diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 382687fa..dac16558 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -83,6 +83,12 @@ jobs: - name: Horizontal Pod Autoscaling Enabled helm_args: '--helm-extra-set-args "--values charts/nextcloud/test-values/hpa.yaml"' + # test the helm chart with notify push enabled + - name: Notify Push Enabled + helm_args: | + --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/notify_push.yaml" + testNotifyPush: true + # test the helm chart with s3 as the primary storage - name: S3 Enabled as Primary Storage # we need to skip the clean up so we can test adding a file @@ -92,7 +98,8 @@ jobs: # test the helm chart with imaginary - name: Imaginary Enabled - helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml" + helm_args: | + --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml" test: true steps: @@ -161,6 +168,20 @@ jobs: kubectl logs --ignore-errors --prefix -l app.kubernetes.io/name=nextcloud exit $EXIT + - name: Run test for Notify Push + if: matrix.test_cases.testNotifyPush + # applies a kubernetes job that uploads a file and then checks log of finished pod + run: | + EXIT=0 + kubectl config set-context --current --namespace=nextcloud && \ + POD=$(kubectl get pods -o name --selector "app.kubernetes.io/component=app") && \ + (kubectl wait --for=condition=Ready --timeout=2m $POD && wait 10) || EXIT=1 + kubectl exec --stdin --tty $POD -c nextcloud -- sh -c ' + chsh -s /bin/sh www-data + su -l www-data -c "/var/www/html/occ notify_push:self-test" + ' || EXIT=1 + exit $EXIT + summary: runs-on: ubuntu-latest-low needs: [changes, test] diff --git a/charts/nextcloud/CHANGELOG.md b/charts/nextcloud/CHANGELOG.md new file mode 100644 index 00000000..aa0b82da --- /dev/null +++ b/charts/nextcloud/CHANGELOG.md @@ -0,0 +1,11 @@ +# Changelog + +This Helm-Chart increase there major version on every breaking change (or major version of Nextcloud itself) inspired by semantic releases. + +Here we list all major versions and their breaking changes for migration. + + +## v7 + +- move `metrics.serviceMonitor` to `prometheus.serviceMonitor`: It is used for nextcloud-exporter and notify-push +- change metrics port of service from 9205 to 9100 to get equal everywhere. diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml index 3ece1429..0a977048 100644 --- a/charts/nextcloud/Chart.yaml +++ b/charts/nextcloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nextcloud -version: 6.6.3 +version: 7.0.0 # renovate: image=docker.io/library/nextcloud appVersion: 30.0.5 description: A file sharing server that puts the control and security of your own data back into your hands. diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md index 0bdbf83d..12d4b544 100644 --- a/charts/nextcloud/README.md +++ b/charts/nextcloud/README.md @@ -28,6 +28,7 @@ helm install my-release nextcloud/nextcloud * [Headers set on NGINX](#headers-set-on-nginx) * [Probes Configurations](#probes-configurations) * [Collabora Configuration](#collabora-configuration) + * [Notify Push](#notify-push) * [Imaginary](#imaginary) * [Cron jobs](#cron-jobs) * [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars) @@ -500,6 +501,38 @@ The nextcloud deployment includes a series of different probes you can use to de > [!Note] > If you are getting errors on initialization (such as `Fatal error: require_once(): Failed opening required '/var/www/html/lib/versioncheck.php'`, but you can get other errors as well), a good first step is to try and enable the startupProbe and/or increase the `initialDelaySeconds` for the `livenessProbe` and `readinessProbe` to something much greater (consider using `120` seconds instead of `10`. This is an especially good idea if your cluster is running on older hardware, has a slow internet connection, or you're using a slower storage class, such as NFS that's running with older disks or a slow connection. +### Notify Push + +We include an optional Client Push [nextcloud/notify_push](https://github.com/nextcloud/notify_push). + + +| Parameter | Description | Default | +|----------------------------------------|----------------------------------------------------------------------------------|------------------------| +| `notifyPush.enabled` | Enable another deployment to handle notify_push (sometimes called ClientPush) | `false` | +| `notifyPush.autoSetup` | Setup notify_push on nextcloud per docker-entrypoint-hooks before start | `false` | +| `notifyPush.replicaCount` | Number of notify-push pod replicas to deploy | `1` | +| `notifyPush.image.registry` | notify-push image registry | `docker.io` | +| `notifyPush.image.repository` | notify-push image name | `miles170/notify_push` | +| `notifyPush.image.tag` | notify-push image tag | `v0.7.0` | +| `notifyPush.image.pullPolicy` | notify-push image pull policy | `IfNotPresent` | +| `notifyPush.image.pullSecrets` | notify-push image pull secrets | `[]` | +| `notifyPush.extraEnv` | option additional env (if a external redis is used, you need to set REDIS_URL) | `""` | +| `notifyPush.podAnnotations` | Additional annotations for notify-push pods | `{}` | +| `notifyPush.podLabels` | Additional labels for notify-push pods | `{}` | +| `notifyPush.podSecurityContext` | Optional security context for the notify-push pod | `nil` | +| `notifyPush.securityContext` | Optional security context for the notify-push container | `nil` | +| `notifyPush.resources` | notify-push resources | `{}` | +| `notifyPush.service.type` | notify-push: Kubernetes Service type | `ClusterIP` | +| `notifyPush.service.loadBalancerIP` | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `nil` | +| `notifyPush.service.nodePort` | notify-push: NodePort for service type NodePort | `nil` | +| `notifyPush.service.annotations` | Additional annotations for service notify-push | `{}` | +| `notifyPush.service.labels` | Additional labels for service notify-push | `{}` | +| `notifyPush.ingress.path` | Add path in default ingress to notify_push service | `/push` | +| `notifyPush.ingress.pathType` | PathType for additional path in default ingress for notify-push path | `Prefix` | + +> [!Note] +> notify-push needs an redis (`redis.enabled=true` or `notifyPush.extraEnv=[{name:"REDIS_URL",...}]` ) + ### Collabora Configuration This section provides options to enable and configure the Collabora Online server within your deployment. Please ensure to review the [Collabora Online Helm chart documentation](https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online) for additional details and recommended values. diff --git a/charts/nextcloud/files/notify_push.sh.tpl b/charts/nextcloud/files/notify_push.sh.tpl new file mode 100644 index 00000000..bf56e252 --- /dev/null +++ b/charts/nextcloud/files/notify_push.sh.tpl @@ -0,0 +1,8 @@ +#!/bin/sh +/var/www/html/occ app:enable notify_push +/var/www/html/occ config:app:set notify_push base_endpoint --value="http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}" +{{/* +The command "setup" runs a check, which need a running nextcloud (but we try to configurate it during startup). +So that command always failure and we stuck in bootloop. +/var/www/html/occ notify_push:setup "http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.nextcloud.host }}{{ .Values.notifyPush.ingress.path }}" +*/}} diff --git a/charts/nextcloud/templates/_helpers.tpl b/charts/nextcloud/templates/_helpers.tpl index 5efea5d1..038e747e 100644 --- a/charts/nextcloud/templates/_helpers.tpl +++ b/charts/nextcloud/templates/_helpers.tpl @@ -64,11 +64,7 @@ Create image name that is used in the deployment {{/* Create environment variables used to configure the nextcloud container as well as the cron sidecar container. */}} -{{- define "nextcloud.env" -}} -{{- if .Values.phpClientHttpsFix.enabled }} -- name: OVERWRITEPROTOCOL - value: {{ .Values.phpClientHttpsFix.protocol | quote }} -{{- end }} +{{- define "nextcloud.env.database" -}} {{- if .Values.internalDatabase.enabled }} - name: SQLITE_DATABASE value: {{ .Values.internalDatabase.name | quote }} @@ -87,6 +83,8 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} +- name: DATABASE_URL + value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)" {{- else if .Values.postgresql.enabled }} - name: POSTGRES_HOST value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} @@ -106,7 +104,9 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} -{{- else }} +- name: DATABASE_URL + value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)" +{{- else }}{{/* mariadb.enable or postgresql.enabled -> now external */}} {{- if eq .Values.externalDatabase.type "postgresql" }} - name: POSTGRES_HOST {{- if .Values.externalDatabase.existingSecret.hostKey }} @@ -136,7 +136,9 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} - {{- else }} +- name: DATABASE_URL + value: "postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST)/$(POSTGRES_DB)" + {{- else }}{{/* external.type = postgresql */}} - name: MYSQL_HOST {{- if .Values.externalDatabase.existingSecret.hostKey }} valueFrom: @@ -165,8 +167,45 @@ Create environment variables used to configure the nextcloud container as well a secretKeyRef: name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} key: {{ .Values.externalDatabase.existingSecret.passwordKey }} - {{- end }} +- name: DATABASE_URL + value: "mysql://$(MYSQL_USER):$(MYSQL_PASSWORD)@$(MYSQL_HOST)/$(MYSQL_DATABASE)" + {{- end }}{{/* external.type = postgresql */}} +{{- end }}{{/* not mariadb.enable or postgresql.enabled -> just external*/}} +{{- end }} + +{{/* +Redis env vars +*/}} +{{- define "nextcloud.env.redis" -}} +- name: REDIS_HOST + value: {{ template "nextcloud.redis.fullname" . }}-master +- name: REDIS_HOST_PORT + value: {{ .Values.redis.master.service.ports.redis | quote }} +{{- if .Values.redis.auth.enabled }} +{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }} +- name: REDIS_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.redis.auth.existingSecret }} + key: {{ .Values.redis.auth.existingSecretPasswordKey }} +{{- else }} +- name: REDIS_HOST_PASSWORD + value: {{ .Values.redis.auth.password }} +{{- end }} +- name: REDIS_URL + value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST):$(REDIS_HOST_PORT)" +{{- else }} +- name: REDIS_URL + value: "redis://$(REDIS_HOST):$(REDIS_HOST_PORT)" +{{- end }} +{{- end }} + +{{- define "nextcloud.env" -}} +{{- if .Values.phpClientHttpsFix.enabled }} +- name: OVERWRITEPROTOCOL + value: {{ .Values.phpClientHttpsFix.protocol | quote }} {{- end }} +{{- template "nextcloud.env.database" . }} - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: @@ -216,26 +255,8 @@ Create environment variables used to configure the nextcloud container as well a name: {{ .Values.nextcloud.existingSecret.secretName | default (include "nextcloud.fullname" .) }} key: {{ .Values.nextcloud.existingSecret.smtpPasswordKey }} {{- end }} -{{/* -Redis env vars -*/}} {{- if .Values.redis.enabled }} -- name: REDIS_HOST - value: {{ template "nextcloud.redis.fullname" . }}-master -- name: REDIS_HOST_PORT - value: {{ .Values.redis.master.service.ports.redis | quote }} -{{- if .Values.redis.auth.enabled }} -{{- if and .Values.redis.auth.existingSecret .Values.redis.auth.existingSecretPasswordKey }} -- name: REDIS_HOST_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.redis.auth.existingSecret }} - key: {{ .Values.redis.auth.existingSecretPasswordKey }} -{{- else }} -- name: REDIS_HOST_PASSWORD - value: {{ .Values.redis.auth.password }} -{{- end }} -{{- end }} +{{ template "nextcloud.env.redis" . }} {{- end }}{{/* end if redis.enabled */}} {{/* S3 as primary object store env vars @@ -342,7 +363,6 @@ Swift as primary object store env vars {{- end }} {{- end -}} - {{/* Create volume mounts for the nextcloud container as well as the cron sidecar container. */}} diff --git a/charts/nextcloud/templates/db-secret.yaml b/charts/nextcloud/templates/db-secret.yaml index 491c460d..02656fb7 100644 --- a/charts/nextcloud/templates/db-secret.yaml +++ b/charts/nextcloud/templates/db-secret.yaml @@ -13,14 +13,20 @@ metadata: type: Opaque data: {{- if .Values.mariadb.enabled }} - db-username: {{ .Values.mariadb.auth.username | b64enc | quote }} - db-password: {{ .Values.mariadb.auth.password | b64enc | quote }} + {{- with .Values.mariadb.auth }} + db-username: {{ .username | b64enc | quote }} + db-password: {{ .password | b64enc | quote }} + {{- end }} {{- else if .Values.postgresql.enabled }} - db-username: {{ .Values.postgresql.global.postgresql.auth.username | b64enc | quote }} - db-password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }} + {{- with .Values.postgresql.global.postgresql.auth }} + db-username: {{ .username | b64enc | quote }} + db-password: {{ .password | b64enc | quote }} + {{- end }} {{- else }} - db-username: {{ .Values.externalDatabase.user | b64enc | quote }} - db-password: {{ .Values.externalDatabase.password | b64enc | quote }} + {{- with .Values.externalDatabase }} + db-username: {{ .user | b64enc | quote }} + db-password: {{ .password | b64enc | quote }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml index b3ada72e..cd27f335 100644 --- a/charts/nextcloud/templates/deployment.yaml +++ b/charts/nextcloud/templates/deployment.yaml @@ -139,6 +139,12 @@ spec: {{- end }} volumeMounts: {{- include "nextcloud.volumeMounts" . | trim | nindent 12 }} + {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }} + - name: nextcloud-notify-hooks + mountPath: /docker-entrypoint-hooks.d/before-starting/notify_push.sh + subPath: notify_push.sh + readOnly: true + {{- end }} {{- range $hook, $shell := .Values.nextcloud.hooks }} {{- if $shell }} - name: nextcloud-hooks @@ -294,7 +300,7 @@ spec: {{- end }} {{- if .Values.mariadb.enabled }} - name: mariadb-isalive - image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }} + image: {{ .Values.mariadb.image.registry }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }} {{- with .Values.nextcloud.mariaDbInitContainer }} resources: {{- toYaml .resources | nindent 12 }} @@ -302,23 +308,14 @@ spec: {{- toYaml .securityContext | nindent 12 }} {{- end }} env: - - name: MYSQL_USER - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} - key: {{ .Values.externalDatabase.existingSecret.passwordKey }} + {{- include "nextcloud.env.database" . | nindent 12 }} command: - "sh" - "-c" - - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }} + - {{ printf "until mysql --host=${MYSQL_HOST} --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" }} {{- else if .Values.postgresql.enabled }} - name: postgresql-isready - image: {{ .Values.postgresql.image.registry | default "docker.io" }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} + image: {{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} {{- with .Values.nextcloud.postgreSqlInitContainer }} resources: {{- toYaml .resources | nindent 12 }} @@ -326,13 +323,7 @@ spec: {{- toYaml .securityContext | nindent 12 }} {{- end }} env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ .Values.externalDatabase.existingSecret.secretName | default (printf "%s-db" .Release.Name) }} - key: {{ .Values.externalDatabase.existingSecret.usernameKey }} - - name: POSTGRES_HOST - value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} + {{- include "nextcloud.env.database" . | nindent 12 }} command: - "sh" - "-c" @@ -375,6 +366,15 @@ spec: configMap: name: {{ template "nextcloud.fullname" . }}-nginxconfig {{- end }} + {{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }} + - name: nextcloud-notify-hooks + configMap: + name: {{ template "nextcloud.fullname" . }}-notify-push + defaultMode: 0o755 + items: + - key: hook.sh + path: notify_push.sh + {{- end }} {{- if not (values .Values.nextcloud.hooks | compact | empty) }} - name: nextcloud-hooks configMap: diff --git a/charts/nextcloud/templates/ingress.yaml b/charts/nextcloud/templates/ingress.yaml index 51a1e9d8..59bb330a 100644 --- a/charts/nextcloud/templates/ingress.yaml +++ b/charts/nextcloud/templates/ingress.yaml @@ -39,6 +39,15 @@ spec: serviceName: {{ template "nextcloud.fullname" . }} servicePort: {{ .Values.service.port }} {{- end }} + {{- if .Values.notifyPush.enabled }} + - path: {{ .Values.notifyPush.ingress.path }} + pathType: {{ .Values.notifyPush.ingress.pathType }} + backend: + service: + name: {{ template "nextcloud.fullname" . }}-notify-push + port: + name: http + {{- end }} {{- with .Values.ingress.tls }} tls: {{- toYaml . | nindent 4 }} diff --git a/charts/nextcloud/templates/metrics/service.yaml b/charts/nextcloud/templates/metrics/service.yaml index 82eb0ad8..d26d1864 100644 --- a/charts/nextcloud/templates/metrics/service.yaml +++ b/charts/nextcloud/templates/metrics/service.yaml @@ -1,35 +1,38 @@ {{- if .Values.metrics.enabled }} +{{- with .Values.metrics.service }} --- apiVersion: v1 kind: Service metadata: - name: {{ template "nextcloud.fullname" . }}-metrics + name: {{ template "nextcloud.fullname" $ }}-metrics labels: - app.kubernetes.io/name: {{ include "nextcloud.name" . }} - helm.sh/chart: {{ include "nextcloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "nextcloud.name" $ }} + helm.sh/chart: {{ include "nextcloud.chart" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} app.kubernetes.io/component: metrics - {{- with .Values.metrics.service.labels }} + app.kubernetes.io/monitor: enabled + {{- with .labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.metrics.service.annotations }} + {{- with .annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - type: {{ .Values.metrics.service.type }} - {{- if eq .Values.metrics.service.type "LoadBalancer" }} - {{- with .Values.metrics.service.loadBalancerIP }} + type: {{ .type }} + {{- if eq .type "LoadBalancer" }} + {{- with .loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} {{- end }} + selector: + app.kubernetes.io/name: {{ include "nextcloud.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: metrics ports: - name: metrics - port: 9205 + port: 9100 targetPort: metrics - selector: - app.kubernetes.io/name: {{ include "nextcloud.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: metrics +{{- end }} {{- end }} diff --git a/charts/nextcloud/templates/metrics/servicemonitor.yaml b/charts/nextcloud/templates/metrics/servicemonitor.yaml deleted file mode 100644 index 0209b4e9..00000000 --- a/charts/nextcloud/templates/metrics/servicemonitor.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "nextcloud.fullname" . }} - namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace | quote }} - labels: - app.kubernetes.io/name: {{ include "nextcloud.name" . }} - helm.sh/chart: {{ include "nextcloud.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/component: metrics - {{- with .Values.metrics.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "nextcloud.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: metrics - namespaceSelector: - {{- with .Values.metrics.serviceMonitor.namespaceSelector }} - {{- toYaml . | nindent 4 }} - {{- else }} - matchNames: - - {{ .Release.Namespace | quote }} - {{- end }} - endpoints: - - port: metrics - path: "/" - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} -{{- end }} diff --git a/charts/nextcloud/templates/notify_push/configmap.yaml b/charts/nextcloud/templates/notify_push/configmap.yaml new file mode 100644 index 00000000..bc3b920f --- /dev/null +++ b/charts/nextcloud/templates/notify_push/configmap.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.notifyPush.enabled .Values.notifyPush.autoSetup }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "nextcloud.fullname" . }}-notify-push + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + hook.sh: |- + {{- tpl (.Files.Get "files/notify_push.sh.tpl" ) . | nindent 4 }} +{{- end }} diff --git a/charts/nextcloud/templates/notify_push/deployment.yaml b/charts/nextcloud/templates/notify_push/deployment.yaml new file mode 100644 index 00000000..5bf1fa4f --- /dev/null +++ b/charts/nextcloud/templates/notify_push/deployment.yaml @@ -0,0 +1,70 @@ +{{- if .Values.notifyPush.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "nextcloud.fullname" . }}-notify-push + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/component: notify-push +spec: + replicas: {{ .Values.notifyPush.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: notify-push + template: + metadata: + annotations: + {{- toYaml .Values.notifyPush.podAnnotations | nindent 8 }} + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: notify-push + {{- with .Values.notifyPush.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.notifyPush.image.pullSecrets }} + imagePullSecrets: + {{- range . }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: notify-push + {{- with .Values.notifyPush.image }} + image: "{{ .registry }}/{{ .repository }}:{{ .tag }}" + imagePullPolicy: {{ .pullPolicy }} + {{- end }} + env: + - name: PORT + value: "7867" + - name: METRICS_PORT + value: "9867" + {{- include "nextcloud.env.database" . | nindent 12 }} + {{- if .Values.redis.enabled }} + {{- include "nextcloud.env.redis" . | nindent 12 }} + {{- end }} + - name: NEXTCLOUD_URL # deployment.namespace.svc.cluster.local + value: "http{{ if .Values.notifyPush.https }}s{{ end }}://{{ template "nextcloud.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}" + {{- with .Values.notifyPush.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 7867 + - name: metrics + containerPort: 9867 + {{- with .Values.notifyPush.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true +{{- end }} diff --git a/charts/nextcloud/templates/notify_push/service.yaml b/charts/nextcloud/templates/notify_push/service.yaml new file mode 100644 index 00000000..46d59c7d --- /dev/null +++ b/charts/nextcloud/templates/notify_push/service.yaml @@ -0,0 +1,41 @@ +{{- if .Values.notifyPush.enabled }} +{{- with .Values.notifyPush.service }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "nextcloud.fullname" $ }}-notify-push + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" $ }} + helm.sh/chart: {{ include "nextcloud.chart" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/component: notify-push + app.kubernetes.io/monitor: enabled + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .type }} + {{- if eq .type "LoadBalancer" }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- end }} + selector: + app.kubernetes.io/name: {{ include "nextcloud.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: notify-push + ports: + - name: http + port: 80 + targetPort: http + - name: metrics + port: 9100 + targetPort: metrics +{{- end }} +{{- end }} diff --git a/charts/nextcloud/templates/servicemonitor.yaml b/charts/nextcloud/templates/servicemonitor.yaml new file mode 100644 index 00000000..fab9449d --- /dev/null +++ b/charts/nextcloud/templates/servicemonitor.yaml @@ -0,0 +1,41 @@ +{{- with .Values.prometheus.serviceMonitor }} +{{- if .enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "nextcloud.fullname" $ }} + namespace: {{ .namespace | default $.Release.Namespace | quote }} + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" $ }} + helm.sh/chart: {{ include "nextcloud.chart" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + {{- with .labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .jobLabel | quote }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "nextcloud.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/monitor: enabled + namespaceSelector: + {{- with .namespaceSelector }} + {{- toYaml . | nindent 4 }} + {{- else }} + matchNames: + - {{ $.Release.Namespace | quote }} + {{- end }} + endpoints: + - port: metrics + path: "/metrics" + {{- with .interval }} + interval: {{ . }} + {{- end }} + {{- with .scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/nextcloud/test-values/notify_push.yaml b/charts/nextcloud/test-values/notify_push.yaml new file mode 100644 index 00000000..6e9b1bb8 --- /dev/null +++ b/charts/nextcloud/test-values/notify_push.yaml @@ -0,0 +1,10 @@ +redis: + enabled: true + +internalDatabase: + enabled: false +mariadb: + enabled: true + +notifyPush: + enabled: true diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml index a0b9c7d2..377c4d12 100644 --- a/charts/nextcloud/values.yaml +++ b/charts/nextcloud/values.yaml @@ -400,11 +400,14 @@ externalDatabase: ## Use a existing secret existingSecret: enabled: false - # secretName: nameofsecret + # -- e.g. nameofsecret + secretName: usernameKey: db-username passwordKey: db-password - # hostKey: db-hostname-or-ip - # databaseKey: db-name + # -- e.g. db-hostname-or-ip + hostKey: + # -- e.g. db-name + databaseKey: ## ## MariaDB chart configuration @@ -416,6 +419,9 @@ mariadb: # To use an ALREADY DEPLOYED mariadb database, set this to false and configure the externalDatabase parameters enabled: false + image: + registry: "docker.io" + # see: https://github.com/bitnami/charts/tree/main/bitnami/mariadb#global-parameters global: # overwrites the primary.persistence.storageClass value @@ -449,6 +455,8 @@ mariadb: ## postgresql: enabled: false + image: + registry: "docker.io" global: postgresql: # global.postgresql.auth overrides postgresql.auth @@ -675,12 +683,89 @@ tolerations: [] affinity: {} -dnsConfig: {} -# Custom dns config for Nextcloud containers. -# You can for example configure ndots. This may be needed in some clusters with alpine images. -# options: -# - name: ndots -# value: "1" +dnsConfig: + # -- Custom dns config for Nextcloud containers. + # You can for example configure ndots. This may be needed in some clusters with alpine images. + # options: + # - name: ndots + # value: "1" + options: [] + + +# Notify Push (Clientpush) +notifyPush: + # -- Enable another deployment to handle notify_push (sometimes called ClientPush) + # @section -- Notify Push (Clientpush) + enabled: false + # -- Setup notify_push on nextcloud per docker-entrypoint-hooks before start + # @section -- Notify Push (Clientpush) + autoSetup: false + + # -- Number of notify-push pod replicas to deploy + # @section -- Notify Push (Clientpush) + replicaCount: 1 + + image: + # -- notify-push image registry + # @section -- Notify Push (Clientpush) + registry: docker.io + # -- notify-push image name (there is no official image yet: https://github.com/nextcloud/notify_push/issues/106) + # @section -- Notify Push (Clientpush) + repository: miles170/notify_push + # -- notify-push image tag + # @section -- Notify Push (Clientpush) + tag: v1.0.0 + # -- notify-push image pull policy + # @section -- Notify Push (Clientpush) + pullPolicy: IfNotPresent + # -- notify-push image pull secrets + # e.g. + # - myRegistrKeySecretName + # @section -- Notify Push (Clientpush) + pullSecrets: [] + + # -- option additional env (if a external redis is used, you need to set REDIS_URL) + # @section -- Notify Push (Clientpush) + extraEnv: [] + + # -- Additional annotations for notify-push pods + # @section -- Notify Push (Clientpush) + podAnnotations: {} + # -- Additional labels for notify-push pods + # @section -- Notify Push (Clientpush) + podLabels: {} + # -- Optional security context for the notify-push pod + # @section -- Notify Push (Clientpush) + podSecurityContext: {} + + # -- Optional security context for the notify-push container + # @section -- Notify Push (Clientpush) + securityContext: {} + # -- notify-push resources + # @section -- Notify Push (Clientpush) + resources: {} + + service: + # -- notify-push: Kubernetes Service type + # @section -- Notify Push (Clientpush) + type: ClusterIP + # -- Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank + # @section -- Notify Push (Clientpush) + loadBalancerIP: + # -- Additional annotations for service notify-push + # @section -- Notify Push (Clientpush) + annotations: {} + # -- Additional labels for service notify-push + # @section -- Notify Push (Clientpush) + labels: {} + + ingress: + # -- Add path in default ingress to notify_push service + # @section -- Notify Push (Clientpush) + path: /push + # -- PathType for additional path in default ingress for notify-push path + # @section -- Notify Push (Clientpush) + pathType: Prefix imaginary: # -- Start Imgaginary @@ -827,8 +912,9 @@ metrics: # seccompProfile: # type: RuntimeDefault +prometheus: ## Prometheus Operator ServiceMonitor configuration - ## + ## collects data from nextcloud metrics and notify_push if enabled serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator ##