--- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: nextcloud-postgresql namespace: "nextcloud-system" labels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 app.kubernetes.io/component: primary spec: podSelector: matchLabels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary policyTypes: - Ingress - Egress egress: - {} ingress: - ports: - port: 5432 --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: nextcloud-postgresql namespace: "nextcloud-system" labels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 app.kubernetes.io/component: primary spec: maxUnavailable: 1 selector: matchLabels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary --- apiVersion: v1 kind: ServiceAccount metadata: name: nextcloud-postgresql namespace: "nextcloud-system" labels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 automountServiceAccountToken: false --- apiVersion: v1 kind: ConfigMap metadata: name: nextcloud-config namespace: "nextcloud-system" labels: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/version: "32.0.2" data: custom.config.php: |- 'https', 'overwrite.cli.url' => 'https://nextcloud.dooplex.hu', 'filelocking.enabled' => true, 'default_phone_region' => 'HU', 'allow_local_remote_servers' => true, 'trusted_proxies' => array ( '10.42.0.0/16', '10.43.0.0/16', '192.168.0.0/24', ), 'forwarded_for_headers' => array ( 'HTTP_X_FORWARDED_FOR', ), ); previews.config.php: |- true, 'enabledPreviewProviders' => array ( '\\OC\\Preview\\Movie', '\\OC\\Preview\\PNG', '\\OC\\Preview\\JPEG', '\\OC\\Preview\\GIF', '\\OC\\Preview\\BMP', '\\OC\\Preview\\XBitmap', '\\OC\\Preview\\MP3', '\\OC\\Preview\\MP4', '\\OC\\Preview\\TXT', '\\OC\\Preview\\MarkDown', '\\OC\\Preview\\PDF' ), ); .htaccess: |- # line below if for Apache 2.4 Require all denied # line below if for Apache 2.2 deny from all # section for Apache 2.2 and 2.4 IndexIgnore * apache-pretty-urls.config.php: |- '/', ); apcu.config.php: |- '\OC\Memcache\APCu', ); apps.config.php: |- array ( 0 => array ( 'path' => OC::$SERVERROOT.'/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => OC::$SERVERROOT.'/custom_apps', 'url' => '/custom_apps', 'writable' => true, ), ), ); autoconfig.php: |- true, ); --- apiVersion: v1 kind: ConfigMap metadata: name: nextcloud-phpconfig namespace: "nextcloud-system" labels: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/version: "32.0.2" data: uploadLimit.ini: |- upload_max_filesize = 10G post_max_size = 10G max_input_time = 3600 max_execution_time = 3600 memory_limit = 512M --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nextcloud-nextcloud namespace: "nextcloud-system" labels: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/component: app app.kubernetes.io/version: "32.0.2" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "10Gi" storageClassName: "longhorn" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nextcloud-postgresql-data namespace: "nextcloud-system" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "5Gi" storageClassName: "longhorn" --- apiVersion: v1 kind: Service metadata: name: nextcloud-postgresql-hl namespace: "nextcloud-system" labels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 app.kubernetes.io/component: primary annotations: spec: type: ClusterIP clusterIP: None # We want all pods in the StatefulSet to have their addresses published for # the sake of the other Postgresql pods even before they're ready, since they # have to be able to talk to each other in order to become ready. publishNotReadyAddresses: true ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql selector: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary --- apiVersion: v1 kind: Service metadata: name: nextcloud-postgresql namespace: "nextcloud-system" labels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 app.kubernetes.io/component: primary spec: type: ClusterIP sessionAffinity: None ports: - name: tcp-postgresql port: 5432 targetPort: tcp-postgresql nodePort: null selector: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary --- apiVersion: v1 kind: Service metadata: name: nextcloud namespace: "nextcloud-system" annotations: external-dns.alpha.kubernetes.io/hostname: nextcloud.home labels: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/component: app app.kubernetes.io/version: "32.0.2" spec: type: ClusterIP ports: - port: 80 protocol: TCP name: http selector: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/component: app --- apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud namespace: "nextcloud-system" labels: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/component: app app.kubernetes.io/version: "32.0.2" spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/component: app template: metadata: labels: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud app.kubernetes.io/component: app annotations: nextcloud-config-hash: 06b49913be13b1f9a81745166dd75ada59e7ddd39e8f6a2c5538affe2a6d1093 php-config-hash: 5a497358af870e06b42325eee83d7c0e5466b7f6819cb49b598559d96def7428 hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: containers: - name: nextcloud image: docker.io/library/nextcloud:32.0.2-apache imagePullPolicy: IfNotPresent env: - name: SMTP_HOST valueFrom: secretKeyRef: name: smtp-credentials key: host - name: SMTP_PORT valueFrom: secretKeyRef: name: smtp-credentials key: port - name: SMTP_NAME valueFrom: secretKeyRef: name: smtp-credentials key: username - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: smtp-credentials key: password - name: SMTP_SECURE value: tls - name: SMTP_AUTHTYPE value: LOGIN - name: MAIL_FROM_ADDRESS value: nextcloud - name: MAIL_DOMAIN value: gmail.com - name: POSTGRES_HOST value: nextcloud-postgresql - name: POSTGRES_DB value: "nextcloud" - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-db key: db-username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: nextcloud-db key: db-password - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: nextcloud key: nextcloud-username - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nextcloud key: nextcloud-password - name: NEXTCLOUD_TRUSTED_DOMAINS value: "nextcloud.home nextcloud.dooplex.hu localhost" - name: NEXTCLOUD_DATA_DIR value: "/data" resources: {} volumeMounts: - name: nextcloud-main mountPath: /var/www/ subPath: root - name: nextcloud-main mountPath: /var/www/html subPath: html - name: nextcloud-main mountPath: /var/www/html/config subPath: config - name: nextcloud-main mountPath: /var/www/html/custom_apps subPath: custom_apps - name: nextcloud-main mountPath: /var/www/tmp subPath: tmp - name: nextcloud-main mountPath: /var/www/html/themes subPath: themes - name: nextcloud-config mountPath: /var/www/html/config/custom.config.php subPath: custom.config.php - name: nextcloud-config mountPath: /var/www/html/config/previews.config.php subPath: previews.config.php - name: nextcloud-config mountPath: /var/www/html/config/.htaccess subPath: .htaccess - name: nextcloud-config mountPath: /var/www/html/config/apache-pretty-urls.config.php subPath: apache-pretty-urls.config.php - name: nextcloud-config mountPath: /var/www/html/config/apcu.config.php subPath: apcu.config.php - name: nextcloud-config mountPath: /var/www/html/config/apps.config.php subPath: apps.config.php - name: nextcloud-config mountPath: /var/www/html/config/autoconfig2.php subPath: autoconfig2.php - name: nextcloud-config mountPath: /var/www/html/config/reverse-proxy.config.php subPath: reverse-proxy.config.php - name: nextcloud-config mountPath: /var/www/html/config/upgrade-disable-web.config.php subPath: upgrade-disable-web.config.php - mountPath: /data name: data - name: nextcloud-phpconfig mountPath: "/usr/local/etc/php/conf.d/uploadLimit.ini" subPath: uploadLimit.ini ports: - name: http containerPort: 80 protocol: TCP startupProbe: httpGet: path: /status.php port: 80 httpHeaders: - name: Host value: localhost initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 30 livenessProbe: httpGet: path: /status.php port: 80 httpHeaders: - name: Host value: localhost initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /status.php port: 80 httpHeaders: - name: Host value: localhost initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 initContainers: - name: postgresql-isready image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3 resources: {} securityContext: {} env: - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-db key: db-username - name: POSTGRES_HOST value: nextcloud-postgresql command: - "sh" - "-c" - "until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; done" volumes: - name: nextcloud-main persistentVolumeClaim: claimName: nextcloud-nextcloud - name: nextcloud-config configMap: name: nextcloud-config - name: nextcloud-phpconfig configMap: name: nextcloud-phpconfig - hostPath: path: /mnt/4_hdd/data/nextcloud type: Directory name: data securityContext: # Will mount configuration files as www-data (id: 33) for nextcloud fsGroup: 33 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: nextcloud-postgresql namespace: "nextcloud-system" labels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 app.kubernetes.io/component: primary spec: replicas: 1 serviceName: nextcloud-postgresql-hl updateStrategy: rollingUpdate: {} type: RollingUpdate selector: matchLabels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary template: metadata: name: nextcloud-postgresql labels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/version: 17.5.0 app.kubernetes.io/component: primary spec: serviceAccountName: nextcloud-postgresql automountServiceAccountToken: false affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: nextcloud app.kubernetes.io/name: postgresql app.kubernetes.io/component: primary topologyKey: kubernetes.io/hostname weight: 1 securityContext: fsGroup: 1001 fsGroupChangePolicy: Always supplementalGroups: [] sysctls: [] hostNetwork: false hostIPC: false containers: - name: postgresql image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3 imagePullPolicy: "IfNotPresent" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 1001 runAsNonRoot: true runAsUser: 1001 seLinuxOptions: {} seccompProfile: type: RuntimeDefault env: - name: BITNAMI_DEBUG value: "false" - name: POSTGRESQL_PORT_NUMBER value: "5432" - name: POSTGRESQL_VOLUME_DIR value: "/bitnami/postgresql" - name: PGDATA value: "/bitnami/postgresql/data" # Authentication - name: POSTGRES_USER value: "nextcloud" - name: POSTGRES_PASSWORD_FILE value: /opt/bitnami/postgresql/secrets/password - name: POSTGRES_POSTGRES_PASSWORD_FILE value: /opt/bitnami/postgresql/secrets/postgres-password - name: POSTGRES_DATABASE value: "nextcloud" # LDAP - name: POSTGRESQL_ENABLE_LDAP value: "no" # TLS - name: POSTGRESQL_ENABLE_TLS value: "no" # Audit - name: POSTGRESQL_LOG_HOSTNAME value: "false" - name: POSTGRESQL_LOG_CONNECTIONS value: "false" - name: POSTGRESQL_LOG_DISCONNECTIONS value: "false" - name: POSTGRESQL_PGAUDIT_LOG_CATALOG value: "off" # Others - name: POSTGRESQL_CLIENT_MIN_MESSAGES value: "error" - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES value: "pgaudit" ports: - name: tcp-postgresql containerPort: 5432 livenessProbe: failureThreshold: 6 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 exec: command: - /bin/sh - -c - exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432 readinessProbe: failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 exec: command: - /bin/sh - -c - -e - | exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432 resources: limits: cpu: 150m ephemeral-storage: 2Gi memory: 192Mi requests: cpu: 100m ephemeral-storage: 50Mi memory: 128Mi volumeMounts: - name: empty-dir mountPath: /tmp subPath: tmp-dir - name: empty-dir mountPath: /opt/bitnami/postgresql/conf subPath: app-conf-dir - name: empty-dir mountPath: /opt/bitnami/postgresql/tmp subPath: app-tmp-dir - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ - name: dshm mountPath: /dev/shm - name: data mountPath: /bitnami/postgresql volumes: - name: empty-dir emptyDir: {} - name: postgresql-password secret: secretName: nextcloud-postgresql - name: dshm emptyDir: medium: Memory - name: data persistentVolumeClaim: claimName: nextcloud-postgresql-data # NOW PERSISTENT