k-space/kube
12
1
Fork 3
Code Issues 64 Pull Requests 1 Wiki Activity

Fix nextcloud installation, use dedicated DB

Browse Source
This commit is contained in:
Erki Aas
2025-11-28 15:39:44 +02:00
parent 20889f093e
commit e08abcf3fe
2 changed files with 128 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
nextcloud/application.yaml
View File

@@ -45,7 +45,8 @@ spec:
displayName: Nextcloud
uri: https://nextcloud.k-space.ee
redirectUris:
- https://nextcloud.k-space.ee/apps/oidc_login/oidc
- https://nextcloud.k-space.ee/apps/user_oidc/code
- https://nextcloud.k-space.ee/apps/user_oidc
allowedGroups:
- k-space:floor
grantTypes:
@@ -78,16 +79,33 @@ spec:
spec:
enableServiceLinks: false
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /var/www/html/"]
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /var/www/html/
name: data
- name: setup-php-config
image: mirror.gcr.io/library/nextcloud:31.0.2@sha256:c418eb78924b446c744eee30587564a8d5ef625ad64369c81936bd1491f589e3
image: mirror.gcr.io/library/nextcloud:32.0.2@sha256:8cb1dc8c26944115469dd22f4965d2ed35bab9cf8c48d2bb052c8e9f83821ded
command: [ "/bin/sh","-c" ]
args: ["cp -r /usr/local/etc/php/conf.d/. /config/"]
volumeMounts:
- mountPath: /config
name: php-config
- name: setup-nextcloud-config
image: busybox
command: [ "/bin/sh","-c" ]
args: ["cp -r /config/. /var/www/html/config/"]
volumeMounts:
- mountPath: /config
name: config
- name: data
mountPath: /var/www/html
containers:
- name: nextcloud
image: mirror.gcr.io/library/nextcloud:31.0.2@sha256:c418eb78924b446c744eee30587564a8d5ef625ad64369c81936bd1491f589e3
image: mirror.gcr.io/library/nextcloud:32.0.2@sha256:8cb1dc8c26944115469dd22f4965d2ed35bab9cf8c48d2bb052c8e9f83821ded
resources:
limits:
cpu: 4000m
@@ -95,14 +113,14 @@ spec:
requests:
cpu: 400m
memory: 500Mi
readinessProbe:
livenessProbe:
exec:
command:
- /usr/local/bin/php
- /var/www/html/cron.php
initialDelaySeconds: 1
initialDelaySeconds: 300
periodSeconds: 300
timeoutSeconds: 30
timeoutSeconds: 300
env:
- name: OIDC_CLIENT_ID
valueFrom:
@@ -127,13 +145,13 @@ spec:
- name: UPLOAD_LIMIT
value: 10G
- name: MYSQL_USER
value: kspace_nextcloud
value: nextcloud
- name: MYSQL_DATABASE
value: kspace_nextcloud
value: nextcloud
- name: MYSQL_HOST
value: mariadb.infra.k-space.ee
value: mariadb
- name: NEXTCLOUD_ADMIN_USER
value: admin
value: k6_admin
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.k-space.ee nextcloud # This is for reference - these values are not actually changed by env after installation.
- name: OBJECTSTORE_S3_HOST
@@ -173,7 +191,7 @@ spec:
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-imported-secrets
name: mariadb-secrets
key: MYSQL_PASSWORD
- name: OBJECTSTORE_S3_SECRET
valueFrom:
@@ -186,12 +204,6 @@ spec:
volumeMounts:
- mountPath: /var/www/html
name: data
- mountPath: /var/www/html/config/oidc.config.php
name: config
subPath: oidc.config.php
- mountPath: /var/www/html/config/override.config.php
name: config
subPath: override.config.php
- name: php-config
mountPath: /usr/local/etc/php/conf.d/
securityContext:
@@ -279,12 +291,6 @@ kind: ConfigMap
metadata:
name: nextcloud-config
data:
override.config.php: |-
<?php
$CONFIG = array (
'skeletondirectory' => '',
'default_phone_region' => 'EE',
);
oidc.config.php: |-
<?php
$CONFIG = array (

99
nextcloud/mariadb.yml Normal file
View File

@@ -0,0 +1,99 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mariadb
spec:
revisionHistoryLimit: 0
serviceName: mariadb
selector:
matchLabels:
app: mariadb
replicas: 1
template:
metadata:
labels:
app: mariadb
annotations:
prometheus.io/port: '9104'
prometheus.io/scrape: 'true'
spec:
containers:
- name: exporter
image: mirror.gcr.io/prom/mysqld-exporter:latest
args:
- --mysqld.username
- exporter
- name: mariadb
image: mirror.gcr.io/library/mariadb:12.1
imagePullPolicy: Always
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secrets
key: MYSQL_ROOT_PASSWORD
- name: MYSQL_USER
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MYSQL_DATABASE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secrets
key: MYSQL_PASSWORD
volumeMounts:
- name: mariadb-data
mountPath: /var/lib/mysql
- name: mariadb-init
mountPath: /docker-entrypoint-initdb.d
volumes:
- name: mariadb-init
configMap:
name: mariadb-init-config
volumeClaimTemplates:
- metadata:
name: mariadb-data
spec:
storageClassName: ceph-rbd
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: codemowers.cloud/v1beta1
kind: SecretClaim
metadata:
name: mariadb-secrets
spec:
size: 32
mapping:
- key: MYSQL_ROOT_PASSWORD
value: "%(plaintext)s"
- key: MYSQL_PASSWORD
value: "%(plaintext)s"
---
apiVersion: v1
kind: Service
metadata:
name: mariadb
spec:
ports:
- protocol: TCP
port: 3306
selector:
app: mariadb
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-init-config
data:
initdb.sql: |
CREATE USER 'exporter'@'127.0.0.1' WITH MAX_USER_CONNECTIONS 3;
GRANT PROCESS, REPLICATION CLIENT, SLAVE MONITOR, SELECT ON *.* TO 'exporter'@'127.0.0.1';