers: collabora: primary: true enabled: true imageSelector: collaboraImage securityContext: runAsUser: 100 runAsGroup: 102 readOnlyRootFilesystem: false allowPrivilegeEscalation: true capabilities: add: - CHOWN - FOWNER - SYS_CHROOT - MKNOD envFrom: - configMapRef: name: collabora-config probes: readiness: enabled: true type: http path: /collabora/ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" liveness: enabled: true type: http path: /collabora/ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" startup: enabled: true type: tcp port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" cronjobs: # Don't change names, it's used in the persistence - name: nextcloud-cron enabled: true schedule: "*/5 * * * *" cmd: - echo "Running [php -f /var/www/html/cron.php] ..." - php -f /var/www/html/cron.php - echo "Finished [php -f /var/www/html/cron.php]" - name: preview-cron enabled: "{{ .Values.nextcloud.previews.cron }}" schedule: "{{ .Values.nextcloud.previews.schedule }}" cmd: - echo "Running [occ preview:pre-generate] ..." - occ preview:pre-generate - echo "Finished [occ preview:pre-generate]" service: # Main service links to ingress easier # That's why the nginx is swapped with nextcloud main: targetSelector: nginx ports: main: targetSelector: nginx port: 8080 nextcloud: enabled: true targetSelector: main ports: nextcloud: enabled: true targetSelector: main port: 9000 targetPort: 9000 notify: enabled: true targetSelector: notify ports: notify: enabled: true primary: true port: 7867 targetPort: 7867 targetSelector: notify metrics: enabled: true port: 7868 targetSelector: notify imaginary: enabled: true targetSelector: imaginary ports: imaginary: enabled: true port: 9090 targetSelector: imaginary clamav: enabled: true targetSelector: clamav ports: clamav: enabled: true port: 3310 targetPort: 3310 targetSelector: clamav collabora: enabled: true targetSelector: collabora ports: collabora: enabled: true port: 9980 targetPort: 9980 targetSelector: collabora persistence: php-tune: enabled: true type: configmap objectName: php-tune targetSelector: main: main: mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf subPath: zz-tune.conf readOnly: true redis-session: enabled: true type: configmap objectName: redis-session targetSelector: main: main: mountPath: /usr/local/etc/php/conf.d/redis-session.ini subPath: redis-session.ini readOnly: true opcache-recommended: enabled: true type: configmap objectName: opcache targetSelector: main: main: mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini subPath: opcache-recommended.ini readOnly: true nginx: enabled: true type: configmap objectName: nginx-config targetSelector: nginx: nginx: mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true nginx-temp: enabled: true type: emptyDir targetSelector: nginx: nginx: mountPath: /tmp/nginx html: enabled: true targetSelector: main: main: mountPath: /var/www/html nextcloud-cron: nextcloud-cron: mountPath: /var/www/html preview-cron: preview-cron: mountPath: /var/www/html nginx: nginx: mountPath: /var/www/html readOnly: true config: enabled: true targetSelector: main: main: mountPath: /var/www/html/config nextcloud-cron: nextcloud-cron: mountPath: /var/www/html/config preview-cron: preview-cron: mountPath: /var/www/html/config notify: notify: mountPath: /var/www/html/config readOnly: true nginx: nginx: mountPath: /var/www/html/config readOnly: true data: enabled: true targetSelector: main: main: mountPath: /var/www/html/data init-perms: mountPath: /var/www/html/data nextcloud-cron: nextcloud-cron: mountPath: /var/www/html/data preview-cron: preview-cron: mountPath: /var/www/html/data nginx: nginx: mountPath: /var/www/html/data readOnly: true cnpg: main: enabled: true user: nextcloud database: nextcloud redis: enabled: true username: default portal: open: enabled: true