admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

added nextcloud, gitea

Browse Source
This commit is contained in:
kisfenyo
2025-12-18 16:22:04 +01:00
parent 1d6c95d521
commit c4bbc675ea
3 changed files with 1136 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
argocd-apps/homelab.yaml
+44
View File
@@ -192,3 +192,47 @@ spec:
- CreateNamespace=true - CreateNamespace=true
- PruneLast=true - PruneLast=true
--- ---
# Gitea
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: homelab
source:
repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git
targetRevision: main
path: gitea-system
destination:
server: https://kubernetes.default.svc
namespace: gitea-system
syncPolicy:
syncOptions:
- CreateNamespace=true
- PruneLast=true
---
# Nextcloud
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nextcloud
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: homelab
source:
repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git
targetRevision: main
path: nextcloud-system
destination:
server: https://kubernetes.default.svc
namespace: nextcloud-system
syncPolicy:
syncOptions:
- CreateNamespace=true
- PruneLast=true
---
gitea-system/gitea.yaml
+359
View File
@@ -0,0 +1,359 @@
# After deployment create admin user with below command in gitea container:
#
# su git
# gitea admin user create --username admin --password '<password>' --email <email> --admin
---
apiVersion: v1
kind: Namespace
metadata:
name: gitea-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
app.kubernetes.io/version: 1.25.2
name: gitea
namespace: gitea-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
app.kubernetes.io/version: 1.25.2
spec:
initContainers:
- name: init-directories
image: busybox:1.36
command:
- sh
- -c
- |
mkdir -p /data/gitea/conf
chown -R 1000:1000 /data
volumeMounts:
- name: data
mountPath: /data
containers:
- name: gitea
image: gitea/gitea:1.25.2
imagePullPolicy: IfNotPresent
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: GITEA__database__DB_TYPE
value: postgres
- name: GITEA__database__HOST
value: gitea-postgres:5432
- name: GITEA__database__NAME
value: gitea
- name: GITEA__database__USER
valueFrom:
secretKeyRef:
name: gitea-db
key: username
- name: GITEA__database__PASSWD
valueFrom:
secretKeyRef:
name: gitea-db
key: password
- name: GITEA__server__DOMAIN
value: gitea.dooplex.hu
- name: GITEA__server__ROOT_URL
value: https://gitea.dooplex.hu/
- name: GITEA__server__HTTP_PORT
value: "3000"
- name: GITEA__server__SSH_DOMAIN
value: gitea.dooplex.hu
- name: GITEA__server__SSH_PORT
value: "22"
- name: GITEA__server__SSH_LISTEN_PORT
value: "2222"
- name: GITEA__server__LFS_START_SERVER
value: "true"
- name: GITEA__security__INSTALL_LOCK
value: "true"
- name: GITEA__security__SECRET_KEY
valueFrom:
secretKeyRef:
name: gitea-app
key: secret-key
- name: GITEA__security__INTERNAL_TOKEN
valueFrom:
secretKeyRef:
name: gitea-app
key: internal-token
- name: GITEA__server__LFS_JWT_SECRET
valueFrom:
secretKeyRef:
name: gitea-app
key: lfs-jwt-secret
- name: GITEA__service__DISABLE_REGISTRATION
value: "true"
- name: GITEA__mailer__ENABLED
value: "true"
- name: GITEA__mailer__PROTOCOL
value: smtp+starttls
- name: GITEA__mailer__SMTP_ADDR
valueFrom:
secretKeyRef:
name: smtp-credentials
key: host
- name: GITEA__mailer__SMTP_PORT
valueFrom:
secretKeyRef:
name: smtp-credentials
key: port
- name: GITEA__mailer__USER
valueFrom:
secretKeyRef:
name: smtp-credentials
key: username
- name: GITEA__mailer__PASSWD
valueFrom:
secretKeyRef:
name: smtp-credentials
key: password
- name: GITEA__mailer__FROM
valueFrom:
secretKeyRef:
name: smtp-credentials
key: from-address
- name: GITEA__time__DEFAULT_UI_LOCATION
value: Europe/Budapest
ports:
- containerPort: 3000
name: http
protocol: TCP
- containerPort: 2222
name: ssh
protocol: TCP
livenessProbe:
httpGet:
path: /api/healthz
port: http
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
readinessProbe:
httpGet:
path: /api/healthz
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: data
mountPath: /data
- name: repos
mountPath: /data/git/repositories
securityContext:
fsGroup: 1000
volumes:
- name: data
persistentVolumeClaim:
claimName: gitea-data
- name: repos
hostPath:
path: /mnt/4_hdd/data/gitea/repositories
type: DirectoryOrCreate
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: postgres
name: gitea-postgres
namespace: gitea-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: postgres
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: postgres
spec:
containers:
- name: postgres
image: postgres:16-alpine
imagePullPolicy: IfNotPresent
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: gitea-db
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-db
key: password
- name: POSTGRES_DB
value: gitea
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
ports:
- containerPort: 5432
name: postgres
protocol: TCP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
subPath: data
securityContext:
fsGroup: 999
volumes:
- name: data
persistentVolumeClaim:
claimName: gitea-postgres
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
app.kubernetes.io/version: 1.25.2
name: gitea
namespace: gitea-system
spec:
type: ClusterIP
ports:
- name: http
port: 3000
protocol: TCP
targetPort: http
- name: ssh
port: 22
protocol: TCP
targetPort: ssh
selector:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: postgres
name: gitea-postgres
namespace: gitea-system
spec:
type: ClusterIP
ports:
- name: postgres
port: 5432
protocol: TCP
targetPort: postgres
selector:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: postgres
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: gitea.dooplex.hu,gitea.home
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
name: gitea
namespace: gitea-system
spec:
ingressClassName: nginx-internal
rules:
- host: gitea.dooplex.hu
http:
paths:
- backend:
service:
name: gitea
port:
number: 3000
path: /
pathType: Prefix
- host: gitea.home
http:
paths:
- backend:
service:
name: gitea
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- gitea.dooplex.hu
secretName: gitea-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: gitea
name: gitea-data
namespace: gitea-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: longhorn
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: gitea
app.kubernetes.io/name: postgres
name: gitea-postgres
namespace: gitea-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: longhorn
nextcloud-system/nextcloud.yaml
+733
View File
@@ -0,0 +1,733 @@
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: nextcloud-postgresql
namespace: "nextcloud-system"
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
app.kubernetes.io/component: primary
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
policyTypes:
- Ingress
- Egress
egress:
- {}
ingress:
- ports:
- port: 5432
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: nextcloud-postgresql
namespace: "nextcloud-system"
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
app.kubernetes.io/component: primary
spec:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nextcloud-postgresql
namespace: "nextcloud-system"
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
automountServiceAccountToken: false
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-config
namespace: "nextcloud-system"
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/version: "32.0.2"
data:
custom.config.php: |-
<?php
$CONFIG = array (
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://dooplex.hu',
'filelocking.enabled' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'default_phone_region' => 'HU',
'allow_local_remote_servers' => true,
);
previews.config.php: |-
<?php
$CONFIG = array (
'enable_previews' => true,
'enabledPreviewProviders' => array (
'\\OC\\Preview\\Movie',
'\\OC\\Preview\\PNG',
'\\OC\\Preview\\JPEG',
'\\OC\\Preview\\GIF',
'\\OC\\Preview\\BMP',
'\\OC\\Preview\\XBitmap',
'\\OC\\Preview\\MP3',
'\\OC\\Preview\\MP4',
'\\OC\\Preview\\TXT',
'\\OC\\Preview\\MarkDown',
'\\OC\\Preview\\PDF'
),
);
.htaccess: |-
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>
# section for Apache 2.2 and 2.4
<ifModule mod_autoindex.c>
IndexIgnore *
</ifModule>
apache-pretty-urls.config.php: |-
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
);
apcu.config.php: |-
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);
apps.config.php: |-
<?php
$CONFIG = array (
'apps_paths' => array (
0 => array (
'path' => OC::$SERVERROOT.'/apps',
'url' => '/apps',
'writable' => false,
),
1 => array (
'path' => OC::$SERVERROOT.'/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
);
autoconfig.php: |-
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG['dbtype'] = 'sqlite';
$AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
$AUTOCONFIG['dbtype'] = 'mysql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG['dbtype'] = 'mysql';
$AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
$AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
$AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG['dbtype'] = 'pgsql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG['dbtype'] = 'pgsql';
$AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
$AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
$AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
}
reverse-proxy.config.php: |-
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}
upgrade-disable-web.config.php: |-
<?php
$CONFIG = array (
'upgrade.disable-web' => true,
);
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-phpconfig
namespace: "nextcloud-system"
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/version: "32.0.2"
data:
uploadLimit.ini: |-
upload_max_filesize = 10G
post_max_size = 10G
max_input_time = 3600
max_execution_time = 3600
memory_limit = 512M
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nextcloud-nextcloud
namespace: "nextcloud-system"
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
app.kubernetes.io/version: "32.0.2"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"
storageClassName: "longhorn"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-postgresql-data
namespace: "nextcloud-system"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "5Gi"
storageClassName: "longhorn"
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-postgresql-hl
namespace: "nextcloud-system"
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
app.kubernetes.io/component: primary
annotations:
spec:
type: ClusterIP
clusterIP: None
# We want all pods in the StatefulSet to have their addresses published for
# the sake of the other Postgresql pods even before they're ready, since they
# have to be able to talk to each other in order to become ready.
publishNotReadyAddresses: true
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
selector:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud-postgresql
namespace: "nextcloud-system"
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
app.kubernetes.io/component: primary
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
nodePort: null
selector:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud
namespace: "nextcloud-system"
annotations:
external-dns.alpha.kubernetes.io/hostname: nextcloud.home
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
app.kubernetes.io/version: "32.0.2"
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 80
protocol: TCP
name: http
selector:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
namespace: "nextcloud-system"
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
app.kubernetes.io/version: "32.0.2"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
template:
metadata:
labels:
app.kubernetes.io/name: nextcloud
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/component: app
annotations:
nextcloud-config-hash: 06b49913be13b1f9a81745166dd75ada59e7ddd39e8f6a2c5538affe2a6d1093
php-config-hash: 5a497358af870e06b42325eee83d7c0e5466b7f6819cb49b598559d96def7428
hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
spec:
containers:
- name: nextcloud
image: docker.io/library/nextcloud:32.0.2-apache
imagePullPolicy: IfNotPresent
env:
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: smtp-credentials
key: host
- name: SMTP_PORT
valueFrom:
secretKeyRef:
name: smtp-credentials
key: port
- name: SMTP_NAME
valueFrom:
secretKeyRef:
name: smtp-credentials
key: username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: smtp-credentials
key: password
- name: SMTP_SECURE
value: tls
- name: SMTP_AUTHTYPE
value: LOGIN
- name: MAIL_FROM_ADDRESS
value: nextcloud
- name: MAIL_DOMAIN
value: gmail.com
- name: POSTGRES_HOST
value: nextcloud-postgresql
- name: POSTGRES_DB
value: "nextcloud"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-password
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "nextcloud.home 10.42.0.0/16 10.43.0.0/16 dooplex.hu"
- name: NEXTCLOUD_DATA_DIR
value: "/data"
resources:
{}
volumeMounts:
- name: nextcloud-main
mountPath: /var/www/
subPath: root
- name: nextcloud-main
mountPath: /var/www/html
subPath: html
- name: nextcloud-main
mountPath: /var/www/html/config
subPath: config
- name: nextcloud-main
mountPath: /var/www/html/custom_apps
subPath: custom_apps
- name: nextcloud-main
mountPath: /var/www/tmp
subPath: tmp
- name: nextcloud-main
mountPath: /var/www/html/themes
subPath: themes
- name: nextcloud-config
mountPath: /var/www/html/config/custom.config.php
subPath: custom.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/previews.config.php
subPath: previews.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/.htaccess
subPath: .htaccess
- name: nextcloud-config
mountPath: /var/www/html/config/apache-pretty-urls.config.php
subPath: apache-pretty-urls.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/apcu.config.php
subPath: apcu.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/apps.config.php
subPath: apps.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/autoconfig2.php
subPath: autoconfig2.php
- name: nextcloud-config
mountPath: /var/www/html/config/reverse-proxy.config.php
subPath: reverse-proxy.config.php
- name: nextcloud-config
mountPath: /var/www/html/config/upgrade-disable-web.config.php
subPath: upgrade-disable-web.config.php
- mountPath: /data
name: data
- name: nextcloud-phpconfig
mountPath: "/usr/local/etc/php/conf.d/uploadLimit.ini"
subPath: uploadLimit.ini
ports:
- name: http
containerPort: 80
protocol: TCP
startupProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "192.168.0.210"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
livenessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "192.168.0.210"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: "192.168.0.210"
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
initContainers:
- name: postgresql-isready
image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3
resources:
{}
securityContext:
{}
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-username
- name: POSTGRES_HOST
value: nextcloud-postgresql
command:
- "sh"
- "-c"
- "until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; done"
volumes:
- name: nextcloud-main
persistentVolumeClaim:
claimName: nextcloud-nextcloud
- name: nextcloud-config
configMap:
name: nextcloud-config
- name: nextcloud-phpconfig
configMap:
name: nextcloud-phpconfig
- hostPath:
path: /mnt/4_hdd/data/nextcloud
type: Directory
name: data
securityContext:
# Will mount configuration files as www-data (id: 33) for nextcloud
fsGroup: 33
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nextcloud-postgresql
namespace: "nextcloud-system"
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
app.kubernetes.io/component: primary
spec:
replicas: 1
serviceName: nextcloud-postgresql-hl
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
template:
metadata:
name: nextcloud-postgresql
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 17.5.0
app.kubernetes.io/component: primary
spec:
serviceAccountName: nextcloud-postgresql
automountServiceAccountToken: false
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
topologyKey: kubernetes.io/hostname
weight: 1
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
hostNetwork: false
hostIPC: false
containers:
- name: postgresql
image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
env:
- name: BITNAMI_DEBUG
value: "false"
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: POSTGRESQL_VOLUME_DIR
value: "/bitnami/postgresql"
- name: PGDATA
value: "/bitnami/postgresql/data"
# Authentication
- name: POSTGRES_USER
value: "nextcloud"
- name: POSTGRES_PASSWORD_FILE
value: /opt/bitnami/postgresql/secrets/password
- name: POSTGRES_POSTGRES_PASSWORD_FILE
value: /opt/bitnami/postgresql/secrets/postgres-password
- name: POSTGRES_DATABASE
value: "nextcloud"
# LDAP
- name: POSTGRESQL_ENABLE_LDAP
value: "no"
# TLS
- name: POSTGRESQL_ENABLE_TLS
value: "no"
# Audit
- name: POSTGRESQL_LOG_HOSTNAME
value: "false"
- name: POSTGRESQL_LOG_CONNECTIONS
value: "false"
- name: POSTGRESQL_LOG_DISCONNECTIONS
value: "false"
- name: POSTGRESQL_PGAUDIT_LOG_CATALOG
value: "off"
# Others
- name: POSTGRESQL_CLIENT_MIN_MESSAGES
value: "error"
- name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
value: "pgaudit"
ports:
- name: tcp-postgresql
containerPort: 5432
livenessProbe:
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- /bin/sh
- -c
- -e
- |
exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432
resources:
limits:
cpu: 150m
ephemeral-storage: 2Gi
memory: 192Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 128Mi
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/postgresql/conf
subPath: app-conf-dir
- name: empty-dir
mountPath: /opt/bitnami/postgresql/tmp
subPath: app-tmp-dir
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
- name: dshm
mountPath: /dev/shm
- name: data
mountPath: /bitnami/postgresql
volumes:
- name: empty-dir
emptyDir: {}
- name: postgresql-password
secret:
secretName: nextcloud-postgresql
- name: dshm
emptyDir:
medium: Memory
- name: data
persistentVolumeClaim:
claimName: nextcloud-postgresql-data # NOW PERSISTENT