Merge branch 'release/12.0.0'

README.md

@@ -32,6 +32,7 @@ this kit:
 
 | nextcloud-azure-aks | Kubernetes Version Compatibility* | Nextcloud Version | Deployment Mechanism        |
 |---------------------|-----------------------------------|-------------------|-----------------------------|
+| 12.x                | Only tested on 1.25+              | 25.x              | Kustomize and Rigger CLI    |
 | 11.x                | Only tested on 1.25+              | 24.x              | Kustomize and Rigger CLI    |
 | 10.x                | 1.16-1.22+                        | 23.x              | Kustomize and Rigger CLI    |
 | 9.x                 | 1.16-1.22+                        | 22.x              | Kustomize and Rigger CLI    |
@@ -44,6 +45,62 @@ this kit:
 | 2.x                 | 1.15-1.21                         | 16.x              | Shell scripts and templates |
 | 1.x                 | 1.15-1.21                         | 15.x              | Shell scripts and templates |
 
+### Turning the Maintenance Page On and Off
+1. See instructions in `config-environment.yaml` for what settings to add to
+   your overlay configuration.
+2. Uncomment the maintenance page component in the `kustomization.yaml` file
+   of the overlay.
+3. Deploy just the maintenance page and shared dependencies using the following
+   command while you are in an overlay:
+   ```
+   ./rigger deploy maintenance-page --with-dependencies
+   ```
+4. Perform maintenance.
+5. Comment out the maintenance page component in the `kustomization.yaml` file
+   of the overlay.
+6. Re-deploy just the maintenance page and shared dependencies using the
+   following command while you are in an overlay:
+   ```
+   ./rigger deploy maintenance-page --with-dependencies
+   ```
+
+### Performing the Upgrade
+Follow these steps to upgrade:
+1.  Backup your database (as mentioned earlier in this document).
+2.  Enable the ingress maintenance page (if desired), as described above.
+3.  Change the version number of the docker images in the `kustomization.yaml`
+    file of your overlay to the new version you wish to deploy.
+4.  Change the replica count for the `nextcloud` pod in the `kustomization.yaml`
+    file to `1`.
+5.  Ensure that the storage configuration for the overlay is set to mount the
+    Nextcloud configuration volume as read-write.
+6.  Deploy the overlay with `./rigger deploy`.
+7.  Wait for deployment to finish and pods to start.
+8.  Observe the status of the upgrade using 
+    `kubectl logs -n <NAMESPACE> <NAME OF POD>` (e.g., you can get the names of
+    the pods with `kubectl get pods -n <NAMESPACE>`).
+9.  **If the upgrade failed:** You will need to troubleshoot your installation.
+    Some tips:
+    - You can modify the 
+      `components/http-nginx-fpm/app-nextcloud.nginx-fpm.yaml` and
+      `components/http-apache/app-nextcloud.apache.yaml` manifests, overriding
+      the `command` of the `backend-nextcloud-fpm` and
+      `backend-nextcloud-apache` containers, respectively, to be
+      `['sleep', 'inf']` or `['sleep', '86400']`. You can also change the 
+      `periodSeconds` values for the health checks to `86400` as well. Then,
+      re-deploy. These changes will prevent the pod from failing on startup 
+      from a bad upgrade, and will disable automatic restart of the pods from a
+      failing health checks, allowing you up to 24 hours to enter the pod with
+      `kubectl exec -it` to troubleshoot it.
+    - While in a Nextcloud pod, you can run the entrypoint script yourself to
+      see the output. The command is `/entrypoint.sh php-fpm` or
+      `/entrypoint.sh apache2-foreground`, for the nginx and Apache images,
+      respectively. You can run the entrypoint multiple times if you are
+      iterating on solving a problem.
+10. **If the upgrade succeeded:** rollback the changes you made to your 
+    `kustomization.yaml` file in steps 3, 4, and 5, and re-deploy the overlay to
+    restore full functionality.
+
 ### Switching from "Shell Script" Deployment to "Kustomize" Deployment
 If you are running version 1.x through 6.x of this kit and are now upgrading to
 version 7.x, we recommend taking the following steps:
@@ -422,4 +479,4 @@ credentials that Nextcloud uses to connect.
 All scripts and documentation provided in this repository are licensed under the
 GNU Affero GPL version 3, or any later version.
 
-© 2019-2022 Inveniem. All rights reserved.
+© 2019-2024 Inveniem. All rights reserved.

base/manifests/app-clamav.yaml

@@ -51,7 +51,7 @@ spec:
           effect: NoSchedule
       containers:
         - name: backend-clamav
-          image: "mkodockx/docker-clamav:latest"
+          image: "clamav/clamav:latest"
           ports:
             - containerPort: 3310
           resources:
@@ -60,7 +60,7 @@ spec:
               memory: 128Mi
             limits:
               cpu: 1000m
-              memory: 1536Mi
+              memory: 2048Mi
 ---
 apiVersion: v1
 kind: Service

docker/backend-nextcloud-apache/Dockerfile

@@ -8,7 +8,7 @@
 # @copyright Copyright (c) 2019-2024, Inveniem
 # @license GNU AGPL version 3 or any later version
 #
-FROM nextcloud:24.0.12-apache
+FROM nextcloud:25.0.13-apache
 
 ENV NEXTCLOUD_CONFIG_READ_ONLY "false"
 ENV NEXTCLOUD_INIT_LOCK "true"

docker/backend-nextcloud-fpm/Dockerfile

@@ -59,7 +59,7 @@ RUN set -eux;\
 ################################################################################
 # This is the container that actually gets pushed.
 #
-FROM nextcloud:24.0.12-fpm-alpine
+FROM nextcloud:25.0.13-fpm-alpine
 
 ENV NEXTCLOUD_CONFIG_READ_ONLY "false"
 ENV NEXTCLOUD_INIT_LOCK "true"

docker/nextcloud-common/entrypoint.sh

@@ -72,6 +72,8 @@ initialize_container() {
 
         configure_web_server "${container_type}"
         release_initialization_lock
+
+        invoke_hooks_for_stage "before-starting"
     fi
 }
 
@@ -185,6 +187,52 @@ sanitize_environment_vars() {
     fi
 }
 
+##
+# Execute any scripts included in the Docker image for a given stage of startup.
+#
+# @param $1
+#   The stage of Nextcloud initialization. Must be one of:
+#     - "pre-installation"
+#     - "post-installation"
+#     - "pre-upgrade"
+#     - "post-upgrade"
+#     - "before-starting"
+#
+invoke_hooks_for_stage() {
+    stage="${1}"
+    hook_folder_path="/docker-entrypoint-hooks.d/${stage}"
+    return_code=0
+
+    if ! [ -d "${hook_folder_path}" ]; then
+        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
+        return 0
+    fi
+
+    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
+
+    (
+        find "${hook_folder_path}" -type f -maxdepth 1 -iname '*.sh' -print | \
+          sort | \
+          while read -r script_file_path; do
+            if ! [ -x "${script_file_path}" ]; then
+                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
+                continue
+            fi
+
+            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
+
+            run_as "${script_file_path}" || return_code="$?"
+
+            if [ "${return_code}" -ne "0" ]; then
+                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
+                exit 1
+            fi
+
+            echo "==> Finished the script: \"${script_file_path}\""
+        done
+    )
+}
+
 ##
 # Identifies what user and group ID the image should run processes as.
 #
@@ -393,6 +441,8 @@ capture_existing_app_list() {
 install_nextcloud() {
     image_version="${1}"
 
+    invoke_hooks_for_stage "pre-installation"
+
     echo "This is a new installation of Nextcloud."
     echo ""
 
@@ -421,6 +471,8 @@ install_nextcloud() {
     fi
 
     echo ""
+
+    invoke_hooks_for_stage "post-installation"
 }
 
 
@@ -443,6 +495,16 @@ ensure_compatible_image() {
             echo "Are you sure you have pulled the newest image version?"
         } >&2
     fi
+
+    if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
+        {
+            echo "Nextcloud cannot be upgraded from ${installed_version} directly to ${image_version}."
+            echo "It is only possible to upgrade one major version at a time."
+            echo "For example, if you want to upgrade from version 24 to 26, you"
+            echo "will have to upgrade from version 24 to 25, then from 25 to 26."
+        } >&2
+        exit 1
+    fi
 }
 
 ##
@@ -457,6 +519,8 @@ upgrade_nextcloud() {
     installed_version="${1}"
     image_version="${2}"
 
+    invoke_hooks_for_stage "pre-upgrade"
+
     echo "Nextcloud will be upgraded from ${installed_version} to ${image_version}."
     echo ""
 
@@ -471,6 +535,8 @@ upgrade_nextcloud() {
     diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
 
     rm -f /tmp/list_before /tmp/list_after
+
+    invoke_hooks_for_stage "post-upgrade"
 }
 
 ##

docker/nextcloud-cron/Dockerfile

@@ -7,7 +7,7 @@
 # @copyright Copyright (c) 2019-2024, Inveniem
 # @license GNU AGPL version 3 or any later version
 #
-FROM nextcloud:24.0.12-apache
+FROM nextcloud:25.0.13-apache
 
 ENV NEXTCLOUD_CONFIG_READ_ONLY "true"
 

overlays/00-sample/kustomization.yaml

@@ -98,8 +98,8 @@ patches:
 namespace: nextcloud-sample
 
 images:
-  - name: mkodockx/docker-clamav
-    digest: "sha256:09faf0d32b3f6f1169d2428e8226f2ea12bbb8fc3d96acc95ee1278f1a9f39c4"
+  - name: clamav/clamav
+    digest: "docker pull 1.2"
 
   - name: redis
     newTag: "7.2.4-alpine"

overlays/00-sample/publish.profile

@@ -39,16 +39,16 @@ CONTAINER_ENGINE="docker"
 #
 NEXTCLOUD_CUSTOM_APPS=(
     'https://github.com/westberliner/checksum/releases/download/v1.2.3/checksum.tar.gz'
-    'https://github.com/nextcloud-releases/files_antivirus/releases/download/v5.3.1/files_antivirus-v5.3.1.tar.gz'
-    'https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v1.14.2/files_automatedtagging-v1.14.2.tar.gz'
+    'https://github.com/nextcloud-releases/files_antivirus/releases/download/v5.4.2/files_antivirus-v5.4.2.tar.gz'
+    'https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v1.15.3/files_automatedtagging-v1.15.3.tar.gz'
     'https://github.com/nextcloud-releases/files_downloadactivity/releases/download/v1.16.0/files_downloadactivity-v1.16.0.tar.gz'
     'https://github.com/Inveniem/nextcloud-files-excludedirs/releases/download/v1.0.1-beta/nextcloud_files_excludedirs-v1.0.1-beta.tar.gz'
     'https://github.com/nextcloud/files_rightclick/releases/download/v0.15.1/files_rightclick.tar.gz'
     'https://github.com/gino0631/nextcloud-metadata/releases/download/v0.19.0/metadata.tar.gz'
     'https://github.com/owncloud/music/releases/download/v1.10.0/music_1.10.0_for_nextcloud.tar.gz'
-    'https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.2.4/previewgenerator-v5.2.4.tar.gz'
-    'https://github.com/nextcloud-releases/user_external/releases/download/v3.1.0/user_external-v3.1.0.tar.gz'
-    'https://github.com/nextcloud-releases/user_saml/releases/download/v5.1.5/user_saml-v5.1.5.tar.gz'
+    'https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.3.0/previewgenerator-v5.3.0.tar.gz'
+    'https://github.com/nextcloud-releases/user_external/releases/download/v3.2.0/user_external-v3.2.0.tar.gz'
+    'https://github.com/nextcloud-releases/user_saml/releases/download/v5.2.7/user_saml-v5.2.7.tar.gz'
 )
 
 ################################################################################