From 160ab955e7bf47d856112425c8bababdbe14750e Mon Sep 17 00:00:00 2001 From: provokateurin Date: Mon, 24 Jun 2024 10:03:48 +0200 Subject: [PATCH 1/7] update: 29.0.2 Signed-off-by: provokateurin --- charts/nextcloud/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index ae07f63b..b4cb0401 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: nextcloud -version: 5.0.0 -appVersion: 29.0.1 +version: 5.0.1 +appVersion: 29.0.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: - nextcloud From 8598494eada20a84e406eb211b9fae93b9124c1e Mon Sep 17 00:00:00 2001 From: provokateurin Date: Thu, 27 Jun 2024 06:34:06 +0200 Subject: [PATCH 2/7] update: 29.0.3 Signed-off-by: provokateurin --- charts/nextcloud/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index b4cb0401..0efa16c5 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: nextcloud -version: 5.0.1 -appVersion: 29.0.2 +version: 5.0.2 +appVersion: 29.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: - nextcloud From 11f6601992a880ad1231bc19956b8fef6eb0c18b Mon Sep 17 00:00:00 2001 From: rene Date: Sat, 29 Jun 2024 15:26:18 +0200 Subject: [PATCH 3/7] make security context configurable for mariadb and postgresql init containers commit 5cde3a4eb9ecb67a713592fc56ab730ed5abe5b6 Merge: b5171ad 6f1f075 Author: rene Date: Fri Jun 28 23:05:44 2024 +0200 Merge branch 'set-security-context-for-init-containers' of https://github.com/raynay-r/nextcloud-helm into set-security-context-for-init-containers commit 6f1f0756d77fad97386489d558a86686a07c4973 Merge: 8ebadd7 f8cf007 Author: JesseBot Date: Sun Jun 9 09:31:22 2024 +0200 Merge branch 'main' into set-security-context-for-init-containers Signed-off-by: JesseBot commit 8ebadd7f38a55644de2ec511be28c5a095f6226e Author: JesseBot Date: Sun Jun 9 09:30:33 2024 +0200 Apply suggestions from code review - switch to one with instead of if + with Signed-off-by: JesseBot commit 6ae83c6c32b4d50977fcfed3520d070f0d76cb30 Merge: 1d2244a 1ae7421 Author: raynay-r <16634069+raynay-r@users.noreply.github.com> Date: Tue May 28 12:38:27 2024 +0200 Merge branch 'main' into set-security-context-for-init-containers Signed-off-by: raynay-r <16634069+raynay-r@users.noreply.github.com> commit 1d2244aa38379e5c4448d07fff01338aa8fc8400 Author: rene Date: Sat May 25 11:58:47 2024 +0200 increment minor version - new version 4.7.0 commit b5171ade43106b7ba58dcc8dbd79c10984ec63e0 Author: rene Date: Sat May 25 11:52:23 2024 +0200 increment to next minor version commit bf511ecb68f51c5011eae3f4041a160c7a0a6374 Merge: 0982a00 30c69c1 Author: JesseBot Date: Tue Apr 30 17:04:38 2024 +0200 Merge branch 'main' into set-security-context-for-init-containers commit 0982a0072697dd1292b2219d0bc500ea73301813 Author: rene Date: Tue Apr 16 11:30:14 2024 +0200 fix indentation of security context blocks in init container definitions Signed-off-by: rene commit 6918ded885c413847d0723d462fbdcb2dbf1855e Author: rene Date: Tue Apr 16 11:17:25 2024 +0200 fix issues from rebase Signed-off-by: rene commit 4df8b173ccc867d8c19283493ff41820619e9794 Author: rene Date: Tue Apr 16 10:23:37 2024 +0200 add new parameters for init containers security context Signed-off-by: rene Signed-off-by: rene --- charts/nextcloud/templates/deployment.yaml | 8 ++++++++ charts/nextcloud/values.yaml | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index 83546f42..680fafe4 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -293,6 +293,10 @@ spec: {{- if .Values.mariadb.enabled }} - name: mariadb-isalive image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }} + {{- with .Values.nextcloud.mariadbInitContainerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} env: - name: MYSQL_USER valueFrom: @@ -311,6 +315,10 @@ spec: {{- else if .Values.postgresql.enabled }} - name: postgresql-isready image: {{ .Values.postgresql.image.registry | default "docker.io" }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} + {{- with .Values.nextcloud.postgresqlInitContainerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} env: - name: POSTGRES_USER valueFrom: diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index b2e7d28a..de0ff0ba 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -213,6 +213,12 @@ nextcloud: # runAsNonRoot: true # readOnlyRootFilesystem: false + # Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + mariadbInitContainerSecurityContext: {} + + # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + postgresqlInitContainerSecurityContext: {} + # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive podSecurityContext: {} # runAsUser: 33 From 44711d50a93a755fc51d0917c9ceeb6f9c26203e Mon Sep 17 00:00:00 2001 From: rene Date: Sat, 29 Jun 2024 15:35:56 +0200 Subject: [PATCH 4/7] increment chart version to 5.1.0 Signed-off-by: rene --- charts/nextcloud/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 0efa16c5..6f22e480 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 5.0.2 +version: 5.1.0 appVersion: 29.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: From fe44323649aee1185a3640c71d01a4496b608e5d Mon Sep 17 00:00:00 2001 From: raynay-r <16634069+raynay-r@users.noreply.github.com> Date: Sat, 29 Jun 2024 16:06:47 +0200 Subject: [PATCH 5/7] Apply suggestions from code review Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: raynay-r <16634069+raynay-r@users.noreply.github.com> --- charts/nextcloud/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index 680fafe4..aa8ec8bc 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -295,7 +295,7 @@ spec: image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }} {{- with .Values.nextcloud.mariadbInitContainerSecurityContext }} securityContext: - {{- toYaml . | nindent 12 }} + {{- toYaml . | nindent 12 }} {{- end }} env: - name: MYSQL_USER @@ -317,7 +317,7 @@ spec: image: {{ .Values.postgresql.image.registry | default "docker.io" }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} {{- with .Values.nextcloud.postgresqlInitContainerSecurityContext }} securityContext: - {{- toYaml . | nindent 12 }} + {{- toYaml . | nindent 12 }} {{- end }} env: - name: POSTGRES_USER From bf6f73f4e7166af6f1ac13f453388bfe3f35cba7 Mon Sep 17 00:00:00 2001 From: rene Date: Sun, 30 Jun 2024 11:48:29 +0200 Subject: [PATCH 6/7] apply code review suggestion Signed-off-by: rene --- charts/nextcloud/templates/deployment.yaml | 4 ++-- charts/nextcloud/values.yaml | 17 +++++++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index aa8ec8bc..51a79d67 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -293,7 +293,7 @@ spec: {{- if .Values.mariadb.enabled }} - name: mariadb-isalive image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }} - {{- with .Values.nextcloud.mariadbInitContainerSecurityContext }} + {{- with .Values.nextcloud.mariaDbInitContainer.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -315,7 +315,7 @@ spec: {{- else if .Values.postgresql.enabled }} - name: postgresql-isready image: {{ .Values.postgresql.image.registry | default "docker.io" }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} - {{- with .Values.nextcloud.postgresqlInitContainerSecurityContext }} + {{- with .Values.nextcloud.postgreSqlInitContainer.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index de0ff0ba..0bfa4187 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -213,12 +213,6 @@ nextcloud: # runAsNonRoot: true # readOnlyRootFilesystem: false - # Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive - mariadbInitContainerSecurityContext: {} - - # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive - postgresqlInitContainerSecurityContext: {} - # Set securityContext parameters for the entire pod. For example, you may need to define runAsNonRoot directive podSecurityContext: {} # runAsUser: 33 @@ -226,6 +220,17 @@ nextcloud: # runAsNonRoot: true # readOnlyRootFilesystem: false + # Settings for the MariaDB init container + mariaDbInitContainer: + # Set mariadb initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + + # Settings for the PostgreSQL init container + postgreSqlInitContainer: + # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive + securityContext: {} + + nginx: ## You need to set an fpm version of the image for nextcloud if you want to use nginx! enabled: false From cf19396bf25c4366bd6bcaca0e2b2531526c41cc Mon Sep 17 00:00:00 2001 From: JesseBot Date: Mon, 1 Jul 2024 09:57:35 +0200 Subject: [PATCH 7/7] Add setting of NEXTCLOUD_SERVER and NEXTCLOUD_INFO_APPS for metrics exporter and clean up docs (#587) Signed-off-by: jessebot --- charts/nextcloud/Chart.yaml | 2 +- charts/nextcloud/README.md | 165 +++++++++--------- .../templates/metrics/deployment.yaml | 7 + charts/nextcloud/values.yaml | 7 + 4 files changed, 99 insertions(+), 82 deletions(-) diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 6f22e480..a4e1c078 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 5.1.0 +version: 5.2.0 appVersion: 29.0.3 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 4df1a770..40550fc6 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -210,46 +210,46 @@ For convenience, we packages the following Bitnami charts for databases (feel fr If you choose to use one of the prepackaged Bitnami helm charts, you must configure both the `externalDatabase` parameters, and the parameters for the chart you choose. For instance, if you choose to use the Bitnami PostgreSQL chart that we've prepackaged, you need to also configure all the parameters for `postgresql`. You do not need to use the Bitnami helm charts. If you want to use an already configured database that you have externally, just set `internalDatabase.enabled` to `false`, and configure the `externalDatabase` parameters below. -| Parameter | Description | Default | -|----------------------------------------------------------------------|----------------------------------------------------------------------------------------|-----------------------| -| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | -| `internalDatabase.database` | Name of the existing database | `nextcloud` | -| `externalDatabase.enabled` | Whether to use external database | `false` | -| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` | -| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` | -| `externalDatabase.database` | Name of the existing database | `nextcloud` | -| `externalDatabase.user` | Existing username in the external db | `nextcloud` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` | -| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` | -| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | -| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | -| `externalDatabase.existingSecret.hostKey` | Name of the key that contains the database hostname or IP address | `nil` | -| `externalDatabase.existingSecret.databaseKey` | Name of the key that contains the database name | `nil` | -| `mariadb.enabled` | Whether to use the MariaDB chart | `false` | -| `mariadb.auth.database` | Database name to create | `nextcloud` | -| `mariadb.auth.username` | Database user to create | `nextcloud` | -| `mariadb.auth.password` | Password for the database | `changeme` | -| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` | -| `mariadb.auth.existingSecret` | Use existing secret for MariaDB password details; see values.yaml for more detail | `''` | -| `mariadb.image.registry` | MariaDB image registry | `docker.io` | -| `mariadb.image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `mariadb.image.tag` | MariaDB image tag | `` | -| `mariadb.primary.persistence.enabled` | Whether or not to Use a PVC on MariaDB primary | `false` | -| `mariadb.primary.persistence.existingClaim` | Use an existing PVC for MariaDB primary | `nil` | -| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` | -| `postgresql.image.registry` | PostgreSQL image registry | `docker.io` | -| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `postgresql.image.tag` | PostgreSQL image tag | `15.4.0-debian-11-r10`| -| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` | -| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` | -| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` | -| `postgresql.global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `''` | -| `postgresql.global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL admin password | `''` | -| `postgresql.global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL user password | `''` | -| `postgresql.global.postgresql.auth.secretKeys.replicationPasswordKey`| Name of key in existing secret to use for PostgreSQL replication password | `''` | -| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` | -| `postgresql.primary.persistence.existingClaim` | Use an existing PVC for PostgreSQL primary | `nil` | +| Parameter | Description | Default | +|-----------------------------------------------------------------------|-----------------------------------------------------------------------------------|------------------------| +| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | +| `internalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.enabled` | Whether to use external database | `false` | +| `externalDatabase.type` | External database type: `mysql`, `postgresql` | `mysql` | +| `externalDatabase.host` | Host of the external database in form of `host:port` | `nil` | +| `externalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.user` | Existing username in the external db | `nextcloud` | +| `externalDatabase.password` | Password for the above username | `nil` | +| `externalDatabase.existingSecret.enabled` | Whether to use a existing secret or not | `false` | +| `externalDatabase.existingSecret.secretName` | Name of the existing secret | `nil` | +| `externalDatabase.existingSecret.usernameKey` | Name of the key that contains the username | `nil` | +| `externalDatabase.existingSecret.passwordKey` | Name of the key that contains the password | `nil` | +| `externalDatabase.existingSecret.hostKey` | Name of the key that contains the database hostname or IP address | `nil` | +| `externalDatabase.existingSecret.databaseKey` | Name of the key that contains the database name | `nil` | +| `mariadb.enabled` | Whether to use the MariaDB chart | `false` | +| `mariadb.auth.database` | Database name to create | `nextcloud` | +| `mariadb.auth.username` | Database user to create | `nextcloud` | +| `mariadb.auth.password` | Password for the database | `changeme` | +| `mariadb.auth.rootPassword` | MariaDB admin password | `nil` | +| `mariadb.auth.existingSecret` | Use existing secret for MariaDB password details; see values.yaml for more detail | `''` | +| `mariadb.image.registry` | MariaDB image registry | `docker.io` | +| `mariadb.image.repository` | MariaDB image repository | `bitnami/mariadb` | +| `mariadb.image.tag` | MariaDB image tag | `` | +| `mariadb.primary.persistence.enabled` | Whether or not to Use a PVC on MariaDB primary | `false` | +| `mariadb.primary.persistence.existingClaim` | Use an existing PVC for MariaDB primary | `nil` | +| `postgresql.enabled` | Whether to use the PostgreSQL chart | `false` | +| `postgresql.image.registry` | PostgreSQL image registry | `docker.io` | +| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` | +| `postgresql.image.tag` | PostgreSQL image tag | `15.4.0-debian-11-r10` | +| `postgresql.global.postgresql.auth.database` | Database name to create | `nextcloud` | +| `postgresql.global.postgresql.auth.username` | Database user to create | `nextcloud` | +| `postgresql.global.postgresql.auth.password` | Password for the database | `changeme` | +| `postgresql.global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `''` | +| `postgresql.global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL admin password | `''` | +| `postgresql.global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL user password | `''` | +| `postgresql.global.postgresql.auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL replication password | `''` | +| `postgresql.primary.persistence.enabled` | Whether or not to use PVC on PostgreSQL primary | `false` | +| `postgresql.primary.persistence.existingClaim` | Use an existing PVC for PostgreSQL primary | `nil` | Is there a missing parameter for one of the Bitnami helm charts listed above? Please feel free to submit a PR to add that parameter in our values.yaml, but be sure to also update this README file :) @@ -261,50 +261,53 @@ Persistent Volume Claims are used to keep the data across deployments. This is k Nextcloud will *not* delete the PVCs when uninstalling the helm chart. -| Parameter | Description | Default | -|----------------------------------------------------------------------|----------------------------------------------------------------------------------------|----------------------------------------------| -| `persistence.enabled` | Enable persistence using PVC | `false` | -| `persistence.annotations` | PVC annotations | `{}` | -| `persistence.storageClass` | PVC Storage Class for nextcloud volume | `nil` (uses alpha storage class annotation) | -| `persistence.existingClaim` | An Existing PVC name for nextcloud volume | `nil` (uses alpha storage class annotation) | -| `persistence.accessMode` | PVC Access Mode for nextcloud volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for nextcloud volume | `8Gi` | -| `persistence.nextcloudData.enabled` | Create a second PVC for the data folder in nextcloud | `false` | -| `persistence.nextcloudData.annotations` | see `persistence.annotations` | `{}` | -| `persistence.nextcloudData.storageClass` | see `persistence.storageClass` | `nil` (uses alpha storage class annotation) | -| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim` | `nil` (uses alpha storage class annotation) | -| `persistence.nextcloudData.accessMode` | see `persistence.accessMode` | `ReadWriteOnce` | -| `persistence.nextcloudData.size` | see `persistence.size` | `8Gi` | +| Parameter | Description | Default | +|-------------------------------------------|------------------------------------------------------|---------------------------------------------| +| `persistence.enabled` | Enable persistence using PVC | `false` | +| `persistence.annotations` | PVC annotations | `{}` | +| `persistence.storageClass` | PVC Storage Class for nextcloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.existingClaim` | An Existing PVC name for nextcloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | PVC Access Mode for nextcloud volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for nextcloud volume | `8Gi` | +| `persistence.nextcloudData.enabled` | Create a second PVC for the data folder in nextcloud | `false` | +| `persistence.nextcloudData.annotations` | see `persistence.annotations` | `{}` | +| `persistence.nextcloudData.storageClass` | see `persistence.storageClass` | `nil` (uses alpha storage class annotation) | +| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim` | `nil` (uses alpha storage class annotation) | +| `persistence.nextcloudData.accessMode` | see `persistence.accessMode` | `ReadWriteOnce` | +| `persistence.nextcloudData.size` | see `persistence.size` | `8Gi` | ### Metrics Configurations We include an optional experimental Nextcloud Metrics exporter from [xperimental/nextcloud-exporter](https://github.com/xperimental/nextcloud-exporter). -| Parameter | Description | Default | -|----------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------| -| `metrics.enabled` | Start Prometheus metrics exporter | `false` | -| `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) | -| `metrics.token` | Uses token for auth instead of username/password | `""` | -| `metrics.timeout` | When the scrape times out | `5s` | -| `metrics.tlsSkipVerify` | Skips certificate verification of Nextcloud server | `false` | -| `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` | -| `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.6.2` | -| `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Nextcloud metrics exporter image pull secrets | `nil` | -| `metrics.podAnnotations` | Additional annotations for metrics exporter | not set | -| `metrics.podLabels` | Additional labels for metrics exporter | not set | -| `metrics.service.type` | Metrics: Kubernetes Service type | `ClusterIP` | -| `metrics.service.loadBalancerIP` | Metrics: LoadBalancerIp for service type LoadBalancer | `nil` | -| `metrics.service.nodePort` | Metrics: NodePort for service type NodePort | `nil` | -| `metrics.service.annotations` | Additional annotations for service metrics exporter | `{prometheus.io/scrape: "true", prometheus.io/port: "9205"}` | -| `metrics.service.labels` | Additional labels for service metrics exporter | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `` | -| `metrics.serviceMonitor.jobLabel` | Name of the label on the target service to use as the job name in prometheus | `` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `` | -| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{} | +| Parameter | Description | Default | +|----------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------------------------| +| `metrics.enabled` | Start Prometheus metrics exporter | `false` | +| `metrics.replicaCount` | Number of nextcloud-metrics pod replicas to deploy | `1` | +| `metrics.server` | Nextcloud Server URL to get metrics from. If not provided, defaults to service name | `""` | +| `metrics.https` | Defines if https is used to connect to nextcloud | `false` (uses http) | +| `metrics.token` | Uses token for auth instead of username/password | `""` | +| `metrics.timeout` | When the scrape times out | `5s` | +| `metrics.tlsSkipVerify` | Skips certificate verification of Nextcloud server | `false` | +| `metrics.info.apps` | Enable gathering of apps-related metrics. | `false` | +| `metrics.image.repository` | Nextcloud metrics exporter image name | `xperimental/nextcloud-exporter` | +| `metrics.image.tag` | Nextcloud metrics exporter image tag | `0.6.2` | +| `metrics.image.pullPolicy` | Nextcloud metrics exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Nextcloud metrics exporter image pull secrets | `nil` | +| `metrics.podAnnotations` | Additional annotations for metrics exporter | not set | +| `metrics.podLabels` | Additional labels for metrics exporter | not set | +| `metrics.service.type` | Metrics: Kubernetes Service type | `ClusterIP` | +| `metrics.service.loadBalancerIP` | Metrics: LoadBalancerIp for service type LoadBalancer | `nil` | +| `metrics.service.nodePort` | Metrics: NodePort for service type NodePort | `nil` | +| `metrics.service.annotations` | Additional annotations for service metrics exporter | `{prometheus.io/scrape: "true", prometheus.io/port: "9205"}` | +| `metrics.service.labels` | Additional labels for service metrics exporter | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `` | +| `metrics.serviceMonitor.jobLabel` | Name of the label on the target service to use as the job name in prometheus | `` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{} | @@ -394,7 +397,7 @@ nginx ### Service discovery with nginx and ingress -For service discovery (CalDAV, CardDAV, webfinger, nodeinfo) to work you need to add redirects to your ingress. +For service discovery (CalDAV, CardDAV, webfinger, nodeinfo) to work you need to add redirects to your ingress. If you use the [ingress-nginx](https://github.com/kubernetes/ingress-nginx) you can use the following server snippet annotation: @@ -515,10 +518,10 @@ kubectl exec $NEXTCLOUD_POD -- su -s /bin/sh www-data -c "php occ recognize:down ``` # Backups -Check out the [official Nextcloud backup docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html). For your files, if you're using persistent volumes, and you'd like to back up to s3 backed storage (such as minio), consider using [k8up](https://github.com/k8up-io/k8up) or [velero](https://github.com/vmware-tanzu/velero). +Check out the [official Nextcloud backup docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html). For your files, if you're using persistent volumes, and you'd like to back up to s3 backed storage (such as minio), consider using [k8up](https://github.com/k8up-io/k8up) or [velero](https://github.com/vmware-tanzu/velero). # Upgrades -Since this chart utilizes the [nextcloud/docker](https://github.com/nextcloud/docker) image, provided you are using persistent volumes, [upgrades of your Nextcloud server are handled automatically](https://github.com/nextcloud/docker#update-to-a-newer-version) from one version to the next, however, you can only upgrade one major version at a time. For example, if you want to upgrade from version `25` to `27`, you will have to upgrade from version `25` to `26`, then from `26` to `27`. Since our docker tag is set via the [`appVersion` in `Chart.yaml`](https://github.com/nextcloud/helm/blob/main/charts/nextcloud/Chart.yaml#L4), you'll need to make sure you gradually upgrade the helm chart if you have missed serveral app versions. +Since this chart utilizes the [nextcloud/docker](https://github.com/nextcloud/docker) image, provided you are using persistent volumes, [upgrades of your Nextcloud server are handled automatically](https://github.com/nextcloud/docker#update-to-a-newer-version) from one version to the next, however, you can only upgrade one major version at a time. For example, if you want to upgrade from version `25` to `27`, you will have to upgrade from version `25` to `26`, then from `26` to `27`. Since our docker tag is set via the [`appVersion` in `Chart.yaml`](https://github.com/nextcloud/helm/blob/main/charts/nextcloud/Chart.yaml#L4), you'll need to make sure you gradually upgrade the helm chart if you have missed serveral app versions. ⚠️ *Before Upgrading Nextcloud or the attached database, always make sure you take [backups](#backups)!* diff --git a/charts/nextcloud/templates/metrics/deployment.yaml b/charts/nextcloud/templates/metrics/deployment.yaml index b52f405d..27dae552 100644 --- a/charts/nextcloud/templates/metrics/deployment.yaml +++ b/charts/nextcloud/templates/metrics/deployment.yaml @@ -59,12 +59,19 @@ spec: key: {{ .Values.nextcloud.existingSecret.passwordKey }} {{- end }} # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint + {{- if not .Values.metrics.server }} - name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local value: "http{{ if .Values.metrics.https }}s{{ end }}://{{ template "nextcloud.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}" + {{- else }} + - name: NEXTCLOUD_SERVER + value: {{ .Values.metrics.server }} + {{- end }} - name: NEXTCLOUD_TIMEOUT value: {{ .Values.metrics.timeout }} - name: NEXTCLOUD_TLS_SKIP_VERIFY value: {{ .Values.metrics.tlsSkipVerify | quote }} + - name: NEXTCLOUD_INFO_APPS + value: {{ .Values.metrics.info.apps | quote }} ports: - name: metrics containerPort: 9205 diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index 0bfa4187..fc3f18e5 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -497,6 +497,9 @@ metrics: enabled: false replicaCount: 1 + # Optional: becomes NEXTCLOUD_SERVER env var in the nextcloud-exporter container. + # Without it, we will use the full name of the nextcloud service + server: "" # The metrics exporter needs to know how you serve Nextcloud either http or https https: false # Use API token if set, otherwise fall back to password authentication @@ -506,6 +509,10 @@ metrics: timeout: 5s # if set to true, exporter skips certificate verification of Nextcloud server. tlsSkipVerify: false + info: + # Optional: becomes NEXTCLOUD_INFO_APPS env var in the nextcloud-exporter container. + # Enables gathering of apps-related metrics. Defaults to false + apps: false image: repository: xperimental/nextcloud-exporter