From 240029f2dcfda48b135548e99dc0507b62d2d299 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 13 Sep 2023 17:01:06 +0200 Subject: [PATCH] Cleaning base and improving overlay dev --- .../cnpg-database/kustomization.yaml | 1 - .../resources/nextcloud-cnpg.yaml | 1 - base/components/one-redis/kustomization.yaml | 3 +- base/kustomization.yaml | 7 +- base/resources/nextcloud/kustomization.yaml | 62 ++-- .../resources/ConfigMap-ldap-script.yaml | 46 --- .../resources/ConfigMap-plugins.yaml | 30 -- .../nextcloud/resources/ConfigMap.yaml | 14 - .../nextcloud/resources/deployment.yaml | 149 +--------- .../resources/files/minio/config.env | 4 - .../nextcloud/resources/files/parameters.yaml | 8 - .../nextcloud/resources/ingress.yaml | 8 +- base/resources/nextcloud/resources/job.yaml | 63 ---- .../nextcloud/resources/namespace.yaml | 4 - .../nextcloud/resources/nextcloud-role.yaml | 5 +- .../nextcloud/resources/nextcloud-tenant.yaml | 33 --- base/resources/nextcloud/resources/pvc.yaml | 83 ------ .../nextcloud/resources/pvc/00-main.yaml | 11 + .../nextcloud/resources/pvc/01-html.yaml | 12 + .../nextcloud/resources/pvc/02-data.yaml | 11 + .../nextcloud/resources/pvc/03-config.yaml | 11 + .../nextcloud/resources/pvc/04-custom.yaml | 11 + .../nextcloud/resources/pvc/06-tmp.yaml | 11 + .../nextcloud/resources/pvc/07-themes.yaml | 11 + .../dev/patches/ConfigMap-ldap-script.yaml | 76 ----- overlays/dev/patches/deployment.yaml | 274 +++--------------- overlays/dev/patches/job.yaml | 65 ----- overlays/dev/patches/nginx-ingress.yaml | 8 +- overlays/dev/resources/files/minio/config.env | 4 +- .../configurations/tenants.minio.min.io.yaml | 0 .../resources/nextcloud/cm-ldap-script.yaml | 46 +++ .../{ => nextcloud}/host-config.yaml | 0 .../dev/resources/nextcloud/job-minio.yaml | 41 +++ .../nextcloud/minio-tenant.yaml} | 14 +- .../resources/{ => nextcloud}/namespace.yaml | 0 .../dev/resources/{ => nextcloud}/ssl.yaml | 8 +- 36 files changed, 255 insertions(+), 880 deletions(-) delete mode 100644 base/resources/nextcloud/resources/ConfigMap-ldap-script.yaml delete mode 100644 base/resources/nextcloud/resources/ConfigMap-plugins.yaml delete mode 100644 base/resources/nextcloud/resources/ConfigMap.yaml delete mode 100644 base/resources/nextcloud/resources/files/minio/config.env delete mode 100644 base/resources/nextcloud/resources/files/parameters.yaml delete mode 100644 base/resources/nextcloud/resources/job.yaml delete mode 100644 base/resources/nextcloud/resources/namespace.yaml delete mode 100644 base/resources/nextcloud/resources/nextcloud-tenant.yaml delete mode 100644 base/resources/nextcloud/resources/pvc.yaml create mode 100644 base/resources/nextcloud/resources/pvc/00-main.yaml create mode 100644 base/resources/nextcloud/resources/pvc/01-html.yaml create mode 100644 base/resources/nextcloud/resources/pvc/02-data.yaml create mode 100644 base/resources/nextcloud/resources/pvc/03-config.yaml create mode 100644 base/resources/nextcloud/resources/pvc/04-custom.yaml create mode 100644 base/resources/nextcloud/resources/pvc/06-tmp.yaml create mode 100644 base/resources/nextcloud/resources/pvc/07-themes.yaml delete mode 100644 overlays/dev/patches/ConfigMap-ldap-script.yaml delete mode 100644 overlays/dev/patches/job.yaml rename {base/resources/nextcloud => overlays/dev}/resources/files/minio/configurations/tenants.minio.min.io.yaml (100%) create mode 100644 overlays/dev/resources/nextcloud/cm-ldap-script.yaml rename overlays/dev/resources/{ => nextcloud}/host-config.yaml (100%) create mode 100644 overlays/dev/resources/nextcloud/job-minio.yaml rename overlays/dev/{patches/nextcloud-tenant.yaml => resources/nextcloud/minio-tenant.yaml} (58%) rename overlays/dev/resources/{ => nextcloud}/namespace.yaml (100%) rename overlays/dev/resources/{ => nextcloud}/ssl.yaml (90%) diff --git a/base/components/cnpg-database/kustomization.yaml b/base/components/cnpg-database/kustomization.yaml index 4b17195..ed011ef 100644 --- a/base/components/cnpg-database/kustomization.yaml +++ b/base/components/cnpg-database/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -namespace: nextcloud configurations: - ./configurations/cnpg-config.yaml diff --git a/base/components/cnpg-database/resources/nextcloud-cnpg.yaml b/base/components/cnpg-database/resources/nextcloud-cnpg.yaml index 1f7b5c1..9191ba0 100644 --- a/base/components/cnpg-database/resources/nextcloud-cnpg.yaml +++ b/base/components/cnpg-database/resources/nextcloud-cnpg.yaml @@ -2,7 +2,6 @@ apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: nextcloud-postgres - namespace: nextcloud spec: instances: 1 primaryUpdateStrategy: unsupervised diff --git a/base/components/one-redis/kustomization.yaml b/base/components/one-redis/kustomization.yaml index f069490..9f0c58c 100644 --- a/base/components/one-redis/kustomization.yaml +++ b/base/components/one-redis/kustomization.yaml @@ -1,8 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -namespace: nextcloud resources: - deployment.yaml - redis-service.yaml -- ConfigMap-redis.yaml \ No newline at end of file +- ConfigMap-redis.yaml diff --git a/base/kustomization.yaml b/base/kustomization.yaml index 79d89db..37c03ad 100644 --- a/base/kustomization.yaml +++ b/base/kustomization.yaml @@ -1,16 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: nextcloud generatorOptions: disableNameSuffixHash: true # référence à l'exemple cadoles. # cela force la mise à jours des secret en questions liés aux ressources ayant le labels "tenant" lorsque modifié -configurations: -#- https://forge.cadoles.com/CadolesKube/c-kustom/raw/branch/develop/base/minio/configurations/tenants.minio.min.io.yaml -# => importé en locale pour pouvoir faire un kustomize build -- ./resources/nextcloud/resources/files/minio/configurations/tenants.minio.min.io.yaml resources: - ./resources/nextcloud @@ -36,4 +31,4 @@ components: # - name: nextcloud-config-volume # permet de monter le fichier de configuration dans # configMap: # les instances supplémentaires -# name: nextcloud-config # via le configmap ConfigMaps-php.yaml \ No newline at end of file +# name: nextcloud-config # via le configmap ConfigMaps-php.yaml diff --git a/base/resources/nextcloud/kustomization.yaml b/base/resources/nextcloud/kustomization.yaml index 7b53362..6f61f6a 100644 --- a/base/resources/nextcloud/kustomization.yaml +++ b/base/resources/nextcloud/kustomization.yaml @@ -1,65 +1,43 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -# namespace: nextcloud generatorOptions: disableNameSuffixHash: true # suppression des suffixe en hash en bout de nom resources: - ./resources/deployment.yaml -# - ./resources/namespace.yaml -- ./resources/nextcloud-tenant.yaml - ./resources/nextcloud-service.yaml -- ./resources/pvc.yaml -- ./resources/job.yaml -- ./resources/ConfigMap.yaml - ./resources/nextcloud-rolebinding.yaml - ./resources/nextcloud-role.yaml - ./resources/nextcloud-serviceaccount.yaml - ./resources/ingress.yaml -- ./resources/ConfigMap-ldap-script.yaml -- ./resources/ConfigMap-plugins.yaml - - -#- ./resources/secret.yaml - +- ./resources/pvc/00-main.yaml +- ./resources/pvc/01-html.yaml +- ./resources/pvc/02-data.yaml +- ./resources/pvc/03-config.yaml +- ./resources/pvc/04-custom.yaml +- ./resources/pvc/06-tmp.yaml +- ./resources/pvc/07-themes.yaml configMapGenerator: -- name: nextcloud-parameters - files: - - ./resources/files/parameters.yaml - name: nextcloud-env literals: - - MINIO_SERVICE_NAME=$(MINIO_SERVICE_HOST):$(MINIO_SERVICE_PORT) # pas nécessaire je pense - - MINIO_SERVICE_HOST=minio - - MINIO_SERVICE_PORT=443 + - NEXTCLOUD_ADMIN_USER="admin" + - NEXTCLOUD_ADMIN_PASSWORD="cadoles" # 5 + - NEXTCLOUD_TRUSTED_DOMAINS="*.cadoles.fr" + - PHP_MEMORY_LIMIT="512M" + - PHP_UPLOAD_LIMIT="4G" + - MAIL_FROM_ADDRESS="user" + - MAIL_DOMAIN="cadoles.fr" + - SMTP_HOST="smtp.cadoles.com" + - SMTP_SECURE="ssl" + - SMTP_PORT="465" + - SMTP_AUTHTYPE="LOGIN" secretGenerator: -# Voir https://github.com/minio/operator/issues/856 -- name: nextcloud-minio-user - literals: - - CONSOLE_ACCESS_KEY=minio_root - - CONSOLE_SECRET_KEY=MinioRootNotSoSecret - options: - disableNameSuffixHash: true -# Voir https://github.com/minio/operator/issues/856 -- name: nextcloud-minio-configuration - files: - - ./resources/files/minio/config.env # A modifier si modification mot de passe et user CONSOLE [ACCESS-SECRET] - options: - disableNameSuffixHash: true - name: nextcloud-smtp literals: - - smtp-username=ouchemail - - smtp-password=HjkEHJ2676yiu2 + - smtp-username=secretuser + - smtp-password=secretpassword options: disableNameSuffixHash: true - -vars: # génération d'information pour wait-for-bootstrap du pod nextcloud -- name: MINIO_BOOTSTRAP_JOB_NAME - objref: - name: create-minio-bucket - kind: Job - apiVersion: batch/v1 - fieldref: - fieldpath: metadata.name diff --git a/base/resources/nextcloud/resources/ConfigMap-ldap-script.yaml b/base/resources/nextcloud/resources/ConfigMap-ldap-script.yaml deleted file mode 100644 index 220bbe5..0000000 --- a/base/resources/nextcloud/resources/ConfigMap-ldap-script.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: script-config-ldap -data: - poststart-ldap.sh: | - #!/bin/sh - - NEXTCLOUD_READY=0 - MAX_RETRIES=30 - RETRY_INTERVAL=10 - - touch /etc/script/validator.txt - # Vérifiez si LDAP est déjà activé - # if ! su -s /bin/sh -c "/var/www/html/occ app:list --output=json" www-data | jq -e '.enabled | has("user_ldap")'; then - # Activez le module LDAP si ce n'est pas déjà fait - # su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data - #fi - for i in $(seq 1 $MAX_RETRIES); do - if curl -fsS "http://localhost/status.php" > /dev/null; then - NEXTCLOUD_READY=1 - break - else - echo "En attente de Nextcloud (tentative $i/$MAX_RETRIES)..." >> /etc/script/validator.txt - sleep $RETRY_INTERVAL - fi - done - - if [ $NEXTCLOUD_READY -eq 0 ]; then - echo "Nextcloud n'est pas prêt après $MAX_RETRIES tentatives. Abandon de l'initialisation LDAP." >> /etc/script/validator.txt - exit 1 - fi - - su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data - - # Configurez LDAP (configuration minimale) - su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapHost --value='ldap.example.com'" www-data - su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapBase --value='dc=example,dc=com'" www-data - su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentName --value='cn=admin,dc=example,dc=com'" www-data - su -s /bin/sh -c "/var/www/html/occ config:app:set user_ldap ldapAgentPassword --value='your_password'" www-data - - # Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart. - #exec /entrypoint.sh "$@" - -# su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data -# est fonctionnel dans le pods nextcloud ! \ No newline at end of file diff --git a/base/resources/nextcloud/resources/ConfigMap-plugins.yaml b/base/resources/nextcloud/resources/ConfigMap-plugins.yaml deleted file mode 100644 index c648113..0000000 --- a/base/resources/nextcloud/resources/ConfigMap-plugins.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: script-config-plugins -data: - poststart-plugins.sh: | - #!/bin/sh - - NEXTCLOUD_READY=0 - MAX_RETRIES=30 - RETRY_INTERVAL=10 - - touch /etc/script/plugins.txt - - for i in $(seq 1 $MAX_RETRIES); do - if curl -fsS "http://localhost/status.php" > /dev/null; then - NEXTCLOUD_READY=1 - break - else - echo "En attente de Nextcloud (tentative $i/$MAX_RETRIES)..." >> /etc/script/plugins.txt - sleep $RETRY_INTERVAL - fi - done - - if [ $NEXTCLOUD_READY -eq 0 ]; then - echo "Nextcloud n'est pas prêt après $MAX_RETRIES tentatives. Abandon de l'initialisation des plugins." >> /etc/script/plugins.txt - exit 1 - fi - - su -s /bin/sh -c "/var/www/html/occ app:install calendar" www-data diff --git a/base/resources/nextcloud/resources/ConfigMap.yaml b/base/resources/nextcloud/resources/ConfigMap.yaml deleted file mode 100644 index 4f8dea7..0000000 --- a/base/resources/nextcloud/resources/ConfigMap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: update-config -data: - custom-script.sh: | - #!/bin/sh - - HOSTS_FILE="/etc/hosts" - - # Ajoutez l'entrée au fichier hosts - MINIO_SERVICE_IP="${MINIO_SERVICE_HOST}" - MINIO_NAME="${MINIO_SERVICE_NAME}" - echo "$MINIO_SERVICE_IP" minio >> $HOSTS_FILE \ No newline at end of file diff --git a/base/resources/nextcloud/resources/deployment.yaml b/base/resources/nextcloud/resources/deployment.yaml index 33499d1..20a4334 100644 --- a/base/resources/nextcloud/resources/deployment.yaml +++ b/base/resources/nextcloud/resources/deployment.yaml @@ -4,9 +4,9 @@ metadata: labels: app: nextcloud component: app - name: app + name: nextcloud-app spec: -# serviceName: nextcloud + # serviceName: nextcloud replicas: 1 selector: matchLabels: @@ -21,16 +21,16 @@ spec: containers: - image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache imagePullPolicy: Always - name: app + name: nextcloud ports: - containerPort: 80 lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && /etc/script/poststart-plugins.sh && touch /etc/script/try01.txt"] -# envFrom: -# - configMapRef: -# name: nextcloud-env + command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates"] + envFrom: + - configMapRef: + name: nextcloud-env env: - name: POSTGRES_DB value: nextcloud @@ -46,56 +46,16 @@ spec: key: password - name: POSTGRES_HOST value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local - - name: NEXTCLOUD_ADMIN_USER - value: admin - - name: NEXTCLOUD_ADMIN_PASSWORD # 5 - value: cadoles - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: "*.cadoles.fr" - name: NEXTCLOUD_INIT_LOCK value: "true" - - name: PHP_MEMORY_LIMIT - value: 512M - - name: PHP_UPLOAD_LIMIT - value: 4G - name: POD_INDEX valueFrom: fieldRef: fieldPath: metadata.name - name: REDIS_HOST - value: redis # équivaut à redis.nextcloud.svc.cluster.local -# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator + value: redis - name: REDIS_HOST_PORT value: "6379" - ###################### - # Partie minio S3 - - name: OBJECTSTORE_S3_HOST - value: minio:$(MINIO_SERVICE_PORT) -# value: $(MINIO_SERVICE_NAME):$(MINIO_SERVICE_PORT) - - name: OBJECTSTORE_S3_BUCKET - value: nextcloud-minio - - name: OBJECTSTORE_S3_KEY # 15 - value: minio_root - - name: OBJECTSTORE_S3_SECRET - value: MinioRootNotSoSecret - - name: OBJECTSTORE_S3_USEPATH_STYLE - value: "true" - - name: OBJECTSTORE_S3_SSL # 18 - value: "true" - ################################## -# Mise en place SMTP - - name: MAIL_FROM_ADDRESS - value: "user" - - name: MAIL_DOMAIN - value: "domain.com" - - name: SMTP_HOST - value: "domain.com" - - name: SMTP_SECURE - value: "ssl" - - name: SMTP_PORT - value: "465" - - name: SMTP_AUTHTYPE - value: "LOGIN" - name: SMTP_NAME valueFrom: secretKeyRef: @@ -106,34 +66,8 @@ spec: secretKeyRef: name: nextcloud-smtp key: smtp-password - - name: NEXTCLOUD_DATA_DIR value: "/var/www/html/data" - livenessProbe: # vérifie si c'est planté ou non - httpGet: - path: /status.php - port: 80 # en reférence à ingress.yaml ? - httpHeaders: - - name: Host - value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml - initialDelaySeconds: 50 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: # vérifie si c'est ok pour envoyer des requête ou non - httpGet: - path: /status.php - port: 80 # en référence à ingress.yaml ? - httpHeaders: - - name: Host - value: nxt.cadoles.fr # valeurs égale à celle dans ingress.yaml - initialDelaySeconds: 50 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - volumeMounts: - mountPath: /var/www/ name: nextcloud-main-volume @@ -149,52 +83,7 @@ spec: name: nextcloud-tmp-volume - mountPath: /var/www/html/themes name: nextcloud-themes-volume - -# ICI montage pour les script ! - - mountPath: /etc/script/poststart-ldap.sh - name: script-config-ldap - subPath: poststart-ldap.sh - - mountPath: /etc/script/poststart-plugins.sh - name: script-config-plugins - subPath: poststart-plugins.sh - - mountPath: /etc/script/custom-script.sh - name: update-config-script - subPath: custom-script.sh - - mountPath: /etc/minio-ccerts - name: minio-certs - readOnly: true - - # MOUNT-TRY-multi-instance -# - name: nextcloud-config-volume # monte le fichier de configuration dans -# mountPath: /var/www/html/config # les instances supplémentaire -# readOnly: false # via le configmap ConfigMaps-php.yaml - - restartPolicy: Always - serviceAccountName: nextcloud-sa # declare user for initcontainer - - # trois volumes pour les script volumes: - - name: minio-certs - secret: - secretName: nextcloud-minio-tls # montage des certificat de minio - - name: update-config-script - configMap: - name: update-config - defaultMode: 0744 - - name: script-config-ldap - configMap: - name: script-config-ldap - defaultMode: 0744 - - name: script-config-plugins - configMap: - name: script-config-plugins - defaultMode: 0744 - -# MOUNT-TRY-multi-instance -# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans -# configMap: # les instances supplémentaires -# name: nextcloud-config # via le configmap ConfigMaps-php.yaml - - name: nextcloud-main-volume persistentVolumeClaim: claimName: nextcloud-main-pvc @@ -216,23 +105,5 @@ spec: - name: nextcloud-themes-volume persistentVolumeClaim: claimName: nextcloud-themes-pvc - - initContainers: # cf README.md part ##YAML explain / ### PODS WAIT - - name: wait-for-bootstrap - image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3 - args: - - job - - $(MINIO_BOOTSTRAP_JOB_NAME) - - -##################################################### -# For REDIS-OPERATOR USE THIS TO SET PORT -##################################################### -# - name: REDIS_HOST_PORT -# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT) -# - name: REDIS_HOST_PASSWORD -# valueFrom: -# secretKeyRef: -# name: redis-secret -# key: password -##################################################### + restartPolicy: Always + serviceAccountName: nextcloud-sa # declare user for initcontainer diff --git a/base/resources/nextcloud/resources/files/minio/config.env b/base/resources/nextcloud/resources/files/minio/config.env deleted file mode 100644 index d8176ff..0000000 --- a/base/resources/nextcloud/resources/files/minio/config.env +++ /dev/null @@ -1,4 +0,0 @@ -export MINIO_ROOT_USER="minio_root" -export MINIO_ROOT_PASSWORD="MinioRootNotSoSecret" -export MINIO_STORAGE_CLASS_STANDARD="EC:2" -export MINIO_BROWSER="on" \ No newline at end of file diff --git a/base/resources/nextcloud/resources/files/parameters.yaml b/base/resources/nextcloud/resources/files/parameters.yaml deleted file mode 100644 index d751b3a..0000000 --- a/base/resources/nextcloud/resources/files/parameters.yaml +++ /dev/null @@ -1,8 +0,0 @@ - #API minio - minio_url: 'http://%env(string:MINIO_SERVICE_NAME)%:9000' - minio_key: '%env(string:MINIO_KEY)%' - minio_secret: '%env(string:MINIO_SECRET)%' - minio_bucket: 'nextcloud' - minio_root: '' - minio_path_style: true - minio_secure: false \ No newline at end of file diff --git a/base/resources/nextcloud/resources/ingress.yaml b/base/resources/nextcloud/resources/ingress.yaml index 97fe7a9..544a1dd 100644 --- a/base/resources/nextcloud/resources/ingress.yaml +++ b/base/resources/nextcloud/resources/ingress.yaml @@ -4,16 +4,16 @@ metadata: name: nextcloud annotations: -# kustomize.config.k8s.io/needs: configmap/nextcloud-envi + # kustomize.config.k8s.io/needs: configmap/nextcloud-envi nginx.ingress.kubernetes.io/proxy-body-size: "138m" - nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01 + nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01 nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01 # nginx.ingress.kubernetes.io/client_max_body_size: "100m" spec: ingressClassName: nginx rules: - - host: nxt.cadoles.fr + - host: nxt.base.fr http: paths: - path: / @@ -24,4 +24,4 @@ spec: port: number: 80 -# cf 01 => https://artifacthub.io/packages/helm/nextcloud/nextcloud \ No newline at end of file +# cf 01 => https://artifacthub.io/packages/helm/nextcloud/nextcloud diff --git a/base/resources/nextcloud/resources/job.yaml b/base/resources/nextcloud/resources/job.yaml deleted file mode 100644 index 66a7db8..0000000 --- a/base/resources/nextcloud/resources/job.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: create-minio-bucket -spec: - template: - spec: - initContainers: - - name: wait-for-minio - image: busybox - envFrom: - - configMapRef: - name: nextcloud-env - command: ["sh", "-c"] - args: - - | - echo "attente du service minio..." - cnt=0 - tout=300 - while [ 1 ] - do - http_code=$(wget --server-response https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}/minio/health/live 2>&1 | awk '/^ HTTP/{print $2}') - if [ "${http_code}" != "200" ]; then - echo "waiting for https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}" - sleep 1 - else - exit 0 - fi - - cnt=$((cnt+1)) - if [ "${cnt}" -ge "${tout}" ]; then - exit 3 - fi - done -# Encore nécessaire ? - containers: - - name: create-bucket - image: minio/mc - envFrom: - - configMapRef: - name: nextcloud-env - env: - - name: CONSOLE_ACCESS_KEY - valueFrom: - secretKeyRef: - name: nextcloud-minio-user - key: CONSOLE_ACCESS_KEY - - name: CONSOLE_SECRET_KEY - valueFrom: - secretKeyRef: - name: nextcloud-minio-user - key: CONSOLE_SECRET_KEY - command: ["sh", "-c"] - args: - - | - echo "création de l'alias my-minio" - mc alias set --insecure my-minio http://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY} - echo "création du bucket..." - mc mb --insecure my-minio/nextcloud-minio - echo "Bucket créé. normalement" - restartPolicy: OnFailure -# Est-ce que je mettrais pas mon ldap ici ? => ConfigMap-ldap-script.yaml ? - diff --git a/base/resources/nextcloud/resources/namespace.yaml b/base/resources/nextcloud/resources/namespace.yaml deleted file mode 100644 index d1f173a..0000000 --- a/base/resources/nextcloud/resources/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: nextcloud diff --git a/base/resources/nextcloud/resources/nextcloud-role.yaml b/base/resources/nextcloud/resources/nextcloud-role.yaml index 42d952e..9921d09 100644 --- a/base/resources/nextcloud/resources/nextcloud-role.yaml +++ b/base/resources/nextcloud/resources/nextcloud-role.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -17,10 +16,12 @@ rules: - v1 resources: - secrets + - services + - pods verbs: - get - list - - patch + #- patch # Declaration d'un role nommé status-reader et attribution de droit diff --git a/base/resources/nextcloud/resources/nextcloud-tenant.yaml b/base/resources/nextcloud/resources/nextcloud-tenant.yaml deleted file mode 100644 index e0036ac..0000000 --- a/base/resources/nextcloud/resources/nextcloud-tenant.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: minio.min.io/v2 -kind: Tenant -metadata: - name: nextcloud-minio -spec: - certConfig: - dnsNames: - - "minio" - pools: - - servers: 2 - name: pool-0 - volumesPerServer: 2 - volumeClaimTemplate: - metadata: - name: nextcloud-minio-data # juste son nom dans le cluster - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - # env: - # - name: MINIO_CONSOLE_TLS_ENABLE - # value: "off" - containerSecurityContext: - runAsUser: 1000 # droit d'accès user - runAsGroup: 1000 # droit d'accès group - runAsNonRoot: true # accès sans être root - configuration: - name: nextcloud-minio-configuration # cf resources/nextcloud/resources/kustomization.yaml - users: - - name: nextcloud-minio-user # cf resources/nextcloud/resources/kustomization.yaml - diff --git a/base/resources/nextcloud/resources/pvc.yaml b/base/resources/nextcloud/resources/pvc.yaml deleted file mode 100644 index 7a5d10e..0000000 --- a/base/resources/nextcloud/resources/pvc.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-main-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-html-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-data-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 20Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-config-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-custom-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 2Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-tmp-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-themes-pvc -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 2Gi diff --git a/base/resources/nextcloud/resources/pvc/00-main.yaml b/base/resources/nextcloud/resources/pvc/00-main.yaml new file mode 100644 index 0000000..9454edf --- /dev/null +++ b/base/resources/nextcloud/resources/pvc/00-main.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-main-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi diff --git a/base/resources/nextcloud/resources/pvc/01-html.yaml b/base/resources/nextcloud/resources/pvc/01-html.yaml new file mode 100644 index 0000000..21799c4 --- /dev/null +++ b/base/resources/nextcloud/resources/pvc/01-html.yaml @@ -0,0 +1,12 @@ + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-html-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 5Gi diff --git a/base/resources/nextcloud/resources/pvc/02-data.yaml b/base/resources/nextcloud/resources/pvc/02-data.yaml new file mode 100644 index 0000000..2c6d7e9 --- /dev/null +++ b/base/resources/nextcloud/resources/pvc/02-data.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-data-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi diff --git a/base/resources/nextcloud/resources/pvc/03-config.yaml b/base/resources/nextcloud/resources/pvc/03-config.yaml new file mode 100644 index 0000000..1cf8e84 --- /dev/null +++ b/base/resources/nextcloud/resources/pvc/03-config.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-config-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi diff --git a/base/resources/nextcloud/resources/pvc/04-custom.yaml b/base/resources/nextcloud/resources/pvc/04-custom.yaml new file mode 100644 index 0000000..35d2d7a --- /dev/null +++ b/base/resources/nextcloud/resources/pvc/04-custom.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-custom-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi diff --git a/base/resources/nextcloud/resources/pvc/06-tmp.yaml b/base/resources/nextcloud/resources/pvc/06-tmp.yaml new file mode 100644 index 0000000..e676abc --- /dev/null +++ b/base/resources/nextcloud/resources/pvc/06-tmp.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-tmp-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 5Gi diff --git a/base/resources/nextcloud/resources/pvc/07-themes.yaml b/base/resources/nextcloud/resources/pvc/07-themes.yaml new file mode 100644 index 0000000..09d93f9 --- /dev/null +++ b/base/resources/nextcloud/resources/pvc/07-themes.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-themes-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi diff --git a/overlays/dev/patches/ConfigMap-ldap-script.yaml b/overlays/dev/patches/ConfigMap-ldap-script.yaml deleted file mode 100644 index 4329b5b..0000000 --- a/overlays/dev/patches/ConfigMap-ldap-script.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: script-config-ldap -data: - poststart-ldap.sh: | - #!/bin/sh - - NEXTCLOUD_READY=0 - MAX_RETRIES=30 - RETRY_INTERVAL=10 - - touch /etc/script/validator.txt - # Vérifiez si LDAP est déjà activé - # if ! su -s /bin/sh -c "/var/www/html/occ app:list --output=json" www-data | jq -e '.enabled | has("user_ldap")'; then - # Activez le module LDAP si ce n'est pas déjà fait - # su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data - #fi - for i in $(seq 1 $MAX_RETRIES); do - if curl -fsS "http://localhost/status.php" > /dev/null; then - NEXTCLOUD_READY=1 - break - else - echo "En attente de Nextcloud (tentative $i/$MAX_RETRIES)..." >> /etc/script/validator.txt - sleep $RETRY_INTERVAL - fi - done - - if [ $NEXTCLOUD_READY -eq 0 ]; then - echo "Nextcloud n'est pas prêt après $MAX_RETRIES tentatives. Abandon de l'initialisation LDAP." >> /etc/script/validator.txt - exit 1 - fi - - su -s /bin/sh -c "/var/www/html/occ app:install user_ldap" www-data - su -s /bin/sh -c "/var/www/html/occ app:update user_ldap" www-data - su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data - #su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data - - ## test if backend ldap is activated and create empty config if not - # - touch /tmp/nxt-ldap.txt - chown www-data: /tmp/nxt-ldap.txt - su -s /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt" www-data - if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then - su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data - fi - - # Configurez LDAP (configuration minimale) - - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_host '${NEXTCLOUD_LDAP_HOST}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_base '${NEXTCLOUD_LDAP_BASE}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_dn '${NEXTCLOUD_LDAP_DN}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_agent_password '${NEXTCLOUD_LDAP_PASSWD}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseGroups '${NEXTCLOUD_LDAP_BASE_GROUPS}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseUsers '${NEXTCLOUD_LDAP_BASE_USERS}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapConfigurationActive '${NEXTCLOUD_LDAP_ACTIVE_CONF}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'" www-data - su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'" www-data - - # Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart. - #exec /entrypoint.sh "$@" - - # su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data - # est fonctionnel dans le pods nextcloud ! - - #liste config : su -s /bin/sh -c "/var/www/html/occ config:list" www-data diff --git a/overlays/dev/patches/deployment.yaml b/overlays/dev/patches/deployment.yaml index c126d1c..3e39575 100644 --- a/overlays/dev/patches/deployment.yaml +++ b/overlays/dev/patches/deployment.yaml @@ -1,39 +1,20 @@ apiVersion: apps/v1 kind: Deployment metadata: - labels: - app: nextcloud - component: app - name: app + name: nextcloud-app spec: -# serviceName: nextcloud - replicas: 1 - selector: - matchLabels: - app: nextcloud - component: app + replicas: 3 template: - metadata: - labels: - app: nextcloud - component: app spec: + initContainers: + - name: wait-for-bootstrap + image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3 + args: + - job + - $(MINIO_BOOTSTRAP_JOB_NAME) containers: - - image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache - imagePullPolicy: Always - name: app - ports: - - containerPort: 80 - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && /etc/script/poststart-plugins.sh && touch /etc/script/try01.txt"] -# envFrom: -# - configMapRef: -# name: nextcloud-env + - name: nextcloud env: - - name: POSTGRES_DB - value: nextcloud - name: POSTGRES_USER valueFrom: secretKeyRef: @@ -44,250 +25,67 @@ spec: secretKeyRef: name: nextcloud-postgres-app key: password - - name: POSTGRES_HOST - value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local - - name: NEXTCLOUD_ADMIN_USER - value: admincadoles - - name: NEXTCLOUD_ADMIN_PASSWORD # 5 - value: CadolesNotSecret - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: "*.cadoles.fr" - - name: NEXTCLOUD_INIT_LOCK + - name: OBJECTSTORE_S3_BUCKET + value: nxt-minio + - name: OBJECTSTORE_S3_AUTOCREATE value: "true" - - name: PHP_MEMORY_LIMIT - value: 512M - - name: PHP_UPLOAD_LIMIT - value: 4G - - name: POD_INDEX + - name: OBJECTSTORE_S3_KEY valueFrom: - fieldRef: - fieldPath: metadata.name - - name: REDIS_HOST - value: redis # équivaut à redis.nextcloud.svc.cluster.local -# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator - - name: REDIS_HOST_PORT - value: "6379" - ###################### - # Partie minio S3 + secretKeyRef: + name: nextcloud-minio-user + key: CONSOLE_ACCESS_KEY + - name: OBJECTSTORE_S3_SECRET + valueFrom: + secretKeyRef: + name: nextcloud-minio-user + key: CONSOLE_SECRET_KEY - name: OBJECTSTORE_S3_HOST value: minio:$(MINIO_SERVICE_PORT) - - name: OBJECTSTORE_S3_BUCKET - value: nextcloud-minio - - name: OBJECTSTORE_S3_KEY # 15 - value: minio_root - - name: OBJECTSTORE_S3_SECRET - value: MinioRootNotSoSecret + - name: OBJECTSTORE_S3_PORT + value: "443" + - name: OBJECTSTORE_S3_SSL + value: "true" - name: OBJECTSTORE_S3_USEPATH_STYLE value: "true" - - name: OBJECTSTORE_S3_SSL # 18 - value: "true" -# # Partie AWS S3 => fonctionnelle sur scaleway -# - name: OBJECTSTORE_S3_BUCKET -# value: nextcloud-cadoles -# - name: OBJECTSTORE_S3_HOST -# value: s3.fr-par.scw.cloud -# - name: OBJECTSTORE_S3_PORT -# value: "443" -# - name: OBJECTSTORE_S3_REGION -# value: fr-par -# - name: OBJECTSTORE_S3_KEY -# value: MyAPIKey -# - name: OBJECTSTORE_S3_SECRET -# value: MyAPISecret -# - name: OBJECTSTORE_S3_USEPATH_STYLE -# value: "false" -# - name: OBJECTSTORE_S3_SSL -# value: "true" -# - name: OBJECTSTORE_S3_AUTOCREATE -# value: "true" -# - name: OBJECTSTORE_S3_OBJECT_PREFIX -# value: nxt_ - -# Mise en place SMTP - - name: MAIL_FROM_ADDRESS - value: "nextcloud" - - name: MAIL_DOMAIN - value: "cadoles.com" - - name: SMTP_HOST - value: "groupware.cadoles.com" - - name: SMTP_SECURE - value: "STARTTLS" - - name: SMTP_PORT - value: "587" - - name: SMTP_AUTHTYPE - value: "LOGIN" - - name: SMTP_NAME - valueFrom: - secretKeyRef: - name: nextcloud-smtp - key: smtp-username - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: nextcloud-smtp - key: smtp-password - - - name: NEXTCLOUD_DATA_DIR - value: "/var/www/html/data" - -# ADD LDAP CONF - - name: NEXTCLOUD_LDAP_HOST - value: ldaps://ldap.cadoles.com - - name: NEXTCLOUD_LDAP_BASE - value: ou=cadoles,o=gouv,c=fr - - name: NEXTCLOUD_LDAP_DN - value: cn=reader,o=gouv,c=fr - - name: NEXTCLOUD_LDAP_PASSWD - value: phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae - - name: NEXTCLOUD_LDAP_BASE_GROUPS - value: ou=groups,ou=cadoles,o=gouv,c=fr - - name: NEXTCLOUD_LDAP_BASE_USERS - value: ou=users,ou=cadoles,o=gouv,c=fr - - name: NEXTCLOUD_LDAP_ACTIVE_CONF - value: '1' - - name: NEXTCLOUD_LDAP_ADMIN_EXP - value: '0' - - name: NEXTCLOUD_LDAP_EXP_UUID - value: cn - - name: NEXTCLOUD_LDAP_LOGIN_FILTER - value: (&(objectClass=person)(uid=%uid)) - - name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR - value: uid - - name: NEXTCLOUD_LDAP_PORT - value: '636' - - name: NEXTCLOUD_LDAP_USR_FILTR - value: (|(objectclass=person)) - - name: NEXTCLOUD_LDAP_OBJ_FILTR - value: person - - name: NEXTCLOUD_LDAP_MAIL_ATTR - value: mail - - name: NEXTCLOUD_LDAP_USER_DISP - value: cn - - name: NEXTCLOUD_LDAP_GROUP_FILTR - value: (&(|(objectclass=cadolesGroup))) - - name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS - value: cadolesGroup - - name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO - value: gidNumber - - livenessProbe: + livenessProbe: httpGet: path: /status.php - port: 80 + port: 80 httpHeaders: - name: Host - value: nxt.cadoles.fr + value: nxt.cadoles.lan initialDelaySeconds: 50 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 - readinessProbe: + readinessProbe: httpGet: path: /status.php - port: 80 + port: 80 httpHeaders: - name: Host - value: nxt.cadoles.fr + value: nxt.cadoles.lan initialDelaySeconds: 50 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 6 - volumeMounts: - - mountPath: /var/www/ - name: nextcloud-main-volume - - mountPath: /var/www/html - name: nextcloud-html-volume - - mountPath: /var/www/html/data - name: nextcloud-data-volume - - mountPath: /var/www/html/config - name: nextcloud-config-volume - - mountPath: /var/www/html/custom_apps - name: nextcloud-custom-volume - - mountPath: /var/www/tmp - name: nextcloud-tmp-volume - - mountPath: /var/www/html/themes - name: nextcloud-themes-volume - -# ICI montage pour les script ! - - mountPath: /etc/script/poststart-ldap.sh + - mountPath: /docker-entrypoint-hooks.d/post-installation/ldap.sh name: script-config-ldap subPath: poststart-ldap.sh - - mountPath: /etc/script/custom-script.sh - name: update-config-script - subPath: custom-script.sh - mountPath: /etc/minio-ccerts name: minio-certs readOnly: true - -# MOUNT-TRY-multi-instance -# - name: nextcloud-config-volume # monte le fichier de configuration dans -# mountPath: /var/www/html/config # les instances supplémentaire -# readOnly: false # via le configmap ConfigMaps-php.yaml - - restartPolicy: Always - serviceAccountName: nextcloud-sa # declare user for initcontainer - - # trois volumes pour les script volumes: - name: minio-certs secret: - secretName: nextcloud-minio-tls # montage des certificat de minio - - name: update-config-script - configMap: - name: update-config - defaultMode: 0744 + secretName: nextcloud-minio-tls - name: script-config-ldap configMap: name: script-config-ldap - defaultMode: 0744 - -# MOUNT-TRY-multi-instance -# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans -# configMap: # les instances supplémentaires -# name: nextcloud-config # via le configmap ConfigMaps-php.yaml - - - name: nextcloud-main-volume - persistentVolumeClaim: - claimName: nextcloud-main-pvc - - name: nextcloud-html-volume - persistentVolumeClaim: - claimName: nextcloud-html-pvc - - name: nextcloud-data-volume - persistentVolumeClaim: - claimName: nextcloud-data-pvc - - name: nextcloud-config-volume - persistentVolumeClaim: - claimName: nextcloud-config-pvc - - name: nextcloud-custom-volume - persistentVolumeClaim: - claimName: nextcloud-custom-pvc - - name: nextcloud-tmp-volume - persistentVolumeClaim: - claimName: nextcloud-tmp-pvc - - name: nextcloud-themes-volume - persistentVolumeClaim: - claimName: nextcloud-themes-pvc - - initContainers: # cf README.md part ##YAML explain / ### PODS WAIT - - name: wait-for-bootstrap - image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3 - args: - - job - - $(MINIO_BOOTSTRAP_JOB_NAME) - - -##################################################### -# For REDIS-OPERATOR USE THIS TO SET PORT -##################################################### -# - name: REDIS_HOST_PORT -# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT) -# - name: REDIS_HOST_PASSWORD -# valueFrom: -# secretKeyRef: -# name: redis-secret -# key: password -##################################################### + defaultMode: 0755 + restartPolicy: Always + serviceAccountName: nextcloud-sa diff --git a/overlays/dev/patches/job.yaml b/overlays/dev/patches/job.yaml deleted file mode 100644 index 7f125c8..0000000 --- a/overlays/dev/patches/job.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: create-minio-bucket -spec: - template: - spec: - initContainers: - - name: wait-for-minio - image: reg.cadoles.com/proxy_cache/library/debian:bookworm - envFrom: - - configMapRef: - name: nextcloud-env - command: ["sh", "-c"] - args: - - | - echo "attente du service minio..." - cnt=0 - tout=300 - apt update && apt install --yes --force-yes wget openssl - cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates - while [ 1 ] - do - http_code=$(wget --server-response https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}/minio/health/live 2>&1 | awk '/^ HTTP/{print $2}') - if [ "${http_code}" != "200" ]; then - echo "waiting for https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}" - sleep 1 - else - exit 0 - fi - - cnt=$((cnt+1)) - if [ "${cnt}" -ge "${tout}" ]; then - exit 3 - fi - done -# Encore nécessaire ? - containers: - - name: create-bucket - image: minio/mc - envFrom: - - configMapRef: - name: nextcloud-env - env: - - name: CONSOLE_ACCESS_KEY - valueFrom: - secretKeyRef: - name: nextcloud-minio-user - key: CONSOLE_ACCESS_KEY - - name: CONSOLE_SECRET_KEY - valueFrom: - secretKeyRef: - name: nextcloud-minio-user - key: CONSOLE_SECRET_KEY - command: ["sh", "-c"] - args: - - | - echo "création de l'alias my-minio" - mc alias set --insecure my-minio http://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY} - echo "création du bucket..." - mc mb --insecure my-minio/nextcloud-minio - echo "Bucket créé. normalement" - restartPolicy: OnFailure - - diff --git a/overlays/dev/patches/nginx-ingress.yaml b/overlays/dev/patches/nginx-ingress.yaml index c8977de..b96071e 100644 --- a/overlays/dev/patches/nginx-ingress.yaml +++ b/overlays/dev/patches/nginx-ingress.yaml @@ -5,18 +5,18 @@ metadata: annotations: nginx.ingress.kubernetes.io/proxy-body-size: "5m" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" cert-manager.io/issuer: cadoles-selfsigned-ca spec: ingressClassName: nginx tls: - hosts: - - nxt.cadoles.fr + - nxt.cadoles.lan secretName: cadoles-selfsigned-ca rules: - - host: nxt.cadoles.fr + - host: nxt.cadoles.lan http: paths: - path: / diff --git a/overlays/dev/resources/files/minio/config.env b/overlays/dev/resources/files/minio/config.env index f443282..d8176ff 100644 --- a/overlays/dev/resources/files/minio/config.env +++ b/overlays/dev/resources/files/minio/config.env @@ -1,4 +1,4 @@ -export MINIO_ROOT_USER="cadoles" -export MINIO_ROOT_PASSWORD="cadoles;21" +export MINIO_ROOT_USER="minio_root" +export MINIO_ROOT_PASSWORD="MinioRootNotSoSecret" export MINIO_STORAGE_CLASS_STANDARD="EC:2" export MINIO_BROWSER="on" \ No newline at end of file diff --git a/base/resources/nextcloud/resources/files/minio/configurations/tenants.minio.min.io.yaml b/overlays/dev/resources/files/minio/configurations/tenants.minio.min.io.yaml similarity index 100% rename from base/resources/nextcloud/resources/files/minio/configurations/tenants.minio.min.io.yaml rename to overlays/dev/resources/files/minio/configurations/tenants.minio.min.io.yaml diff --git a/overlays/dev/resources/nextcloud/cm-ldap-script.yaml b/overlays/dev/resources/nextcloud/cm-ldap-script.yaml new file mode 100644 index 0000000..ed71b7f --- /dev/null +++ b/overlays/dev/resources/nextcloud/cm-ldap-script.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: script-config-ldap +data: + poststart-ldap.sh: | + #!/bin/sh + + /bin/sh -c "/var/www/html/occ app:install user_ldap" + /bin/sh -c "/var/www/html/occ app:update user_ldap" + /bin/sh -c "/var/www/html/occ app:enable user_ldap" + + /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt" + if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then + /bin/sh -c "/var/www/html/occ ldap:create-empty-config" + fi + + # Configurez LDAP (configuration minimale) + + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_host '${NEXTCLOUD_LDAP_HOST}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_base '${NEXTCLOUD_LDAP_BASE}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_dn '${NEXTCLOUD_LDAP_DN}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_agent_password '${NEXTCLOUD_LDAP_PASSWD}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseGroups '${NEXTCLOUD_LDAP_BASE_GROUPS}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseUsers '${NEXTCLOUD_LDAP_BASE_USERS}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapConfigurationActive '${NEXTCLOUD_LDAP_ACTIVE_CONF}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'" + /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'" + + # Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart. + #exec /entrypoint.sh "$@" + + # /bin/sh -c "/var/www/html/occ app:enable user_ldap" + # est fonctionnel dans le pods nextcloud ! + + #liste config : /bin/sh -c "/var/www/html/occ config:list" diff --git a/overlays/dev/resources/host-config.yaml b/overlays/dev/resources/nextcloud/host-config.yaml similarity index 100% rename from overlays/dev/resources/host-config.yaml rename to overlays/dev/resources/nextcloud/host-config.yaml diff --git a/overlays/dev/resources/nextcloud/job-minio.yaml b/overlays/dev/resources/nextcloud/job-minio.yaml new file mode 100644 index 0000000..14bab7b --- /dev/null +++ b/overlays/dev/resources/nextcloud/job-minio.yaml @@ -0,0 +1,41 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: create-minio-bucket +spec: + template: + spec: + initContainers: + - name: wait-for-minio + image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3 + args: + - service + - minio + containers: + - name: create-bucket + image: minio/mc + envFrom: + - configMapRef: + name: nextcloud-env + env: + - name: CONSOLE_ACCESS_KEY + valueFrom: + secretKeyRef: + name: nextcloud-minio-user + key: CONSOLE_ACCESS_KEY + - name: CONSOLE_SECRET_KEY + valueFrom: + secretKeyRef: + name: nextcloud-minio-user + key: CONSOLE_SECRET_KEY + command: ["sh", "-c"] + args: + - | + echo "création de l'alias my-minio" + mc alias set --insecure my-minio https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY} + echo "création du bucket..." + mc mb --insecure my-minio/nextcloud-minio + echo "Bucket créé. normalement" + restartPolicy: OnFailure + serviceAccountName: nextcloud-sa # declare user for initcontainer + diff --git a/overlays/dev/patches/nextcloud-tenant.yaml b/overlays/dev/resources/nextcloud/minio-tenant.yaml similarity index 58% rename from overlays/dev/patches/nextcloud-tenant.yaml rename to overlays/dev/resources/nextcloud/minio-tenant.yaml index 0875c24..36c4aa0 100644 --- a/overlays/dev/patches/nextcloud-tenant.yaml +++ b/overlays/dev/resources/nextcloud/minio-tenant.yaml @@ -12,22 +12,18 @@ spec: volumesPerServer: 3 volumeClaimTemplate: metadata: - name: nextcloud-minio-data # juste son nom dans le cluster + name: nextcloud-minio-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 3Gi - # env: - # - name: MINIO_CONSOLE_TLS_ENABLE - # value: "off" containerSecurityContext: - runAsUser: 1000 + runAsUser: 1000 runAsGroup: 1000 - runAsNonRoot: true + runAsNonRoot: true configuration: - name: nextcloud-minio-configuration + name: nextcloud-minio-configuration users: - - name: nextcloud-minio-user - + - name: nextcloud-minio-user diff --git a/overlays/dev/resources/namespace.yaml b/overlays/dev/resources/nextcloud/namespace.yaml similarity index 100% rename from overlays/dev/resources/namespace.yaml rename to overlays/dev/resources/nextcloud/namespace.yaml diff --git a/overlays/dev/resources/ssl.yaml b/overlays/dev/resources/nextcloud/ssl.yaml similarity index 90% rename from overlays/dev/resources/ssl.yaml rename to overlays/dev/resources/nextcloud/ssl.yaml index 6f2098d..f14efa3 100644 --- a/overlays/dev/resources/ssl.yaml +++ b/overlays/dev/resources/nextcloud/ssl.yaml @@ -15,7 +15,7 @@ spec: - cadoles # The use of the common name field has been deprecated since 2000 and is # discouraged from being used. - commonName: cadoles.fr + commonName: cadoles.lan isCA: false privateKey: algorithm: RSA @@ -27,8 +27,8 @@ spec: # At least one of a DNS Name, URI, or IP address is required. dnsNames: - nextcloud - - nextcloud.cadoles.fr - - nxt.cadoles.fr + - nextcloud.cadoles.lan + - nxt.cadoles.lan # Issuer references are always required. issuerRef: name: cadoles-ca-issuer @@ -37,4 +37,4 @@ spec: kind: Issuer # This is optional since cert-manager will default to this value however # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io \ No newline at end of file + group: cert-manager.io