CadolesKube/nextcloud-kustom
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleaning base and improving overlay dev

Browse Source
This commit is contained in:
Philippe Caseiro
2023-09-13 17:01:06 +02:00
parent 0d3f60db94
commit 240029f2dc
36 changed files with 255 additions and 880 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
overlays/dev/patches/ConfigMap-ldap-script.yaml
View File

@ -1,76 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: script-config-ldap
data:
poststart-ldap.sh: |
#!/bin/sh
NEXTCLOUD_READY=0
MAX_RETRIES=30
RETRY_INTERVAL=10
touch /etc/script/validator.txt
# Vérifiez si LDAP est déjà activé
# if ! su -s /bin/sh -c "/var/www/html/occ app:list --output=json" www-data | jq -e '.enabled | has("user_ldap")'; then
# Activez le module LDAP si ce n'est pas déjà fait
# su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
#fi
for i in $(seq 1 $MAX_RETRIES); do
if curl -fsS "http://localhost/status.php" > /dev/null; then
NEXTCLOUD_READY=1
break
else
echo "En attente de Nextcloud (tentative $i/$MAX_RETRIES)..." >> /etc/script/validator.txt
sleep $RETRY_INTERVAL
fi
done
if [ $NEXTCLOUD_READY -eq 0 ]; then
echo "Nextcloud n'est pas prêt après $MAX_RETRIES tentatives. Abandon de l'initialisation LDAP." >> /etc/script/validator.txt
exit 1
fi
su -s /bin/sh -c "/var/www/html/occ app:install user_ldap" www-data
su -s /bin/sh -c "/var/www/html/occ app:update user_ldap" www-data
su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
#su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data
## test if backend ldap is activated and create empty config if not
#
touch /tmp/nxt-ldap.txt
chown www-data: /tmp/nxt-ldap.txt
su -s /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt" www-data
if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then
su -s /bin/sh -c "/var/www/html/occ ldap:create-empty-config" www-data
fi
# Configurez LDAP (configuration minimale)
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_host '${NEXTCLOUD_LDAP_HOST}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_base '${NEXTCLOUD_LDAP_BASE}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_dn '${NEXTCLOUD_LDAP_DN}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_agent_password '${NEXTCLOUD_LDAP_PASSWD}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseGroups '${NEXTCLOUD_LDAP_BASE_GROUPS}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseUsers '${NEXTCLOUD_LDAP_BASE_USERS}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapConfigurationActive '${NEXTCLOUD_LDAP_ACTIVE_CONF}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'" www-data
su -s /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'" www-data
# Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart.
#exec /entrypoint.sh "$@"
# su -s /bin/sh -c "/var/www/html/occ app:enable user_ldap" www-data
# est fonctionnel dans le pods nextcloud !
#liste config : su -s /bin/sh -c "/var/www/html/occ config:list" www-data

274
overlays/dev/patches/deployment.yaml
View File

@ -1,39 +1,20 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nextcloud
component: app
name: app
name: nextcloud-app
spec:
# serviceName: nextcloud
replicas: 1
selector:
matchLabels:
app: nextcloud
component: app
replicas: 3
template:
metadata:
labels:
app: nextcloud
component: app
spec:
initContainers:
- name: wait-for-bootstrap
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
args:
- job
- $(MINIO_BOOTSTRAP_JOB_NAME)
containers:
- image: reg.cadoles.com/proxy_cache/library/nextcloud:27.0.2-apache
imagePullPolicy: Always
name: app
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates && /etc/script/poststart-ldap.sh && /etc/script/poststart-plugins.sh && touch /etc/script/try01.txt"]
# envFrom:
# - configMapRef:
# name: nextcloud-env
- name: nextcloud
env:
- name: POSTGRES_DB
value: nextcloud
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
@ -44,250 +25,67 @@ spec:
secretKeyRef:
name: nextcloud-postgres-app
key: password
- name: POSTGRES_HOST
value: $(NEXTCLOUD_POSTGRES_RW_SERVICE_HOST) #value: nextcloud-postgres-rw.nextcloud.svc.cluster.local
- name: NEXTCLOUD_ADMIN_USER
value: admincadoles
- name: NEXTCLOUD_ADMIN_PASSWORD # 5
value: CadolesNotSecret
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "*.cadoles.fr"
- name: NEXTCLOUD_INIT_LOCK
- name: OBJECTSTORE_S3_BUCKET
value: nxt-minio
- name: OBJECTSTORE_S3_AUTOCREATE
value: "true"
- name: PHP_MEMORY_LIMIT
value: 512M
- name: PHP_UPLOAD_LIMIT
value: 4G
- name: POD_INDEX
- name: OBJECTSTORE_S3_KEY
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: REDIS_HOST
value: redis # équivaut à redis.nextcloud.svc.cluster.local
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_HOST) => For redis-operator
- name: REDIS_HOST_PORT
value: "6379"
######################
# Partie minio S3
secretKeyRef:
name: nextcloud-minio-user
key: CONSOLE_ACCESS_KEY
- name: OBJECTSTORE_S3_SECRET
valueFrom:
secretKeyRef:
name: nextcloud-minio-user
key: CONSOLE_SECRET_KEY
- name: OBJECTSTORE_S3_HOST
value: minio:$(MINIO_SERVICE_PORT)
- name: OBJECTSTORE_S3_BUCKET
value: nextcloud-minio
- name: OBJECTSTORE_S3_KEY # 15
value: minio_root
- name: OBJECTSTORE_S3_SECRET
value: MinioRootNotSoSecret
- name: OBJECTSTORE_S3_PORT
value: "443"
- name: OBJECTSTORE_S3_SSL
value: "true"
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
- name: OBJECTSTORE_S3_SSL # 18
value: "true"
# # Partie AWS S3 => fonctionnelle sur scaleway
# - name: OBJECTSTORE_S3_BUCKET
# value: nextcloud-cadoles
# - name: OBJECTSTORE_S3_HOST
# value: s3.fr-par.scw.cloud
# - name: OBJECTSTORE_S3_PORT
# value: "443"
# - name: OBJECTSTORE_S3_REGION
# value: fr-par
# - name: OBJECTSTORE_S3_KEY
# value: MyAPIKey
# - name: OBJECTSTORE_S3_SECRET
# value: MyAPISecret
# - name: OBJECTSTORE_S3_USEPATH_STYLE
# value: "false"
# - name: OBJECTSTORE_S3_SSL
# value: "true"
# - name: OBJECTSTORE_S3_AUTOCREATE
# value: "true"
# - name: OBJECTSTORE_S3_OBJECT_PREFIX
# value: nxt_
# Mise en place SMTP
- name: MAIL_FROM_ADDRESS
value: "nextcloud"
- name: MAIL_DOMAIN
value: "cadoles.com"
- name: SMTP_HOST
value: "groupware.cadoles.com"
- name: SMTP_SECURE
value: "STARTTLS"
- name: SMTP_PORT
value: "587"
- name: SMTP_AUTHTYPE
value: "LOGIN"
- name: SMTP_NAME
valueFrom:
secretKeyRef:
name: nextcloud-smtp
key: smtp-username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-smtp
key: smtp-password
- name: NEXTCLOUD_DATA_DIR
value: "/var/www/html/data"
# ADD LDAP CONF
- name: NEXTCLOUD_LDAP_HOST
value: ldaps://ldap.cadoles.com
- name: NEXTCLOUD_LDAP_BASE
value: ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_DN
value: cn=reader,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_PASSWD
value: phooge2jaidae4ohguChi6quoo8okahn2ru6aixutahmiuFoh6ooshae
- name: NEXTCLOUD_LDAP_BASE_GROUPS
value: ou=groups,ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_BASE_USERS
value: ou=users,ou=cadoles,o=gouv,c=fr
- name: NEXTCLOUD_LDAP_ACTIVE_CONF
value: '1'
- name: NEXTCLOUD_LDAP_ADMIN_EXP
value: '0'
- name: NEXTCLOUD_LDAP_EXP_UUID
value: cn
- name: NEXTCLOUD_LDAP_LOGIN_FILTER
value: (&(objectClass=person)(uid=%uid))
- name: NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR
value: uid
- name: NEXTCLOUD_LDAP_PORT
value: '636'
- name: NEXTCLOUD_LDAP_USR_FILTR
value: (|(objectclass=person))
- name: NEXTCLOUD_LDAP_OBJ_FILTR
value: person
- name: NEXTCLOUD_LDAP_MAIL_ATTR
value: mail
- name: NEXTCLOUD_LDAP_USER_DISP
value: cn
- name: NEXTCLOUD_LDAP_GROUP_FILTR
value: (&(|(objectclass=cadolesGroup)))
- name: NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS
value: cadolesGroup
- name: NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO
value: gidNumber
livenessProbe:
livenessProbe:
httpGet:
path: /status.php
port: 80
port: 80
httpHeaders:
- name: Host
value: nxt.cadoles.fr
value: nxt.cadoles.lan
initialDelaySeconds: 50
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
readinessProbe:
httpGet:
path: /status.php
port: 80
port: 80
httpHeaders:
- name: Host
value: nxt.cadoles.fr
value: nxt.cadoles.lan
initialDelaySeconds: 50
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
volumeMounts:
- mountPath: /var/www/
name: nextcloud-main-volume
- mountPath: /var/www/html
name: nextcloud-html-volume
- mountPath: /var/www/html/data
name: nextcloud-data-volume
- mountPath: /var/www/html/config
name: nextcloud-config-volume
- mountPath: /var/www/html/custom_apps
name: nextcloud-custom-volume
- mountPath: /var/www/tmp
name: nextcloud-tmp-volume
- mountPath: /var/www/html/themes
name: nextcloud-themes-volume
# ICI montage pour les script !
- mountPath: /etc/script/poststart-ldap.sh
- mountPath: /docker-entrypoint-hooks.d/post-installation/ldap.sh
name: script-config-ldap
subPath: poststart-ldap.sh
- mountPath: /etc/script/custom-script.sh
name: update-config-script
subPath: custom-script.sh
- mountPath: /etc/minio-ccerts
name: minio-certs
readOnly: true
# MOUNT-TRY-multi-instance
# - name: nextcloud-config-volume # monte le fichier de configuration dans
# mountPath: /var/www/html/config # les instances supplémentaire
# readOnly: false # via le configmap ConfigMaps-php.yaml
restartPolicy: Always
serviceAccountName: nextcloud-sa # declare user for initcontainer
# trois volumes pour les script
volumes:
- name: minio-certs
secret:
secretName: nextcloud-minio-tls # montage des certificat de minio
- name: update-config-script
configMap:
name: update-config
defaultMode: 0744
secretName: nextcloud-minio-tls
- name: script-config-ldap
configMap:
name: script-config-ldap
defaultMode: 0744
# MOUNT-TRY-multi-instance
# - name: nextcloud-config-volume # permet de monter le fichier de configuration dans
# configMap: # les instances supplémentaires
# name: nextcloud-config # via le configmap ConfigMaps-php.yaml
- name: nextcloud-main-volume
persistentVolumeClaim:
claimName: nextcloud-main-pvc
- name: nextcloud-html-volume
persistentVolumeClaim:
claimName: nextcloud-html-pvc
- name: nextcloud-data-volume
persistentVolumeClaim:
claimName: nextcloud-data-pvc
- name: nextcloud-config-volume
persistentVolumeClaim:
claimName: nextcloud-config-pvc
- name: nextcloud-custom-volume
persistentVolumeClaim:
claimName: nextcloud-custom-pvc
- name: nextcloud-tmp-volume
persistentVolumeClaim:
claimName: nextcloud-tmp-pvc
- name: nextcloud-themes-volume
persistentVolumeClaim:
claimName: nextcloud-themes-pvc
initContainers: # cf README.md part ##YAML explain / ### PODS WAIT
- name: wait-for-bootstrap
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
args:
- job
- $(MINIO_BOOTSTRAP_JOB_NAME)
#####################################################
# For REDIS-OPERATOR USE THIS TO SET PORT
#####################################################
# - name: REDIS_HOST_PORT
# value: $(RFS_NEXTCLOUD_REDIS_SERVICE_PORT)
# - name: REDIS_HOST_PASSWORD
# valueFrom:
# secretKeyRef:
# name: redis-secret
# key: password
#####################################################
defaultMode: 0755
restartPolicy: Always
serviceAccountName: nextcloud-sa

65
overlays/dev/patches/job.yaml
View File

@ -1,65 +0,0 @@
apiVersion: batch/v1
kind: Job
metadata:
name: create-minio-bucket
spec:
template:
spec:
initContainers:
- name: wait-for-minio
image: reg.cadoles.com/proxy_cache/library/debian:bookworm
envFrom:
- configMapRef:
name: nextcloud-env
command: ["sh", "-c"]
args:
- |
echo "attente du service minio..."
cnt=0
tout=300
apt update && apt install --yes --force-yes wget openssl
cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ks.crt && update-ca-certificates
while [ 1 ]
do
http_code=$(wget --server-response https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}/minio/health/live 2>&1 | awk '/^ HTTP/{print $2}')
if [ "${http_code}" != "200" ]; then
echo "waiting for https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT}"
sleep 1
else
exit 0
fi
cnt=$((cnt+1))
if [ "${cnt}" -ge "${tout}" ]; then
exit 3
fi
done
# Encore nécessaire ?
containers:
- name: create-bucket
image: minio/mc
envFrom:
- configMapRef:
name: nextcloud-env
env:
- name: CONSOLE_ACCESS_KEY
valueFrom:
secretKeyRef:
name: nextcloud-minio-user
key: CONSOLE_ACCESS_KEY
- name: CONSOLE_SECRET_KEY
valueFrom:
secretKeyRef:
name: nextcloud-minio-user
key: CONSOLE_SECRET_KEY
command: ["sh", "-c"]
args:
- |
echo "création de l'alias my-minio"
mc alias set --insecure my-minio http://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY}
echo "création du bucket..."
mc mb --insecure my-minio/nextcloud-minio
echo "Bucket créé. normalement"
restartPolicy: OnFailure

8
overlays/dev/patches/nginx-ingress.yaml
View File

@ -5,18 +5,18 @@ metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "5m"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
cert-manager.io/issuer: cadoles-selfsigned-ca
spec:
ingressClassName: nginx
tls:
- hosts:
- nxt.cadoles.fr
- nxt.cadoles.lan
secretName: cadoles-selfsigned-ca
rules:
- host: nxt.cadoles.fr
- host: nxt.cadoles.lan
http:
paths:
- path: /

4
overlays/dev/resources/files/minio/config.env
View File

@ -1,4 +1,4 @@
export MINIO_ROOT_USER="cadoles"
export MINIO_ROOT_PASSWORD="cadoles;21"
export MINIO_ROOT_USER="minio_root"
export MINIO_ROOT_PASSWORD="MinioRootNotSoSecret"
export MINIO_STORAGE_CLASS_STANDARD="EC:2"
export MINIO_BROWSER="on"

14
overlays/dev/resources/files/minio/configurations/tenants.minio.min.io.yaml Normal file
View File

@ -0,0 +1,14 @@
---
nameReference:
- kind: Secret
fieldSpecs:
- path: spec/credsSecret/name
kind: Tenant
- kind: Secret
fieldSpecs:
- path: spec/configuration/name
kind: Tenant
- kind: Secret
fieldSpecs:
- path: spec/users/name
kind: Tenant

46
overlays/dev/resources/nextcloud/cm-ldap-script.yaml Normal file
View File

@ -0,0 +1,46 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: script-config-ldap
data:
poststart-ldap.sh: |
#!/bin/sh
/bin/sh -c "/var/www/html/occ app:install user_ldap"
/bin/sh -c "/var/www/html/occ app:update user_ldap"
/bin/sh -c "/var/www/html/occ app:enable user_ldap"
/bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt"
if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then
/bin/sh -c "/var/www/html/occ ldap:create-empty-config"
fi
# Configurez LDAP (configuration minimale)
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_host '${NEXTCLOUD_LDAP_HOST}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_base '${NEXTCLOUD_LDAP_BASE}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_dn '${NEXTCLOUD_LDAP_DN}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_agent_password '${NEXTCLOUD_LDAP_PASSWD}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseGroups '${NEXTCLOUD_LDAP_BASE_GROUPS}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseUsers '${NEXTCLOUD_LDAP_BASE_USERS}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapConfigurationActive '${NEXTCLOUD_LDAP_ACTIVE_CONF}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'"
/bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'"
# Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart.
#exec /entrypoint.sh "$@"
# /bin/sh -c "/var/www/html/occ app:enable user_ldap"
# est fonctionnel dans le pods nextcloud !
#liste config : /bin/sh -c "/var/www/html/occ config:list"

0
overlays/dev/resources/host-config.yaml → overlays/dev/resources/nextcloud/host-config.yaml
View File

41
overlays/dev/resources/nextcloud/job-minio.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: batch/v1
kind: Job
metadata:
name: create-minio-bucket
spec:
template:
spec:
initContainers:
- name: wait-for-minio
image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
args:
- service
- minio
containers:
- name: create-bucket
image: minio/mc
envFrom:
- configMapRef:
name: nextcloud-env
env:
- name: CONSOLE_ACCESS_KEY
valueFrom:
secretKeyRef:
name: nextcloud-minio-user
key: CONSOLE_ACCESS_KEY
- name: CONSOLE_SECRET_KEY
valueFrom:
secretKeyRef:
name: nextcloud-minio-user
key: CONSOLE_SECRET_KEY
command: ["sh", "-c"]
args:
- |
echo "création de l'alias my-minio"
mc alias set --insecure my-minio https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY}
echo "création du bucket..."
mc mb --insecure my-minio/nextcloud-minio
echo "Bucket créé. normalement"
restartPolicy: OnFailure
serviceAccountName: nextcloud-sa # declare user for initcontainer

14
overlays/dev/patches/nextcloud-tenant.yaml → overlays/dev/resources/nextcloud/minio-tenant.yaml
View File

@ -12,22 +12,18 @@ spec:
volumesPerServer: 3
volumeClaimTemplate:
metadata:
name: nextcloud-minio-data # juste son nom dans le cluster
name: nextcloud-minio-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
# env:
# - name: MINIO_CONSOLE_TLS_ENABLE
# value: "off"
containerSecurityContext:
runAsUser: 1000
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
runAsNonRoot: true
configuration:
name: nextcloud-minio-configuration
name: nextcloud-minio-configuration
users:
- name: nextcloud-minio-user
- name: nextcloud-minio-user

0
overlays/dev/resources/namespace.yaml → overlays/dev/resources/nextcloud/namespace.yaml
View File

8
overlays/dev/resources/ssl.yaml → overlays/dev/resources/nextcloud/ssl.yaml
View File

@ -15,7 +15,7 @@ spec:
- cadoles
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: cadoles.fr
commonName: cadoles.lan
isCA: false
privateKey:
algorithm: RSA
@ -27,8 +27,8 @@ spec:
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- nextcloud
- nextcloud.cadoles.fr
- nxt.cadoles.fr
- nextcloud.cadoles.lan
- nxt.cadoles.lan
# Issuer references are always required.
issuerRef:
name: cadoles-ca-issuer
@ -37,4 +37,4 @@ spec:
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
group: cert-manager.io