hive-apps/projects/nextcloud/values/nextcloud.yaml

167 lines
3.9 KiB
YAML
Raw Normal View History

2021-11-28 10:16:31 +00:00
image:
2024-06-09 19:47:31 +00:00
tag: 29-fpm
2021-11-28 10:16:31 +00:00
pullPolicy: Always
nextcloud:
host: share.gnu.one
extraEnv:
- name: HTTP_PROXY
2022-12-10 14:31:52 +00:00
value: http://proxy-squid.proxy.svc.cluster.local:3128
2021-11-28 10:16:31 +00:00
- name: HTTPS_PROXY
2022-12-10 14:31:52 +00:00
value: http://proxy-squid.proxy.svc.cluster.local:3128
2021-11-28 10:16:31 +00:00
- name: NO_PROXY
value: .cluster.local
existingSecret:
enabled: true
secretName: nextcloud-user
usernameKey: username
passwordKey: password
smtpUsernameKey: smtp_username
smtpPasswordKey: smtp_password
configs:
proxy.config.php: |-
<?php
$CONFIG = array (
2022-12-10 14:31:52 +00:00
'proxy' => 'proxy-squid.proxy.svc.cluster.local:3128',
2021-11-28 10:16:31 +00:00
'proxyexclude' => ['.cluster.local'],
'debug' => true,
'loglevel' => 1,
);
extraSecurityContext:
runAsUser: "33"
runAsGroup: "33"
runAsNonRoot: true
readOnlyRootFilesystem: true
2022-09-02 17:30:24 +00:00
2022-09-03 14:45:30 +00:00
# Needed for rootless:
containerPort: 8080
2022-09-02 17:30:24 +00:00
extraVolumes:
- name: nginx-cache
emptyDir: {}
- name: nginx-run
emptyDir: {}
2022-09-02 17:30:24 +00:00
extraVolumeMounts:
- mountPath: /var/cache/nginx
name: nginx-cache
- mountPath: /var/run
name: nginx-run
2022-09-02 17:30:24 +00:00
2021-11-28 10:16:31 +00:00
phpConfigs:
memory_limit.conf: |
php_admin_value[memory_limit] = 512M
tuning.conf: |
pm = dynamic
pm.max_children = 64
pm.start_servers = 12
pm.min_spare_servers = 8
pm.max_spare_servers = 24
pm.max_requests = 1000
2022-05-11 15:33:05 +00:00
2022-09-02 17:30:24 +00:00
# See: https://github.com/nextcloud/helm/issues/186
securityContext:
runAsUser: 101
runAsGroup: 101
fsGroup: 101
2022-09-03 14:45:30 +00:00
fsGroupChangePolicy: "Always"
runAsNonRoot: true
2022-09-02 17:30:24 +00:00
2021-11-28 10:16:31 +00:00
ingress:
enabled: true
2022-01-06 10:17:45 +00:00
labels:
environment: external
2021-11-28 10:16:31 +00:00
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 20G
2021-11-28 10:16:31 +00:00
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
2022-01-05 20:06:12 +00:00
traefik.ingress.kubernetes.io/router.tls: 'true'
2022-01-11 21:18:02 +00:00
kubernetes.io/ingress.class: ingress-external
2022-11-22 07:19:05 +00:00
external-dns.alpha.kubernetes.io/hostname: share.gnu.one
external-dns.alpha.kubernetes.io/target: gnu.one
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
2021-11-28 10:16:31 +00:00
tls:
- secretName: nextcloud-tls
hosts:
- share.gnu.one
nginx:
enabled: true
2024-06-21 06:51:41 +00:00
containerPort: 8080
2021-11-28 10:16:31 +00:00
cronjob:
2022-05-11 15:33:05 +00:00
enabled: false
2021-11-28 10:16:31 +00:00
curlInsecure: true
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
2022-12-11 10:10:54 +00:00
host: nextcloud-db-rw.nextcloud.svc.cluster.local
2021-11-28 10:16:31 +00:00
existingSecret:
enabled: true
2023-02-12 21:21:47 +00:00
secretName: nextcloud-db-superuser
2022-12-11 10:58:54 +00:00
passwordKey: password
usernameKey: username
2021-11-28 10:16:31 +00:00
postgresql:
2022-12-11 10:24:43 +00:00
enabled: false
2022-05-24 16:11:34 +00:00
2021-11-28 10:16:31 +00:00
redis:
enabled: false
architecture: standalone
auth:
existingSecret: nextcloud-redis
existingSecretPasswordKey: password
replica:
replicaCount: 1
rbac:
create: false
podSecurityPolicy:
enabled: true
create: true
persistence:
enabled: true
storageClass: local-path
size: 100Gi
persistence:
enabled: true
rbac:
enabled: true
readinessProbe:
initialDelaySeconds: 60
livenessProbe:
initialDelaySeconds: 60
startupProbe:
initialDelaySeconds: 60