144 lines
4.5 KiB
YAML
144 lines
4.5 KiB
YAML
# services/nextcloud/deployment.yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: nextcloud
|
|
namespace: nextcloud
|
|
labels:
|
|
app: nextcloud
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: nextcloud
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: nextcloud
|
|
spec:
|
|
nodeSelector:
|
|
hardware: rpi5
|
|
securityContext:
|
|
fsGroup: 33
|
|
runAsUser: 33
|
|
runAsGroup: 33
|
|
initContainers:
|
|
- name: fix-perms
|
|
image: alpine:3.20
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
chown -R 33:33 /var/www/html/config || true
|
|
chown -R 33:33 /var/www/html/data || true
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
volumeMounts:
|
|
- name: nextcloud-data
|
|
mountPath: /var/www/html
|
|
- name: nextcloud-config
|
|
mountPath: /var/www/html/config/extra.config.php
|
|
subPath: extra.config.php
|
|
containers:
|
|
- name: nextcloud
|
|
image: nextcloud:29-apache
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
# DB (external secret required: nextcloud-db with keys username,password,database)
|
|
- name: POSTGRES_HOST
|
|
value: postgres-service.postgres.svc.cluster.local
|
|
- name: POSTGRES_DB
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-db
|
|
key: database
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-db
|
|
key: db-username
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-db
|
|
key: db-password
|
|
# Admin bootstrap (external secret: nextcloud-admin with keys admin-user, admin-password)
|
|
- name: NEXTCLOUD_ADMIN_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-admin
|
|
key: admin-user
|
|
- name: NEXTCLOUD_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-admin
|
|
key: admin-password
|
|
- name: NEXTCLOUD_TRUSTED_DOMAINS
|
|
value: cloud.bstein.dev
|
|
- name: OVERWRITEHOST
|
|
value: cloud.bstein.dev
|
|
- name: OVERWRITEPROTOCOL
|
|
value: https
|
|
- name: OVERWRITECLIURL
|
|
value: https://cloud.bstein.dev
|
|
# SMTP (external secret: nextcloud-smtp with keys username, password)
|
|
- name: SMTP_HOST
|
|
value: mail.bstein.dev
|
|
- name: SMTP_PORT
|
|
value: "587"
|
|
- name: SMTP_SECURE
|
|
value: tls
|
|
- name: SMTP_NAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-smtp
|
|
key: smtp-username
|
|
- name: SMTP_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-smtp
|
|
key: smtp-password
|
|
- name: MAIL_FROM_ADDRESS
|
|
value: no-reply
|
|
- name: MAIL_DOMAIN
|
|
value: bstein.dev
|
|
# OIDC (external secret: nextcloud-oidc with keys client-id, client-secret)
|
|
- name: OIDC_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-oidc
|
|
key: client-id
|
|
- name: OIDC_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: nextcloud-oidc
|
|
key: client-secret
|
|
- name: NEXTCLOUD_UPDATE
|
|
value: "1"
|
|
- name: APP_INSTALL
|
|
value: "mail,oidc_login,external"
|
|
ports:
|
|
- containerPort: 80
|
|
name: http
|
|
volumeMounts:
|
|
- name: nextcloud-data
|
|
mountPath: /var/www/html
|
|
- name: nextcloud-config
|
|
mountPath: /var/www/html/config/extra.config.php
|
|
subPath: extra.config.php
|
|
resources:
|
|
requests:
|
|
cpu: 250m
|
|
memory: 1Gi
|
|
limits:
|
|
cpu: 1
|
|
memory: 3Gi
|
|
volumes:
|
|
- name: nextcloud-data
|
|
persistentVolumeClaim:
|
|
claimName: nextcloud-data
|
|
- name: nextcloud-config
|
|
configMap:
|
|
name: nextcloud-config
|
|
defaultMode: 0444
|