hive-apps/projects/nextcloud/values/nextcloud.yaml

144 lines
3.4 KiB
YAML
Raw Normal View History

2021-11-28 10:16:31 +00:00
image:
2021-12-01 19:30:55 +00:00
tag: 22-fpm
2021-11-28 10:16:31 +00:00
pullPolicy: Always
nextcloud:
host: share.gnu.one
extraEnv:
- name: HTTP_PROXY
value: http://proxy-squid.proxy.svc.cluster.local:80
- name: HTTPS_PROXY
value: http://proxy-squid.proxy.svc.cluster.local:80
- name: NO_PROXY
value: .cluster.local
existingSecret:
enabled: true
secretName: nextcloud-user
usernameKey: username
passwordKey: password
smtpUsernameKey: smtp_username
smtpPasswordKey: smtp_password
configs:
proxy.config.php: |-
<?php
$CONFIG = array (
'proxy' => 'proxy-squid.proxy.svc.cluster.local:80',
'trusted_proxies' =>
array (
0 => 'proxy-squid.proxy.svc.cluster.local',
),
'proxyexclude' => ['.cluster.local'],
'debug' => true,
'loglevel' => 1,
);
extraSecurityContext:
runAsUser: "33"
runAsGroup: "33"
runAsNonRoot: true
readOnlyRootFilesystem: true
phpConfigs:
memory_limit.conf: |
php_admin_value[memory_limit] = 512M
tuning.conf: |
pm = dynamic
pm.max_children = 64
pm.start_servers = 12
pm.min_spare_servers = 8
pm.max_spare_servers = 24
pm.max_requests = 1000
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 4G
kubernetes.io/ingress.class: "external"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
# nginx.ingress.kubernetes.io/server-snippet: |-
# server_tokens off;
# proxy_hide_header X-Powered-By;
#
# rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
# rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
# rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
# location = /.well-known/carddav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /.well-known/caldav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /robots.txt {
# allow all;
# log_not_found off;
# access_log off;
# }
# location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
# deny all;
# }
# location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
# deny all;
# }
tls:
- secretName: nextcloud-tls
hosts:
- share.gnu.one
nginx:
enabled: true
cronjob:
enabled: false
curlInsecure: true
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
host: nextcloud-postgresql.nextcloud.svc.cluster.local
existingSecret:
enabled: true
secretName: nextcloud-postgres
passwordKey: postgresql-password
usernameKey: postgresql-username
postgresql:
enabled: true
postgresqlDatabase: nextcloud
postgresqlUsername: nextcloud
existingSecret: nextcloud-postgres
persistence:
enabled: true
redis:
enabled: false
architecture: standalone
auth:
existingSecret: nextcloud-redis
existingSecretPasswordKey: password
replica:
replicaCount: 1
rbac:
create: false
podSecurityPolicy:
enabled: true
create: true
persistence:
enabled: true
storageClass: local-path
size: 100Gi
persistence:
enabled: true
rbac:
enabled: true
readinessProbe:
initialDelaySeconds: 60
livenessProbe:
initialDelaySeconds: 60
startupProbe:
initialDelaySeconds: 60