hive-apps/projects/nextcloud/values/nextcloud.yaml
2024-10-19 10:03:22 +02:00

166 lines
3.9 KiB
YAML

image:
tag: 29-fpm
pullPolicy: Always
nextcloud:
host: share.nold.in
extraEnv:
- name: HTTP_PROXY
value: http://proxy-squid.proxy.svc.cluster.local:3128
- name: HTTPS_PROXY
value: http://proxy-squid.proxy.svc.cluster.local:3128
- name: NO_PROXY
value: .cluster.local
existingSecret:
enabled: true
secretName: nextcloud-user
usernameKey: username
passwordKey: password
smtpUsernameKey: smtp_username
smtpPasswordKey: smtp_password
configs:
proxy.config.php: |-
<?php
$CONFIG = array (
'proxy' => 'proxy-squid.proxy.svc.cluster.local:3128',
'proxyexclude' => ['.cluster.local'],
'debug' => true,
'loglevel' => 1,
);
extraSecurityContext:
runAsUser: "33"
runAsGroup: "33"
runAsNonRoot: true
readOnlyRootFilesystem: true
# Needed for rootless:
containerPort: 8080
extraVolumes:
- name: nginx-cache
emptyDir: {}
- name: nginx-run
emptyDir: {}
extraVolumeMounts:
- mountPath: /var/cache/nginx
name: nginx-cache
- mountPath: /var/run
name: nginx-run
phpConfigs:
memory_limit.conf: |
php_admin_value[memory_limit] = 512M
tuning.conf: |
pm = dynamic
pm.max_children = 64
pm.start_servers = 12
pm.min_spare_servers = 8
pm.max_spare_servers = 24
pm.max_requests = 1000
# See: https://github.com/nextcloud/helm/issues/186
securityContext:
runAsUser: 101
runAsGroup: 101
fsGroup: 101
fsGroupChangePolicy: "Always"
runAsNonRoot: true
ingress:
enabled: true
labels:
environment: external
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 20G
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/router.tls: 'true'
kubernetes.io/ingress.class: ingress-external
external-dns.alpha.kubernetes.io/hostname: share.nold.in
external-dns.alpha.kubernetes.io/target: nold.in
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: nextcloud-tls
hosts:
- share.nold.in
nginx:
enabled: true
containerPort: 8080
cronjob:
enabled: false
curlInsecure: true
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
host: nextcloud-db-rw.nextcloud.svc.cluster.local
existingSecret:
enabled: true
secretName: nextcloud-db-superuser
passwordKey: password
usernameKey: username
postgresql:
enabled: false
redis:
enabled: false
architecture: standalone
auth:
existingSecret: nextcloud-redis
existingSecretPasswordKey: password
replica:
replicaCount: 1
rbac:
create: false
podSecurityPolicy:
enabled: true
create: true
persistence:
enabled: true
storageClass: local-path
size: 100Gi
persistence:
enabled: true
rbac:
enabled: true
readinessProbe:
initialDelaySeconds: 60
livenessProbe:
initialDelaySeconds: 60
startupProbe:
initialDelaySeconds: 60