Migrate Nextcloud to Kube
This commit is contained in:
parent
21b583dc5b
commit
c5cae07624
254
nextcloud/application.yaml
Normal file
254
nextcloud/application.yaml
Normal file
@ -0,0 +1,254 @@
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: SecretClaim
|
||||
metadata:
|
||||
name: nextcloud-admin-secrets
|
||||
spec:
|
||||
size: 32
|
||||
mapping:
|
||||
- key: password
|
||||
value: "%(plaintext)s"
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: KeydbClaim
|
||||
metadata:
|
||||
name: nextcloud
|
||||
spec:
|
||||
class: ephemeral
|
||||
capacity: 100Mi
|
||||
---
|
||||
apiVersion: codemowers.io/v1alpha1
|
||||
kind: OIDCGWClient
|
||||
metadata:
|
||||
name: nextcloud
|
||||
spec:
|
||||
displayName: Nextcloud
|
||||
uri: https://nextcloud.k-space.ee
|
||||
redirectUris:
|
||||
- https://nextcloud.k-space.ee/apps/oidc_login/oidc
|
||||
allowedGroups:
|
||||
- k-space:floor
|
||||
grantTypes:
|
||||
- authorization_code
|
||||
- refresh_token
|
||||
responseTypes:
|
||||
- code
|
||||
availableScopes:
|
||||
- openid
|
||||
- profile
|
||||
pkce: false
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: nextcloud
|
||||
labels:
|
||||
app.kubernetes.io/name: nextcloud
|
||||
spec:
|
||||
serviceName: nextcloud
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: nextcloud
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: nextcloud
|
||||
spec:
|
||||
enableServiceLinks: false
|
||||
containers:
|
||||
- name: nextcloud
|
||||
image: nextcloud:production-apache
|
||||
env:
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-client-nextcloud-owner-secrets
|
||||
key: OIDC_CLIENT_ID
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-client-nextcloud-owner-secrets
|
||||
key: OIDC_CLIENT_SECRET
|
||||
- name: OIDC_GATEWAY_AUTH_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-client-nextcloud-owner-secrets
|
||||
key: OIDC_GATEWAY_AUTH_URI
|
||||
- name: OIDC_GATEWAY_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-client-nextcloud-owner-secrets
|
||||
key: OIDC_GATEWAY_URI
|
||||
- name: UPLOAD_LIMIT
|
||||
value: 10G
|
||||
- name: MYSQL_USER
|
||||
value: kspace_nextcloud
|
||||
- name: MYSQL_DATABASE
|
||||
value: kspace_nextcloud
|
||||
- name: MYSQL_HOST
|
||||
value: mariadb.infra.k-space.ee
|
||||
- name: NEXTCLOUD_ADMIN_USER
|
||||
value: admin
|
||||
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
||||
value: nextcloud.k-space.ee
|
||||
- name: OBJECTSTORE_S3_HOST
|
||||
value: 172.20.9.2
|
||||
- name: OBJECTSTORE_S3_PORT
|
||||
value: "9000"
|
||||
- name: OBJECTSTORE_S3_BUCKET
|
||||
value: kspace-nextcloud
|
||||
- name: OBJECTSTORE_S3_SSL
|
||||
value: "false"
|
||||
- name: OBJECTSTORE_S3_KEY
|
||||
value: kspace-nextcloud
|
||||
- name: OBJECTSTORE_S3_REGION
|
||||
value: us-west-1
|
||||
- name: OBJECTSTORE_S3_USEPATH_STYLE
|
||||
value: "true"
|
||||
- name: TRUSTED_PROXIES
|
||||
value: 0.0.0.0/0
|
||||
- name: MAIL_FROM_ADDRESS
|
||||
value: nextcloud@k-space.ee
|
||||
- name: SMTP_HOST
|
||||
value: mail.k-space.ee
|
||||
- name: MAIL_DOMAIN
|
||||
value: k-space.ee
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-admin-secrets
|
||||
key: password
|
||||
- name: REDIS_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keydb-nextcloud-owner-secrets
|
||||
key: REDIS_MASTER
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keydb-nextcloud-owner-secrets
|
||||
key: REDIS_PASSWORD
|
||||
- name: MYSQL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-imported-secrets
|
||||
key: MYSQL_PASSWORD
|
||||
- name: OBJECTSTORE_S3_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-imported-secrets
|
||||
key: OBJECTSTORE_S3_SECRET
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: http
|
||||
volumeMounts:
|
||||
- mountPath: /var/www/html
|
||||
name: data
|
||||
- mountPath: /var/www/html/config/oidc.config.php
|
||||
name: config
|
||||
subPath: oidc.config.php
|
||||
volumes:
|
||||
- name: config
|
||||
projected:
|
||||
sources:
|
||||
- configMap:
|
||||
name: nextcloud-config
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nextcloud
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
selector:
|
||||
app.kubernetes.io/name: nextcloud
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: nextcloud
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
spec:
|
||||
rules:
|
||||
- host: nextcloud.k-space.ee
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: nextcloud
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nextcloud-config
|
||||
data:
|
||||
oidc.config.php: |-
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'allow_user_to_change_display_name' => false,
|
||||
'lost_password_link' => 'disabled',
|
||||
'oidc_login_provider_url' => getenv('OIDC_GATEWAY_URI'),
|
||||
'oidc_login_client_id' => getenv('OIDC_CLIENT_ID'),
|
||||
'oidc_login_client_secret' => getenv('OIDC_CLIENT_SECRET'),
|
||||
'oidc_login_auto_redirect' => true,
|
||||
'oidc_login_logout_url' => getenv('OIDC_GATEWAY_URI'),
|
||||
'oidc_login_end_session_redirect' => false,
|
||||
'oidc_login_default_quota' => '250000000000',
|
||||
'oidc_login_button_text' => 'Log in with OpenID',
|
||||
'oidc_login_hide_password_form' => true,
|
||||
'oidc_login_use_id_token' => false,
|
||||
'oidc_login_attributes' => array (
|
||||
'id' => 'sub',
|
||||
'name' => 'name',
|
||||
'mail' => 'email',
|
||||
//'quota' => 'ownCloudQuota',
|
||||
'home' => 'homeDirectory',
|
||||
'ldap_uid' => 'sub',
|
||||
//'groups' => 'ownCloudGroups',
|
||||
//'login_filter' => 'realm_access_roles',
|
||||
//'photoURL' => 'picture',
|
||||
//'is_admin' => 'ownCloudAdmin',
|
||||
),
|
||||
//'oidc_login_default_group' => 'oidc',
|
||||
'oidc_login_filter_allowed_values' => null,
|
||||
'oidc_login_use_external_storage' => false,
|
||||
'oidc_login_scope' => 'openid profile',
|
||||
'oidc_login_proxy_ldap' => false,
|
||||
'oidc_login_disable_registration' => true,
|
||||
'oidc_login_redir_fallback' => false,
|
||||
'oidc_login_alt_login_page' => 'assets/login.php',
|
||||
'oidc_login_tls_verify' => true,
|
||||
'oidc_create_groups' => false,
|
||||
'oidc_login_webdav_enabled' => false,
|
||||
'oidc_login_password_authentication' => false,
|
||||
'oidc_login_public_key_caching_time' => 86400,
|
||||
'oidc_login_min_time_between_jwks_requests' => 10,
|
||||
'oidc_login_well_known_caching_time' => 86400,
|
||||
'oidc_login_update_avatar' => false,
|
||||
'oidc_login_skip_proxy' => false,
|
||||
'oidc_login_code_challenge_method' => '',
|
||||
);
|
Loading…
Reference in New Issue
Block a user