2021-11-28 10:16:31 +00:00
|
|
|
image:
|
2021-12-01 19:30:55 +00:00
|
|
|
tag: 22-fpm
|
2021-11-28 10:16:31 +00:00
|
|
|
pullPolicy: Always
|
|
|
|
|
|
|
|
nextcloud:
|
|
|
|
host: share.gnu.one
|
|
|
|
extraEnv:
|
|
|
|
- name: HTTP_PROXY
|
|
|
|
value: http://proxy-squid.proxy.svc.cluster.local:80
|
|
|
|
- name: HTTPS_PROXY
|
|
|
|
value: http://proxy-squid.proxy.svc.cluster.local:80
|
|
|
|
- name: NO_PROXY
|
|
|
|
value: .cluster.local
|
|
|
|
existingSecret:
|
|
|
|
enabled: true
|
|
|
|
secretName: nextcloud-user
|
|
|
|
usernameKey: username
|
|
|
|
passwordKey: password
|
|
|
|
smtpUsernameKey: smtp_username
|
|
|
|
smtpPasswordKey: smtp_password
|
|
|
|
configs:
|
|
|
|
proxy.config.php: |-
|
|
|
|
<?php
|
|
|
|
$CONFIG = array (
|
|
|
|
'proxy' => 'proxy-squid.proxy.svc.cluster.local:80',
|
|
|
|
'trusted_proxies' =>
|
|
|
|
array (
|
|
|
|
0 => 'proxy-squid.proxy.svc.cluster.local',
|
|
|
|
),
|
|
|
|
'proxyexclude' => ['.cluster.local'],
|
|
|
|
'debug' => true,
|
|
|
|
'loglevel' => 1,
|
|
|
|
);
|
|
|
|
extraSecurityContext:
|
|
|
|
runAsUser: "33"
|
|
|
|
runAsGroup: "33"
|
|
|
|
runAsNonRoot: true
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
phpConfigs:
|
|
|
|
memory_limit.conf: |
|
|
|
|
php_admin_value[memory_limit] = 512M
|
|
|
|
tuning.conf: |
|
|
|
|
pm = dynamic
|
|
|
|
pm.max_children = 64
|
|
|
|
pm.start_servers = 12
|
|
|
|
pm.min_spare_servers = 8
|
|
|
|
pm.max_spare_servers = 24
|
|
|
|
pm.max_requests = 1000
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
enabled: true
|
|
|
|
annotations:
|
|
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 4G
|
|
|
|
kubernetes.io/ingress.class: "external"
|
|
|
|
kubernetes.io/tls-acme: "true"
|
|
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
|
|
# nginx.ingress.kubernetes.io/server-snippet: |-
|
|
|
|
# server_tokens off;
|
|
|
|
# proxy_hide_header X-Powered-By;
|
|
|
|
#
|
|
|
|
# rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
|
|
|
# rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
|
|
|
# rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
|
|
|
|
# location = /.well-known/carddav {
|
|
|
|
# return 301 $scheme://$host/remote.php/dav;
|
|
|
|
# }
|
|
|
|
# location = /.well-known/caldav {
|
|
|
|
# return 301 $scheme://$host/remote.php/dav;
|
|
|
|
# }
|
|
|
|
# location = /robots.txt {
|
|
|
|
# allow all;
|
|
|
|
# log_not_found off;
|
|
|
|
# access_log off;
|
|
|
|
# }
|
|
|
|
# location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
|
|
|
# deny all;
|
|
|
|
# }
|
|
|
|
# location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
|
|
|
|
# deny all;
|
|
|
|
# }
|
|
|
|
tls:
|
|
|
|
- secretName: nextcloud-tls
|
|
|
|
hosts:
|
|
|
|
- share.gnu.one
|
|
|
|
|
|
|
|
nginx:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
cronjob:
|
|
|
|
enabled: false
|
|
|
|
curlInsecure: true
|
|
|
|
|
|
|
|
internalDatabase:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
externalDatabase:
|
|
|
|
enabled: true
|
|
|
|
type: postgresql
|
|
|
|
host: nextcloud-postgresql.nextcloud.svc.cluster.local
|
|
|
|
existingSecret:
|
|
|
|
enabled: true
|
|
|
|
secretName: nextcloud-postgres
|
|
|
|
passwordKey: postgresql-password
|
|
|
|
usernameKey: postgresql-username
|
|
|
|
|
|
|
|
postgresql:
|
|
|
|
enabled: true
|
|
|
|
postgresqlDatabase: nextcloud
|
|
|
|
postgresqlUsername: nextcloud
|
|
|
|
existingSecret: nextcloud-postgres
|
|
|
|
persistence:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
redis:
|
|
|
|
enabled: false
|
|
|
|
architecture: standalone
|
|
|
|
auth:
|
|
|
|
existingSecret: nextcloud-redis
|
|
|
|
existingSecretPasswordKey: password
|
|
|
|
replica:
|
|
|
|
replicaCount: 1
|
|
|
|
rbac:
|
|
|
|
create: false
|
|
|
|
podSecurityPolicy:
|
|
|
|
enabled: true
|
|
|
|
create: true
|
|
|
|
|
|
|
|
persistence:
|
|
|
|
enabled: true
|
|
|
|
storageClass: local-path
|
|
|
|
size: 100Gi
|
|
|
|
persistence:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
rbac:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
readinessProbe:
|
|
|
|
initialDelaySeconds: 60
|
|
|
|
livenessProbe:
|
|
|
|
initialDelaySeconds: 60
|
|
|
|
startupProbe:
|
|
|
|
initialDelaySeconds: 60
|