image: tag: 25-fpm pullPolicy: Always nextcloud: host: share.gnu.one extraEnv: - name: HTTP_PROXY value: http://proxy-squid.proxy.svc.cluster.local:80 - name: HTTPS_PROXY value: http://proxy-squid.proxy.svc.cluster.local:80 - name: NO_PROXY value: .cluster.local existingSecret: enabled: true secretName: nextcloud-user usernameKey: username passwordKey: password smtpUsernameKey: smtp_username smtpPasswordKey: smtp_password configs: proxy.config.php: |- 'proxy-squid.proxy.svc.cluster.local:80', 'trusted_proxies' => array ( 0 => 'proxy-squid.proxy.svc.cluster.local', ), 'proxyexclude' => ['.cluster.local'], 'debug' => true, 'loglevel' => 1, ); extraSecurityContext: runAsUser: "33" runAsGroup: "33" runAsNonRoot: true readOnlyRootFilesystem: true # Needed for rootless: containerPort: 8080 extraVolumes: - name: nginx-cache emptyDir: {} - name: nginx-run emptyDir: {} extraVolumeMounts: - mountPath: /var/cache/nginx name: nginx-cache - mountPath: /var/run name: nginx-run phpConfigs: memory_limit.conf: | php_admin_value[memory_limit] = 512M tuning.conf: | pm = dynamic pm.max_children = 64 pm.start_servers = 12 pm.min_spare_servers = 8 pm.max_spare_servers = 24 pm.max_requests = 1000 # See: https://github.com/nextcloud/helm/issues/186 securityContext: runAsUser: 101 runAsGroup: 101 fsGroup: 101 fsGroupChangePolicy: "Always" runAsNonRoot: true ingress: enabled: true labels: environment: external annotations: #nginx.ingress.kubernetes.io/proxy-body-size: 4G kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.tls: 'true' kubernetes.io/ingress.class: ingress-external external-dns.alpha.kubernetes.io/hostname: share.gnu.one external-dns.alpha.kubernetes.io/target: gnu.one external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" tls: - secretName: nextcloud-tls hosts: - share.gnu.one nginx: enabled: true cronjob: enabled: false curlInsecure: true internalDatabase: enabled: false externalDatabase: enabled: true type: postgresql host: nextcloud-postgresql.nextcloud.svc.cluster.local existingSecret: enabled: true secretName: nextcloud-postgres passwordKey: postgresql-password usernameKey: postgresql-username postgresql: enabled: true # old: image: registry: docker.io repository: bitnami/postgresql tag: 11 postgresqlDatabase: nextcloud postgresqlUsername: nextcloud existingSecret: nextcloud-postgres persistence: enabled: true # New: global: auth: username: nextcloud password: nextcloud database: nextcloud existingSecret: nextcloud-postgres primary: persistence: enabled: true redis: enabled: false architecture: standalone auth: existingSecret: nextcloud-redis existingSecretPasswordKey: password replica: replicaCount: 1 rbac: create: false podSecurityPolicy: enabled: true create: true persistence: enabled: true storageClass: local-path size: 100Gi persistence: enabled: true rbac: enabled: true readinessProbe: initialDelaySeconds: 60 livenessProbe: initialDelaySeconds: 60 startupProbe: initialDelaySeconds: 60